Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If Bob sets up the Pipeline he delegates his Git ssh key for reading from the repository, for the purpose of running the Pipeline. When Alice comes along and wants to edit the Pipeline, she cannot use Bobs ssh key. Jenkins generates a public/private key pair and stores it as a credential against her user. She is then prompted to download a public key and register it with the Git server.

 

Username/password credentials

...

The credential should be stored with a domain for the git server. Without this, there is a risk that the credential could be exposed to a "bad server" and stolen (ssh key does not have this issue).

 

User flows

Creating the Pipeline using SSH

...

1. First step

Developer enters in their ssh/git protocol URL

Image Removed

 

Presented with the option to use the Jenkins Public Key for that user

Image Removed

 

Presented with the option to use predefined SSH credentials. Drop down only contains SSH credentials

Image Removed

Creating the Pipeline using HTTP

Same behaviour as Blue Ocean 1.0

URL and based off of the protocol we decide if they will use SSH key (SSH) or Username/password (http/https)

Image Added

2. Creating the Pipeline using SSH

 

Image Added

3. Creating Pipeline with username and password

Image Added

 

Loading the editor:

  1. Developer clicks the edit action
  2. Developer sees a progress dialog with a message "Loading your Jenkinsfile"
    • This could take a while as we have to do a shallow clone of the repository
    • How much progress information do we get from the clone? If we can easily get this info we can use a determinate progress indicator rather than a indeterminate one.
    • Developer should be able to cancel the load if it takes too long
  3. Developer sees the Editor

...

  1. Blue Ocean detects the type of credential needed based on the repository URL
    • If Bob sets up the Pipeline using a Git URL with the SSH protocol then he can only create a SSH credential for it.
    • If Alice edits the Pipeline that Bob setup using SSH then she needs a SSH key
  2. User is presented with a way of creating their own credential (as scoped in the Security scenarios) and credential is validated before allowing the user to continue
  3. User can perform creation or editing actions

 

...

Github with access token

Image Added

Git with username and password

Image Added

Git with Jenkins user public key

Technical questions and problems

...