[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Jonathan Gray commented on JENKINS-44611 Re: Any way to restrict build for non-whitelisted users? It's also a human interfacing issue too. Once the concept of trust apart from committership/ownership exists, the existing solution uses the PR itself as the CI interface to permit/retry/whitelist the build/submitter. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Brian J Murrell commented on JENKINS-44611 Re: Any way to restrict build for non-whitelisted users? Stephen Connolly Your workaround suggestion in the first comment along with Jenkinsfile's input step could lead to a more useful workaround. The only thing that is missing is the ability for a Jenkinsfile to determine the "trust"ability of the PR. Is that at all possible? Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Stephen Connolly assigned an issue to Unassigned Removing myself as assignee. My current work assignments do not provide sufficient bandwidth to review these issues and in the majority of cases I am only assigned by virtue of being the default assignee. For the credentials-api and scm-api related plugins I have permission to allocate time reviewing changes to these APIs themselves to ensure these APIs remain cohesive, but that can be handled through PR reviews rather than assigning issues in JIRA Jenkins / JENKINS-44611 Any way to restrict build for non-whitelisted users? Change By: Stephen Connolly Assignee: Stephen Connolly Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Jonathan Gray commented on JENKINS-44611 Re: Any way to restrict build for non-whitelisted users? 100% agree. The GHPRB plugin which appears to have now been deprecated in favor of github-branch-source-plugin has a major feature gap that appears to have been misunderstood here. This is a blocker issue for us on migrating away from GHPRB, and from a security perspective we're currently in a less than desirable position since GHPRB seems to presently have security issues. As a maintainer of an OSS project running a self-hosted Jenkins instance for the community, I want to build all PRs by those who are trusted contributors (which may be more than just those with merge rights) automatically. For those who are not trusted, the PR build needs to be authorized via PR comment by a trusted user before it is built. This should support Multibranch pipeline style jobs via Jenkinsfile so that the build process itself may be updated by untrusted OSS contributors. This approval pipeline/step/check is critical because you must protect against malicious PR modifications of a Jenkinsfile. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
[JIRA] (JENKINS-44611) Any way to restrict build for non-whitelisted users?
Title: Message Title Brian J Murrell commented on JENKINS-44611 Re: Any way to restrict build for non-whitelisted users? The proposed solution doesn't really implement what the OP is requesting. He doesn't want to outright refuse to build PRs from non-whitelisted users but wants them to be sent to an approval queue where he can release them to be built or reject them. This kind of security is really quite important as without it, it allows all-comers to execute any code they want on your builders. Add Comment This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d) -- You received this message because you are subscribed to the Google Groups "Jenkins Issues" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-issues+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
