In this update https://www.jenkins.io/blog/2018/03/15/jep-200-lts/ there was some Security hardening added that has caused problems for my Multibranch pipelines. I would like to turn off the restrictive whitelists that this update added.
I have no security needs in my current Jenkins environment and the environment will be deleted when i am done testing all my configurations.
If it is possible i would like to at least remove whitelisting security in my Jenkins environment, However if it is possible to disable all hardening at once i would be fine with that solution too.
My specific issue is that i get the error "java.lang.UnsupportedOperationException: Refusing to marshal com.google.gerrit.extensions.common.LabelInfo for security reasons; see https://www.jenkins.io/redirect/class-filter/" when i try to run docker agents in my MultiBranch Pipeline script. I have verified that there is nothing wrong with my JenkinsFile as it worked perfectly fine when i ran it from a regular Pipeline.
The goal of my MultiBranch pipeline is to add a Gerrit repo to a docker, compile it in the docker, And then automaticaly verify the Gerrit commit if the pipeline finished without errors. As it stands, This doesnt work due to the error i described earlier.
Related
I work for a small startup. We have 3 environments (Production, Development, and Staging) and GitHub is used as VCS.
All env runs on EC2 with docker.
Can someone suggest me a simple CICD solution that can trigger builds automatically after certain branches are merged / manual trigger option?
Like, if anything in merged into dev-merge, build and deploy to development, and the same for staging and pushing the image to ECR and rolling out docker update.
We tried Jenkins but we felt it was over-complicated for our small-scale infra.
GitHub actions are also evaluated (self-hosted runners), but it needs YAMLs to be there in repos.
We are looking for something that can give us option to modify the pipeline or overall flow without code-hosted CICD config. (Like the way Jenkins gives option to either use Jenkins file or configure the job manually via GUI)
Any opinions about Team City?
We are allowing customers to manage infrastructure using Jenkins by specifying configuration in GitHub; when the configuration is merged to master a deployment pipeline runs to reconcile the configuration.
If there is an issue with the pipeline we want to raise this by creating an issue in GitHub describing what went wrong and allowing customers to comment /apply to rerun the pipeline. We are currently able to trigger the pipeline with PR comments (after ticking the Issue comments box in our webhook configuration) but issue comments are not being picked up.
Is it possible to trigger a pipeline on issue comments in Jenkins?
Jenkins version: 2.219
I've upgraded Jenkins version (now on 2.127) and plugins and now the UI of job configuration is different and I am missing the build triggers section, especially the Trigger Builds Remotely via authentication token. Where is it? Do I need to enable it explicitly? The changelog unfortunately does not mention anything about that and I even can't schedule builds periodically.
Finally found out: It seems that since the update, the Multibranch Pipeline does no longer have this section. So either choose Pipeline or set it in the Jenkinsfile via: https://github.com/jenkins-infra/jenkins.io/blob/c0828af5b8bd428815e23537c808cd0267017013/Jenkinsfile#L6
The webhook works without a token with the Generic Webhook Plugin.
Currently, I am working in a quality process so as to ensure that the code is acceptable. For that, I'm integrating Jenkins, SonarQube and GitLab, which are running in different servers (actually they are in different docker containers).
The idea is to check with SonarQube everytime the code is pushed against GitLab and block commits, merges, and so on, whether SonarQube has not passed.
I have already integrated Jenkins with SonarQube, but Jenkins checks the code inside his workspace, so imagine a situation where a developer in his laptop needs to push his changes.
My conceptual question is simple: Is it possible to integrate these technologies in order to do this? And, if the question is yes, which steps are necessary?
PD: I don't need to see code, configuration files,and so on. I just need something like:
Configure SonarQube to work with Jenkins
Do an script so as to copy that file in that folder,
...
First, in docker means each tool is in its own container.
They only need to see each other through the network, which is where a Docker Engine in Swarm mode comes in.
Second "configure Jenkins to work with SonarQube"... that is what I have done in my shop, and there isn't much to it.
Once the Jenkins SonarQube plugin is installed, and the address for the SonarQube server entered, you can configure your job and call sonar (for instance with maven: $SONAR_MAVEN_GOAL -Dsonar.host.url=$SONAR_HOST_URL)
The analysis done in the Jenkins workspace will then be published in the SonarQube server.
A swarm server is the more modern version of this 2015 docker-compose.yml file from the marcelbirkner/docker-ci-tool-stack project.
The idea remains the same though: each element is isolated in its own container.
I haven't tried It myself but https://gitlab.talanlabs.com/gabriel-allaigre/sonar-gitlab-plugin could be interesting in your setup.
What do you put into the system hook URL? I see a lot of examples but they look like JSON scripts to me.
I'm trying to configure gitlab to hook jenkins to create projects when projects are generated in gitlab. I'd also like builds to be run when a merge (pull) request is generated for a repo.
I've followed the steps outlined here for the gitlab hook plugin:
http://doc.gitlab.com/ee/integration/jenkins.html
But it's still not generating builds on push requests. Perhaps i don't have something setup right?
I have also tried and failed to configure Gitlab to integrate with Jenkins by following the instructions at http://doc.gitlab.com/ee/integration/jenkins.html#jenkins-service
For me the reason was that I didn't have Gitlab EE installed. The page specifically states: "The Jenkins project service code is only available in GitLab EE"
I discovered by chance my answer. In gitlab under the project settings you can add the following hook to trigger a build on a pull request or commit.
http://gitlab.example.com/job/example_project/build?token=UserToken.
I believe I saw it in Jenkins.
Now i've installed the gitlab plugin and i've tried the build_commit? hook and some other hooks but i was running into other errors such as asking for repo location when i've provided it. This does the trick though and i'm happy enough for now.