If Bob sets up the Pipeline he delegates his Git ssh key for reading from the repository, for the purpose of running the Pipeline. When Alice comes along and wants to edit the Pipeline, she cannot use Bobs ssh key. Jenkins generates a public/private key pair and stores it as a credential against her user. She is then prompted to download a public key and register it with the Git server.
The credential should be stored with a domain for the git server. Without this, there is a risk that the credential could be exposed to a "bad server" and stolen (ssh key does not have this issue).
Creating the Pipeline using SSH
1. First step
Developer enters in their ssh/git protocol URL
Presented with the option to use the Jenkins Public Key for that user
Presented with the option to use predefined SSH credentials. Drop down only contains SSH credentials
Creating the Pipeline using HTTP
Same behaviour as Blue Ocean 1.0
URL and based off of the protocol we decide if they will use SSH key (SSH) or Username/password (http/https)
2. Creating the Pipeline using SSH
3. Creating Pipeline with username and password
Loading the editor:
- Developer clicks the edit action
- Developer sees a progress dialog with a message "Loading your Jenkinsfile"
- This could take a while as we have to do a shallow clone of the repository
- How much progress information do we get from the clone? If we can easily get this info we can use a determinate progress indicator rather than a indeterminate one.
- Developer should be able to cancel the load if it takes too long
- Developer sees the Editor
- Blue Ocean detects the type of credential needed based on the repository URL
- If Bob sets up the Pipeline using a Git URL with the SSH protocol then he can only create a SSH credential for it.
- If Alice edits the Pipeline that Bob setup using SSH then she needs a SSH key
- User is presented with a way of creating their own credential (as scoped in the Security scenarios) and credential is validated before allowing the user to continue
- User can perform creation or editing actions
Github with access token
Git with username and password
Git with Jenkins user public key
Technical questions and problems