POST hook on Bitbucket
How to use the POST url in bitbucket on private Jenkins?
I have been experiencing problems with bitbucket and their post commit.
I have a jenkins instance I would like to trigger on push on certain repositories. Since the jenkins is accessible from the outside (the world wide web), it is protected through the typical user/password system.
When working with Github, I can define the usename and password directly in the URL. When checking the nginx logs, it is clear that github is able to convert that url to login the user. Bitbucket is not.
Here are some nginx logs showing the problem.
Bitbucket post logs :
- - "POST /job/myproject/build?token=mytoken HTTP/1.1" 403 216 "-" "Bitbucket.org"
The interesting part is the 403 error. Acces refused.
Same logs for the Github post hook:
- github - "POST /job/myproject/build?token=mytoken HTTP/1.1" 302 0 "-" "-"
AS the logs show, github is the name of the user I created with the good rights for launching builds.
What can I possibly do to enable the post hook?
2 Solutions collect form web for “POST hook on Bitbucket”
If you want to make BitBucket trigger a Jenkins job execution after a commit in your repo, you have two options:
- Use the POST hook
- Use the Jenkins hook
Both using the Jenkins API to trigger the job.
For the POST hook, you basically need to build the url as this:
- USER: is the Jenkins user that will trigger the job
- APITOKEN: is a token associated to that user to allow the use of the API, you can get it from the user configuration page in Jenkins
- JENKINS_URL: the url of your jenkins server
- JOBNAME: the name of the job
- TOKEN: the token associated to the job, you must add it in the job configuration page (enable remote triggers)
The cool thing about this is that you can check if it works just using curl from the console.
Also note there is no password in the url, you have the API TOKEN instead, this is to avoid publishing your user and password.
Something else you can do to improve security a little bit, if you have admin rights in the Jenkins server, create a new user with just access rights to read and build jobs, and use it only for this. So you don’t have to publish your own user and token, which may have admin rights.
The Jenkins hook works the same way, building the same URL for you, but you don’t have the chance to test it (for instance, using curl).
This is based on these documents:
- Jenkins Remote Access API (submitting jobs)
- Jenkins hook management (check out the comments)
- Hooking BitBucket up with Jenkins (this is VERY useful if you want to try the Jenkins hook)
Hope it helps.
This isn’t really answering your question, but suggesting another approach. Both bitbucket.org and github.com support ssh keys.
See “Set up SSH for Git”
It is important to setup ssh-agent (explained in that page), as without this you’ll be asked to enter a pass phrase instead of username and password.