-
Bug
-
Resolution: Unresolved
-
Blocker
-
None
I have the following in a declarative pipeline job:
pipeline {
agent { label "centos7" }
stages {
stage("github => pending") {
steps {
githubNotify status: "PENDING", description: "Build is starting...", credentialsId: "my-credentials", account: "me", repo: "the-repo"
}
}
// ...
When the job runs, I get the following in the console output:
java.lang.IllegalArgumentException: The suplied credentials are invalid to login at org.jenkinsci.plugins.pipeline.githubstatusnotification.GitHubStatusNotificationStep.getGitHubIfValid(GitHubStatusNotificationStep.java:234) at org.jenkinsci.plugins.pipeline.githubstatusnotification.GitHubStatusNotificationStep.getRepoIfValid(GitHubStatusNotificationStep.java:239) at org.jenkinsci.plugins.pipeline.githubstatusnotification.GitHubStatusNotificationStep.access$100(GitHubStatusNotificationStep.java:75) at org.jenkinsci.plugins.pipeline.githubstatusnotification.GitHubStatusNotificationStep$Execution.run(GitHubStatusNotificationStep.java:344) at org.jenkinsci.plugins.pipeline.githubstatusnotification.GitHubStatusNotificationStep$Execution.run(GitHubStatusNotificationStep.java:326) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47) at hudson.security.ACL.impersonate(ACL.java:221) at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44) at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511) at java.util.concurrent.FutureTask.run(FutureTask.java:266) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617) at java.lang.Thread.run(Thread.java:745)
However, I know that these credentials are definitely valid. In the "Manage Jenkins" page, I can test the credentials via the GitHubPullRequestBuilder plugin, and they work, correspond to a user with read/write permissions on this repo, and can even set commit status (manually, via that other plugin).
The repo in question is a private repo, and the value for "Account" corresponds to an organization, not an individual user account. I suspect the latter is probably what's going on here, but I don't see any better way to specify the org that owns the repo than with the account: parameter.
[JENKINS-43370] Pipeline Github Notify Step plugin fails to set commit status on private organization repo
Dan Crosta
created issue -
Dan Crosta
made changes -
| Attachment | New: SnippetGenerator.png [ 37014 ] |
Dan Crosta
added a comment - Here's a screenshot of the snippet generator:
I've also asked on StackOverflow and one theory there is that there might be special characters that are causing problems here. However, I have verified that our password does not have any special characters. The username does if you count "-" (hyphen) as a special character.
Dan Crosta
added a comment - Here's a screenshot of the snippet generator:
I've also asked on StackOverflow and one theory there is that there might be special characters that are causing problems here. However, I have verified that our password does not have any special characters. The username does if you count "-" (hyphen) as a special character. Dan Crosta
added a comment - Hi – any update here? 
Danny
added a comment - Hello, I encountered the same behavior. We use a private GitHub repo. The credentials are rock solid as I'm using the same in Multi-branch Pipeline plugin which is working.
stages {
stage("Stage #1") {
steps {
githubNotify credentialsId: "github_user", repo: 'my-repo', account: "${GITHUB_PR_SOURCE_REPO_OWNER}", sha: "${GITHUB_PR_HEAD_SHA}", description: 'This is an example', status: 'PENDING', targetUrl: 'https://my-jenkins-instance.com'
}
}
I've also tried "repo: https://github.com/my-account/my-repo" but that didn't work aswell.
Danny
added a comment - Hello, I encountered the same behavior. We use a private GitHub repo. The credentials are rock solid as I'm using the same in Multi-branch Pipeline plugin which is working.
stages {
stage( "Stage #1" ) {
steps {
githubNotify credentialsId: "github_user" , repo: 'my-repo' , account: "${GITHUB_PR_SOURCE_REPO_OWNER}" , sha: "${GITHUB_PR_HEAD_SHA}" , description: 'This is an example' , status: 'PENDING' , targetUrl: 'https: //my-jenkins-instance.com'
}
}
I've also tried "repo: https://github.com/my-account/my-repo " but that didn't work aswell. So, this seems confirmed but we are still not getting any problem with our private repos when using the plugin.
Could you please post here any special character the credentials may be using? For example you can get the real credentials and replace all standard characters to preserve anonymity
Can you try if the plugin works in a multibranch pipeline when using the infer capabilities?
Just to clarify, the account property refers to the owner of the repo which is receiving the PR, in this case it should be the organization. firedanny It seems that as account you are using the owner of the fork, and the SHA is the commit (on the organization's repo) you want to notify, that could be easily found in PR GitHub's UI if you do not want/can`t use the Jenkins variable for it
Danny
added a comment - rarabaolaza, same error when trying Multi-branch Pipeline.
I can confirm credentials (user & password) are all flat with no special chars.
The account is the owner of the repo, repo is set to one of the repos under that account and the SHA is the commit to one of the branches of the same repo. Not a fork.
Is there a way to enable more verbose debugging?
Danny
added a comment - rarabaolaza , same error when trying Multi-branch Pipeline.
I can confirm credentials (user & password) are all flat with no special chars.
The account is the owner of the repo, repo is set to one of the repos under that account and the SHA is the commit to one of the branches of the same repo. Not a fork.
Is there a way to enable more verbose debugging? Dan Crosta
added a comment - In my case, too, the password and username contain no special characters (there's a hypen in the user name, if that counts). The repo is private, owned by the org, the account property is set to the org name, etc.
Dan Crosta
added a comment - In my case, too, the password and username contain no special characters (there's a hypen in the user name, if that counts). The repo is private, owned by the org, the account property is set to the org name, etc. We are experiencing this as well. We have special characters in our password but, as we can see from previous comments left by other users, this is probably inconsequential. We have a private repo with an organization and the credentials are verified to have sufficient privileges to set commit statuses.
Bruce Bradley
added a comment - - edited We are experiencing this as well. We have special characters in our password but, as we can see from previous comments left by other users, this is probably inconsequential. We have a private repo with an organization and the credentials are verified to have sufficient privileges to set commit statuses. 
Hello Dan,
We are currently using the plugin to notify private repos for an organization using the `account` property without incidents. With your configuration the repo should be at `https://github.com/me/the-repo
What type of credentials are you using? Username password?
Have you tried your credentials at the snippet generator? The error that you are getting is usually generated by invalid credentials or lack of permission.
Are the credentials you are using folder scoped instead of global? If that is the case you may have fall into https://issues.jenkins-ci.org/browse/JENKINS-42955