How to prevent the need for token for public projects (jenkins) #70
Comments
|
@halkeye it is more than just the job number. We tap TravisCI API to validate build params to ensure the upload is authentic. If the CI provider has an API endpoint we can not require the token, but until then we must include the token for authentication. |
|
Jenkins has a built in api that you can get access from a run What data do you need? On Jul 27, 2016 5:47 AM, "Steve Peak" [email protected] wrote:
|
|
Is there documenation this API endpoint? That would be the most help 👍 |
|
Okay I'll see what I can dig up the next time I'm at a computer I know you can access it through the api link on the bottom of every page Would be something like /jenkins/job/$build_name/$build_id/api On Jul 27, 2016 6:23 AM, "Steve Peak" [email protected] wrote:
|
|
https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API Has some info too I don't think it's super documented though It's also not hard to expose more info through a custom plugin if needed On Jul 27, 2016 6:28 AM, "Gavin" [email protected] wrote:
|
|
I see posting builds, but not an endpoint for
Is there documentation on |
|
I'm not super familiar with the rest apis, but I can ping the mailing list
HUDSON_COOKIE HUDSON_SERVER_COOKIE JENKINS_SERVER_COOKIE I'm not sure how (yet) but those can be used during the request for https://jenkins.ci.cloudbees.com/job/plugins/job/sauce-ondemand-plugin/338/api/json?pretty=true ^^ has a bunch of info. On Wed, Jul 27, 2016 at 10:43 AM, Steve Peak [email protected]
|
|
Thanks for the details here. So the environment variables you stated would be used to authorize access to the BUILD_URL endpoint? ❤️ Love it! How would I use the cookie if I'm making this api request server side? |
|
Oh I'm totally wrong, those cookies are just random strings for identification purposes. I'm trying to figure out ways to run codecov tool in public without being able to provide token in a secret way. If that means writing a helper plugin to expose more data I totally will. |
|
That would be great! Here are some ideas of the information we would like to verify in order to accept uploads:
|
|
Here is an example: {
"finished": false,
"build_num": 145,
"slug": "owner/repo",
"commit": {
"sha": "815be8d6e1af1c3449407cc6d085b550f14b907d",
"branch": "master",
"is_merge_commit": false
}
} |
Reading over https://github.com/codecov/codecov-python/blob/master/codecov/__init__.py it looks like to me the only reason you need to provide --token= for jenkins and not travis, is because job is set for travis?
Why isn't job set to something (BUILD_NUMBER, or timestamp) for jenkins?
That way token wouldn't be required for public projects.
The text was updated successfully, but these errors were encountered: