Excluding builds of certain git branches on ASF Jenkins

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|

Excluding builds of certain git branches on ASF Jenkins

mthmulders
Hi all,

As you may have noticed, yesterday we had a situation on Jenkins where
around 500 jobs where queuing up. Many of them of them where building
Dependabot branches from our Github mirrors.

The way Dependabot works is they do *not* create a fork of our repo's.
Instead they create a branch in our repo's and push one commit that
updates a particular dependency. Because of sync between Github and the
ASF Gitbox, that branch also exists in the ASF Gitbox. And because of
that, Jenkins may decide to start building it (as happened yesterday).
This means we pull in changes from others that get executed on ASF
infrastructure without any Maven committer reviewing or approving those
changes.

In the Jenkins user interface, I see there's an option to build only
specific branches. I'm thinking of excluding everything that starts with
dependabot/ there, just to be sure. Before I continue, does anyone know
if it's possible to configure this with a Jenkinsfile?

Thanks,

Maarten

OpenPGP_0x13D979595E6D01E1.asc (1K) Download Attachment
OpenPGP_signature (505 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Excluding builds of certain git branches on ASF Jenkins

Elliotte Rusty Harold
On Wed, Jul 22, 2020 at 8:36 AM Maarten Mulders <[hidden email]> wrote:

> In the Jenkins user interface, I see there's an option to build only
> specific branches. I'm thinking of excluding everything that starts with
> dependabot/ there, just to be sure. Before I continue, does anyone know
> if it's possible to configure this with a Jenkinsfile?


Without Jenkins running on Dependabot, we'd probably be safer just
turning off Dependabot, unless maybe there's a way to manually trigger
a build on a branch?

--
Elliotte Rusty Harold
[hidden email]

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

Re: Excluding builds of certain git branches on ASF Jenkins

Maarten Mulders-2
On 22/07/2020 11:49, Elliotte Rusty Harold wrote:

> On Wed, Jul 22, 2020 at 8:36 AM Maarten Mulders <[hidden email]> wrote:
>
>> In the Jenkins user interface, I see there's an option to build only
>> specific branches. I'm thinking of excluding everything that starts with
>> dependabot/ there, just to be sure. Before I continue, does anyone know
>> if it's possible to configure this with a Jenkinsfile?
>
>
> Without Jenkins running on Dependabot, we'd probably be safer just
> turning off Dependabot, unless maybe there's a way to manually trigger
> a build on a branch?
>

I was thinking Dependabot could _tell_ us there's a newer version of a
dependency. Those branches could be built with Github actions (they are
already in use on some repositories). If that succeeds, and after
inspection of the pull request by a committer, it could be built on
Jenkins, too. We just don't want Jenkins to build those branches
automatically, without human inspection.

Thanks,

Maarten

---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]