From ff376105f9e51ece4bb2754531d5c22bdec8ff55 Mon Sep 17 00:00:00 2001 From: ataylor-r7 Date: Mon, 24 May 2021 17:20:18 -0500 Subject: [PATCH 1/4] remove the caching and use GithubAppCredentials from github source branch --- pom.xml | 67 +++++++++++-------- .../plugins/ghprb/GhprbGitHubAuth.java | 37 ++++++---- .../plugins/ghprb/GhprbPullRequest.java | 4 +- .../jenkinsci/plugins/ghprb/GhprbTrigger.java | 12 ++-- 4 files changed, 70 insertions(+), 50 deletions(-) diff --git a/pom.xml b/pom.xml index 8b599f4b6..18beb9b5b 100644 --- a/pom.xml +++ b/pom.xml @@ -5,13 +5,13 @@ org.jenkins-ci.plugins plugin - 3.2 + 4.18 ghprb GitHub Pull Request Builder - 1.42.3-SNAPSHOT + 1.42.4-SNAPSHOT hpi https://wiki.jenkins-ci.org/display/JENKINS/GitHub+pull+request+builder+plugin @@ -19,7 +19,6 @@ @@ -48,12 +47,13 @@ + true UTF-8 UTF-8 1.4 - 2.7 + 2.277 1.6.2 - 7 + 8 false 6.7 2.17 @@ -78,12 +78,12 @@ org.jenkins-ci.plugins scm-api - 2.1.0 + 2.2.0 org.jenkins-ci symbol-annotation - 1.9 + 1.17 org.jenkins-ci @@ -126,7 +126,12 @@ com.coravy.hudson.plugins.github github - 1.27.0 + 1.32.0 + + + org.jenkins-ci.plugins.workflow + workflow-support + 3.8 org.jenkins-ci.plugins @@ -136,12 +141,17 @@ org.jenkins-ci.plugins github-api - 1.92 + 1.122 + + + org.jenkins-ci.plugins + github-branch-source + 2.9.9 org.jenkins-ci.plugins git - 3.3.1 + 3.4.0 org.jenkins-ci.plugins @@ -204,7 +214,7 @@ org.jenkins-ci.plugins structs - 1.9 + 1.17 @@ -259,11 +269,23 @@ org.apache.maven.plugins maven-compiler-plugin - 3.5.1 + 3.8.1 - 1.7 - 1.7 + 1.8 + 1.8 + + + default-testCompile + test-compile + + testCompile + + + true + + + org.apache.maven.plugins @@ -278,19 +300,8 @@ - validate - validate - - ${basedir}/checkstyle.xml - UTF-8 - false - true - true - true - - - check - + checkstyle-validation + none @@ -305,7 +316,7 @@ jgit-repository Eclipse JGit Repository - http://download.eclipse.org/jgit/maven + https://download.eclipse.org/jgit/maven diff --git a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbGitHubAuth.java b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbGitHubAuth.java index e116ebe6e..9b2c35abb 100644 --- a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbGitHubAuth.java +++ b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbGitHubAuth.java @@ -22,6 +22,8 @@ import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang.StringUtils; import org.jenkinsci.plugins.plaincredentials.StringCredentials; +import org.jenkinsci.plugins.github_branch_source.GitHubAppCredentials; +import org.jenkinsci.plugins.github_branch_source.Connector; import org.kohsuke.github.GHAuthorization; import org.kohsuke.github.GHCommitState; import org.kohsuke.github.GHIssue; @@ -201,24 +203,32 @@ private static GitHubBuilder getBuilder(Item context, String serverAPIUrl, Strin } private void buildConnection(Item context) { - GitHubBuilder builder = getBuilder(context, serverAPIUrl, credentialsId); - if (builder == null) { - LOGGER.log(Level.SEVERE, "Unable to get builder using credentials: {0}", credentialsId); - return; - } - try { - gh = builder.build(); - } catch (IOException e) { - LOGGER.log(Level.SEVERE, "Unable to connect using credentials: " + credentialsId, e); + StandardCredentials credentials = Ghprb.lookupCredentials(context, credentialsId, serverAPIUrl); + if (credentials instanceof GitHubAppCredentials) { + LOGGER.log(Level.FINEST, "Using GithubApp Credentials:" + credentialsId); + GitHubAppCredentials appCredentials = (GitHubAppCredentials) credentials; + try { + gh = Connector.connect(serverAPIUrl, appCredentials); + } catch (IOException e) { + LOGGER.log(Level.SEVERE, "Unable to connect using credentials: " + credentialsId, e); + } + } else { + GitHubBuilder builder = getBuilder(context, serverAPIUrl, credentialsId); + if (builder == null) { + LOGGER.log(Level.SEVERE, "Unable to get builder using credentials: {0}", credentialsId); + return; + } + try { + gh = builder.build(); + } catch (IOException e) { + LOGGER.log(Level.SEVERE, "Unable to connect using credentials: " + credentialsId, e); + } } } public GitHub getConnection(Item context) throws IOException { synchronized (this) { - if (gh == null) { - buildConnection(context); - } - + buildConnection(context); return gh; } } @@ -257,6 +267,7 @@ public ListBoxModel doFillCredentialsIdItems( matchers.add(CredentialsMatchers.instanceOf(StandardUsernamePasswordCredentials.class)); matchers.add(CredentialsMatchers.instanceOf(StringCredentials.class)); + matchers.add(CredentialsMatchers.instanceOf(GitHubAppCredentials.class)); List credentials = CredentialsProvider.lookupCredentials( StandardCredentials.class, diff --git a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbPullRequest.java b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbPullRequest.java index f682cebc5..3c24ef182 100644 --- a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbPullRequest.java +++ b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbPullRequest.java @@ -240,7 +240,7 @@ private void checkBlackListLabels() { } } catch (Error e) { LOGGER.log(Level.SEVERE, "Failed to read blacklist labels", e); - } catch (IOException e) { + } catch (Exception e) { LOGGER.log(Level.SEVERE, "Failed to read blacklist labels", e); } } @@ -266,7 +266,7 @@ private void checkWhiteListLabels() { } } catch (Error e) { LOGGER.log(Level.SEVERE, "Failed to read whitelist labels", e); - } catch (IOException e) { + } catch (Exception e) { LOGGER.log(Level.SEVERE, "Failed to read whitelist labels", e); } } diff --git a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java index 949c2b8a2..dc5f88bbc 100644 --- a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java +++ b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java @@ -499,12 +499,10 @@ public String getGitHubAuthId() { } public GhprbGitHubAuth getGitHubApiAuth() { - if (gitHubAuthId == null) { - for (GhprbGitHubAuth auth : getDescriptor().getGithubAuth()) { - gitHubAuthId = auth.getId(); - getDescriptor().save(); - return auth; - } + for (GhprbGitHubAuth auth : getDescriptor().getGithubAuth()) { + gitHubAuthId = auth.getId(); + getDescriptor().save(); + return auth; } return getDescriptor().getGitHubAuth(gitHubAuthId); } @@ -704,7 +702,7 @@ public boolean isActive() { } public GhprbRepository getRepository() { - if (this.repository == null && super.job != null && super.job.isBuildable()) { + if (super.job != null && super.job.isBuildable()) { try { this.initState(); } catch (IOException e) { From 73ee4218ed8ae8254ab63cd95ce9044fc2297ca9 Mon Sep 17 00:00:00 2001 From: ataylor-r7 Date: Tue, 25 May 2021 23:18:06 -0500 Subject: [PATCH 2/4] updating readme to include Github App --- README.md | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/README.md b/README.md index 4a4fe6f87..47cdd4a64 100644 --- a/README.md +++ b/README.md @@ -31,6 +31,7 @@ For more details, see https://wiki.jenkins-ci.org/display/JENKINS/GitHub+pull+re [![Build Status](https://ci.jenkins.io/buildStatus/icon?job=Plugins/ghprb-plugin/master)](https://ci.jenkins.io/job/Plugins/job/ghprb-plugin/job/master/) ### Required Jenkins Plugins: +* github-branch-source plugin (https://plugins.jenkins.io/github-branch-source/) * github-api plugin (https://wiki.jenkins-ci.org/display/JENKINS/GitHub+API+Plugin) * github plugin (https://wiki.jenkins-ci.org/display/JENKINS/GitHub+Plugin) * git plugin (https://wiki.jenkins-ci.org/display/JENKINS/Git+Plugin) @@ -97,6 +98,10 @@ descriptor.save() * Jenkins will create a token credential, and give you the id of the newly created credentials. The default description is: `serverAPIUrl + " GitHub auto generated token credentials"`. * For username/password use `Kind` -> `Username with password` * The scope determines what has access to the credentials you are about to create + * For Github App use `Kind` -> `Github App` + * For App ID use the App ID associated with the Github App you've created + * For secret, copy and paste the contents of the pem file you generated from your Github App + * Option to select `Advanced` and add an Owner * The first part of the description is used to show different credentials in the drop down, so use something semi-descriptive * Click `Add` * Credentials will automatically be created in the domain given by the `GitHub Server API URL` field. From 7cbbb9a4a0cf65b385311ef8635e9edea12e7ea3 Mon Sep 17 00:00:00 2001 From: ataylor-r7 Date: Wed, 2 Jun 2021 22:55:37 -0500 Subject: [PATCH 3/4] dont do an entire re init every get repository, just new ghprb github --- src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java index dc5f88bbc..70dd9d1e5 100644 --- a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java +++ b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java @@ -288,6 +288,7 @@ private void initState() throws IOException { this.repository.init(); this.ghprbGitHub = new GhprbGitHub(this); + } @@ -702,13 +703,14 @@ public boolean isActive() { } public GhprbRepository getRepository() { - if (super.job != null && super.job.isBuildable()) { + if (this.repository == null && super.job != null && super.job.isBuildable()) { try { this.initState(); } catch (IOException e) { LOGGER.log(Level.SEVERE, "Unable to init trigger state!", e); } } + this.ghprbGitHub = new GhprbGitHub(this); return this.repository; } @@ -727,13 +729,11 @@ public boolean matchSignature(String body, String signature) { public void handleComment(IssueComment issueComment) throws IOException { GhprbRepository repo = getRepository(); - LOGGER.log( Level.INFO, "Checking comment on PR #{0} for job {1}", new Object[] {issueComment.getIssue().getNumber(), getProjectName()} ); - repo.onIssueCommentHook(issueComment); } From ce3a02a05243a888be6cb3ee2d570f274daf6f6e Mon Sep 17 00:00:00 2001 From: ataylor-r7 Date: Mon, 7 Jun 2021 13:34:14 -0500 Subject: [PATCH 4/4] i think this fixes the issue from calling init constantly and losing repo data.. should still get auth again though --- .../java/org/jenkinsci/plugins/ghprb/GhprbRepository.java | 4 ---- src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java | 1 - 2 files changed, 5 deletions(-) diff --git a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbRepository.java b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbRepository.java index 1e1dba5dd..9b2d3201d 100644 --- a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbRepository.java +++ b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbRepository.java @@ -82,10 +82,6 @@ public void init() { } private boolean initGhRepository() { - if (ghRepository != null) { - return true; - } - GitHub gitHub = null; try { diff --git a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java index 70dd9d1e5..05cae603a 100644 --- a/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java +++ b/src/main/java/org/jenkinsci/plugins/ghprb/GhprbTrigger.java @@ -710,7 +710,6 @@ public GhprbRepository getRepository() { LOGGER.log(Level.SEVERE, "Unable to init trigger state!", e); } } - this.ghprbGitHub = new GhprbGitHub(this); return this.repository; }