search

jenkinsci / gitlab-plugin

A Jenkins plugin for interfacing with GitLab
https://plugins.jenkins.io/gitlab-plugin/
GNU General Public License v2.0
1.44k stars 612 forks source link

HTTP 403 Forbidden not treated as an error for step: updateGitlabCommitStatus #1623

Open screwyy opened 6 months ago

screwyy commented 6 months ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.426.1 OS: Linux - 3.10.0-1160.59.1.el7.x86_64 Java: 17.0.9 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- ace-editor:1.1 analysis-model-api:11.14.0 ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 artifactory:4.0.1 audit-trail:361.v82cde86c784e authentication-tokens:1.53.v1c90fd9191a_b_ authorize-project:1.7.1 blueocean:1.27.9 blueocean-autofavorite:1.2.5 blueocean-bitbucket-pipeline:1.27.9 blueocean-commons:1.27.9 blueocean-config:1.27.9 blueocean-core-js:1.27.9 blueocean-dashboard:1.27.9 blueocean-display-url:2.4.2 blueocean-events:1.27.9 blueocean-git-pipeline:1.27.9 blueocean-github-pipeline:1.27.9 blueocean-i18n:1.27.9 blueocean-jira:1.27.9 blueocean-jwt:1.27.9 blueocean-personalization:1.27.9 blueocean-pipeline-api-impl:1.27.9 blueocean-pipeline-editor:1.27.9 blueocean-pipeline-scm-api:1.27.9 blueocean-rest:1.27.9 blueocean-rest-impl:1.27.9 blueocean-web:1.27.9 bootstrap5-api:5.3.2-3 bouncycastle-api:2.30.1.77-225.v26ea_c9455fd9 branch-api:2.1144.v1425d1c3d5a_7 build-discarder:139.v05696a_7fe240 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.0.2 cloudbees-bitbucket-branch-source:856.v04c46c86f911 cloudbees-disk-usage-simple:203.v3f46a_7462b_1a_ cloudbees-folder:6.858.v898218f3609d command-launcher:107.v773860566e2e commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.11.0-95.v22a_d30ee5d36 config-file-provider:959.vcff671a_4518b_ configuration-as-code:1763.vb_fe9c1b_83f7b copyartifact:705.v5295cffec284 credentials:1311.vcf0a_900b_37c2 credentials-binding:642.v737c34dea_6c2 cucumber-reports:5.8.1 data-tables-api:1.13.8-2 database:191.vd5981b_97a_5fa_ database-mysql:34.va_cfc7a_5a_ef30 dependency-check-jenkins-plugin:5.4.3 discard-old-build:1.07 display-url-api:2.200.vb_9327d658781 docker-commons:439.va_3cb_0a_6a_fb_29 docker-compose-build-step:1.0 docker-workflow:572.v950f58993843 dtkit-api:3.0.2 durable-task:543.v262f6a_803410 echarts-api:5.4.3-2 email-ext:2.103 emotional-jenkins-plugin:1.2 extended-choice-parameter:376.v2e02857547b_a_ extended-read-permission:53.v6499940139e5 external-monitor-job:215.v2e88e894db_f8 favorite:2.208.v91d65b_7792a_c font-awesome-api:6.5.1-1 forensics-api:2.3.0 gatling:1.3.0 git:5.2.1 git-client:4.6.0 git-server:99.va_0826a_b_cdfa_d github:1.37.3.1 github-api:1.318-461.v7a_c09c9fa_d63 github-branch-source:1767.va_7d01ea_c7256 gitlab-plugin:1.8.0 gradle:2.9 groovy:457.v99900cb_85593 gson-api:2.10.1-15.v0d99f670e0a_7 h2-api:11.1.4.199-12.v9f4244395f7a_ handlebars:3.0.8 handy-uri-templates-2-api:2.1.8-30.v7e777411b_148 htmlpublisher:1.32 instance-identity:185.v303dc7c645f9 internetmeme:1.0 ionicons-api:56.v1b_1c8c49374e ivy:2.5 jackson2-api:2.16.1-373.ve709c6871598 jacoco:3.3.5 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javadoc:243.vb_b_503b_b_45537 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.9-1 jdk-tool:73.vddf737284550 jenkins-design-language:1.27.9 jersey2-api:2.41-133.va_03323b_a_1396 jira:3.12 jjwt-api:0.11.5-77.v646c772fddb_0 job-dsl:1.87 joda-time-api:2.12.5-5.v5495a_235fedf jquery:1.12.4-1 jquery-detached:1.2.1 jquery-ui:1.0.2 jquery3-api:3.7.1-1 jsch:0.2.16-86.v42e010d9484b_ json-api:20231013-17.v1c97069404b_e json-path-api:2.8.0-21.v8b_7dc8b_1037b_ junit:1252.vfc2e5efa_294f junit-attachments:205.vc0677977deb_0 ldap:711.vb_d1a_491714dc mailer:463.vedf8358e006b_ matrix-auth:3.2.1 matrix-project:822.v01b_8c85d16d2 mattermost:3.1.3 maven-plugin:3.22 mercurial:1260.vdfb_723cdcc81 metrics:4.2.18-442.v02e107157925 mina-sshd-api-common:2.11.0-86.v836f585d47fa_ mina-sshd-api-core:2.11.0-86.v836f585d47fa_ momentjs:1.1.1 mysql-api:8.2.0-17.v16b_770955e53 okhttp-api:4.11.0-157.v6852a_a_fa_ec11 pam-auth:1.10 pipeline-build-step:540.vb_e8849e1a_b_d8 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:689.veec561a_dee13 pipeline-input-step:477.v339683a_8d55e pipeline-maven:1298.v43b_82f220a_e9 pipeline-maven-api:1368.vfb_8509d7b_869 pipeline-maven-database:1368.vfb_8509d7b_869 pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2168.vf921b_4e72c73 pipeline-model-definition:2.2168.vf921b_4e72c73 pipeline-model-extensions:2.2168.vf921b_4e72c73 pipeline-rest-api:2.34 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2168.vf921b_4e72c73 pipeline-stage-view:2.34 pipeline-utility-steps:2.16.0 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.8.0 prism-api:1.29.0-10 prometheus:2.5.0 publish-over:0.22 publish-over-cifs:0.16 publish-over-ssh:1.25 pubsub-light:1.18 purge-job-history:1.6 pyenv-pipeline:2.1.2 resource-disposer:0.23 role-strategy:689.v731678c3e0eb_ run-condition:1.7 rundeck:3.6.12 scm-api:683.vb_16722fb_b_80b_ script-security:1313.v7a_6067dc7087 slack:684.v833089650554 snakeyaml-api:2.2-111.vc6598e30cc65 sonar:2.17.1 sse-gateway:1.26 ssh:2.6.1 ssh-agent:346.vda_a_c4f2c8e50 ssh-credentials:308.ve4497b_ccd8f4 ssh-slaves:2.947.v64ee6b_f87b_c1 sshd:3.312.v1c601b_c83b_0e structs:325.vcb_307d2a_2782 swarm:3.44 timestamper:1.26 token-macro:400.v35420b_922dcb_ trilead-api:2.133.vfb_8a_7b_9c5dd1 variant:60.v7290fc0eb_b_cd warnings-ng:10.7.0 windows-slaves:1.8.1 workflow-aggregator:596.v8c21c963d92d workflow-api:1283.v99c10937efcb_ workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3837.v305192405b_c0 workflow-cps-global-lib:609.vd95673f149b_b workflow-durable-task-step:1313.vcb_970b_d2a_fb_3 workflow-job:1385.vb_58b_86ea_fff1 workflow-multibranch:770.v1a_d0708dd1f6 workflow-scm-step:415.v434365564324 workflow-step-api:639.v6eca_cd8c04a_a_ workflow-support:865.v43e78cc44e0d ws-cleanup:0.45 xunit:3.1.3 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Docker official LTS image

Reproduction steps

use updateGitlabCommitStatus as a step and if you receive 403 the pipeline does not fail, it acts as if all is good

    stages {
        stage('notify SourceHub about pipeline start') {
            steps {
                updateGitlabCommitStatus name: 'test', state: 'running'
            }
        }

Expected Results

step/stage failed

Actual Results

the pipeline just passes along as if nothing happened

[Pipeline] stage
[Pipeline] { (notify SourceHub about pipeline start)
[Pipeline] updateGitlabCommitStatus ([hide](http://jenkins/job/nsi/job/ansible-inventories/job/master/3113/console#))
Failed to update GitLab commit status for project '/ansible-inventories': HTTP 403 Forbidden
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Clean workspace on the master branch)
[Pipeline] cleanWs

Anything else?

The reason for 403 is because the user we are using got blocked today by mistake and even if we use tokens the auth part does not work. So we know why, we just want the pipeline to fail if there was an error updating gitlab in any way

Are you interested in contributing a fix?

No response