[JENKINS-62326] Jenkins Gitea Plugin project builds can only be run as SYSTEM user

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: gitea-plugin
Labels:
- gitea
- plugins
Environment:
Jenkins ver. 2.222.3
Gitea Plugin 1.2.0
Firefox 76.0.1 (64-bit)
OpenJDK Runtime Environment (build 1.8.0_242-b08)

Similar Issues:
Powered by SuggestiMate

Show
Released As:
https://github.com/jenkinsci/gitea-plugin/releases/tag/gitea-1.3.0

Running project builds as User who Triggered Build fail. Builds can only be run as SYSTEM. Appears to be a failure to authenticate the jenkins user in the Gitea repo:

Started by user <username>
Running as <username>
Querying the current revision of branch master...
org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 404/Not Found
  at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getObject(DefaultGiteaConnection.java:870)
  at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:271)
  at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187)
  at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
  at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
  at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
  at hudson.model.ResourceController.execute(ResourceController.java:97)
  at hudson.model.Executor.run(Executor.java:428)
Finished: FAILURE

However, when first creating the Gitea organisation in Jenkins, the scan of the organization works correctly and all branches in the repo are correctly built, even if the Gitea organization is created as User who Triggered Build. The problem only occurs when creating individual builds for a selected branch.

Creating builds as SYSTEM is not secure as noted here:

https://www.jenkins.io/doc/book/system-administration/security/build-authorization/

is related to

JENKINS-60017 Gitea PR build fails if Jenkins user is not admin of the repo

Resolved

links to

#30

Paul Eipper added a comment - 2020-06-22 20:02

Having the issue that building works when triggered by a webhook, but a user cannot manually schedule a build, it fails with error 403:

16:54:39  Started by user Paul Eipper
16:54:39  Running as Paul Eipper
16:54:39  Querying the current revision of branch build/integration-private-npm-registry...
16:54:39  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:54:39  	at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983)
16:54:39  	at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293)
16:54:39  	at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265)
16:54:39  	at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187)
16:54:39  	at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
16:54:39  	at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
16:54:39  	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
16:54:39  	at hudson.model.ResourceController.execute(ResourceController.java:97)
16:54:39  	at hudson.model.Executor.run(Executor.java:428)
16:54:39  Finished: FAILURE

Paul Eipper added a comment - 2020-06-22 20:02 Having the issue that building works when triggered by a webhook, but a user cannot manually schedule a build, it fails with error 403: 16:54:39 Started by user Paul Eipper 16:54:39 Running as Paul Eipper 16:54:39 Querying the current revision of branch build/integration- private -npm-registry... 16:54:39 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:54:39 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983) 16:54:39 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293) 16:54:39 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265) 16:54:39 at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187) 16:54:39 at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582) 16:54:39 at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98) 16:54:39 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309) 16:54:39 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:54:39 at hudson.model.Executor.run(Executor.java:428) 16:54:39 Finished: FAILURE

Paul Eipper added a comment - 2020-06-22 20:05

Also, if I replay a pipeline, it fails like so:

16:55:08  Started by user Paul Eipper
16:55:08  Replayed #8
16:55:08  Running as Paul Eipper
16:55:08  [Gitea] Notifying branch build status: PENDING Build started...
16:55:08  ERROR: Could not send notifications
16:55:08  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:55:08  {"context":"myorg/myorg-myproject/pipeline/head","description":"Build started...","state":"pending","status":"pending","target_url":"https://jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration-private-npm-registry/13/display/redirect"}
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onStarted(GiteaNotifier.java:334)
16:55:08    at hudson.model.listeners.RunListener.fireStarted(RunListener.java:238)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:301)
16:55:08    at hudson.model.ResourceController.execute(ResourceController.java:97)
16:55:08    at hudson.model.Executor.run(Executor.java:428)
16:55:08  Querying the current revision of branch build/integration-private-npm-registry...
16:55:08  [Gitea] Notifying branch build status: FAILURE There was a failure building this commit
16:55:08  ERROR: Could not send notifications
16:55:08  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:55:08  {"context":"myorg/myorg-myproject/pipeline/head","description":"There was a failure building this commit","state":"failure","status":"failure","target_url":"https://jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration-private-npm-registry/13/display/redirect"}
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onCompleted(GiteaNotifier.java:322)
16:55:08    at hudson.model.listeners.RunListener.fireCompleted(RunListener.java:209)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.finish(WorkflowRun.java:599)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:343)
16:55:08    at hudson.model.ResourceController.execute(ResourceController.java:97)
16:55:08    at hudson.model.Executor.run(Executor.java:428)
16:55:08  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187)
16:55:08    at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
16:55:08    at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
16:55:08    at hudson.model.ResourceController.execute(ResourceController.java:97)
16:55:08    at hudson.model.Executor.run(Executor.java:428)
16:55:08  Finished: FAILURE

Paul Eipper added a comment - 2020-06-22 20:05 Also, if I replay a pipeline, it fails like so: 16:55:08 Started by user Paul Eipper 16:55:08 Replayed #8 16:55:08 Running as Paul Eipper 16:55:08 [Gitea] Notifying branch build status: PENDING Build started... 16:55:08 ERROR: Could not send notifications 16:55:08 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:55:08 { "context" : "myorg/myorg-myproject/pipeline/head" , "description" : "Build started..." , "state" : "pending" , "status" : "pending" , "target_url" : "https: //jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration- private -npm-registry/13/display/redirect" } 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onStarted(GiteaNotifier.java:334) 16:55:08 at hudson.model.listeners.RunListener.fireStarted(RunListener.java:238) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:301) 16:55:08 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:55:08 at hudson.model.Executor.run(Executor.java:428) 16:55:08 Querying the current revision of branch build/integration- private -npm-registry... 16:55:08 [Gitea] Notifying branch build status: FAILURE There was a failure building this commit 16:55:08 ERROR: Could not send notifications 16:55:08 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:55:08 { "context" : "myorg/myorg-myproject/pipeline/head" , "description" : "There was a failure building this commit" , "state" : "failure" , "status" : "failure" , "target_url" : "https: //jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration- private -npm-registry/13/display/redirect" } 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onCompleted(GiteaNotifier.java:322) 16:55:08 at hudson.model.listeners.RunListener.fireCompleted(RunListener.java:209) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.finish(WorkflowRun.java:599) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:343) 16:55:08 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:55:08 at hudson.model.Executor.run(Executor.java:428) 16:55:08 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187) 16:55:08 at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582) 16:55:08 at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309) 16:55:08 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:55:08 at hudson.model.Executor.run(Executor.java:428) 16:55:08 Finished: FAILURE

charly ghislain added a comment - 2021-08-13 22:39

This prevents an user to trigger a branch build within a gitea multibranch pipeline item, or another build triggering a branch build downstream.

charly ghislain added a comment - 2021-08-13 22:39 This prevents an user to trigger a branch build within a gitea multibranch pipeline item, or another build triggering a branch build downstream.

Lauris BH added a comment - 2021-10-27 09:12

PR merged

Lauris BH added a comment - 2021-10-27 09:12 PR merged

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Paul Eipper added a comment - 2020-06-22 20:02

Expand comment: Paul Eipper added a comment - 2020-06-22 20:02

Collapse comment: Paul Eipper added a comment - 2020-06-22 20:05

Expand comment: Paul Eipper added a comment - 2020-06-22 20:05

Collapse comment: charly ghislain added a comment - 2021-08-13 22:39

Expand comment: charly ghislain added a comment - 2021-08-13 22:39

Collapse comment: Lauris BH added a comment - 2021-10-27 09:12

Expand comment: Lauris BH added a comment - 2021-10-27 09:12

People

Dates