Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-41616

Non-trusted pull requests should use a probe against the trusted revision not the PR's revision

    XMLWordPrintable

Details

    Description

      See JENKINS-41561,

      If a PR is not trusted and has a Jenkinsfile but the target branch of the PR does not have a Jenkinsfile, we should not report that as a PR matching the Jenkinsfile criteria as the Jenkinsfile should be sourced from the trusted revision (where there is none)

      The current behaviour is that the PR will be flagged as matching the criteria and hence a build attempt will be started, but as the trusted revision does not have the Jenkinsfile the build will fail.

      We should never even try to build in the first case for such an untrusted PR

      Attachments

        Issue Links

          is related to

          Bug - A problem which impairs or prevents the functions of the product. JENKINS-41561 Pullrequest github executes Jenkinsfile of origin branch

          • Critical - Crashes, loss of data, severe memory leak.
          • Closed
          links to

          Web Link CloudBees Internal OSS-2065

          Web Link PR#128

          Activity

            Descending order - Click to sort in ascending order
            scm_issue_link SCM/JIRA link daemon added a comment -

            Code changed in jenkins
            User: Stephen Connolly
            Path:
            src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java
            http://jenkins-ci.org/commit/github-branch-source-plugin/8272f20a872ce4fbafb6417b00bdd5aea0a43e7b
            Log:
            [FIXED JENKINS-41616] Non-trusted pull requests should use a probe against the trusted revision not the PR's revision

            scm_issue_link SCM/JIRA link daemon added a comment - Code changed in jenkins User: Stephen Connolly Path: src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSource.java http://jenkins-ci.org/commit/github-branch-source-plugin/8272f20a872ce4fbafb6417b00bdd5aea0a43e7b Log: [FIXED JENKINS-41616] Non-trusted pull requests should use a probe against the trusted revision not the PR's revision
            jglick Jesse Glick added a comment -

            I think it is fine for the build to fail. Indeed arguably SCMBinder should always fail when the trusted Jenkinsfile differs from the untrusted one, rather than print a message and continue with a different script. ReadTrustedStep already has that stricter behavior.

            jglick Jesse Glick added a comment - I think it is fine for the build to fail. Indeed arguably SCMBinder should always fail when the trusted Jenkinsfile differs from the untrusted one, rather than print a message and continue with a different script. ReadTrustedStep already has that stricter behavior.

            People

              stephenconnolly Stephen Connolly
              stephenconnolly Stephen Connolly
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: