Gitlab hook plugin development abandoned?

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

Gitlab hook plugin development abandoned?

Léon Hagenaars-Keus
Hi all,

Is the development of the gitlab hook (https://github.com/jenkinsci/gitlab-hook-plugin, https://plugins.jenkins.io/gitlab-hook/) abandoned?
I've posted an issue there (https://github.com/jenkinsci/gitlab-hook-plugin/issues/62, as a notification of CVE-2020-2096/SECURITY-1683 issue to the maintainer), but the plugin has seen no development in 3 years.
I might be able to help in fixing the issue.

Kind regards,
Léon Hagenaars-Keus

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/385899ea-bd1c-4b7b-85f8-bb3635fdd192n%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Gitlab hook plugin development abandoned?

Tobias Gruetzmacher
Hi,

On Tue, Sep 22, 2020 at 02:04:48AM -0700, Léon Hagenaars-Keus wrote:
> Is the development of the gitlab hook
> (https://github.com/jenkinsci/gitlab-hook-plugin,
> https://plugins.jenkins.io/gitlab-hook/) abandoned?

Well, there haven't been any commits in ~3 years, so that's probably a
"yes". Additionally, it depends on the Ruby runtime, which hasn't had a
release for 7 years, and as far as I know its use is strongly
discouraged (see, for example, JEP-7:
https://github.com/jenkinsci/jep/tree/master/jep/7)

Is there something that plugin does which the other GitLab plugins
don't?

Personally, I primarly use
https://plugins.jenkins.io/gitlab-branch-source/ for pipeline jobs and
https://plugins.jenkins.io/gitlab-plugin/ for everything else.

Regards, Tobias

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/20200926111404.GA13280%4023.gs.
Reply | Threaded
Open this post in threaded view
|

Re: Gitlab hook plugin development abandoned?

Léon Hagenaars-Keus
The thing this plugin does is provide a global 'build now' url for a json  post, where the plugin looks at all jobs using the gitlab repo contained in the webhook post, and triggers those jobs (depending on branch configuration of each job).
This makes it possible for example to have a separate 'master' build (providing the final release files, only building the master and hotfix branches) and a 'mere' unit test/ci job for all other branches.
The gitlab-plugin you suggest requires a webhook for each job, if I understand the wiki correctly.
But if this plugin is abandoned (which it  does seem like), is there a way to get it marked as abandoned/discontinued in jenkins?

Op zaterdag 26 september 2020 om 13:14:16 UTC+2 schreef [hidden email]:
Hi,

On Tue, Sep 22, 2020 at 02:04:48AM -0700, Léon Hagenaars-Keus wrote:
> Is the development of the gitlab hook
> (https://github.com/jenkinsci/gitlab-hook-plugin,
> https://plugins.jenkins.io/gitlab-hook/) abandoned?

Well, there haven't been any commits in ~3 years, so that's probably a
"yes". Additionally, it depends on the Ruby runtime, which hasn't had a
release for 7 years, and as far as I know its use is strongly
discouraged (see, for example, JEP-7:
https://github.com/jenkinsci/jep/tree/master/jep/7)

Is there something that plugin does which the other GitLab plugins
don't?

Personally, I primarly use
https://plugins.jenkins.io/gitlab-branch-source/ for pipeline jobs and
https://plugins.jenkins.io/gitlab-plugin/ for everything else.

Regards, Tobias

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/dc8489b2-46c8-46de-b3aa-32597aa8bb6fn%40googlegroups.com.
Reply | Threaded
Open this post in threaded view
|

Re: Gitlab hook plugin development abandoned?

Tobias Gruetzmacher
Hi,

On Sat, Sep 26, 2020 at 06:33:48AM -0700, Léon Hagenaars-Keus wrote:
> The thing this plugin does is provide a global 'build now' url for a
> json  post, where the plugin looks at all jobs using the gitlab repo
> contained in the webhook post, and triggers those jobs (depending on
> branch configuration of each job).

> This makes it possible for example to have a separate 'master' build
> (providing the final release files, only building the master and
> hotfix branches) and a 'mere' unit test/ci job for all other branches.

Isn't that what pipeline-multibranch/gitlab-branch-source is basically
designed to do? FWIW, I consider the migration from
freestyle/matrix/maven jobs to pipeline a worthwhile investment.

> The gitlab-plugin you suggest requires a webhook for each job, if I
> understand the wiki correctly.

Yeah, since at my company we wanted to use it with GitLab EE and group
hooks, we tried to add this functionality:
https://github.com/jenkinsci/gitlab-plugin/pull/600 - Recently, we
switched most jobs to GitLab branch source, so getting it merged isn't a
high priority for us anymore.

> But if this plugin is abandoned (which it  does seem like), is there a
> way to get it marked as abandoned/discontinued in jenkins?

Not automatically. See
https://www.jenkins.io/doc/developer/plugin-governance/adopt-a-plugin/
for the "normal" plugin adoption process.

In light of JEP-7 and the recent adition of the "deprecated" marker
(https://www.jenkins.io/doc/developer/plugin-governance/deprecating-or-removing-plugin/)
it might make sense to mark all plugins depending on ruby-runtime as
such...

Regards, Tobias

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/20200929152322.GA33624%4023.gs.
Reply | Threaded
Open this post in threaded view
|

Re: Gitlab hook plugin development abandoned?

Tomas Bjerre
In reply to this post by Léon Hagenaars-Keus
You can probably do this with  Generic Webhook Trigger:

https://plugins.jenkins.io/generic-webhook-trigger/


lördag 26 september 2020 kl. 18:33:25 UTC+2 skrev Léon Hagenaars-Keus:
The thing this plugin does is provide a global 'build now' url for a json  post, where the plugin looks at all jobs using the gitlab repo contained in the webhook post, and triggers those jobs (depending on branch configuration of each job).
This makes it possible for example to have a separate 'master' build (providing the final release files, only building the master and hotfix branches) and a 'mere' unit test/ci job for all other branches.
The gitlab-plugin you suggest requires a webhook for each job, if I understand the wiki correctly.
But if this plugin is abandoned (which it  does seem like), is there a way to get it marked as abandoned/discontinued in jenkins?

Op zaterdag 26 september 2020 om 13:14:16 UTC+2 schreef [hidden email]:
Hi,

On Tue, Sep 22, 2020 at 02:04:48AM -0700, Léon Hagenaars-Keus wrote:
> Is the development of the gitlab hook
> (https://github.com/jenkinsci/gitlab-hook-plugin,
> https://plugins.jenkins.io/gitlab-hook/) abandoned?

Well, there haven't been any commits in ~3 years, so that's probably a
"yes". Additionally, it depends on the Ruby runtime, which hasn't had a
release for 7 years, and as far as I know its use is strongly
discouraged (see, for example, JEP-7:
https://github.com/jenkinsci/jep/tree/master/jep/7)

Is there something that plugin does which the other GitLab plugins
don't?

Personally, I primarly use
https://plugins.jenkins.io/gitlab-branch-source/ for pipeline jobs and
https://plugins.jenkins.io/gitlab-plugin/ for everything else.

Regards, Tobias

--
You received this message because you are subscribed to the Google Groups "Jenkins Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-dev/033d9360-476b-467c-a188-31995e2578b6n%40googlegroups.com.