views:

428

answers:

2

I have a shell script on the same machine that hudson is deployed on and upon executing it, it calls wget on a hudson build trigger URL. Since its the same machine, I access it as http://localhost:8080/hudson/job/jobname/build?token=sometoken

Typically, this is supposed to trigger a build on the project. But I get a 403 forbidden when I do this. Anybody has any idea why? I have tried this using a browser and it triggers the build, but via the command line it doesn't seem to work. Any ideas?

+4  A: 

I figured it out. Apparently if Hudson is protected using a security mechanism, you need to authenticate the build requests. See this wiki link for more details http://wiki.hudson-ci.org/display/HUDSON/Authenticating+scripted+clients

Since I used the auth mechanism that was shipped with Hudson, calling the build scripts invovled. I used

wget --auth-no-challenge --http-user=user --http-password=password http://hudson.yourcompany.com/job/your_job/build?token=TOKEN

to run the build script.

Ritesh M Nayak
Hmm, I thought that's what the token was for, to avoid having to put passwords into scripts. :(
Kief
This is only when hudson itself is security enabled. If its inside the firewall, you dont need to enable Hudson security and can run this trigger without the password.
Ritesh M Nayak
I also thought the whole purpose of this token passing is to skip authentication. But it is only works, if you grant _read_ access to the anonymous user...
pihentagy
A: 

If you use matrix-based security, you can set Job Read and Job Build permission to Anonymous, so you don't need a user and password in your post-commit hook.

Another tip is to turn on polling without setting a date and use this URL:

http://hudson.yourcompany.com/job/your_job/polling?token=TOKEN

Your job will be build just if there were svn changes (no need to build when changing other projects, creating tags etc.)

neves
Nooo, adding read permission to Anonymous is not a good idea IMHO.
pihentagy