diff --git a/README.md b/README.md index 506d9d0..21e413d 100644 --- a/README.md +++ b/README.md @@ -1 +1,12 @@ -# o3de-jenkins-pipeline \ No newline at end of file +# o3de-jenkins-pipeline + + +## Jenkins Configuration + +The O3DE Jenkins pipeline is configured using the JCasC plugin. This allows the settings to be defined using yaml files stored in the repo and prevents users from having to manually configure Jenkins on startup. + +These files are located in the configs/ directory. There is a main jenkins.yaml file that contains the recommended default settings to run the pipeline. You can customize your Jenkins setup by editing this file. There are also template files that can be used for other optional settings. You can either copy the contents of these files into jenkins.yaml or copy it into a new yaml file. + + +### Config File location +The config files must be located in the configs/ directory so that they are found by the plugin. The plugin also supports having multiple yaml files and will locate all files having the .yml/.yaml extention. diff --git a/configs/aws_ec2_plugin.template b/configs/aws_ec2_plugin.template new file mode 100644 index 0000000..b846b99 --- /dev/null +++ b/configs/aws_ec2_plugin.template @@ -0,0 +1,43 @@ +# Config for AWS EC2 plugin +# AWS Clouds are configured by region. Add a new '- amazonEC2' entry under clouds to add new regions. +# Replace with the required parameters +# Add a new '- ami' entry under templates to add new build node configs. +jenkins: + clouds: + - amazonEC2: + # Example: cloud setup in ${AWS_REGION} + cloudName: "" + instanceCapStr: "100" # A cap can also be set for each AMI config. + region: "${AWS_REGION}" + sshKeysCredentialsId: "" # Use the ssh credential ID created in credentials.yaml + templates: + # Example: Linux build node using SSH in ${AWS_REGION}${AWS_AZ} + - ami: "${LINUX_AMI_ID}" + amiType: + unixData: + sshPort: "22" + connectionStrategy: PRIVATE_IP + description: "" + ebsEncryptRootVolume: ENCRYPTED + ebsOptimized: true + hostKeyVerificationStrategy: ACCEPT_NEW + iamInstanceProfile: "" + idleTerminationMinutes: "30" + labelString: "linux" + launchTimeoutStr: "300" + maxTotalUses: 1 + minimumNumberOfInstances: 0 + minimumNumberOfSpareInstances: 0 + numExecutors: 1 + remoteAdmin: "" + remoteFS: "" + securityGroups: "${SECURITY_GROUP_ID}" + stopOnTerminate: false + subnetId: "" + tags: + - name: "Name" + value: "" + tenancy: Default + type: # e.g. C54xlarge + useEphemeralDevices: false + zone: "${AWS_REGION}${AWS_AZ}" diff --git a/configs/aws_s3_artifact_plugin.template b/configs/aws_s3_artifact_plugin.template new file mode 100644 index 0000000..874d276 --- /dev/null +++ b/configs/aws_s3_artifact_plugin.template @@ -0,0 +1,12 @@ +# Config for AWS S3 artifact storage plugin +# Replace with the required parameters +aws: + awsCredentials: + region: "" + s3: + container: "" +unclassified: + artifactManager: + artifactManagerFactories: + - jclouds: + provider: "s3" diff --git a/configs/build_failure_analyzer_plugin.template b/configs/build_failure_analyzer_plugin.template new file mode 100644 index 0000000..0b89516 --- /dev/null +++ b/configs/build_failure_analyzer_plugin.template @@ -0,0 +1,21 @@ +# Config for Build Failure Analyzer plugin +# See: https://plugins.jenkins.io/build-failure-analyzer/ +# Replace with the required parameters +# Example: Setup using MongoDB +unclassified: + buildFailureAnalyzer: + gerritTriggerEnabled: true + globalEnabled: true + knowledgeBase: + mongoDB: + dbName: "" + enableStatistics: true + host: "" + password: "{}" + port: 27017 + successfulLogging: false + userName: "" + maxLogSize: 0 + noCausesEnabled: true + noCausesMessage: "" + nrOfScanThreads: 3 diff --git a/configs/credentials.template b/configs/credentials.template new file mode 100644 index 0000000..032c847 --- /dev/null +++ b/configs/credentials.template @@ -0,0 +1,22 @@ +# Config for Jenkins credentials +# Do not add credential values directly to this file. +# Replace with the required parameters +# See: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc +credentials: + system: + domainCredentials: + - credentials: + # Example: SSH access for build nodes + - basicSSHUserPrivateKey: + id: "ssh-build-node" + privateKeySource: + directEntry: + privateKey: "" + scope: GLOBAL + username: "" + # Example: basic username/password + - usernamePassword: + id: "password-access" + password: "" + scope: GLOBAL + username: "" diff --git a/configs/global_env_var.template b/configs/global_env_var.template new file mode 100644 index 0000000..f6141a4 --- /dev/null +++ b/configs/global_env_var.template @@ -0,0 +1,11 @@ +# Config for Jenkins global environment variables +# Add a new key/value pair under env to add new entries +# Replace with the required parameters +jenkins: + globalNodeProperties: + - envVars: + env: + - key: "" + value: "" + - key: "" + value: "" diff --git a/configs/jenkins.yaml b/configs/jenkins.yaml new file mode 100644 index 0000000..1ad89c9 --- /dev/null +++ b/configs/jenkins.yaml @@ -0,0 +1,41 @@ +jenkins: + numExecutors: 6 # Jenkins pipeline runs some pre/post-build pipeline tasks on the controller. Increased from default (2) to prevent long queues. + securityRealm: + github: + githubWebUri: "https://github.com" + githubApiUri: "https://api.github.com" + clientID: "${GITHUB_ID}" + clientSecret: "${GITHUB_SECRET}" + oauthScopes: "read:org,user:email" + authorizationStrategy: + projectMatrix: + permissions: + - "Overall/Administer:${ADMIN_ROLE}" # User/group assigned as admin. For additional permissions see matrix_authorization.template + remotingSecurity: + enabled: true +unclassified: + location: + url: ${JENKINS_URL} + adminAddress: "${JENKINS_EMAIL_ADDRESS}" + gitHubConfiguration: + apiRateLimitChecker: ThrottleOnOver + email-ext: + defaultBody: |- + $PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS: + + Check console output at $BUILD_URL to view the results. + defaultContentType: "text/plain" + defaultSubject: "$PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS!" + defaultTriggerIds: + - "hudson.plugins.emailext.plugins.trigger.FailureTrigger" + mailAccount: + smtpHost: "${SMTP_HOST}" + smtpPassword: "${SMTP_PASSWORD}" + smtpUsername: "${SMTP_USERNAME}" + useTls: true +security: + scriptApproval: + approvedSignatures: + - "field hudson.plugins.git.GitSCM GIT_COMMIT" + - "method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses" + - "new java.net.URL java.lang.String java.lang.String int java.lang.String" diff --git a/configs/matrix_authorization.template b/configs/matrix_authorization.template new file mode 100644 index 0000000..302eb9a --- /dev/null +++ b/configs/matrix_authorization.template @@ -0,0 +1,18 @@ +# Config for Project-based Matrix Authorization Strategy +# Use this file to grant additional permissions +# Replace with the required parameters +# Default admin role granted in jenkins.yaml +jenkins: + authorizationStrategy: + projectMatrix: + permissions: + # Example: grant permissions to run/cancel builds + - "Job/Build:" + - "Job/Cancel:" + - "Job/Read:" + - "Overall/Read:" + - "View/Read:" + # Example: grant additional admin permissions + - "Overall/Administer::" + # Example: grant public read access + - "Overall/Read:anonymous"