diff --git a/Dockerfile b/Dockerfile index 0254678..718f672 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:2.346.3-2-lts-jdk11 +FROM jenkins/jenkins:2.414.3-lts-jdk11 # Using JENKINS_HOME and REF set on the base image ARG uid=1000 diff --git a/jobdsl/Installer.groovy b/jobdsl/Installer.groovy index 93c81a8..545935c 100644 --- a/jobdsl/Installer.groovy +++ b/jobdsl/Installer.groovy @@ -37,28 +37,33 @@ pipelineJob('Installer/Start_CloudHSM') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de*aws-ops') + permissions([ + 'Credentials/Create', + 'Credentials/Delete', + 'Credentials/ManageDomains', + 'Credentials/Update', + 'Credentials/View', + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Delete', + 'Job/Discover', + 'Job/Move', + 'Job/Read', + 'Job/Workspace', + 'Run/Delete', + 'Run/Replay', + 'Run/Update', + 'SCM/Tag' + ]) + } + } inheritanceStrategy { nonInheriting() } - permissions([ - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Create:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Update:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.View:o3de*aws-ops', - 'GROUP:hudson.model.Item.Build:o3de*aws-ops', - 'GROUP:hudson.model.Item.Cancel:o3de*aws-ops', - 'GROUP:hudson.model.Item.Configure:o3de*aws-ops', - 'GROUP:hudson.model.Item.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Item.Discover:o3de*aws-ops', - 'GROUP:hudson.model.Item.Move:o3de*aws-ops', - 'GROUP:hudson.model.Item.Read:o3de*aws-ops', - 'GROUP:hudson.model.Item.Workspace:o3de*aws-ops', - 'GROUP:hudson.model.Run.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Run.Replay:o3de*aws-ops', - 'GROUP:hudson.model.Run.Update:o3de*aws-ops', - 'GROUP:hudson.scm.SCM.Tag:o3de*aws-ops' - ]) } disableConcurrentBuilds { abortPrevious(false) @@ -114,27 +119,32 @@ pipelineJob('Installer/Start_CloudHSM_Manual') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de*aws-ops') + permissions([ + 'Credentials/Create', + 'Credentials/Delete', + 'Credentials/ManageDomains', + 'Credentials/Update', + 'Credentials/View', + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Delete', + 'Job/Discover', + 'Job/Move', + 'Job/Read', + 'Job/Workspace', + 'Run/Delete', + 'Run/Replay', + 'Run/Update', + 'SCM/Tag' + ]) + } + } inheritanceStrategy { nonInheriting() - permissions([ - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Create:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Update:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.View:o3de*aws-ops', - 'GROUP:hudson.model.Item.Build:o3de*aws-ops', - 'GROUP:hudson.model.Item.Cancel:o3de*aws-ops', - 'GROUP:hudson.model.Item.Configure:o3de*aws-ops', - 'GROUP:hudson.model.Item.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Item.Discover:o3de*aws-ops', - 'GROUP:hudson.model.Item.Move:o3de*aws-ops', - 'GROUP:hudson.model.Item.Read:o3de*aws-ops', - 'GROUP:hudson.model.Item.Workspace:o3de*aws-ops', - 'GROUP:hudson.model.Run.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Run.Replay:o3de*aws-ops', - 'GROUP:hudson.model.Run.Update:o3de*aws-ops', - 'GROUP:hudson.scm.SCM.Tag:o3de*aws-ops' - ]) } } disableConcurrentBuilds { @@ -173,27 +183,32 @@ pipelineJob('Installer/Stop_CloudHSM') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de*aws-ops') + permissions([ + 'Credentials/Create', + 'Credentials/Delete', + 'Credentials/ManageDomains', + 'Credentials/Update', + 'Credentials/View', + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Delete', + 'Job/Discover', + 'Job/Move', + 'Job/Read', + 'Job/Workspace', + 'Run/Delete', + 'Run/Replay', + 'Run/Update', + 'SCM/Tag' + ]) + } + } inheritanceStrategy { nonInheriting() - permissions([ - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Create:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Update:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.View:o3de*aws-ops', - 'GROUP:hudson.model.Item.Build:o3de*aws-ops', - 'GROUP:hudson.model.Item.Cancel:o3de*aws-ops', - 'GROUP:hudson.model.Item.Configure:o3de*aws-ops', - 'GROUP:hudson.model.Item.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Item.Discover:o3de*aws-ops', - 'GROUP:hudson.model.Item.Move:o3de*aws-ops', - 'GROUP:hudson.model.Item.Read:o3de*aws-ops', - 'GROUP:hudson.model.Item.Workspace:o3de*aws-ops', - 'GROUP:hudson.model.Run.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Run.Replay:o3de*aws-ops', - 'GROUP:hudson.model.Run.Update:o3de*aws-ops', - 'GROUP:hudson.scm.SCM.Tag:o3de*aws-ops' - ]) } } disableConcurrentBuilds { diff --git a/jobdsl/default_development_snapshot.groovy b/jobdsl/default_development_snapshot.groovy index b25debc..a966cc8 100644 --- a/jobdsl/default_development_snapshot.groovy +++ b/jobdsl/default_development_snapshot.groovy @@ -27,30 +27,33 @@ pipelineJob('default-development_snapshot') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de*aws-ops') + permissions([ + 'Credentials/Create', + 'Credentials/Delete', + 'Credentials/ManageDomains', + 'Credentials/Update', + 'Credentials/View', + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Delete', + 'Job/Discover', + 'Job/Move', + 'Job/Read', + 'Job/Workspace', + 'Run/Delete', + 'Run/Replay', + 'Run/Update', + 'SCM/Tag' + ]) + } + } inheritanceStrategy { nonInheriting() } - permissions([ - 'GROUP:hudson.model.Item.Read:o3de*aws', - 'GROUP:hudson.model.Item.Workspace:o3de*aws', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Create:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Update:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.View:o3de*aws-ops', - 'GROUP:hudson.model.Item.Build:o3de*aws-ops', - 'GROUP:hudson.model.Item.Cancel:o3de*aws-ops', - 'GROUP:hudson.model.Item.Configure:o3de*aws-ops', - 'GROUP:hudson.model.Item.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Item.Discover:o3de*aws-ops', - 'GROUP:hudson.model.Item.Move:o3de*aws-ops', - 'GROUP:hudson.model.Item.Read:o3de*aws-ops', - 'GROUP:hudson.model.Item.Workspace:o3de*aws-ops', - 'GROUP:hudson.model.Run.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Run.Replay:o3de*aws-ops', - 'GROUP:hudson.model.Run.Update:o3de*aws-ops', - 'GROUP:hudson.scm.SCM.Tag:o3de*aws-ops' - ]) } disableConcurrentBuilds { abortPrevious(false) diff --git a/jobdsl/o3de.groovy b/jobdsl/o3de.groovy index 221caa1..18037c6 100644 --- a/jobdsl/o3de.groovy +++ b/jobdsl/o3de.groovy @@ -71,12 +71,17 @@ multibranchPipelineJob('O3DE') { } properties { authorizationMatrix { + entries{ + user{ + name('anonymous') + permissions([ + 'Job/Read' + ]) + } + } inheritanceStrategy { inheriting() } - permissions([ - 'USER:hudson.model.Item.Read:anonymous' - ]) } } triggers { diff --git a/jobdsl/o3de_atom_sampleviewer.groovy b/jobdsl/o3de_atom_sampleviewer.groovy index 78caa49..474f4c7 100644 --- a/jobdsl/o3de_atom_sampleviewer.groovy +++ b/jobdsl/o3de_atom_sampleviewer.groovy @@ -65,12 +65,17 @@ multibranchPipelineJob('o3de-atom-sampleviewer') { } properties { authorizationMatrix { + entries{ + user{ + name('anonymous') + permissions([ + 'Job/Read' + ]) + } + } inheritanceStrategy { inheriting() } - permissions([ - 'USER:hudson.model.Item.Read:anonymous' - ]) } } triggers { diff --git a/jobdsl/o3de_development_nightly_installer.groovy b/jobdsl/o3de_development_nightly_installer.groovy index fc617fe..a36c63d 100644 --- a/jobdsl/o3de_development_nightly_installer.groovy +++ b/jobdsl/o3de_development_nightly_installer.groovy @@ -33,32 +33,33 @@ pipelineJob('O3DE-development_nightly-installer') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de*aws-ops') + permissions([ + 'Credentials/Create', + 'Credentials/Delete', + 'Credentials/ManageDomains', + 'Credentials/Update', + 'Credentials/View', + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Delete', + 'Job/Discover', + 'Job/Move', + 'Job/Read', + 'Job/Workspace', + 'Run/Delete', + 'Run/Replay', + 'Run/Update', + 'SCM/Tag' + ]) + } + } inheritanceStrategy { nonInheriting() } - permissions([ - 'GROUP:hudson.model.Item.Read:o3de*aws', - 'GROUP:hudson.model.Item.Workspace:o3de*aws', - 'GROUP:hudson.model.Item.Read:o3de*maintainers', - 'GROUP:hudson.model.Item.Workspace:o3de*maintainers', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Create:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Update:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.View:o3de*aws-ops', - 'GROUP:hudson.model.Item.Build:o3de*aws-ops', - 'GROUP:hudson.model.Item.Cancel:o3de*aws-ops', - 'GROUP:hudson.model.Item.Configure:o3de*aws-ops', - 'GROUP:hudson.model.Item.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Item.Discover:o3de*aws-ops', - 'GROUP:hudson.model.Item.Move:o3de*aws-ops', - 'GROUP:hudson.model.Item.Read:o3de*aws-ops', - 'GROUP:hudson.model.Item.Workspace:o3de*aws-ops', - 'GROUP:hudson.model.Run.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Run.Replay:o3de*aws-ops', - 'GROUP:hudson.model.Run.Update:o3de*aws-ops', - 'GROUP:hudson.scm.SCM.Tag:o3de*aws-ops' - ]) } disableConcurrentBuilds { abortPrevious(false) diff --git a/jobdsl/o3de_extras.groovy b/jobdsl/o3de_extras.groovy index e2ba69a..276ddaf 100644 --- a/jobdsl/o3de_extras.groovy +++ b/jobdsl/o3de_extras.groovy @@ -85,12 +85,17 @@ multibranchPipelineJob('o3de-extras') { } properties { authorizationMatrix { + entries{ + user{ + name('anonymous') + permissions([ + 'Job/Read' + ]) + } + } inheritanceStrategy { inheriting() } - permissions([ - 'USER:hudson.model.Item.Read:anonymous' - ]) } } triggers { diff --git a/jobdsl/o3de_netsoaktest.groovy b/jobdsl/o3de_netsoaktest.groovy index 604dc59..55633c9 100644 --- a/jobdsl/o3de_netsoaktest.groovy +++ b/jobdsl/o3de_netsoaktest.groovy @@ -64,12 +64,17 @@ multibranchPipelineJob('o3de-netsoaktest') { } properties { authorizationMatrix { + entries{ + user{ + name('anonymous') + permissions([ + 'Job/Read' + ]) + } + } inheritanceStrategy { inheriting() } - permissions([ - 'USER:hudson.model.Item.Read:anonymous' - ]) } } triggers { diff --git a/jobdsl/o3de_periodic_incremental_daily.groovy b/jobdsl/o3de_periodic_incremental_daily.groovy index a96c25a..7bb8c69 100644 --- a/jobdsl/o3de_periodic_incremental_daily.groovy +++ b/jobdsl/o3de_periodic_incremental_daily.groovy @@ -44,12 +44,17 @@ multibranchPipelineJob('O3DE_periodic-incremental-daily') { } properties { authorizationMatrix { + entries{ + user{ + name('anonymous') + permissions([ + 'Job/Read' + ]) + } + } inheritanceStrategy { inheriting() } - permissions([ - 'USER:hudson.model.Item.Read:anonymous' - ]) } } } diff --git a/jobdsl/o3de_test_nightly_installer.groovy b/jobdsl/o3de_test_nightly_installer.groovy index 31046e7..ed6fb9d 100644 --- a/jobdsl/o3de_test_nightly_installer.groovy +++ b/jobdsl/o3de_test_nightly_installer.groovy @@ -31,42 +31,50 @@ pipelineJob('O3DE-test_nightly-installer') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de*aws') + permissions([ + 'Job/Read', + 'Job/Workspace' + ]) + } + group{ + name('o3de*aws-ops') + permissions([ + 'Credentials/Create', + 'Credentials/Delete', + 'Credentials/ManageDomains', + 'Credentials/Update', + 'Credentials/View', + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Delete', + 'Job/Discover', + 'Job/Move', + 'Job/Read', + 'Job/Workspace', + 'Run/Delete', + 'Run/Replay', + 'Run/Update', + 'SCM/Tag' + ]) + } + user{ + name('AMZN-Phil') + permissions([ + 'Job/Build', + 'Job/Cancel', + 'Job/Configure', + 'Job/Read', + 'Job/Workspace' + ]) + } + } inheritanceStrategy { nonInheriting() } - permissions([ - 'GROUP:hudson.model.Item.Read:o3de*aws', - 'GROUP:hudson.model.Item.Workspace:o3de*aws', - 'GROUP:hudson.model.Item.Read:o3de*maintainers', - 'GROUP:hudson.model.Item.Workspace:o3de*maintainers', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Create:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Delete:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.ManageDomains:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.Update:o3de*aws-ops', - 'GROUP:com.cloudbees.plugins.credentials.CredentialsProvider.View:o3de*aws-ops', - 'GROUP:hudson.model.Item.Build:o3de*aws-ops', - 'GROUP:hudson.model.Item.Cancel:o3de*aws-ops', - 'GROUP:hudson.model.Item.Configure:o3de*aws-ops', - 'GROUP:hudson.model.Item.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Item.Discover:o3de*aws-ops', - 'GROUP:hudson.model.Item.Move:o3de*aws-ops', - 'GROUP:hudson.model.Item.Read:o3de*aws-ops', - 'GROUP:hudson.model.Item.Workspace:o3de*aws-ops', - 'GROUP:hudson.model.Run.Delete:o3de*aws-ops', - 'GROUP:hudson.model.Run.Replay:o3de*aws-ops', - 'GROUP:hudson.model.Run.Update:o3de*aws-ops', - 'GROUP:hudson.scm.SCM.Tag:o3de*aws-ops', - 'USER:hudson.model.Item.Build:AMZN-Phil', - 'USER:hudson.model.Item.Cancel:AMZN-Phil', - 'USER:hudson.model.Item.Configure:AMZN-Phil', - 'USER:hudson.model.Item.Read:AMZN-Phil', - 'USER:hudson.model.Item.Workspace:AMZN-Phil', - 'USER:hudson.model.Item.Build:spham-amzn', - 'USER:hudson.model.Item.Cancel:spham-amzn', - 'USER:hudson.model.Item.Configure:spham-amzn', - 'USER:hudson.model.Item.Read:spham-amzn', - 'USER:hudson.model.Item.Workspace:spham-amzn' - ]) } disableConcurrentBuilds { abortPrevious(false) diff --git a/jobdsl/override_pr_status_check.groovy b/jobdsl/override_pr_status_check.groovy index 2c6133d..c25773b 100644 --- a/jobdsl/override_pr_status_check.groovy +++ b/jobdsl/override_pr_status_check.groovy @@ -35,15 +35,25 @@ pipelineJob('override-pr-status-check') { } properties { authorizationMatrix { + entries{ + group{ + name('o3de') + permissions([ + 'Job/Read' + ]) + } + group{ + name('o3de*sig-chairs') + permissions([ + 'Job/Build', + 'Job/Configure', + 'Job/Read' + ]) + } + } inheritanceStrategy { nonInheriting() } - permissions([ - 'GROUP:hudson.model.Item.Read:o3de', - 'GROUP:hudson.model.Item.Build:o3de*sig-chairs', - 'GROUP:hudson.model.Item.Configure:o3de*sig-chairs', - 'GROUP:hudson.model.Item.Read:o3de*sig-chairs' - ]) } disableConcurrentBuilds { abortPrevious(false) diff --git a/plugins.txt b/plugins.txt index eeabb98..e743d28 100644 --- a/plugins.txt +++ b/plugins.txt @@ -1,31 +1,31 @@ -artifact-manager-s3:617.vd98e61689f41 -aws-global-configuration:1.7 -aws-java-sdk:1.12.201-326.veb_6ce41104a_e -blueocean:1.25.3 -build-timeout:1.20 -build-failure-analyzer:2.3.0 -build-with-parameters:1.6 -configuration-as-code:1569.vb_72405b_80249 +artifact-manager-s3:822.vf129d4836c31 +aws-global-configuration:128.ve2c5685a_09c3 +aws-java-sdk:1.12.529-406.vdeff15e5817d +blueocean:1.27.8 +build-timeout:1.31 +build-failure-analyzer:2.4.2 +build-with-parameters:76.v9382db_f78962 +configuration-as-code:1714.v09593e830cfa configuration-as-code-secret-ssm:1.0.1 description-setter:1.10 ec2:2.0.4 -email-ext:2.92 -external-monitor-job:203.v683c09d993b_9 -github-branch-source:1628.vb_2f51293cb_78 -github-oauth:0.38 +email-ext:2.102 +external-monitor-job:215.v2e88e894db_f8 +github-branch-source:1741.va_3028eb_9fd21 +github-oauth:588.vf696a_350572a_ greenballs:1.15.1 -job-dsl:1.81 -mailer:435.438.v5b_81173f5b_a_1 -matrix-auth:3.1.2 -pam-auth:1.8 +job-dsl:1.86 +mailer:463.vedf8358e006b_ +matrix-auth:3.2.1 +pam-auth:1.10 pipeline-aws:1.43 -pipeline-stage-view:2.24 -pipeline-utility-steps:2.12.1 -remote-file:1.23 -saml:2.333.vc81e525974a_c -ssh-slaves:1.814.vc82988f54b_10 -timestamper:1.17 -warnings-ng:9.12.0 -windows-slaves:1.8 -workflow-aggregator:590.v6a_d052e5a_a_b_5 -workflow-cps-global-lib:575.v24fa_0a_b_f7383 +pipeline-stage-view:2.33 +pipeline-utility-steps:2.16.0 +remote-file:1.24 +saml:4.429.v9a_781a_61f1da_ +ssh-slaves:2.916.vd17b_43357ce4 +timestamper:1.26 +warnings-ng:10.5.0 +windows-slaves:1.8.1 +workflow-aggregator:596.v8c21c963d92d +workflow-cps-global-lib:609.vd95673f149b_b