From 1d871e7ff2eb857bb7ebc9a00122c71dbbff13b6 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Mon, 28 May 2018 02:05:13 +0200 Subject: [PATCH 01/11] Create a base demo for CasC Plugin --- Dockerfile | 2 + .../OwnershipBasedSecurityHelper.groovy | 95 ------------------- .../src/main/groovy/scripts/Auth.groovy | 20 +--- .../main/groovy/scripts/MasterComputer.groovy | 24 ----- .../src/main/groovy/scripts/System.groovy | 7 -- jenkins.yaml | 95 +++++++++++++++++++ plugins.txt | 3 +- 7 files changed, 101 insertions(+), 145 deletions(-) delete mode 100644 init_scripts/src/main/groovy/io/jenkins/systemgroovy/plugins/OwnershipBasedSecurityHelper.groovy create mode 100644 jenkins.yaml diff --git a/Dockerfile b/Dockerfile index d2a893f..2889736 100644 --- a/Dockerfile +++ b/Dockerfile @@ -29,4 +29,6 @@ VOLUME /var/jenkins_home/pipeline-libs EXPOSE 5005 COPY jenkins2.sh /usr/local/bin/jenkins2.sh +ENV CASC_JENKINS_CONFIG=/var/jenkins_home/jenkins.yaml +COPY jenkins.yaml /var/jenkins_home/jenkins.yaml ENTRYPOINT ["tini", "--", "/usr/local/bin/jenkins2.sh"] diff --git a/init_scripts/src/main/groovy/io/jenkins/systemgroovy/plugins/OwnershipBasedSecurityHelper.groovy b/init_scripts/src/main/groovy/io/jenkins/systemgroovy/plugins/OwnershipBasedSecurityHelper.groovy deleted file mode 100644 index 0f5727f..0000000 --- a/init_scripts/src/main/groovy/io/jenkins/systemgroovy/plugins/OwnershipBasedSecurityHelper.groovy +++ /dev/null @@ -1,95 +0,0 @@ -package io.jenkins.systemgroovy.plugins - -import com.michelin.cio.hudson.plugins.rolestrategy.Role -import com.michelin.cio.hudson.plugins.rolestrategy.RoleMap -import hudson.model.Computer -import hudson.model.Item -import hudson.model.Run -import hudson.security.Permission -import jenkins.model.Jenkins - - -// https://github.com/jenkinsci/ownership-plugin/blob/master/doc/OwnershipBasedSecurity.md#role-based-strategy-integration - -/** - * @author Oleg Nenashev. - * @since TODO - */ -class OwnershipBasedSecurityHelper { - - static RoleMap getGlobalAdminAndAnonymousRoles() { - Set adminPermissions = new HashSet() - adminPermissions.add(Jenkins.ADMINISTER) - Role adminRole = createRole("administrator", ".*", adminPermissions) - - Set anonymousPermissions = new HashSet([Jenkins.READ, Item.READ, Item.DISCOVER]) - Role anonymousRole = createRole("anonymous", ".*", anonymousPermissions) - - //TODO: This is a weird hack, which allows running WorkflowRun instances any node - //TODO: Jenkins.getACL() returns RootACL for node, hence we cannot use Node-specific security settings - // We need it to Run Pipeline Jobs. Ideally a RoleStrategy macro should be created. - // If "-Dio.jenkins.dev.security.allowRunsOnMaster" is "false", the Master node will be protected by - // Job Restrictions settings. Nodes have to be protected by Job Restrictions as well. - // Otherwise any user will be able to run whatever stuff on that nodes... - Set masterBuildPermission = new HashSet([Computer.BUILD]) - Role nodeBuildKillSwitch = createRole("BuildAnythingOnNode", ".*", masterBuildPermission) - - final SortedMap> grantedRoles = new TreeMap>() - grantedRoles.put(adminRole, singleSid("admin")) - grantedRoles.put(anonymousRole, singleSid("anonymous")) - grantedRoles.put(nodeBuildKillSwitch, singleSid("authenticated")) - - return new RoleMap(grantedRoles) - } - - static RoleMap getProjectRoleMap() { - Set ownerPermissions = new HashSet() - // Disabled: Ownership settings come from the directory, and we do not want the user to work with them - // ownerPermissions.add(com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.MANAGE_ITEMS_OWNERSHIP); - ownerPermissions.addAll(Item.PERMISSIONS.permissions) - ownerPermissions.addAll(Run.PERMISSIONS.permissions) - Role ownerRole = createRole("@OwnerNoSid", ".*", ownerPermissions) - - Set coownerPermissions = new HashSet() - coownerPermissions.addAll(Item.PERMISSIONS.permissions) - coownerPermissions.addAll(Run.PERMISSIONS.permissions) - coownerPermissions.removeAll([Item.DELETE, Run.DELETE]) - Role coOwnerRole = createRole("@CoOwnerNoSid", ".*", coownerPermissions) - - return createRoleMapForSid("authenticated", ownerRole, coOwnerRole) - } - - static RoleMap getComputerRoleMap() { - Set ownerPermissions = new HashSet() - // Disabled: Ownership settings for agents are managed by Config-as-Code - // ownerPermissions.add(com.synopsys.arc.jenkins.plugins.ownership.OwnershipPlugin.MANAGE_SLAVES_OWNERSHIP); - ownerPermissions.addAll(Computer.PERMISSIONS.getPermissions()) - Role ownerRole = createRole("@OwnerNoSid", ".*", ownerPermissions) - - Set coownerPermissions = new HashSet() - coownerPermissions.addAll(Computer.PERMISSIONS.getPermissions()) - coownerPermissions.removeAll([Computer.DELETE, Computer.CONFIGURE]) - Role coOwnerRole = createRole("@CoOwnerNoSid", ".*", coownerPermissions) - - return createRoleMapForSid("authenticated", ownerRole, coOwnerRole) - } - - // TODO: Should be replaced by RoleStrategy API - private static Role createRole(String name, String pattern, Set permissions) { - return new Role(name, pattern, permissions) - } - - private static RoleMap createRoleMapForSid(String sid, Role... roles) { - final SortedMap> grantedRoles = new TreeMap>() - for (Role role : roles) { - grantedRoles.put(role, singleSid(sid)) - } - return new RoleMap(grantedRoles) - } - - private static Set singleSid(String sid) { - return new TreeSet([sid]) - } - - -} diff --git a/init_scripts/src/main/groovy/scripts/Auth.groovy b/init_scripts/src/main/groovy/scripts/Auth.groovy index a2d6389..82b5bf6 100644 --- a/init_scripts/src/main/groovy/scripts/Auth.groovy +++ b/init_scripts/src/main/groovy/scripts/Auth.groovy @@ -1,8 +1,3 @@ -import com.michelin.cio.hudson.plugins.rolestrategy.RoleBasedAuthorizationStrategy -import com.michelin.cio.hudson.plugins.rolestrategy.RoleMap -import com.synopsys.arc.jenkins.plugins.rolestrategy.RoleType -import hudson.security.HudsonPrivateSecurityRealm -import io.jenkins.systemgroovy.plugins.OwnershipBasedSecurityHelper import jenkins.model.Jenkins import jenkins.security.QueueItemAuthenticatorConfiguration import hudson.model.* @@ -12,25 +7,14 @@ import org.jenkinsci.plugins.authorizeproject.strategy.TriggeringUsersAuthorizat boolean createAdmin = Boolean.getBoolean("io.jenkins.dev.security.createAdmin") -println("=== Installing the Security Realm") -def securityRealm = new HudsonPrivateSecurityRealm(false) +println("=== Configuring users") +def securityRealm = Jenkins.instance.getSecurityRealm() User user = securityRealm.createAccount("user", "user") user.setFullName("User") if (createAdmin) { User admin = securityRealm.createAccount("admin", "admin") admin.setFullName("Admin") } -Jenkins.instance.setSecurityRealm(securityRealm) - -println("=== Installing the Role-Based Authorization strategy") -RoleBasedAuthorizationStrategy strategy = new RoleBasedAuthorizationStrategy() -def grantedRoles = new HashMap() -grantedRoles.put(RoleType.Project.stringType, OwnershipBasedSecurityHelper.projectRoleMap) -grantedRoles.put(RoleType.Slave.stringType, OwnershipBasedSecurityHelper.computerRoleMap) -grantedRoles.put(RoleType.Global.stringType, OwnershipBasedSecurityHelper.globalAdminAndAnonymousRoles) - -strategy.@grantedRoles.putAll(grantedRoles) -Jenkins.instance.authorizationStrategy = strategy println("=== Configure Authorize Project") GlobalQueueItemAuthenticator auth = new GlobalQueueItemAuthenticator( diff --git a/init_scripts/src/main/groovy/scripts/MasterComputer.groovy b/init_scripts/src/main/groovy/scripts/MasterComputer.groovy index d3a9662..816e353 100644 --- a/init_scripts/src/main/groovy/scripts/MasterComputer.groovy +++ b/init_scripts/src/main/groovy/scripts/MasterComputer.groovy @@ -16,27 +16,3 @@ println("== Configuring Master computer") // Admin owns the node NodeOwnerHelper.setOwnership(Jenkins.instance, new OwnershipDescription(true, "admin")) -// Job restrictions -boolean allowRunsOnMaster = Boolean.getBoolean("io.jenkins.dev.security.allowRunsOnMaster") -if (allowRunsOnMaster) { - // TODO: Due to the BuildAnythingOnNode hack, there is actually no protection - println("Runs on Master are enabled. It is a bad idea from the security standpoint") - return -} - -// We allow running jobs in the SystemFolder owned by admin + whitelisted job types -// TODO: Job Restrictions API polishing would be really useful -OwnersListJobRestriction ownedByAdmin = new OwnersListJobRestriction([ new UserSelector("admin") ],false) -RegexNameRestriction inSystemFolder = new RegexNameRestriction("^System/.+", false) - -ClassSelector workflowJob = new ClassSelector(WorkflowJob.class.name) -JobClassNameRestriction whitelistedClasses = new JobClassNameRestriction([workflowJob]) - -Jenkins.instance.getNodeProperties().add( - new JobRestrictionProperty( - new OrJobRestriction( - new MultipleAndJobRestriction([ownedByAdmin, inSystemFolder]), - whitelistedClasses - ) - ) -) diff --git a/init_scripts/src/main/groovy/scripts/System.groovy b/init_scripts/src/main/groovy/scripts/System.groovy index 4bf6c08..74a5a45 100644 --- a/init_scripts/src/main/groovy/scripts/System.groovy +++ b/init_scripts/src/main/groovy/scripts/System.groovy @@ -12,17 +12,10 @@ println("-- System configuration") // TODO: Configure Job Restrictions, Script Security, Authorize Project, etc., etc. println("--- Configuring Remoting (JNLP4 only, no Remoting CLI)") CLI.get().enabled = false -Jenkins.instance.agentProtocols = new HashSet(["JNLP4-connect"]) Jenkins.instance.getExtensionList(StaplerProxy.class) .get(AdminWhitelistRule.class) .masterKillSwitch = false -println("--- Checking the CSRF protection") -if (Jenkins.instance.crumbIssuer == null) { - println "CSRF protection is disabled, Enabling the default Crumb Issuer" - Jenkins.instance.crumbIssuer = new DefaultCrumbIssuer(true) -} - println("--- Configuring Quiet Period") // We do not wait for anything Jenkins.instance.quietPeriod = 0 diff --git a/jenkins.yaml b/jenkins.yaml new file mode 100644 index 0000000..5cac8f3 --- /dev/null +++ b/jenkins.yaml @@ -0,0 +1,95 @@ +jenkins: + mode: NORMAL + numExecutors: 2 + agentProtocols: + - "JNLP4-connect" + - "Ping" + securityRealm: + local: + allowsSignup: false + enableCaptcha: false + nodeProperties: + - jobRestrictionProperty: + jobRestriction: + or: + first: + multipleAnd: + restrictions: + - ownersList: + usersList: + - selectedUserId: "admin" + acceptsCoOwners: false + - regexNameRestriction: + checkShortName: false + regexExpression: "^System/.+" + second: + jobClassNameRestriction: + jobClasses: + - selectedClass: "org.jenkinsci.plugins.workflow.job.WorkflowJob" + crumbIssuer: + standard: + excludeClientIPFromCrumb: true + disableRememberMe: false + scmCheckoutRetryCount: 0 + projectNamingStrategy: "standard" + markupFormatter: "plainText" + slaveAgentPort: 50000 + myViewsTabBar: "standard" + viewsTabBar: "standard" + + authorizationStrategy: + roleStrategy: + roles: + global: + - name: "admin" + description: "Jenkins administrators" + permissions: + - "Overall/Administer" + assignments: + - "admin" + - name: "readonly" + description: "Read-only users" + permissions: + - "Overall/Read" + - "Job/Read" + - "Agent/Build" + assignments: + - "authenticated" + items: + - name: "@OwnerNoSid" + description: "Primary Owners" + pattern: ".*" + permissions: + - "Job/Configure" + - "Job/Build" + - "Job/Delete" + - "Run/Delete" + assignments: + - "authenticated" + - name: "@CoOwnerNoSid" + description: "Secondary Owners" + pattern: ".*" + permissions: + - "Job/Configure" + - "Job/Build" + assignments: + - "authenticated" + agents: + - name: "@OwnerNoSid" + description: "Primary Owners" + pattern: ".*" + permissions: + - "Agent/Configure" + - "Agent/Build" + - "Agent/Delete" + - "Agent/Build" + assignments: + - "authenticated" + - name: "@CoOwnerNoSid" + description: "Secondary Owners" + pattern: ".*" + permissions: + - "Agent/Connect" + - "Agent/Build" + assignments: + - "authenticated" diff --git a/plugins.txt b/plugins.txt index c10ca44..24a81e6 100644 --- a/plugins.txt +++ b/plugins.txt @@ -21,4 +21,5 @@ findbugs:4.72 parallel-test-executor:1.10 email-ext:2.62 jacoco:2.2.1 -cobertura:1.12.1 \ No newline at end of file +cobertura:1.12.1 +configuration-as-code:experimental \ No newline at end of file From 935d41190704ab3ddb5908ced1b5b805dd03e94f Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Tue, 19 Jun 2018 11:04:42 +0200 Subject: [PATCH 02/11] Update the branch to support Java 10 --- Dockerfile | 2 +- plugins.txt | 3 ++- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2889736..e5653ca 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:2.107.3 +FROM jenkins/jenkins-experimental:latest-jdk10 MAINTAINER Oleg Nenashev LABEL Description="This demo shows how to setup Jenkins Config-as-Code with Docker, Pipeline, and Groovy Hook Scripts" Vendor="Oleg Nenashev" Version="0.2" diff --git a/plugins.txt b/plugins.txt index 24a81e6..07516b5 100644 --- a/plugins.txt +++ b/plugins.txt @@ -22,4 +22,5 @@ parallel-test-executor:1.10 email-ext:2.62 jacoco:2.2.1 cobertura:1.12.1 -configuration-as-code:experimental \ No newline at end of file +configuration-as-code:experimental +jdk-tool:1.1 \ No newline at end of file From cb83b61d1efbc9ebcf69b3e413818b91c4711057 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Tue, 19 Jun 2018 14:55:47 +0200 Subject: [PATCH 03/11] Update Pipeline: Support plugin to the version which runs Pipeline --- Dockerfile | 5 +- download-and-check-updates.sh | 304 ---------------------------------- plugins.txt | 1 + 3 files changed, 3 insertions(+), 307 deletions(-) delete mode 100755 download-and-check-updates.sh diff --git a/Dockerfile b/Dockerfile index e5653ca..6d27859 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,11 +1,10 @@ -FROM jenkins/jenkins-experimental:latest-jdk10 +FROM jenkins/jenkins-experimental:latest-jdk10-incrementals MAINTAINER Oleg Nenashev LABEL Description="This demo shows how to setup Jenkins Config-as-Code with Docker, Pipeline, and Groovy Hook Scripts" Vendor="Oleg Nenashev" Version="0.2" ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental COPY plugins.txt /usr/share/jenkins/ref/plugins.txt -COPY download-and-check-updates.sh /usr/local/bin/download-and-check-updates.sh -RUN /usr/local/bin/download-and-check-updates.sh < /usr/share/jenkins/ref/plugins.txt +RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt COPY init_scripts/src/main/groovy/ /usr/share/jenkins/ref/init.groovy.d/ diff --git a/download-and-check-updates.sh b/download-and-check-updates.sh deleted file mode 100755 index 0759050..0000000 --- a/download-and-check-updates.sh +++ /dev/null @@ -1,304 +0,0 @@ -#!/bin/bash -eu - -# Resolve dependencies and download plugins given on the command line -# -# FROM jenkins -# RUN install-plugins.sh docker-slaves github-branch-source -# TODO: Remove the file once check-for-updates is supported in the parent Dockerfile -set -o pipefail - -REF_DIR=${REF:-/usr/share/jenkins/ref/plugins} -FAILED="$REF_DIR/failed-plugins.txt" - -. /usr/local/bin/jenkins-support - -getLockFile() { - printf '%s' "$REF_DIR/${1}.lock" -} - -getArchiveFilename() { - printf '%s' "$REF_DIR/${1}.jpi" -} - -download() { - local plugin originalPlugin version lock ignoreLockFile - plugin="$1" - version="${2:-latest}" - ignoreLockFile="${3:-}" - lock="$(getLockFile "$plugin")" - - if [[ $ignoreLockFile ]] || mkdir "$lock" &>/dev/null; then - if ! doDownload "$plugin" "$version"; then - # some plugin don't follow the rules about artifact ID - # typically: docker-plugin - originalPlugin="$plugin" - plugin="${plugin}-plugin" - if ! doDownload "$plugin" "$version"; then - echo "Failed to download plugin: $originalPlugin or $plugin" >&2 - echo "Not downloaded: ${originalPlugin}" >> "$FAILED" - return 1 - fi - fi - - if ! checkIntegrity "$plugin"; then - echo "Downloaded file is not a valid ZIP: $(getArchiveFilename "$plugin")" >&2 - echo "Download integrity: ${plugin}" >> "$FAILED" - return 1 - fi - - resolveDependencies "$plugin" - fi -} - -doDownload() { - local plugin version url jpi - plugin="$1" - version="$2" - jpi="$(getArchiveFilename "$plugin")" - - # If plugin already exists and is the same version do not download - if test -f "$jpi" && unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | grep "^Plugin-Version: ${version}$" > /dev/null; then - echo "Using provided plugin: $plugin" - return 0 - fi - - if [[ "$version" == "latest" && -n "$JENKINS_UC_LATEST" ]]; then - # If version-specific Update Center is available, which is the case for LTS versions, - # use it to resolve latest versions. - url="$JENKINS_UC_LATEST/latest/${plugin}.hpi" - elif [[ "$version" == "experimental" && -n "$JENKINS_UC_EXPERIMENTAL" ]]; then - # Download from the experimental update center - url="$JENKINS_UC_EXPERIMENTAL/latest/${plugin}.hpi" - else - JENKINS_UC_DOWNLOAD=${JENKINS_UC_DOWNLOAD:-"$JENKINS_UC/download"} - url="$JENKINS_UC_DOWNLOAD/plugins/$plugin/$version/${plugin}.hpi" - fi - - echo "Downloading plugin: $plugin from $url" - curl --connect-timeout "${CURL_CONNECTION_TIMEOUT:-20}" --retry "${CURL_RETRY:-5}" --retry-delay "${CURL_RETRY_DELAY:-0}" --retry-max-time "${CURL_RETRY_MAX_TIME:-60}" -s -f -L "$url" -o "$jpi" - return $? -} - -checkIntegrity() { - local plugin jpi - plugin="$1" - jpi="$(getArchiveFilename "$plugin")" - - unzip -t -qq "$jpi" >/dev/null - return $? -} - -resolveDependencies() { - local plugin jpi dependencies - plugin="$1" - jpi="$(getArchiveFilename "$plugin")" - - dependencies="$(unzip -p "$jpi" META-INF/MANIFEST.MF | tr -d '\r' | tr '\n' '|' | sed -e 's#| ##g' | tr '|' '\n' | grep "^Plugin-Dependencies: " | sed -e 's#^Plugin-Dependencies: ##')" - - if [[ ! $dependencies ]]; then - echo " > $plugin has no dependencies" - return - fi - - echo " > $plugin depends on $dependencies" - - IFS=',' read -r -a array <<< "$dependencies" - - for d in "${array[@]}" - do - plugin="$(cut -d':' -f1 - <<< "$d")" - if [[ $d == *"resolution:=optional"* ]]; then - echo "Skipping optional dependency $plugin" - else - local pluginInstalled - if pluginInstalled="$(echo -e "${bundledPlugins}\n${installedPlugins}" | grep "^${plugin}:")"; then - pluginInstalled="${pluginInstalled//[$'\r']}" - local versionInstalled; versionInstalled=$(versionFromPlugin "${pluginInstalled}") - local minVersion; minVersion=$(versionFromPlugin "${d}") - if versionLT "${versionInstalled}" "${minVersion}"; then - echo "Upgrading bundled dependency $d ($minVersion > $versionInstalled)" - download "$plugin" & - else - echo "Skipping already installed dependency $d ($minVersion <= $versionInstalled)" - fi - else - download "$plugin" & - fi - fi - done - wait -} - -bundledPlugins() { - local JENKINS_WAR=/usr/share/jenkins/jenkins.war - if [ -f $JENKINS_WAR ] - then - TEMP_PLUGIN_DIR=/tmp/plugintemp.$$ - for i in $(jar tf $JENKINS_WAR | grep -E '[^detached-]plugins.*\..pi' | sort) - do - rm -fr $TEMP_PLUGIN_DIR - mkdir -p $TEMP_PLUGIN_DIR - PLUGIN=$(basename "$i"|cut -f1 -d'.') - (cd $TEMP_PLUGIN_DIR;jar xf "$JENKINS_WAR" "$i";jar xvf "$TEMP_PLUGIN_DIR/$i" META-INF/MANIFEST.MF >/dev/null 2>&1) - VER=$(grep -E -i Plugin-Version "$TEMP_PLUGIN_DIR/META-INF/MANIFEST.MF"|cut -d: -f2|sed 's/ //') - echo "$PLUGIN:$VER" - done - rm -fr $TEMP_PLUGIN_DIR - else - rm -f "$TEMP_ALREADY_INSTALLED" - echo "ERROR file not found: $JENKINS_WAR" - exit 1 - fi -} - -versionFromPlugin() { - local plugin=$1 - if [[ $plugin =~ .*:.* ]]; then - echo "${plugin##*:}" - else - echo "latest" - fi - -} - -installedPlugins() { - for f in "$REF_DIR"/*.jpi; do - echo "$(basename "$f" | sed -e 's/\.jpi//'):$(get_plugin_version "$f")" - done -} - -availableUpdates() { - local url - if [[ -n "$JENKINS_UC_LATEST" ]]; then - # If version-specific Update Center is available, which is the case for LTS versions, - # use it to resolve latest versions. - url="$JENKINS_UC_LATEST/update-center.actual.json" - else - JENKINS_UC_DOWNLOAD=${JENKINS_UC_DOWNLOAD:-"$JENKINS_UC/download"} - url="$JENKINS_UC_DOWNLOAD/update-center.actual.json" - fi - local jqExecutable="$REF_DIR/jq" - local ucMetadataFile="$REF_DIR/uc.json" - - local updatesFile="$REF_DIR/availableUpdates.txt" - - # TODO: do jq installation in Dockerfile so that it comes from cache when plugin list is refreshed - local failureReason="" - curl --connect-timeout "${CURL_CONNECTION_TIMEOUT:-20}" \ - --retry "${CURL_RETRY:-5}" --retry-delay "${CURL_RETRY_DELAY:-0}" --retry-max-time "${CURL_RETRY_MAX_TIME:-60}" \ - -s -f -L "https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64" -o "$jqExecutable" \ - || failureReason="Cannot retrieve the jq executable, error code: $?" - chmod +x ${jqExecutable} || failureReason="Cannot chmod +x ${jqExecutable}, error code: $?" - - curl --connect-timeout "${CURL_CONNECTION_TIMEOUT:-20}" \ - --retry "${CURL_RETRY:-5}" --retry-delay "${CURL_RETRY_DELAY:-0}" --retry-max-time "${CURL_RETRY_MAX_TIME:-60}" \ - -s -f -L "$url" -o "$ucMetadataFile" \ - || failureReason="Cannot retrieve the UC metadata from ${url}, error code: $?" - - if [[ -n "$failureReason" ]] ; then - echo "Cannot check for updates: $failureReason" - else - for f in "$REF_DIR"/*.jpi; do - local pluginName=$(basename "$f" | sed -e 's/\.jpi//') - local versionInstalled=$(get_plugin_version "$f") - local latestVersion=$(cat "$ucMetadataFile" | ${jqExecutable} -r ".plugins[\"${pluginName}\"].version") - if versionLT "${versionInstalled}" "${latestVersion}"; then - echo "$pluginName:$versionInstalled:$latestVersion" >> $updatesFile - # Also report it in the build log - echo "$pluginName:$versionInstalled:$latestVersion" - fi - done - fi -} - -jenkinsMajorMinorVersion() { - local JENKINS_WAR - JENKINS_WAR=/usr/share/jenkins/jenkins.war - if [[ -f "$JENKINS_WAR" ]]; then - local version major minor - version="$(java -jar /usr/share/jenkins/jenkins.war --version)" - major="$(echo "$version" | cut -d '.' -f 1)" - minor="$(echo "$version" | cut -d '.' -f 2)" - echo "$major.$minor" - else - echo "ERROR file not found: $JENKINS_WAR" - return 1 - fi -} - -main() { - local plugin pluginVersion jenkinsVersion - local plugins=() - - mkdir -p "$REF_DIR" || exit 1 - - # Read plugins from stdin or from the command line arguments - if [[ ($# -eq 0) ]]; then - while read -r line || [ "$line" != "" ]; do - # Remove leading/trailing spaces, comments, and empty lines - plugin=$(echo "${line}" | tr -d '\r' | sed -e 's/^[ \t]*//g' -e 's/[ \t]*$//g' -e 's/[ \t]*#.*$//g' -e '/^[ \t]*$/d') - - # Avoid adding empty plugin into array - if [ ${#plugin} -ne 0 ]; then - plugins+=("${plugin}") - fi - done - else - plugins=("$@") - fi - - # Create lockfile manually before first run to make sure any explicit version set is used. - echo "Creating initial locks..." - for plugin in "${plugins[@]}"; do - mkdir "$(getLockFile "${plugin%%:*}")" - done - - echo "Analyzing war..." - bundledPlugins="$(bundledPlugins)" - - echo "Registering preinstalled plugins..." - installedPlugins="$(installedPlugins)" - - # Check if there's a version-specific update center, which is the case for LTS versions - jenkinsVersion="$(jenkinsMajorMinorVersion)" - if curl -fsL -o /dev/null "$JENKINS_UC/$jenkinsVersion"; then - JENKINS_UC_LATEST="$JENKINS_UC/$jenkinsVersion" - echo "Using version-specific update center: $JENKINS_UC_LATEST..." - else - JENKINS_UC_LATEST= - fi - - echo "Downloading plugins..." - for plugin in "${plugins[@]}"; do - pluginVersion="" - - if [[ $plugin =~ .*:.* ]]; then - pluginVersion=$(versionFromPlugin "${plugin}") - plugin="${plugin%%:*}" - fi - - download "$plugin" "$pluginVersion" "true" & - done - wait - - echo - echo "WAR bundled plugins:" - echo "${bundledPlugins}" - echo - echo "Installed plugins:" - installedPlugins - echo - echo "Available updates:" - availableUpdates - echo - - if [[ -f $FAILED ]]; then - echo "Some plugins failed to download!" "$(<"$FAILED")" >&2 - exit 1 - fi - - echo "Cleaning up locks" - rm -r "$REF_DIR"/*.lock -} - -main "$@" \ No newline at end of file diff --git a/plugins.txt b/plugins.txt index 07516b5..ec31e4d 100644 --- a/plugins.txt +++ b/plugins.txt @@ -2,6 +2,7 @@ matrix-auth:2.2 cloudbees-folder:6.4 workflow-aggregator:2.5 workflow-cps:2.53 +workflow-support:incrementals;org.jenkins-ci.plugins.workflow;2.19-rc295.e017dc58c0a3 git:3.9.0 timestamper:1.8.10 yet-another-docker-plugin:0.1.0-rc47 From 579239b13e8964128ad21fbf985e61f4a179a6e3 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Tue, 19 Jun 2018 22:34:27 +0200 Subject: [PATCH 04/11] Switch to the BlueOcean image --- Dockerfile | 4 +++- plugins.txt | 1 - 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/Dockerfile b/Dockerfile index 6d27859..3912ac5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,7 +1,9 @@ -FROM jenkins/jenkins-experimental:latest-jdk10-incrementals +FROM jenkins/jenkins-experimental:blueocean-jdk10 MAINTAINER Oleg Nenashev LABEL Description="This demo shows how to setup Jenkins Config-as-Code with Docker, Pipeline, and Groovy Hook Scripts" Vendor="Oleg Nenashev" Version="0.2" +USER root + ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental COPY plugins.txt /usr/share/jenkins/ref/plugins.txt RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt diff --git a/plugins.txt b/plugins.txt index ec31e4d..5711bae 100644 --- a/plugins.txt +++ b/plugins.txt @@ -14,7 +14,6 @@ authorize-project:1.3.0 security-inspector:0.4 monitoring:1.72.0 locale:1.2 -blueocean:1.5.0 filesystem_scm:2.1 junit:1.24 checkstyle:3.50 From babd78d01007189102808c64500559231e75501b Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Thu, 21 Jun 2018 16:47:19 +0200 Subject: [PATCH 05/11] Add support of JDK 10 and JDK 11 build agents --- README.md | 4 ++- agent-jdk10/Dockerfile | 14 ++++++++ agent-jdk11/Dockerfile | 14 ++++++++ {agent => agent-jdk8}/Dockerfile | 2 +- .../groovy/demo/jenkins-buildPlugin.groovy | 2 +- .../src/main/groovy/scripts/Docker.groovy | 36 ++++++++++--------- 6 files changed, 53 insertions(+), 19 deletions(-) create mode 100644 agent-jdk10/Dockerfile create mode 100644 agent-jdk11/Dockerfile rename {agent => agent-jdk8}/Dockerfile (94%) diff --git a/README.md b/README.md index d8a117f..926e163 100644 --- a/README.md +++ b/README.md @@ -93,7 +93,9 @@ for high-speed builds with Maven repository caching. For this purpose there is a custom Dockerfile in the `/agent` folder. ```shell -cd agent && docker build -t onenashev/demo-jenkins-maven-builder . +cd agent-jdk8 && docker build -t onenashev/demo-jenkins-maven-builder:jdk8 . +cd agent-jdk10 && docker build -t onenashev/demo-jenkins-maven-builder:jdk10 . +cd agent-jdk11 && docker build -t onenashev/demo-jenkins-maven-builder:jdk11 . ``` #### Master diff --git a/agent-jdk10/Dockerfile b/agent-jdk10/Dockerfile new file mode 100644 index 0000000..ffa00b1 --- /dev/null +++ b/agent-jdk10/Dockerfile @@ -0,0 +1,14 @@ +### +# Custom agent build: +# Image name: onenashev/demo-jenkins-maven-builder +### +FROM maven:3.5.3-jdk-10 +MAINTAINER Oleg Nenashev + +LABEL Description="This is an agent image for the configuration-as-code demo" Vendor="Oleg Nenashev" Version="0.1" + +#TODO: Consider moving image to the "jenkins" user instead of root +RUN mkdir /root/.jenkins +VOLUME /root/.jenkins +VOLUME /root/.m2 +WORKDIR /root diff --git a/agent-jdk11/Dockerfile b/agent-jdk11/Dockerfile new file mode 100644 index 0000000..b6e78fb --- /dev/null +++ b/agent-jdk11/Dockerfile @@ -0,0 +1,14 @@ +### +# Custom agent build: +# Image name: onenashev/demo-jenkins-maven-builder +### +FROM maven:3.5.3-jdk-11 +MAINTAINER Oleg Nenashev + +LABEL Description="This is an agent image for the configuration-as-code demo" Vendor="Oleg Nenashev" Version="0.1" + +#TODO: Consider moving image to the "jenkins" user instead of root +RUN mkdir /root/.jenkins +VOLUME /root/.jenkins +VOLUME /root/.m2 +WORKDIR /root diff --git a/agent/Dockerfile b/agent-jdk8/Dockerfile similarity index 94% rename from agent/Dockerfile rename to agent-jdk8/Dockerfile index 33dbbd4..fe62db0 100644 --- a/agent/Dockerfile +++ b/agent-jdk8/Dockerfile @@ -2,7 +2,7 @@ # Custom agent build: # Image name: onenashev/demo-jenkins-maven-builder ### -FROM maven:3.5.0-jdk-8 +FROM maven:3.5.3-jdk-8 MAINTAINER Oleg Nenashev LABEL Description="This is an agent image for the configuration-as-code demo" Vendor="Oleg Nenashev" Version="0.1" diff --git a/init_scripts/src/main/groovy/demo/jenkins-buildPlugin.groovy b/init_scripts/src/main/groovy/demo/jenkins-buildPlugin.groovy index e863987..6d42976 100644 --- a/init_scripts/src/main/groovy/demo/jenkins-buildPlugin.groovy +++ b/init_scripts/src/main/groovy/demo/jenkins-buildPlugin.groovy @@ -1,3 +1,3 @@ -buildPlugin(platforms: ['linux'], +buildPlugin(platforms: ['linux', 'linux-jdk10'], repo: 'https://github.com/jenkinsci/job-restrictions-plugin.git', findbugs: [archive: true, unstableTotalAll: '0']) diff --git a/init_scripts/src/main/groovy/scripts/Docker.groovy b/init_scripts/src/main/groovy/scripts/Docker.groovy index 735f5b8..1fcc03f 100644 --- a/init_scripts/src/main/groovy/scripts/Docker.groovy +++ b/init_scripts/src/main/groovy/scripts/Docker.groovy @@ -62,29 +62,33 @@ defaultJnlpAgentTemplate.with { // User - jenkins (default) } +List imageTemplates = [ defaultJnlpAgentTemplate ] + // Custom image for Maven builds -MavenInstallation.DescriptorImpl mavenDescriptor = Jenkins.instance.getDescriptorByType(MavenInstallation.DescriptorImpl.class); -final DockerSlaveTemplate mavenBuilderTemplate = fromTemplate("onenashev/demo-jenkins-maven-builder") -mavenBuilderTemplate.with { - labelString = "docker linux mvnBuilder" - remoteFs = "/root" - ((DockerComputerJNLPLauncher)launcher).user = "root" - //TODO: Make volume names configurable - dockerContainerLifecycle.createContainer.volumes = ["maven-repo:/root/.m2", "jar-cache:/root/.jenkins"] - nodeProperties = [ - new ToolLocationNodeProperty( - // Maven from the parent Maven image, we do not want to run the installer each time - new ToolLocationNodeProperty.ToolLocation(mavenDescriptor,"mvn", "/usr/share/maven") - ) - ] +for (def jdk : [8, 10, 11]) { + MavenInstallation.DescriptorImpl mavenDescriptor = Jenkins.instance.getDescriptorByType(MavenInstallation.DescriptorImpl.class); + final DockerSlaveTemplate mavenBuilderTemplate = fromTemplate("onenashev/demo-jenkins-maven-builder:jdk${jdk}") + mavenBuilderTemplate.with { + labelString = "docker mvnBuilder " + (jdk == 8 ? "linux" : "linux-jdk${jdk}") + remoteFs = "/root" + ((DockerComputerJNLPLauncher) launcher).user = "root" + //TODO: Make volume names configurable + dockerContainerLifecycle.createContainer.volumes = ["maven-repo:/root/.m2", "jar-cache:/root/.jenkins"] + nodeProperties = [ + new ToolLocationNodeProperty( + // Maven from the parent Maven image, we do not want to run the installer each time + new ToolLocationNodeProperty.ToolLocation(mavenDescriptor, "mvn", "/usr/share/maven") + ) + ] + } + imageTemplates.add(mavenBuilderTemplate); } - Jenkins.instance.clouds.add( new DockerCloud( "docker-cloud", - [ defaultJnlpAgentTemplate, mavenBuilderTemplate ], + imageTemplates, 10, //TODO: YAD Plugin does not work well with this image and Unix sockets. Would be useful to migrate new DockerConnector("tcp://${host}:2376")) From 44b9dce0fc8a0bca2533b69a46e2fb9740cc8c79 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Wed, 12 Sep 2018 00:02:42 +0200 Subject: [PATCH 06/11] Update the demo to the recent version --- Dockerfile | 2 +- jenkins.yaml | 10 ++++++++-- plugins.txt | 8 +++++--- 3 files changed, 14 insertions(+), 6 deletions(-) diff --git a/Dockerfile b/Dockerfile index 2889736..0a46f01 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:2.107.3 +FROM jenkins/jenkins:2.121.3 MAINTAINER Oleg Nenashev LABEL Description="This demo shows how to setup Jenkins Config-as-Code with Docker, Pipeline, and Groovy Hook Scripts" Vendor="Oleg Nenashev" Version="0.2" diff --git a/jenkins.yaml b/jenkins.yaml index 5cac8f3..9d99d61 100644 --- a/jenkins.yaml +++ b/jenkins.yaml @@ -29,7 +29,7 @@ jenkins: crumbIssuer: standard: excludeClientIPFromCrumb: true - disableRememberMe: false + disableRememberMe: false scmCheckoutRetryCount: 0 projectNamingStrategy: "standard" markupFormatter: "plainText" @@ -38,7 +38,7 @@ jenkins: viewsTabBar: "standard" authorizationStrategy: - roleStrategy: + roleBased: roles: global: - name: "admin" @@ -93,3 +93,9 @@ jenkins: - "Agent/Build" assignments: - "authenticated" +tool: + git: + installations: + - home: "git" + name: "Default" + diff --git a/plugins.txt b/plugins.txt index 24a81e6..ff1bb24 100644 --- a/plugins.txt +++ b/plugins.txt @@ -1,7 +1,7 @@ -matrix-auth:2.2 +matrix-auth:2.3 cloudbees-folder:6.4 workflow-aggregator:2.5 -workflow-cps:2.53 +workflow-cps:2.54 git:3.9.0 timestamper:1.8.10 yet-another-docker-plugin:0.1.0-rc47 @@ -22,4 +22,6 @@ parallel-test-executor:1.10 email-ext:2.62 jacoco:2.2.1 cobertura:1.12.1 -configuration-as-code:experimental \ No newline at end of file +configuration-as-code:1.0-rc3 +configuration-as-code-support:1.0-rc3 +jdk-tool:1.1 From 6238764ea1f629f6506f32f283198d97d6ca37ea Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Thu, 18 Oct 2018 16:22:18 +0200 Subject: [PATCH 07/11] Untested updates --- jenkins.yaml | 11 ++++++----- plugins.txt | 4 ++-- 2 files changed, 8 insertions(+), 7 deletions(-) diff --git a/jenkins.yaml b/jenkins.yaml index 9d99d61..aa6b6ff 100644 --- a/jenkins.yaml +++ b/jenkins.yaml @@ -4,10 +4,6 @@ jenkins: agentProtocols: - "JNLP4-connect" - "Ping" - securityRealm: - local: - allowsSignup: false - enableCaptcha: false nodeProperties: - jobRestrictionProperty: jobRestriction: @@ -37,6 +33,11 @@ jenkins: myViewsTabBar: "standard" viewsTabBar: "standard" +jenkins: + securityRealm: + local: + allowsSignup: false + enableCaptcha: false authorizationStrategy: roleBased: roles: @@ -63,7 +64,7 @@ jenkins: - "Job/Configure" - "Job/Build" - "Job/Delete" - - "Run/Delete" + - "Build/Delete" assignments: - "authenticated" - name: "@CoOwnerNoSid" diff --git a/plugins.txt b/plugins.txt index ff1bb24..1bea0dc 100644 --- a/plugins.txt +++ b/plugins.txt @@ -22,6 +22,6 @@ parallel-test-executor:1.10 email-ext:2.62 jacoco:2.2.1 cobertura:1.12.1 -configuration-as-code:1.0-rc3 -configuration-as-code-support:1.0-rc3 +configuration-as-code:1.0 +configuration-as-code-support:1.0 jdk-tool:1.1 From e7be3f41da16a182bfb666fb8145de8ca504d35a Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Fri, 19 Oct 2018 02:14:37 +0200 Subject: [PATCH 08/11] Update plugins and add Makefile --- Makefile | 8 ++++++++ jenkins.yaml | 2 +- plugins.txt | 6 +++--- 3 files changed, 12 insertions(+), 4 deletions(-) create mode 100644 Makefile diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..14d8e7d --- /dev/null +++ b/Makefile @@ -0,0 +1,8 @@ +build: + docker build -t onenashev/demo-jenkins-config-as-code . + +run: + docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code + +debug: + docker run --rm --name ci-jenkins-io-dev -e DEBUG=true -p 5005:5005 -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code diff --git a/jenkins.yaml b/jenkins.yaml index aa6b6ff..1e1d996 100644 --- a/jenkins.yaml +++ b/jenkins.yaml @@ -64,7 +64,7 @@ jenkins: - "Job/Configure" - "Job/Build" - "Job/Delete" - - "Build/Delete" + - "Run/Delete" assignments: - "authenticated" - name: "@CoOwnerNoSid" diff --git a/plugins.txt b/plugins.txt index 1bea0dc..c44ff2f 100644 --- a/plugins.txt +++ b/plugins.txt @@ -1,7 +1,7 @@ matrix-auth:2.3 cloudbees-folder:6.4 workflow-aggregator:2.5 -workflow-cps:2.54 +workflow-cps:2.57 git:3.9.0 timestamper:1.8.10 yet-another-docker-plugin:0.1.0-rc47 @@ -22,6 +22,6 @@ parallel-test-executor:1.10 email-ext:2.62 jacoco:2.2.1 cobertura:1.12.1 -configuration-as-code:1.0 -configuration-as-code-support:1.0 +configuration-as-code:1.1 +configuration-as-code-support:1.1 jdk-tool:1.1 From e77e1087efc253b386c0c13fbe4c0537f01d201e Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Fri, 19 Oct 2018 02:43:54 +0200 Subject: [PATCH 09/11] Apply plugin updates --- Dockerfile | 2 +- jenkins.yaml | 1 - plugins.txt | 32 ++++++++++++++++---------------- 3 files changed, 17 insertions(+), 18 deletions(-) diff --git a/Dockerfile b/Dockerfile index 0a46f01..653b98d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins:2.121.3 +FROM jenkins/jenkins:2.138.2 MAINTAINER Oleg Nenashev LABEL Description="This demo shows how to setup Jenkins Config-as-Code with Docker, Pipeline, and Groovy Hook Scripts" Vendor="Oleg Nenashev" Version="0.2" diff --git a/jenkins.yaml b/jenkins.yaml index 1e1d996..484db23 100644 --- a/jenkins.yaml +++ b/jenkins.yaml @@ -33,7 +33,6 @@ jenkins: myViewsTabBar: "standard" viewsTabBar: "standard" -jenkins: securityRealm: local: allowsSignup: false diff --git a/plugins.txt b/plugins.txt index c44ff2f..b734887 100644 --- a/plugins.txt +++ b/plugins.txt @@ -1,27 +1,27 @@ matrix-auth:2.3 -cloudbees-folder:6.4 -workflow-aggregator:2.5 -workflow-cps:2.57 -git:3.9.0 +cloudbees-folder:6.6 +workflow-aggregator:2.6 +workflow-cps:2.59 +git:3.9.1 timestamper:1.8.10 -yet-another-docker-plugin:0.1.0-rc47 +yet-another-docker-plugin:0.1.0-rc48 ownership:0.12.1 -job-restrictions:0.7 -role-strategy:2.8.1 +job-restrictions:0.8 +role-strategy:2.9.0 mailer:1.21 authorize-project:1.3.0 -security-inspector:0.4 -monitoring:1.72.0 -locale:1.2 -blueocean:1.5.0 +security-inspector:0.5 +monitoring:1.74.0 +locale:1.3 +blueocean:1.9.0 filesystem_scm:2.1 -junit:1.24 +junit:1.26.1 checkstyle:3.50 findbugs:4.72 -parallel-test-executor:1.10 -email-ext:2.62 -jacoco:2.2.1 -cobertura:1.12.1 +parallel-test-executor:1.11 +email-ext:2.63 +jacoco:3.0.3 +cobertura:1.13 configuration-as-code:1.1 configuration-as-code-support:1.1 jdk-tool:1.1 From b3c52f8b2e467e7264b5c569eb824481b9c34391 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Mon, 22 Oct 2018 11:33:51 +0200 Subject: [PATCH 10/11] Change the image to JDK11 --- Dockerfile | 2 +- Makefile | 8 +++++--- 2 files changed, 6 insertions(+), 4 deletions(-) diff --git a/Dockerfile b/Dockerfile index 3912ac5..1309044 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM jenkins/jenkins-experimental:blueocean-jdk10 +FROM jenkins/jenkins-experimental:blueocean-jdk11 MAINTAINER Oleg Nenashev LABEL Description="This demo shows how to setup Jenkins Config-as-Code with Docker, Pipeline, and Groovy Hook Scripts" Vendor="Oleg Nenashev" Version="0.2" diff --git a/Makefile b/Makefile index 14d8e7d..a8acdcd 100644 --- a/Makefile +++ b/Makefile @@ -1,8 +1,10 @@ +DOCKER_TAG=latest-jdk11 + build: - docker build -t onenashev/demo-jenkins-config-as-code . + docker build -t onenashev/demo-jenkins-config-as-code:${DOCKER_TAG} . run: - docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code + docker run --rm --name ci-jenkins-io-dev -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code:${DOCKER_TAG} debug: - docker run --rm --name ci-jenkins-io-dev -e DEBUG=true -p 5005:5005 -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code + docker run --rm --name ci-jenkins-io-dev -e DEBUG=true -p 5005:5005 -v maven-repo:/root/.m2 -v ${MY_PIPELINE_LIBRARY_DIR}:/var/jenkins_home/pipeline-library -v ${MY_OTHER_PIPELINE_LIBS_DIRS}:/var/jenkins_home/pipeline-libs -e DEV_HOST=${CURRENT_HOST} -p 8080:8080 -p 50000:50000 onenashev/demo-jenkins-config-as-code:${DOCKER_TAG} From f701446c3315fe1396117cad701515164090e234 Mon Sep 17 00:00:00 2001 From: Oleg Nenashev Date: Wed, 24 Oct 2018 13:30:20 +0200 Subject: [PATCH 11/11] Rollback Pipeline: CPS to make the demo runnable for now --- plugins.txt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/plugins.txt b/plugins.txt index 5bc3d72..68fff55 100644 --- a/plugins.txt +++ b/plugins.txt @@ -1,8 +1,8 @@ matrix-auth:2.3 cloudbees-folder:6.6 workflow-aggregator:2.6 -workflow-cps:2.59 -workflow-support:incrementals;org.jenkins-ci.plugins.workflow;2.19-rc295.e017dc58c0a3 +workflow-cps:2.56 +workflow-support:incrementals;org.jenkins-ci.plugins.workflow;2.21-rc591.43d37d4d080a git:3.9.1 timestamper:1.8.10 yet-another-docker-plugin:0.1.0-rc48