search

jenkinsci / gitlab-plugin

A Jenkins plugin for interfacing with GitLab
https://plugins.jenkins.io/gitlab-plugin/
GNU General Public License v2.0
1.44k stars 613 forks source link

UpdateGitlabCommitStatus in Jenkins not Displaying Stages in GitLab UI after Upgrading #1647

Closed AxyRes closed 3 months ago

AxyRes commented 6 months ago

Jenkins and plugins versions report

Environment ``` Jenkins: 2.361.1 OS: Linux - 4.18.0-372.9.1.el8.x86_64 Java: 11.0.15 - Red Hat, Inc. (OpenJDK 64-Bit Server VM) ----------- gitlab-api:5.1.0-84.v491924123a_f7 gitlab-branch-source:650.va_d1ce6d01959 gitlab-plugin:1.6.0 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Linux, Window, MacOS

Reproduction steps

stage('Test Show Stage in Jenkins') { steps { script { updateGitlabCommitStatus name: "${STAGE_NAME}", state: 'pending' updateGitlabCommitStatus name: "${STAGE_NAME}", state: 'success' } } }

Expected Results

In Jenkins pipeline image In GitLab 16.2.8 image

Actual Results

In Jenkins pipeline image In GitLab version 16.8.1 image

Anything else?

I use Jenkins's updateGitlabCommitStatus function to display the stages in the Jenkins pipeline. Gitlab plugin in Jenkins is in version 1.6.0. Then I tried upgrading my Gitlab version to version 16.8.1 and the GitLab plugin in Jenkins still 1.6.0. The problem is that GitLab version 16.8.1 is currently not displaying all stages from Jenkins, but it still returns the pipeline success result from Jenkins. The Jenkins and GitLab side configurations are correct. So do I need to update the Gitlab plugin to the latest version of 1.7.8 (not recommended because the update will cause many problems during operation) or do I need to configure somewhere so that Gitlab can receive Jenkins' stages?

Are you interested in contributing a fix?

No response

MarkEWaite commented 6 months ago

@AxyRes, you are running Jenkins version 2.361.1. It was released over 18 months ago. It has several known security vulnerabilities. The Jenkins security team only provides security fixes for the most recent weekly release (currently 2.450) and the most recent LTS release (currently 2.440.2). To resolve those security vulnerabilities, you'll need to upgrade to Jenkins 2.440.2.

Jenkins 2.361.1 is no longer supported by the Jenkins update center. That means the list of plugin updates displayed in the plugin manager page of the running controller is showing plugins that may not work with your version. You'll need to manage that Jenkins controller very carefully to be sure that no one installs a plugin update that might prevent the controller from starting.

You asked:

So do I need to update the Gitlab plugin to the latest version of 1.7.8 (not recommended because the update will cause many problems during operation) or do I need to configure somewhere so that Gitlab can receive Jenkins' stages?

The latest version of the GitLab plugin is 1.8.0. However, it requires Jenkins 2.401.3 or newer. I'm not aware of any GitLab configuration change will make the 18 month old GitLab plugin version 1.6.0 and the 18 month old Jenkins version 2.361.1 behave differently with the 2 month old GitLab 16.8.1 release.

Your options (in my opinion):

  1. Keep your Jenkins controller at its current version with current plugins and accept that when your GitLab installation is updated, you may lose functionality as you did with the upgrade to GitLab 16.8.1. Accept that your Jenkins controller has known security vulnerabilities. You should probably explain that decision to the security organization at your company so that they can help you identify additional safety measures to protect your vulnerable Jenkins controller
  2. Test drive a disposable installation of a current Jenkins controller (2.440.2) with current plugins (including GitLab plugin 1.8.0) to see if it resolves your issue. If it does, then plan your production upgrade from 2.361.1 and plan in the future to perform an upgrade every month so that you're not required to upgrade across 18 months of changes
  3. Create a disposable installation of Jenkins 2.361.1 with your current plugins and selectively upgrade plugins to more recent versions, accepting that the plugin manager page may offer plugin versions that do not work with 2.361.1. Test the disposable installation to confirm that your issue is resolved. If it is, then perform the same selective plugin upgrade on your production Jenkins controller, accepting that there are serious security issues on your production Jenkins controller that you are not resolving by choosing that path

I recommend option 2 because it will resolve the known security vulnerabilities in your Jenkins controller and will upgrade the GitLab plugin to the most recent release.

dcniko commented 6 months ago

I think you are missign a point @MarkEWaite - the problem is that previously in version 1.7.8 GitLab Plugin updated GitLab pipeline status when updateGitlabCommitStatus was added to the pipeline as described by @AxyRes.

In version 1.8.0 of the plugin this behaviour does not exists - pipeline status is not updated. I have the same issue running Jenkins version 2.440.1. The ony thing that was upgraded was GitLab Plugin from version 1.7.8 to 1.8.0.

MarkEWaite commented 6 months ago

I think you are missing a point @MarkEWaite - the problem is that previously in version 1.7.8 GitLab Plugin updated GitLab pipeline status when updateGitlabCommitStatus was added to the pipeline as described by @AxyRes.

In version 1.8.0 of the plugin this behaviour does not exists - pipeline status is not updated. I have the same issue running Jenkins version 2.440.1. The only thing that was upgraded was GitLab Plugin from version 1.7.8 to 1.8.0.

Thanks for the clarification @dcniko. I don't see any mention of the transition from 1.7.8 to 1.8.0 in the description from @AxyRes.

@AxyRes wrote:

I use Jenkins's updateGitlabCommitStatus function to display the stages in the Jenkins pipeline. Gitlab plugin in Jenkins is in version 1.6.0. Then I tried upgrading my Gitlab version to version 16.8.1 and the GitLab plugin in Jenkins still 1.6.0. The problem is that GitLab version 16.8.1 is currently not displaying all stages from Jenkins, but it still returns the pipeline success result from Jenkins.

Based on what @AxyRes wrote, I assumed that the upgrade of the GitLab version from 16.2.8 to 16.8.1 changed the behavior without any change of the Jenkins GitLab plugin.

Is your description listing the same condition, that a recent GitLab version upgrade has broken the updateGitlabCommitStatus function of the Jenkins plugin? I interpreted your message as meaning that a Jenkins GitLab plugin upgrade from 1.7.8 to 1.8.0 has broken the updateGitlabCommitStatus function since you didn't mention a GitLab version in your message.

dcniko commented 6 months ago

My scenario was as follow:

  1. I was using Jenkins version 2.375.1 with GitLab Plugin version 1.7.8, connected to GitLab Community Edition v16.9.1.
  2. Using updateGitlabCommitStatus correctly updated pipeline status in GitLab merge requests as described in the first post.
  3. I upgraded Jenkins to version 2.440.1 and GitLab Plugin to version 1.8.0 - GitLab server was not upgraded nor configuration changed.
  4. Creating merge request in GitLab correctly trigger build in Jenkins, but updateGitlabCommitStatus no longer updates pipeline status.

It looks like Jenkins and/or GitLab Plugin upgrade created some compatibility issues with GitLab itself regarding pipeline status update. How can I turn more verbose output form the plugin to check, where the issue is?

MarkEWaite commented 6 months ago

When I need to diagnose the interactions between GitLab and Jenkins, I use the Jenkins console log (increasing the log level for elements of the GitLab plugin) and the GitLab web hook logs.

dcniko commented 6 months ago

So those are my findings: in version Jenkins version 2.375.1 with GitLab Plugin version 1.7.8 I can clearly see in logs:

Apr 02, 2024 9:43:37 AM INFO com.dabsquared.gitlabjenkins.webhook.GitLabWebHook getDynamic
WebHook called with url: [project path]
Apr 02, 2024 9:43:37 AM FINE com.dabsquared.gitlabjenkins.webhook.build.NoteBuildAction
[Status: 200 OK]
Apr 02, 2024 9:43:37 AM INFO com.dabsquared.gitlabjenkins.trigger.handler.AbstractWebHookTriggerHandler handle
[project] triggered for note.
Apr 02, 2024 9:43:47 AM INFO com.dabsquared.gitlabjenkins.util.CommitStatusUpdater retrieveGitlabProjectIds
Retrieving gitlab project ids
[Status: 200 OK]
Apr 02, 2024 9:43:48 AM INFO com.dabsquared.gitlabjenkins.util.CommitStatusUpdater updateCommitStatus
Updating build [id] to 'running'
[Status: 201 Created]
Apr 02, 2024 9:43:55 AM INFO com.dabsquared.gitlabjenkins.util.CommitStatusUpdater retrieveGitlabProjectIds
Retrieving gitlab project ids
[Status: 200 OK]
Apr 02, 2024 9:43:55 AM INFO com.dabsquared.gitlabjenkins.util.CommitStatusUpdater updateCommitStatus
Updating build [id] to 'success'
[Status: 201 Created]

in version Jenkins version 2.440.1 with GitLab Plugin version 1.8.0 I cannot see updateCommitStatus in logs:

Apr 02, 2024 9:52:00 AM INFO com.dabsquared.gitlabjenkins.webhook.GitLabWebHook getDynamic
WebHook called with url: [project path]
Apr 02, 2024 9:52:00 AM FINE com.dabsquared.gitlabjenkins.webhook.build.NoteBuildAction
[only request in logs, no response]
Apr 02, 2024 9:52:00 AM INFO com.dabsquared.gitlabjenkins.trigger.handler.AbstractWebHookTriggerHandler handle
[project] triggered for note.

and this is all - no more entries in logs. Job runs fine but no status is returned to GitLab (job is the same for both environments). I have both version running in parallel so I can compare results if needed. What further steps perform to more diagnose the problem?

akatumalla27 commented 6 months ago

Seeing the same issue. For our company with the release coming up, this has been extremely inconvenient. Trying to write our own version of the updateCommitStatus for Gitlab.

For more context, the status updates commit hash but doesn't link to the MR on gitlab causing unprecedented merges.

akatumalla27 commented 6 months ago

I am using the current Jenkins controller (2.440.2) with current plugins (including GitLab plugin 1.8.0)

MarkEWaite commented 6 months ago

I am using the current Jenkins controller (2.440.2) with current plugins (including GitLab plugin 1.8.0)

Is your issue resolved if you revert to an earlier release of the GitLab plugin?

ghost commented 5 months ago

Hi 👋 We have the same issue, latest Jenkins LTS (2.440.3 at the moment). Just want to add security sauce above it:

Gitlab allows to prevent merging without passing pipeline, and since the Jenkins builds are not linked to the MR anymore, it means code failing Jenkins tests could potentially be merged :/

quentin9696 commented 3 months ago

Hello,

Any updates on that one ? We are using Jenkins LTS 2.245.2 and I agree with @gui-don, this is a big security concern on our side

MarkEWaite commented 3 months ago

Any updates on that one ? We are using Jenkins LTS 2.245.2 and I agree with @gui-don, this is a big security concern on our side

No updates from me. Have you confirmed that an earlier version of the plugin resolves the issue for you? Does that address your concern?

An earlier comment indicates that 1.7.8 might not have the issue, but there was no response to the request asking to confirm that it did not have the issue.

AxyRes commented 3 months ago

Hi everyone, I have fixed the error that was due to a missing configuration in the Jenkinsfile script:

options { gitLabConnection('gitlab-connection-jenkins-to-gitlab') }

As for the version issue, I believe it is unrelated. Thank you all for your interest and help.