Hello,
We would like to clarify the reason we changed Jenkins to no longer run unit
tests on patch submission.
We had to defer code execution to after CR+2 for security reasons. If unit tests
were ran on submission that meant anyone with a labs account could effectively
get shell access on the server.
Because LDAP accounts are now up for open registration (aka free Labs accounts,
and by extend permission to submit patches to Gerrit), that also meant the whole
world would be able to get shell access on the server (via PHP/Nodejs/ant/bash
to infinity and beyond).
This issue will be definitely solved by isolating tests in dedicated virtual
machines for each run. We are investigating Vagrant.
Restricting unit tests is simpler and faster to implement over all the Vagrant
engineering. So "running tests after CR+2" is a temporary measure until the
implementation of Vagrant sandboxes in Jenkins builds is ready.
So, in conclusion: Unit tests will be run again on patch submission once we have
finished integrating Vagrant in Jenkins.
-- The CI team
Antoine & Timo