[JENKINS-72575] Failed quality gate does not prevent whole pipeline execution

Type: Improvement
Resolution: Unresolved
Priority: Major
Component/s: warnings-ng-plugin
Labels:
- help-wanted
Environment:
Jenkins 2.426.2
Warnings NG plugin 10.5.3

Similar Issues:
Powered by SuggestiMate

Show

While executing the recordIssues step with a defined quality gate to set stage and build results to "failed", it just sets status, but it doesn't prevent execution of the rest of the pipeline and I'm not sure if this is the expected behavior.

In my case, I'm executing whole security checks before uploading built artifacts, and I would like to prevent this step execution for artifacts that do not meet specific security requirements (defined via quality gate). But even if the "Security scans" stage and even the whole build are set to "failed" due to the quality gate status, the next stages, including "Upload artifacts", are still executed.

pipeline {
    agent {...}

    stages {
        stage("Earlier stages") {...}
        
        stage("Security scans") {
            makeSecurityScans()
            recordIssues tools: [...], qualityGates: [[threshold: 1, type: 'TOTAL_ERROR', unstable: false]]
        }

        stage("Upload artifacts") {
            uploadArtifacts()
        }
    }
}

- - Sort By Name
  - Sort By Date
  - Ascending
  - Descending
  - Thumbnails
  - List
  - Download All

warnings-ng.PNG
7 kB
2024-01-18 08:39
dependency-check-stage-view.PNG
18 kB
2024-01-18 08:38
dependency-check.PNG
7 kB
2024-01-18 08:38

duplicates

JENKINS-72059 quality gate setting to only set stage to unstable except of whole build

Resolved

Łukasz Jackiewicz created issue - 2024-01-17 14:46

Ulli Hafner made changes - 2024-01-17 16:12

Link

New: This issue duplicates ~~JENKINS-72059~~ [ ~~JENKINS-72059~~ ]

Ulli Hafner added a comment - 2024-01-17 16:12

See https://github.com/jenkinsci/warnings-ng-plugin/pull/1649

Ulli Hafner added a comment - 2024-01-17 16:12 See https://github.com/jenkinsci/warnings-ng-plugin/pull/1649

Ulli Hafner made changes - 2024-01-17 16:12

Resolution		New: Duplicate [ 3 ]
Status	Original: Open [ 1 ]	New: Closed [ 6 ]

Łukasz Jackiewicz added a comment - 2024-01-18 06:42 - edited

Before creating the issue, I was already looking through the open issues list and noticed JENKINS-72059, but unfortunately it's not a duplicate of my issue.

Łukasz Jackiewicz added a comment - 2024-01-18 06:42 - edited Before creating the issue, I was already looking through the open issues list and noticed JENKINS-72059 , but unfortunately it's not a duplicate of my issue.

Łukasz Jackiewicz added a comment - 2024-01-18 07:16

The unexpected behavior here is the execution of subsequent stages of the pipeline even though the stage calling the recordIssue step has been marked as failed by it.

And it doesn't make much sense to me.

An example of the functionality I am writing about was implemented, among others, in the OWASP DependencyCheck plugin and is available there via the additional stopBuild flag of the dependencyCheckPublisher step.

Łukasz Jackiewicz added a comment - 2024-01-18 07:16 The unexpected behavior here is the execution of subsequent stages of the pipeline even though the stage calling the recordIssue step has been marked as failed by it. And it doesn't make much sense to me. An example of the functionality I am writing about was implemented, among others, in the OWASP DependencyCheck plugin and is available there via the additional stopBuild flag of the dependencyCheckPublisher step.

Ulli Hafner added a comment - 2024-01-18 07:27

Sorry, it seems that I misunderstood the problem.

I am not aware that a plugin can stop a build. How can we achieve that? Shouldn't this be a Jenkins core or pipeline option how to handle unstable or failed results of a step?

Ulli Hafner added a comment - 2024-01-18 07:27 Sorry, it seems that I misunderstood the problem. I am not aware that a plugin can stop a build. How can we achieve that? Shouldn't this be a Jenkins core or pipeline option how to handle unstable or failed results of a step?

Ulli Hafner made changes - 2024-01-18 07:27

Resolution	Original: Duplicate [ 3 ]
Status	Original: Closed [ 6 ]	New: Reopened [ 4 ]

Ulli Hafner made changes - 2024-01-18 07:27

Issue Type

Original: Bug [ 1 ]

New: Improvement [ 4 ]

Łukasz Jackiewicz made changes - 2024-01-18 08:38

Attachment

New: dependency-check.PNG [ 61971 ]

Assignee:: Unassigned

Reporter:: Łukasz Jackiewicz

Votes:: 2 Vote for this issue

Watchers:: 4 Start watching this issue

Created:: 2024-01-17 14:46

Updated:: 2024-08-20 12:37

Jenkins

Details

Description

Attachments

Attachments

Issue Links

Activity

Collapse comment: Ulli Hafner added a comment - 2024-01-17 16:12

Expand comment: Ulli Hafner added a comment - 2024-01-17 16:12

Collapse comment: Łukasz Jackiewicz added a comment - 2024-01-18 06:42, Edited by Łukasz Jackiewicz - 2024-01-18 06:43

Expand comment: Łukasz Jackiewicz added a comment - 2024-01-18 06:42, Edited by Łukasz Jackiewicz - 2024-01-18 06:43

Collapse comment: Łukasz Jackiewicz added a comment - 2024-01-18 07:16

Expand comment: Łukasz Jackiewicz added a comment - 2024-01-18 07:16

Collapse comment: Ulli Hafner added a comment - 2024-01-18 07:27

Expand comment: Ulli Hafner added a comment - 2024-01-18 07:27

People

Dates