Closed guvenkaranfil closed 2 weeks ago
github-actions[bot]
commented
3 months ago Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
jenkins-cert-app
commented
3 months ago Security audit, information and commands
The security team is auditing all the hosting requests, to ensure a better security by default.
This message informs you that a Jenkins Security Scan was triggered on your repository. It takes ~10 minutes to complete.
/audit-ok => the audit is complete, the hosting can continue :tada:./audit-skip => the audit is not necessary, the hosting can continue :tada:./audit-findings => the audit reveals some issues that require corrections :pencil2:./request-security-scan => the findings from the Jenkins Security Scan were corrected, this command will re-scan your repository :mag:./audit-review => the findings from the audit were corrected, this command will ping the security team to review the findings :eyes:.
It's only applicable when the previous audit required changes.(automatically generated message, version: 1.28.6)
jenkins-cert-app
commented
3 months ago The Jenkins Security Scan discovered 9 finding(s) :mag:.
Please follow the instructions below for every identified issues:
After addressing the findings through one of the above methods:
/request-security-scan command./audit-review command.You can find detailed information about this finding here.
You can find detailed information about this finding here.
You can find detailed information about this finding here.
guvenkaranfil
commented
3 months ago /request-security-scan
jenkins-cert-app
commented
3 months ago The Jenkins Security Scan discovered 9 finding(s) :mag:.
Please follow the instructions below for every identified issues:
After addressing the findings through one of the above methods:
/request-security-scan command./audit-review command.You can find detailed information about this finding here.
You can find detailed information about this finding here.
You can find detailed information about this finding here.
guvenkaranfil
commented
3 months ago /request-security-scan
jenkins-cert-app
commented
3 months ago The Jenkins Security Scan did not find anything dangerous with your plugin, congratulations! :tada:
:bulb: The Security team recommends that you are setting up the scan in your repository by following our guide.
mawinter69
commented
2 months ago How does this differentiate from https://github.com/jenkins-infra/repository-permissions-updater/issues/3955? It looks as if you should put both in the same plugin. A Jenkins plugin can implement many build steps and other things Other problems:
io.jenkins.plugins.ac is very generic, it should better be io.jenkins.plugins.appcirclegreet), e.g. appCircleTestingDistributionsrc/main/resources/assets look as if the are for documentation. So they should be outside of the src folder, e.g. in docs/images. Right now they get packed in the resulting jar file and will only make the plugin bigger.HelloWorldBuilder from the archetypeJenkins.ADMINISTER that means that only admins will be able to configure the steps, not sure if this really what you want. As all checks just check if not empty you can also omit the checks and apply annotations so the security scanner will not complain.accessToken that is used in both plugins be the same when I use both plugins? In general it would be better to use credentials as they can be defined once per Jenkins instance. So when the accessToken changes you only need to change it in one place, right now you would need to adjust each and every job (freestyle) that uses the accessToken.getInputValue method looks as if you want to make use of environment variables, not sure if this a good idea to allow this for the accessToken.withCredentials step to set the accessToken and then it gets masked automatically.There might be more problematic things
The plugins expect that the program appcircle is installed on the machine. And they are not doing much more than calling that program. I can achieve this also with a simple shell step in a pipeline.
guvenkaranfil
commented
1 month ago /hosting re-check
github-actions[bot]
commented
1 month ago Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
guvenkaranfil
commented
1 month ago @NotMyFault Hello,
I have fixed the comments mentioned by mawinter69. Could you please review and approve the hosting request
github-actions[bot]
commented
1 month ago Hello from your friendly Jenkins Hosting Checker
It looks like you have everything in order for your hosting request. A member of the Jenkins hosting team will check over things that I am not able to check(code review, README content, etc) and process the request as quickly as possible. Thank you for your patience.
Hosting team members can host this request with /hosting host
guvenkaranfil
commented
3 weeks ago Hello @mawinter69,
Could you please review and host the plugin? Let me know if anything I need to do
mawinter69
commented
3 weeks ago HelloWorldBuilder with something related to your plugin.DS_Store files and add to .gitignoreguvenkaranfil
commented
3 weeks ago @mawinter69 I have fixed the comments
mawinter69
commented
3 weeks ago mawinter69
commented
3 weeks ago I think the dependency https://github.com/appcircleio/appcircle-enterprise-app-store-plugin/blob/8d653566f8b71336e764bde21c450f91dbdd8e38/pom.xml#L65 is not required
guvenkaranfil
commented
3 weeks ago @mawinter69 I removed the dependency
guvenkaranfil
commented
2 weeks ago Could you please review the hosting request? Let me know if there is anything I need to do.
timja
commented
2 weeks ago All the comments from https://github.com/jenkins-infra/repository-permissions-updater/issues/3955#issuecomment-2337849342 apply to this one as well.
Also non blocking I will host it now.
timja
commented
2 weeks ago /hosting host
jenkins-infra-bot
commented
2 weeks ago Hosting request complete, the code has been forked into the jenkinsci project on GitHub as https://github.com/jenkinsci/appcircle-enterprise-store-plugin
GitHub issues has been selected for issue tracking and was enabled for the forked repo.
A pull request has been created against the repository permissions updater to setup release permissions. Additional users can be added by modifying the created file.
Please delete your original repository (if there are no other forks), under 'Danger Zone', so that the jenkinsci organization repository is the definitive source for the code. If there are other forks, please contact GitHub support to make the jenkinsci repo the root of the fork network (mention that Jenkins approval was given in support request 569994). Also, please make sure you properly follow the documentation on documenting your plugin so that your plugin is correctly documented.
You will also need to do the following in order to push changes and release your plugin:
Welcome aboard!
Repository URL
https://github.com/appcircleio/appcircle-enterprise-app-store-plugin
New Repository Name
appcircle-enterprise-store-plugin
Description
appcircle-enterprise-store-plugin is a easy way to publish builds in Appcicle Enterprise Store. It is a module at appcircleio. Users can use the module to publish their app to end users easily.
GitHub users to have commit permission
@guvenkaranfil
Jenkins project users to have release permission
appcircle
Issue tracker
GitHub issues