Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature Request: Option to NOT expose build logs #92

Closed
dduportal opened this issue Mar 5, 2021 · 13 comments · Fixed by #93
Closed

Feature Request: Option to NOT expose build logs #92

dduportal opened this issue Mar 5, 2021 · 13 comments · Fixed by #93

Comments

@dduportal
Copy link

Dependencies

N.A.

Feature Request

The pipeline summary output (#66) is really a NEAT feature, thanks a lot for implementing it!

However in certain cases, it would be interesting to not expose the build's log output.

I'm thinking of the use case of a public code, but with the build output exposing sensitive information even it should not: if the build fails, then the sensitive data is exposed out of Jenkins.
Example which happened with Terraform: a bug in the 0.13.1 version was outputing sensitive data, which could have been exposed on the public repo.

The idea of this feature request can be splitted in 2 axes:

  • Add an option to NOT add the build output in the summary (only the stage names, timing and statuses for instance)
  • And/Or add an option to disable the pipeline summary when a GitHub MultiBranch / Organization job is used, to keep the benefit of the Check API without exposing sensitive information

Is this description clear or do you need more information/details?
If it is, does it seem legit?
@timja
Copy link
Member

timja commented Mar 5, 2021

I thought about this when it was added, makes sense to add configuration hooks for it.

There shouldn't be any sensitive info in the build logs, but it can happen...

@mrginglymus mrginglymus mentioned this issue Mar 5, 2021
Merged
@mrginglymus
Copy link
Contributor

Ahh, I think I've grokked your second point. I'd think there's not much value (currently) in allowing users to disable the pipeline summary altogether; at that point you're left with a check that just has a link to the job, at which point you may be better off suppressing the checks for job status altogether and just using the status API (whilst still retaining the ability to use checks api for e.g. junit, warnings-ng etc).

@dduportal
Copy link
Author

Thanks a lot for this! I still have a (newbie) question though: how can I use the flag to suppress Log (from #93)?

I'm not sure to understand if it is a property to set on my Jenkins administration settings, on the jobs (GH Org. Folder in my case) or on the Pipeline itself? I'm asking the question because I never, ever did anything to enable or specify the Checks (except switching from a Github Oauth to Github App). It's really really cool to have this enabled by default!

But I'm not sure where to go once the new released plugin will be installed on my instance.

(I volunteer to write something on the plugin, or Jenkins doc to show the case of course, but I need initial pointers).

@timja
Copy link
Member

timja commented Mar 8, 2021

It's what is known as a Job behaviour or trait.

It's done at job level configuration (or organisation / multi branch folder level)

@jglick
Copy link
Member

jglick commented Mar 8, 2021

https://github.com/jenkinsci/github-checks-plugin/blob/65a3ebf0923ebb3993414103d5269c2f536ffa0c/src/main/java/io/jenkins/plugins/checks/github/status/GitHubSCMSourceStatusChecksTrait.java#L121 IIUC.

@timja
Copy link
Member

timja commented Mar 8, 2021

Yes that's right

@dduportal
Copy link
Author

It's what is known as a Job behaviour or trait.
It's done at job level configuration (or organisation / multi branch folder level)

Ok, so I'll have to update my job through UI, or my Job-DSL config (with the new version installed of course). Is that correct?

https://github.com/jenkinsci/github-checks-plugin/blob/65a3ebf0923ebb3993414103d5269c2f536ffa0c/src/main/java/io/jenkins/plugins/checks/github/status/GitHubSCMSourceStatusChecksTrait.java#L121 IIUC.

Is this related to my question or to the PR? I'm not sure to understand (more than it's some code from the plugin github-checks-plugin that might be related to the current plugin, but I don't have the skills to links this code to an actionable element in Jenkins to be fair.

@jglick
Copy link
Member

jglick commented Mar 8, 2021

Means that in the multibranch config GUI you would select Status Checks Properties to customize, and from job-dsl you would need to find some way to select GitHubSCMSourceStatusChecksTrait. Seems that the github-checks plugin would need something to match #93 though right?

@timja
Copy link
Member

timja commented Mar 8, 2021

Yeah looks like you're right, this was the last property added: jenkinsci/github-checks-plugin@65a3ebf

cc @mrginglymus

@timja timja reopened this Mar 8, 2021
@dduportal
Copy link
Author

Thanks a lot @jglick ! I did not know about this item. It's clear now. Looks like you're correct and that something will have to be made on github-checks if my understanding is correct. I'll defer to @timja .

@mrginglymus
Copy link
Contributor

I have a half-done change for the other half of this...

@mrginglymus
Copy link
Contributor

jenkinsci/github-checks-plugin#138

@XiongKezhi
Copy link
Contributor

released in https://github.com/jenkinsci/checks-api-plugin/releases/tag/v1.6.0

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add option to suppress log in job summary mrginglymus/checks-api-plugin
5 participants
@jglick @mrginglymus @dduportal @timja @XiongKezhi