Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-59845

Whitelisting of Gerrit-users/groups whose changes are built

XMLWordPrintable

      Building every change that is pushed to Gerrit is potentially dangerous on publicly accessible Gerrit servers, since users may add malicious code that might be executed during the build job.

      As an example, the Kubernetes project solves this issue by requiring a label in each pull request that will be validated. This label can only be set by trusted contributors of the project. A similar setup would also be useful to have for changes in Gerrit. A way to do this would be to decide on the change's author and/or his/her group in Gerrit whether to trigger a build. A build of a change of a non-whitelisted user could be then triggered by a label set in Gerrit by a project maintainer.

       

      This functionality should be part of this plugin and would be useful for a lot of projects.

          [JENKINS-59845] Whitelisting of Gerrit-users/groups whose changes are built

          Luca Domenico Milanesio added a comment -

          I certainly agree. Could you possibly use the query filter? You could say that only changes authored by a certain group would be discovered and built. WDYT?

          Luca Domenico Milanesio added a comment - I certainly agree. Could you possibly use the query filter? You could say that only changes authored by a certain group would be discovered and built. WDYT?

            lucamilanesio Luca Domenico Milanesio
            tdraebing Thomas Draebing
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated: