Jenkins job status on GitHub - build

Scenario: When a PR is created in GitHub, it will trigger a Jenkins Multibranch pipeline to execute CI for the fork and will post the Jenkins job status on GitHub PR page for that fork.
Jenkins job is getting triggered automatically with the help of GitHub personal access tokens and Webhook. But Jenkins job status is not shown/posted anywhere on GitHub. Getting below error:
"Could not update commit status, please check if your scan credentials belong to a member of the organization or a collaborator of the repository and repo:status scope is selected
GitHub has been notified of this commit’s build result"
Tried to post status using "GitHub autostatus" plugin, as per console output, getting below:
Console output snippet
Tried ignoring GitHub Hooks problems and others. Note: I am admin of the repo, still facing this issue.

I'm the author of the Github Autostatus plugin.
I think the problem is that whichever user ID Jenkins is using to run the job needs to be added to your github repo as a collaborator. If you open "Configure" from the project in Jenkins representing your github org, you should have a user configured that has access to github, e.g.
That user needs access to your repo - the easiest way to do that is add them as a collaborator in github

Related

AWS Amplify: Switch existing app to new repository?

Question
Is there any way to point existing Amplify apps to new repositories? Failing that, is there a way to clone Amplify app settings (including Backend environments) from one app to another?
Background
I was a complete newcomer to AWS until several months ago, when I inherited responsibility for an existing set of AWS apps developed by another team.
In our AWS account, Amplify is configured to use GitLab repositories which were under the previous team's control. I got a copy of the code, but I don't have access to the repositories.
So I uploaded the code to a new Bitbucket repository, and now I need to point the existing apps in Amplify to the new repositories. My goal is to be able to push changes to my new repository and have Amplify detect those changes so the new build can be pushed.
3 Unsuccessful Solutions
I've tried approaching this problem from a few different angles.
1. Create a new app
I created a new app which points to the new repository, which proved to be very simple. But I didn't anticipate how difficult it would be to migrate settings (especially the Backend environment) from one app to the other. So I thought it might be simpler to point the existing apps at the new repository.
2. Reconnect Repository
I thought that configuring a new repository for an existing app would be relatively straightforward. Here's the procedure I followed.
Log into AWS Console and navigate to the Amplify service
From the list of apps, select the one I want to modify
Under "App settings", select the "General" tab
Click the "Reconnect repository" button
A dialog box popped up: "Reconnect your Git repository". It prompted me to select from a dropdown list of "Recently updated repositories", but that list was empty. There's no place to enter an address for a new repository, so this path seems to be a dead end.
3. Create a Connection
I tried to "Create a connection to Bitbucket" as described in AWS documentation here: https://docs.aws.amazon.com/dtconsole/latest/userguide/connections-create-bitbucket.html
But the "Developer Tools" console seems unrelated to Amplify. The connection was created successfully, but it doesn't appear in the "Recently updated repositories" list, and I don't know how else it can be used.
If you are okay with a CLI solution, have a look at the comment below from https://github.com/aws-amplify/amplify-hosting/issues/288#issuecomment-737192995
aws amplify update-app --app-id AMPLIFY_APP_ID --repository REPOSITORY_URL --access-token ACCESS_TOKEN
... worked for me, transferring from one github account to another
github account and repo. I know it's not quite what the OP was doing,
but thought it may be worth noting that:
The AMPLIFY_APP_ID is the last bit of the app ARN (e.g.
dXXXXXXXXXXXXX)
For github repositories, the access token is a
Personal Access Token (https://github.com/settings/tokens).
I gave it all of the repo and admin:repo_hook privileges. That had to be created from the repository owner's account, not a contributor.
This helped me to change that app to point to a different GitHub repository.
AWS CLI requires some setup though, the documentation is available here https://docs.aws.amazon.com/cli/latest/userguide/getting-started-quickstart.html
Edit: You might also have to Reconnect The Repository using the UI after changing it using the CLI

Coldfusion Github webhook library or sample code

Is there a Coldfusion library or sample code that whenever you make a commit to the master branch of your github repo, The webhook will trigger and pull the master branch.

AWS codebuild not building my github pull requests

I have set up the AWS codebuild to my github repo, but unfortunately my pull requests are not being built. Only the commits.
According to the AWS codebuild documentation, the pull request builds should be supported natively.
I have checked the option to run the build whenever the code changes.
Is this feature supposed to work seamlessly? I can see github actually sends webhooks upon PR with:
X-GitHub-Event: pull_request
but nothing happens on AWS codebuild side..
how can i troubleshoot this?
Can you look at the response you're getting from back from AWSCodeBuild this should be in Repository -> Settings -> Webhooks -> https://codebuild.#{region}.amazonaws.com/webhooks. From here you can scroll to the bottom of the page and look at Recent Deliveries.
Could you let me know the latest output from a PR.
John

AWS CodePipeline recognizes my new GitHub commit fine - but how?

I am currently fiddling around with AWS CodePipeline for the first time and set up the Source and the Build step so far with a demo project.
I have connected the Source Step with a GitHub account (a system-account we use), with admin access to all Repos. As the documentation states, the OAuth-scopes admin:repo_hook and repo are required for this to use; which are granted and the connection is fine.
As the title of this question already states: The integration works just fine - when I push a new commit on master to GitHub, the Pipeline starts working and runs through smoothly.
My question however is: How? As the docs state here:
To integrate with GitHub, AWS CodePipeline uses OAuth tokens
however, when looking in my GitHub settings, I would have expected to find the application listed as an "OAuth application" directly on the Repository or on the organization "OAuth applications", but neither is the case!
Thus, I am wondering how CodePipeline recognizes my new commit. Is it polling the SCM or some other sort of magic? I did not find any WebHooks either.
Thank you in advance!
AWS CodePipeline is connected to GitHub via the new "Integrations" concept: https://github.com/integrations/aws-codepipeline
This concept was announced here: https://developer.github.com/changes/2016-09-14-Integrations-Early-Access/
GitHub Integrations authenticate using JSON Web Tokens and private/public keys, so I'm not sure if AWS are technically correct in describing that as "OAuth" or not. Details here: https://developer.github.com/early-access/integrations/authentication/#as-an-integration

Deploy as Jenkins User or Allow Jenkins To Run As Different User?

I'm just getting started with Jenkins CI, and had a question which I'm
struggling to find answers for in the docs or online. Wonder if
someone might be able to offer some advice?
I'm attempting to use it to automatically deploy my dev and stage
branches of my Django projects which are hosted on a Github
organisation repository (ie, private). At the moment I have a user
"django" who can access the Github repo via a Github deploy key. My
Jenkins user can't access the repo. What's the best practice way of
dealing with this - should I be creating an ssh deploy key for the
"jenkins" user, or should I be getting Jenkins to run as my "django"
user? I've seen mention if a HUDSON_USER in a newsgroup post, but I
can't find reference to this in the docs.
Many thanks!
Ludo.
I have not worked with Github and so this answer may not apply at all, but we do use Jenkins and we use both CVS & Subversion for source control.
In our system, we use different username/password combinations for all three (Jenkins, CVS, Subversion), and it has had no adverse effects yet (it has been a year since we deployed Hudson - currently building 50+ projects).
As long as you can get Jenkins to access the repo using your github deploy key, you shouldn't have to change Jenkins to run as django, or create a jenkins user key for github. Personally, I would keep them separate.
Did you try this?
Contact your OS admin team to grant to access to perform few operations on your version control using SUDO access.
OR
run the command using
sudo -H -u <username> command parameters..