From b42e5e5c43ed45438e062782988bf59570396b0e Mon Sep 17 00:00:00 2001 From: Kyle Cronin Date: Sat, 1 Mar 2025 11:33:10 -0500 Subject: [PATCH 1/2] fix: bitbucket service pull request build status from different source The commit 7ac886d switched to the newer repository commit build status api. This introduced a regression in the case the PR source repository is not the same as the target, for example a person fork. In this case the bitbucket api created from the PR head will point to the fork repo and may result in a 401 error if the credentials don't have the necessary permissions. ``` ERROR: Could not send notifications com.cloudbees.jenkins.plugins.bitbucket.api.BitbucketRequestException: HTTP request error. Status: HTTP/1.1 401 Response: {"errors":[{"context":null,"message":"You are not permitted to access this resource","exceptionName":"com.atlassian.bitbucket.AuthorisationException"}]} ``` This change will force the bitbucket api instance to be the target repo which is the appropriate target for the notification. The old api was commit hash centric, not project centric, so the api client owner/repo didn't matter. No changes were made to the Bitbucket Cloud code path. --- .../BitbucketBuildStatusNotifications.java | 31 ++++++++++--------- 1 file changed, 17 insertions(+), 14 deletions(-) diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java index 04182408a..87cc6d7d8 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java @@ -225,22 +225,25 @@ private static void sendNotifications(BitbucketSCMSource source, Run build listener.getLogger().println("[Bitbucket] Notifying pull request build result"); PullRequestSCMHead head = (PullRequestSCMHead) rev.getHead(); key = getBuildKey(build, head.getOriginName(), shareBuildKeyBetweenBranchAndPR); - /* - * Poor documentation for bitbucket cloud at: - * https://community.atlassian.com/t5/Bitbucket-questions/Re-Builds-not-appearing-in-pull-requests/qaq-p/1805991/comment-id/65864#M65864 - * that means refName null or valued with only head.getBranchName() - * - * For Bitbucket Server, refName should be "refs/heads/" + the name - * of the source branch of the pull request, and the build status - * should be posted to the repository that contains that branch. - * If refName is null, then Bitbucket Server does not show the - * build status in the list of pull requests, but still shows it - * on the web page of the individual pull request. - */ - bitbucket = source.buildBitbucketClient(head); - if (BitbucketApiUtils.isCloud(bitbucket)) { + if (BitbucketApiUtils.isCloud(source.getServerUrl())) { + /* + * Poor documentation for bitbucket cloud at: + * https://community.atlassian.com/t5/Bitbucket-questions/Re-Builds-not-appearing-in-pull-requests/qaq-p/1805991/comment-id/65864#M65864 + * that means refName null or valued with only head.getBranchName() + */ + bitbucket = source.buildBitbucketClient(head); refName = null; } else { + // For Bitbucket Server, notify the target of the PR. Head may point to a forked source repo that the + // credentials don't have access to resulting in a 401 error. + bitbucket = source.buildBitbucketClient(); + // For Bitbucket Server, refName should be "refs/heads/" + the name + // of the source branch of the pull request, and the build status + // should be posted to the repository of the pull request target. + // If refName is null, then Bitbucket Server shows the build status + // for all pull requests for the commit id. When refName is provided + // the build status is only shown for the pull request that matches + // the refName and commit id. refName = "refs/heads/" + head.getBranchName(); } } else { From 026bfbea93952aa7cf1fd3463664c5aaaea475dc Mon Sep 17 00:00:00 2001 From: Nikolas Falco Date: Sun, 2 Mar 2025 00:24:11 +0100 Subject: [PATCH 2/2] [JENKINS-74970] Could not send notifications to Bitbucket Server when pull request is from fork Fix how the API client for Bitbucket Server is built to send build notification status of scm head that comes from a fork. In this case user does not have grants on commits in the forked repository. Build notification status must be always placed in the target repository. --- .../BitbucketBuildStatusNotifications.java | 30 +++++++++++-------- 1 file changed, 17 insertions(+), 13 deletions(-) diff --git a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java index 87cc6d7d8..015e881a4 100644 --- a/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java +++ b/src/main/java/com/cloudbees/jenkins/plugins/bitbucket/impl/notifier/BitbucketBuildStatusNotifications.java @@ -218,9 +218,9 @@ private static void sendNotifications(BitbucketSCMSource source, Run build .filters().stream() .anyMatch(ExcludeOriginPRBranchesSCMHeadFilter.class::isInstance); - String key; - String refName; - BitbucketApi bitbucket; + final String key; + final String refName; + final BitbucketApi bitbucket; if (rev instanceof PullRequestSCMRevision) { listener.getLogger().println("[Bitbucket] Notifying pull request build result"); PullRequestSCMHead head = (PullRequestSCMHead) rev.getHead(); @@ -231,19 +231,23 @@ private static void sendNotifications(BitbucketSCMSource source, Run build * https://community.atlassian.com/t5/Bitbucket-questions/Re-Builds-not-appearing-in-pull-requests/qaq-p/1805991/comment-id/65864#M65864 * that means refName null or valued with only head.getBranchName() */ - bitbucket = source.buildBitbucketClient(head); refName = null; + bitbucket = source.buildBitbucketClient(head); } else { - // For Bitbucket Server, notify the target of the PR. Head may point to a forked source repo that the - // credentials don't have access to resulting in a 401 error. + /* + * Head may point to a forked repository that the credentials do + * not have access to, resulting in a 401 error. So we need to + * push build status to the target repository + */ bitbucket = source.buildBitbucketClient(); - // For Bitbucket Server, refName should be "refs/heads/" + the name - // of the source branch of the pull request, and the build status - // should be posted to the repository of the pull request target. - // If refName is null, then Bitbucket Server shows the build status - // for all pull requests for the commit id. When refName is provided - // the build status is only shown for the pull request that matches - // the refName and commit id. + /* + * For Bitbucket Server, refName should be "refs/heads/" + the + * name of the source branch of the pull request, and the build + * status should be posted to the repository that contains that + * branch. If refName is null, then Bitbucket Server does not + * show the build status in the list of pull requests, but still + * shows it on the web page of the individual pull request. + */ refName = "refs/heads/" + head.getBranchName(); } } else {