final class PhabricatorJenkinsJobController extends PhabricatorController {
protected function buildSideNav() {
$nav = new AphrontSideNavFilterView();
$nav->setBaseURI(new PhutilURI('/jobs/'));
$nav->addLabel(pht('Jenkins Jobs'));
$nav->addFilter('list', 'List Jobs');
$nav->addFilter('create', 'Create Job');
return $nav;
public function buildApplicationMenu() {
return $this->buildSideNav()->getMenu();
protected function buildApplicationCrumbs() {
$crumbs = parent::buildApplicationCrumbs();
return $crumbs;
public function shouldAllowPublic() {
return false;
public function handleRequest(AphrontRequest $request) {
if ($request->getPath() == '/jobs/create/') {
return $this->handleCreate($request);
} else if (strpos($request->getPath(), '/jobs/delete/') === 0) {
return $this->handleDelete($request);
return $this->handleList($request);
private static function createJob($repo, $proj, $branch, $viewer) {
$errors = array();
if (!empty($repo) &&
!empty($proj) &&
!empty($branch)) {
$repo = head($repo);
// Get Repository information
$repo_query = id(new PhabricatorRepositoryQuery())
if (!$repo_query) {
$errors[] = "Repository '$repo' doesn't exist.";
return $errors;
$repo_name = $repo_query->getCloneName();
$repo_id = $repo_query->getID();
$repo_browse = $repo_query->getURI();
$job_name = self::getJobName(
$repo_name, $repo_id, $branch);
$job_token = hash('sha256', microtime(true).mt_rand());
$username = $viewer->getUsername();
if (!$repo_query->isGit()) {
$errors[] = "'$repo_name' is not a GIT Repository.";
return $errors;
// Check branch
$branches = DiffusionQuery::callConduitWithDiffusionRequest(
'repository' => $repo_query,
'user' => $viewer,
'repository' => $repo_query->getPHID(),
$branches = ipull($branches, 'shortName');
if (!in_array($branch, $branches)) {
$errors[] = "Branch '$branch' doesn't exist for Repository '$repo_name'.";
return $errors;
// Get URI
$display_never = PhabricatorRepositoryURI::DISPLAY_NEVER;
$repo_cred = PhabricatorEnv::getEnvConfig('jenkins.repo_cred');
$repo_uri = '';
foreach ($repo_query->getURIs() as $uri) {
if ($uri->getIsDisabled() ||
$uri->getEffectiveDisplayType() == $display_never) {
if (strpos($uri->getDisplayURI(), 'ssh://') === 0) {
$repo_uri = (string)$uri->getDisplayURI();
if (empty($repo_uri)) {
$errors[] = 'Repository has no URI.';
return $errors;
// Jenkins Job configuration
$proj_xml = '';
foreach ($proj as $p) {
$proj_xml .= <<<EOF
$job_xml = <<<EOF
<?xml version='1.0' encoding='UTF-8'?>
<flow-definition plugin="workflow-job@2.10">
<definition class="org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition" plugin="workflow-cps@2.30">
<scm class="hudson.plugins.git.GitSCM" plugin="git@3.3.0">
<browser class="hudson.plugins.git.browser.Phabricator">
<submoduleCfg class="list"/>
$jenkins_user = PhabricatorEnv::getEnvConfig('jenkins.user');
$jenkins_token = new PhutilOpaqueEnvelope(
$jenkins_url = PhabricatorEnv::getEnvConfig('jenkins.url');
// Get CSRF cookie from Jenkins
$csrf = self::getJenkinsCsrf(
// Check if Job already exists
$url = $jenkins_url."/checkJobName?value=$job_name";
$future = id(new HTTPSFuture($url))
->addHeader($csrf[0], $csrf[1])
->setHTTPBasicAuthCredentials($jenkins_user, $jenkins_token);
list($status, $body, $headers) = $future->resolve();
if (strpos($body, 'job already exists') !== false) {
$errors[] = "A job already exists with the name '$job_name'.";
return $errors;
if ($status->getStatusCode() !== 200) {
$errors[] = phutil_tag($status->getMessage());
return $errors;
// Create Jenkins Job
$url = $jenkins_url."/createItem?name=$job_name";
$future = id(new HTTPSFuture($url))
->addHeader('Content-Type', 'text/xml')
->addHeader($csrf[0], $csrf[1])
->setHTTPBasicAuthCredentials($jenkins_user, $jenkins_token)
list($status, $body, $headers) = $future->resolve();
if ($status->getStatusCode() !== 200) {
$errors[] = phutil_tag($status->getMessage());
return $errors;
// Custom policy
$rules = array(
'action' => PhabricatorPolicy::ACTION_ALLOW,
'rule' => 'PhabricatorProjectsPolicyRule',
'value' => $proj,
$policy = id(new PhabricatorPolicy())
// Create Harbormaster Build Plan
$plan = HarbormasterBuildPlan::initializeNewBuildPlan($viewer)
->setName($job_name.' on jenkins')
$project_type = PhabricatorProjectObjectHasProjectEdgeType::EDGECONST;
$xactions = array();
$xactions[] = id(new HarbormasterBuildPlanTransaction())
->setMetadataValue('edge:type', $project_type)
->setNewValue(array('=' => array_fuse($proj)));
$editor = id(new HarbormasterBuildPlanEditor())
->applyTransactions($plan, $xactions);
$step = HarbormasterBuildStep::initializeNewStep($viewer)
// ->setDetail('builtin.wait-for-message', 'wait')
->setDetail('method', 'GET')
->setDetail('uri', $jenkins_url.
// ->setDetail('uri', $jenkins_url .
// '/buildByToken/buildWithParameters?' .
// 'DIFF_ID=\${buildable.diff}&' .
// 'PHID=\${target.phid}&' .
// "token=$job_token&job=$job_name")
->setName('Start Job on Jenkins')
// Create Herald Rule
$herald = id(new HeraldRule())
->setName("Run Jenkins Job $job_name on new commit")
$branch_escaped = str_replace('/', '\\/', $branch);
$conditions = array(
id(new HeraldCondition())
id(new HeraldCondition())
$actions = array(
id(new HeraldActionRecord())
// Create Job object
$job = id(new PhabricatorJenkinsJob())
->setProject(implode(',', $proj))
try {
} catch (AphrontDuplicateKeyQueryException $ex) {
$errors[] = pht('Only one job per repository and branch is allowed.');
self::disableHerald($herald, $viewer);
self::disableBuildPlan($plan, $viewer);
} else {
if (empty($repo)) {
$errors[] = pht('You must specify a Repository.');
if (empty($proj)) {
$errors[] = pht('You must specify a Project.');
if (empty($branch)) {
$errors[] = pht('You must specify a Branch.');
return $errors;
private static function deleteJenkinsJob(
$viewer) {
$jenkins_url = PhabricatorEnv::getEnvConfig('jenkins.url');
$jenkins_user = PhabricatorEnv::getEnvConfig('jenkins.user');
$jenkins_token = new PhutilOpaqueEnvelope(
$csrf = self::getJenkinsCsrf(
$url = $jenkins_url."/job/$job_name/doDelete";
$future = id(new HTTPSFuture($url))
->addHeader($csrf[0], $csrf[1])
->setHTTPBasicAuthCredentials($jenkins_user, $jenkins_token)
list($status, $body, $headers) = $future->resolve();
private static function disableHerald($herald, $viewer) {
$xaction = id(new HeraldRuleTransaction())
id(new HeraldRuleEditor())
->applyTransactions($herald, array($xaction));
private function disableBuildPlan($plan, $viewer) {
$xaction = id(new HarbormasterBuildPlanTransaction())
id(new HarbormasterBuildPlanEditor())
->applyTransactions($plan, array($xaction));
private function handleDelete(AphrontRequest $request) {
$errors = array();
$text = '';
$viewer = $request->getViewer();
$job_id = $request->getInt('job', -1);
$job = id(new PhabricatorJenkinsJobQuery())
if (!$job) {
$errors[] = "Job with id $job_id doesn't exist.";
} else {
// Show dialog
$repo = id(new PhabricatorRepositoryQuery())
$job_name = self::getJobName(
$repo->getCloneName(), $repo->getID(), $job->getBranch());
$plan_phid = $job->getBuildPlan();
$plan = id(new HarbormasterBuildPlanQuery())
$herald_phid = $job->getRule();
$herald = id(new HeraldRuleQuery())
$text = "Are you sure you want to delete the Job '$job_name' ?";
// Confirm and delete
if ($request->isFormPost()) {
self::disableHerald($herald, $viewer);
self::disableBuildPlan($plan, $viewer);
return id(new AphrontRedirectResponse())->setURI('/jobs/list/');
$dialog = id(new AphrontDialogView())
->setTitle(pht('Delete Jenkins Job'))
if (empty($errors)) {
return $dialog;
private function handleCreate(AphrontRequest $request) {
$project = $request->getStr('with_project', null);
$dialog = self::createForm($request, $project);
return $dialog;
public static function createForm($request, $with_project) {
$viewer = $request->getViewer();
$errors = array();
$repo = array();
$proj = array();
$branch = 'master';
if ($request->isFormPost()) {
// Get form values
$repo = $request->getArr('repository', array());
$proj = $request->getArr('project', array($with_project));
$branch = $request->getStr('branch', 'master');
// Create the Job
$errors = self::createJob(
if (!$errors) {
return id(new AphrontRedirectResponse())->setURI('/jobs/list/');
$jobs = id(new PhabricatorJenkinsJobQuery())
$form = id(new AphrontFormView())
$form_proj = id(new PhabricatorDatasourceEditField())
->setDatasource(new PhabricatorProjectDatasource());
if (!empty($with_project)) {
$form_repo = id(new PhabricatorDatasourceEditField())
->setDatasource(new DiffusionRepositoryDatasource());
$form_branch = id(new PhabricatorTextEditField())
$dialog_text = <<<EOF
Create a Pipeline Job on c4science Jenkins instance.
- The Project will be used as Policy access to the job.
- The Repository and Branch will be checked out in the job workspace.
- The Repository must contain a Jenkinsfile at the root, see [[ | Using a Jenkinsfile]]
$dialog = id(new AphrontDialogView())
->setTitle(pht('Create Jenkins Job'))
->appendChild(new PHUIRemarkupView($viewer, $dialog_text))
return $dialog;
private function handleList(AphrontRequest $request) {
$viewer = $request->getViewer();
$title = pht('Jenkins Jobs List');
$list = self::createObjectList(
$viewer, null, null);
$box = id(new PHUIObjectBoxView())
$nav = $this->buildSideNav();
return $this->newPage()
public static function createObjectList(
PhabricatorUser $viewer,
$with_repo) {
$jenkins_url = PhabricatorEnv::getEnvConfig('jenkins.url');
$jenkins_user = PhabricatorEnv::getEnvConfig('jenkins.user');
$jenkins_token = new PhutilOpaqueEnvelope(
$csrf = self::getJenkinsCsrf(
// Get jobs
$jobs = id(new PhabricatorJenkinsJobQuery())
if (!empty($with_project)) {
if (!empty($with_repo)) {
$jobs = $jobs->execute();
$list = new PHUIObjectItemListView();
$list->setNoDataString('No Jenkins Job. Create a Job from a Project for this Repository.');
foreach ($jobs as $job) {
// Get repo and project information
$repo = id(new PhabricatorRepositoryQuery())
$project = id(new PhabricatorProjectQuery())
->withPHIDs(explode(',', $job->getProject()))
$job_name = self::getJobName(
$repo->getCloneName(), $repo->getID(), $job->getBranch());
// Display
$item = id(new PHUIObjectItemView());
// $item->setHref(
// $jenkins_url .
// '/blue/organizations/jenkins/' .
// $job_name . '/activity');
if (empty($with_repo)) {
$item->addAttribute(id(new PHUITagView())
->setName($repo->getMonogram().' '.$repo->getName()));
if (empty($with_project)) {
foreach ($project as $p) {
$item->addAttribute(id(new PHUITagView())
if ($viewer->isOmnipotent()) {
$user = id(new PhabricatorPeopleQuery())
if ($user) {
id(new PHUIListItemView())
// Get Job status
$url = $jenkins_url."/job/${job_name}/lastBuild/api/json";
$future = id(new HTTPSFuture($url))
->addHeader($csrf[0], $csrf[1])
->setHTTPBasicAuthCredentials($jenkins_user, $jenkins_token);
list($status, $body, $headers) = $future->resolve();
if ($status->getStatusCode() == 200) {
$json = json_decode($body, true);
$result = $json['result'];
$building = $json['building'];
$icon = 'fa-question-circle';
$text = 'unknown';
if ($building) {
$icon = 'fa-cogs';
$text = 'building';
} else {
if ($result == 'SUCCESS') {
$icon = 'fa-sun-o';
$text = 'success';
} else if ($result == 'FAILURE') {
$icon = 'fa-bolt';
$text = 'failure';
$item->setStatusIcon($icon, $text);
return $list;
private static function getJobName($repo_name, $repo_id, $branch) {
// phutil_escape_uri() doen't escape /
$branch = str_replace('/', '-', $branch);
return phutil_escape_uri("${repo_name}-${branch}-${repo_id}");
private static function getJenkinsCsrf(
$jenkins_token) {
$url = $jenkins_url.'/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)';
list($status, $csrf, $headers) = id(new HTTPSFuture($url))
->setHTTPBasicAuthCredentials($jenkins_user, $jenkins_token)
if ($status->getStatusCode() !== 200) {
return array(0, 0);
return explode(':', $csrf);

