Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41616

Non-trusted pull requests should use a probe against the trusted revision not the PR's revision

    Details

    • Similar Issues:

      Description

      See JENKINS-41561,

      If a PR is not trusted and has a Jenkinsfile but the target branch of the PR does not have a Jenkinsfile, we should not report that as a PR matching the Jenkinsfile criteria as the Jenkinsfile should be sourced from the trusted revision (where there is none)

      The current behaviour is that the PR will be flagged as matching the criteria and hence a build attempt will be started, but as the trusted revision does not have the Jenkinsfile the build will fail.

      We should never even try to build in the first case for such an untrusted PR

        Attachments

          Issue Links

            Activity

            stephenconnolly Stephen Connolly created issue -
            stephenconnolly Stephen Connolly made changes -
            Field Original Value New Value
            Link This issue is related to JENKINS-41561 [ JENKINS-41561 ]
            Hide
            jglick Jesse Glick added a comment -

            I think it is fine for the build to fail. Indeed arguably SCMBinder should always fail when the trusted Jenkinsfile differs from the untrusted one, rather than print a message and continue with a different script. ReadTrustedStep already has that stricter behavior.

            Show
            jglick Jesse Glick added a comment - I think it is fine for the build to fail. Indeed arguably SCMBinder should always fail when the trusted Jenkinsfile differs from the untrusted one, rather than print a message and continue with a different script. ReadTrustedStep already has that stricter behavior.
            stephenconnolly Stephen Connolly made changes -
            Labels scm-api-tidy-scrub
            stephenconnolly Stephen Connolly made changes -
            Labels scm-api-tidy-scrub scm-api-tidy
            stephenconnolly Stephen Connolly made changes -
            Assignee Stephen Connolly [ stephenconnolly ]
            stephenconnolly Stephen Connolly made changes -
            Status Open [ 1 ] In Progress [ 3 ]
            stephenconnolly Stephen Connolly made changes -
            Remote Link This issue links to "PR#128 (Web Link)" [ 15713 ]
            stephenconnolly Stephen Connolly made changes -
            Status In Progress [ 3 ] In Review [ 10005 ]
            Hide
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/8272f20a872ce4fbafb6417b00bdd5aea0a43e7b
            Log:
            [FIXED JENKINS-41616] Non-trusted pull requests should use a probe against the trusted revision not the PR's revision

            Show
            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java http://jenkins-ci.org/commit/github-branch-source-plugin/8272f20a872ce4fbafb6417b00bdd5aea0a43e7b Log: [FIXED JENKINS-41616] Non-trusted pull requests should use a probe against the trusted revision not the PR's revision
            stephenconnolly Stephen Connolly made changes -
            Link This issue relates to JENKINS-24347 [ JENKINS-24347 ]
            stephenconnolly Stephen Connolly made changes -
            Comment [ I suspect that JENKINS-24347 is just some confusion around how form validation works, but in any case form validation cannot consider the full entire security realm configuration as this involves nested hetero-list elements.

            I do not think that JENKINS-24347 is strictly a duplicate of this issue but they are somewhat related in concept and we may be able to close that as WONTFIX with this new feature ]
            stephenconnolly Stephen Connolly made changes -
            Link This issue relates to JENKINS-24347 [ JENKINS-24347 ]
            stephenconnolly Stephen Connolly made changes -
            Status In Review [ 10005 ] Resolved [ 5 ]
            Resolution Fixed [ 1 ]
            stephenconnolly Stephen Connolly made changes -
            Status Resolved [ 5 ] Closed [ 6 ]
            jamesdumay James Dumay made changes -
            Remote Link This issue links to "CloudBees Internal OSS-2065 (Web Link)" [ 18435 ]

              People

              • Assignee:
                stephenconnolly Stephen Connolly
                Reporter:
                stephenconnolly Stephen Connolly
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: