Accessing PR head commit sha from a pipeline using branch source plugin

classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Accessing PR head commit sha from a pipeline using branch source plugin

Julien HENRY-2
Hi,

We are trying to simplify integration of SonarQube with most popular pull request provider, like GitHub or Bitbucket.
Those ALM usually provide some API to report issues on PR (GitHub checks, Bitbucket Code Insight, ...). The APIs require to pass the PR HEAD commit sha1.

We are trying to get this commit ref automatically when the SonarQube scanner is executed in a Jenkins pipeline. The problem I'm facing is that Jenkins is creating a local merge of the PR head with the PR base branch, and the value of GIT_COMMIT is the ref of this local transcient commit, which is pretty useless for reporting back to the ALM.

Example:

For PR with HEAD at ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b:
image.png

Using this pipeline:

node {
stage 'Checkout'
def scmVars = checkout scm
def commitHash = scmVars.GIT_COMMIT
println commitHash

}

Produces this log:

 > git rev-parse --is-inside-work-tree # timeout=10
Fetching changes from the remote Git repository
 > git config remote.origin.url https://github.com/henryju/test-jenkins.git # timeout=10
Fetching without tags
Fetching upstream changes from https://github.com/henryju/test-jenkins.git
 > git --version # timeout=10
using GIT_ASKPASS to set credentials 
 > git fetch --no-tags --force --progress https://github.com/henryju/test-jenkins.git +refs/pull/1/head:refs/remotes/origin/PR-1 +refs/heads/master:refs/remotes/origin/master
Merging remotes/origin/master commit 57ff7166357a4939da69bc43db84961536557c21 into PR head commit ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b
 > git config core.sparsecheckout # timeout=10
 > git checkout -f ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b
 > git merge 57ff7166357a4939da69bc43db84961536557c21 # timeout=10
 > git rev-parse HEAD^{commit} # timeout=10
Merge succeeded, producing 6a95262014cca41cf11e810401bd5c1bc0954515
Checking out Revision 6a95262014cca41cf11e810401bd5c1bc0954515 (PR-1)
 > git config core.sparsecheckout # timeout=10
 > git checkout -f 6a95262014cca41cf11e810401bd5c1bc0954515
Commit message: "Merge commit '57ff7166357a4939da69bc43db84961536557c21' into HEAD"
 > git rev-list --no-walk ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b # timeout=10


GIT_COMMIT will return 6a95262014cca41cf11e810401bd5c1bc0954515 while this is useless for reporting issues in GitHub. Is there any simple way (except some fragile local Git operation) to access the original Git sha1 that triggered the PR build? In my example I need to get ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b

Note that I have the same need with the Bitbucket Branch Source Plugin.

Thanks,

Julien Henry | SonarSource

Developer

https://sonarsource.com

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAD9wyxE5J9JN5H%2BToScP-vjudgoj3B59sRn07SrQtvr4uOiy3Q%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Jesse Glick-4
On Tue, Jun 4, 2019 at 5:16 PM Julien HENRY
<[hidden email]> wrote:
> Is there any simple way (except some fragile local Git operation) to access the original Git sha1 that triggered the PR build? In my example I need to get ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b

There is not currently any environmental variable for that purpose
that I know of. You can simply try publishing a commit status for the
hash you are given, and if that gives a 422 response, try its first
parent instead, as I suggested in the thread leading to

https://jira.sonarsource.com/browse/SONAR-10794

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr1Dt3Bn3MWKM9uBaeDYnXxjwEUVuZC5Wai2Fh5i3xHv%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Joseph P
Jesse that is simply not true for branch source plugins:

branch source plugin uses branch API plugin which contributes the environment variables.

Hopefully, you find that helpful Julien

On Wednesday, June 5, 2019 at 3:07:31 AM UTC+2, Jesse Glick wrote:
On Tue, Jun 4, 2019 at 5:16 PM Julien HENRY
<<a href="javascript:" target="_blank" gdf-obfuscated-mailto="JsHjRso7BQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">julie...@...> wrote:
> Is there any simple way (except some fragile local Git operation) to access the original Git sha1 that triggered the PR build? In my example I need to get ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b

There is not currently any environmental variable for that purpose
that I know of. You can simply try publishing a commit status for the
hash you are given, and if that gives a 422 response, try its first
parent instead, as I suggested in the thread leading to

<a href="https://jira.sonarsource.com/browse/SONAR-10794" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;">https://jira.sonarsource.com/browse/SONAR-10794

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/907e03d2-62bf-48ca-b39f-4bf4786b945e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Joseph P
To clarify from the SCMHead: you should be able to get the commit sha

On Wednesday, June 5, 2019 at 12:37:37 PM UTC+2, Joseph P wrote:
Jesse that is simply not true for branch source plugins:

branch source plugin uses branch API plugin which contributes the environment variables.
There is also a way for plugins to retrieve this see <a href="https://github.com/jenkinsci/branch-api-plugin/blob/master/src/main/java/jenkins/branch/BranchNameContributor.java" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fbranch-api-plugin%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fbranch%2FBranchNameContributor.java\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFGFCdYPwHSxhHjrHdZAJyJMM6n_Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fbranch-api-plugin%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fbranch%2FBranchNameContributor.java\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFGFCdYPwHSxhHjrHdZAJyJMM6n_Q&#39;;return true;">https://github.com/jenkinsci/branch-api-plugin/blob/master/src/main/java/jenkins/branch/BranchNameContributor.java
and <a href="https://github.com/jenkinsci/office-365-connector-plugin/blob/8b8834c9766b12ae71820a4090caa094f66d5cf1/src/main/java/jenkins/plugins/office365connector/ActionableBuilder.java#L59-L88" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Foffice-365-connector-plugin%2Fblob%2F8b8834c9766b12ae71820a4090caa094f66d5cf1%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fplugins%2Foffice365connector%2FActionableBuilder.java%23L59-L88\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH5-ZPqhS4dtKkcIp21xx92X54VJw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Foffice-365-connector-plugin%2Fblob%2F8b8834c9766b12ae71820a4090caa094f66d5cf1%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fplugins%2Foffice365connector%2FActionableBuilder.java%23L59-L88\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH5-ZPqhS4dtKkcIp21xx92X54VJw&#39;;return true;">https://github.com/jenkinsci/office-365-connector-plugin/blob/8b8834c9766b12ae71820a4090caa094f66d5cf1/src/main/java/jenkins/plugins/office365connector/ActionableBuilder.java#L59-L88

Hopefully, you find that helpful Julien

On Wednesday, June 5, 2019 at 3:07:31 AM UTC+2, Jesse Glick wrote:
On Tue, Jun 4, 2019 at 5:16 PM Julien HENRY
<[hidden email]> wrote:
> Is there any simple way (except some fragile local Git operation) to access the original Git sha1 that triggered the PR build? In my example I need to get ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b

There is not currently any environmental variable for that purpose
that I know of. You can simply try publishing a commit status for the
hash you are given, and if that gives a 422 response, try its first
parent instead, as I suggested in the thread leading to

<a href="https://jira.sonarsource.com/browse/SONAR-10794" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;">https://jira.sonarsource.com/browse/SONAR-10794

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/1eac901a-893e-4566-8d8d-c785c32b48b0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Joseph P
If SCMHead is not the thing you want:
You can retrieve from the git build data:
https://github.com/jenkinsci/git-plugin/blob/master/src/main/java/hudson/plugins/git/GitSCM.java#L1328

On Wednesday, June 5, 2019 at 12:39:19 PM UTC+2, Joseph P wrote:
To clarify from the SCMHead: you should be able to get the commit sha

On Wednesday, June 5, 2019 at 12:37:37 PM UTC+2, Joseph P wrote:
Jesse that is simply not true for branch source plugins:

branch source plugin uses branch API plugin which contributes the environment variables.
There is also a way for plugins to retrieve this see <a href="https://github.com/jenkinsci/branch-api-plugin/blob/master/src/main/java/jenkins/branch/BranchNameContributor.java" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fbranch-api-plugin%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fbranch%2FBranchNameContributor.java\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFGFCdYPwHSxhHjrHdZAJyJMM6n_Q&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Fbranch-api-plugin%2Fblob%2Fmaster%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fbranch%2FBranchNameContributor.java\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFGFCdYPwHSxhHjrHdZAJyJMM6n_Q&#39;;return true;">https://github.com/jenkinsci/branch-api-plugin/blob/master/src/main/java/jenkins/branch/BranchNameContributor.java
and <a href="https://github.com/jenkinsci/office-365-connector-plugin/blob/8b8834c9766b12ae71820a4090caa094f66d5cf1/src/main/java/jenkins/plugins/office365connector/ActionableBuilder.java#L59-L88" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Foffice-365-connector-plugin%2Fblob%2F8b8834c9766b12ae71820a4090caa094f66d5cf1%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fplugins%2Foffice365connector%2FActionableBuilder.java%23L59-L88\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH5-ZPqhS4dtKkcIp21xx92X54VJw&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fjenkinsci%2Foffice-365-connector-plugin%2Fblob%2F8b8834c9766b12ae71820a4090caa094f66d5cf1%2Fsrc%2Fmain%2Fjava%2Fjenkins%2Fplugins%2Foffice365connector%2FActionableBuilder.java%23L59-L88\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH5-ZPqhS4dtKkcIp21xx92X54VJw&#39;;return true;">https://github.com/jenkinsci/office-365-connector-plugin/blob/8b8834c9766b12ae71820a4090caa094f66d5cf1/src/main/java/jenkins/plugins/office365connector/ActionableBuilder.java#L59-L88

Hopefully, you find that helpful Julien

On Wednesday, June 5, 2019 at 3:07:31 AM UTC+2, Jesse Glick wrote:
On Tue, Jun 4, 2019 at 5:16 PM Julien HENRY
<[hidden email]> wrote:
> Is there any simple way (except some fragile local Git operation) to access the original Git sha1 that triggered the PR build? In my example I need to get ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b

There is not currently any environmental variable for that purpose
that I know of. You can simply try publishing a commit status for the
hash you are given, and if that gives a 422 response, try its first
parent instead, as I suggested in the thread leading to

<a href="https://jira.sonarsource.com/browse/SONAR-10794" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;">https://jira.sonarsource.com/browse/SONAR-10794

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/7169e402-4c4f-4d73-906f-fc72327e764f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Julien HENRY-2
In reply to this post by Jesse Glick-4
Hi Jesse,

Publishing of PR status happens on SonarQube server side, asynchronously. Since the commit hash we are collecting currently in the pipeline is something transient that doesn't exists on GitHub, it is impossible to find the parent. We would have to collect the parent in advance directly in the scanner/pipeline, running some Git commands. I started to think about it, but I see many corner cases.

First issue is that Jenkins offers multiple PR strategies (with merge or not). So we would have to do some logic to find if current commit is a merge commit, or maybe look directly for symbolic ref refs/remotes/origin/${BRANCH_NAME} ?
Second issue is that I know some users are doing some Git operations in their pipeline. That could affect our heuristic since our scanner may be called after they already manipulated the repo.

In my opinion it would be much more reliable to have the branch source plugin exposing it as an env variable directly. I don't think this is something too SonarQube specific, since this commit hash is what is needed to report PR status/GitHub check/Bitbucket Code Insight.

@Joseph thanks for the tips, but we would like our scanner to be used in a Jenkins pipeline as a "normal" command line tool. So we don't have access to Jenkins API, only to the job env variables, and possibly doing some Git operations.


Le mercredi 5 juin 2019 03:07:31 UTC+2, Jesse Glick a écrit :
On Tue, Jun 4, 2019 at 5:16 PM Julien HENRY
<<a href="javascript:" target="_blank" gdf-obfuscated-mailto="JsHjRso7BQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">julie...@...> wrote:
> Is there any simple way (except some fragile local Git operation) to access the original Git sha1 that triggered the PR build? In my example I need to get ab86fe3afa0b9473ea9da76c87872bf89b9b5f3b

There is not currently any environmental variable for that purpose
that I know of. You can simply try publishing a commit status for the
hash you are given, and if that gives a 422 response, try its first
parent instead, as I suggested in the thread leading to

<a href="https://jira.sonarsource.com/browse/SONAR-10794" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fjira.sonarsource.com%2Fbrowse%2FSONAR-10794\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFa0Dqz_-2FNIKtIOMK0D79HxB3zg&#39;;return true;">https://jira.sonarsource.com/browse/SONAR-10794

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/df3df1c1-5ff8-4ff7-92c4-ae08fa7ac08e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Jesse Glick-4
In reply to this post by Joseph P
On Wed, Jun 5, 2019 at 6:37 AM Joseph P <[hidden email]> wrote:
> branch source plugin uses branch API plugin which contributes the environment variables.
> There is also a way for plugins to retrieve this see https://github.com/jenkinsci/branch-api-plugin/blob/master/src/main/java/jenkins/branch/BranchNameContributor.java

Yes `BranchNameContributor` adds certain environment variables, but
none which would indicate a PR head commit hash. That is a concept
which is specific to GitHub (or analogous systems), so it cannot be in
`branch-api`. For example, `github-branch-source` _could_ be enhanced
to define an `EnvironmentContributor` for
`PullRequestSCMRevision.pullHash`. Alternately,
`ChangeRequestSCMRevision` could be enhanced to allow subtypes to
define an opaque “commit ID” token, in which case
`BranchNameContributor` could bind it when set and
`PullRequestSCMRevision` and its analogues could implement the API.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr3d96GM4n%2Bz3SWCtN7rGKLsL%3D_qXp4cooMPjognnto9nA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Jesse Glick-4
In reply to this post by Julien HENRY-2
On Wed, Jun 5, 2019 at 8:21 AM Julien HENRY
<[hidden email]> wrote:
> Since the commit hash we are collecting currently in the pipeline is something transient that doesn't exists on GitHub

Note that as of JENKINS-43194 it _may_ be visible from GitHub APIs. I
would not advise relying on that, though.

> Jenkins offers multiple PR strategies (with merge or not). So we would have to do some logic to find if current commit is a merge commit

Well my offhand suggestion was:

· Try publishing a status for the recorded commit as is. If that worked, great.
· If that gave a 422, and the commit was a merge commit, try
publishing a status for its parent parent.

> some users are doing some Git operations in their pipeline. That could affect our heuristic since our scanner may be called after they already manipulated the repo.

Yes, this is always a risk.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2d%2BCbgHPbfcuBtqwvt%3De%3DOnxbNghjnm3YyPZzfdXoUfA%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Julien HENRY-2
FYI, the kind of trick I would like to avoid to maintain is what this project is doing:
https://github.com/deis/workflow-cli/blob/a285f6914f10ce81d0afe5d53603aa36cda78ccd/Jenkinsfile#L67


Le mercredi 5 juin 2019 16:03:34 UTC+2, Jesse Glick a écrit :
On Wed, Jun 5, 2019 at 8:21 AM Julien HENRY
<<a href="javascript:" target="_blank" gdf-obfuscated-mailto="G1Z2rSNmBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">julie...@...> wrote:
> Since the commit hash we are collecting currently in the pipeline is something transient that doesn't exists on GitHub

Note that as of JENKINS-43194 it _may_ be visible from GitHub APIs. I
would not advise relying on that, though.

> Jenkins offers multiple PR strategies (with merge or not). So we would have to do some logic to find if current commit is a merge commit

Well my offhand suggestion was:

· Try publishing a status for the recorded commit as is. If that worked, great.
· If that gave a 422, and the commit was a merge commit, try
publishing a status for its parent parent.

> some users are doing some Git operations in their pipeline. That could affect our heuristic since our scanner may be called after they already manipulated the repo.

Yes, this is always a risk.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/792283f1-f5d7-4620-9d94-f7536b57d68b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Jesse Glick-4
On Wed, Jun 5, 2019 at 11:06 AM Julien HENRY
<[hidden email]> wrote:
> https://github.com/deis/workflow-cli/blob/a285f6914f10ce81d0afe5d53603aa36cda78ccd/Jenkinsfile#L67

That particular implementation is wrong anyway, since the PR head
commit might happen to be a merge commit, for example by a developer
resolving conflicts with the base branch.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr39DuDOx8Ajb1GnHUxawomxjTjm4W5_0D2z1ZoquqhY9w%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Julien HENRY-2
Hi Jesse,

Our users are strongly asking for a better support of PR status update by SonarQube/SonarCloud when build is triggered by Jenkins. We don't like the try-fail strategy (trying to annotate current commit, then fallback on parent).
Would you be ok to accept a contribution from SonarSource where we would add a new env variable (like CHANGE_COMMIT) to expose the PR head commit sha to the pipeline? We are interested to support both GitHub and Bitbucket, so we would ensure it works at least for those 2 plugins.

++

Julien

Le mercredi 5 juin 2019 18:11:17 UTC+2, Jesse Glick a écrit :
On Wed, Jun 5, 2019 at 11:06 AM Julien HENRY
<<a href="javascript:" target="_blank" gdf-obfuscated-mailto="6KwR0BttBQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">julie...@...> wrote:
> <a href="https://github.com/deis/workflow-cli/blob/a285f6914f10ce81d0afe5d53603aa36cda78ccd/Jenkinsfile#L67" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fdeis%2Fworkflow-cli%2Fblob%2Fa285f6914f10ce81d0afe5d53603aa36cda78ccd%2FJenkinsfile%23L67\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFOVg0aMIh4dFzM5xgBtWJLpywwPg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fgithub.com%2Fdeis%2Fworkflow-cli%2Fblob%2Fa285f6914f10ce81d0afe5d53603aa36cda78ccd%2FJenkinsfile%23L67\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNFOVg0aMIh4dFzM5xgBtWJLpywwPg&#39;;return true;">https://github.com/deis/workflow-cli/blob/a285f6914f10ce81d0afe5d53603aa36cda78ccd/Jenkinsfile#L67

That particular implementation is wrong anyway, since the PR head
commit might happen to be a merge commit, for example by a developer
resolving conflicts with the base branch.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/b5024d40-f47d-4893-b225-4593e984dc00%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Jesse Glick-4
On Wed, Jun 12, 2019 at 3:56 AM Julien HENRY
<[hidden email]> wrote:
> Would you be ok to accept a contribution from SonarSource where we would add a new env variable (like CHANGE_COMMIT) to expose the PR head commit sha to the pipeline? We are interested to support both GitHub and Bitbucket, so we would ensure it works at least for those 2 plugins.

Sounds good, especially if it is done the right way using
`ChangeRequestSCMRevision` as previously noted.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr0nNixaHBj30F%2BCLbLTC920Y%2B0yQhm2LL57wqdk1Ra3ow%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Ivan Fernandez Calvo
In reply to this post by Julien HENRY-2
we faced the same problem a few months ago, we've resolved it by adding a calculated environment variable for more details see https://groups.google.com/forum/#!topic/jenkinsci-dev/Dus0VX6y04g 

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ee8163ba-5f14-48f8-b888-0983d67e22f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Julien HENRY-2
Hi Ivan,

Thanks for the notice. Your solution is heavily relying on the presence of the GIT_COMMIT variable, which was not defined out of the box in my tests. I had to get it from the return of the checkout step, which is not a good solution for us, since we want our step to work without asking users to do extra logic in their pipeline.


Julien Henry | SonarSource

Developer

https://sonarsource.com



Le jeu. 13 juin 2019 à 13:46, Ivan Fernandez Calvo <[hidden email]> a écrit :
we faced the same problem a few months ago, we've resolved it by adding a calculated environment variable for more details see https://groups.google.com/forum/#!topic/jenkinsci-dev/Dus0VX6y04g 

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Developers" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-dev/-ojqklsaKbw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/ee8163ba-5f14-48f8-b888-0983d67e22f4%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CAD9wyxETk-FSuxLWz_sgrbtJD4MDdOUkLgeS6cHRxH%3De0SDS%2BQ%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.
Reply | Threaded
Open this post in threaded view
|

Re: Accessing PR head commit sha from a pipeline using branch source plugin

Jesse Glick-4
On Thu, Jun 13, 2019 at 8:53 AM Julien HENRY
<[hidden email]> wrote:
> the GIT_COMMIT variable […] was not defined out of the box in my tests. I had to get it from the return of the checkout step

Yes, each `checkout` step in the build, of which there could be zero
or more, can return its own metadata.

For a branch project (such as a build of a GH PR),
`BranchNameContributor` sets build-wide environment variables
corresponding to the revision associated with the build overall. This
is what you would get if you `checkout scm`.

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/CANfRfr2d5Uawmzr-ybfbFjL8jNorY03NZ2Gjc2uoi0YyFxT-Ww%40mail.gmail.com.
For more options, visit https://groups.google.com/d/optout.