- Fix vulnerability in OAuth where user-submitted authorization token was used for authentication (https://github.com/buildbot/buildbot/wiki/OAuth-vulnerability-in-using-submitted-authorization-token-for-authentication) Thanks to Phillip Kuhrt for reporting it.
- Fix CRLF injection vulnerability with validating user provided redirect parameters (https://github.com/buildbot/buildbot/wiki/CRLF-injection-in-Buildbot-login-and-logout-redirect-code) Thanks to
mik317
andmariadb
for reporting it.
- Fix a regression present in v1.7.0 which caused buildrequests waiting for a lock that got released by an unrelated build not be scheduled (
4491
) - Don't run builds that request an instance with incompatible properties on Docker, Marathon and OpenStack latent workers.
- Gitpoller now fetches only branches that are known to exist on remote. Non-existing branches are quietly ignored.
- The demo repo in sample configuration files and the tutorial is now fetched via
https:
instead ofgit:
to make life easier for those behind firewalls and/or using proxies. - buildbot sendchange has been fixed on Python 3 (
4138
)
- Add a :py
~buildbot.worker.kubernetes.KubeLatentWorker
to launch workers into a kubernetes cluster - Simplify/automate configuration of worker as Windows service - eliminate manual configuration of Log on as a service
- The deprecated
BuildMaster.addBuildset
method has been removed. UseBuildMaster.data.updates.addBuildset
instead. - The deprecated
BuildMaster.addChange
method has been removed. UseBuildMaster.data.updates.addChange
instead. buildbot
package now requires Twisted versions >= 17.9.0. This is required for Python 3 support. Earlier versions of Twisted are not supported.
- Fixed JSON decoding error when sending build properties to www change hooks on Python 3.
- Buildbot no longer attempts to start builds that it can prove will have unsatisfied locks.
- Don't run builds that request images or sizes on instances started with different images or sizes.
- The Buildbot master Docker image at https://hub.docker.com/r/buildbot/ has been upgraded to use Python 3.7 by default.
- Builder page has been improved with a smoothed build times plot, and a new success rate plot.
- Allow the Buildbot master initial start timeout to be configurable.
- An API to check whether an already started instance of a latent worker is compatible with what's required by a build that is about to be started.
- Add support for v2 of the Vault key-value secret engine in the SecretInVault secret provider.
- Build.canStartWithWorkerForBuilder static method has been made private and renamed to _canAcquireLocks.
- The Buildbot master Docker image based on Python 2.7 has been removed in favor of a Python 3.7 based image.
- Builder.canStartWithWorkerForBuilder method has been removed. Use Builder.canStartBuild.
- Fixed missing buildrequest owners in the builder page (
4207
,3904
) - Fixed display of the buildrequest number badge text in the builder page when on hover.
- Fix usage of master paths when doing Git operations on worker (
4268
)
- Misc improvement in Git source build step documentation.
- Improve documentation of AbstractLatentWorker.
- Improve the documentation of the Buildbot concepts by removing unneeded details to other pages.
- Added a page that lists all pending buildrequests (
4239
) - Builder page now has a chart displaying the evolution of build times over time
- Improved FileUpload efficiency (
3709
) - Add method
getResponsibleUsersForBuild
in :py~buildbot.notifier.NotifierBase
so that users can override recipients, for example to skip authors of changes. - Add define parameter to RpmBuild to specify additional --define parameters.
- Added SSL proxy capability to base web application's developer test setup (
gulp dev proxy --host the-buildbot-host --secure
).
- The Material design Web UI has been removed as unmaintained. It may be brought back if a maintainer steps up.
- Fix the umask parameter example to make it work with both Python 2.x and 3.x.
- Fix build-change association for multi-codebase builds in the console view..
- Fixed builders page doesn't list workers in multi-master configuration (
4326
) - Restricted groups added by :py
~buildbot.www.oauth2.GitHubAuth
'sgetTeamsMembership
option to only those teams to which the user belongs. Previously, groups were added for all teams for all organizations to which the user belongs. - Fix 'Show old workers' combo behavior.
- GitHub teams added to a user's
groups
by :py~buildbot.www.oauth2.GitHubAuth
'sgetTeamsMembership
option are now added by slug as well as by name. This means a team named "Bot Builders" in the organization "buildbot" will be added as bothbuildbot/Bot Builders
andbuildbot/bot-builders
. - Make
urlText
renderable for the :py~buildbot.steps.transfer.FileUpload
build step. - Added
noticeOnChannel
option to :bbIRC
to send notices instead of messages to channels. This was an option in v0.8.x and removed in v0.9.0, which defaulted to sending notices. The v0.8.x default of sending messages is now restored.
- Reverted: Fix git submodule support when using sshPrivateKey and sshHostKey because it broke other use cases (
4316
) In order to have this feature to work, you need to keep your master in 1.4.0, and make sure your workerbuildbot.tac
are installed in the same path as your master.
- Fix Build.getUrl() to not ignore virtual builders.
- Fix git submodule support when using sshPrivateKey and sshHostKey settings by passing ssh data as absolute, not relative paths.
- Fixed :bb
P4
for change in latest version of p4 login -p. - :py
buildbot.reporters.irc.IrcStatusBot
no longer encodes messages before passing them on to methods of its Twisted base class to avoid posting therepr()
of a bytes object when running on Python 3.
- Added new :bb
GitPush
step to perform git push operations. - Objects returned by
renderer
now are able to pass extra arguments to the rendered function via withArgs method.
- Test suite has been improved for readability by adding a lot of
inlineCallbacks
- Fixed tests which didn't wait for
assertFailure
's returned deferred. - The test suite now runs on Python 3.7 (mostly deprecation warnings from dependencies shut down)
- buildbot-worker docker image no longer use pidfile. This allows to auto-restart a docker worker upon crash.
- GitLab v3 API is deprecated and has been removed from http://gitlab.com, so we now use v4. (
4143
)
- -:bb
Git
now supports sshHostKey parameter to specify ssh public host key for fetch operations. - -:bb
Git
now supports sshPrivateKey parameter to specify private ssh key for fetch operations. - -:bb
GitPoller
now supports sshHostKey parameter to specify ssh public host key for fetch operations. This feature is supported on git 2.3 and newer. - -:bb
GitPoller
now supports sshPrivateKey parameter to specify private ssh key for fetch operations. This feature is supported on git 2.3 and newer. - Github hook token validation now uses
hmac.compare_digest()
for better security
- Removed support for GitLab v3 API ( GitLab < 9 ).
- Don't schedule a build when a GitLab merge request is deleted or edited (
3635
) - Add GitLab source step; using it, we now handle GitLab merge requests from forks properly (
4107
) - Fixed a bug in :py
~buildbot.reporters.mail.MailNotifier
'screateEmail
method when called with the default builds value which resulted in mail not being sent. - Fixed a Github crash that happened on Pull Requests, triggered by Github Web-hooks. The json sent by the API does not contain a commit message. In github.py this causes a crash, resulting into response 500 sent back to Github and building failure.
- Speed up generation of api/v2/builders by an order of magnitude. (
3396
).
- Added
examples/gitlab.cfg
to demonstrate integrating Buildbot with GitLab.
ForceScheduler-Parameters
now support anautopopulate
parameter.ForceScheduler-Parameters
ChoiceParameter
now correctly supports thestrict
parameter, by allowing free text entry if strict is False.- Allow the remote ref to be specified in the GitHub hook configuration (
3998
) - Added callable to p4 source that allows client code to resolve the p4 user and workspace into a more complete author. Default behaviour is a lambda that simply returns the original supplied who. This callable happens after the existing regex is performed.
- fix several multimaster issues by reverting
3911
. re-opens3783
. (4067
,4062
,4059
) - Fix :bb
MultipleFileUpload
to correctly compute path name when worker and master are on different OS (4019
) - LDAP bytes/unicode handling has been fixed to work with Python 3. This means that LDAP authentication, REMOTE_USER authentication, and LDAP avatars now work on Python 3. In addition, an of bounds access when trying to load the value of an empty LDAP attribute has been fixed.
- Removing
`no-select
rules from places where they would prevent the user from selecting interesting text. (:issue:`3663) - fix
`Maximum recursion depth exceeded
when lots of worker are trying to connect while master is starting or reconfiguring (4042
).
- Document a minimal secure config for the Buildbot web interface. (
4026
)
- The Dockerfile for the buildbot master image has been updated to use Alpine Linux 3.7. In addition, the Python requests module has been added to this image. This makes GitHub authentication work out of the box with this image. (
4039
) - New steps for Visual Studio 2017 (VS2017, VC141, and MsBuild141).
- The smoke tests have been changed to use ES2017 async and await keywords. This requires that the smoke tests run with Node 8 or higher. Use of async and await is recommended by the Protractor team: https://github.com/angular/protractor/blob/master/docs/async-await.md
- Allow
urlText
to be set on a url linked to aDirectoryUpload
step (3983
)
- Fix issue which marked all workers dis-configured in the database every 24h (
3981
3956
3970
) - The :bb
MailNotifier
no longer crashes when sending from/to email addresses with "Real Name" parts (e.g.,John Doe <john.doe@domain.tld>
). - Corrected pluralization of text on landing page of the web UI
- Corrected typo in description of libvirt
- Update sample config to use preferred API
- Home page now contains links to recently active builders
- Removed
ramlfication
as a dependency to build the docs and run the tests.
- Fixed buildrequests API doesn't provide properties data (
3929
) - Fix missing owner on builder build table (
3311
) - Include hipchat as reporter.
- Fix encoding issues of commands with Windows workers (
3799
). - Fixed Relax builder name length restriction (
3413
). - Fix the configuration order so that services can actually use secrets (
3985
) - Partially fix Builder page should show the worker information (
3546
).
- Added the
defaultProperties
parameter to :bbbuilders
. - When a build step has a log called "summary" (case-insensitive), the Build Summary page will sort that log first in the list of logs, and automatically expand it.
Despite the major version bump, Buildbot 1.0.0 does not have major difference with the 0.9 series. 1.0.0 is rather the mark of API stability. Developers do not foresee a major API break in the next few years like we had for 0.8 to 0.9.
Starting with 1.0.0, Buildbot will follow semver versioning methodology.
- Cloning :bb
Git
repository with submodules now works with Git < 1.7.6 instead of failing due to the use of the unsupported--force
option. - :bb
GitHub
hook now properly creates a change in case of new tag or new branch. :bbGitHub
changes will have thecategory
set totag
when a tag was pushed to easily distinguish from a branch push. - Fixed issue with :py
Master.expireMasters
not always honoring itsforceHouseKeeping
parameter. (3783
) - Fixed issue with steps not correctly ending in
CANCELLED
status when interrupted. - Fix maximum recursion limit issue when transferring large files with
LocalWorker
(issue:3014). - Added an argument to P4Source that allows users to provide a callable to convert Perforce branch and revision to a valid revlink URL. Perforce supplies a p4web server for resolving urls into change lists.
- Fixed issue with
buildbot_pkg
not hanging on yarn step on windows (:issue:`3890). - Fix issue with :bb
workers
notify_on_missing
not able to be configurable as a single string instead of list of string (3913
). - Fixed Builder page should display worker name instead of id (
3901
).
- Add capability to override the default UI settings (
3908
) - All
Reporters
have been adapted to be able to useSecret
. :bbSVNPoller
has been adapted to be able to useSecret
. - Implement support for Bitbucket Cloud webhook plugin in :py
~buildbot.www.hooks.bitbucketcloud.BitbucketCloudEventHandler
- The
owners
property now includes people associated with the changes of the build (3904
). - The repo source step now syncs with the
--force-sync
flag which allows the sync to proceed when a source repo in the manifest has changed. - Add support for compressing the repo source step cache tarball with
pigz
, a parallel gzip compressor.