Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-62326

Jenkins Gitea Plugin project builds can only be run as SYSTEM user

    XMLWordPrintable

Details

    • Bug
    • Status: Closed (View Workflow)
    • Major
    • Resolution: Fixed
    • gitea-plugin
    • Jenkins ver. 2.222.3
      Gitea Plugin 1.2.0
      Firefox 76.0.1 (64-bit)
      OpenJDK Runtime Environment (build 1.8.0_242-b08)

    Description

      Running project builds as User who Triggered Build fail. Builds can only be run as SYSTEM. Appears to be a failure to authenticate the jenkins user in the Gitea repo:

      Started by user <username>
Running as <username>
Querying the current revision of branch master...
org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 404/Not Found
  at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getObject(DefaultGiteaConnection.java:870)
  at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:271)
  at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187)
  at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
  at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
  at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
  at hudson.model.ResourceController.execute(ResourceController.java:97)
  at hudson.model.Executor.run(Executor.java:428)
Finished: FAILURE

      However, when first creating the Gitea organisation in Jenkins, the scan of the organization works correctly and all branches in the repo are correctly built, even if the Gitea organization is created as User who Triggered Build. The problem only occurs when creating individual builds for a selected branch.

      Creating builds as SYSTEM is not secure as noted here:

      https://www.jenkins.io/doc/book/system-administration/security/build-authorization/

       

       

       

       

       

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-60017 Gitea PR build fails if Jenkins user is not admin of the repo

          • Major - Major loss of function.
          • Resolved
          links to

          Web Link #30

          Activity

            Ascending order - Click to sort in descending order
            lkraider Paul Eipper added a comment -

            Having the issue that building works when triggered by a webhook, but a user cannot manually schedule a build, it fails with error 403:

            16:54:39  Started by user Paul Eipper
16:54:39  Running as Paul Eipper
16:54:39  Querying the current revision of branch build/integration-private-npm-registry...
16:54:39  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:54:39  	at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983)
16:54:39  	at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293)
16:54:39  	at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265)
16:54:39  	at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187)
16:54:39  	at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
16:54:39  	at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
16:54:39  	at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
16:54:39  	at hudson.model.ResourceController.execute(ResourceController.java:97)
16:54:39  	at hudson.model.Executor.run(Executor.java:428)
16:54:39  Finished: FAILURE
            lkraider Paul Eipper added a comment - Having the issue that building works when triggered by a webhook, but a user cannot manually schedule a build, it fails with error 403: 16:54:39 Started by user Paul Eipper 16:54:39 Running as Paul Eipper 16:54:39 Querying the current revision of branch build/integration- private -npm-registry... 16:54:39 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:54:39 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983) 16:54:39 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293) 16:54:39 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265) 16:54:39 at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187) 16:54:39 at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582) 16:54:39 at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98) 16:54:39 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309) 16:54:39 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:54:39 at hudson.model.Executor.run(Executor.java:428) 16:54:39 Finished: FAILURE
            lkraider Paul Eipper added a comment -

            Also, if I replay a pipeline, it fails like so:

            16:55:08  Started by user Paul Eipper
16:55:08  Replayed #8
16:55:08  Running as Paul Eipper
16:55:08  [Gitea] Notifying branch build status: PENDING Build started...
16:55:08  ERROR: Could not send notifications
16:55:08  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:55:08  {"context":"myorg/myorg-myproject/pipeline/head","description":"Build started...","state":"pending","status":"pending","target_url":"https://jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration-private-npm-registry/13/display/redirect"}
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onStarted(GiteaNotifier.java:334)
16:55:08    at hudson.model.listeners.RunListener.fireStarted(RunListener.java:238)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:301)
16:55:08    at hudson.model.ResourceController.execute(ResourceController.java:97)
16:55:08    at hudson.model.Executor.run(Executor.java:428)
16:55:08  Querying the current revision of branch build/integration-private-npm-registry...
16:55:08  [Gitea] Notifying branch build status: FAILURE There was a failure building this commit
16:55:08  ERROR: Could not send notifications
16:55:08  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:55:08  {"context":"myorg/myorg-myproject/pipeline/head","description":"There was a failure building this commit","state":"failure","status":"failure","target_url":"https://jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration-private-npm-registry/13/display/redirect"}
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onCompleted(GiteaNotifier.java:322)
16:55:08    at hudson.model.listeners.RunListener.fireCompleted(RunListener.java:209)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.finish(WorkflowRun.java:599)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:343)
16:55:08    at hudson.model.ResourceController.execute(ResourceController.java:97)
16:55:08    at hudson.model.Executor.run(Executor.java:428)
16:55:08  org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293)
16:55:08    at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265)
16:55:08    at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187)
16:55:08    at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582)
16:55:08    at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98)
16:55:08    at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309)
16:55:08    at hudson.model.ResourceController.execute(ResourceController.java:97)
16:55:08    at hudson.model.Executor.run(Executor.java:428)
16:55:08  Finished: FAILURE
            lkraider Paul Eipper added a comment - Also, if I replay a pipeline, it fails like so: 16:55:08 Started by user Paul Eipper 16:55:08 Replayed #8 16:55:08 Running as Paul Eipper 16:55:08 [Gitea] Notifying branch build status: PENDING Build started... 16:55:08 ERROR: Could not send notifications 16:55:08 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:55:08 { "context" : "myorg/myorg-myproject/pipeline/head" , "description" : "Build started..." , "state" : "pending" , "status" : "pending" , "target_url" : "https: //jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration- private -npm-registry/13/display/redirect" } 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onStarted(GiteaNotifier.java:334) 16:55:08 at hudson.model.listeners.RunListener.fireStarted(RunListener.java:238) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:301) 16:55:08 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:55:08 at hudson.model.Executor.run(Executor.java:428) 16:55:08 Querying the current revision of branch build/integration- private -npm-registry... 16:55:08 [Gitea] Notifying branch build status: FAILURE There was a failure building this commit 16:55:08 ERROR: Could not send notifications 16:55:08 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:55:08 { "context" : "myorg/myorg-myproject/pipeline/head" , "description" : "There was a failure building this commit" , "state" : "failure" , "status" : "failure" , "target_url" : "https: //jenkins.example.com/job/myorg/job/myorg-myproject/job/build%252Fintegration- private -npm-registry/13/display/redirect" } 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.post(DefaultGiteaConnection.java:911) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.createCommitStatus(DefaultGiteaConnection.java:597) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.sendNotifications(GiteaNotifier.java:153) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier.access$400(GiteaNotifier.java:67) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaNotifier$JobCompletedListener.onCompleted(GiteaNotifier.java:322) 16:55:08 at hudson.model.listeners.RunListener.fireCompleted(RunListener.java:209) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.finish(WorkflowRun.java:599) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:343) 16:55:08 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:55:08 at hudson.model.Executor.run(Executor.java:428) 16:55:08 org.jenkinsci.plugin.gitea.client.api.GiteaHttpStatusException: HTTP 403/Forbidden 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.getList(DefaultGiteaConnection.java:983) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranches(DefaultGiteaConnection.java:293) 16:55:08 at org.jenkinsci.plugin.gitea.client.impl.DefaultGiteaConnection.fetchBranch(DefaultGiteaConnection.java:265) 16:55:08 at org.jenkinsci.plugin.gitea.GiteaSCMSource.retrieve(GiteaSCMSource.java:187) 16:55:08 at jenkins.scm.api.SCMSource.fetch(SCMSource.java:582) 16:55:08 at org.jenkinsci.plugins.workflow.multibranch.SCMBinder.create(SCMBinder.java:98) 16:55:08 at org.jenkinsci.plugins.workflow.job.WorkflowRun.run(WorkflowRun.java:309) 16:55:08 at hudson.model.ResourceController.execute(ResourceController.java:97) 16:55:08 at hudson.model.Executor.run(Executor.java:428) 16:55:08 Finished: FAILURE
            cghislai charly ghislain added a comment -

            This prevents an user to trigger a branch build within a gitea multibranch pipeline item, or another build triggering a branch build downstream.

            cghislai charly ghislain added a comment - This prevents an user to trigger a branch build within a gitea multibranch pipeline item, or another build triggering a branch build downstream.
            lafriks Lauris BH added a comment -

            PR merged

            lafriks Lauris BH added a comment - PR merged

            People

              Unassigned Unassigned
              tbaro Tim Baronetti
              Votes:
              2 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: