jenkinsci / gitlab-plugin

A Jenkins plugin for interfacing with GitLab
https://plugins.jenkins.io/gitlab-plugin/
GNU General Public License v2.0
1.44k stars 619 forks source link

Webhook firing although configuration doesn't match #1632

Open daleric-xyz opened 9 months ago

daleric-xyz commented 9 months ago

Jenkins and plugins versions report

Environment ```text Jenkins: 2.444 OS: Linux - 4.14.336-255.557.amzn2.x86_64 Java: 17.0.9 - Eclipse Adoptium (OpenJDK 64-Bit Server VM) --- active-directory:2.34 amazon-ecs:1.48 ansicolor:1.0.4 ant:497.v94e7d9fffa_b_9 antisamy-markup-formatter:162.v0e6ec0fcfcf6 apache-httpcomponents-client-4-api:4.5.14-208.v438351942757 artifact-manager-s3:822.vf129d4836c31 artifactory:4.0.0 audit-trail:359.va_7c0fb_cc4f1f authorize-project:1.7.1 aws-credentials:218.v1b_e9466ec5da_ aws-global-configuration:130.v35b_7b_96f53c3 aws-java-sdk:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-cloudformation:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-codebuild:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-ec2:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-ecr:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-ecs:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-efs:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-elasticbeanstalk:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-iam:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-kinesis:1.12.633-430.vf9a_e567a_244f aws-java-sdk-logs:1.12.586-413.v6a_6c3a_420126 aws-java-sdk-minimal:1.12.633-430.vf9a_e567a_244f aws-java-sdk-secretsmanager:1.12.633-430.vf9a_e567a_244f aws-java-sdk-sns:1.12.633-430.vf9a_e567a_244f aws-java-sdk-sqs:1.12.633-430.vf9a_e567a_244f aws-java-sdk-ssm:1.12.586-413.v6a_6c3a_420126 blackduck-detect:9.0.0 bootstrap5-api:5.3.2-3 bouncycastle-api:2.30.1.77-225.v26ea_c9455fd9 branch-api:2.1135.v8de8e7899051 build-user-vars-plugin:1.9 caffeine-api:3.1.8-133.v17b_1ff2e0599 checks-api:2.0.2 cloudbees-folder:6.858.v898218f3609d command-launcher:107.v773860566e2e commons-lang3-api:3.13.0-62.v7d18e55f51e2 commons-text-api:1.11.0-95.v22a_d30ee5d36 config-file-provider:968.ve1ca_eb_913f8c configuration-as-code:1738.v2d8b_a_b_8a_54b_1 credentials:1319.v7eb_51b_3a_c97b_ credentials-binding:657.v2b_19db_7d6e6d data-tables-api:1.13.6-5 display-url-api:2.200.vb_9327d658781 durable-task:550.v0930093c4b_a_6 echarts-api:5.4.3-2 extensible-choice-parameter:1.8.1 external-monitor-job:215.v2e88e894db_f8 font-awesome-api:6.5.1-2 generic-webhook-trigger:1.88.0 git:5.2.1 git-client:4.6.0 git-parameter:0.9.19 git-server:99.va_0826a_b_cdfa_d gitlab-plugin:1.8.0 gradle:2.10 groovy:457.v99900cb_85593 gson-api:2.10.1-15.v0d99f670e0a_7 htmlpublisher:1.32 instance-identity:185.v303dc7c645f9 ionicons-api:56.v1b_1c8c49374e jackson2-api:2.16.1-373.ve709c6871598 jakarta-activation-api:2.0.1-3 jakarta-mail-api:2.0.1-3 javadoc:243.vb_b_503b_b_45537 javax-activation-api:1.2.0-6 javax-mail-api:1.6.2-9 jaxb:2.3.9-1 jdk-tool:73.vddf737284550 jersey2-api:2.41-133.va_03323b_a_1396 jnr-posix-api:3.1.18-1 job-dsl:1.87 jobConfigHistory:1229.v3039470161a_d joda-time-api:2.12.7-29.v5a_b_e3a_82269a_ jquery:1.12.4-1 jquery3-api:3.7.1-1 jsch:0.2.16-86.v42e010d9484b_ json-path-api:2.9.0-33.v2527142f2e1d junit:1259.v65ffcef24a_88 ldap:711.vb_d1a_491714dc lockable-resources:1185.v0c528656ce04 mailer:463.vedf8358e006b_ matrix-auth:3.2.1 matrix-project:822.824.v14451b_c0fd42 maven-plugin:3.23 mina-sshd-api-common:2.11.0-86.v836f585d47fa_ mina-sshd-api-core:2.11.0-86.v836f585d47fa_ modernstatus:1.3 monitoring:1.95.0 okhttp-api:4.11.0-172.vda_da_1feeb_c6e pam-auth:1.10 pipeline-build-step:516.v8ee60a_81c5b_9 pipeline-graph-analysis:202.va_d268e64deb_3 pipeline-groovy-lib:689.veec561a_dee13 pipeline-input-step:477.v339683a_8d55e pipeline-milestone-step:111.v449306f708b_7 pipeline-model-api:2.2151.ve32c9d209a_3f pipeline-model-definition:2.2151.ve32c9d209a_3f pipeline-model-extensions:2.2151.ve32c9d209a_3f pipeline-rest-api:2.34 pipeline-stage-step:305.ve96d0205c1c6 pipeline-stage-tags-metadata:2.2151.ve32c9d209a_3f pipeline-stage-view:2.34 pipeline-utility-steps:2.16.0 plain-credentials:143.v1b_df8b_d3b_e48 plugin-util-api:3.8.0 postbuild-task:1.9 prism-api:1.29.0-10 rebuild:330.v645b_7df10e2a_ resource-disposer:0.23 role-strategy:689.v731678c3e0eb_ run-condition:1.7 saml:4.429.v9a_781a_61f1da_ scm-api:683.vb_16722fb_b_80b_ script-security:1321.va_73c0795b_923 slack:684.v833089650554 snakeyaml-api:2.2-111.vc6598e30cc65 snyk-security-scanner:4.0.2 sonar:2.16.1 ssh-agent:346.vda_a_c4f2c8e50 ssh-credentials:308.ve4497b_ccd8f4 sshd:3.312.v1c601b_c83b_0e structs:337.v1b_04ea_4df7c8 swarm:3.41 timestamper:1.26 token-macro:400.v35420b_922dcb_ trilead-api:2.133.vfb_8a_7b_9c5dd1 uno-choice:2.8.1 variant:60.v7290fc0eb_b_cd workflow-aggregator:596.v8c21c963d92d workflow-api:1291.v51fd2a_625da_7 workflow-basic-steps:1042.ve7b_140c4a_e0c workflow-cps:3853.vb_a_490d892963 workflow-durable-task-step:1331.vc8c2fed35334 workflow-job:1400.v7fd111b_ec82f workflow-multibranch:756.v891d88f2cd46 workflow-scm-step:415.v434365564324 workflow-step-api:657.v03b_e8115821b_ workflow-support:865.v43e78cc44e0d ws-cleanup:0.45 ```

What Operating System are you using (both controller, and any agents involved in the problem)?

Our controller is currently running in Docker, and we're running the following image - eclipse-temurin:17.0.9_9-jre-alpine https://hub.docker.com/_/eclipse-temurin

Reproduction steps

We curently have 2 pipelines configured for our Gitlab project, phase 1 and phase 2.

Phase 1 is configured to trigger with the following settings -

pipelineTriggers {
      triggers {
        gitlab {
          triggerOnPush(false)
          triggerOnNoteRequest(true)
          noteRegex('Jenkins retry phase 1')
          triggerOnMergeRequest(true)
          triggerOpenMergeRequestOnPush('source')
          secretToken(System.getenv('DOCKER_Pipelines_Token'))
        }
      }
    }

Phase 2 is configured to trigger with the following settings -

pipelineTriggers {
      triggers {
        gitlab {
          triggerOnPush(false)
          triggerOnNoteRequest(true)
          noteRegex('Jenkins retry phase 2')
          triggerOnMergeRequest(false)
          triggerOnAcceptedMergeRequest(true)
          secretToken(System.getenv('DOCKER_Pipelines_Token'))
        }
      }
    }

The issue we are facing is that Phase 2 is also being triggered on merge request open, this shouldn't be happening as it should only be triggering when a comment on the MR matches the noteRegex, or the MR is merged.

FYI we only noticed this after upgrading the Gitlab plugin from 1.6.0, this was working fine and we had it pinned to 1.6.0 but we've been forced to update to 1.8.0.

Thanks.

Expected Results

Phase 2 should only trigger when an MR is merged, or we match the comment regex.

Actual Results

Phase 2 kicks off when we open an MR, similar to Phase 1.

Anything else?

No response

Are you interested in contributing a fix?

No response