jenkinsconfigurationgerrit-trigger

No verdict from my Jenkins to Gerrithub

I have set up a job in Jenkins to give verdicts to GerritHub.io reviews. The job is triggered correctly when a code change is pushed for review and Jenkins gives comments in GerritHub when build starts and build result. My Gerrit Server definition in jenkins is configured to give verdicts on build failed, build unstable and build success.

BUT: No verdict vote is given.

UPDATE: Logging in as the Jenkins user in the GUI showed that the Jenkins user only has permissions to do Code Review: -1..1. So I changed my Gerrit server settings in Jenkins to only provide Code Review. Now it works but only for 'Code Review', not for 'Verified'. It shows that the restriction is in GerritHub.io and that it should be possible to configure it there.

Solution

  • Follow the documentation on the Jenkins plugin page regarding access rights, but instead of Non-Interactive Users, add the user that your Jenkins is using. (I prefer to have a separate user named 'Jenkins' in my review verdicts)

    [access "refs/heads/*"]
label-Code-Review = -1..+1 group user/<Jenkins User Id>
label-Verified = -1..+1 group user/<Jenkins User Id>

    Access rights for Code-Review already seems to be in place by default, but add both in any case and add the read permission. Access rights are available in the Access tab as normal.

    I made a script for myself to simplify editing access rights. I created the access rights once and checked in the files 'groups' and 'project.config' to a github repo. Here's the script:

    #!/bin/bash
usage(){
  echo "Parameter 1: userid (GitHub & GerritHub)"
  echo "Parameter 2: repository name"
  exit 1
}

printline(){
  echo -e "${GRAY}====================${BLACK}"
}

check(){
  if [[ $? -ne 0 ]]; then
    echo -e "${RED}Failed: ${1}${BLACK}"
    echo $2
    rm -rf $tmp
    exit 1
  else
    echo -e "$1 - ${GREEN}DONE${BLACK}"
    printline
  fi
}

if [[ $# -ne 2 ]]; then
  usage
fi

RED='\033[0;31m'  
GREEN='\033[0;32m'  
GRAY='\033[1;30m'  
BLACK='\033[0m'   # No Color
userid=$1
repo=$2
organization="FILL IN HERE"
template="FILL IN HERE"

if [[ -z "$userid" ]]; then
  usage
fi

if [[ -z "$repo" ]]; then
  usage
fi

tmp=$(mktemp -d)

[[ -f ~/.ssh/id_rsa ]] && [[ -f ~/.ssh/id_rsa.pub ]] 
check "Check key pair in ~/.ssh/" ""

cd $tmp

git clone git@github.com:${organization}/${repo}.git
check "Clone $repo to $tmp " "(project created in GitHub? https://github.com/organizations/${organization}/repositories/new)"

cd $repo

git remote add GerritHub ssh://${userid}@review.gerrithub.io:29418/${organization}/${repo}
check "Add GerritHub as remote " "(is the project imported to GerritHub?  https://review.gerrithub.io/plugins/github-plugin/static/repositories.html)"

git fetch GerritHub  refs/meta/config:refs/remotes/GerritHub/meta/config
check "Get current access config" "(is the project imported to GerritHub?  https://review.gerrithub.io/plugins/github-plugin/static/repositories.html)"

git checkout GerritHub/meta/config
check "Check out meta/config from GerritHub"

git fetch ssh://git@github.com/${organization}/${template} master && git cherry-pick FETCH_HEAD --strategy-option theirs
check "Get access template from GitHub" ""

git push -f GerritHub  HEAD:refs/meta/config
check "Push new access rights to GerritHub" ""

rm -rf $tmp