jira/notify fails when a git repo isn't present

[tmannherz]

If you run the jira/notify (orb version 2.0.1) step in a job where there isn't a git repo, the task fails with:

fatal: not a git repository (or any of the parent directories): .git

Exited with code exit status 128

It looks like the orb is running commands like git tag... and that's failing.

Version 1.3.1 of the orb didn't have any issue running on the same job within our workflow.

Our use case for this is a job that uses AWS CodeDeploy to trigger a deployment of containers built in a previous step, that then reports a successful deploy to Jira (among other things).

[KyleTryon]

Interesting thanks for the info @tmannherz . I was not planning for this situation.

I'll take a look at that and see why we call it "early" and see what we can do.

[mustangJaro]

We're currently running this as a post-step in CircleCI and are running into the same situation

[KyleTryon]

Planning on having this and various other fixes out today

[KyleTryon]

@tmannherz / @mustangJaro
Where do you plan on the issueKey(s) to be pulled from in a situation with no repository? Is this to be set manually?

[mustangJaro]

Would you be able to use this value? It seems that CircleCI has all of the information we need without checking out the code because it displays the commit hash and message.

pipeline.trigger_parameters.github_app.commit_message

If that doesn't work than we could use a combination of the CIRCLE_REPOSITORY_URL and CIRCLE_SHA1 to get details about the commit as well I believe.

[KyleTryon]

Thank you. Yes so, we can use the pipeline parameter, however somewhat unfortunately it would need to be specified manually in the same way the others are. Kind of like this:

- jira/notify:
    pipeline_id: "<< pipeline.id >>"
    pipeline_number: "<< pipeline.number >>"
    commit_message: "<< pipeline.trigger_parameters.github_app.commit_message >>"

I will assume we probably don't want that, it has the added anti-benefit of being unable to scale/fix in the future to grab multiple commit messages.

Looking at https://circleci.com/docs/variables/#built-in-environment-variables, CIRCLE_REPOSITORY_URL is supported by GitHub OAuth, and BitBucket. This seems to claim that the older GitHub auth that most people use is not supported... but that does not seem right, I will double check that. We would not be able to support GitLab in this method.

The next complication I think is then fetching the commit/branch data from the source, GitHub/BitBucket which will more than likely need to be an authenticated call, which means injecting some kind of token into the context as well. With a scoped token, not the worst thing that could happen, but a bit annoying I think as a user, and the code will be a bit bulky.

Another potential option might just be to run the checkout step prior to the jira/notify command. It would become a requirement but it might be the simplest if there are no drawbacks.. Using the SSH auth granted by the git integration is the easiest way to grab the repo information authenticated.

[tmannherz]

@KyleTryon looking at the source of the 1.3.1 orb, it pulled the key via:

parse_jira_key_array () {
  # must save as ISSUE_KEYS='["CC-4"]'
  fetch https://circleci.com/api/v1.1/project/${VCS_TYPE}/${CIRCLE_PROJECT_USERNAME}/${CIRCLE_PROJECT_REPONAME}/${CIRCLE_BUILD_NUM} /tmp/job_info.json
  # see https://jqplay.org/s/TNq7c5ctot
  ISSUE_KEYS=$(cat /tmp/job_info.json | jq '[.all_commit_details[].subject | scan("(<<parameters.issue_regexp>>)")   | .[] ] + [.all_commit_details[].branch | scan("(<<parameters.issue_regexp>>)")   | .[] ] + [if .branch then .branch else "" end | scan("(<<parameters.issue_regexp>>)")  | . [] ] + [if <<parameters.scan_commit_body>> then .all_commit_details[].body else "" end | scan("(<<parameters.issue_regexp>>)")   | .[] ]')
  if [ -z "$ISSUE_KEYS" ]; then
    # No issue keys found.
    echo "No issue keys found. This build does not contain a match for a Jira Issue. Please add your issue ID to the commit message or within the branch name."
    exit 0
  fi
}

Is that still possible?

https://github.com/CircleCI-Public/jira-connect-orb/blob/master/src/commands/notify.yml

[KyleTryon]

It is, but then it would require a personal circleci access token, which we were trying to avoid. It is not the most secure option for sending a notification. The token is long-lived and has wide access.