GitHub Organization Repo + Jenkins (GitHub Plugin) integration - github

I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.

Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.

It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.

There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.

Related

Deploy changes from GitHub to Salesforce

How can I add a custom button on GitHub.com which I could click on in order to deploy changes from the Master branch to a related Salesforce.com DEV Org?
What have you tried? Have you seen https://developer.salesforce.com/blogs/2020/01/using-salesforce-dx-with-github-actions ?
You can steal sample actions from SF official repo at https://github.com/trailheadapps/lwc-recipes.
You'll need to provide the secret login URL to your target org, there are blog posts how to generate it and store in GitHub variable, for example https://tigerfacesystems.com/blog/sfdx-continuous-integration/ or https://github.com/sfdx-actions/setup-sfdx
Last but not least - to have action available for manual run (not just automated) read up about "workflow_dispatch"

GitHub webhook repo is unable to trigger jenkins pipeline

Our Company used to self-host GitLab for source-code management and configured webhook on gitlab to trigger all the project pipelines on jenkins. Initially, the gitlab url was 'https://git.fulcrumdigital.com' and later for an upgraded version, they changed url to 'https://autobuild.fulcrumdigital.com'
Recently, we migrated to 'github.com' and created an organization. The source codes for various projects are found under this organization, which is private. Now, when I try to configure webhooks for these projects, I see that they deliver as intended to jenkins, but jenkins doesn't trigger the respective project's build. Instead, it gives out a message as shown below.
jenkins-github webhook error
I don't find any info regarding this webhook on global configuration page.
Here is a snapshot of jenkins logs
jenkins logs
I don't face this webhook issue for newly created pipeline-projects on jenkins. I face this issue for older pipeline-projects that already had their webhook configured earlier for gitlab.
Help me to resolve this issue and make jenkins trigger build from github webhook for older pipeline-projects.
Did you try force regenerating the webhooks?
Go to Manage Jenkins > Configure System > GitHub plugin > Advance > Re-registers hooks for all jobs.
I had this problem myself. The first thing you want to do is go to Manage Jenkins -> Configure System scroll down to the GitHub section and click on "Advanced". You will see this:
It's important to have access to your Jenkins log (I'm running Jenkins with Docker). When I clicked on Re-register hooks for all jobs, I got the following error:
In my case, the error mentioned something with my access token. So, I checked my Github personal access token and it turned out, I need to turn on Read and Write for Webhook:
Now, go back to Jenkins and click on Re-register hooks for all jobs again, and on the next push, the build was automatically triggered.

Azure pipeline doesn't allow to enable pull request validation

While trying to enable Azure pull request validation it throws following error.
Unable to configure a service on the selected GitHub repository. This is likely caused by not having the necessary permission to manage hooks for the selected repository.
I have created a github connection with access token. And enabled all the scopes as follows, What exact scope do I need to enable?
I think the scopes are not the main cause of your issue. I generated different github PATs and found the pipeline with Azure pull request validation enabled can work well even when I only defined part of what you've defined above.
Please check this similar issue, check if you can directly create a webhooks in Github web UI. (Github=>Settings=>Webhooks). And according to reply from Eddie:
If it is a personal repository, only the repository owner can create hooks. If it is an organization repository, you need at least "Admin permissions" which can "Change a repository's settings" with "Adding, removing, and editing webhooks and service hooks permission included.
Hope it helps.

How do I disable a Github check for Google Cloud Build

I've installed the Google Cloud Build app from Github Marketplace, and enabled it on several repositories, only to discover that enabling access for those repositories automatically starts running the Google Cloud Build "check" after every PR or push to a PR. Since some of those repositories are not actually ready for Google Cloud build, I needed to turn off the checks... I used the URL mentioned in the docs to get to the page where you can select which repositories should be connected to your GCP project, and unchecked a bunch of them... this disconnected them from the project, but, surprisingly, did not disable the Github checks! So now, there are Github checks on several repositories that just result in an error because they're not connected to any projects in Cloud Build.
Surely, it is not an uncommon use case to need a way to "disable Checks" on a per-repository basis - is there any way to do that?
(If not, consider it a requested feature if there are any Google Engineers reading!) ;)
I did talk to chat support, and the only way we could figure out to remove the checks would be to uninstall Google Cloud Build completely from the entire organization, which I don't want to do because we do have some setup that I want to keep, and I don't know how much of that configuration would have to be redone if I uninstalled it completely.
Here is a screenshot of the broken check that I can't disable:
I think there are 2 steps to disable CloudBuild,
1. Disable on CloudBuild itself. For some time I kept seeing 2 builds per push made, but disabling a trigger on CloudBuild helped fix that.
2. On Github, you can configure the Cloudbuild app to monitor a specific repo on the organization level setting.
3. If you feel a lot adventurous though and it's not solved, on the project level setting, you could delete the Webhooks integration for cloudbuild, as that's what Github notifies of each build.
It can be found within GH App installations:
https://console.cloud.google.com/gcb-github-registration
Select the GH account used for your link between Cloud Build and GH, then the GCP project you want to edit.
Here connected repositories can be edited, and in the second step (Trigger settings), the "Default GitHub Checks" can be disabled.
You can also goto settings of your repository and click installations inside settings.
And then remove Google cloud build from Installed apps and authorized github apps.
Cloud Build Triggers are still in beta, and have gone through several updates since this question was posted, but it now appears that the "Github Default Checks" are no longer hidden from management. They are now explicitly offered (but not automatically created) when connecting a repo, and you can finally view and disable (or delete) individual "Github Default Checks" on the trigger management page: https://console.cloud.google.com/cloud-build/triggers
I'll leave this as unanswered, because I'm uncertain this is how it is working for everyone, or that this answer will remain true, but if it works for you, feel free to vote up the answer!
To link GCP Project to the Github repository, create a trigger by clicking on resolve link, besides Action Required and then disable the same. For me this procedure worked out.

Using Azure Powershell or the xpat cli how do I connect my web site to a github hook

Using the portal:
Using the portal at https://manage.windowsazure.com/ this is easy. From a newly created azure web site:
Go to the dashboard
On the quick glance options on the right, click "Set up deployment from source control"
On the "where is your source code?" option, select Github
Authorize, then choose the repo name and branch.
BINGO: now pushes to that branch will trigger a deployment of that branch onto the azure website. Lovely.
Here's the problem:
I cannot for the life of me see how to do this from the command line (using the xpat-cli installed using npm: "npm install azure-cli -g")
It seems like I should be typing something like:
azure site deployment github --verbose --githubusername [username] --githubrepository [username/reponame] [sitename]
Because the help for "azure site deployment github" says it will: "Link a website to a github account for deployment"
Doesn't seem to work though...
If I then type:
azure site show [sitename]
The output says the source control is "LocalGit" instead of github - which is what it says if I do it the portal way above.
Source Control
data: --------------
data: Type: LocalGit
Any ideas?
Depending on your use case the solution will be different.
Assuming you have the same github source but want to deploy to multiple different Azure websites
Potential Solution: Make use of the Deploy to Azure Button See details here: https://azure.microsoft.com/blog/2014/11/13/deploy-to-azure-button-for-azure-websites-2/
Assuming you have various repositories that you want to deploy to Azure: Potential Solution: I am assuming that you will be the person deploying it. The workflow will be as follows:
A. Download files from Github to local folder See here
B. Publish your local folder into a new/existing Azure site. See here, or here. There are other github repositories to get some scripts right away
I understand this doesnt directly hook your system to do direct pull, but its one way to do it.
There is also:
http://www.imtraum.com/blog/streamline-git-with-powershell/
https://gallery.technet.microsoft.com/scriptcenter/a-GitHub-Repository-265c0b49
Both documents I found describing how to set up continuous deployment from GitHub say that you can configure the repo and branch with an Azure Resource Manager template, but you have to enter your credentials and complete the authorization process in the portal.
The script used in this tutorial will automatically configure
continuous publishing from your GitHub repository. This requires that
your GitHub credentials are already stored in Azure, otherwise the
scripted deployment will fail when attempting to configure source
control settings for the web apps.
To store your GitHub credentials in Azure, create a web app in the
Azure preview portal and configure GitHub deployment. You only need to
do this once.
I'd also suggest posting your xpat-cli problem as an issue on their GitHub repo.