Skip to content
This repository has been archived by the owner on Dec 15, 2021. It is now read-only.

Commit

Permalink
Merge pull request #244 from jglick/getTrustedRevision
Browse files Browse the repository at this point in the history 
[JENKINS-33256] Calling SCMSource.getTrustedRevision
  • Loading branch information
@jglick
jglick committed Mar 11, 2016
2 parents f19e83d + 8e4472c commit 76bdc6f
Show file tree
Hide file tree
Showing 4 changed files with 61 additions and 6 deletions.
2 changes: 2 additions & 0 deletions CHANGES.md
View file
Expand Up @@ -2,6 +2,8 @@

Only noting significant user changes, not internal code cleanups and minor bug fixes.

* [JENKINS-33256](https://issues.jenkins-ci.org/browse/JENKINS-33256): infrastructure for loading a trusted version of `Jenkinsfile` from a multibranch pipeline.

## 1.15-beta-1 (Mar 04 2016)

* [JENKINS-32925](https://issues.jenkins-ci.org/browse/JENKINS-32925): stack overflow displaying reference documentation in certain cases.
Expand Down
2 changes: 1 addition & 1 deletion multibranch/src/main/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinder.java
View file
Expand Up @@ -77,7 +77,7 @@ class SCMBinder extends FlowDefinition {
SCMRevision tip = scmSource.fetch(head, listener);
SCM scm;
if (tip != null) {
scm = scmSource.build(head, tip);
scm = scmSource.build(head, scmSource.getTrustedRevision(tip, listener));
build.addAction(new SCMRevisionAction(tip));
} else {
listener.error("Could not determine exact tip revision of " + branch.getName() + "; falling back to nondeterministic checkout");
Expand Down
61 changes: 57 additions & 4 deletions multibranch/src/test/java/org/jenkinsci/plugins/workflow/multibranch/SCMBinderTest.java
View file
Expand Up @@ -26,20 +26,26 @@

import hudson.Util;
import hudson.model.Result;
import hudson.model.TaskListener;
import hudson.plugins.git.util.BuildData;
import hudson.plugins.mercurial.MercurialInstallation;
import hudson.plugins.mercurial.MercurialSCMSource;
import hudson.tools.ToolProperty;
import java.io.File;
import java.io.IOException;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import jenkins.branch.BranchProperty;
import jenkins.branch.BranchSource;
import jenkins.branch.DefaultBranchPropertyStrategy;
import jenkins.plugins.git.AbstractGitSCMSource;
import jenkins.plugins.git.GitSCMSource;
import jenkins.scm.api.SCMHead;
import jenkins.scm.api.SCMRevision;
import jenkins.scm.api.SCMRevisionAction;
import jenkins.scm.impl.subversion.SubversionSCMSource;
import static org.hamcrest.Matchers.*;
import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval;
import org.jenkinsci.plugins.workflow.job.WorkflowJob;
import org.jenkinsci.plugins.workflow.job.WorkflowRun;
Expand All @@ -51,7 +57,6 @@
import static org.junit.Assert.*;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.runners.model.Statement;
import org.jvnet.hudson.test.BuildWatcher;
import org.jvnet.hudson.test.JenkinsRule;

Expand Down Expand Up @@ -94,13 +99,15 @@ public class SCMBinderTest {
}

static void assertRevisionAction(WorkflowRun build) {
BuildData data = build.getAction(BuildData.class);
assertNotNull(data);
SCMRevisionAction revisionAction = build.getAction(SCMRevisionAction.class);
assertNotNull(revisionAction);
SCMRevision revision = revisionAction.getRevision();
assertEquals(AbstractGitSCMSource.SCMRevisionImpl.class, revision.getClass());
assertEquals(data.lastBuild.marked.getSha1().getName(), ((AbstractGitSCMSource.SCMRevisionImpl) revision).getHash());
Set<String> expected = new HashSet<String>();
for (BuildData data : build.getActions(BuildData.class)) {
expected.add(data.lastBuild.marked.getSha1().getName());
}
assertThat(expected, hasItem(((AbstractGitSCMSource.SCMRevisionImpl) revision).getHash()));
}

@Test public void exactRevisionSubversion() throws Exception {
Expand Down Expand Up @@ -214,4 +221,50 @@ static void assertRevisionAction(WorkflowRun build) {
assertEquals(1, mp.getItems().size());
}

@Test public void untrustedRevisions() throws Exception {
sampleGitRepo.init();
sampleGitRepo.write("Jenkinsfile", "node {checkout scm; echo readFile('file')}");
sampleGitRepo.write("file", "initial content");
sampleGitRepo.git("add", "Jenkinsfile");
sampleGitRepo.git("commit", "--all", "--message=flow");
WorkflowMultiBranchProject mp = r.jenkins.createProject(WorkflowMultiBranchProject.class, "p");
mp.getSourcesList().add(new BranchSource(new WarySource(null, sampleGitRepo.toString(), "", "*", "", false), new DefaultBranchPropertyStrategy(new BranchProperty[0])));
WorkflowJob p = WorkflowMultiBranchProjectTest.scheduleAndFindBranchProject(mp, "master");
r.waitUntilNoActivity();
WorkflowRun b = p.getLastBuild();
assertNotNull(b);
assertEquals(1, b.getNumber());
assertRevisionAction(b);
r.assertBuildStatusSuccess(b);
r.assertLogContains("initial content", b);
String branch = "some-other-branch-from-Norway";
sampleGitRepo.git("checkout", "-b", branch);
sampleGitRepo.write("Jenkinsfile", "error 'ALL YOUR BUILD STEPS ARE BELONG TO US'");
sampleGitRepo.write("file", "subsequent content");
sampleGitRepo.git("commit", "--all", "--message=big evil laugh");
p = WorkflowMultiBranchProjectTest.scheduleAndFindBranchProject(mp, branch);
r.waitUntilNoActivity();
b = p.getLastBuild();
assertNotNull(b);
assertEquals(1, b.getNumber());
assertRevisionAction(b);
r.assertBuildStatusSuccess(b);
r.assertLogContains("subsequent content", b);
r.assertLogContains("not trusting", b);
}
static class WarySource extends GitSCMSource {
WarySource(String id, String remote, String credentialsId, String includes, String excludes, boolean ignoreOnPushNotifications) {
super(id, remote, credentialsId, includes, excludes, ignoreOnPushNotifications);
}
@Override public SCMRevision getTrustedRevision(SCMRevision revision, TaskListener listener) throws IOException, InterruptedException {
String branch = revision.getHead().getName();
if (branch.equals("master")) {
return revision;
} else {
listener.getLogger().println("not trusting " + branch);
return fetch(new SCMHead("master"), listener);
}
}
}

}
2 changes: 1 addition & 1 deletion pom.xml
View file
Expand Up @@ -81,7 +81,7 @@
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
<artifactId>scm-api</artifactId>
<version>1.0</version>
<version>1.1</version>
</dependency>
<dependency>
<groupId>org.jenkins-ci.plugins</groupId>
Expand Down

0 comments on commit 76bdc6f

Please sign in to comment.