10000 [JENKINS-36240] Option to look up trust status directly from GitHub API by stephenc · Pull Request #148 · jenkinsci/github-branch-source-plugin · GitHub
[go: up one dir, main page]
Skip to content

[JENKINS-36240] Option to look up trust status directly from GitHub API #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Jul 20, 2017
Merged

[JENKINS-36240] Option to look up trust status directly from GitHub API #148

merged 4 commits into from
Jul 20, 2017

Conversation

stephenc
Copy link
Member
@stephenc stephenc commented Jul 14, 2017
edited
Loading

See JENKINS-36240

Replaces #96

To Do

  • Fix the NPE when calling getTrustedRevision by populating the GHRepository and opening a connection to GitHub

@reviewbybees

@ghost
Copy link
ghost commented Jul 17, 2017

This pull request originates from a CloudBees employee. At CloudBees, we require that all pull requests be reviewed by other CloudBees employees before we seek to have the change accepted. If you want to learn more about our process please see this explanation.

@stephenc stephenc mentioned this pull request Jul 17, 2017
Closed
@jglick jglick self-requested a review July 17, 2017 18:40
jglick
jglick reviewed Jul 17, 2017
View reviewed changes
src/main/java/org/jenkinsci/plugins/github_branch_source/ForkPullRequestDiscoveryTrait.java Outdated
*/
@DataBoundConstructor
public TrustPermission(@NonNull String permission) {
GHPermissionType permissionType = GHPermissionType.ADMIN;
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why is this even configurable? The only useful value is WRITE. If you can push to the repository, you could change the Jenkinsfile, thus you are trusted.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Admin is also useful

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why? I claim it is not, and we are making users make a decision here, so you need to back up why this would make sense (and in fact be the default value!).

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I tend to agree with @jglick. For these purposes, WRITE is just as dangerous as ADMIN, so why do we care about ADMIN?

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubPermissionsSource.java
*
* @since TODO
*/
public abstract class GitHubPermissionsSource {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why does this need to be public? Seems like an implementation detail.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you want to instantiate the request in your own SCMSource and you use the trait you need to be able to provide one of these

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

What SCMSource would that be? Best to not expose a public API without a concrete use case.

src/main/java/org/jenkinsci/plugins/github_branch_source/GitHubSCMSourceRequest.java
@CheckForNull
private GHRepository repository;
/**
* The resolved permissions keyed by user.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

How long is this cached?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For the duration of the request to scm api

@jglick
Copy link
Member
jglick commented Jul 17, 2017

Desirable to have hub4j/github-api#358 but probably unnecessary.

@jglick jglick changed the title [JENKINS-36240] Initial stab at rework [JENKINS-36240] Option to look up trust status directly from GitHub API Jul 17, 2017
@recampbell recampbell requested a review from abayer July 17, 2017 22:09
@michaelneale
Copy link
Member

there are some findbugs problems with this - but looks close. This is a desired feature, a subtle one but I have seen people rage over it when they realise what the problem is with trust.

@stephenc stephenc merged commit 6cb88ab into jenkinsci:master Jul 20, 2017
@stephenc stephenc deleted the jenkins-36240 branch July 20, 2017 08:52
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jglick jglick jglick left review comments

@abayer abayer abayer approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@stephenc @jglick @michaelneale @abayer
0