[JENKINS-36240] Default repository permission are not considered

Type: Bug
Resolution: Fixed
Priority: Major
Component/s: github-branch-source-plugin
Labels:
- cloudbees-internal-pipeline
- scm-api-tidy

Similar Issues:
Powered by SuggestiMate

Show

If the permissions of an user are granted on organization membership rather than team membership. The PR from the user aren't considered trusted. But are considered if the user push directly to the repository.

is blocked by

JENKINS-43426 Refactor UX for GitHub and Bitbucket branch sources

Closed

is duplicated by

JENKINS-45359 Collaborator with write access is said to not be trusted in the first PR when the project doesn't have a Jenkinsfile yet

Resolved

JENKINS-40705 Multibranch Pipeline fails to index GitHub repos using GitHub readonly credentials

Closed

JENKINS-37931 PR build can use PR's head/merge Jenkinsfile insted of master branch.

Resolved

is related to

JENKINS-37608 Configurability of GitHub Branch Source to use Scan User with only Read permission

Resolved

links to

CloudBees Internal CD-154

current poor implementation

github-api PR 358

PR 96

mentioned in: Page Loading...

(4 links to, 1 mentioned in)

Emilio Escobar created issue - 2016-06-27 10:25

Jesse Glick made changes - 2016-07-08 03:55

Remote Link

New: This issue links to "current poor implementation (Web Link)" [ 14597 ]

R. Tyler Croy made changes - 2016-07-25 23:52

Workflow

Original: JNJira [ 172934 ]

New: JNJira + In-Review [ 184836 ]

Jesse Glick made changes - 2016-08-24 21:34

Link

New: This issue is related to ~~JENKINS-37608~~ [ ~~JENKINS-37608~~ ]

Jesse Glick made changes - 2016-09-19 14:02

Assignee

Original: Jesse Glick [ jglick ]

Jesse Glick made changes - 2016-12-16 21:10

Assignee

New: Jesse Glick [ jglick ]

Jesse Glick made changes - 2016-12-16 21:10

Status

Original: Open [ 1 ]

New: In Progress [ 3 ]

Jesse Glick made changes - 2016-12-16 23:25

Remote Link

New: This issue links to "PR 96 (Web Link)" [ 15139 ]

Jesse Glick made changes - 2016-12-16 23:25

Status

Original: In Progress [ 3 ]

New: In Review [ 10005 ]

Ryan Campbell made changes - 2017-01-03 17:01

Link

New: This issue is duplicated by ~~JENKINS-40705~~ [ ~~JENKINS-40705~~ ]

Patrick Thiel made changes - 2017-01-19 23:21

Comment

[ Using a multibranch pipeline project with the latest SCM API 2.0 release, we have also noticed PR's from contributors getting flagged as untrusted sources.. Despite the PR author having admin privileges as a contributor and is the member of a Github team that also has Write permissions for the repository.

To test this..
# Submit a PR with changes to a project's Jenkinsfile (add an echo or something)
# Open up a PR and scan the repository.
# Observe, In the scan log, your PR will look something like the following:

{code}
    Checking pull request #1817
    (not from a trusted source)
    Job name: PR-1817
      ‘Jenkinsfile’ found
    Met criteria
{code}

Since it's not a trusted source, when building this pull request, Jenkins will revert to using the Jenkinsfile on the base branch.. The log in the Jenkins PR job will look like this:

{code}
Loading trusted files from base branch dev at {commit} rather than {commit}
{code}

Seems related to this issue. I can file another defect for this, but I wanted to check in here first. ]

Assignee:: Stephen Connolly

Reporter:: Emilio Escobar

Votes:: 0 Vote for this issue

Watchers:: 9 Start watching this issue

Created:: 2016-06-27 10:25

Updated:: 2017-12-05 08:32

Resolved:: 2017-07-20 08:56

Jenkins

Details

Description

Attachments

Issue Links

Activity

People

Dates