Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-56012

stash-pullrequest-builder-plugin variables not seen in multi-configuration jobs unless listed in safeParameters


    • 1.9

      stash-pullrequest-builder-plugin defines 10 variables, such as `sourceCommitHash`. Those variables are not available in multi-configuration jobs apart from the top-level process.

      Those variable can be made available to the jobs by listing them in hudson.model.ParametersAction.safeParameters on the java command line. That's a workaround for SECURITY-170 that is no longer needed for free-style jobs.

      Even with that workaround, Jenkins spams logs with messages like this:

      WARNING: Skipped parameter `sourceCommitHash` as it is undefined on `TestRepository_pull_request_builder`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters=true` to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach or `-Dhudson.model.ParametersAction.keepUndefinedParameters=false` to no longer show this message.

      Only multi-configuration jobs appear in those messages. The way to suppress them is to also add -Dhudson.model.ParametersAction.keepUndefinedParameters=false to the java command line.

      My expectations are:

      • The variables defined by stash-pullrequest-builder-plugin should be available to multi-configuration jobs
      • No warnings should be logged about those variables
      • No java command line parameters should be needed to achieve it

            proski Pavel Roskin
            proski Pavel Roskin
            1 Vote for this issue
            3 Start watching this issue