Closed guvenkaranfil closed 2 weeks ago
Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
Security audit, information and commands
The security team is auditing all the hosting requests, to ensure a better security by default.
This message informs you that a Jenkins Security Scan was triggered on your repository. It takes ~10 minutes to complete.
/audit-ok
=> the audit is complete, the hosting can continue :tada:./audit-skip
=> the audit is not necessary, the hosting can continue :tada:./audit-findings
=> the audit reveals some issues that require corrections :pencil2:./request-security-scan
=> the findings from the Jenkins Security Scan were corrected, this command will re-scan your repository :mag:./audit-review
=> the findings from the audit were corrected, this command will ping the security team to review the findings :eyes:.
It's only applicable when the previous audit required changes.(automatically generated message, version: 1.28.6)
The Jenkins Security Scan discovered 9 finding(s) :mag:.
Please follow the instructions below for every identified issues:
After addressing the findings through one of the above methods:
/request-security-scan
command./audit-review
command.You can find detailed information about this finding here.
You can find detailed information about this finding here.
You can find detailed information about this finding here.
/request-security-scan
The Jenkins Security Scan discovered 9 finding(s) :mag:.
Please follow the instructions below for every identified issues:
After addressing the findings through one of the above methods:
/request-security-scan
command./audit-review
command.You can find detailed information about this finding here.
You can find detailed information about this finding here.
You can find detailed information about this finding here.
/request-security-scan
The Jenkins Security Scan did not find anything dangerous with your plugin, congratulations! :tada:
:bulb: The Security team recommends that you are setting up the scan in your repository by following our guide.
How does this differentiate from https://github.com/jenkins-infra/repository-permissions-updater/issues/3955? It looks as if you should put both in the same plugin. A Jenkins plugin can implement many build steps and other things Other problems:
io.jenkins.plugins.ac
is very generic, it should better be io.jenkins.plugins.appcircle
greet
), e.g. appCircleTestingDistribution
src/main/resources/assets
look as if the are for documentation. So they should be outside of the src folder, e.g. in docs/images
. Right now they get packed in the resulting jar file and will only make the plugin bigger.HelloWorldBuilder
from the archetypeJenkins.ADMINISTER
that means that only admins will be able to configure the steps, not sure if this really what you want. As all checks just check if not empty you can also omit the checks and apply annotations so the security scanner will not complain.accessToken
that is used in both plugins be the same when I use both plugins? In general it would be better to use credentials as they can be defined once per Jenkins instance. So when the accessToken changes you only need to change it in one place, right now you would need to adjust each and every job (freestyle) that uses the accessToken.getInputValue
method looks as if you want to make use of environment variables, not sure if this a good idea to allow this for the accessToken.withCredentials
step to set the accessToken and then it gets masked automatically.There might be more problematic things
The plugins expect that the program appcircle
is installed on the machine. And they are not doing much more than calling that program. I can achieve this also with a simple shell step in a pipeline.
/hosting re-check
Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
@NotMyFault Hello,
I have fixed the comments mentioned by mawinter69. Could you please review and approve the hosting request
Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
Hello @mawinter69,
Could you please review and host the plugin? Let me know if anything I need to do
HelloWorldBuilder
with something related to your plugin.DS_Store
files and add to .gitignore
@mawinter69 I have fixed the comments
I think the dependency https://github.com/appcircleio/appcircle-enterprise-app-store-plugin/blob/8d653566f8b71336e764bde21c450f91dbdd8e38/pom.xml#L65 is not required
@mawinter69 I removed the dependency
Could you please review the hosting request? Let me know if there is anything I need to do.
All the comments from https://github.com/jenkins-infra/repository-permissions-updater/issues/3955#issuecomment-2337849342 apply to this one as well.
Also non blocking I will host it now.
/hosting host
Hosting request complete, the code has been forked into the jenkinsci project on GitHub as https://github.com/jenkinsci/appcircle-enterprise-store-plugin
GitHub issues has been selected for issue tracking and was enabled for the forked repo.
A pull request has been created against the repository permissions updater to setup release permissions. Additional users can be added by modifying the created file.
Please delete your original repository (if there are no other forks), under 'Danger Zone', so that the jenkinsci organization repository is the definitive source for the code. If there are other forks, please contact GitHub support to make the jenkinsci repo the root of the fork network (mention that Jenkins approval was given in support request 569994). Also, please make sure you properly follow the documentation on documenting your plugin so that your plugin is correctly documented.
You will also need to do the following in order to push changes and release your plugin:
Welcome aboard!
Repository URL
https://github.com/appcircleio/appcircle-enterprise-app-store-plugin
New Repository Name
appcircle-enterprise-store-plugin
Description
appcircle-enterprise-store-plugin is a easy way to publish builds in Appcicle Enterprise Store. It is a module at appcircleio. Users can use the module to publish their app to end users easily.
GitHub users to have commit permission
@guvenkaranfil
Jenkins project users to have release permission
appcircle
Issue tracker
GitHub issues