diff --git a/README.adoc b/README.adoc index 548b5924fa..8148abd908 100644 --- a/README.adoc +++ b/README.adoc @@ -159,7 +159,7 @@ This removes remote tracking branches and tags from the local workspace if they ---- checkout scmGit( branches: [[name: 'master']], - extensions: [pruneStaleBranch(), pruneTags(true)], + extensions: [ pruneStaleBranch(), pruneTags(true) ], userRemoteConfigs: [[url: 'https://github.com/jenkinsci/ws-cleanup-plugin']]) ---- @@ -324,6 +324,8 @@ If polling finds a change worthy of a build, a build will be triggered. This allows a notify script to remain the same for all Jenkins jobs. Or if you have multiple repositories under a single repository host application (such as Gitosis), you can share a single post-receive hook script with all the repositories. +When notifyCommit is successful, the list of triggered projects is returned. + The `token` parameter is required by default as a security measure, but can be disabled by the following link:https://www.jenkins.io/doc/book/managing/system-properties/[system property]: .... @@ -337,7 +339,27 @@ It has two modes: * `disabled` - Fully disables the access token mechanism and allows all requests to `notifyCommit` to be unauthenticated. *This option is insecure and is not recommended.* -When notifyCommit is successful, the list of triggered projects is returned. +You can set the `NOTIFY_COMMIT_ACCESS_CONTROL` value with either a link:https://www.jenkins.io/doc/book/managing/system-properties/[system property] or a link:https://www.jenkins.io/doc/book/managing/groovy-hook-scripts/[Groovy hook script]. + +[[using-a-system-property-push-notification]] +Using a system property:: + +The `NOTIFY_COMMIT_ACCESS_CONTROL` value can be set from the command line that starts Jenkins. +This method is useful for environments where initial Jenkins settings are managed with command line arguments. ++ +.... +java -Dhudson.plugins.git.GitStatus.NOTIFY_COMMIT_ACCESS_CONTROL=disabled-for-polling -jar jenkins.war +.... + +[[using-a-groovy-script-push-notification]] + Using a Groovy script:: + +The `NOTIFY_COMMIT_ACCESS_CONTROL` value can be set using a Groovy script placed in the `init.groovy.d` subdirectory of the Jenkins home directory. +This method is useful for environments where Jenkins settings are managed with link:https://www.jenkins.io/doc/book/managing/groovy-hook-scripts/#post-initialization-script-init-hook[Groovy post-initialization scripts]. ++ +---- +hudson.plugins.git.GitStatus.NOTIFY_COMMIT_ACCESS_CONTROL='disabled-for-polling' +---- [#enabling-jgit] === Enabling JGit @@ -1058,6 +1080,16 @@ Path:: File or directory to be included in the checkout +[source,groovy] +---- +checkout scmGit( + branches: [[name: 'master']], + extensions: [ + sparseCheckout(sparseCheckoutPaths: [[path: 'src'], [path: 'Makefile']]) + ], + userRemoteConfigs: [[url: 'https://github.com/jenkinsci/git-plugin.git']]) +---- + [#git-lfs-pull-after-checkout] ==== Git LFS pull after checkout diff --git a/pom.xml b/pom.xml index de24289fd4..4e8ea5e2d0 100644 --- a/pom.xml +++ b/pom.xml @@ -69,7 +69,7 @@ - 5.3.1 + 5.4.1 -SNAPSHOT jenkinsci/${project.artifactId}-plugin 2.440 @@ -89,7 +89,7 @@ io.jenkins.tools.bom bom-${jenkins.baseline}.x - 3276.vcd71db_867fb_2 + 3289.v3ff9637cd241 pom import @@ -165,7 +165,7 @@ nl.jqno.equalsverifier equalsverifier - 3.16.1 + 3.16.2 test @@ -296,7 +296,7 @@ org.apache.maven.plugins maven-checkstyle-plugin - 3.4.0 + 3.5.0 google_checks.xml true diff --git a/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java b/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java index 0a8796f1d7..c5a326a837 100644 --- a/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java +++ b/src/main/java/hudson/plugins/git/extensions/impl/SparseCheckoutPaths.java @@ -13,6 +13,7 @@ import org.jenkinsci.plugins.gitclient.GitClient; import org.jenkinsci.plugins.gitclient.UnsupportedCommand; import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.Whitelisted; +import org.jenkinsci.Symbol; import org.kohsuke.stapler.DataBoundConstructor; import edu.umd.cs.findbugs.annotations.NonNull; @@ -52,10 +53,11 @@ public void determineSupportForJGit(GitSCM scm, @NonNull UnsupportedCommand cmd) } @Extension + @Symbol("sparseCheckout") public static class DescriptorImpl extends GitSCMExtensionDescriptor { @Override public String getDisplayName() { - return "Sparse Checkout paths"; + return "Sparse checkout paths"; } } diff --git a/src/main/java/jenkins/plugins/git/GitSCMSource.java b/src/main/java/jenkins/plugins/git/GitSCMSource.java index 204942ec3c..536b845b38 100644 --- a/src/main/java/jenkins/plugins/git/GitSCMSource.java +++ b/src/main/java/jenkins/plugins/git/GitSCMSource.java @@ -444,7 +444,10 @@ public ListBoxModel doFillCredentialsIdItems(@AncestorInPath Item context, public FormValidation doCheckRemote(@AncestorInPath Item item, @QueryParameter String credentialsId, @QueryParameter String remote) throws IOException, InterruptedException { - Jenkins.get().checkPermission(Jenkins.MANAGE); + if (item == null && !Jenkins.get().hasPermission(Jenkins.MANAGE) || + item != null && !item.hasPermission(Item.CONFIGURE)) { + return FormValidation.warning("Not allowed to modify remote"); + } return isFIPSCompliantTLS(credentialsId, remote) ? FormValidation.ok() : FormValidation.error(hudson.plugins.git.Messages.git_fips_url_notsecured()); } diff --git a/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java b/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java index 5e198345db..7efa4bb3ae 100644 --- a/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java +++ b/src/test/java/hudson/plugins/git/CredentialsUserRemoteConfigTest.java @@ -163,6 +163,7 @@ private String randomPipelineExtensions() { "pruneTags()", "pruneTags(false)", "pruneTags(true)", + "sparseCheckout(sparseCheckoutPaths: [[path: 'src'], [path: 'Makefile']])", "submodule(disableSubmodules: true)", "submodule(depth: 1, shallow: true)", "submodule(parentCredentials: true, recursiveSubmodules: true, threads: 13)",