Skip to content

Fix preapprove() leaving scripts in pendingScripts after approval #908

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
LeCrew163 wants to merge 3 commits into
base: master
Choose a base branch
from
Open

Fix preapprove() leaving scripts in pendingScripts after approval #908

LeCrew163 wants to merge 3 commits into from

Conversation

@LeCrew163
Copy link

@LeCrew163 LeCrew163 commented Jan 27, 2026
edited
Loading

Problem

The preapprove() method adds script hashes to approvedScriptHashes but does not remove matching entries from pendingScripts. This causes scripts to appear with apply/deny buttons in the Jenkins UI even though their hashes are already present in scriptApproval.xml's approvedScriptHashes.

The scripts are technically approved (hash exists in approvedScriptHashes) but the UI incorrectly shows them as pending because they remain in the pendingScripts list.

Solution

This fix makes preapprove() consistent with preapproveAll() by calling removePendingScript() to remove the pending entry after adding to approvedScriptHashes.

Changes

  • Modified preapprove() method to store the hash in a variable
  • Added call to removePendingScript(hash) after adding to approvedScriptHashes

This makes the behavior consistent with preapproveAll() which already clears pendingScripts after approval.

Submitter checklist

  • Make sure you are opening from a topic/feature/bugfix branch (right side) and not your main branch!
  • Ensure that the pull request title represents the desired changelog entry
  • Please describe what you did
  • Link to relevant issues in GitHub or Jira
  • Link to relevant pull requests, esp. upstream and downstream changes
  • Ensure you have provided tests that demonstrate the feature works or the issue is fixed

Fix preapprove() leaving scripts in pendingScripts after approval
01b7c35 
The preapprove() method adds script hashes to approvedScriptHashes but
does not remove matching entries from pendingScripts. This causes scripts
to appear with apply/deny buttons in the Jenkins UI even though their
hashes are already present in scriptApproval.xml's approvedScriptHashes.

The scripts are technically approved (hash exists in approvedScriptHashes)
but the UI incorrectly shows them as pending because they remain in the
pendingScripts list.

This fix makes preapprove() consistent with preapproveAll() by calling
removePendingScript() to remove the pending entry after adding to
approvedScriptHashes.
@LeCrew163 LeCrew163 requested a review from a team as a code owner January 27, 2026 19:53
Nikolai Martyn added 2 commits January 27, 2026 21:33
Add test for preapprove() bug fix
5960419 
Add test case that verifies preapprove() removes scripts from
pendingScripts after adding them to approvedScriptHashes.

The test:
1. Creates a pending script via configuring()
2. Calls preapprove() on it
3. Verifies the hash is in approvedScriptHashes
4. Verifies the script is removed from pendingScripts
Remove accidentally committed .tool-versions file
1f24fc0
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@LeCrew163