Gitlab hook plugin development abandoned?

[Léon Hagenaars-Keus]

Hi all,

Is the development of the gitlab hook (https://github.com/jenkinsci/gitlab-hook-plugin, https://plugins.jenkins.io/gitlab-hook/) abandoned?

I've posted an issue there (https://github.com/jenkinsci/gitlab-hook-plugin/issues/62, as a notification of CVE-2020-2096/SECURITY-1683 issue to the maintainer), but the plugin has seen no development in 3 years.

I might be able to help in fixing the issue.

Kind regards,

Léon Hagenaars-Keus

[Tobias Gruetzmacher]

Hi,

On Tue, Sep 22, 2020 at 02:04:48AM -0700, Léon Hagenaars-Keus wrote:
> Is the development of the gitlab hook
> (https://github.com/jenkinsci/gitlab-hook-plugin,
> https://plugins.jenkins.io/gitlab-hook/) abandoned?

Well, there haven't been any commits in ~3 years, so that's probably a
"yes". Additionally, it depends on the Ruby runtime, which hasn't had a
release for 7 years, and as far as I know its use is strongly
discouraged (see, for example, JEP-7:
https://github.com/jenkinsci/jep/tree/master/jep/7)

Is there something that plugin does which the other GitLab plugins
don't?

Personally, I primarly use
https://plugins.jenkins.io/gitlab-branch-source/ for pipeline jobs and
https://plugins.jenkins.io/gitlab-plugin/ for everything else.

Regards, Tobias

[Léon Hagenaars-Keus]

The thing this plugin does is provide a global 'build now' url for a json  post, where the plugin looks at all jobs using the gitlab repo contained in the webhook post, and triggers those jobs (depending on branch configuration of each job).

This makes it possible for example to have a separate 'master' build (providing the final release files, only building the master and hotfix branches) and a 'mere' unit test/ci job for all other branches.

The gitlab-plugin you suggest requires a webhook for each job, if I understand the wiki correctly.

But if this plugin is abandoned (which it  does seem like), is there a way to get it marked as abandoned/discontinued in jenkins?

Op zaterdag 26 september 2020 om 13:14:16 UTC+2 schreef tobias...@23.gs:

[Tobias Gruetzmacher]

Hi,

On Sat, Sep 26, 2020 at 06:33:48AM -0700, Léon Hagenaars-Keus wrote:
> The thing this plugin does is provide a global 'build now' url for a
> json  post, where the plugin looks at all jobs using the gitlab repo
> contained in the webhook post, and triggers those jobs (depending on
> branch configuration of each job).

> This makes it possible for example to have a separate 'master' build
> (providing the final release files, only building the master and
> hotfix branches) and a 'mere' unit test/ci job for all other branches.

Isn't that what pipeline-multibranch/gitlab-branch-source is basically
designed to do? FWIW, I consider the migration from
freestyle/matrix/maven jobs to pipeline a worthwhile investment.

> The gitlab-plugin you suggest requires a webhook for each job, if I
> understand the wiki correctly.

Yeah, since at my company we wanted to use it with GitLab EE and group
hooks, we tried to add this functionality:
https://github.com/jenkinsci/gitlab-plugin/pull/600 - Recently, we
switched most jobs to GitLab branch source, so getting it merged isn't a
high priority for us anymore.

> But if this plugin is abandoned (which it  does seem like), is there a
> way to get it marked as abandoned/discontinued in jenkins?

Not automatically. See
https://www.jenkins.io/doc/developer/plugin-governance/adopt-a-plugin/
for the "normal" plugin adoption process.

In light of JEP-7 and the recent adition of the "deprecated" marker
(https://www.jenkins.io/doc/developer/plugin-governance/deprecating-or-removing-plugin/)
it might make sense to mark all plugins depending on ruby-runtime as
such...

Regards, Tobias

[Tomas Bjerre]

You can probably do this with  Generic Webhook Trigger:

https://plugins.jenkins.io/generic-webhook-trigger/