From f896541591d42d6e16b05a484d461a6c4a66981b Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 14:24:18 -0800 Subject: [PATCH 1/9] Add main jenkins config file Signed-off-by: brianherrera --- configs/jenkins.yaml | 41 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 configs/jenkins.yaml diff --git a/configs/jenkins.yaml b/configs/jenkins.yaml new file mode 100644 index 0000000..1ad89c9 --- /dev/null +++ b/configs/jenkins.yaml @@ -0,0 +1,41 @@ +jenkins: + numExecutors: 6 # Jenkins pipeline runs some pre/post-build pipeline tasks on the controller. Increased from default (2) to prevent long queues. + securityRealm: + github: + githubWebUri: "https://github.com" + githubApiUri: "https://api.github.com" + clientID: "${GITHUB_ID}" + clientSecret: "${GITHUB_SECRET}" + oauthScopes: "read:org,user:email" + authorizationStrategy: + projectMatrix: + permissions: + - "Overall/Administer:${ADMIN_ROLE}" # User/group assigned as admin. For additional permissions see matrix_authorization.template + remotingSecurity: + enabled: true +unclassified: + location: + url: ${JENKINS_URL} + adminAddress: "${JENKINS_EMAIL_ADDRESS}" + gitHubConfiguration: + apiRateLimitChecker: ThrottleOnOver + email-ext: + defaultBody: |- + $PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS: + + Check console output at $BUILD_URL to view the results. + defaultContentType: "text/plain" + defaultSubject: "$PROJECT_NAME - Build # $BUILD_NUMBER - $BUILD_STATUS!" + defaultTriggerIds: + - "hudson.plugins.emailext.plugins.trigger.FailureTrigger" + mailAccount: + smtpHost: "${SMTP_HOST}" + smtpPassword: "${SMTP_PASSWORD}" + smtpUsername: "${SMTP_USERNAME}" + useTls: true +security: + scriptApproval: + approvedSignatures: + - "field hudson.plugins.git.GitSCM GIT_COMMIT" + - "method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses" + - "new java.net.URL java.lang.String java.lang.String int java.lang.String" From 8e0c4b7ef4d9c284a64de3bd36a54e81707740f4 Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 14:25:13 -0800 Subject: [PATCH 2/9] Add template files for additional configs Signed-off-by: brianherrera --- configs/aws_ec2_plugin.template | 42 +++++++++++++++++++ configs/aws_s3_artifact_plugin.template | 11 +++++ .../build_failure_analyzer_plugin.template | 19 +++++++++ configs/credentials.template | 21 ++++++++++ configs/global_env_var.template | 10 +++++ configs/matrix_authorization.template | 17 ++++++++ 6 files changed, 120 insertions(+) create mode 100644 configs/aws_ec2_plugin.template create mode 100644 configs/aws_s3_artifact_plugin.template create mode 100644 configs/build_failure_analyzer_plugin.template create mode 100644 configs/credentials.template create mode 100644 configs/global_env_var.template create mode 100644 configs/matrix_authorization.template diff --git a/configs/aws_ec2_plugin.template b/configs/aws_ec2_plugin.template new file mode 100644 index 0000000..184ddfb --- /dev/null +++ b/configs/aws_ec2_plugin.template @@ -0,0 +1,42 @@ +# Config for AWS EC2 plugin +# AWS Clouds are configured by region. Add a new '- amazonEC2' entry under clouds to add new regions. +# Add a new '- ami' entry under templates to add new build node configs. +jenkins: + clouds: + - amazonEC2: + # Example: cloud setup in us-west-2 + cloudName: "" + instanceCapStr: "100" # A cap can also be set for each AMI config. + region: "us-west-2" + sshKeysCredentialsId: "" # Use the ssh credential ID created in credentials.yaml + templates: + # Example: Linux build node using SSH in us-west-2a + - ami: "${LINUX_AMI_ID}" + amiType: + unixData: + sshPort: "22" + connectionStrategy: PRIVATE_IP + description: "" + ebsEncryptRootVolume: ENCRYPTED + ebsOptimized: true + hostKeyVerificationStrategy: ACCEPT_NEW + iamInstanceProfile: "" + idleTerminationMinutes: "30" + labelString: "linux" + launchTimeoutStr: "300" + maxTotalUses: 1 + minimumNumberOfInstances: 0 + minimumNumberOfSpareInstances: 0 + numExecutors: 1 + remoteAdmin: "" + remoteFS: "" + securityGroups: "${SECURITY_GROUP_ID}" + stopOnTerminate: false + subnetId: "" + tags: + - name: "Name" + value: "" + tenancy: Default + type: # e.g. C54xlarge + useEphemeralDevices: false + zone: "us-west-2a" diff --git a/configs/aws_s3_artifact_plugin.template b/configs/aws_s3_artifact_plugin.template new file mode 100644 index 0000000..69c7476 --- /dev/null +++ b/configs/aws_s3_artifact_plugin.template @@ -0,0 +1,11 @@ +# Config for AWS S3 artifact storage plugin +aws: + awsCredentials: + region: ">" + s3: + container: "" +unclassified: + artifactManager: + artifactManagerFactories: + - jclouds: + provider: "s3" \ No newline at end of file diff --git a/configs/build_failure_analyzer_plugin.template b/configs/build_failure_analyzer_plugin.template new file mode 100644 index 0000000..8a50c0a --- /dev/null +++ b/configs/build_failure_analyzer_plugin.template @@ -0,0 +1,19 @@ +# Config for Build Failure Analyzer plugin +# Example: Setup using MongoDB +unclassified: + buildFailureAnalyzer: + gerritTriggerEnabled: true + globalEnabled: true + knowledgeBase: + mongoDB: + dbName: "" + enableStatistics: true + host: "" + password: "{}" + port: 27017 + successfulLogging: false + userName: "" + maxLogSize: 0 + noCausesEnabled: true + noCausesMessage: "" + nrOfScanThreads: 3 diff --git a/configs/credentials.template b/configs/credentials.template new file mode 100644 index 0000000..64f2f10 --- /dev/null +++ b/configs/credentials.template @@ -0,0 +1,21 @@ +# Config for Jenkins credentials +# Do not add credential values directly to this file. +# See: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc +credentials: + system: + domainCredentials: + - credentials: + # Example: SSH access for build nodes + - basicSSHUserPrivateKey: + id: "ssh-build-node" + privateKeySource: + directEntry: + privateKey: "" + scope: GLOBAL + username: "" + # Example: basic username/password + - usernamePassword: + id: "password-access" + password: "" + scope: GLOBAL + username: "" \ No newline at end of file diff --git a/configs/global_env_var.template b/configs/global_env_var.template new file mode 100644 index 0000000..b1b0c05 --- /dev/null +++ b/configs/global_env_var.template @@ -0,0 +1,10 @@ +# Config for Jenkins global environment variables +# Add a new key/value pair under env to add new entries +jenkins: + globalNodeProperties: + - envVars: + env: + - key: "" + value: "" + - key: "" + value: "" \ No newline at end of file diff --git a/configs/matrix_authorization.template b/configs/matrix_authorization.template new file mode 100644 index 0000000..3a68d43 --- /dev/null +++ b/configs/matrix_authorization.template @@ -0,0 +1,17 @@ +# Config for Project-based Matrix Authorization Strategy +# Use this file to grant additional permissions +# Default admin role granted in jenkins.yaml +jenkins: + authorizationStrategy: + projectMatrix: + permissions: + # Example: grant permissions to run/cancel builds + - "Job/Build:" + - "Job/Cancel:" + - "Job/Read:" + - "Overall/Read:" + - "View/Read:" + # Example: grant additional admin permissions + - "Overall/Administer::" + # Example: grant public read access + - "Overall/Read:anonymous" From eb45fb69269c41348cc0b5a6b1410ef31b34f603 Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 14:50:30 -0800 Subject: [PATCH 3/9] Add section to readme for the config files Signed-off-by: brianherrera --- README.md | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 506d9d0..5da1b38 100644 --- a/README.md +++ b/README.md @@ -1 +1,12 @@ -# o3de-jenkins-pipeline \ No newline at end of file +# o3de-jenkins-pipeline + + +## Jenkins Configuration + +The O3DE Jenkins pipeline is configured using the JCasC plugin. This allows the settings to be defined using yaml files stored in the repo and prevents users from having to manually configure Jenkins on startup. + +These files are located in the configs/ directory. There is a main jenkins.yaml file that contains the recommended default settings to run the pipeline. You can customize your Jenkins setup by editing this file. There are also template files that can be used for other optional settings. You can either copy the contents of these files into jenkins.yaml or copy it into new yaml file. + + +### Config File location +The config files must be located in the configs/ directory so that they found by the plugin. The plugin also supports having multiple yaml files and will locate all files having the .yml/.yaml extention. From a3d689d8c6ab97d765fd569db41343a5f877f037 Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 15:08:31 -0800 Subject: [PATCH 4/9] Correct errors in readme Signed-off-by: brianherrera --- README.md | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.md b/README.md index 5da1b38..21e413d 100644 --- a/README.md +++ b/README.md @@ -5,8 +5,8 @@ The O3DE Jenkins pipeline is configured using the JCasC plugin. This allows the settings to be defined using yaml files stored in the repo and prevents users from having to manually configure Jenkins on startup. -These files are located in the configs/ directory. There is a main jenkins.yaml file that contains the recommended default settings to run the pipeline. You can customize your Jenkins setup by editing this file. There are also template files that can be used for other optional settings. You can either copy the contents of these files into jenkins.yaml or copy it into new yaml file. +These files are located in the configs/ directory. There is a main jenkins.yaml file that contains the recommended default settings to run the pipeline. You can customize your Jenkins setup by editing this file. There are also template files that can be used for other optional settings. You can either copy the contents of these files into jenkins.yaml or copy it into a new yaml file. ### Config File location -The config files must be located in the configs/ directory so that they found by the plugin. The plugin also supports having multiple yaml files and will locate all files having the .yml/.yaml extention. +The config files must be located in the configs/ directory so that they are found by the plugin. The plugin also supports having multiple yaml files and will locate all files having the .yml/.yaml extention. From 7ee15cbca545babbdc4b4735d1cd2571f754532c Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 16:25:58 -0800 Subject: [PATCH 5/9] Add link for build failure analyzer plugin doc Signed-off-by: brianherrera --- configs/build_failure_analyzer_plugin.template | 1 + 1 file changed, 1 insertion(+) diff --git a/configs/build_failure_analyzer_plugin.template b/configs/build_failure_analyzer_plugin.template index 8a50c0a..93ec373 100644 --- a/configs/build_failure_analyzer_plugin.template +++ b/configs/build_failure_analyzer_plugin.template @@ -1,4 +1,5 @@ # Config for Build Failure Analyzer plugin +# See: https://plugins.jenkins.io/build-failure-analyzer/ # Example: Setup using MongoDB unclassified: buildFailureAnalyzer: From ea6e91d15bac8050c9e6341a14f303847ec46911 Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 16:29:59 -0800 Subject: [PATCH 6/9] Add missing new line to template files Signed-off-by: brianherrera --- configs/aws_s3_artifact_plugin.template | 2 +- configs/credentials.template | 2 +- configs/global_env_var.template | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/configs/aws_s3_artifact_plugin.template b/configs/aws_s3_artifact_plugin.template index 69c7476..0028120 100644 --- a/configs/aws_s3_artifact_plugin.template +++ b/configs/aws_s3_artifact_plugin.template @@ -8,4 +8,4 @@ unclassified: artifactManager: artifactManagerFactories: - jclouds: - provider: "s3" \ No newline at end of file + provider: "s3" diff --git a/configs/credentials.template b/configs/credentials.template index 64f2f10..c4db96e 100644 --- a/configs/credentials.template +++ b/configs/credentials.template @@ -18,4 +18,4 @@ credentials: id: "password-access" password: "" scope: GLOBAL - username: "" \ No newline at end of file + username: "" diff --git a/configs/global_env_var.template b/configs/global_env_var.template index b1b0c05..036aaa9 100644 --- a/configs/global_env_var.template +++ b/configs/global_env_var.template @@ -7,4 +7,4 @@ jenkins: - key: "" value: "" - key: "" - value: "" \ No newline at end of file + value: "" From 747c8d9c6297fec3ce784a0ed7e0ae50c1c49f1f Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 16:37:06 -0800 Subject: [PATCH 7/9] Add comment for user to replace in templates Signed-off-by: brianherrera --- configs/aws_ec2_plugin.template | 1 + configs/aws_s3_artifact_plugin.template | 1 + configs/build_failure_analyzer_plugin.template | 3 ++- configs/credentials.template | 1 + configs/global_env_var.template | 1 + configs/matrix_authorization.template | 1 + 6 files changed, 7 insertions(+), 1 deletion(-) diff --git a/configs/aws_ec2_plugin.template b/configs/aws_ec2_plugin.template index 184ddfb..b92fb93 100644 --- a/configs/aws_ec2_plugin.template +++ b/configs/aws_ec2_plugin.template @@ -1,5 +1,6 @@ # Config for AWS EC2 plugin # AWS Clouds are configured by region. Add a new '- amazonEC2' entry under clouds to add new regions. +# Replace with the required parameters # Add a new '- ami' entry under templates to add new build node configs. jenkins: clouds: diff --git a/configs/aws_s3_artifact_plugin.template b/configs/aws_s3_artifact_plugin.template index 0028120..70b646c 100644 --- a/configs/aws_s3_artifact_plugin.template +++ b/configs/aws_s3_artifact_plugin.template @@ -1,4 +1,5 @@ # Config for AWS S3 artifact storage plugin +# Replace with the required parameters aws: awsCredentials: region: ">" diff --git a/configs/build_failure_analyzer_plugin.template b/configs/build_failure_analyzer_plugin.template index 93ec373..0b89516 100644 --- a/configs/build_failure_analyzer_plugin.template +++ b/configs/build_failure_analyzer_plugin.template @@ -1,5 +1,6 @@ # Config for Build Failure Analyzer plugin -# See: https://plugins.jenkins.io/build-failure-analyzer/ +# See: https://plugins.jenkins.io/build-failure-analyzer/ +# Replace with the required parameters # Example: Setup using MongoDB unclassified: buildFailureAnalyzer: diff --git a/configs/credentials.template b/configs/credentials.template index c4db96e..032c847 100644 --- a/configs/credentials.template +++ b/configs/credentials.template @@ -1,5 +1,6 @@ # Config for Jenkins credentials # Do not add credential values directly to this file. +# Replace with the required parameters # See: https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/docs/features/secrets.adoc credentials: system: diff --git a/configs/global_env_var.template b/configs/global_env_var.template index 036aaa9..f6141a4 100644 --- a/configs/global_env_var.template +++ b/configs/global_env_var.template @@ -1,5 +1,6 @@ # Config for Jenkins global environment variables # Add a new key/value pair under env to add new entries +# Replace with the required parameters jenkins: globalNodeProperties: - envVars: diff --git a/configs/matrix_authorization.template b/configs/matrix_authorization.template index 3a68d43..302eb9a 100644 --- a/configs/matrix_authorization.template +++ b/configs/matrix_authorization.template @@ -1,5 +1,6 @@ # Config for Project-based Matrix Authorization Strategy # Use this file to grant additional permissions +# Replace with the required parameters # Default admin role granted in jenkins.yaml jenkins: authorizationStrategy: From 6bf1e643ae4c49879fef3b013045e8bdc2b682bb Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 16:40:28 -0800 Subject: [PATCH 8/9] Set default region and az Signed-off-by: brianherrera --- configs/aws_ec2_plugin.template | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/configs/aws_ec2_plugin.template b/configs/aws_ec2_plugin.template index b92fb93..b846b99 100644 --- a/configs/aws_ec2_plugin.template +++ b/configs/aws_ec2_plugin.template @@ -5,13 +5,13 @@ jenkins: clouds: - amazonEC2: - # Example: cloud setup in us-west-2 + # Example: cloud setup in ${AWS_REGION} cloudName: "" instanceCapStr: "100" # A cap can also be set for each AMI config. - region: "us-west-2" + region: "${AWS_REGION}" sshKeysCredentialsId: "" # Use the ssh credential ID created in credentials.yaml templates: - # Example: Linux build node using SSH in us-west-2a + # Example: Linux build node using SSH in ${AWS_REGION}${AWS_AZ} - ami: "${LINUX_AMI_ID}" amiType: unixData: @@ -40,4 +40,4 @@ jenkins: tenancy: Default type: # e.g. C54xlarge useEphemeralDevices: false - zone: "us-west-2a" + zone: "${AWS_REGION}${AWS_AZ}" From b72ec91864f1cf3267f8e0553366426db3929cc7 Mon Sep 17 00:00:00 2001 From: brianherrera Date: Fri, 21 Jan 2022 16:43:42 -0800 Subject: [PATCH 9/9] Fix typo Signed-off-by: brianherrera --- configs/aws_s3_artifact_plugin.template | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/configs/aws_s3_artifact_plugin.template b/configs/aws_s3_artifact_plugin.template index 70b646c..874d276 100644 --- a/configs/aws_s3_artifact_plugin.template +++ b/configs/aws_s3_artifact_plugin.template @@ -2,7 +2,7 @@ # Replace with the required parameters aws: awsCredentials: - region: ">" + region: "" s3: container: "" unclassified: