From da5599073624b9988338f2f769ea4341fbc0121b Mon Sep 17 00:00:00 2001
From: Piotr Falkowski <iwane@windowslive.com>
Date: Wed, 15 Feb 2023 13:32:40 +0100
Subject: [PATCH] New permissions option for GitHub PR Comment Build plugin

In version 78.v2dcf62ba199b GitHub Pull Request Comment Build Plugin
introduced permissions check for users triggering jobs with comments.
This added a new checkbox/XML element that allows untrusted users to
trigger builds.
(see https://github.com/jenkinsci/github-pr-comment-build-plugin/pull/46)

This commit adds support for this option by allowing dictionary syntax for GH PR Comment Build plugin:
 ```
 - trigger-build-on-pr-review:
    allow-untrusted-users: true
 ```
 while preserving support for currently existing syntax:
 ```
 - trigger-build-on-pr-review: true
 ```

Change-Id: I554129c779161b47cba4566f7821ef7590a242e0
---
 jenkins_jobs/modules/project_multibranch.py   | 69 +++++++++++++---
 tests/conftest.py                             | 10 +--
 ...ithub_comment_plugin_invalid_type001.error |  1 +
 ...github_comment_plugin_invalid_type001.yaml | 17 ++++
 ...ithub_comment_plugin_invalid_type002.error |  1 +
 ...github_comment_plugin_invalid_type002.yaml | 17 ++++
 ...ithub_comment_plugin_invalid_type003.error |  1 +
 ...github_comment_plugin_invalid_type003.yaml | 17 ++++
 ...ithub_comment_plugin_invalid_type004.error |  1 +
 ...github_comment_plugin_invalid_type004.yaml | 16 ++++
 ...ithub_comment_plugin_missing_comment.error |  1 +
 ...github_comment_plugin_missing_comment.yaml | 17 ++++
 .../scm_github_comment_plugin_booleans.xml    | 78 +++++++++++++++++++
 .../scm_github_comment_plugin_booleans.yaml   | 14 ++++
 .../scm_github_comment_plugin_booleans002.xml | 76 ++++++++++++++++++
 ...scm_github_comment_plugin_booleans002.yaml | 14 ++++
 .../scm_github_comment_plugin_booleans003.xml | 78 +++++++++++++++++++
 ...scm_github_comment_plugin_booleans003.yaml | 18 +++++
 .../scm_github_comment_plugin_booleans004.xml | 73 +++++++++++++++++
 ...scm_github_comment_plugin_booleans004.yaml | 14 ++++
 .../scm_github_comment_plugin_booleans005.xml | 73 +++++++++++++++++
 ...scm_github_comment_plugin_booleans005.yaml | 14 ++++
 .../multibranch/fixtures/scm_github_full.xml  |  9 ++-
 .../multibranch/fixtures/scm_github_full.yaml | 10 ++-
 tests/multibranch/test_errors.py              | 37 +++++++++
 25 files changed, 654 insertions(+), 22 deletions(-)
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.error
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.yaml
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.error
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.yaml
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.error
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.yaml
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.error
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.yaml
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.error
 create mode 100644 tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.yaml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans.xml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans.yaml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.xml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.yaml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.xml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.yaml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.xml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.yaml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.xml
 create mode 100644 tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.yaml
 create mode 100644 tests/multibranch/test_errors.py

diff --git a/jenkins_jobs/modules/project_multibranch.py b/jenkins_jobs/modules/project_multibranch.py
index dbf5f6db2..18453f052 100644
--- a/jenkins_jobs/modules/project_multibranch.py
+++ b/jenkins_jobs/modules/project_multibranch.py
@@ -86,7 +86,7 @@ import jenkins_jobs.modules.helpers as helpers
 import six
 
 from jenkins_jobs.modules.scm import git_extensions
-from jenkins_jobs.errors import InvalidAttributeError
+from jenkins_jobs.errors import InvalidAttributeError, MissingAttributeError
 from jenkins_jobs.errors import JenkinsJobsException
 from jenkins_jobs.xml_config import remove_ignorable_whitespace
 
@@ -1468,25 +1468,37 @@ def property_strategies(xml_parent, data):
                 max-survivability (optional)
                 Requires the :jenkins-plugins:`Pipeline Multibranch Plugin
                 <workflow-multibranch>`
-            * **trigger-build-on-pr-comment** (str): The comment body to
+            * **trigger-build-on-pr-comment** (str or dict): The comment body to
                 trigger a new build for a PR job when it is received. This
-                is compiled as a case insensitive regular expression, so
+                is compiled as a case-insensitive regular expression, so
                 use ``".*"`` to trigger a build on any comment whatsoever.
                 (optional)
+                If dictionary syntax is used, the option requires 2 fields:
+                ``comment`` with the comment body and ``allow-untrusted-users``
+                (bool) causing the plugin to skip checking if the comment author
+                is a collaborator of the GitHub project.
                 Requires the :jenkins-plugins:`GitHub PR Comment Build Plugin
                 <github-pr-comment-build>`
-            * **trigger-build-on-pr-review** (bool): This property will
+            * **trigger-build-on-pr-review** (bool or dict): This property will
                 cause a job for a pull request ``(PR-*)`` to be triggered
                 immediately when a review is made on the PR in GitHub.
                 This has no effect on jobs that are not for pull requests.
                 (optional)
+                If dictionary syntax is used, the option requires
+                ``allow-untrusted-users`` (bool) causing the plugin to skip
+                checking if the review author is a collaborator of the GitHub
+                project.
                 Requires the :jenkins-plugins:`GitHub PR Comment Build Plugin
                 <github-pr-comment-build>`
-            * **trigger-build-on-pr-update** (bool): This property will
+            * **trigger-build-on-pr-update** (bool or dict): This property will
                 cause a job for a pull request ``(PR-*)`` to be triggered
                 immediately when the PR title or description is edited in
                 GitHub. This has no effect on jobs that are not for pull
                 requests. (optional)
+                If dictionary syntax is used, the option requires
+                ``allow-untrusted-users`` (bool) causing the plugin to skip
+                checking if the update author is a collaborator of the GitHub
+                project.
                 Requires the :jenkins-plugins:`GitHub PR Comment Build Plugin
                 <github-pr-comment-build>`
         * **named-branches** (dict): Named branches get different properties.
@@ -1505,25 +1517,38 @@ def property_strategies(xml_parent, data):
                     max-survivability (optional)
                     Requires the :jenkins-plugins:`Pipeline Multibranch Plugin
                     <workflow-multibranch>`
-                * **trigger-build-on-pr-comment** (str): The comment body to
+                * **trigger-build-on-pr-comment** (str or dict): The comment body to
                     trigger a new build for a PR job when it is received. This
-                    is compiled as a case insensitive regular expression, so
+                    is compiled as a case-insensitive regular expression, so
                     use ``".*"`` to trigger a build on any comment whatsoever.
                     (optional)
+                    If dictionary syntax is used, the option accepts 2 fields:
+                    ``comment`` (str, required) with the comment body and
+                    ``allow-untrusted-users`` (bool, optional) causing the plugin
+                    to skip checking if the comment author is a collaborator of
+                    the GitHub project.
                     Requires the :jenkins-plugins:`GitHub PR Comment Build Plugin
                     <github-pr-comment-build>`
-                * **trigger-build-on-pr-review** (bool): This property will
+                * **trigger-build-on-pr-review** (bool or dict): This property will
                     cause a job for a pull request ``(PR-*)`` to be triggered
                     immediately when a review is made on the PR in GitHub.
                     This has no effect on jobs that are not for pull requests.
                     (optional)
+                    If dictionary syntax is used, the option requires
+                    ``allow-untrusted-users`` (bool) causing the plugin to skip
+                    checking if the review author is a collaborator of the GitHub
+                    project.
                     Requires the :jenkins-plugins:`GitHub PR Comment Build Plugin
                     <github-pr-comment-build>`
-                * **trigger-build-on-pr-update** (bool): This property will
+                * **trigger-build-on-pr-update** (bool or dict): This property will
                     cause a job for a pull request ``(PR-*)`` to be triggered
                     immediately when the PR title or description is edited in
                     GitHub. This has no effect on jobs that are not for pull
                     requests. (optional)
+                    If dictionary syntax is used, the option requires
+                    ``allow-untrusted-users`` (bool) causing the plugin to skip
+                    checking if the update author is a collaborator of the GitHub
+                    project.
                     Requires the :jenkins-plugins:`GitHub PR Comment Build Plugin
                     <github-pr-comment-build>`
 
@@ -1736,14 +1761,34 @@ def apply_property_strategies(props_elem, props_list):
                 "".join([pr_comment_build, ".TriggerPRCommentBranchProperty"]),
                 {"plugin": "github-pr-comment-build"},
             )
-            XML.SubElement(tbopc_elem, "commentBody").text = tbopc_val
+            if isinstance(tbopc_val, dict):
+                if "comment" not in tbopc_val:
+                    raise MissingAttributeError(
+                        "trigger-build-on-pr-comment[comment]"
+                    )
+                XML.SubElement(tbopc_elem, "commentBody").text = tbopc_val["comment"]
+                if tbopc_val.get("allow-untrusted-users", False):
+                    XML.SubElement(tbopc_elem, "allowUntrusted").text = "true"
+            elif isinstance(tbopc_val, str):
+                XML.SubElement(tbopc_elem, "commentBody").text = tbopc_val
+            else:
+                raise InvalidAttributeError("trigger-build-on-pr-comment", tbopc_val)
         for opt in pcb_bool_opts:
-            if dbs_list.get(opt, False):
-                XML.SubElement(
+            opt_value = dbs_list.get(opt, None)
+            if opt_value:
+                opt_elem = XML.SubElement(
                     props_elem,
                     "".join([pr_comment_build, pcb_bool_opts.get(opt)]),
                     {"plugin": "github-pr-comment-build"},
                 )
+                if isinstance(opt_value, dict):
+                    if opt_value.get("allow-untrusted-users", False):
+                        XML.SubElement(opt_elem, "allowUntrusted").text = "true"
+                elif isinstance(opt_value, bool):
+                    # no sub-elements in this case
+                    pass
+                else:
+                    raise InvalidAttributeError(opt, opt_value)
 
 
 def add_filter_branch_pr_behaviors(traits, data):
diff --git a/tests/conftest.py b/tests/conftest.py
index 974f68d57..e4b9a8197 100644
--- a/tests/conftest.py
+++ b/tests/conftest.py
@@ -129,12 +129,12 @@ def check_folder(scenario, jjb_config, input):
 def check_generator(scenario, input, expected_output, jjb_config, registry, project):
     registry.set_parser_data({})
 
-    if project:
-        xml = project.root_xml(input)
-    else:
-        xml = XML.Element("project")
-
     def check(Generator):
+        if project:
+            xml = project.root_xml(input)
+        else:
+            xml = XML.Element("project")
+
         generator = Generator(registry)
         generator.gen_xml(xml, input)
         check_folder(scenario, jjb_config, input)
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.error b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.error
new file mode 100644
index 000000000..4febda221
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.error
@@ -0,0 +1 @@
+'['test']' is an invalid value for attribute name.trigger-build-on-pr-comment
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.yaml b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.yaml
new file mode 100644
index 000000000..8d6836334
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type001.yaml
@@ -0,0 +1,17 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                    - test
+                - trigger-build-on-pr-review:
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-update:
+                    allow-untrusted-users: false
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.error b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.error
new file mode 100644
index 000000000..9fe248031
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.error
@@ -0,0 +1 @@
+'['test']' is an invalid value for attribute name.trigger-build-on-pr-review
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.yaml b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.yaml
new file mode 100644
index 000000000..1e45ba4d9
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type002.yaml
@@ -0,0 +1,17 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                    comment: "CI build!"
+                - trigger-build-on-pr-review:
+                    - test
+                - trigger-build-on-pr-update:
+                    allow-untrusted-users: false
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.error b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.error
new file mode 100644
index 000000000..8d2f768be
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.error
@@ -0,0 +1 @@
+'['test']' is an invalid value for attribute name.trigger-build-on-pr-update
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.yaml b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.yaml
new file mode 100644
index 000000000..e2b79b8c2
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type003.yaml
@@ -0,0 +1,17 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                    comment: "CI build!"
+                - trigger-build-on-pr-review:
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-update:
+                    - test
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.error b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.error
new file mode 100644
index 000000000..c53b6fbf6
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.error
@@ -0,0 +1 @@
+'true' is an invalid value for attribute name.trigger-build-on-pr-update
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.yaml b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.yaml
new file mode 100644
index 000000000..143e1030d
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_invalid_type004.yaml
@@ -0,0 +1,16 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                    comment: "CI build!"
+                - trigger-build-on-pr-review:
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-update: "true"
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.error b/tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.error
new file mode 100644
index 000000000..1ca197254
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.error
@@ -0,0 +1 @@
+Missing trigger-build-on-pr-comment[comment] from an instance of 'name'
diff --git a/tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.yaml b/tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.yaml
new file mode 100644
index 000000000..9a2dafdcc
--- /dev/null
+++ b/tests/multibranch/error_fixtures/scm_github_comment_plugin_missing_comment.yaml
@@ -0,0 +1,17 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-review:
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-update:
+                    allow-untrusted-users: false
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans.xml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans.xml
new file mode 100644
index 000000000..817648025
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch">
+  <properties/>
+  <views>
+    <hudson.model.AllView>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+      <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../../.."/>
+    </hudson.model.AllView>
+  </views>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </folderViews>
+  <healthMetrics>
+    <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder">
+      <nonRecursive>false</nonRecursive>
+    </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+  </healthMetrics>
+  <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </icon>
+  <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder">
+    <pruneDeadBranches>true</pruneDeadBranches>
+    <daysToKeep>-1</daysToKeep>
+    <numToKeep>-1</numToKeep>
+    <abortBuilds>false</abortBuilds>
+  </orphanedItemStrategy>
+  <triggers/>
+  <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api">
+    <data>
+      <jenkins.branch.BranchSource>
+        <source class="org.jenkinsci.plugins.github_branch_source.GitHubSCMSource" plugin="github-branch-source">
+          <id>gh-johndoe-foo</id>
+          <repoOwner>johndoe</repoOwner>
+          <repository>foo</repository>
+          <traits>
+            <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+              <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustContributors"/>
+            </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+            <jenkins.plugins.git.traits.WipeWorkspaceTrait>
+              <extension class="hudson.plugins.git.extensions.impl.WipeWorkspace"/>
+            </jenkins.plugins.git.traits.WipeWorkspaceTrait>
+          </traits>
+        </source>
+        <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+          <properties class="java.util.Arrays$ArrayList">
+            <a class="jenkins.branch.BranchProperty-array">
+              <jenkins.branch.NoTriggerBranchProperty/>
+              <org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty plugin="workflow-multibranch">
+                <hint>MAX_SURVIVABILITY</hint>
+              </org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty plugin="github-pr-comment-build">
+                <commentBody>Ci build!</commentBody>
+              </com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRReviewBranchProperty plugin="github-pr-comment-build"/>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRUpdateBranchProperty plugin="github-pr-comment-build"/>
+            </a>
+          </properties>
+        </strategy>
+      </jenkins.branch.BranchSource>
+    </data>
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </sources>
+  <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+    <scriptPath>Jenkinsfile</scriptPath>
+  </factory>
+</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans.yaml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans.yaml
new file mode 100644
index 000000000..5a5c3ba27
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans.yaml
@@ -0,0 +1,14 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment: "Ci build!"
+                - trigger-build-on-pr-review: true
+                - trigger-build-on-pr-update: true
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.xml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.xml
new file mode 100644
index 000000000..8f49ad6f9
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.xml
@@ -0,0 +1,76 @@
+<?xml version="1.0" encoding="utf-8"?>
+<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch">
+  <properties/>
+  <views>
+    <hudson.model.AllView>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+      <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../../.."/>
+    </hudson.model.AllView>
+  </views>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </folderViews>
+  <healthMetrics>
+    <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder">
+      <nonRecursive>false</nonRecursive>
+    </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+  </healthMetrics>
+  <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </icon>
+  <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder">
+    <pruneDeadBranches>true</pruneDeadBranches>
+    <daysToKeep>-1</daysToKeep>
+    <numToKeep>-1</numToKeep>
+    <abortBuilds>false</abortBuilds>
+  </orphanedItemStrategy>
+  <triggers/>
+  <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api">
+    <data>
+      <jenkins.branch.BranchSource>
+        <source class="org.jenkinsci.plugins.github_branch_source.GitHubSCMSource" plugin="github-branch-source">
+          <id>gh-johndoe-foo</id>
+          <repoOwner>johndoe</repoOwner>
+          <repository>foo</repository>
+          <traits>
+            <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+              <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustContributors"/>
+            </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+            <jenkins.plugins.git.traits.WipeWorkspaceTrait>
+              <extension class="hudson.plugins.git.extensions.impl.WipeWorkspace"/>
+            </jenkins.plugins.git.traits.WipeWorkspaceTrait>
+          </traits>
+        </source>
+        <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+          <properties class="java.util.Arrays$ArrayList">
+            <a class="jenkins.branch.BranchProperty-array">
+              <jenkins.branch.NoTriggerBranchProperty/>
+              <org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty plugin="workflow-multibranch">
+                <hint>MAX_SURVIVABILITY</hint>
+              </org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty plugin="github-pr-comment-build">
+                <commentBody>Ci build!</commentBody>
+              </com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty>
+            </a>
+          </properties>
+        </strategy>
+      </jenkins.branch.BranchSource>
+    </data>
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </sources>
+  <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+    <scriptPath>Jenkinsfile</scriptPath>
+  </factory>
+</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.yaml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.yaml
new file mode 100644
index 000000000..be625ab5f
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans002.yaml
@@ -0,0 +1,14 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment: "Ci build!"
+                - trigger-build-on-pr-review: false
+                - trigger-build-on-pr-update: false
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.xml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.xml
new file mode 100644
index 000000000..817648025
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.xml
@@ -0,0 +1,78 @@
+<?xml version="1.0" encoding="utf-8"?>
+<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch">
+  <properties/>
+  <views>
+    <hudson.model.AllView>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+      <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../../.."/>
+    </hudson.model.AllView>
+  </views>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </folderViews>
+  <healthMetrics>
+    <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder">
+      <nonRecursive>false</nonRecursive>
+    </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+  </healthMetrics>
+  <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </icon>
+  <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder">
+    <pruneDeadBranches>true</pruneDeadBranches>
+    <daysToKeep>-1</daysToKeep>
+    <numToKeep>-1</numToKeep>
+    <abortBuilds>false</abortBuilds>
+  </orphanedItemStrategy>
+  <triggers/>
+  <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api">
+    <data>
+      <jenkins.branch.BranchSource>
+        <source class="org.jenkinsci.plugins.github_branch_source.GitHubSCMSource" plugin="github-branch-source">
+          <id>gh-johndoe-foo</id>
+          <repoOwner>johndoe</repoOwner>
+          <repository>foo</repository>
+          <traits>
+            <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+              <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustContributors"/>
+            </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+            <jenkins.plugins.git.traits.WipeWorkspaceTrait>
+              <extension class="hudson.plugins.git.extensions.impl.WipeWorkspace"/>
+            </jenkins.plugins.git.traits.WipeWorkspaceTrait>
+          </traits>
+        </source>
+        <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+          <properties class="java.util.Arrays$ArrayList">
+            <a class="jenkins.branch.BranchProperty-array">
+              <jenkins.branch.NoTriggerBranchProperty/>
+              <org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty plugin="workflow-multibranch">
+                <hint>MAX_SURVIVABILITY</hint>
+              </org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty plugin="github-pr-comment-build">
+                <commentBody>Ci build!</commentBody>
+              </com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRReviewBranchProperty plugin="github-pr-comment-build"/>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRUpdateBranchProperty plugin="github-pr-comment-build"/>
+            </a>
+          </properties>
+        </strategy>
+      </jenkins.branch.BranchSource>
+    </data>
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </sources>
+  <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+    <scriptPath>Jenkinsfile</scriptPath>
+  </factory>
+</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.yaml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.yaml
new file mode 100644
index 000000000..f94d785f6
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans003.yaml
@@ -0,0 +1,18 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                    comment: "Ci build!"
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-review:
+                    allow-untrusted-users: false
+                - trigger-build-on-pr-update:
+                    allow-untrusted-users: false
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.xml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.xml
new file mode 100644
index 000000000..dc3d4a8e7
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch">
+  <properties/>
+  <views>
+    <hudson.model.AllView>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+      <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../../.."/>
+    </hudson.model.AllView>
+  </views>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </folderViews>
+  <healthMetrics>
+    <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder">
+      <nonRecursive>false</nonRecursive>
+    </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+  </healthMetrics>
+  <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </icon>
+  <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder">
+    <pruneDeadBranches>true</pruneDeadBranches>
+    <daysToKeep>-1</daysToKeep>
+    <numToKeep>-1</numToKeep>
+    <abortBuilds>false</abortBuilds>
+  </orphanedItemStrategy>
+  <triggers/>
+  <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api">
+    <data>
+      <jenkins.branch.BranchSource>
+        <source class="org.jenkinsci.plugins.github_branch_source.GitHubSCMSource" plugin="github-branch-source">
+          <id>gh-johndoe-foo</id>
+          <repoOwner>johndoe</repoOwner>
+          <repository>foo</repository>
+          <traits>
+            <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+              <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustContributors"/>
+            </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+            <jenkins.plugins.git.traits.WipeWorkspaceTrait>
+              <extension class="hudson.plugins.git.extensions.impl.WipeWorkspace"/>
+            </jenkins.plugins.git.traits.WipeWorkspaceTrait>
+          </traits>
+        </source>
+        <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+          <properties class="java.util.Arrays$ArrayList">
+            <a class="jenkins.branch.BranchProperty-array">
+              <jenkins.branch.NoTriggerBranchProperty/>
+              <org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty plugin="workflow-multibranch">
+                <hint>MAX_SURVIVABILITY</hint>
+              </org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty>
+            </a>
+          </properties>
+        </strategy>
+      </jenkins.branch.BranchSource>
+    </data>
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </sources>
+  <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+    <scriptPath>Jenkinsfile</scriptPath>
+  </factory>
+</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.yaml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.yaml
new file mode 100644
index 000000000..6789db383
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans004.yaml
@@ -0,0 +1,14 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment: {}
+                - trigger-build-on-pr-review: {}
+                - trigger-build-on-pr-update: {}
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.xml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.xml
new file mode 100644
index 000000000..dc3d4a8e7
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.xml
@@ -0,0 +1,73 @@
+<?xml version="1.0" encoding="utf-8"?>
+<org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject plugin="workflow-multibranch">
+  <properties/>
+  <views>
+    <hudson.model.AllView>
+      <name>All</name>
+      <filterExecutors>false</filterExecutors>
+      <filterQueue>false</filterQueue>
+      <properties class="hudson.model.View$PropertyList"/>
+      <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../../.."/>
+    </hudson.model.AllView>
+  </views>
+  <viewsTabBar class="hudson.views.DefaultViewsTabBar"/>
+  <folderViews class="jenkins.branch.MultiBranchProjectViewHolder" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </folderViews>
+  <healthMetrics>
+    <com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric plugin="cloudbees-folder">
+      <nonRecursive>false</nonRecursive>
+    </com.cloudbees.hudson.plugins.folder.health.WorstChildHealthMetric>
+  </healthMetrics>
+  <icon class="jenkins.branch.MetadataActionFolderIcon" plugin="branch-api">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </icon>
+  <orphanedItemStrategy class="com.cloudbees.hudson.plugins.folder.computed.DefaultOrphanedItemStrategy" plugin="cloudbees-folder">
+    <pruneDeadBranches>true</pruneDeadBranches>
+    <daysToKeep>-1</daysToKeep>
+    <numToKeep>-1</numToKeep>
+    <abortBuilds>false</abortBuilds>
+  </orphanedItemStrategy>
+  <triggers/>
+  <sources class="jenkins.branch.MultiBranchProject$BranchSourceList" plugin="branch-api">
+    <data>
+      <jenkins.branch.BranchSource>
+        <source class="org.jenkinsci.plugins.github_branch_source.GitHubSCMSource" plugin="github-branch-source">
+          <id>gh-johndoe-foo</id>
+          <repoOwner>johndoe</repoOwner>
+          <repository>foo</repository>
+          <traits>
+            <org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.BranchDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+              <trust class="org.jenkinsci.plugins.github_branch_source.ForkPullRequestDiscoveryTrait$TrustContributors"/>
+            </org.jenkinsci.plugins.github__branch__source.ForkPullRequestDiscoveryTrait>
+            <org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+              <strategyId>1</strategyId>
+            </org.jenkinsci.plugins.github__branch__source.OriginPullRequestDiscoveryTrait>
+            <jenkins.plugins.git.traits.WipeWorkspaceTrait>
+              <extension class="hudson.plugins.git.extensions.impl.WipeWorkspace"/>
+            </jenkins.plugins.git.traits.WipeWorkspaceTrait>
+          </traits>
+        </source>
+        <strategy class="jenkins.branch.DefaultBranchPropertyStrategy">
+          <properties class="java.util.Arrays$ArrayList">
+            <a class="jenkins.branch.BranchProperty-array">
+              <jenkins.branch.NoTriggerBranchProperty/>
+              <org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty plugin="workflow-multibranch">
+                <hint>MAX_SURVIVABILITY</hint>
+              </org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty>
+            </a>
+          </properties>
+        </strategy>
+      </jenkins.branch.BranchSource>
+    </data>
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+  </sources>
+  <factory class="org.jenkinsci.plugins.workflow.multibranch.WorkflowBranchProjectFactory">
+    <owner class="org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject" reference="../.."/>
+    <scriptPath>Jenkinsfile</scriptPath>
+  </factory>
+</org.jenkinsci.plugins.workflow.multibranch.WorkflowMultiBranchProject>
diff --git a/tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.yaml b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.yaml
new file mode 100644
index 000000000..4993d0668
--- /dev/null
+++ b/tests/multibranch/fixtures/scm_github_comment_plugin_booleans005.yaml
@@ -0,0 +1,14 @@
+name: 'demo-multibranch-github-min'
+project-type: multibranch
+scm:
+    - github:
+        repo: 'foo'
+        repo-owner: 'johndoe'
+
+        property-strategies:
+            all-branches:
+                - suppress-scm-triggering: true
+                - pipeline-branch-durability-override: max-survivability
+                - trigger-build-on-pr-comment:
+                - trigger-build-on-pr-review:
+                - trigger-build-on-pr-update:
diff --git a/tests/multibranch/fixtures/scm_github_full.xml b/tests/multibranch/fixtures/scm_github_full.xml
index cf021043b..3c0410aa8 100644
--- a/tests/multibranch/fixtures/scm_github_full.xml
+++ b/tests/multibranch/fixtures/scm_github_full.xml
@@ -173,9 +173,14 @@
               </org.jenkinsci.plugins.workflow.multibranch.DurabilityHintBranchProperty>
               <com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty plugin="github-pr-comment-build">
                 <commentBody>Ci build!</commentBody>
+                <allowUntrusted>true</allowUntrusted>
               </com.adobe.jenkins.github__pr__comment__build.TriggerPRCommentBranchProperty>
-              <com.adobe.jenkins.github__pr__comment__build.TriggerPRReviewBranchProperty plugin="github-pr-comment-build"/>
-              <com.adobe.jenkins.github__pr__comment__build.TriggerPRUpdateBranchProperty plugin="github-pr-comment-build"/>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRReviewBranchProperty plugin="github-pr-comment-build">
+                <allowUntrusted>true</allowUntrusted>
+              </com.adobe.jenkins.github__pr__comment__build.TriggerPRReviewBranchProperty>
+              <com.adobe.jenkins.github__pr__comment__build.TriggerPRUpdateBranchProperty plugin="github-pr-comment-build">
+                <allowUntrusted>true</allowUntrusted>
+              </com.adobe.jenkins.github__pr__comment__build.TriggerPRUpdateBranchProperty>
             </a>
           </properties>
         </strategy>
diff --git a/tests/multibranch/fixtures/scm_github_full.yaml b/tests/multibranch/fixtures/scm_github_full.yaml
index 391f93976..6d2e97ab3 100644
--- a/tests/multibranch/fixtures/scm_github_full.yaml
+++ b/tests/multibranch/fixtures/scm_github_full.yaml
@@ -47,9 +47,13 @@ scm:
             all-branches:
                 - suppress-scm-triggering: true
                 - pipeline-branch-durability-override: max-survivability
-                - trigger-build-on-pr-comment: "Ci build!"
-                - trigger-build-on-pr-review: true
-                - trigger-build-on-pr-update: true
+                - trigger-build-on-pr-comment:
+                    comment: "Ci build!"
+                    allow-untrusted-users: true
+                - trigger-build-on-pr-review:
+                    allow-untrusted-users: true
+                - trigger-build-on-pr-update:
+                    allow-untrusted-users: true
         build-strategies:
             - all-strategies-match:
                 strategies:
diff --git a/tests/multibranch/test_errors.py b/tests/multibranch/test_errors.py
new file mode 100644
index 000000000..522175235
--- /dev/null
+++ b/tests/multibranch/test_errors.py
@@ -0,0 +1,37 @@
+#
+# Copyright (c) 2018 Sorin Sbarnea <ssbarnea@users.noreply.github.com>
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+# License for the specific language governing permissions and limitations
+# under the License.
+from operator import attrgetter
+from pathlib import Path
+
+import pytest
+
+from jenkins_jobs.modules import project_multibranch
+from tests.enum_scenarios import scenario_list
+
+fixtures_dir = Path(__file__).parent / "error_fixtures"
+
+
+@pytest.fixture(
+    params=scenario_list(fixtures_dir),
+    ids=attrgetter("name"),
+)
+def scenario(request):
+    return request.param
+
+
+def test_error(check_generator, expected_error):
+    with pytest.raises(Exception) as excinfo:
+        check_generator(project_multibranch.WorkflowMultiBranch)
+    assert str(excinfo.value) == expected_error