I understood that reason for having asteriks in jenkins console output is because of using credentials method(Eg. for maven command).
This credentials method will mask only credentials used with asteriks in jenkins console.
But in my case it is masking the space between two words also with 4 asteriks.
Expecting normal spaces between two words instead of having asteriks while using credentials method in jenkinsfile
Related
I’ve seen many articles for sending Jenkins parameters to Gradle, which are passed as System variables, but have not come across doing the opposite. In my build.gradle file I have specified 2 parameters for a file name and version number. In order to pass this file name to the next job in the pipeline, I’d like to send the parameters to the next Jenkins job so it can make use of the file.
Is sending gradle params back to Jenkins possible using built in functionality??
I have a Jenkins pipeline defined that includes an input step. A human can provide the input by clicking in the Jenkins UI and there is an HTTP endpoint to provide input as well.
Is it possible to provide the input via Groovy API calls? For instance, could a parallel step in the same pipeline provide the input values? Or, could a completely different build provide input values via Groovy code?
The reason I'd like to use Groovy is to keep the input providing entirely in the Jenkins system and avoid having to provide authentication credentials for the HTTP endpoint.
We had a similar problem (one pipeline should be able to trigger input steps in other pipelines).
This worked in the Jenkins script console and should work in a pipeline:
import org.jenkinsci.plugins.workflow.support.steps.input.*
def build = Jenkins.instance.getItemByFullName("TestInputPipeline").getLastBuild()
def action = build.getAction(InputAction.class)
action.getExecutions().get(0).proceed([])
TestInputPipeline is the name of a test pipeline with a single input.
If your input has parameters, you will probably be able to provide them with the map in the proceed call.
This Input Step Plugin test code helped us: https://github.com/jenkinsci/pipeline-input-step-plugin/blob/master/src/test/java/org/jenkinsci/plugins/workflow/support/steps/input/InputStepRestartTest.java
JavaDoc can be found here: https://javadoc.jenkins.io/plugin/pipeline-input-step/index.html
Is there a way where to store some metadata from Jenkins pipeline job, e.g:
We have a Jenkinsfile which builds a gradle project, creates docker image and pushes it to google cloud
Then a "Subjob" is launched which runs integration tests (IT) on that docker image. Subjob receives a couple of parameters (one of them - the generated docker image name)
Now sometimes that IT job fails, and I would like to re-run it from the main job view, so idealy:
we have a plugin which renders a custom button in blue ocean UI on the main job
By clicking that button a subjob is invoked again with the same parameters (plugin queries the jenkins api, get params of this job, and resubmits the subjob).
The problem ? How to get/set those parameters. I could not seem to find a mechanism for that, expect artifact storage. I could get away with that by creating a simple json/text file and uploading it as artifact, and then retrieving it in my plugin, but maybe there is a better way?
Stage restart is not coming to Scripted Pipelines so that does not look like ant option.
Maybe you can use the Jenkins API to get the details of the build?
https://your_jenkins_url.com/job/job_name/lastBuild/api/json?pretty=true
Instead of lastBuild you can also use the build number or one of lastStableBuild, lastSuccessfulBuild, lastFailedBuild, lastUnstableBuild, lastUnsuccessfulBuild, lastCompletedBuild
There is a parameters key there with all parameter names and values used in the build.
More details on https://your_jenkins_url.com/job/job_name/api/
Also, any reason you can't use the replay button in the IT job?
When using Password parameter to accept user credentials,
Jenkins Build History -> Parameters is showing Password in plain text.
How to mask it?
You can use the regular password parameter type, for example using parameters defined in the jenkinsfile: https://jenkins.io/doc/book/pipeline/syntax/#parameters
The problem with that one is that, even if it masks the password when you access the "Parameters" section of a build and when you write it on "Build with parameters", if at any point that value is printed in the logs, it is shown.
To avoid that you have the Mask Passwords Plugin as said previously by
Javier C.. The problem with that one is that the plugin at the moment of writing this answer is up for adoption and has security vulnerabilities.
You can use Mask Passwords Plugin.
With this plugin, passwords don't appear as plain text in the job configuration or in the console.
My aim:
To use a password in jenkins which is masked after input and runtime.
I only need it for my job.
I can use it in my java code to login to a website.
Areas I have looked at:
The credentials plugin - this looks like the right area (but I'll need to get the sysadmins to add me as its locked down).
Also I can't find out how you can access the output?
Have a look into the EnvInject plugin, there you can define password parameters that are masked in console output and job configuration, they can be used like normal parameters.
The screenshot shows the configuration in the job to use a local password.
The shell script build step I used is
echo "myPassword = $myPassword"
The resulting console output is:
+ echo 'myPassword = [*******]'
myPassword = [*******]
To pass it to Java you can use it like any other parameter from the job configuration. The value itself is encrypted, so checking the job configuration as XML will not reveal the password either.
You can use the jenkins credentials binding plugin.
After installing the Credentials Bindings plugin, the Build Environment section of your build job Configuration page will include a new option:
Use secret text(s) or file(s)
Enabling this option allows you add credential bindings where the Variable value will be used as the name of the environment variable that your build can use to access the value of the credential.
See the full description of all steps here:
https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs