Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45970

isTrusted & loadTrusted steps

    XMLWordPrintable

    Details

    • Similar Issues:

      Description

      For improved functionality, usability, and discoverability, we should complement readTrusted with

      • isTrusted: take an SCM path, return true normally, false if in a branch project where this file has been modified by an untrusted user
      • loadTrusted: like evaluate(readTrusted 'f') but producing a new block scope like the load step would

      On the UX front I think there was also a request to boldface the message about Jenkinsfile being pulled from the trusted branch rather than the PR branch, since this behavior can be surprising and is not immediately obvious from a plain text log. Ideally we could just turn this into an error in case Jenkinsfile had been modified, but that could be considered an incompatible change; perhaps it could be an advanced setting on the repo/org level, defaulting to failure for newly created projects. (We could also consider a fallback flag to readTrusted that would let a script use the same relaxed behavior when loading any SCM file: read from the trusted branch.)

        Attachments

          Issue Links

            Activity

            Hide
            jglick Jesse Glick added a comment -

            Would also like a pathless isTrusted() to just check whether the whole revision is from a trusted source or not. Looks like you could currently check env.CHANGE_FORK == null to behave differently on origin vs. fork PRs, which is not as good but maybe good enough as a workaround.

            Show
            jglick Jesse Glick added a comment - Would also like a pathless isTrusted() to just check whether the whole revision is from a trusted source or not. Looks like you could currently check env.CHANGE_FORK == null to behave differently on origin vs. fork PRs, which is not as good but maybe good enough as a workaround.

              People

              • Assignee:
                Unassigned
                Reporter:
                jglick Jesse Glick
              • Votes:
                0 Vote for this issue
                Watchers:
                2 Start watching this issue

                Dates

                • Created:
                  Updated: