Jenkins job auto-triggering when code commit on SVN repo using POST COMMIT hook

8
votes

I am trying to implement CI/CD pipeline using Jenkins , docker and Ansible. I am using SVN code repository for my version control system. For deployment and SVN code repo, I am using AWS EC2. Deployment and code repo is in separate VM.

My Requirement

When I am committing my code into SVN repository , I need to trigger one Jenkins Job. That job will call a ansible playbook.Later it will build project, build Docker image and deploy into EC2. So for any change to my SVN code repository, I need to build Jenkins job.

My Current Attempt

I added the following script in post-commit.tmpl file under $repo/hooks folder.

REPOS="$1"
REV="$2"
UUID=`svnlook uuid $REPOS`
/usr/bin/wget \
  --header "Content-Type:text/plain;charset=UTF-8" \
  --post-data "`svnlook changed --revision $REV $REPOS`" \
  --output-document "-" \
  --timeout=2 \
  http://server/subversion/${UUID}/notifyCommit?rev=$REV

The following is the screenshot

enter image description here

And checked the "Poll SCM option in Jenkins Job":

enter image description here

NB: I am not looking minute/hours/week schedule to pull from repo. Instead of that, I am looking when there is a code change, then I need to build Jenkins project. So I did not add any schedule.

But still I am not getting the latest code in Jenkins. How can I find out the issue related with my configuration?

Updated post-commit.tmpl file

enter image description here

4
jenkinssvn
Do you have "Prevent Cross Site Request Forgery exploits" security option enabled? And also have you checked Jenkins log if there is maybe an error logged?Raoslaw Szamszur
You can check it under ManageJenkins - > ConfigureGlobalSecurity and look for Prevent Cross Site Request Forgery exploits checkbox. I think from Jenkins 2.x this option is enabled by default.Raoslaw Szamszur
This should help stackoverflow.com/questions/42487563/…rohit thomas
@RaoslawSzamszur - Yes , its already checked that option in configure global security.Jacob
@rohitthomas - thank you for response. I will check and read about this link that you given here.Jacob

4 Answers

3
votes

Like @bahrep said its hard to troubleshoot issues like this, but my guess is that your post-commit hook doesn't work because of "Prevent Cross Site Request Forgery exploits" Jenkins security option (You've confirmed it's enabled).

From Jenkins Wiki:

If your Jenkins uses the "Prevent Cross Site Request Forgery exploits" security option, the above request will be rejected with 403 errors ("No valid crumb was included"). The crumb needed in this request can be obtained from the URL http://server/crumbIssuer/api/xml (or /api/json). This can be included in the wget call above with something like this:

--header `wget -q --output-document - \
  'http://server/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)'`

The easiest way to confirm if this security option causes the problem to would be to disable it and try if post-commit hook will work. If yes enable again and try to configure hook with crumb. (In the end, you want to have things secure :) )

And also make sure that Jenkins has enabled anonymous read access:

For this to work, your Jenkins has to allow anonymous read access (specifically, "Job > Read" access) to the system. If access control to your Jenkins is more restrictive, you may need to specify the username and password, depending on how your authentication is configured.

enter image description here

Edit

I think the problems occur because you haven't provided Jenkins instance address. In your webhook example you have:

http://server/subversion/${UUID}/notifyCommit?rev=$REV

You should change server to your Jenkins instance address (Ip, domain or ip and port. It depends on your configuration.).

http://yourjenkins.com/subversion/${UUID}/notifyCommit?rev=$REV

http://<IP>:<Port>/subversion/${UUID}/notifyCommit?rev=$REV

http://<IP>/subversion/${UUID}/notifyCommit?rev=$REV

Or if you run everything locally (including svn repo):

http://localhost:8080/subversion/${UUID}/notifyCommit?rev=$REV

But remember to have:

  • "Prevent Cross Site Request Forgery exploits" security option disabled (You will create webhook to work with this option later, now we want to find the root cause)
  • "allow anonymous read access" security option enabled

I think the hook script works just fine but it's being sent to nowhere. This can be easily checked by logging your hook script. Just add at the end of hook:

echo "`$REPOS` change to revision `$REV` triggered @ `date`" >> ${REPOS}/post-commit-hook.log

and look if after commit log file was created. If yes it means the wget request is being sent incorrectly.

1
votes

I made lot attempt to resolve this problem by using guidance from answers. Finally I got the actual issue that I was facing. I added the post-commit script in the file "post-commit.tmpl". This file defaulty I got when I created my SVN repository. Instead of adding the "post-commit.tmpl" need to create file just "post-commit". It resolved my problem.

0
votes

It's hard to troubleshoot this problem without seeing actual errors and the log. However, one of the possible reasons is that your SVN server requires authentication. You should specify a correct username and password and make sure that this user account has Read permissions to the SVN repository.

0
votes

there is an easier way ...by simply defining the schedule for the trigger:

jenkins screenshot

or use trigger builds remotely, if wanting a push instead of a pull solution, which requires posting to https://username:api-token@JENKINS_URL/job/Example/build, with a predefined API token; authenticating scripted clients explains it. building only on changes suggested, because everything else would unnecessarily cost processing power (which equals money).