Issues

Problems

Assumptions and limitations

Security scenario

In Github read/write

If Bob sets up the Pipeline he delegates his Github token for reading from the repository, for the purpose of running the Pipeline. When Alice comes along and wants to edit the Pipeline, she cannot use Bobs access token and is prompted to provide her own access token used for editing the pipeline.

Note that today, in order for Alice to edit, she needs to go and enter her token in creation then click the edit button and then she can author. This needs to be fixed properly as part of .

In Git read/write

SSH credentials

If Bob sets up the Pipeline he uses his Jenkins public key to delegate his Git ssh key for reading from the repository, for the purpose of running the Pipeline. When Alice comes along and wants to edit the Pipeline, she cannot use Bobs ssh key. Jenkins generates a public/private key pair and stores it as a credential against her user. She is then prompted to download a public key and register it with the Git server.

User flows

1. First step

Developer enters in their URL and based off of the protocol we decide if they will use SSH key (SSH) or Username/password (http/https)

Creating the Pipeline using SSH

 

 

Loading the editor:

  1. Developer clicks the edit action
  2. Developer sees a progress dialog with a message "Loading your Jenkinsfile"
  3. Developer sees the Editor

Saving from the editor

  1. Developer clicks save
  2. Developer sees the save dialog and then confirms
    1. May commit back to new branch or current branch
  3. Developer sees progress dialog with message "Saving your pipeline"
  4. Developer lands back on the Activity screen

Whenever credentials are required

  1. Blue Ocean detects the type of credential needed based on the repository URL
  2. User is presented with a way of creating their own credential (as scoped in the Security scenarios) and credential is validated before allowing the user to continue
  3. User can perform creation or editing actions

Github with access token

Git with Jenkins user public key

Technical questions and problems

Keith's technical brain dump

I have this working by:

  1. cloning the repo (shallow)
  2. checkout the branch
  3. reading the content

and for writes:

  1. cloning the repo (shallow)
  2. Depending if the branch has changed:
    1. creating a branch based on the source
  3. saving content
  4. adding a remote for the writable URL & credential
  5. committing and pushing content