Why is "continuous-integration/jenkins/pr-merge" not being triggered by GitHub on a pull request?
In GitHub Enterprise, we have Project A under Organization A. When I submit a PR (pull request) to Project A, the continuous-integration/jenkins/pr-merge is triggered which runs a Jenkins pipeline to build the code and perform unit tests. This allows us to prevent the PR from being merged into master if the unit tests fail.
For example, this is what I see on a PR for Project A in GitHub that includes a broken unit test:
Now I am trying to configure Project B under Organization B to behave the same way. However, it is not working. This is what I see on a PR for Project B in GitHub that includes a broken unit test:
Notice that Project B's PR did not kick off the continuous-integration/jenkins/pr-merge.
Configuration of Project A and Project B
GitHub -> Settings -> Branches -> Branch protection rules
Project A in GitHub has a branch protection rule for master with only one setting enabled:
- Require pull request reviews before merging
Interestingly, the "Require status checks to pass before merging" setting is not enabled. Out of curiosity, I enabled it (without saving it) and noticed that "continuous-integration/jenkins/pr-merge" showed up below it as an option.
I configured Project B to have the exact same branch protection rule for master with only "Require pull request reviews before merging" enabled. Out of curiosity, I enabled "Require status checks to pass before merging" (without saving it) and it doesn't even show continuous-integration/jenkins/pr-merge as an option. It just says "No status checks found. Sorry, we couldn’t find any status checks in the last week for this repository."
GitHub -> Settings -> Hooks -> Webhooks
Project A in GitHub has a webhook configured with:
- Payload URL
https://jenkins.mycompany.com/github-webhook/ - Content type
application/json - Let me select individual events: Pull requests, Pushes, Repositories are checked
- Active: checked
I created a webhook for Project B with the exact same settings. After I submitted a PR for Project B, I see a couple of items under "Recent Deliveries" for Project B's webhook with green checkmarks and "200" response codes, so I think it is configured correctly.
CloudBees Jenkins Enterprise
In Jenkins Enterprise, Project A's pipeline is of type "GitHub Organization" and has the following settings:
- API endpoint: kubernetes-cbs-automation (https://git.mycompany.com/api/v3)
- Credentials: [credentials specific to Project A]
- Owner: [Project A's GitHub organization]
- Behaviors: Repositories: Filter by name (with regular expression): Regular expression: [name of Project A's GitHub repo]
- Behaviors: Within repository: Discover pull requests from origin: Strategy: Merging the pull request with the current target branch revision
- Project Recognizers: Pipeline Jenkinsfile: Script Path: ci-cd/jenkins/ProjectA-pipeline.groovy
- Property strategy: All branches get the same properties
- Scan Organization Triggers: "Periodically if not otherwise run" checked: Interval: 1 day
- Orphaned Item Strategy: "Discard old items" checked
- Child Orphaned Item Strategy: Strategy: Inherited
- Child Scan Triggers: "Periodically if not otherwise run" checked: Interval: 1 day
- Automatic branch project triggering: Branch names to build automatically: .*
I created an item under Project B in Jenkins Enterprise of type "GitHub Organization" with the same settings (except any settings specific to Project A were replaced with the appropriate Project B specific settings).
What is wrong/missing?
Given that GitHub PRs for Project B are failing to launch the continuous-integration/jenkins/pr-merge, it seems like there is some configuration that I am missing. Unfortunately, our GitHub/Jenkins admins have not been able to figure out what is wrong.
UPDATE
We have confirmed that Project B is actually launching a build on the Jenkins agent when a PR is submitted. The problem is that GitHub is not showing the continuous-integration/jenkins/pr-merge on the web page for the PR. We need that so the PR can be blocked if the build fails, and also so that we can quickly see what went wrong.
Posting as answer the resolution we got in the comments.
The issue was that the user who's token was used in Jenkins did not have the right level of access to post status checks on the repository.
Differences between the Orgs and Projects
- OrgA/ProjectA - the user is a Member of the organisation (OrgA) also added in the Collaborators section of the repo with Read access, as well as member of a Team with Write access on the repo itself (ProjectA).
- OrgB/ProjectB - the user was a Member of the organisation (OrgB) and also in the Collaborators section on the repo itself (ProjectB) but with Read access.
This caused the issue on projectB status checks not being populated with Jenkins' information from the builds:
continuous-integration/jenkins/pr-merge missing from the status checks of GitHub repository.
Summary:
When setting up a connection between GitHub and Jenkins we need to provide the user holder of the token with the required access.
In this case we want to update the github status which needs Write access level:
The token of the user should have scope repo:status
- GitHub folders have a white arrow on them
- Workflow is not shown so I cannot run it manually (Github Actions)
- GitHub commits aren't recorded in the 'Your Contributions` calendar
- Downloading requirements.txt from GitHub
- git clone hangs on "Cloning into..." using GitBash
- GitHub multiple workflows fail to run
- GitHub Error - "ssh: connect to host github.com port 22: Operation timed out fatal: Could not read from remote repository."
- Why use a GitHub template instead of a fork?
- Git Submodule - Permission Denied
- GitHub Actions: How to call a reusable workflow as a step?
- Do I need authentication as well as signing keys on Github?
- How can I maintain a modified version of a Python library and ensure that my application installs this version automatically using requirements.txt?
- GitHub breaks Visual Studio indentation
- git: create tag and push to remote: why tag is behind master on remote?
- How to rename main branch to master on a Github repository
- How to use gitignore command in git
- Github Search: how to search in multiple languages
- GitHub action chaosaffe/split-tests cannot be download in private project
- Get connectionString value from az storage account show in github action
- How to share dependencies installation with reusable workflow in github actions
- Delete git LFS files not in repo
- The url I created with '/gist' appears broken inside the issue
- Inline code syntax highlighting in GitHub markdown?
- Vite (react) project after building, dist folder/assets don't have any image
- Cannot upload files for release in Github
- Why doesn't my SSH key work for connecting to github?
- How do I update or sync a forked repository on GitHub?
- git lost master branch
- Checking if GitHub is blocked by organisation network
- Error fatal: credential-cache unavailable; no Unix socket support