• Similar Issues:


      For improved functionality, usability, and discoverability, we should complement readTrusted with

      • isTrusted: take an SCM path, return true normally, false if in a branch project where this file has been modified by an untrusted user
      • loadTrusted: like evaluate(readTrusted 'f') but producing a new block scope like the load step would

      On the UX front I think there was also a request to boldface the message about Jenkinsfile being pulled from the trusted branch rather than the PR branch, since this behavior can be surprising and is not immediately obvious from a plain text log. Ideally we could just turn this into an error in case Jenkinsfile had been modified, but that could be considered an incompatible change; perhaps it could be an advanced setting on the repo/org level, defaulting to failure for newly created projects. (We could also consider a fallback flag to readTrusted that would let a script use the same relaxed behavior when loading any SCM file: read from the trusted branch.)


          Issue Links


            jglick Jesse Glick created issue -
            jglick Jesse Glick made changes -
            Field Original Value New Value
            Link This issue relates to JENKINS-46795 [ JENKINS-46795 ]
            jglick Jesse Glick made changes -
            Remote Link This issue links to "PR 69 (Web Link)" [ 20332 ]
            jglick Jesse Glick made changes -
            Link This issue relates to INFRA-1571 [ INFRA-1571 ]


              • Assignee:
                jglick Jesse Glick
              • Votes:
                1 Vote for this issue
                3 Start watching this issue


                • Created: