-
Notifications
You must be signed in to change notification settings - Fork 178
Jenkins CI and PR comments setup
Our Jenkins CI uses the the curl
program to query and comment the PRs on github.
The token for the usage in curl
commands is generated in the user's settings page at https://github.com/settings/profile -> Developer Settings -> Personal access tokens (ie. for the jbosstm-bot
user).
The permission settings that worked for me (ochaloup) is depicted on the following image
With token created it's necessary to save it in the Jenkins. It's possible to create openly visible environment variable https://<jenkins_url>/configure -> Global properties -> Environment variables but secrets should be stored as credentials.
NOTE: For this to work in jobs where the secret is withdrawn as a env property there is need a plugin Credentials Binding Plugin which binds the secret to the job setup.
Creation of the credentials is at credentials section https://<jenkins_url/credentials/store/system/.
NOTE: The Kind Secret text was chosen here.
Next every job(!) has to add binding which puts the secret text to the environment variable.
Then the job may use the environmental variable (e.g. BOT_TOKEN or GITHUB_TOKEN as used in examples below) in the shell script.
The curl
with token calls is run with header parameter -H "Authorization: token $GITHUB_TOKEN"
(or for bat script -H "Authorization: token %GITHUB_TOKEN%"
). See https://developer.github.com/changes/2020-02-14-deprecating-password-auth/.
Examples for querying the GitHub API
export GIT_ACCOUNT=jbosstm
export GIT_REPO=narayana
export PULL_NUMBER=...
# pull request description
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/pulls/$PULL_NUMBER
# in shell script
PULL_DESCRIPTION=$(curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/pulls/$PULL_NUMBER)
PULL_DESCRIPTION_BODY=$(printf '%s' "$PULL_DESCRIPTION" | tr -d '\n\r[:space:]' | sed 's/",/\n/g' | sed 's/,"/\n/g' | grep body\":)
# to check the state of the pull request
if [[ $PULL_DESCRIPTION =~ "\"state\": \"closed\"" ]]; then
echo "pull closed"
fi
# pull request standard(!) comments
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/issues/$PULL_NUMBER/comments
# pull request review(!) comments
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/pulls/$PULL_NUMBER/comments
# Some 'jq' queries to get specific fields
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/issues/$PULL_NUMBER/comments | jq '.[] | {user: .user.login, body: .body}'
# to add a comment on the pull request
TEXT=...
JSON="{ \"body\": \"$TEXT\" }"
curl -d "$JSON" -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/issues/$PULL_NUMBER/comments