GitHub authentication failures updating statuses after upgrading to 1.24

[ixdy]

After upgrading to 1.24, the plugin is no longer able to update commit statuses, though the "Connect to API" button in the global settings successfully connects to GitHub.

From the console output:

Using context: Jenkins builder
FileNotFoundException means that the credentials Jenkins is using is probably wrong. Or the user account does not have write access to the repo.
java.io.FileNotFoundException: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}
    at org.kohsuke.github.Requester.handleApiError(Requester.java:494)
    at org.kohsuke.github.Requester._to(Requester.java:245)
    at org.kohsuke.github.Requester.to(Requester.java:191)
    at org.kohsuke.github.GHRepository.createCommitStatus(GHRepository.java:780)
    at org.jenkinsci.plugins.ghprb.extensions.status.GhprbSimpleStatus.createCommitStatus(GhprbSimpleStatus.java:175)
    at org.jenkinsci.plugins.ghprb.extensions.status.GhprbSimpleStatus.onBuildStart(GhprbSimpleStatus.java:124)
    at org.jenkinsci.plugins.ghprb.GhprbBuilds.onStarted(GhprbBuilds.java:108)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:19)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:12)
    at hudson.model.listeners.RunListener.fireStarted(RunListener.java:215)
    at hudson.model.Run.execute(Run.java:1740)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
Caused by: java.io.FileNotFoundException: https://api.github.com/repos/k8s-bot/kubernetes/statuses/e50c01f6bfc4c6859aa7de9e76aa4ead9fe80558
    at sun.reflect.GeneratedConstructorAccessor148.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1676)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1674)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1672)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.kohsuke.github.Requester.parse(Requester.java:451)
    at org.kohsuke.github.Requester._to(Requester.java:224)
    ... 12 more
Caused by: java.io.FileNotFoundException: https://api.github.com/repos/k8s-bot/kubernetes/statuses/e50c01f6bfc4c6859aa7de9e76aa4ead9fe80558
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1625)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
    at org.kohsuke.github.Requester.parse(Requester.java:447)
    ... 13 more

[DavidTanner]

There are two tie in points for the credentials, they need to be selected on the main page, and then chosen for each job. Is the job set using the credentials?

[DavidTanner]

And the setup worked in 1.23?

[ixdy]

I upgraded to 1.23.3 (I think) this morning before upgrading to 1.24, and everything was working fine.
I tried downgrading to 1.23.3 now, and it was still having authentication issues, so I went back to 1.24.

I tried blowing away all of the GitHub tokens/auth config and setting it up fresh, but now the plugin isn't even scheduling any builds.

The system log shows messages like

Jun 19, 2015 5:48:00 PM FINE org.jenkinsci.plugins.ghprb.GhprbTrigger
Running trigger for experimental-kubernetes-pull-build-test2

but nothing is getting scheduled, even though I'm positive there are PRs to test.

[DavidTanner]

Sorry, that reference was for a different issue.

[ixdy]

I think I may have a theory on why the plugin stopped scheduling builds, maybe.
I compared org.jenkinsci.plugins.ghprb.GhprbTrigger.xml against a backup from this morning (which had been generated by version 1.23.3 of the plugin).

In the

  <githubAuth>
    <org.jenkinsci.plugins.ghprb.GhprbGitHubAuth>

section, there was a very suspicious tag: <secret></secret>

I removed that, and it started processing PRs again.

It's still sometimes failing to update statuses and sometimes working. I haven't been able to track that down yet.

[DavidTanner]

The secret tag is for signature verification on webhooks.

[DavidTanner]

are you using webhooks or the cron?

[ixdy]

We are using cron.

[DavidTanner]

Set up a logger for org.jenkinsci.plugins.ghprb and see if there is any suspicious logs around the failures.

[ixdy]

The logger shows nothing abnormal.

Without really changing anything (besides restarting Jenkins), I've seen the plugin on v1.24.

• completely fail to update the PR status (with same auth error)
• succeed at updating the PR status as desired
• log that it was scheduling a build, but not actually schedule it, seemingly getting stuck (there were no log messages afterwards indicating it was running the trigger, either)
• now it is again not scheduling any builds at all, even though the trigger is running and there are PRs with updates

[ixdy]

Update: it seems to be working again, without me changing anything.

I wonder if GitHub was having issues or was rate-limiting our bot or something.

@DavidTanner does the Cron trigger print out an error message if it fails to poll GitHub for any reason? I haven't seen any errors in the log, but I'm wondering if that's expected.

[ixdy]

I upgraded to 1.24.1 and restarted Jenkins a few minutes ago, and the plugin is again failing to schedule any builds, even though the logs indicate the trigger is running (though it's showing no updates on any PRs).

We have 173 open PRs right now, so if the plugin is querying GitHub for all of these PRs at startup, I would not be surprised if we're being rate-limited.

[ixdy]

About 20m after startup it finally started running PRs.

[dblenkus]

I also have same problem. After upgrading to 1.24.1 github has stopped triggering builds for PRs.

[5c077yP]

Hey, I got the some problems when upgrading to 1.24.2. For me it even prints out this message when saving my configuration. I configured the plugin to automatically create the hooks for me, so i think the error starts here for me.

[DavidTanner]

@5c077yP @dblenkus or @ixdy could any of you pm me a config file for the job and the org.jenkinsci.plugins.ghprb.GhprbTrigger.xml config file.

[dblenkus]

Config file: http://pastebin.com/He4y7GTs
and org.jenkinsci.plugins.ghprb.GhprbTrigger.xml: http://pastebin.com/4hqXxzZM

[DavidTanner]

@dblenkus you don't have any credentials set up, so it is using an anonymous connection. Anything requiring authorization will be rejected by GitHub.

[dblenkus]

Thanks for pointing this out! It looks that credentials were reset during update.
But first problem is that webhook gets 500 error when PR is made:

<!DOCTYPE html><html><head resURL="/static/7af60c76">


    <title>Jenkins [Jenkins]</title><link rel="stylesheet" href="/static/7af60c76/css/style.css" type="text/css" /><link rel="stylesheet" href="/static/7af60c76/css/color.css" type="text/css" /><link rel="stylesheet" href="/static/7af60c76/css/responsive-grid.css" type="text/css" /><link rel="shortcut icon" href="/static/7af60c76/favicon.ico" type="image/vnd.microsoft.icon" /><script>var isRunAsTest=false; var rootURL=""; var resURL="/static/7af60c76";</script><script src="/static/7af60c76/scripts/prototype.js" type="text/javascript"></script><script src="/static/7af60c76/scripts/behavior.js" type="text/javascript"></script><script src='/adjuncts/7af60c76/org/kohsuke/stapler/bind.js' type='text/javascript'></script><script src="/static/7af60c76/scripts/yui/yahoo/yahoo-min.js"></script><script src="/static/7af60c76/scripts/yui/dom/dom-min.js"></script><script src="/static/7af60c76/scripts/yui/event/event-min.js"></script><script src="/static/7af60c76/scripts/yui/animation/animation-min.js"></script><script src="/static/7af60c76/scripts/yui/dragdrop/dragdrop-min.js"></script><script src="/static/7af60c76/scripts/yui/container/container-min.js"></script><script src="/static/7af60c76/scripts/yui/connection/connection-min.js"></script><script src="/static/7af60c76/scripts/yui/datasource/datasource-min.js"></script><script src="/static/7af60c76/scripts/yui/autocomplete/autocomplete-min.js"></script><script src="/static/7af60c76/scripts/yui/menu/menu-min.js"></script><script src="/static/7af60c76/scripts/yui/element/element-min.js"></script><script src="/static/7af60c76/scripts/yui/button/button-min.js"></script><script src="/static/7af60c76/scripts/yui/storage/storage-min.js"></script><script src="/static/7af60c76/scripts/hudson-behavior.js" type="text/javascript"></script><script src="/static/7af60c76/scripts/sortable.js" type="text/javascript"></script><script>crumb.init("", "");</script><link rel="stylesheet" href="/static/7af60c76/scripts/yui/container/assets/container.css" type="text/css" /><link rel="stylesheet" href="/static/7af60c76/scripts/yui/assets/skins/sam/skin.css" type="text/css" /><link rel="stylesheet" href="/static/7af60c76/scripts/yui/container/assets/skins/sam/container.css" type="text/css" /><link rel="stylesheet" href="/static/7af60c76/scripts/yui/button/assets/skins/sam/button.css" type="text/css" /><link rel="stylesheet" href="/static/7af60c76/scripts/yui/menu/assets/skins/sam/menu.css" type="text/css" /><meta name="ROBOTS" content="INDEX,NOFOLLOW" /><script src="/static/7af60c76/scripts/yui/cookie/cookie-min.js"></script></head><body id="jenkins" class="yui-skin-sam jenkins-1.609.1" data-version="jenkins-1.609.1"><a href="#skip2content" class="skiplink">Skip to content</a><div id="page-head"><div id="header"><div class="logo"><a id="jenkins-home-link" href="/"><img src="/static/7af60c76/images/headshot.png" alt="title" id="jenkins-head-icon" /><img src="/static/7af60c76/images/title.png" alt="title" width="139" id="jenkins-name-icon" height="34" /></a></div><div class="login"> <a href="/securityRealm/commenceLogin?from=%2Fghprbhook%2F"><b>log in</b></a></div><div class="searchbox hidden-xs"><form method="get" name="search" action="/search/" style="position:relative;" class="no-json"><div id="search-box-minWidth"></div><div id="search-box-sizer"></div><div id="searchform"><input name="q" placeholder="search" id="search-box" class="has-default-text" /> <a href="http://wiki.jenkins-ci.org/display/JENKINS/Search+Box"><img src="/static/7af60c76/images/16x16/help.png" style="width: 16px; height: 16px; " class="icon-help icon-sm" /></a><div id="search-box-completion"></div><script>createSearchBox("/search/");</script></div></form></div></div><div id="breadcrumbBar"><tr id="top-nav"><td id="left-top-nav" colspan="2"><link rel='stylesheet' href='/adjuncts/7af60c76/lib/layout/breadcrumbs.css' type='text/css' /><script src='/adjuncts/7af60c76/lib/layout/breadcrumbs.js' type='text/javascript'></script><div class="top-sticker noedge"><div class="top-sticker-inner"><div id="right-top-nav"></div><ul id="breadcrumbs"><li class="item"><a href="/" class="model-link inside">Jenkins</a></li><li href="/" class="children"></li></ul><div id="breadcrumb-menu-target"></div></div></div></td></tr></div></div><div id="page-body"><div class="row"><div id="side-panel"><div id="side-panel-content"><div class="task"><a href="http://jenkins-ci.org/" class="task-icon-link"><img src="/static/7af60c76/images/24x24/next.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-next icon-md" /></a> <a href="http://jenkins-ci.org/" class="task-link">Jenkins project</a></div><div class="task"><a href="http://issues.jenkins-ci.org/" class="task-icon-link"><img src="/static/7af60c76/images/24x24/gear2.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-gear2 icon-md" /></a> <a href="http://issues.jenkins-ci.org/" class="task-link">Bug tracker</a></div><div class="task"><a href="http://jenkins-ci.org/content/mailing-lists" class="task-icon-link"><img src="/static/7af60c76/images/24x24/search.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-search icon-md" /></a> <a href="http://jenkins-ci.org/content/mailing-lists" class="task-link">Mailing Lists</a></div><div class="task"><a href="https://twitter.com/jenkinsci" class="task-icon-link"><img src="/static/7af60c76/images/24x24/user.png" style="width: 24px; height: 24px; width: 24px; height: 24px; margin: 2px;" class="icon-user icon-md" /></a> <a href="https://twitter.com/jenkinsci" class="task-link">Twitter: @jenkinsci</a></div></div></div><div id="main-panel"><div id="main-panel-content"><a name="skip2content"></a><h1 style="text-align: center"><img src="/static/7af60c76/images/rage.png" width="154" height="179" /><span style="font-size:50px"> Oops!</span></h1><div id="error-description"><p>A problem occurred while processing the request.
        Please check <a href="https://issues.jenkins-ci.org/">our bug tracker</a> to see if a similar problem has already been reported.
        If it is already reported, please vote and put a comment on it to let us gauge the impact of the problem.
        If you think this is a new issue, please file a new issue.
        When you file an issue, make sure to add the entire stack trace, along with the version of Jenkins and relevant plugins.
        <a href="http://jenkins-ci.org/content/mailing-lists">The users list</a> might be also useful in understanding what has happened.</p><h2>Stack trace</h2><pre style="margin:2em; clear:both">javax.servlet.ServletException: java.lang.Error: java.io.FileNotFoundException: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:796)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.MetaClass$13.dispatch(MetaClass.java:411)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:876)
    at org.kohsuke.stapler.Stapler.invoke(Stapler.java:649)
    at org.kohsuke.stapler.Stapler.service(Stapler.java:238)
    at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
    at org.eclipse.jetty.servlet.ServletHolder.handle(ServletHolder.java:686)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1494)
    at hudson.util.PluginServletFilter$1.doFilter(PluginServletFilter.java:123)
    at hudson.util.PluginServletFilter.doFilter(PluginServletFilter.java:114)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.csrf.CrumbFilter.doFilter(CrumbFilter.java:48)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:84)
    at hudson.security.UnwrapSecurityExceptionFilter.doFilter(UnwrapSecurityExceptionFilter.java:51)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:117)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.providers.anonymous.AnonymousProcessingFilter.doFilter(AnonymousProcessingFilter.java:125)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.rememberme.RememberMeProcessingFilter.doFilter(RememberMeProcessingFilter.java:135)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.ui.AbstractProcessingFilter.doFilter(AbstractProcessingFilter.java:271)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at jenkins.security.BasicHeaderProcessor.doFilter(BasicHeaderProcessor.java:93)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at org.acegisecurity.context.HttpSessionContextIntegrationFilter.doFilter(HttpSessionContextIntegrationFilter.java:249)
    at hudson.security.HttpSessionContextIntegrationFilter2.doFilter(HttpSessionContextIntegrationFilter2.java:67)
    at hudson.security.ChainedServletFilter$1.doFilter(ChainedServletFilter.java:87)
    at hudson.security.ChainedServletFilter.doFilter(ChainedServletFilter.java:76)
    at hudson.security.HudsonFilter.doFilter(HudsonFilter.java:168)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.compression.CompressionFilter.doFilter(CompressionFilter.java:49)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at hudson.util.CharacterEncodingFilter.doFilter(CharacterEncodingFilter.java:81)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1482)
    at org.kohsuke.stapler.DiagnosticThreadNameFilter.doFilter(DiagnosticThreadNameFilter.java:30)
    at org.eclipse.jetty.servlet.ServletHandler$CachedChain.doFilter(ServletHandler.java:1474)
    at org.eclipse.jetty.servlet.ServletHandler.doHandle(ServletHandler.java:499)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:137)
    at org.eclipse.jetty.security.SecurityHandler.handle(SecurityHandler.java:533)
    at org.eclipse.jetty.server.session.SessionHandler.doHandle(SessionHandler.java:231)
    at org.eclipse.jetty.server.handler.ContextHandler.doHandle(ContextHandler.java:1086)
    at org.eclipse.jetty.servlet.ServletHandler.doScope(ServletHandler.java:428)
    at org.eclipse.jetty.server.session.SessionHandler.doScope(SessionHandler.java:193)
    at org.eclipse.jetty.server.handler.ContextHandler.doScope(ContextHandler.java:1020)
    at org.eclipse.jetty.server.handler.ScopedHandler.handle(ScopedHandler.java:135)
    at org.eclipse.jetty.server.handler.HandlerWrapper.handle(HandlerWrapper.java:116)
    at org.eclipse.jetty.server.Server.handle(Server.java:370)
    at org.eclipse.jetty.server.AbstractHttpConnection.handleRequest(AbstractHttpConnection.java:489)
    at org.eclipse.jetty.server.AbstractHttpConnection.content(AbstractHttpConnection.java:960)
    at org.eclipse.jetty.server.AbstractHttpConnection$RequestHandler.content(AbstractHttpConnection.java:1021)
    at org.eclipse.jetty.http.HttpParser.parseNext(HttpParser.java:865)
    at org.eclipse.jetty.http.HttpParser.parseAvailable(HttpParser.java:240)
    at org.eclipse.jetty.server.AsyncHttpConnection.handle(AsyncHttpConnection.java:82)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint.handle(SelectChannelEndPoint.java:668)
    at org.eclipse.jetty.io.nio.SelectChannelEndPoint$1.run(SelectChannelEndPoint.java:52)
    at winstone.BoundedExecutorService$1.run(BoundedExecutorService.java:77)
    at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
    at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
    at java.lang.Thread.run(Thread.java:745)
Caused by: java.lang.Error: java.io.FileNotFoundException: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}
    at org.kohsuke.github.Requester$1.fetch(Requester.java:389)
    at org.kohsuke.github.Requester$1.hasNext(Requester.java:356)
    at org.kohsuke.github.PagedIterator.fetch(PagedIterator.java:44)
    at org.kohsuke.github.PagedIterator.hasNext(PagedIterator.java:32)
    at org.kohsuke.github.PagedIterable.asList(PagedIterable.java:21)
    at org.kohsuke.github.GHIssue.getComments(GHIssue.java:192)
    at org.jenkinsci.plugins.ghprb.GhprbPullRequest.checkComments(GhprbPullRequest.java:347)
    at org.jenkinsci.plugins.ghprb.GhprbPullRequest.check(GhprbPullRequest.java:156)
    at org.jenkinsci.plugins.ghprb.GhprbRepository.onPullRequestHook(GhprbRepository.java:298)
    at org.jenkinsci.plugins.ghprb.GhprbWebHook.handleWebHook(GhprbWebHook.java:61)
    at org.jenkinsci.plugins.ghprb.GhprbRootAction.doIndex(GhprbRootAction.java:89)
    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
    at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
    at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
    at java.lang.reflect.Method.invoke(Method.java:497)
    at org.kohsuke.stapler.Function$InstanceFunction.invoke(Function.java:298)
    at org.kohsuke.stapler.Function.bindAndInvoke(Function.java:161)
    at org.kohsuke.stapler.Function.bindAndInvokeAndServeResponse(Function.java:96)
    at org.kohsuke.stapler.MetaClass$2.dispatch(MetaClass.java:165)
    at org.kohsuke.stapler.Stapler.tryInvoke(Stapler.java:746)
    ... 62 more
Caused by: java.io.FileNotFoundException: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}
    at org.kohsuke.github.Requester.handleApiError(Requester.java:494)
    at org.kohsuke.github.Requester$1.fetch(Requester.java:385)
    ... 81 more
Caused by: java.io.FileNotFoundException: https://api.github.com/repos/genialis/genesis/issues/599/comments
    at sun.reflect.GeneratedConstructorAccessor87.newInstance(Unknown Source)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
    at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1889)
    at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1884)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1883)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1456)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.kohsuke.github.Requester.parse(Requester.java:451)
    at org.kohsuke.github.Requester.access$300(Requester.java:63)
    at org.kohsuke.github.Requester$1.fetch(Requester.java:380)
    ... 81 more
Caused by: java.io.FileNotFoundException: https://api.github.com/repos/genialis/genesis/issues/599/comments
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
    at org.kohsuke.github.Requester.parse(Requester.java:447)
    ... 83 more
</pre></div></div></div></div></div><div id="footer-container" class="hidden-xs"><div id="footer"><span class="page_generated">
          Page generated:
          Jun 24, 2015 4:03:50 PM</span><span class="rest_api"><a href="api/">REST API</a></span><span class="jenkins_ver"><a href="http://jenkins-ci.org/">Jenkins ver. 1.609.1</a></span></div></div></body></html>

[DavidTanner]

So without credentials, the plugin is trying to get more information about the pull request, but is denied by GitHub. Once you have credentials set, and added to the main config then this should no longer happen.

[dblenkus]

I've added new credentials ("Connect to API" button is passing), but am still getting the same error. Do you have any idea why?

[5c077yP]

same for me, after i configuring credentials, it's still throwing errors. Do you need the config also after re-adding credentials?

[DavidTanner]

Yes, go to each job and set the credentials.

[Suirtimed]

I think I was also hosed in the upgrade :( I tried a few things and now it looks like the plugin is connecting via the Jenkins config screen but it looks like there is no user. Is this a valid expected response when I hit the "Connect to API" button?

Connected to https://api.github.com as null

The Credentials section under "GitHub Auth" in the "GitHub Pull Request Builder" will not let me select any global credentials. Is this expected behavior as well?

[DavidTanner]

There are rules applied to credentials that are beyond the control of the plugin. If something is set to a scope that the plugin isn't privilege to then it won't display them. As for connected as null, do you have a name set up in GitHub?

[Suirtimed]

I have a private org in GitHub and I have created a "bot" account for Jenkins CI to use associated with the PR builder. There was another security domain that matched api.github.com, but it is now gone after trying to eliminate the various credentials that weren't working. I'm now back at a point where the github hooks work for push into a target branch or merge of PR into a target branch, but my PR triggered jobs aren't running. I think I'm seeing a couple of different problems. If I use the "magic phrase" to try and trigger a job I get the error associated with the path being invalid and if a "new" PR is created, the job just doesn't trigger.

[Suirtimed]

Jun 24, 2015 3:11:00 PM FINE org.jenkinsci.plugins.ghprb.GhprbTrigger
Use webHooks is set, so not running trigger
Jun 24, 2015 3:11:00 PM FINE org.jenkinsci.plugins.ghprb.GhprbTrigger
Running trigger for zed-cloud-build__PR_AllTest
Jun 24, 2015 3:11:00 PM SEVERE org.jenkinsci.plugins.ghprb.GhprbRepository initGhRepository
Could not retrieve GitHub repository named vmop/zed-cloud-build (Do you have properly set 'GitHub project' field in job configuration?)
java.io.FileNotFoundException: {"message":"Not Found","documentation_url":"https://developer.github.com/v3"}
at org.kohsuke.github.Requester.handleApiError(Requester.java:494)
at org.kohsuke.github.Requester._to(Requester.java:245)
at org.kohsuke.github.Requester.to(Requester.java:191)
at org.kohsuke.github.GitHub.getRepository(GitHub.java:321)
at org.jenkinsci.plugins.ghprb.GhprbRepository.initGhRepository(GhprbRepository.java:78)
at org.jenkinsci.plugins.ghprb.GhprbRepository.check(GhprbRepository.java:88)
at org.jenkinsci.plugins.ghprb.Ghprb.run(Ghprb.java:134)
at org.jenkinsci.plugins.ghprb.GhprbTrigger.run(GhprbTrigger.java:208)
at hudson.triggers.Trigger.checkTriggers(Trigger.java:266)
at hudson.triggers.Trigger$Cron.doRun(Trigger.java:215)
at hudson.triggers.SafeTimerTask.run(SafeTimerTask.java:51)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.runAndReset(FutureTask.java:308)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$301(ScheduledThreadPoolExecutor.java:180)
at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:294)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)
at java.lang.Thread.run(Thread.java:745)
Caused by: java.io.FileNotFoundException: https://api.github.com/repos/vmop/zed-cloud-build
at sun.reflect.GeneratedConstructorAccessor158.newInstance(Unknown Source)
at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
at java.lang.reflect.Constructor.newInstance(Constructor.java:422)
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1889)
at sun.net.www.protocol.http.HttpURLConnection$10.run(HttpURLConnection.java:1884)
at java.security.AccessController.doPrivileged(Native Method)
at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1883)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1456)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
at org.kohsuke.github.Requester.parse(Requester.java:451)
at org.kohsuke.github.Requester._to(Requester.java:224)
... 16 more
Caused by: java.io.FileNotFoundException: https://api.github.com/repos/vmop/zed-cloud-build
at sun.net.www.protocol.http.HttpURLConnection.getInputStream0(HttpURLConnection.java:1835)
at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1440)
at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:480)
at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
at org.kohsuke.github.Requester.parse(Requester.java:447)
... 17 more

[DavidTanner]

If you log in as that bot user, can you see the pull request you want to access?

[Suirtimed]

Yes, and I posted a comment on the PR just to confirm.

[ixdy]

I may have figured out what is happening after looking at the code.
The plugin reads the saved oauth token from the Jenkins credential store using the SYSTEM ACL, but it had been saved in our setup using the GLOBAL ACL. I switched to SYSTEM, and I think it might be working now (though too early to confirm).

If my suspicion is correct, probably this should be

• made explicit in the docs
• throw an error if the configured credential ID can't be found

[ixdy]

OK, that wasn't it - it's still not working.

[DavidTanner]

Dang. I was hoping that you had found it. So it is probably using the wrong credentials then, and ending up as anonymous is what you think?

[ixdy]

Maybe something like that, though I'm still a bit confused - it seems to be using our unauth API quota, but it's definitely posting comments as the bot account.

When I converted from GLOBAL to SYSTEM, I guess I replaced the oauth token in the credentials store with something bad (it was autofilled with something - maybe that was junk), which caused some 401s to appear in the logs:

Unable to query GitHub for status of PullRequestjava.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/repos/GoogleCloudPlatform/kubernetes/pulls/10246
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1676)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1674)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1672)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.kohsuke.github.Requester.parse(Requester.java:451)
    at org.kohsuke.github.Requester._to(Requester.java:224)
    at org.kohsuke.github.Requester.to(Requester.java:198)
    at org.kohsuke.github.GHPullRequest.populate(GHPullRequest.java:196)
    at org.kohsuke.github.GHPullRequest.getMergeable(GHPullRequest.java:169)
    at org.jenkinsci.plugins.ghprb.GhprbBuilds.onStarted(GhprbBuilds.java:72)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:19)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:12)
    at hudson.model.listeners.RunListener.fireStarted(RunListener.java:215)
    at hudson.model.Run.execute(Run.java:1740)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/repos/GoogleCloudPlatform/kubernetes/pulls/10246
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1627)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
    at org.kohsuke.github.Requester.parse(Requester.java:447)
    ... 12 more

Saving the token again, it stopped printing that error, at least, though it still seems stuck.

[ixdy]

One inconsistency I've noticed is that getConnection calls CredentialsProvider.lookupCredentials directly, whereas doTestGithubAccess calls the helper Ghprb.lookupCredentials instead.

Following the definition of that method, there are three differences:

• the Item passed is null for the test version, rather than the ?project name? (haven't backtraced the non-test version fully)
• the Server API url is passed as GitURIRequirementsBuilder rather than URIRequirementsBuilder for the test version
• the non-test version wraps CredentialsMatchers.withId(credentialId)) with CredentialsMatchers.allOf (probably a no-op)

[ixdy]

OK, the build log from a recent run is puzzling, but maybe it's showing what might be part of the issue.

Full log is available here, corresponding PR is kubernetes/kubernetes/pull/10246.

When the build started, it failed to get PR status:

GitHub pull request #10246 of commit f9eaf959d03e1570ddcc6f95c749bff0bfd063ea, no merge conflicts.
Unable to query GitHub for status of PullRequestjava.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/repos/GoogleCloudPlatform/kubernetes/pulls/10246
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1676)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1674)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1672)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.kohsuke.github.Requester.parse(Requester.java:451)
    at org.kohsuke.github.Requester._to(Requester.java:224)
    at org.kohsuke.github.Requester.to(Requester.java:198)
    at org.kohsuke.github.GHPullRequest.populate(GHPullRequest.java:196)
    at org.kohsuke.github.GHPullRequest.getMergeable(GHPullRequest.java:169)
    at org.jenkinsci.plugins.ghprb.GhprbBuilds.onStarted(GhprbBuilds.java:72)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:19)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:12)
    at hudson.model.listeners.RunListener.fireStarted(RunListener.java:215)
    at hudson.model.Run.execute(Run.java:1740)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/repos/GoogleCloudPlatform/kubernetes/pulls/10246
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1627)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
    at org.kohsuke.github.Requester.parse(Requester.java:447)
    ... 12 more

But immediately afterwards it (apparently) successfully updated the pending status:

Setting status of f9eaf959d03e1570ddcc6f95c749bff0bfd063ea to PENDING with url http://goto.google.com/prkubekins/job/kubernetes-pull-build-test-e2e-gce/1085/ and message: 'Build Started sha1 is merged.'
Using context: Jenkins GCE e2e

When the run finished, it commented on the PR and updated the commit status (you can see this in the linked PR):

Setting status of f9eaf959d03e1570ddcc6f95c749bff0bfd063ea to FAILURE with url http://goto.google.com/prkubekins/job/kubernetes-pull-build-test-e2e-gce/1085/ and message: ' No test results found.'
Using context: Jenkins GCE e2e
GCE e2e build/test **failed** for commit f9eaf959d03e1570ddcc6f95c749bff0bfd063ea.
* [Build Log](https://storage.cloud.google.com/kubernetes-jenkins/pr-logs/f9eaf959d03e1570ddcc6f95c749bff0bfd063ea/kubernetes-pull-build-test-e2e-gce/1085/build-log.txt)
* [Test Artifacts](https://console.developers.google.com/storage/browser/kubernetes-jenkins/pr-logs/f9eaf959d03e1570ddcc6f95c749bff0bfd063ea/kubernetes-pull-build-test-e2e-gce/1085/_artifacts/)
* [Internal Jenkins Results](http://goto.google.com/prkubekins/job/kubernetes-pull-build-test-e2e-gce//1085)

So why did it fail to query PR status, but succeed at updating the commit status and commenting on the commit? When it reads in the list of PRs from org.jenkinsci.plugins.ghprb.GhprbTrigger.xml, is it somehow initializing them with an unauthenticated connection or something?

[ixdy]

Some further updates:
I built a copy of the plugin with extra logging in GhprbGitHubAuth.java.
It seems that using ACL SYSTEM is actually worse - it was unable to lookup the credentials when the item was non-null.

It appears to be using more authenticated requests, but there were 2 unauthenticated requests, still. Also, two builds failed to get PR status with the same 401 error status.

[ixdy]

I also swapped in to call Ghprb.lookupCredentials instead of CredentialsProvider.lookupCredentials.

After the PRs finish running I'll swap that back out to see if it makes a difference.

[ixdy]

Regarding the "leaked" unauthenticated requests:
I just saw another occurrence of an HTTP 401 while getting PR status:

Unable to query GitHub for status of PullRequestjava.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/repos/GoogleCloudPlatform/kubernetes/pulls/10197
    at sun.reflect.NativeConstructorAccessorImpl.newInstance0(Native Method)
    at sun.reflect.NativeConstructorAccessorImpl.newInstance(NativeConstructorAccessorImpl.java:57)
    at sun.reflect.DelegatingConstructorAccessorImpl.newInstance(DelegatingConstructorAccessorImpl.java:45)
    at java.lang.reflect.Constructor.newInstance(Constructor.java:526)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1676)
    at sun.net.www.protocol.http.HttpURLConnection$6.run(HttpURLConnection.java:1674)
    at java.security.AccessController.doPrivileged(Native Method)
    at sun.net.www.protocol.http.HttpURLConnection.getChainedException(HttpURLConnection.java:1672)
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1245)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getInputStream(HttpsURLConnectionImpl.java:254)
    at org.kohsuke.github.Requester.parse(Requester.java:451)
    at org.kohsuke.github.Requester._to(Requester.java:224)
    at org.kohsuke.github.Requester.to(Requester.java:198)
    at org.kohsuke.github.GHPullRequest.populate(GHPullRequest.java:196)
    at org.kohsuke.github.GHPullRequest.getMergeable(GHPullRequest.java:169)
    at org.jenkinsci.plugins.ghprb.GhprbBuilds.onStarted(GhprbBuilds.java:72)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:19)
    at org.jenkinsci.plugins.ghprb.GhprbBuildListener.onStarted(GhprbBuildListener.java:12)
    at hudson.model.listeners.RunListener.fireStarted(RunListener.java:215)
    at hudson.model.Run.execute(Run.java:1740)
    at hudson.model.FreeStyleBuild.run(FreeStyleBuild.java:43)
    at hudson.model.ResourceController.execute(ResourceController.java:98)
    at hudson.model.Executor.run(Executor.java:374)
Caused by: java.io.IOException: Server returned HTTP response code: 401 for URL: https://api.github.com/repos/GoogleCloudPlatform/kubernetes/pulls/10197
    at sun.net.www.protocol.http.HttpURLConnection.getInputStream(HttpURLConnection.java:1627)
    at java.net.HttpURLConnection.getResponseCode(HttpURLConnection.java:468)
    at sun.net.www.protocol.https.HttpsURLConnectionImpl.getResponseCode(HttpsURLConnectionImpl.java:338)
    at org.kohsuke.github.Requester.parse(Requester.java:447)
    ... 12 more

The unauthenticated quota dropped by exactly one request - so it's possible this was retried unauthenticated?

[ixdy]

OK, I'm fairly certain I've tracked down the bug(s) here.

When a new token is created in the global settings page and saved to the credentials store, the GitHub API URL is used to set specifications of the new credential. In particular, for the URL https://api.github.com, this gets turned into

• scheme: https
• hostname: api.github.com
• path: [empty string]

When reading the credentials, there are two paths used, as I noted in an earlier comment.

In the "test" case (used in the global settings page), GitURIRequirementsBuilderis (erroneously) used.
Since the Server API URL doesn't look like a Git URI, it only parses out the scheme; the sole URI requirement to match the credential is

• scheme: https

and so it works.

In the "normal" case (used for all other operations), URIRequirementBuilder is used.
This parses into the following requirements:

• hostname: api.github.com
• path: /

Since the path is not the empty string, it fails.
Why is the path requirement not an empty string here? Because the code adds it.

(Side note: it looks like the fact that scheme isn't present here is a bug that has existed for a while.)

Anyway, there are a few ways to address these issues, though I'm not sure of a good way to fix all of the now-existing bad configurations with an empty path spec set. The path should either not be set, or it should be set to '/' - it shouldn't be empty.

[DavidTanner]

Would it be better to not add the path at all, or just default to "/"? I removed the GitURI code.
I think the answer is to add the default.

[DavidTanner]

Does #122 address everything?

[DavidTanner]

So the fix for users with the past setup is to add the / path to the credentials, and I am going to release #122 now.

[ixdy]

#122 didn't actually fix the issue, but I'll be sending a PR soon which should.

[juharris]

Is anyone else still getting this issue?

[arcivanov]

@juharris please try 1.29, there were a lot of changes acquiring and maintaining auth context throughout the workflow

[juharris]

Thanks! Seems to work now in 1.29 :)

[arcivanov]

👍