[JENKINS-34600] Improve the performance of scheduling a build

Manuel Recena Soto created issue - 2016-05-04 14:32

Manuel Recena Soto made changes - 2016-05-04 14:33

Description

Original: The current API in {{scm-api}} allows to re-index a branch source using the method {{SCMSourceOwner.onSCMSourceUpdated()}}}.

Currently we are using this method to force a reindexing when a webhook event is received:

{code:java}
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
    for (SCMSource source : owner.getSCMSources()) {
        if (source instanceof GitHubSCMSource) {
            GitHubSCMSource gitHubSCMSource = (GitHubSCMSource) source;
            if (gitHubSCMSource.getRepoOwner().equals(changedRepository.getUserName()) &&
                    gitHubSCMSource.getRepository().equals(changedRepository.getRepositoryName())) {
                owner.onSCMSourceUpdated(gitHubSCMSource);
            }
        }
    }
}
{code}

New: The current API in {{scm-api}} allows to re-index a branch source using the method {{SCMSourceOwner.onSCMSourceUpdated()}}.

Currently we are using this method to force a reindexing when a webhook event is received:

{code:java}
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
    for (SCMSource source : owner.getSCMSources()) {
        if (source instanceof GitHubSCMSource) {
            GitHubSCMSource gitHubSCMSource = (GitHubSCMSource) source;
            if (gitHubSCMSource.getRepoOwner().equals(changedRepository.getUserName()) &&
                    gitHubSCMSource.getRepository().equals(changedRepository.getRepositoryName())) {
                owner.onSCMSourceUpdated(gitHubSCMSource);
            }
        }
    }
}
{code}

Manuel Recena Soto made changes - 2016-05-04 16:46

Summary

Original: Improve the performance of schedule a build

New: Improve the performance of scheduling a build

Manuel Recena Soto made changes - 2016-05-04 17:38

Description

Original: The current API in {{scm-api}} allows to re-index a branch source using the method {{SCMSourceOwner.onSCMSourceUpdated()}}.

Currently we are using this method to force a reindexing when a webhook event is received:

{code:java}
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
    for (SCMSource source : owner.getSCMSources()) {
        if (source instanceof GitHubSCMSource) {
            GitHubSCMSource gitHubSCMSource = (GitHubSCMSource) source;
            if (gitHubSCMSource.getRepoOwner().equals(changedRepository.getUserName()) &&
                    gitHubSCMSource.getRepository().equals(changedRepository.getRepositoryName())) {
                owner.onSCMSourceUpdated(gitHubSCMSource);
            }
        }
    }
}
{code}

New: The current API in {{scm-api}} allows to re-index a branch source using the method {{SCMSourceOwner.onSCMSourceUpdated()}}.

Currently we are using this method to force a reindexing when a webhook event is received:

{code:java}
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
    for (SCMSource source : owner.getSCMSources()) {
        if (source instanceof GitHubSCMSource) {
            GitHubSCMSource gitHubSCMSource = (GitHubSCMSource) source;
            if (gitHubSCMSource.getRepoOwner().equals(changedRepository.getUserName()) &&
                    gitHubSCMSource.getRepository().equals(changedRepository.getRepositoryName())) {
                owner.onSCMSourceUpdated(gitHubSCMSource);
            }
        }
    }
}
{code}

We need to improve this because when Jenkins receives an event from a webhook we want to be able to determinate:

# if we have to re-index all my GitHub Organization
# if we have to re-index all my branches and pull requests in a GitHub repository
# Or simplify if we have to schedule a build because there is a new commit in a pull requests

Manuel Recena Soto made changes - 2016-05-04 17:40

Description

Original: The current API in {{scm-api}} allows to re-index a branch source using the method {{SCMSourceOwner.onSCMSourceUpdated()}}.

Currently we are using this method to force a reindexing when a webhook event is received:

{code:java}
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
    for (SCMSource source : owner.getSCMSources()) {
        if (source instanceof GitHubSCMSource) {
            GitHubSCMSource gitHubSCMSource = (GitHubSCMSource) source;
            if (gitHubSCMSource.getRepoOwner().equals(changedRepository.getUserName()) &&
                    gitHubSCMSource.getRepository().equals(changedRepository.getRepositoryName())) {
                owner.onSCMSourceUpdated(gitHubSCMSource);
            }
        }
    }
}
{code}

We need to improve this because when Jenkins receives an event from a webhook we want to be able to determinate:

# if we have to re-index all my GitHub Organization
# if we have to re-index all my branches and pull requests in a GitHub repository
# Or simplify if we have to schedule a build because there is a new commit in a pull requests

New: The current API in {{scm-api}} allows to re-index a branch source using the method {{SCMSourceOwner.onSCMSourceUpdated()}}.

Currently we are using this method to force a reindexing when a webhook event is received:

{code:java}
for (final SCMSourceOwner owner : SCMSourceOwners.all()) {
    for (SCMSource source : owner.getSCMSources()) {
        if (source instanceof GitHubSCMSource) {
            GitHubSCMSource gitHubSCMSource = (GitHubSCMSource) source;
            if (gitHubSCMSource.getRepoOwner().equals(changedRepository.getUserName()) &&
                    gitHubSCMSource.getRepository().equals(changedRepository.getRepositoryName())) {
                owner.onSCMSourceUpdated(gitHubSCMSource);
            }
        }
    }
}
{code}

We need to improve this because when Jenkins receives an event from a webhook we want to be able to determinate:

# if we have to re-index my GitHub Organization
# if we have to re-index all my branches and pull requests in a GitHub repository
# Or simplify if we have to schedule a build because there is a new commit in a pull requests

Manuel Recena Soto made changes - 2016-05-04 17:40

Assignee

New: Manuel Recena Soto [ recena ]

Jesse Glick made changes - 2016-05-11 14:44

Labels

New: api performance

Jesse Glick added a comment - 2016-05-11 14:46

As noted in ~~JENKINS-34727~~, a naïve implementation would be vulnerable to a (low-severity) exploit whereby an anonymous agent sends a crafted webhook convincing Jenkins to build a commit which is not in fact the head of the branch.

Basically, if you want to bypass going back to the server to ask for the head commit, you must accept only authenticated webhooks.

Alternately, you can continue to ask the server for the head commit, but only for this one branch, which would still be safe in the face of an anonymous webhook but might be more efficient than the current behavior (TBD).

Jesse Glick added a comment - 2016-05-11 14:46 As noted in JENKINS-34727 , a naïve implementation would be vulnerable to a (low-severity) exploit whereby an anonymous agent sends a crafted webhook convincing Jenkins to build a commit which is not in fact the head of the branch. Basically, if you want to bypass going back to the server to ask for the head commit, you must accept only authenticated webhooks. Alternately, you can continue to ask the server for the head commit, but only for this one branch, which would still be safe in the face of an anonymous webhook but might be more efficient than the current behavior (TBD).

Jesse Glick made changes - 2016-05-11 14:46

Link

New: This issue is related to ~~JENKINS-34727~~ [ ~~JENKINS-34727~~ ]

R. Tyler Croy made changes - 2016-07-25 23:52

Workflow

Original: JNJira [ 170761 ]

New: JNJira + In-Review [ 184027 ]

Jenkins

Details

Description

Attachments

Issue Links

Activity

Collapse comment: Jesse Glick added a comment - 2016-05-11 14:46

Expand comment: Jesse Glick added a comment - 2016-05-11 14:46

People

Dates