Guys, It seems we need to stop any activity in this direction.
I have just realized that automatic patch validation (at least in its form we agreed on) opens a huge security hole - anyone who attaches a patch to JIRA can execute literally any code (!) on our public TC - java/bash/binary/built-in OS/etc. Should I continue on what this can lead to? I think no. So, the only acceptable way is to assign committer to review a patch manually and then submit it to TC. Process in my view should be the following: 1. Contributor finishes with the task and attaches a patch to JIRA issue. 2. Committer picks up the issue and reviews the changes. 3. If changes are OK, committer submits them to TC in a separate branch. 4. After TC passes committer merges the changes to the target sprint branch. 5. JIRA issue gets closed. Thoughts? --Yakov 2015-05-05 23:31 GMT+03:00 Konstantin Boudnik <[email protected]>: > Sergey and I had a good Skype call and everything seems to be resolved. The > installed jira-cli tools work just fine http://bit.ly/1c2qmeH > > Attachments and comments do not need to be fetched using jira-cli. The > proposed workflow for the automatic patching is explained at the bottom of > dev-tools/src/main/groovy/jiraslurp.groovy > please let me know if there are any questions about it. > > Sergey will see to make sure that we have parameterized builds, which will > be > triggered from the groovy script above. In fact, that is the last thing > that > is blocking the completion of this task. Looks like our off-line > conversation > with him helped to get the ball rolling! > > Cos > > On Wed, Apr 29, 2015 at 12:45PM, Yakov Zhdanov wrote: > > Cos, > > > > Does cli works on your local machine? > > > > Can you check if our JIRA allows remote API calls -> "Go to > Administration > > -> General Configuration and ensure Accept remote API calls in ON"? > > > > Sergey tried it locally and it just hangs. > > > > > > --Yakov > > > > 2015-04-28 20:30 GMT+03:00 Konstantin Boudnik <[email protected]>: > > > > > Hi Yakov. > > > > > > With jira-cli 3.9 one doesn't need to install anything on the server > side. > > > The > > > older version of the tools work with JIRA backend. The newer version > (not > > > produced by Atlassian anymore) requires some additional stuff to be > set. > > > > > > I will take a look at the agents' configuration later in the day and > will > > > get > > > back to you here. > > > > > > Thanks, > > > Cos > > > > > > On Tue, Apr 28, 2015 at 01:40PM, Yakov Zhdanov wrote: > > > > Cos, > > > > > > > > We still have problem while applying patch on TC. Attachments and > > > comments > > > > cannot be fetched from Jira when using jira-cli on current agents. > > > > > > > > Can you please make sure that server side of jira-cli is properly > > > > installed? Do you know any other way to fetch that? > > > > > > > > --Yakov > > > > > > > > 2015-04-01 6:23 GMT+03:00 Konstantin Boudnik <[email protected]>: > > > > > > > > > oops > > > > > > > > > > s/not/now/g > > > > > > > > > > Cos > > > > > > > > > > On Tue, Mar 31, 2015 at 06:58PM, Dmitriy Setrakyan wrote: > > > > > > On Tue, Mar 31, 2015 at 6:54 PM, Konstantin Boudnik < > > > [email protected]> > > > > > > wrote: > > > > > > > > > > > > Thanks - that's great: not I'd be able to finish up the > > > commenting > > > > > part of the patch validation! > > > > > > > > > > > > Cos, I think some meaning was lost due to typos. Do you mean > that > > > you > > > > > will > > > > > > be able to finish it or will not? > > > > > > > > > > > > Cos > > > > > > > > > > > > On Wed, Apr 01, 2015 at 12:00AM, Sergey Bachinskiy wrote: > > > > > > >A A Hello Konstantin. > > > > > > >A A I've installed lira-cli on all agents (7) - path of > cli > > > is > > > > > > >A A /opt/jira-cli-3.9.0 > > > > > > >A A On Wed, Mar 25, 2015 at 10:16 PM, Konstantin Boudnik > > > > > > <[email protected]> > > > > > > >A A wrote: > > > > >
