Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-55327

Job restrictions can be skipped if no node block in Jenkinsfile

      Try following Jenkinsfile, it will always run on master, even you configured job restriction

      #!/usr/bin/env groovy
      timeout(time: 5, unit: 'MINUTES') {
        timestamps {
          properties([buildDiscarder(logRotator(daysToKeepStr: '7', artifactDaysToKeepStr: '0'))])
          stage('printing') {
            for ( i=1; i<10; i++ ) {
              println "Round ${i} checking"
              sleep 1
            }
          }
        }
      } 

          [JENKINS-55327] Job restrictions can be skipped if no node block in Jenkinsfile

          Oleg Nenashev added a comment - - edited

          It is a deliberate improvement/regression due to the changes in 2.111 - JENKINS-46652. I cannot fix it on the plugin side. CC jglick danielbeck

           

          Oleg Nenashev added a comment - - edited It is a deliberate improvement/regression due to the changes in 2.111 - JENKINS-46652 . I cannot fix it on the plugin side. CC jglick danielbeck  

          Oleg Nenashev added a comment -

          Actually this particular case is not related to JENKINS-46652, sorry for confusion. Likely the plugin's extension point impls are not longer being invoked for the Pipeline flyweight master.

          Anyway, execution of Pipeline root task should always happen on the master. It just won't be able to be really executed on any other machine due to the current Pipeline system design

           

          Oleg Nenashev added a comment - Actually this particular case is not related to JENKINS-46652 , sorry for confusion. Likely the plugin's extension point impls are not longer being invoked for the Pipeline flyweight master. Anyway, execution of Pipeline root task should always happen on the master. It just won't be able to be really executed on any other machine due to the current Pipeline system design  

          Daniel Beck added a comment -

          I think it's safe to reject this one. Without a node block, there's no work done, so no need to control access.

          (And you should never whitelist APIs that would circumvent that restriction.)

          Daniel Beck added a comment - I think it's safe to reject this one. Without a node block, there's no work done, so no need to control access. (And you should never whitelist APIs that would circumvent that restriction.)

            Unassigned Unassigned
            joelee Joe Lee
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: