Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-33256

Re-enable GitHub PR support for public repos

    XMLWordPrintable

Details

    Description

      GitHub PRs for public repos were disabled in the 1.3 release due to concerns about untrusted Jenkinsfiles. While that's understandable, the result is that, well, this doesn't build PRs any more unless you're using a private repo, and that's unfortunate to say the least. This is especially inconvenient for a GitHub Enterprise use case, since "public repos" doesn't mean the same thing there.

      Attachments

        Issue Links

          Activity

            jglick Jesse Glick added a comment -

            Initial planned implementation: PRs to always be built; if the author of the PR has push permission to the origin repository (or, if this information is not easily available from GH, if they are a member of the same organization), build their Jenkinsfile as written; if not, use the Jenkinsfile from the target branch.

            Possible add-on: a way to determine from Jenkinsfile whether it is coming from the PR branch or the target branch. I am not sure there is a real use case for this, though.

            jglick Jesse Glick added a comment - Initial planned implementation: PRs to always be built; if the author of the PR has push permission to the origin repository (or, if this information is not easily available from GH, if they are a member of the same organization), build their Jenkinsfile as written; if not, use the Jenkinsfile from the target branch. Possible add-on: a way to determine from Jenkinsfile whether it is coming from the PR branch or the target branch. I am not sure there is a real use case for this, though.

            I don't think this is a bug.

            recena Manuel Recena Soto added a comment - I don't think this is a bug.
            abayer Andrew Bayer added a comment -

            Nah, it's definitely a bug, albeit one introduced for good reasons. =) Putting aside github.com public repo use cases, GitHub Enterprise behind-the-firewall use cases are basically all now broken, and "public" behind-the-firewall repos are basically equivalent to github.com private repos, so they shouldn't be restricted, IMO.

            abayer Andrew Bayer added a comment - Nah, it's definitely a bug, albeit one introduced for good reasons. =) Putting aside github.com public repo use cases, GitHub Enterprise behind-the-firewall use cases are basically all now broken, and "public" behind-the-firewall repos are basically equivalent to github.com private repos, so they shouldn't be restricted, IMO.
            abayer Andrew Bayer added a comment -

            And fwiw, I like the idea of being able to say "just use the Jenkinsfile from the target branch" without worrying about who the author is in most cases. Obviously, for PRs with legit changes to the Jenkinsfile, that's a bit different, but the majority of use cases, etc.

            abayer Andrew Bayer added a comment - And fwiw, I like the idea of being able to say "just use the Jenkinsfile from the target branch" without worrying about who the author is in most cases. Obviously, for PRs with legit changes to the Jenkinsfile, that's a bit different, but the majority of use cases, etc.

            abayer My initial proposal was to consider both private and public repos. In fact, thus is in 1.2. Anyway I'm sure we can find a better solutions. Thanks for your feedback.

            recena Manuel Recena Soto added a comment - abayer My initial proposal was to consider both private and public repos. In fact, thus is in 1.2. Anyway I'm sure we can find a better solutions. Thanks for your feedback.

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/jenkins/scm/api/SCMSource.java
            http://jenkins-ci.org/commit/scm-api-plugin/b82237184965604d9734771a5202e9d9ed38deac
            Log:
            Merge pull request #5 from jglick/getTrustedRevision

            JENKINS-33256 Introducing SCMSource.getTrustedRevision

            Compare: https://github.com/jenkinsci/scm-api-plugin/compare/8c9bca237297...b82237184965

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/jenkins/scm/api/SCMSource.java http://jenkins-ci.org/commit/scm-api-plugin/b82237184965604d9734771a5202e9d9ed38deac Log: Merge pull request #5 from jglick/getTrustedRevision JENKINS-33256 Introducing SCMSource.getTrustedRevision Compare: https://github.com/jenkinsci/scm-api-plugin/compare/8c9bca237297...b82237184965

            Code changed in jenkins
            User: Jesse Glick
            Path:
            CHANGES.md
            multibranch/src/main/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinder.java
            multibranch/src/test/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinderTest.java
            pom.xml
            http://jenkins-ci.org/commit/workflow-plugin/76bdc6f044f2eaf60f0f313cb09c7e006802e9a5
            Log:
            Merge pull request #244 from jglick/getTrustedRevision

            JENKINS-33256 Calling SCMSource.getTrustedRevision

            Compare: https://github.com/jenkinsci/workflow-plugin/compare/f19e83d255e2...76bdc6f044f2

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: CHANGES.md multibranch/src/main/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinder.java multibranch/src/test/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinderTest.java pom.xml http://jenkins-ci.org/commit/workflow-plugin/76bdc6f044f2eaf60f0f313cb09c7e006802e9a5 Log: Merge pull request #244 from jglick/getTrustedRevision JENKINS-33256 Calling SCMSource.getTrustedRevision Compare: https://github.com/jenkinsci/workflow-plugin/compare/f19e83d255e2...76bdc6f044f2

            Code changed in jenkins
            User: Jesse Glick
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/3e23edf68e0c87b857c4923dabe998167cc26150
            Log:
            [FIXED JENKINS-33256] Re├źnabling PRs on public repos.

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java http://jenkins-ci.org/commit/github-branch-source-plugin/3e23edf68e0c87b857c4923dabe998167cc26150 Log: [FIXED JENKINS-33256] Re├źnabling PRs on public repos.

            Code changed in jenkins
            User: Jesse Glick
            Path:
            pom.xml
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
            src/main/java/org/jenkinsci/plugins/github_branch_source/UntrustedPullRequestSCMRevision.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/e1ea086b75541f686c21d8604a454f33b933dadc
            Log:
            Merge pull request #29 from jglick/getTrustedRevision-JENKINS-33256

            JENKINS-33256 Untrusted PRs

            Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/3df443cd38c6...e1ea086b7554

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: pom.xml src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java src/main/java/org/jenkinsci/plugins/github_branch_source/UntrustedPullRequestSCMRevision.java http://jenkins-ci.org/commit/github-branch-source-plugin/e1ea086b75541f686c21d8604a454f33b933dadc Log: Merge pull request #29 from jglick/getTrustedRevision- JENKINS-33256 JENKINS-33256 Untrusted PRs Compare: https://github.com/jenkinsci/github-branch-source-plugin/compare/3df443cd38c6...e1ea086b7554

            Code changed in jenkins
            User: Jesse Glick
            Path:
            multibranch/src/main/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinder.java
            multibranch/src/test/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinderTest.java
            http://jenkins-ci.org/commit/workflow-multibranch-plugin/5d458888fe0eba9e1ed2306328beb914674ede64
            Log:
            Merge pull request #244 from jglick/getTrustedRevision

            JENKINS-33256 Calling SCMSource.getTrustedRevision
            Originally-Committed-As: 76bdc6f044f2eaf60f0f313cb09c7e006802e9a5

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: multibranch/src/main/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinder.java multibranch/src/test/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinderTest.java http://jenkins-ci.org/commit/workflow-multibranch-plugin/5d458888fe0eba9e1ed2306328beb914674ede64 Log: Merge pull request #244 from jglick/getTrustedRevision JENKINS-33256 Calling SCMSource.getTrustedRevision Originally-Committed-As: 76bdc6f044f2eaf60f0f313cb09c7e006802e9a5

            Code changed in jenkins
            User: Jesse Glick
            Path:
            demo/README.md
            http://jenkins-ci.org/commit/github-branch-source-plugin/4970dbc528f0d26ffe0f6ebaac8ac9959c14f04c
            Log:
            Removing instructions obsolete since #29 (JENKINS-33256).

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Jesse Glick Path: demo/README.md http://jenkins-ci.org/commit/github-branch-source-plugin/4970dbc528f0d26ffe0f6ebaac8ac9959c14f04c Log: Removing instructions obsolete since #29 ( JENKINS-33256 ).

            People

              jglick Jesse Glick
              abayer Andrew Bayer
              Votes:
              0 Vote for this issue
              Watchers:
              6 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: