paulgear
commented
7 years ago As an aside, https://jenkins.io/security/advisory/2017-04-10/ shows the reason why postbuildscript no longer appears.
Open paulgear opened 7 years ago
paulgear
commented
7 years ago As an aside, https://jenkins.io/security/advisory/2017-04-10/ shows the reason why postbuildscript no longer appears.
paulgear
commented
7 years ago It seems the same issue affects the scripttrigger plugin as well. I'm trying by installing these manually, but we can't expect people use the bundle in this security-compromised state:
kwmonroe
commented
7 years ago It doesn't look like these plugins are getting any love, so this bundle is still not easily deployable. And as you noted, even though you can manually put these plugins in place, that's not a good idea due to the security implications.
ScriptTrigger ScriptTrigger is what checks whether or not a bundle needs to be rebuilt. It calls this method every 10 minutes with a github repo, branch, and subdirectory:
https://github.com/juju-solutions/layer-cwr/blob/master/scripts/bundlebuilder.py#L430
Perhaps this logic could be moved into a cron job on the unit and use the jenkins API to kick off a build if this method returns True.
Post-Build Script This plugin was probably introduced to sync results between jenkins and cwr, but afaict, there is no mention of it in any of the jobs or templates. Perhaps this can be removed from the plugins list?:
https://github.com/juju-solutions/layer-cwr/blob/master/reactive/cwr.py#L231
@ktsakalozos, could you share any ideas/concerns with refactoring cwr to remove these plugins?
ktsakalozos
commented
7 years ago For Post-Build Script I do not remember why we added it. I think we can remove it and see if the bundle functions as expected.
The ScriptTrigger is here to be used as a trigger upon changes in any of the layers comprising a charm. A cron job could work in the same way, run every X minutes and if bundlebuilder script says the bundle has change (https://github.com/juju-solutions/layer-cwr/blob/master/scripts/bundlebuilder.py#L553) trigger the build of the bunlde by triggering a jenkins job through the rest api. Another alternative is to have two jenkins jobs, first one would check for any changes in the bunlde and trigger the real bunle build in case. We used to follow this approach but in https://github.com/juju-solutions/layer-cwr/commit/94182a2b97b00d258e9cfd586957435b9f78d7b4 we introduced ScriptTrigger.
It appears from https://wiki.jenkins-ci.org/display/JENKINS/PostBuildScript+Plugin that the postbuildscript plugin is abandoned, and it no longer appears at https://updates.jenkins-ci.org/latest/. This means that the bundle cannot be deployed without significant manual intervention.