Skip to content

Comments

[JENKINS-46795] TrustworthyBuild extension point#180

Draft
jglick wants to merge 10 commits intojenkinsci:masterfrom
jglick:trust-JENKINS-46795
Draft

[JENKINS-46795] TrustworthyBuild extension point#180
jglick wants to merge 10 commits intojenkinsci:masterfrom
jglick:trust-JENKINS-46795

Conversation

@jglick
Copy link
Member

@jglick jglick commented Dec 15, 2022

@jglick jglick requested a review from jtnord December 15, 2022 22:25
jglick added a commit to jglick/workflow-multibranch-plugin that referenced this pull request Dec 15, 2022
@jglick
Pick up jenkinsci/scm-api-plugin#180
e0cc54b
@jglick jglick mentioned this pull request Dec 16, 2022
Merged
jglick
jglick commented Dec 21, 2022
View reviewed changes
src/main/java/jenkins/scm/impl/TrustworthyBuilds.java
return TrustworthyBuild.byCause(Cause.UserIdCause.class);
}

// TODO until github-checks can declare a dep on a sufficiently new scm-api
Copy link
Member Author

@jglick jglick Dec 21, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

jenkinsci/github-checks-plugin#307

@jglick jglick marked this pull request as ready for review December 21, 2022 21:04
@jglick jglick requested a review from a team as a code owner December 21, 2022 21:04
dwnusbaum
dwnusbaum reviewed Dec 22, 2022
View reviewed changes
@dwnusbaum dwnusbaum requested a review from a team December 22, 2022 16:23
jglick
jglick commented Dec 22, 2022
View reviewed changes
src/main/java/jenkins/scm/impl/TrustworthyBuilds.java
}
try {
var permission = Run.PERMISSIONS.find("Replay"); // ReplayAction.REPLAY
if (permission == null) { // no workflow-cps
Copy link
Member Author

@jglick jglick Dec 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could be defined more modularly as an extension in workflow-cps, but would be awkward since the rest of this impl would need to be duplicated, and ordinal used to avoid printing misleading messages.

In practice the callers of getTrustedRevisionForBuild are going to be in Pipeline code so I am not too concerned.

src/main/java/jenkins/scm/impl/TrustworthyBuilds.java
listener.getLogger().println("Not trusting build since no user name was recorded");
return false;
}
var user = User.getById(userId, false);
Copy link
Member Author

@jglick jglick Dec 22, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Could pass true but we expect the User to have just been loaded anyway.

@jglick jglick requested a review from dwnusbaum December 22, 2022 22:21
@jglick jglick requested a review from Wadeck January 4, 2023 02:26
daniel-beck
daniel-beck reviewed Apr 3, 2023
View reviewed changes
@daniel-beck daniel-beck self-requested a review April 3, 2023 19:17
daniel-beck
daniel-beck reviewed Apr 3, 2023
View reviewed changes
src/main/java/jenkins/scm/impl/TrustworthyBuilds.java
@Extension
public static TrustworthyBuild byUserId() {
return (build, listener) -> {
var cause = build.getCause(Cause.UserIdCause.class);
Copy link
Member

@daniel-beck daniel-beck Apr 3, 2023
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

While it should be rare, there can be multiple causes of the same type for a build that aren't collapsed into one entry. Whether a build is approved or not could depend on the (insertion) order of the CauseAction#causeBag.

Copy link
Member Author

@jglick jglick Apr 10, 2023

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

there can be multiple causes of the same type for a build that aren't collapsed into one entry

The API does not prevent it but this ought never happen—it is the responsible of code triggering the build to pass at most one Cause of any given type. At worst a build is not considered trusted when it could have been, so this does not seem like a problem in practice.

@daniel-beck daniel-beck self-requested a review April 3, 2023 19:31
daniel-beck
daniel-beck approved these changes Apr 11, 2023
View reviewed changes
Copy link
Member

@daniel-beck daniel-beck left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The behavior introduced here makes sense.

I am not too familiar with the design of SCM API so cannot really comment on whether the code is placed appropriately, but see nothing particularly wrong either.

@jglick jglick mentioned this pull request Apr 11, 2023
Draft
@jglick jglick marked this pull request as draft April 17, 2023 13:35
@jglick
Copy link
Member Author

jglick commented Apr 17, 2023

Putting API on hold since there is active design conversation downstream.

@timja
Copy link
Member

timja commented May 11, 2023

Putting API on hold since there is active design conversation downstream.

Where? It seems over in jenkinsci/workflow-multibranch-plugin#220 (comment)

@jglick jglick mentioned this pull request Jun 28, 2023
Open
8 tasks
@jglick jglick mentioned this pull request Oct 12, 2023
Merged
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@daniel-beck daniel-beck daniel-beck approved these changes

@jtnord jtnord Awaiting requested review from jtnord

@dwnusbaum dwnusbaum Awaiting requested review from dwnusbaum

@Wadeck Wadeck Awaiting requested review from Wadeck

Assignees

No one assigned

Labels

developer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@jglick @timja @dwnusbaum @daniel-beck