[JENKINS-33318] GHE server validation with private mode enabled

[recena]

JENKINS-33318

downstream of hub4j/github-api#251

@reviewbybees

[ghost]

This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation.

[jenkinsadmin]

Thank you for this pull request! Please check this document for how the Jenkins project handles pull requests.

[cyrille-leclerc]

I would add the exception in the log call

[svanoort]

Agreed. 🐛 for the combination of this + JsonParseException both logging the same error message; each should indicate what is wrong in the log line, and the form validation errors should be different.

[recena]

Suggestions?

[svanoort]

For the warning: "Failed trying to configure a GitHub Enterprise server, malformed URL: " + apiUri

For the form error: "This does not look like a GitHub Enterprise API endpoint (malformed URL)"

[recena]

Sure. I'll do it now.

[cyrille-leclerc]

I added several comments. More broadly, why don't we add the credentials to validate the connection? It seems acceptable to me.

[orrc]

I guess this code would work, but I agree with Cyrille and Oleg in the github-api PR that the GitHub server check looks too fragile.

But in any case, as mentioned by myself, Jesse, and Patrick in JENKINS-33228, it does not make sense for this plugin to try and reimplement the existing working functionality from github-plugin.

[cyrille-leclerc]

@orrc please note that my comments and PRs do not imply that I favor an "isolated approach" in the github-branch-source-plugin instead of integrating github-branch-source-plugin with github-plugin .

I like the approach of integrating github-branch-source-plugin with github-plugin as you and @KostyaSha have suggested in GitHub server configuration undocumented / duplicated but I also wanted to fix the existing "weakness" waiting for the long term fix.

[recena]

@cyrille-leclerc I propose to go forward with this PR. It is not the perfect solution but better than the current validation.

In parallel, I offer to work with @KostyaSha on this proposal.

[cyrille-leclerc]

@recena I'm fine with this plan. 👍

[jglick]

Error:

Could not resolve dependencies for project org.jenkins-ci.plugins:github-branch-source:hpi:1.4-SNAPSHOT: Could not find artifact org.kohsuke:github-api:jar:1.74-SNAPSHOT in repo.jenkins-ci.org

Do not forget to deploy snapshots.

[recena]

@jglick Looking for a way to deploy org.kohsuke:github-api:jar:1.74-SNAPSHOT

[recena]

@jglick Deployed.

[svanoort]

FormValidation error here also could be more explicit.

[recena]

Suggestions? Here we want only to validate an GitHub API endpoint.

[recena]

There are three scenarios:

1. It is a valid URL, for example, https://api.github.com or https://github.mycompany.com/api/v3/ (with private mode disabled).
2. It is not a valid URL, for example, http://www.google.com, http:/api.github.com, etc...
3. It is a GitHub Enterprise server in private mode, hence the form validation can not validate.

[svanoort]

Yes, I understood that; each one of these error cases should give a different formvalidation error and a different log message, so that the user/Jenkins administrator knows which thing is the problem. For the 404 case, you just need to say: "This does not look like a GitHub Enterprise API endpoint: page not found (error 404)" + apiUrl

[recena]

In this case I prefer to keep a more generic message because you can get a 404 due to different reasons. Explanation here.

[svanoort]

Again: log why it does not look right.

[recena]

I disagree with using verbose validation messages the UI. The Jenkins log file there will be more detailed info.

[svanoort]

It doesn't need to be verbose. Short is fine, but what's the point in showing a validation message in the UI if they don't know why the input is invalid?

[recena]

@svanoort Addressed e32e694

[svanoort]

@recena That commit addresses the log, but what about the form validation? I feel that may actually be more important, since users are more likely to see it than the logs.

[recena]

@svanoort This was seen in a real environment 😄

[recena]

@svanoort

This is trivial, and could be done in less time than it takes to reply to one of these comments.

I prefer to close this PR (motivated to improve the current behavior) before to do something I disagree with.

[svanoort]

@recena Sorry if I was not clear:

• For JsonParseException: FormValidation can get the line "Invalid JSON response" - if you want to, you could also add "(possibly wrong endpoint or server issue?)
• For IOException we don't actually do the retry, just suggest the user "verify network and/or try again later" or similar.

[recena]

As I mentioned before, I disagree with this kind of technical messages. But I'll do it in order to go forward with this PR.

[recena]

@svanoort Your comments were addressed here. Note I changed the message in order to get sentences shorter.

[andresrc]

🐝

[recena]

@andresrc Thanks.

[andresrc]

🐝

[svanoort]

🐝 as of the latest commit. Good to see that we are now returning a reason for validation failure (helpful to user), not just saying it does not look right (not so helpful).