Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-45970

isTrusted & loadTrusted steps


      For improved functionality, usability, and discoverability, we should complement readTrusted with

      • isTrusted: take an SCM path, return true normally, false if in a branch project where this file has been modified by an untrusted user
      • loadTrusted: like evaluate(readTrusted 'f') but producing a new block scope like the load step would

      On the UX front I think there was also a request to boldface the message about Jenkinsfile being pulled from the trusted branch rather than the PR branch, since this behavior can be surprising and is not immediately obvious from a plain text log. Ideally we could just turn this into an error in case Jenkinsfile had been modified, but that could be considered an incompatible change; perhaps it could be an advanced setting on the repo/org level, defaulting to failure for newly created projects. (We could also consider a fallback flag to readTrusted that would let a script use the same relaxed behavior when loading any SCM file: read from the trusted branch.)

            Unassigned Unassigned
            jglick Jesse Glick
            2 Vote for this issue
            4 Start watching this issue