Reopening PR with "test this please" comment triggers build (even if new/malicious commits are added) #282
Comments
|
I also created an issue here janinko#394 as I'm not sure which repo is the "official" one (both are very active). |
|
Any ideas on what might be causing this? Is there any more information I can provide to help? I had the same issue occur with a real pull request today: chenxiaolong/DualBootPatcher#73 I approved the PR for testing via a "test this please" comment, which triggered this build: https://jenkins.noobdev.io/job/DualBootPatcher_PR/17/ It failed and the user made a second commit in attempt to fix it and also happened to close and reopen the PR. The GHPRB plugin made a new build https://jenkins.noobdev.io/job/DualBootPatcher_PR/19/ without my approval. |
|
I don't have any ideas at the moment how to tell the plugin not to treat the reopened pull request like anything other than a new pull request. |
Thanks for the reply! I don't have a problem with treating reopened pull requests like a new pull request. The problem is that it's triggering a new build for reopened pull requests that contain a "test this please" comment. |
|
That is what I mean. When it checks creates a new pull request internally then it checks all of the comments since the PR was created. One of those comments being "test this please" tells the plugin to schedule a build. Hence the problem of building PRs that are closed and re-opened. |
Thanks for the explanation. Would it be possible to only look for "test this please" after the last "Can one of the admins verify this patch?" comment? When a PR is reopened, "Can one of the admins verify this patch?" is posted by the bot user and there would be no "test this please" comment after it. |
Correct typo 'conext' -> 'context'
|
Could do this: Get the PR's events, e.g. https://api.github.com/repos/chenxiaolong/DualBootPatcher/issues/67/events. Ignore any comments older than the last reopened event. |
|
I think solving this would involve looking over message, reading time stamps, etc. I think it's viable but I don't think we'll do it any time soon. Marking this as deferred for now. |
Correct typo 'conext' -> 'context'
|
I think this is a dup of #518 so I'll copy my comment here since this issue is still open
|
I'm running into an issue where reopening a closed pull request causes a build to trigger if there's a previous comment from an admin that contains "test this please".
This is the particular test case I'm looking at: chenxiaolong/DualBootPatcher#67
This is what happened with that test PR:
If I delete the "test this please" comment, I can close and reopen the PR as much as I want and no build is triggered.
I am using GitHub hooks for the triggering and do not have the
Build every pull request automatically without asking (Dangerous!).option enabled.Any idea why this happens? This can cause malicious code to run on my Jenkins slaves. Thanks in advance!
EDIT: Jenkins build when the PR was created: https://jenkins.noobdev.io/job/DualBootPatcher_PR/15/
Jenkins build when the PR was reopened https://jenkins.noobdev.io/job/DualBootPatcher_PR/16/
My config:
The text was updated successfully, but these errors were encountered: