Skip to content

Jenkins CI and PR comments setup

Marco Sappé Griot edited this page Nov 16, 2023 · 4 revisions

Our Jenkins CI uses the the curl program to query and comment the PRs on github.

How to get token and setup Jenkins

Token creation

The token for the usage in curl commands is generated in the user's settings page at https://github.com/settings/profile -> Developer Settings -> Personal access tokens (ie. for the jbosstm-bot user).

The permission settings that worked for me (ochaloup) is depicted on the following image Permission settings for the token to get comments, add comments and push to repository

Jenkins setup

With token created it's necessary to save it in the Jenkins. It's possible to create openly visible environment variable https://<jenkins_url>/configure -> Global properties -> Environment variables but secrets should be stored as credentials.

NOTE: For this to work in jobs where the secret is withdrawn as a env property there is need a plugin Credentials Binding Plugin which binds the secret to the job setup.

Creation of the credentials is at credentials section https://<jenkins_url/credentials/store/system/. Credentials creation in Jenkins

NOTE: The Kind Secret text was chosen here.

Next every job(!) has to add binding which puts the secret text to the environment variable.

Binding of secret to Jenkins job

Then the job may use the environmental variable (e.g. BOT_TOKEN or GITHUB_TOKEN as used in examples below) in the shell script.

Curl command to query

The curl with token calls is run with header parameter -H "Authorization: token $GITHUB_TOKEN" (or for bat script -H "Authorization: token %GITHUB_TOKEN%"). See https://developer.github.com/changes/2020-02-14-deprecating-password-auth/.

Examples for querying the GitHub API

export GIT_ACCOUNT=jbosstm
export GIT_REPO=narayana
export PULL_NUMBER=...

# pull request description
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/pulls/$PULL_NUMBER

# in shell script
PULL_DESCRIPTION=$(curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/pulls/$PULL_NUMBER)
PULL_DESCRIPTION_BODY=$(printf '%s' "$PULL_DESCRIPTION" | tr -d '\n\r[:space:]' | sed 's/",/\n/g' | sed 's/,"/\n/g' | grep body\":)

# to check the state of the pull request
if [[ $PULL_DESCRIPTION =~ "\"state\": \"closed\"" ]]; then
  echo "pull closed"
fi

# pull request standard(!) comments
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/issues/$PULL_NUMBER/comments
# pull request review(!) comments
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/pulls/$PULL_NUMBER/comments

# Some 'jq' queries to get specific fields
curl -H "Authorization: token $GITHUB_TOKEN" -s https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/issues/$PULL_NUMBER/comments | jq '.[] | {user: .user.login, body: .body}'

# to add a comment on the pull request
TEXT=...
JSON="{ \"body\": \"$TEXT\" }"
curl -d "$JSON" -H "Authorization: token $GITHUB_TOKEN" https://api.github.com/repos/$GIT_ACCOUNT/$GIT_REPO/issues/$PULL_NUMBER/comments