Jenkins 和 GitHub Webhook:HTTP 403

发布于 2024-12-04 19:47:52 字数 441 浏览 3 评论 0原文

我有一个 GitHub 存储库,我想通过 post-receive 挂钩通知 Jenkins 有新提交。我已将 GitHub 插件安装到 Jenkins 中,并允许 Jenkins 管理它自己的挂钩 URL。该项目具有正确的 git 存储库 URL,并被指示“将更改推送到 GitHub 时构建”。当我让 GitHub 发送测试有效负载时,我在 Jenkins 前面的 nginx Web 服务器中发现了这一点:

207.97.227.233 - - [15/Sep/2011:07:36:51 +0000] "POST /github-webhook/ HTTP/1.1" 403 561 "-" "-"

我正在运行 SSL,所以我禁用了它,但没有效果。我是否需要在权限矩阵中向匿名用户提供特殊权限?

请原谅缺少配置文件:我很高兴分享可能存在的配置文件,但我不知道分享哪些可能有用。

I have a GitHub repository which I would like to have notify Jenkins of new commits via a post-receive hook. I've installed the GitHub plugin into Jenkins and have allowed for Jenkins to manage it's own hook URLs. The project has the correct git repository URL and is instructed to "Build when a change is pushed to GitHub". When I have GitHub send a test payload I find this in the nginx webserver that front's Jenkins:

207.97.227.233 - - [15/Sep/2011:07:36:51 +0000] "POST /github-webhook/ HTTP/1.1" 403 561 "-" "-"

I was running SSL so I disabled it to no effect. Do I need to provide special permissions to an anonymous user in the permissions matrix?

Please forgive the lack of configuration files: I'm happy to share those that might exist but I don't know what might be useful to share.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。

评论(4

放我走吧 2024-12-11 19:47:52

由于我不允许匿名访问,所以我需要为 GitHub 推送创建一个特定用户,并授予其总体读取、作业创建和作业读取权限。还需要将身份验证捆绑到 webhook URL 中,如下所示:

https://foo:[email protected]/github-webhook/

As I don't allow anonymous access, it turns out I needed to create a specific user for GitHub pushes and to grant it Overall read, Job create and Job read. It was also necessary to bundle the authentication into the webhook URL, like so:

https://foo:[email protected]/github-webhook/
屋檐 2024-12-11 19:47:52

来自 Github 的说明(“配置全局身份验证”,第一部分),

1. Create a user in Jenkins which has, at a minimum, Job/Build permissions

2. Log in as that user (this is required even if you are a Jenkins admin user), then click on the user's name in the top right corner of the page

3. Click 'Configure,' then 'Show API Token...', and note/copy the User ID and API Token.

4. In GitLab, when you create webhooks to trigger Jenkins jobs, use this format for the URL and do not enter anything for 'Secret Token': http://USERID:APITOKEN@JENKINS_URL/project/YOUR_JOB

就我而言,我使用了 http://USERID:APITOKEN@myIPaddress:808/ 而没有 project/YOUR_JOB

From Github's instructions ("Configuring global authentication", the first section),

1. Create a user in Jenkins which has, at a minimum, Job/Build permissions

2. Log in as that user (this is required even if you are a Jenkins admin user), then click on the user's name in the top right corner of the page

3. Click 'Configure,' then 'Show API Token...', and note/copy the User ID and API Token.

4. In GitLab, when you create webhooks to trigger Jenkins jobs, use this format for the URL and do not enter anything for 'Secret Token': http://USERID:APITOKEN@JENKINS_URL/project/YOUR_JOB

In my case I used http://USERID:APITOKEN@myIPaddress:808/ and no project/YOUR_JOB

断桥再见 2024-12-11 19:47:52

正如前面提到的,Jenkins 不允许匿名访问(您不希望人们为您触发构建!)。以明文形式添加用户名和密码并不是最好的解决方案。

1) 如果您的 Jenkins 位于 VPN 之后,您需要确保您的 Jenkins Webhooks URL 已公开

2) 在 GitHub 插件配置中添加正确的可访问 Jenkins Webhook URL(https://jenkins.example.com/github-webhook/) 在覆盖 Hook URL

3)在共享密钥部分添加一个密钥(最好是一个长随机字符串)。这将是从 Jenkins 发送到 GitHub 的令牌,反之亦然,用于身份验证。这应该与 GitHub 服务器凭证不同!

4) 确保用户拥有将 Webhooks 添加到您的 GitHub 存储库的所有者访问权限

5) 不要忘记在此之后重新注册 Webhooks

As previously mentioned Jenkins does not allow anonymous access (you don't want people to trigger builds for you!). Adding a username and password in the clear is not the best solution.

1) If your Jenkins is behind a VPN, you need to make sure that your Jenkins webhooks URL are exposed

2) In the GitHub plugin configuration add the correct accessible Jenkins webhook URL(https://jenkins.example.com/github-webhook/) in Override Hook URL

3) Add a secret in the Shared secret section (preferably a long random string). This would be a token sent from Jenkins to GitHub and vice versa for authentication. This should be different from the GitHub Server Credentials!

4) Make sure the user has owner access to add webhooks to your GitHub repos

5) Don't forget to re-register the webhooks after this

浅暮の光 2024-12-11 19:47:52

https://用户名:[email protected]/github-webhook/ 为我工作,但必须对密码进行编码才能使有效负载工作。由于 nginx 授权,我的 github 无法联系 jenkins,但传递用户名和编码密码有效!

https://username:[email protected]/github-webhook/ worked for me but the password has to be encoded for the payload to work. My github was not able to contact jenkins due to nginx authorisation but passing username and encoded password worked!

~没有更多了~
我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
原文