Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
1.1k views
in Technique[技术] by (71.8m points)

git - POST hook on Bitbucket

How to use the POST url in bitbucket on private Jenkins?

I have been experiencing problems with bitbucket and their post commit.

Description :

http://username:password@myjenkins.instance/job/myproject/build?token=mytoken

I have a jenkins instance I would like to trigger on push on certain repositories. Since the jenkins is accessible from the outside (the world wide web), it is protected through the typical user/password system.

When working with Github, I can define the usename and password directly in the URL. When checking the nginx logs, it is clear that github is able to convert that url to login the user. Bitbucket is not.

Here are some nginx logs showing the problem.

Bitbucket post logs :

- - "POST /job/myproject/build?token=mytoken HTTP/1.1" 403 216 "-" "Bitbucket.org"

The interesting part is the 403 error. Acces refused.

Same logs for the Github post hook:

- github - "POST /job/myproject/build?token=mytoken HTTP/1.1" 302 0 "-" "-"

AS the logs show, github is the name of the user I created with the good rights for launching builds.

What can I possibly do to enable the post hook?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

If you want to make BitBucket trigger a Jenkins job execution after a commit in your repo, you have two options:

  • Use the POST hook
  • Use the Jenkins hook

Both using the Jenkins API to trigger the job.

For the POST hook, you basically need to build the url as this:

https://USER:APITOKEN@JENKINS_URL/job/JOBNAME/build?token=TOKEN

where:

  • USER: is the Jenkins user that will trigger the job
  • APITOKEN: is a token associated to that user to allow the use of the API, you can get it from the user configuration page in Jenkins
  • JENKINS_URL: the url of your jenkins server
  • JOBNAME: the name of the job
  • TOKEN: the token associated to the job, you must add it in the job configuration page (enable remote triggers)

The cool thing about this is that you can check if it works just using curl from the console.

Also note there is no password in the url, you have the API TOKEN instead, this is to avoid publishing your user and password. Something else you can do to improve security a little bit, if you have admin rights in the Jenkins server, create a new user with just access rights to read and build jobs, and use it only for this. So you don't have to publish your own user and token, which may have admin rights.

The Jenkins hook works the same way, building the same URL for you, but you don't have the chance to test it (for instance, using curl).

This is based on these documents:

Hope it helps.

Ger


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...