[JENKINS-64814] Use API to retrieve project/group avatar where possible #436
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This allows avatars to be retrieved via API if the GitLab server is new enough, so resolving the JENKINS-64814 issue of URL-based avatars not working if the projects are not public. Once installed, projects/groups need to be re-scanned for it to switch to the new method.
My knowledge of Jenkins internals isn't too hot so I had to do a bit of guesswork when it came to access control around the credentials retrieval code. In my testing, the avatar request was always 'anonymous', so no amount of permission checking worked, even if I could figure out what non-null context to use. So I had to bypass it, just for the avatar request anyway.
Testing done
Tested in a (latest LTS) Jenkins and GitLab 17 with
Before the upgrade:
Immediately after the upgrade:
After rescan of each job:
Also checked against an old version of GitLab (13) to ensure the URL-based non-API behaviour is still used even with projects with avatars
Submitter checklist