Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permission issue on plugin release with CD workflow #3069

Closed
alecharp opened this issue Jul 26, 2022 · 14 comments
Closed

Permission issue on plugin release with CD workflow #3069

alecharp opened this issue Jul 26, 2022 · 14 comments
Labels
artifactory github permissions
Milestone
infra-team-sync-2...

Comments

@alecharp
Copy link

Service(s)

GitHub, Other

Summary

During the CD workflow on metrics plugin, I got a authentication issue on repo.jenkins-ci.org to publish the binaries. See https://github.com/jenkinsci/metrics-plugin/runs/7517922189?check_suite_focus=true.

The releases earlier didn't have any problem.

I checked the settings on the repository and the MAVEN_USER and MAVEN_TOKEN were updated 20min (before the last try). I don't know if that is linked or not.

Reproduction steps

No response
@alecharp alecharp added the triage Incoming issues that need review label Jul 26, 2022
@alecharp alecharp mentioned this issue Jul 26, 2022
Merged
6 tasks
@dduportal dduportal added this to the infra-team-sync-2022-07-26 milestone Jul 26, 2022
@dduportal
Copy link
Contributor

Ping @timja @jglick @jetersen @danielbeck , could you help us on that? Not sure how the CD stuff works under the hood for the permissions (as the error mentions HTTP/403, then it means that the MAVEN_USER successfully authenticated on the repo, but was denied access to the resource).

@jetersen
Copy link

jetersen commented Jul 26, 2022
edited
Loading

@dduportal it worked for last two release in the same day.

https://github.com/jenkinsci/metrics-plugin/releases/tag/4.1.6.1-358.vf46b_95ea_d2b_3
https://github.com/jenkinsci/metrics-plugin/releases/tag/4.2.10-386.v1c612ef0355c

https://github.com/jenkinsci/metrics-plugin/runs/7517359266?check_suite_focus=true
https://github.com/jenkinsci/metrics-plugin/runs/7516699596?check_suite_focus=true

So I don't think it's a CD issue. More likely token or artifactory being foobar.

@timja
Copy link
Member

timja commented Jul 26, 2022

yeah =/ I had a brief look and not sure

@jetersen
Copy link

jetersen commented Jul 26, 2022
edited
Loading

@timja @alecharp what if we locally with one of your credentials, see if we get the same.
Should be able to checkout jenkinsci/metrics-plugin@9314362 ie. master

mvn -B -V -ntp -Dstyle.color=always -Dset.changelist -DaltDeploymentRepository=maven.jenkins-ci.org::default::https://repo.jenkins-ci.org/releases/ -Pquick-build '-P!consume-incrementals' clean deploy

Potentially you could diagnose it further locally.

@alecharp
Copy link
Author

I can do that. give me a minute.

@alecharp
Copy link
Author

I get the same thing locally

[ERROR] Failed to execute goal org.apache.maven.plugins:maven-deploy-plugin:2.8.2:deploy (default-deploy) on project metrics: Failed to deploy artifacts: Could not transfer artifact org.jenkins-ci.plugins:metrics:hpi:4.2.10-389.v93143621b_050 from/to maven.jenkins-ci.org (https://repo.jenkins-ci.org/releases/): authorization failed for https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/metrics/4.2.10-389.v93143621b_050/metrics-4.2.10-389.v93143621b_050.hpi, status: 403 Forbidden

@jetersen
Copy link

So that points to an issue with https://github.com/jenkins-infra/repository-permissions-updater 🤔 Maybe it foobared the permissions for your path on releases repository?

@alecharp
Copy link
Author

any other repository with https://github.com/jenkins-infra/repository-permissions-updater/blob/3b610c185a05afa891a42ec489a7bac0516703e7/permissions/plugin-metrics.yml#L12 have the issue as far as you know?

@dduportal
Copy link
Contributor

Just checked the lats runs of the repository-permissions-updated in trusted.ci.jenkins.io and it did not fails since the last 10 days.

The logs clearly indicates that @alecharp is identified as one of the maintainers of the metrics plugins, and it also shows no error when applying permissions to repo.jenkins-ci (HTTP/201 created for the PUT request).

So not sure where does the issue lies.

@jetersen
Copy link

Okay restart artifactory? 😅

@dduportal
Copy link
Contributor

Okay restart artifactory? 😅

That is a Saas system not managed by the infra-team alas. (I don't even have admin access to the WebUI). @daniel-beck @Wadeck are you able to help on this one given your current bandwidths?

@jetersen
Copy link

jetersen commented Jul 26, 2022
edited
Loading

lel.

@alecharp I know the reason why your getting 403:

The thing is already uploaded:
https://repo.jenkins-ci.org/ui/repos/tree/General/releases/org/jenkins-ci/plugins/metrics/4.2.10-389.v93143621b_050/metrics-4.2.10-389.v93143621b_050.jar

I guess another build did this and we just missed it!

@alecharp
Copy link
Author

Correct! I see that there is even a release note for that build. I'm still surprise we get 403 for this but 🤷

Sorry for the noise everyone.

@jetersen
Copy link

jetersen commented Jul 26, 2022
edited
Loading

Actually there is a checkbox in artifactory. That either reports 403 or 409 as I recall.
403 is confusing. 409 Conflict would hint at it might already be uploaded.

Been a long time since I had a look at artifactory but I do remember fixing so that for artifacts already exist and not having permission to overwrite you would not get 403.

@dduportal dduportal added artifactory permissions and removed triage Incoming issues that need review labels Jul 26, 2022
@donhui donhui mentioned this issue Oct 6, 2022
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
artifactory github permissions
Projects
None yet
Milestone
infra-team-sync-2022-07-26
Development

No branches or pull requests
4 participants
@alecharp @dduportal @jetersen @timja