[JIRA] (JENKINS-56012) stash-pullrequest-builder-plugin variables not seen in multi-configuration jobs unless listed in safeParameters

1 view
Skip to first unread message

plroskin@gmail.com (JIRA)

unread,
Feb 6, 2019, 10:06:03 PM2/6/19
to jenkinsc...@googlegroups.com
Pavel Roskin created an issue
 
Jenkins / Bug JENKINS-56012
stash-pullrequest-builder-plugin variables not seen in multi-configuration jobs unless listed in safeParameters
Issue Type: Bug Bug
Assignee: Jakub Bochenski
Components: stash-pullrequest-builder-plugin
Created: 2019-02-07 03:05
Environment: Jenkins 2.150.2.
stash-pullrequest-builder-plugin built locally from current git (6115a02e9c081b6ee02325d93608e89bf78be93a)
Labels: stash multi-configuration variable
Priority: Minor Minor
Reporter: Pavel Roskin

stash-pullrequest-builder-plugin defines 10 variables, such as `sourceCommitHash`. Those variables are not available in multi-configuration jobs apart from the top-level process.

Those variable can be made available to the jobs by listing them in hudson.model.ParametersAction.safeParameters on the java command line. That's a workaround for SECURITY-170 that is no longer needed for free-style jobs.

Even with that workaround, Jenkins spams logs with messages like this:

WARNING: Skipped parameter `sourceCommitHash` as it is undefined on `TestRepository_pull_request_builder`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters=true` to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach or `-Dhudson.model.ParametersAction.keepUndefinedParameters=false` to no longer show this message.

Only multi-configuration jobs appear in those messages. The way to suppress them is to also add -Dhudson.model.ParametersAction.keepUndefinedParameters=false to the java command line.

My expectations are:

  • The variables defined by stash-pullrequest-builder-plugin should be available to multi-configuration jobs
  • No warnings should be logged about those variables
  • No java command line parameters should be needed to achieve it
Add Comment Add Comment
 
This message was sent by Atlassian Jira (v7.11.2#711002-sha1:fdc329d)

bochenski.kuba+jenkins@gmail.com (JIRA)

unread,
Feb 7, 2019, 8:59:02 AM2/7/19
to jenkinsc...@googlegroups.com
Jakub Bochenski commented on Bug JENKINS-56012
 
Re: stash-pullrequest-builder-plugin variables not seen in multi-configuration jobs unless listed in safeParameters

Is this different than JENKINS-51480 ? I intend to change the build params into variables as suggested in ticket description

plroskin@gmail.com (JIRA)

unread,
Feb 8, 2019, 3:10:21 AM2/8/19
to jenkinsc...@googlegroups.com

I don't think it's the same. There is no mention of matrix builds. `-Dhudson.model.ParametersAction...`is too imprecise. In my case, listing all 10 variables exported by the plugin in `-Dhudson.model.ParametersAction.safeParameters` was insufficient to suppress the logs. I had to add `-Dhudson.model.ParametersAction.keepUndefinedParameters=false` in addition to that. I would rather not do it, as it suppresses all warnings about all undefined variables from all plugins. Fortunately I don't have any, but I'd rather have those warnings in the log if I even need to debug another issue with variables.

I looked what variables are passed to the jobs for individual parameter combinations. `GIT_COMMIT` is one such variable. It must be comping from the git-plugin, so it could probably serve as an example.

plroskin@gmail.com (JIRA)

unread,
Feb 25, 2019, 1:46:01 AM2/25/19
to jenkinsc...@googlegroups.com

I tried fixing the issues with the environment. There are multiple issues. One issue that is specific to multi-configuration builds is that StashAditionalParameterEnvironmentContributor#buildEnvironmentFor() uses getCause(StashCause.class). The cause of child builds is the top-level build, not StashCause. That should be considered.

That said, it is likely that this issue and JENKINS-51480 would be fixed together.

plroskin@gmail.com (JIRA)

unread,
Feb 25, 2019, 4:46:03 PM2/25/19
to jenkinsc...@googlegroups.com

The issue of missing environment variables has been addressed by https://github.com/jenkinsci/stash-pullrequest-builder-plugin/pull/44

The warnings are still there. For a 2-configuration project with consecutive execution, the second child job generates 150 variables, 15 per variable.

plroskin@gmail.com (JIRA)

unread,
Feb 26, 2019, 9:33:03 PM2/26/19
to jenkinsc...@googlegroups.com

It looks like the remaining warnings are a migration issue. They happen when the new plugin (i.e. the one with PR44 merged) loads builds created with the old (pre-PR44) plugin.

I made Jenkins dump stack after reporting the SECURITY-170 warning, and here's what it shows.

 

WARNING: Skipped parameter `sourceCommitHash` as it is undefined on `TestRepository_Matrix_PR_Builder`. Set `-Dhudson.model.ParametersAction.keepUndefinedParameters=true` to allow undefined parameters to be injected as environment variables or `-Dhudson.model.ParametersAction.safeParameters=[comma-separated list]` to whitelist specific parameter names, even though it represents a security breach or `-Dhudson.model.ParametersAction.keepUndefinedParameters=false` to no longer show this message.
java.lang.Exception: Stack trace
at java.lang.Thread.dumpStack(Thread.java:1336)
at hudson.model.ParametersAction.filter(ParametersAction.java:333)
at hudson.model.ParametersAction.getParameters(ParametersAction.java:183)
at hudson.matrix.MatrixChildParametersAction.onLoad(MatrixChildParametersAction.java:87)
at hudson.model.Run.onLoad(Run.java:364)
at hudson.model.RunMap.retrieve(RunMap.java:225)
at hudson.model.RunMap.retrieve(RunMap.java:57)
at jenkins.model.lazy.AbstractLazyLoadRunMap.load(AbstractLazyLoadRunMap.java:501)
at jenkins.model.lazy.AbstractLazyLoadRunMap.load(AbstractLazyLoadRunMap.java:483)
at jenkins.model.lazy.AbstractLazyLoadRunMap.getByNumber(AbstractLazyLoadRunMap.java:381)
at jenkins.model.lazy.AbstractLazyLoadRunMap.search(AbstractLazyLoadRunMap.java:346)
at jenkins.model.lazy.LazyLoadRunMapEntrySet$1.next(LazyLoadRunMapEntrySet.java:74)
at jenkins.model.lazy.LazyLoadRunMapEntrySet$1.next(LazyLoadRunMapEntrySet.java:63)
at java.util.AbstractMap$2$1.next(AbstractMap.java:418)
at hudson.matrix.LinkedLogRotator.perform(LinkedLogRotator.java:69)
at hudson.model.Job.logRotate(Job.java:468)
at hudson.model.Run.execute(Run.java:1880)
at hudson.matrix.MatrixRun.run(MatrixRun.java:153)
at hudson.model.ResourceController.execute(ResourceController.java:97)
at hudson.model.Executor.run(Executor.java:429)

 

Maybe stash-pullrequest-builder-plugin should still use and recognize the parameters? I see that the GitHub pull request builder took a different approach and used a class derived from ParametersAction. I know, that plugin is obsolete, but I'm sure it was getting more attention than stash-pullrequest-builder-plugin.

plroskin@gmail.com (JIRA)

unread,
Mar 21, 2019, 4:11:03 PM3/21/19
to jenkinsc...@googlegroups.com

The issue is resolved as originally stated. The issue of warnings from historic builds will be reported and addressed separately.

plroskin@gmail.com (JIRA)

unread,
Mar 21, 2019, 4:13:02 PM3/21/19
to jenkinsc...@googlegroups.com
Change By: Pavel Roskin
Status: Open Fixed but Unreleased
Resolution: Fixed

plroskin@gmail.com (JIRA)

unread,
Mar 21, 2019, 4:15:01 PM3/21/19
to jenkinsc...@googlegroups.com
Pavel Roskin assigned an issue to Pavel Roskin
Change By: Pavel Roskin
Assignee: Jakub Bochenski Pavel Roskin

plroskin@gmail.com (JIRA)

unread,
May 27, 2019, 4:25:01 PM5/27/19
to jenkinsc...@googlegroups.com
Change By: Pavel Roskin
Status: Fixed but Unreleased Resolved
Released As: 1.9
Reply all
Reply to author
Forward
0 new messages