The following plugin provides functionality available through Pipeline-compatible steps. Read more about how to integrate steps into your Pipeline in the Steps section of the Pipeline Syntax page.

For a list of other such plugins, see the Pipeline Steps Reference page.

Tuleap

  • Tuleap
    • project
      • Type: class io.jenkins.plugins.tuleap_api.deprecated_client.api.TuleapProject
    • repository
      • Type: class io.jenkins.plugins.tuleap_api.deprecated_client.api.TuleapGitRepository
    • credentialsId : String (optional)

      Credentials to user to scan the selected project and its git repositories as well as checkout sources.

      At the moment Only "username + password" credentials are supported. Other types won't be proposed (esp. API key cannot be used) because Jenkins should be able to do both REST API calls and git http operations and only username/password with Basic Authentication can do that for now.

      If the project contains private repositories or if the project itself is private, given credentials should have access to this project.

    • id : String (optional)
    • projectId : String (optional)

      Name of Tuleap project this git repository belongs to.

    • repositoryPath : String (optional)
      Git repository that corresponds to this scan.
    • traits (optional)
      The behaviours control what is discovered from the Tuleap server. The behaviours are grouped into a number of categories:
      Repository
      These behaviours determine what repositories get discovered. Only repositories that have at least one discovered branch / pull request can themselves be discovered.
      Within repository
      These behaviours determine what gets discovered within each repository. If you do not configure at least one discovery behaviour then nothing will be found!
      General
      These behaviours affect the configuration of each discovered branch.
        Array / List of Nested Choice of Objects
      • $class: 'ApprovedPullRequestTrait'
        Sets if approvals are required before building pull requests.
        • strategyId : int
          Sets if approvals are required before building pull requests.
          No approval necessary.
          No check of approvals will be performed before building.
          Any approval required
          Before building the pull request must be approved. This may be performed by the author or someone else.
          Non-author approval required
          Before building the pull request must be approved and that approval cannot be performed by the author of the pull request.
          Author and Non-author approval required
          Before building the pull request must be approved by the author and a non-author.
      • authorInChangelog
        • bitbucketAgedRefsTrait
          Defines the number of days to accept an unmodified git ref as candidate for being built (supposing it contains a Jenkinsfile). In a practical effect it is a ripoff from the Orphaned Item Strategy but on indexing time.
          • retentionDays : String
        • bitbucketBranchCommitSkipTrait
          Branches whose last commit's message contains (case insensitive) the pattern "[ci skip]" or "[skip ci]" will be ignored.
          • bitbucketBuildStatusNotifications
            Configure the Bitbucket notifications.
            • disableNotificationForNotBuildJobs : boolean (optional)
            • sendSuccessNotificationForUnstableBuild : boolean (optional)
          • bitbucketCommitSkipTrait
            Pull requests whose last commit's message contains (case insensitive) the pattern "[ci skip]" or "[skip ci]" will be ignored.
            • $class: 'BitbucketJiraValidatorTrait'
              Enforces a pull request to be filled with a title containing a single and unresolved Jira ticket, formatted as defined at the global config (defaulting matching as JENKINS-1234).
              • jiraServerIdx : int
            • buildStatusNameCustomPart
              Customize the pipeline status name used by Jenkins
              • buildStatusNameCustomPart : String (optional)
                Enter a string to customize the status/context name for status updates published to GitLab. For a branch build the default name would be 'jenkinsci/branch'. With the buildStatusNameCustomPart 'custom' the name would be 'jenkinsci/custom/branch'. This allows to have multiple GitLab-Branch-Sources for the same GitLab-project configured.
              • buildStatusNameOverwrite : boolean (optional)
                Overwrites the build status name including the jenkinsci default part.
                Instead of 'jenkinsci/custom/branch' just 'custom/branch'.
            • $class: 'ChangeDiscoveryTrait'
              • queryString : String

                Provide an additional query string to search for open changes. The status:open is implicitly added and does not need to be specified. See Gerrit search operators documentation for a detailed list of the supported search operators.

                Examples:

                • -is:wip
                  does not include work-in-progress changes
                • is:private
                  includes private changes

            • checkoutOption
              • extension
                  Nested Object
                • timeout : int
                  Specify a timeout (in minutes) for checkout.
                  This option overrides the default timeout of 10 minutes.
                  You can change the global git timeout via the property org.jenkinsci.plugins.gitclient.Git.timeOut (see JENKINS-11286). Note that property should be set on both controller and agent to have effect (see JENKINS-22547).
            • cleanAfterCheckout
              • extension
                  Nested Object
                  Clean up the workspace after every checkout by deleting all untracked files and directories, including those which are specified in .gitignore. It also resets all tracked files to their versioned state. This ensures that the workspace is in the same state as if you cloned and checked out in a brand-new empty directory, and ensures that your build is not affected by the files generated by the previous build.
                • deleteUntrackedNestedRepositories : boolean (optional)
                  Deletes untracked submodules and any other subdirectories which contain .git directories.
            • cleanBeforeCheckout
              • extension
                  Nested Object
                  Clean up the workspace before every checkout by deleting all untracked files and directories, including those which are specified in .gitignore. It also resets all tracked files to their versioned state. This ensures that the workspace is in the same state as if you cloned and checked out in a brand-new empty directory, and ensures that your build is not affected by the files generated by the previous build.
                • deleteUntrackedNestedRepositories : boolean (optional)
                  Deletes untracked submodules and any other subdirectories which contain .git directories.
            • $class: 'CleanMercurialSCMSourceTrait'
              When this behaviour is present, each build will wipe any local modifications or untracked files in the repository checkout. This is often a convenient way to ensure that a build is not using any artifacts from earlier builds.
              • cloneOption
                • extension
                    Nested Object
                  • shallow : boolean
                    Perform shallow clone, so that git will not download the history of the project, saving time and disk space when you just want to access the latest version of a repository.
                  • noTags : boolean
                    Deselect this to perform a clone without tags, saving time and disk space when you just want to access what is specified by the refspec.
                  • reference : String
                    Specify a folder containing a repository that will be used by Git as a reference during clone operations.
                    This option will be ignored if the folder is not available on the controller or agent where the clone is being executed.
                  • timeout : int
                    Specify a timeout (in minutes) for clone and fetch operations.
                    This option overrides the default timeout of 10 minutes.
                    You can change the global git timeout via the property org.jenkinsci.plugins.gitclient.Git.timeOut (see JENKINS-11286). Note that property should be set on both controller and agent to have effect (see JENKINS-22547).
                  • depth : int (optional)
                    Set shallow clone depth, so that git will only download recent history of the project, saving time and disk space when you just want to access the latest commits of a repository.
                  • honorRefspec : boolean (optional)
                    Perform initial clone using the refspec defined for the repository. This can save time, data transfer and disk space when you only need to access the references specified by the refspec.
              • $class: 'DisableStatusUpdateTrait'
                Disables notifications (commit status updates) to GitHub for builds.
                • discoverOtherRefs
                  Discovers other specified refs on the repository.
                  • ref : String

                    The pattern under /refs on the remote repository to discover, can contain a wildcard.
                    Example: test/*/merged

                  • nameMapping : String (optional)

                    Mapping for how the ref can be named in for example the @Library.
                    Example: test-@{1}
                    Where @{1} replaces the first wildcard in the ref when discovered.

                    By default it will be "namespace_before_wildcard-@{1}". E.g. if ref is "test/*/merged" the default mapping would be "test-@{1}".

                • $class: 'FilterChecksTrait'
                  • queryOperator
                    • Values: ID, SCHEME
                  • queryString : String
                    Provide a query string to search for pending checks. Depending on which mode was chosen, this either should be a checker-scheme or the UUID of a specific checker.
                • gitLabForkDiscovery
                  Discovers merge requests where the origin project is a fork of the target project.
                  • strategyId : int
                    Determines how merge requests are discovered:
                    Merging the merge request with the current target branch revision
                    Discover each merge request once with the discovered revision corresponding to the result of merging with the current revision of the target branch
                    The current merge request revision
                    Discover each merge request once with the discovered revision corresponding to the merge request head revision without merging
                    Both the current merge request revision and the merge request merged with the current target branch revision
                    Discover each merge request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the merge request head revision without merging
                  • trust

                    One of the great powers of merge requests is that anyone with read access to a project can fork it, commit some changes to their fork and then create a merge request against the original project with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile may contain configuration details to sandbox merge requests in order to mitigate against malicious merge requests. In order to protect against a malicious merge request itself modifying the Jenkinsfile to remove the protections, you can define the trust policy for merge requests from forks.

                    Other plugins can extend the available trust policies. The default policies are:

                    Nobody
                    Merge requests from forks will all be treated as untrusted. This means that where Jenkins requires a trusted file (e.g. Jenkinsfile) the contents of that file will be retrieved from the target branch on the origin project and not from the merge request branch on the fork project.
                    Members
                    Merge requests from collaborators to the origin project will be treated as trusted, all other merge requests from fork repositories will be treated as untrusted. Note that if credentials used by Jenkins for scanning the project does not have permission to query the list of contributors to the origin project then only the origin account will be treated as trusted - i.e. this will fall back to Nobody.
                    Trusted Members
                    Merge requests forks will be treated as trusted if and only if the fork owner has either Developer or Maintainer or Owner Access Level in the origin project. This is the recommended policy.
                    Everyone
                    All merge requests from forks will be treated as trusted. NOTE: this option can be dangerous if used on a public project hosted on a GitLab instance.
                    • Type: jenkins.scm.api.trait.SCMHeadAuthority<? super io.jenkins.plugins.gitlabbranchsource.GitLabSCMSourceRequest, ? extends jenkins.scm.api.mixin.ChangeRequestSCMHead2, ? extends jenkins.scm.api.SCMRevision>
                  • buildMRForksNotMirror : boolean (optional)
                    Add discovery of merge requests where the origin project is a fork of a certain project, but the target project is not the original forked project. To be used in case one has a GitLab project which is a fork of another project from another team, in order to isolate artefacts and allow an MR flow. This means using MRs inside that fork from branches in the fork back to the fork's default branch. (Implements https://github.com/jenkinsci/gitlab-branch-source-plugin/issues/167)
                • browser
                  • browser
                      Nested Choice of Objects
                    • assembla
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://www.assembla.com/code/PROJECT/git/).
                    • $class: 'BacklogGitRepositoryBrowser'
                      • repoName : String
                      • repoUrl : String
                    • bitbucketServer
                      • repoUrl : String
                        Specify the Bitbucket Server root URL for this repository (such as https://bitbucket:7990/OWNER/REPO/).
                    • bitbucket
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://bitbucket.org/OWNER/REPO/).
                    • cgit
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://cgit.example.com:port/group/REPO/).
                    • fisheye
                      • repoUrl : String
                        Specify the URL of this repository in FishEye (such as https://fisheye.example.com/browse/project/).
                    • gitblit
                      • repoUrl : String
                        Specify the root URL serving this repository.
                      • projectName : String
                        Specify the name of the project in GitBlit.
                    • $class: 'GitBucketBrowser'
                      • url : String
                    • gitLab
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://gitlab.com/username/repository/).
                      • version : String (optional)
                        Specify the major and minor version of GitLab you use (such as 9.1). If you don't specify a version, a modern version of GitLab (>= 8.0) is assumed.
                    • $class: 'GitLabBrowser'
                      Specify the HTTP URL for this project's GitLab page so that links to changes can be automatically generated by Jenkins. The URL needs to include the owner and project. If the GitLab server is https://gitLab.example.com then the URL for bob's skunkworks project might be https://gitLab.example.com/bob/skunkworks.
                      • projectUrl : String
                        Specify the HTTP URL for this project's GitLab page. The URL needs to include the owner and project so, for example, if the GitLab server is https://gitLab.example.com then the URL for bob's skunkworks project might be https://gitLab.example.com/bob/skunkworks
                    • gitList
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://gitlist.example.com/repo/).
                    • gitWeb
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://github.com/jenkinsci/jenkins.git).
                    • $class: 'GiteaBrowser'
                      • repoUrl : String
                        Specify the HTTP URL for this repository's Gitea page. The URL needs to include the owner and repository so, for example, if the Gitea server is https://gitea.example.com then the URL for bob's skunkworks project repository might be https://gitea.example.com/bob/skunkworks
                    • github
                      • repoUrl : String
                        Specify the HTTP URL for this repository's GitHub page (such as https://github.com/jquery/jquery).
                    • gitiles
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://gwt.googlesource.com/gwt/).
                    • $class: 'GitoriousWeb'
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://gitorious.org/gitorious/mainline).
                    • gogs
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://gogs.example.com/username/some-repo-url.git).
                    • kiln
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://khanacademy.kilnhg.com/Code/Website/Group/webapp).
                    • phabricator
                      • repoUrl : String
                        Specify the phabricator instance root URL (such as https://phabricator.example.com).
                      • repo : String
                        Specify the repository name in phabricator (such as the foo part of phabricator.example.com/diffusion/foo/browse).
                    • redmine
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://redmine.example.com/PATH/projects/PROJECT/repository).
                    • rhodeCode
                      • repoUrl : String
                        Specify the HTTP URL for this repository's RhodeCode page (such as https://rhodecode.example.com/projects/PROJECT/repos/REPO/).
                    • $class: 'ScmManagerGitRepositoryBrowser'
                      • repoUrl : String
                        Specify the root URL serving this repository (such as https://scm-manager.org/scm/repo/namespace/name).
                    • $class: 'Stash'
                      • repoUrl : String
                        Specify the HTTP URL for this repository's Stash page (such as https://stash.example.com/projects/PROJECT/repos/REPO/).
                    • teamFoundation
                      • repoUrl : String
                        Either the name of the remote whose URL should be used, or the URL of this module in TFS (such as https://tfs.example.com/tfs/PROJECT/_git/REPO/). If empty (default), the URL of the "origin" repository is used.

                        If TFS is also used as the repository server, this can usually be left blank.

                    • $class: 'TracGitRepositoryBrowser'
                      • $class: 'TuleapBrowser'
                        Specify the HTTPS URL for the Tuleap Git repository so that links to changes can be automatically generated by Jenkins.
                        • repositoryUrl : String
                          The URL is the web URL of the Tuleap Git repository.
                      • viewgit
                        • repoUrl : String
                          Specify the root URL serving this repository (such as https://git.example.com/viewgit/).
                        • projectName : String
                          Specify the name of the project in ViewGit (e.g. scripts, scuttle etc. from https://code.fealdia.org/viewgit/).
                  • gitHubAgedRefsTrait
                    Defines the number of days to accept an unmodified git ref as candidate for being built (supposing it contains a Jenkinsfile). In a practical effect it is a ripoff from the Orphaned Item Strategy but on indexing time.
                    • retentionDays : String
                  • gitHubBranchCommitSkipTrait
                    Branches whose last commit's message contains (case insensitive) the pattern "[ci skip]" or "[skip ci]" will be ignored.
                    • gitHubCommitSkipTrait
                      Pull requests whose last commit's message contains (case insensitive) the pattern "[ci skip]" or "[skip ci]" will be ignored.
                      • $class: 'GitHubJiraValidatorTrait'
                        Enforces a pull request to be filled with a title containing a single and unresolved Jira ticket, formatted as defined at the global config (defaulting matching as JENKINS-1234).
                        • jiraServerIdx : int
                      • gitHubSourceChecks
                        • verboseConsoleLog : boolean (optional)
                          If this option is checked, verbose log will be output to build console; the verbose log is useful for debugging the publisher creation.
                      • gitHubStatusChecks
                        • name : String (optional)
                        • skip : boolean (optional)
                        • skipNotifications : boolean (optional)
                          If this option is checked, the notifications sent by the GitHub Branch Source Plugin will be disabled.
                        • skipProgressUpdates : boolean (optional)
                        • suppressLogs : boolean (optional)
                        • unstableBuildNeutral : boolean (optional)
                      • lfs
                        • gitlabAvatar
                          • disableProjectAvatar : boolean (optional)
                            Due to a GitLab bug, sometimes it is not possible to GitLab API to fetch GitLab Avatar for private projects or when the api doesn't have token access. You may choose to skip avatar for projects if you want to avoid broken or self generated avatars.
                        • gitlabSkipNotifications
                          • gitTool
                            • gitTool : String
                          • $class: 'HookRegistrationTrait'
                            • webHookMode : String
                            • systemHookMode : String
                          • gitHubIgnoreDraftPullRequestFilter
                            • ignoreOnPush
                              • jervisFilter

                                This will look at the root of a GitHub reference for .jervis.yml for the branches and tags filtering. You can customize the name of the YAML file searched for if you like.

                                For Tags:

                                • It will filter for the tag name.

                                For Branches:

                                • It will filter for the branch name.
                                • It will filter for pull requests destined for the branch name.

                                Example YAML

                                branches:
                                  only:
                                    - master
                                

                                More on specify branches and tags to build

                                By default Jervis will generate Jenkins jobs for all branches that have a .jervis.yml file. You can control and limit this behavior by specifying the branches or tags key in your .jervis.yml.

                                Whitelist or blacklist branches and tags

                                You can either whitelist or blacklist branches that you want to be built:

                                # blacklist
                                branches:
                                  except:
                                    - legacy
                                    - experimental
                                
                                # whitelist
                                branches:
                                  only:
                                    - master
                                    - stable
                                

                                The same YAML can be applied to tags.

                                # blacklist
                                tags:
                                  except:
                                    - .*-rc
                                    - .*-beta
                                
                                # whitelist
                                tags:
                                  only:
                                    - v[.0-9]+
                                

                                If you specify both only and except, then except will be ignored. .jervis.yml needs to be present on all branches you want to be built. .jervis.yml will be interpreted in the context of that branch so if you specify a whitelist in your master branch it will not propagate to other branches.

                                Using regular expressions

                                You can use regular expressions to whitelist or blacklist branches:

                                branches:
                                  only:
                                    - master
                                    - /^[.0-9]+-hotfix$/
                                

                                Any name surrounded with / in the list of branches is treated as a regular expression. The expression will use Pattern.compile to compile the regex string into a Groovy regular expression.

                                • yamlFileName : String

                                  The filename which will be read from GitHub to determine if a Jenkins branch, tag, or pull request should be built. Provide a comma separated list of paths to YAML files in a repository and it will check each path as a fallback.

                                  For example, set the value to: .jervis.yml, .ci/jervis.yml and this plugin will first check for valid YAML in .jervis.yml. If no YAML exists, then it will fall back to checking .ci/jervis.yml.

                              • localBranch
                                • logComment
                                  • logSuccess : boolean (optional)
                                    Sometimes the user doesn't want to log the builds that succeeded. The trait only enable logging of failed/aborted builds by default. Select this option to include logging of successful builds as well.
                                  • sudoUser : String (optional)
                                    Enter a sudo username of the user you want to comment as on GitLab Server. Remember the token specified should have api and sudo access both (which can only be created by your GitLab Server Admin). It is recommended to create a dummy user in your GitLab Server with an appropriate username like `jenkinsadmin` etc. Leave empty if you want use the owner of the project as the commenter.
                                • $class: 'MercurialBrowserSCMSourceTrait'
                                  • browser
                                      Nested Choice of Objects
                                    • $class: 'FishEye'
                                      • url : String
                                        Specify the root URL serving this repository, such as: http://www.example.org/browse/hg/
                                    • $class: 'GoogleCode'
                                      • url : String
                                        Specify the root URL serving this repository (such as this).
                                    • $class: 'HgWeb'
                                      • url : String
                                        Specify the root URL serving this repository (such as this).
                                    • $class: 'Kallithea'
                                      • url : String
                                        Specify the root URL serving this repository (such as this).
                                    • $class: 'KilnHG'
                                      • url : String
                                        Specify the root URL serving this repository (such as this).
                                    • $class: 'RhodeCode'
                                      • url : String
                                        Specify the root URL serving this repository (such as this).
                                    • $class: 'RhodeCodeLegacy'
                                      • url : String
                                        Specify the root URL serving this repository (such as this).
                                    • $class: 'ScmManager'
                                      • url : String
                                        Specify the root URL serving this repository (such as http://YOURSCMMANAGER/scm/repo/NAMESPACE/NAME/).
                                • $class: 'MercurialInstallationSCMSourceTrait'
                                  • installation : String
                                • $class: 'NotificationContextTrait'
                                  Defines a custom context label to be sent as part of Github Status notifications for this project.
                                  • contextLabel : String
                                    The text of the context label for Github status notifications.
                                  • typeSuffix : boolean

                                    Appends the relevant suffix to the context label based on the build type. '/pr-merge', '/pr-head' or '/branch'

                                • gitLabOriginDiscovery
                                  Discovers merge requests where the origin project is the same as the target project.
                                  • strategyId : int
                                    Determines how merge requests are discovered:
                                    Merging the merge request with the current target branch revision
                                    Discover each merge request once with the discovered revision corresponding to the result of merging with the current revision of the target branch
                                    The current merge request revision
                                    Discover each merge request once with the discovered revision corresponding to the merge request head revision without merging
                                    Both the current merge request revision and the merge request merged with the current target branch revision
                                    Discover each merge request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the merge request head revision without merging
                                • $class: 'PathBasedPullRequestFilterTrait'
                                  • inclusionField : String
                                    If any of the changed files in a discovered PR match this regex then it will generate a build (unless excluded by the exclusion regex).
                                  • exclusionField : String
                                    Any changed files in a discovered pull request that matches this regex will not be considered for the inclusion regex.
                                • $class: 'PreBuildMergeTrait'
                                  • extension
                                      Nested Object
                                      These options allow you to perform a merge to a particular branch before building. For example, you could specify an integration branch to be built, and to merge to master. In this scenario, on every change of integration, Jenkins will perform a merge with the master branch, and try to perform a build if the merge is successful. It then may push the merge back to the remote repository if the Git Push post-build action is selected.
                                    • options
                                        Nested Object
                                      • mergeTarget : String
                                        The name of the branch within the named repository to merge to, such as master.
                                      • fastForwardMode (optional)
                                        Merge fast-forward mode selection.
                                        The default, --ff, gracefully falls back to a merge commit when required.
                                        For more information, see the Git Merge Documentation
                                        • Values: FF, FF_ONLY, NO_FF
                                      • mergeRemote : String (optional)
                                        Name of the repository, such as origin, that contains the branch you specify below. If left blank, it'll default to the name of the first repository configured above.
                                      • mergeStrategy (optional)
                                        Merge strategy selection. This feature is not fully implemented in JGIT.
                                        • Values: DEFAULT, RESOLVE, RECURSIVE, OCTOPUS, OURS, SUBTREE, RECURSIVE_THEIRS
                                • $class: 'PretestedIntegrationSCMTrait'
                                  • extension
                                      Nested Object
                                    • gitIntegrationStrategy
                                        Nested Choice of Objects
                                      • accumulated

                                        Accumulated Commit Strategy

                                        This strategy merges your commits with the --no-ff switch
                                        • shortCommitMessage : boolean (optional)
                                      • ffonly

                                        Fast Forward only (--ff-only) Strategy

                                        This strategy fast-forward only using the --ff-only switch - or fails
                                        • shortCommitMessage : boolean (optional)
                                      • squash

                                        Squashed Commit Strategy

                                        This strategy squashes all your commit on a given branch with the --squash option
                                      • integrationBranch : String

                                        What to specify

                                        The branch name must match your integration branch name. No trailing slash.

                                        Merge is performed the following way

                                        Squash commit
                                                    git checkout -B <Branch name> <Repository name>/<Branch name>
                                                    git merge --squash <Branch matched by git>
                                                    git commit -C <Branch matched by git>
                                        Accumulated commit
                                                    git checkout -B <Branch name> <Repository name>/<Branch name>
                                                    git merge -m <commitMsg> <Branch matched by git> --no-ff

                                        When changes are pushed to the integration branch?

                                        Changes are only ever pushed when the build results is SUCCESS

                                                    git push <Repository name> <Branch name>
                                      • repoName : String

                                        What to specify

                                        The repository name. In git the repository is always the name of the remote. So if you have specified a repository name in your Git configuration. You need to specify the exact same name here, otherwise no integration will be performed. We do the merge based on this.

                                        No trailing slash on repository name.

                                        Remember to specify this when working with NAMED repositories in Git

                                  • pruneStaleBranch
                                    • pruneStaleTag
                                      • bitbucketPublicRepoPullRequestFilter
                                        If the repository being scanned is a public repository, this behaviour will exclude all pull requests. (Note: This behaviour is not especially useful if scanning a single repository as you could just not include the pull request discovery behaviours in the first place)
                                        • $class: 'PullRequestDiscoveryTrait'
                                          • excludeBranchesWithPRs : boolean
                                            Exclude branches for which there is an open pull request
                                        • $class: 'PullRequestLabelsBlackListFilterTrait'
                                          Filter github pull requests out by labels matching any labels specified.
                                          • labels : String
                                            Labels to match a pull request. Use ',' to split multiple labels.
                                        • $class: 'PullRequestLabelsMatchAllFilterTrait'
                                          Filter github pull requests by labels matching all labels specified.
                                          • labels : String
                                            Labels to match a pull request. Use ',' to split multiple labels.
                                        • $class: 'PullRequestLabelsMatchAnyFilterTrait'
                                          Filter github pull requests by labels matching any labels specified.
                                          • labels : String
                                            Labels to match a pull request. Use ',' to split multiple labels.
                                        • $class: 'PullRequestNameFilterTrait'
                                          Filter Bitbucket Pull Requests by matching in title any phrase specified.
                                          • strategyId : int
                                          • phrase : String
                                            Phrases to match a title of the pull request. Use ',' to split multiple phrases - only for no regular expression.
                                          • ignoreCase : boolean
                                            Case sensitivity defines whether uppercase and lowercase letters are treated as distinct (unchecked) or equivalent (checked).
                                          • regex : boolean
                                            Treat a phrase as a regular expression. Note, the comma character is part of the expression!
                                        • $class: 'PullRequestSourceBranchFilterTrait'
                                          Filter Bitbucket Pull Requests by source branch.
                                          • strategyId : int
                                          • phrase : String
                                            Phrases to match a title of the pull request. Use ',' to split multiple phrases - only for no regular expression.
                                          • ignoreCase : boolean
                                            Case sensitivity defines whether uppercase and lowercase letters are treated as distinct (unchecked) or equivalent (checked).
                                          • regex : boolean
                                            Treat a phrase as a regular expression. Note, the comma character is part of the expression!
                                        • $class: 'PullRequestTargetBranchFilterTrait'
                                          Filter Bitbucket Pull Requests by target branch.
                                          • strategyId : int
                                          • phrase : String
                                            Phrases to match a title of the pull request. Use ',' to split multiple phrases - only for no regular expression.
                                          • ignoreCase : boolean
                                            Case sensitivity defines whether uppercase and lowercase letters are treated as distinct (unchecked) or equivalent (checked).
                                          • regex : boolean
                                            Treat a phrase as a regular expression. Note, the comma character is part of the expression!
                                        • refSpecs
                                          • templates
                                              Array / List of Nested Object
                                            • value : String
                                              A ref spec to fetch. Any occurrences of @{remote} will be replaced by the remote name (which defaults to origin) before use.
                                        • headRegexFilterWithPRFromOrigin
                                          • regex : String
                                            A Java regular expression to restrict the names. Names that do not match the supplied regular expression will be ignored.
                                          • tagRegex : String
                                            A Java regular expression to restrict the names. Names for tags that do not match the supplied regular expression will be ignored.
                                        • remoteName
                                          • remoteName : String
                                        • $class: 'ScmManagerBranchDiscoveryTrait'
                                          • sparseCheckoutPaths
                                            • extension
                                                Nested Object

                                                Specify the paths that you'd like to sparse checkout. This may be used for saving space (Think about a reference repository). Be sure to use a recent version of Git, at least above 1.7.10

                                              • sparseCheckoutPaths
                                                  Array / List of Nested Object
                                                • path : String
                                          • submoduleOption
                                            • extension
                                                Nested Object
                                              • depth : int (optional)
                                                Set shallow clone depth, so that git will only download recent history of the project, saving time and disk space when you just want to access the latest commits of a repository.
                                              • disableSubmodules : boolean (optional)
                                                By disabling support for submodules you can still keep using basic git plugin functionality and just have Jenkins to ignore submodules completely as if they didn't exist.
                                              • parentCredentials : boolean (optional)
                                                Use credentials from the default remote of the parent project.
                                              • recursiveSubmodules : boolean (optional)
                                                Retrieve all submodules recursively (uses '--recursive' option which requires git>=1.6.5)
                                              • reference : String (optional)
                                                Specify a folder containing a repository that will be used by Git as a reference during clone operations.
                                                This option will be ignored if the folder is not available on the controller or agent where the clone is being executed.
                                                To prepare a reference folder with multiple subprojects, create a bare git repository and add all the remote urls then perform a fetch:
                                                  git init --bare
                                                  git remote add SubProject1 https://gitrepo.com/subproject1
                                                  git remote add SubProject2 https://gitrepo.com/subproject2
                                                  git fetch --all
                                                  
                                              • shallow : boolean (optional)
                                                Perform shallow clone, so that git will not download the history of the project, saving time and disk space when you just want to access the latest version of a repository.
                                              • threads : int (optional)
                                                Specify the number of threads that will be used to update submodules.
                                                If unspecified, the command line git default thread count is used.
                                              • timeout : int (optional)
                                                Specify a timeout (in minutes) for submodules operations.
                                                This option overrides the default timeout of 10 minutes.
                                                You can change the global git timeout via the property org.jenkinsci.plugins.gitclient.Git.timeOut (see JENKINS-11286). Note that property should be set on both controller and agent to have effect (see JENKINS-22547).
                                              • trackingSubmodules : boolean (optional)
                                                Retrieve the tip of the configured branch in .gitmodules (Uses '--remote' option which requires git>=1.8.2)
                                          • mrTriggerComment
                                            • commentBody : String
                                              Add comment body you want to use to instruct Jenkins CI to rebuild the MR
                                            • onlyTrustedMembersCanTrigger : boolean
                                          • tuleapBranchDiscovery
                                            • tuleapNotifyPullRequest
                                              • tuleapForkPullRequestDiscovery
                                                • tuleapPullRequestDiscovery
                                                  • userIdentity
                                                    • extension
                                                        Nested Object
                                                      • name : String

                                                        If given, "GIT_COMMITTER_NAME=[this]" and "GIT_AUTHOR_NAME=[this]" are set for builds. This overrides whatever is in the global settings.

                                                      • email : String

                                                        If given, "GIT_COMMITTER_EMAIL=[this]" and "GIT_AUTHOR_EMAIL=[this]" are set for builds. This overrides whatever is in the global settings.

                                                  • bitbucketWebhookConfiguration

                                                    Sets the value for committersToIgnore in the Bitbucket Webhook. Value should be a comma separated string.

                                                    committerToIgnore is used to prevent triggering Jenkins builds when commits by certain users are made.

                                                    • committersToIgnore : String
                                                  • WebhookListenerBuildConditionsTrait
                                                    • alwaysBuildMROpen : boolean (optional)
                                                    • alwaysBuildMRReOpen : boolean (optional)
                                                    • alwaysIgnoreMRApproval : boolean (optional)
                                                    • alwaysIgnoreMRApproved : boolean (optional)
                                                    • alwaysIgnoreMRUnApproval : boolean (optional)
                                                    • alwaysIgnoreMRUnApproved : boolean (optional)
                                                    • alwaysIgnoreMRWorkInProgress : boolean (optional)
                                                    • alwaysIgnoreNonCodeRelatedUpdates : boolean (optional)
                                                      GitLab will send a webhook to Jenkins when there are updates to the MR including title changes, labels removed/added, etc. Enabling this option will prevent a build running if the cause was one of these updates. Note: these settings do not have any impact on build from comment settings.
                                                  • headWildcardFilterWithPRFromOrigin
                                                    • includes : String
                                                      Space-separated list of branch name patterns to consider. You may use * as a wildcard; for example: master release*
                                                    • excludes : String
                                                      Branch name patterns to ignore even if matched by the includes list. For example: release
                                                    • tagIncludes : String
                                                      Space-separated list of tag name patterns to consider. You may use * as a wildcard; for example: *-1.* to build only 1.0 tags from the maven release plugin.
                                                    • tagExcludes : String
                                                      Tag name patterns to ignore even if matched by the tag includes list. For example: *-0.*
                                                  • $class: 'WipeWorkspaceTrait'
                                                    • bitbucketBranchDiscovery
                                                      Discovers branches on the repository.
                                                      • strategyId : int
                                                        Determines which branches are discovered.
                                                        Exclude branches that are also filed as PRs
                                                        If you are discovering origin pull requests, it may not make sense to discover the same changes both as a pull request and as a branch.
                                                        Only branches that are also filed as PRs
                                                        Discovers branches that have PR's associated with them. This may make sense if you have a notification sent to the team at the end of a triggered build or limited Jenkins resources.
                                                        All branches
                                                        Ignores whether the branch is also filed as a pull request and instead discovers all branches on the origin repository.
                                                    • bitbucketForkDiscovery
                                                      Discovers pull requests where the origin repository is a fork of the target repository.
                                                      • strategyId : int
                                                        Determines how pull requests are discovered.
                                                        Merging the pull request with the current target branch revision
                                                        Discover each pull request once with the discovered revision corresponding to the result of merging with the current revision of the target branch
                                                        The current pull request revision
                                                        Discover each pull request once with the discovered revision corresponding to the pull request head revision without merging
                                                        Both the current pull request revision and the pull request merged with the current target branch revision
                                                        Discover each pull request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the pull request head revision without merging
                                                      • trust

                                                        One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit some changes to their fork and then create a pull request against the original repository with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests. In order to protect against a malicious pull request itself modifying the Jenkinsfile to remove the protections, you can define the trust policy for pull requests from forks.

                                                        Other plugins can extend the available trust policies. The default policies are:

                                                        Nobody
                                                        Pull requests from forks will all be treated as untrusted. This means that where Jenkins requires a trusted file (e.g. Jenkinsfile) the contents of that file will be retrieved from the target branch on the origin repository and not from the pull request branch on the fork repository.
                                                        Forks in the same account
                                                        Bitbucket allows for a repository to be forked into a "sibling" repository in the same account but using a different name. This strategy will trust any pull requests from forks that are in the same account as the target repository on the basis that users have to have been granted write permission to account in order create such a fork.
                                                        Everyone
                                                        All pull requests from forks will be treated as trusted. NOTE: this option can be dangerous if used on a public repository hosted on Bitbucket Cloud.
                                                        • Type: jenkins.scm.api.trait.SCMHeadAuthority<? super com.cloudbees.jenkins.plugins.bitbucket.BitbucketSCMSourceRequest, ? extends jenkins.scm.api.mixin.ChangeRequestSCMHead2, ? extends jenkins.scm.api.SCMRevision>
                                                    • bitbucketPullRequestDiscovery
                                                      Discovers pull requests where the origin repository is the same as the target repository.
                                                      • strategyId : int
                                                        Determines how pull requests are discovered.
                                                        Merging the pull request with the current target branch revision
                                                        Discover each pull request once with the discovered revision corresponding to the result of merging with the current revision of the target branch
                                                        The current pull request revision
                                                        Discover each pull request once with the discovered revision corresponding to the pull request head revision without merging
                                                        Both the current pull request revision and the pull request merged with the current target branch revision
                                                        Discover each pull request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the pull request head revision without merging
                                                    • bitbucketSshCheckout
                                                      By default the discovered branches / pull requests will all use the same credentials that were used for discovery when checking out sources. This means that the checkout will be using the https:// protocol for the Git repository.

                                                      This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh:// protocol.

                                                      • credentialsId : String
                                                        Credentials used to check out sources.

                                                        It must be a SSH key based credential.

                                                    • bitbucketTagDiscovery
                                                      Discovers tags on the repository.
                                                      • bitbucketWebhookRegistration

                                                        Overrides the defaults for webhook management.

                                                        Webhooks are used to inform Jenkins about changes to repositories. There are two ways webhooks can be configured:

                                                        • Manual webhook configuration requires the user to configure Bitbucket with the Jenkins URL in order to ensure that Bitbucket will send the events to Jenkins after every change.
                                                        • Automatic webhook configuration requires that Jenkins has credentials with sufficient permission to configure webhooks and also that Jenkins knows the URL that Bitbucket can connect to.

                                                        The Manage Jenkins » Configure Jenkins › Bitbucket Endpoints allows defining the list of servers. Each server can be associated with credentials. If credentials are defined then the default behaviour is to use those credentials to automatically manage the webhooks of all repositories that Jenkins is interested in. If no credentials are defined then the default behaviour is to require the user to manually configure webhooks.

                                                        • mode : String
                                                          There are two available modes:
                                                          Disable hook management
                                                          Disables hook management irrespective of the global defaults.
                                                          Use item credentials for hook management
                                                          Enabled hook management but uses the selected credentials to manage the hooks rather than those defined in Manage Jenkins » Configure Jenkins › Bitbucket Endpoints
                                                      • $class: 'com.cloudogu.scmmanager.scm.BranchDiscoveryTrait'
                                                        • $class: 'com.cloudogu.scmmanager.scm.TagDiscoveryTrait'
                                                          • dagshubBranchDiscovery
                                                            • $class: 'io.jenkins.plugins.dagshubbranchsource.traits.ForkPullRequestDiscoveryTrait'
                                                              • buildOnPullHead : boolean (optional)
                                                                If checked, then the build will run on the commit at the tip of the pull request head, instead of first trying to merge it into the target branch and then running the build on the merged commit.
                                                            • $class: 'io.jenkins.plugins.dagshubbranchsource.traits.OriginPullRequestDiscoveryTrait'
                                                              • buildOnPullHead : boolean (optional)
                                                                If checked, then the build will run on the commit at the tip of the pull request head, instead of first trying to merge it into the target branch and then running the build on the merged commit.
                                                            • dagshubTagDiscovery
                                                              • gitLabBranchDiscovery
                                                                Discovers branches on the repository.
                                                                • strategyId : int
                                                                  Determines which branches are discovered.
                                                                  Only branches that are not also filed as MRs
                                                                  If you are discovering origin merge requests, it may not make sense to discover the same changes both as a merge request and as a branch.
                                                                  Only branches that are also filed as MRs
                                                                  This option exists to preserve legacy behaviour when upgrading from older versions of the plugin. NOTE: If you have an actual use case for this option please file a merge request against this text.
                                                                  All branches
                                                                  Ignores whether the branch is also filed as a merge request and instead discovers all branches on the origin project.
                                                              • $class: 'io.jenkins.plugins.gitlabbranchsource.SSHCheckoutTrait'
                                                                By default the discovered branches / merge requests will all use the same username / password credentials that were used for discovery when checking out sources. This means that the checkout will be using the https:// protocol for the Git repository.

                                                                This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh:// protocol.

                                                                • credentialsId : String
                                                                  Credentials used to check out sources. Must be a SSH key based credential.
                                                              • gitLabTagDiscovery
                                                                • gitBranchDiscovery
                                                                  Discovers branches on the repository.
                                                                  • gitTagDiscovery
                                                                    Discovers tags on the repository.
                                                                    • headRegexFilter
                                                                      • regex : String
                                                                        A Java regular expression to restrict the names. Names that do not match the supplied regular expression will be ignored.
                                                                        NOTE: this filter will be applied to all branch like things, including change requests
                                                                    • headWildcardFilter
                                                                      • includes : String
                                                                        Space-separated list of name patterns to consider. You may use * as a wildcard; for example: master release*
                                                                        NOTE: this filter will be applied to all branch like things, including change requests
                                                                      • excludes : String
                                                                        Space-separated list of name patterns to ignore even if matched by the includes list. For example: release alpha-* beta-*
                                                                        NOTE: this filter will be applied to all branch like things, including change requests
                                                                    • headRegexFilterWithPR
                                                                      • regex : String
                                                                        A Java regular expression to restrict the names. Names that do not match the supplied regular expression will be ignored.
                                                                      • tagRegex : String
                                                                        A Java regular expression to restrict the names. Names for tags that do not match the supplied regular expression will be ignored.
                                                                    • headWildcardFilterWithPR
                                                                      • includes : String
                                                                        Space-separated list of branch name patterns to consider. You may use * as a wildcard; for example: master release*
                                                                      • excludes : String
                                                                        Branch name patterns to ignore even if matched by the includes list. For example: release
                                                                      • tagIncludes : String
                                                                        Space-separated list of tag name patterns to consider. You may use * as a wildcard; for example: *-1.* to build only 1.0 tags from the maven release plugin.
                                                                      • tagExcludes : String
                                                                        Tag name patterns to ignore even if matched by the tag includes list. For example: *-0.*
                                                                    • giteaBranchDiscovery
                                                                      Discovers branches on the repository.
                                                                      • strategyId : int
                                                                        Determines which branches are discovered.
                                                                        Exclude branches that are also filed as PRs
                                                                        If you are discovering origin pull requests, it may not make sense to discover the same changes both as a pull request and as a branch.
                                                                        Only branches that are also filed as PRs
                                                                        This option exists to preserve legacy behaviour when upgrading from older versions of the plugin. NOTE: If you have an actual use case for this option please file a pull request against this text.
                                                                        Only branches that are also filed as PRs or main
                                                                        Discover branches that are also files as PRs (have open PRs) or that are the master / main branch.
                                                                        All branches
                                                                        Ignores whether the branch is also filed as a pull request and instead discovers all branches on the origin repository.
                                                                    • giteaForkDiscovery
                                                                      Discovers pull requests where the origin repository is a fork of the target repository.
                                                                      • strategyId : int
                                                                        Determines how pull requests are discovered:
                                                                        Merging the pull request with the current target branch revision
                                                                        Discover each pull request once with the discovered revision corresponding to the result of merging with the current revision of the target branch
                                                                        The current pull request revision
                                                                        Discover each pull request once with the discovered revision corresponding to the pull request head revision without merging
                                                                        Both the current pull request revision and the pull request merged with the current target branch revision
                                                                        Discover each pull request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the pull request head revision without merging
                                                                      • trust

                                                                        One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit some changes to their fork and then create a pull request against the original repository with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests. In order to protect against a malicious pull request itself modifying the Jenkinsfile to remove the protections, you can define the trust policy for pull requests from forks.

                                                                        Other plugins can extend the available trust policies. The default policies are:

                                                                        Nobody
                                                                        Pull requests from forks will all be treated as untrusted. This means that where Jenkins requires a trusted file (e.g. Jenkinsfile) the contents of that file will be retrieved from the target branch on the origin repository and not from the pull request branch on the fork repository.
                                                                        Contributors
                                                                        Pull requests from collaborators to the origin repository will be treated as trusted, all other pull requests from fork repositories will be treated as untrusted. Note that if credentials used by Jenkins for scanning the repository does not have permission to query the list of contributors to the origin repository then only the origin account will be treated as trusted - i.e. this will fall back to Nobody.
                                                                        Everyone
                                                                        All pull requests from forks will be treated as trusted. NOTE: this option can be dangerous if used on a public repository hosted on a Gitea instance that allows signup.
                                                                          Nested Choice of Objects
                                                                        • gitLabTrustMembers
                                                                          • bitbucketTrustTeam
                                                                            • bitbucketTrustEveryone
                                                                              • bitbucketTrustNobody
                                                                                • gitLabTrustEveryone
                                                                                  • gitLabTrustNobody
                                                                                    • gitLabTrustPermissions
                                                                                      • giteaTrustContributors
                                                                                        • giteaTrustEveryone
                                                                                          • giteaTrustNobody
                                                                                            • gitHubTrustContributors
                                                                                              • gitHubTrustEveryone
                                                                                                • gitHubTrustNobody
                                                                                                  • gitHubTrustPermissions
                                                                                                • giteaPullRequestDiscovery
                                                                                                  Discovers pull requests where the origin repository is the same as the target repository.
                                                                                                  • strategyId : int
                                                                                                    Determines how pull requests are discovered:
                                                                                                    Merging the pull request with the current target branch revision
                                                                                                    Discover each pull request once with the discovered revision corresponding to the result of merging with the current revision of the target branch
                                                                                                    The current pull request revision
                                                                                                    Discover each pull request once with the discovered revision corresponding to the pull request head revision without merging
                                                                                                    Both the current pull request revision and the pull request merged with the current target branch revision
                                                                                                    Discover each pull request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the pull request head revision without merging
                                                                                                • giteaSSHCheckout
                                                                                                  By default the discovered branches / pull requests will all use the same username / password credentials that were used for discovery when checking out sources. This means that the checkout will be using the https:// protocol for the Git repository.

                                                                                                  This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh:// protocol.

                                                                                                  • credentialsId : String
                                                                                                    Credentials used to check out sources. Must be a SSH key based credential.
                                                                                                • giteaTagDiscovery
                                                                                                  • giteaWebhookRegistration

                                                                                                    Overrides the defaults for webhook management.

                                                                                                    Webhooks are used to inform Jenkins about changes to repositories. There are two ways webhooks can be configured:

                                                                                                    • Manual webhook configuration requires the user to configure Gitea with the Jenkins URL in order to ensure that Gitea will send the events to Jenkins after every change.
                                                                                                    • Automatic webhook configuration requires that Jenkins has credentials with sufficient permission to configure webhooks and also that Jenkins knows the URL that Gitea can connect to.

                                                                                                    The Manage Jenkins » Configure System › Gitea Server allows defining the list of servers. Each server can be associated with credentials. If credentials are defined then the default behaviour is to use those credentials to automatically manage the webhooks of all repositories that Jenkins is interested in. If no credentials are defined then the default behaviour is to require the user to manually configure webhooks.

                                                                                                    • mode : String
                                                                                                      There are two available modes:
                                                                                                      Disable hook management
                                                                                                      Disables hook management irrespective of the global defaults.
                                                                                                      Use item credentials for hook management
                                                                                                      Enabled hook management but uses the selected credentials to manage the hooks rather than those defined in Manage Jenkins » Configure System › Gitea Server
                                                                                                  • gitHubBranchDiscovery
                                                                                                    Discovers branches on the repository.
                                                                                                    • strategyId : int
                                                                                                      Determines which branches are discovered.
                                                                                                      Exclude branches that are also filed as PRs
                                                                                                      If you are discovering origin pull requests, you may not want to also build the source branches for those pull requests.
                                                                                                      Only branches that are also filed as PRs
                                                                                                      Similar to discovering origin pull requests, but discovers the branch rather than the pull request. This means env.GIT_BRANCH will be set to the branch name rather than PR-#. Also, status notifications for these builds will only be applied to the commit and not to the pull request.
                                                                                                      All branches
                                                                                                      Ignores whether the branch is also filed as a pull request and instead discovers all branches on the origin repository.
                                                                                                  • gitHubForkDiscovery
                                                                                                    Discovers pull requests where the origin repository is a fork of the target repository.
                                                                                                    • strategyId : int
                                                                                                      Determines how pull requests are discovered:
                                                                                                      Merging the pull request with the current target branch revision
                                                                                                      Discover each pull request once with the discovered revision corresponding to the result of merging with the current revision of the target branch. Note that pushes to the target branch will result in new pull request builds.
                                                                                                      The current pull request revision
                                                                                                      Discover each pull request once with the discovered revision corresponding to the pull request head revision without merging.
                                                                                                      Both the current pull request revision and the pull request merged with the current target branch revision
                                                                                                      Discover each pull request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the pull request head revision without merging.
                                                                                                    • trust

                                                                                                      One of the great powers of pull requests is that anyone with read access to a repository can fork it, commit some changes to their fork and then create a pull request against the original repository with their changes. There are some files stored in source control that are important. For example, a Jenkinsfile may contain configuration details to sandbox pull requests in order to mitigate against malicious pull requests. In order to protect against a malicious pull request itself modifying the Jenkinsfile to remove the protections, you can define the trust policy for pull requests from forks.

                                                                                                      Other plugins can extend the available trust policies. The default policies are:

                                                                                                      Nobody
                                                                                                      Pull requests from forks will all be treated as untrusted. This means that where Jenkins requires a trusted file (e.g. Jenkinsfile) the contents of that file will be retrieved from the target branch on the origin repository and not from the pull request branch on the fork repository.
                                                                                                      Collaborators
                                                                                                      Pull requests from collaborators to the origin repository will be treated as trusted, all other pull requests from fork repositories will be treated as untrusted. Note that if credentials used by Jenkins for scanning the repository does not have permission to query the list of collaborators to the origin repository then only the origin account will be treated as trusted - i.e. this will fall back to Nobody. NOTE: all collaborators are trusted, even if they are only members of a team with read permission.
                                                                                                      Everyone
                                                                                                      All pull requests from forks will be treated as trusted. NOTE: this option can be dangerous if used on a public repository hosted on GitHub.
                                                                                                      From users with Admin or Write permission
                                                                                                      Pull requests forks will be treated as trusted if and only if the fork owner has either Admin or Write permissions on the origin repository. This is the recommended policy. Note that this strategy requires the Review a user's permission level API, as a result on GitHub Enterprise Server versions before 2.12 this is the same as trusting Nobody.
                                                                                                      • Type: jenkins.scm.api.trait.SCMHeadAuthority<? super org.jenkinsci.plugins.github_branch_source.GitHubSCMSourceRequest, ? extends jenkins.scm.api.mixin.ChangeRequestSCMHead2, ? extends jenkins.scm.api.SCMRevision>
                                                                                                  • gitHubPullRequestDiscovery
                                                                                                    Discovers pull requests where the origin repository is the same as the target repository.
                                                                                                    • strategyId : int
                                                                                                      Determines how pull requests are discovered:
                                                                                                      Merging the pull request with the current target branch revision
                                                                                                      Discover each pull request once with the discovered revision corresponding to the result of merging with the current revision of the target branch. Note that pushes to the target branch will result in new pull request builds.
                                                                                                      The current pull request revision
                                                                                                      Discover each pull request once with the discovered revision corresponding to the pull request head revision without merging.
                                                                                                      Both the current pull request revision and the pull request merged with the current target branch revision
                                                                                                      Discover each pull request twice. The first discovered revision corresponds to the result of merging with the current revision of the target branch in each scan. The second parallel discovered revision corresponds to the pull request head revision without merging.
                                                                                                  • gitHubSshCheckout
                                                                                                    By default the discovered branches / pull requests will all use the same username / password credentials that were used for discovery when checking out sources. This means that the checkout will be using the https:// protocol for the Git repository.

                                                                                                    This behaviour allows you to select the SSH private key to be used for checking out sources, which will consequently force the checkout to use the ssh:// protocol.

                                                                                                    • credentialsId : String
                                                                                                      Credentials used to check out sources. Must be a SSH key based credential.
                                                                                                  • gitHubTagDiscovery
                                                                                                    Discovers tags on the repository.

                                                                                                • Was this page helpful?

                                                                                                  Please submit your feedback about this page through this quick form.

                                                                                                  Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?

                                                                                                      


                                                                                                  See existing feedback here.