I have a Jenkins setup to be triggered by Gerrit once a patch is updated. Verified label has a negative rating from Jenkins. This rating is irrelevant in my case and so I just want to ignore it for this one time. Is that possible ?
It is not possible to ignore the vote but it is possible to delete it if you have the correct access rights.
After this you can vote +1 Verified and you should be able to submit.
Of course, this all depends on the server configuration and access rights.
In our case we have given some developers the rights to delete and vote on the Verified label of other developers, this is a way to get around Jenkins issues.
Related
We have 6 people on the project team: 1 Tech-lead and 1 Assistant Tech-lead.
In our branch policy we want to require that only the Tech-lead or Assistant Tech-lead can approve the pull request. We only need approval from one of them to avoid a bottleneck if the other one is on leave.
The problem is there are only 2 choices in the branch policy settings:
Specifying the number of required approvers (which will not work since normal developers would be able to approve as well)
Specifying the actual person to approve (which will not work since both of them will be required and cause a bottleneck when one is on leave)
Can someone please point us in the right direction?
You can provide required reviewers that are automatically added to each PR. These reviewers can also be groups.
Do this:
Create a group that contains your tech lead and assistant tech lead and.
Make that group a required approver under Automatically include code reviewers
You should get something like this:
Your statement normal developers would be able to approve as well is only true if the group that is required contains your normal developers.
This way at least 1 person from provided group (in this case Developers) must approve a PR. If you want you can also provide a path filter to require only reviews on certain changes or assign a different group for files or folders.
for those who are on Bitbucket:
These are available under Repository Settings->Workflow->Branch Permissions
Currently, Jenkins add as a user any known user of Jenkins plus any user mentioned in a commit message.
This effectively means that if you are managing several projects in Jenkins instance and each project with tenths of developers then it is really hard to maintain.
Another side effect is that JENKINS_HOME/users are populated with one xml for each of these users, so Jenkins becomes somehow unmanageable. Not the end of the world, that's true, but at the same time you start seeing users from outside of team/organization.
So, is there any way to disable this behaviour?
Thak you so much.
In our existing CD pipeline there is a manual step to push from test to production. Furthermore only certain persons can authorise this. We control this through Jenkins freestyle jobs in views with certain users having permissions to different views.
Now we are thinking about using Jenkins pipelines. There is an input step for a user to manually approve the go ahead to the next stage.
Is there a way to control who can perform the manual input? Alternatively, is there an API for progressing the pipeline, in which case we could build the tooling to let relevant users have permission.
Research
This SO post suggests it's not possible to do the API call.
This Jenkins issue tells me there is no ability to resume a pipeline that is stopped because of a failure
So far it's looking like a resounding "NO" to authorisation of manual step and progressing via API. Any other ideas appreciated.
From the documentation that you linked to, there's a submitter parameter where you can specify the allowed users/external groups allowed to respond to the input, which sounds like it should be what you're looking for.
submitter (optional)
User IDs and/or external group names of person or people permitted to respond to the input, separated by ','. If you configure "alice, bob", will match with "alice" but not with "bob". You need to remove all the white spaces.
We have 'try' build jobs that developers can initiate with parameterized variables to point to a particular branch for pulling the code and trial running the build in jenkins. Is there a way I can customize a custom personal view showing only the builds that I have started?
The custom way
I think there's a way to customize a personal view by coding / modifying your Jenkins installation, jan-molak worked on that feature here.
You can check the commits and maybe implement something by your own, especially this and this.
The plugin
Take a look on View Job Filter If you configure it, there are options which seems to acomplish what you want:
Logged-in User Relevance Filter: This adds/removes jobs based on their
relevance to the logged in user. For example: matching jobs that were
started by the user, or where the user committed changes to the source
code of the job; matching jobs with a name that contains the user’s
name or login id.
In order to prove that a team is not seeing another team jobs or folders I need to come up with a measurable solution that validate that.How can I test that each team member don't see each other jobs? Because using the UI to see and comparing with my eyes becomes really difficult with multiple of groups or users for instance.
I am using Jenkins Project-based matrix plugin and latest Jenkins.
The best way to do this is by creating a test user. In case you are using AD or Jenkins own user database, try assigning the same permissions to what you have given for team. This way you will know it for sure.
If there are any such security issues chances, Jenkins will raise a notification highlighting the security issue with that of plugin. Hope this solves the issue.