I'm trying to add an approval job and I want only users from "team-leaders" groups at GitHub can click the approve.
what I've done so far:
I created a GitHub team - "team-leaders" and added only me to the group.
add this step to the workflow:
approval:
jobs:
- approval:
type: approval
when I'm uploading a new commit it does create an approval job that holds, but every user can accept this job and not only the users from the team leaders.
can I make that only the team leaders can approve my job?
Thanks.
You can't restrict the approval action; as you found out, any user who has write access to the repo/project can perform this action.
What you can do though, is apply a restricted context to all the
downstream jobs. You can find an example in the CircleCI documentation > https://circleci.com/docs/contexts/#approve-jobs-that-use-restricted-contexts.
Related
I have a job that updates the databases for TEST servers and this job should be run by support after an approval from Account Manager
The job is parameterized and I need a way to pause build until the approver approves running the build
EX. When the support click on Build , an Email should be sent to the approver and whenever the approver responds to the link the job will start running.
I think you are asking a bit much here. Jenkins is a build tool rather than a change management tracker.
You can setup a manual approvals step e.g.
steps {
timeout(time: 1, unit: 'HOURS') {
input(message: "restart thes instance?", submitter: 'admin-team')
}
}
Where admin-team is an AD group referenced in an authorization strategy.
You also wouldnt get an email (you could set this up with more code), and the approver would have to login to Jenkins to check the button.
To do something like you are asking you would probably want to have Jira or something handle you approvals (e.g. move a ticket to approved), and that fires a webhook to start the Jenkins job.
I have a scenario where on commit to repository branch let say UAT triggers a jenkins job or send email to multiple users. So when all of them click button in email or link Then is It should trigger the jenkins job build.
Can it be done if So then how. I tried to search but could not find a solution.
You could use a Promoted Builds Plugin
Your job could includes an email notification to the person/group responsible for approval. The email contains a link for promotion and an optional comment for approval notes:
Once approved, the next job will run.
I suggest you, using it with a pipeline strategy.
Sources :
https://blogs.perficient.com/2017/06/14/jenkins-delivery-pipeline-and-build-promotion-2/
https://www.cloudbees.com/blog/another-look-jenkins-promoted-builds-plugin
https://www.cloudbees.com/blog/continuous-integration-mobile-apps-jenkins-promoted-builds-qa-process-and-beta-distribution
Using a Github Organizations folder, is there a way to prevent a pipeline from running if a commit is submitted by a specific user?
As a first step of your pipeline, you could use git to get the name of the author of HEAD.
Fail or skip the rest of the pipeline, if it is your special user.
We have provided access to users to abort the running jobs. But, before aborting a job it should prompt and record some additional information from user. To track why they are aborting a build.
Do we have any plugins to do this ?
Thanks,
Ras Dama.
I was searching for the same option but found currently it is not available.
Require user to enter reason for manual build abortion
Above link is the feature request submitted already to Jenkins but it is still in Open state.
So suggestion is, if you go the page for a particular build, you can click "Edit build information" and add comments for the build. This is what i do.
I have been looking for a while now for a way to trigger a Jenkins job from the status or a ticket/story in Jira changing status. To give a more detailed example when my team moves a ticket to the 'ready for test' column we would like to be able to trigger a sanity test pack in Jenkins, the ideal situation would then be that we are able to post the results (generated as a html) as a comment on the ticket within Jira. Failing that we would like to be able to publish the results as simply pass/fail.
I have recently been looking at the Jenkins Jira plugin but this does not seem to have the functionality to work both ways, in other words it can post results after a job has run but you cannot trigger the job from a change of status in Jira. Is there any such plugin available or is it something that we will need to create ourselves?
Cheers in advance
So, basicly there are webhooks in jira (https://developer.atlassian.com/jiradev/jira-architecture/webhooks). With it you can configure it to trigger specific url on issue status change. The specific url should be jenkins API, for example for triggering a build you should call an external url like (if you are building with parameters): http://server/job/myjob/buildWithParameters?token=TOKEN&PARAMETER=Value
Some more info https://wiki.jenkins-ci.org/display/JENKINS/Remote+access+API
I have written a Jenkins plugin that supports JIRA status change trigger: jira-trigger-plugin.
This plugin also injects an environment variable of JIRA_ISSUE_KEY, so you can utilise this information to publish your result back to JIRA e.g. using REST API.
Please follow as mentioned below:
GIT:
You can set the web hooks for git/ bitbucket /stash on commit which inturn should change the state of task in JIRA.
JIRA:
Once you in JIRA. define the workflow for your task.
In this particular workflow you can set a post-function where the web hook should be configured. In this configuration of webhook in events define JQL as below:
status CHANGED FROM "To Do" TO "ready to test".
In the same mention the job that needs to be fired in the URL section.
You can look through webhooks in Jira :
https://support.atlassian.com/jira-cloud-administration/docs/manage-webhooks/
You also need to add the Generic Webhook Trigger plugin to your Jenkins :
https://plugins.jenkins.io/generic-webhook-trigger/
You can find here an example on how to use the Generic Webhook Trigger plugin with Bitbucket Github and Gitlab. https://github.com/jenkinsci/generic-webhook-trigger-plugin/tree/master/src/test/resources/org/jenkinsci/plugins/gwt/bdd
It involved multiple steps
If you are using Git/Stash/BitBucket (which i implemented),
You can simply
configure the commit hooks in your Stash/Bitbucket
Attach events to your JIRA workflow
Jenkins JOB - post build events - configure Notify
Stash plugin Set the Poll SCM
That's it