Validating Jenkinsfiles within a Jenkinsfile - jenkins

The docs state to verify a Jenkinsfile you can do as follows
Linting via HTTP POST using curl
# curl (REST API)
# Assuming "anonymous read access" has been enabled on your Jenkins instance.
# JENKINS_URL=[root URL of Jenkins controller]
# JENKINS_CRUMB is needed if your Jenkins controller has CRSF protection enabled as it should
JENKINS_CRUMB=`curl "$JENKINS_URL/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\":\",//crumb)"`
curl -X POST -H $JENKINS_CRUMB -F "jenkinsfile=<Jenkinsfile" $JENKINS_URL/pipeline-model-converter/validate
At the moment I am just trying to get the crumb. I am trying to do this programmatically in a pipeline, however issuing the curl command throws an error every time. script.sh: Syntax error: "(" unexpected
I have tried escaping the ( character but that is a different error, it works without the xpath extension but it would be cleaner to include this. I have tried to use jenkins Snippet Generator and when I plug in the command it gives response = sh returnStdout: true, script: '''curl -s $JENKINS_URL/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,\\":\\",//crumb) '''. However running this also gives an error.

Related

How do I specify multiple node values in a buildWithParameters call to Jenkins?

I have a webhook service which kicks off a buildWithParameters Jenkins job, and I want to be able to specify which buildservers are being used.
This is easy enough in the job configuration - I've added a Node parameter which lets me specify which nodes are valid, and when starting the job manually in the Jenkins web UI, I can select which nodes I want:
I'm able to kick off the job via curl using the buildWithParameters Jenkins feature:
curl -vvv 'https://webhook:examplepassword#jenkins.example.com/job/build-sideboard-plugin/buildWithParameters?token=exampletoken&GIT_REPO=example/repo&YUM_REPO=example&BUILDSERVER=sideboard.build.dev.xr'
However, I can't figure out how to specify multiple parameters. I expected that I'd simply be able to add a second &BUILDSERVER=xxx value and have that work, but running this:
curl -vvv 'https://webhook:examplepassword#jenkins.example.com/job/build-sideboard-plugin/buildWithParameters?token=exampletoken&GIT_REPO=example/repo&YUM_REPO=example&BUILDSERVER=sideboard.build.dev.xr&BUILDSERVER=sideboard.rocky8.build.dev.xr'
Returns a 500 error. I also tried providing a single value with a comma separating the two values, i.e.
curl -vvv 'https://webhook:examplepassword#jenkins.example.com/job/build-sideboard-plugin/buildWithParameters?token=exampletoken&GIT_REPO=example/repo&YUM_REPO=example&BUILDSERVER=sideboard.build.dev.xr,sideboard.rocky8.build.dev.xr'
but Jenkins interpreted that as a single Node value which didn't match any node since there's no node named sideboard.build.dev.xr,sideboard.rocky8.build.dev.xr. I got the same result when submitting the two values separated by a space.
Is there any way to get Jenkins to do this while still using the buildWithParameter functionality? I'd hate to have to redo the structure of our build triggering or switch to Jenkins Pipeline. Even making 2 different curl commands would be somewhat of a pain given how our webhooks are structured, so I'd love to be able to provide both parameters just like I can in the Jenkins web UI.
I don't think it is possible using the query parameters like you have tried, due to the fact the the plugin actually triggers two different builds.
What you can do is pass the parameters with the submit command as JSON data, which will simulate the trigger of the build with multiple servers selected.
The general syntax will be something like:
curl -u USER:PASSWORD --show-error \
--data 'json={"parameter":[{"name":"PARAMNAME","value":["node1","node2"]}]}' \
http://localhost:8080/job/remote/build?token=TOKEN
or in your case:
curl -u webhook:examplepassword --show-error \
--data 'json={"parameter":[{"name":"BUILDSERVER","value":["sideboard.build.dev.xr","sideboard.rocky8.build.dev.xr"]}]}' \
https://jenkins.example.com/job/build-sideboard-plugin/build?token=exampletoken
You can of course pass all other needed parameters alongside the BUILDSERVERin the JSON data:
curl -u webhook:examplepassword --show-error \
--data 'json={"parameter":[{"name":"BUILDSERVER","value":["sideboard.build.dev.xr","sideboard.rocky8.build.dev.xr"]},{"name":"YUM_REPO","value":"example"},{"name":"GIT_REPO","value":"=example/repo"}]}' \
https://jenkins.example.com/job/build-sideboard-plugin/build?token=exampletoken
In addition it is probably better to use the --data-urlencode instead of the --data flag for the curl commands to avoid encoding issues in case the values of your parameters have special characters.
More info on submitting jobs via Remote Access API is available Here.

Jenkins API request using Curl

I am trying to make a request to the Jenkins API. However, I always get a 401 unauthorized error. I have tried all permutations of requests using Curl - including sending the API token and Crumb. The Jenkins is hosted on a DEV server and not on my local. I have CSRF protection enabled on Jenkins. Could this be a CORS issue or something else?
Thanks
Trigger Jenkins build with parameters using API token
Variables
UserName is the user with permission to execute jobs
UserTokenValue is the token key assigned to UserName.
JobTokenValue is the token key assigned to the job to allow remote execution.
Create User Token - if jenkins instance requires authorization to execute jobs then user token will be required or the error "missing bread crumb trail" may appear.
Login to Jenkins
Click username in top right corner
Click configure
Click add token
Capture the UserTokenValue. Note:Token id will not be needed going forward.
Optional - verify token assigned to user.
Command curl -v -u <user>:<userTokenValue> <jenkins>/user/<user>/api/json
Example curl -v -u john:11bc70579c86512be9a4356127640abfda http://jenkins.dv.local:8080/user/john/api/json
Enable Jenkins Job to "Trigger builds remotely (e.g., from scripts)"
Locate Jenkins job and click Configure
Scroll to the "Build Triggers" section and enable the checkbox "Trigger builds remotely"
Enter a secret "Authentication Token" in the text box. The Token is required to execute this specific job remotely. Use "SuperSecret"
Because the Token is set in this one job configuration, that value will only allow this one job to execute remotely.
Use the same value for all jobs if you like but there is no way to manage the JobTokenValue Globally that I know of.
Execute job with parameters using Curl POST
Your values will vary...
JenkinsUrl : https://jenkins.dv.local:8080
UserName : john
UserTokenValue : 115e46b2109bda095cc070b6347dafe585
JobTokenValue : SuperSecret
Command
curl -X POST <JenkinsUrl>/job/test/build -user <UserName>:<UserTokenValue> --data token=<JobTokenValue> --data parm1Name=parm1Value --data parm2Name="Parm2Value with spaces"
Example
curl -X POST http://jenkins.dv.local:8080/job/MyRemoteJob/buildWithParameters --user john:115e46b2109bda095cc070b6347dafe585 --data token=SuperSecret --data TEST_PLAN_KEY=QTAK-1040 --data BROWSER="Chrome (headless)"
401 probably means your username/pass are incorrect.
This works for me:
curl -v -X GET "http://$JENKINS_URL/crumbIssuer/api/json" --user $USERNAME:$USERPASS
If there is a CORS issue, use https://plugins.jenkins.io/cors-filter/.

How to fail a AppCenter build on script exit code?

I've got a bunch of scripts that get called when the appcenter-pre-build.sh is called. For example, one of them is a simple check to see if the current branch tag already exists on the repository.
#!/usr/bin/env bash
set -e # Exit immediately if a command exits with a non-zero status (failure)
# 1 Fetch tags
git fetch --tags
# See if the tag exists
if git tag --list | egrep -q "^$VERSION_TAG$"
then
echo "Error: Found tag. Exiting."
exit 1
else
git tag $VERSION_TAG
git push origin $VERSION_TAG
fi
If the tag is found, I want to abort the build in AppCenter and fail it. This worked perfectly fine when I was running everything through Xcode Server but for some reason, I cannot figure out how to abort the build upon failure of my script. I'm not seeing much documentation on this particular subject and the AppCenter folk over at Microsoft are taking their sweet time getting back to me.
Anyone have experience with this and/or know how to fail an AppCenter build from their scripts? Thanks in advance for your thoughts!
Okay, figured it out. Looks like sending a curl request to cancel the build using the env variable "$APPCENTER_BUILD_ID" takes care of the issue. Exiting your script with a non-zero is NOT working inside AppCenter.
Here's a sample of what to do. I just put it in a special "cancelAppCenterBuild.sh" script and called it in place of my exits.
API_TOKEN="<YourAppToken>"
OWNER_NAME="<YourOwnerOrOrganizationName>"
APP_NAME="<YourAppName>"
curl -iv "https://appcenter.ms/api/v0.1/apps/$OWNER_NAME/$APP_NAME/builds/$APPCENTER_BUILD_ID" \
-X PATCH \
-d "{\"status\":\"cancelling\"}" \
--header 'Content-Type: application/json' \
--header "X-API-Token: $API_TOKEN"
Pro tip: If you've ever renamed your app, AppCenter servers are having issues referencing the new name. I was getting a 403 with a forbidden message. You might have to change your app name to whatever the original name was or just rebuild the app from scratch within AppCenter.

No Valid crumb is included in that request

I have one jenkins server A where I am trying to create a scripted pipeline but I have to call another job (Job1) on another jenkins server B.
In order to do that I am using REST API with crumb in Header. I retrieve my crumb by running the following command on my browser.
http://myhudson.com/crumbIssuer/api/json?xpath=concat(//crumbRequestField,":",//crumb)"
I tried different commands mentioned below but there is no luck.Please advise some thing. I do have access or permission for triggering build on both of the servers. I am executing below commands from Jenkins server A with details of Server B.
1. curl -v -u Username:<API_TOKEN> -X POST http://UsedrName:<API_TOKEN>#myjenkins.com/job/Test_job/build?token=<API_TOKEN> -H Jenkins-Crumb:<Crumb number>
2. curl -v -X POST http://UsedrName:<API_TOKEN>#myjenkins.com/job/Test_job/build?token=<API_TOKEN> -H Jenkins-Crumb:<Crumb number>
3. curl -v -u Username:<API_TOKEN> -X POST http://UsedrName:<API_TOKEN>#myjenkins.com/job/Test_job/build?token=<API_TOKEN> -H .crumb:<Crumb number>
did jenkins API work for you, https://wiki.jenkins.io/display/JENKINS/Remote+access+API you can trigger remote jobs
You need to use Build With Parameters Plugin for it . you can write a shell script in build option to call the another jenkins job on other server.
shell script snippet :curl -X POST -u userid of other server:API token of other server {jenkins server url of B job /job/jobname}
To get rid of this error i got Jenkins-Crumb by using wget command.
Trigger parameterized build with curl and crumb
I was able to execute remote parameter job.
I faced the same issue and it was because on that port something else is running and jenkins is giving Error as "No Valid crumb is included in that request" thus changed the port in server.xml and things worked.

405 Error when attempting to trigger remote Jenkins job with wget

I've got a remote Jenkins job which does not require any login to start. This is a parameterized job, so it is normally started with "Build With Parameters".
When trying to trigger this build (with default parameters), I call the following:
wget [url_to_job]/build
And I get this error:
Connecting to 10.57.112.238:8080... connected.
HTTP request sent, awaiting response... 405 Method Not Allowed
2016-03-14 11:49:34 ERROR 405: Method Not Allowed.
From what I have read, I would think that this should work.
Am I doing something wrong?
First, the URL for Remote Trigger should be wget [url_to_job]/buildWithParameters not [url_to_job]/build.
You can pass parameters by using wget [url_to_job]/buildWithParameters/?{parameterName}={parameterValue}
Eg : http://localhost:8080/jenkins/job/test/buildWithParameters/?name=arun
You better use curl instead of wget and also provide credentials for the command:
curl -XPOST --silent --show-error --user <user>:<key> <url_to_job>/build
wget --auth-no-challenge --delete-after --verbose "http://10.157.163.249:8080/job/scanning/buildWithParameters?token=scan&buildURL='abcdefg'"
The problem most likely is that you haven't copied the token over into the "Authentication Token" field of the build trigger. Clicking the checkbox isn't enough - Jenkins will silently remove the checkbox unless a token was provided.
Once I did this the following command worked:
wget --auth-no-challenge --user STRING --password STRING --output-document - 'http://localhost:8080/job/PROJECT/build?token=TOKEN'
Of course it is BAD PRACTICE to put passwords into scripts or the command line history. See this post to learn how to store the credentials in ~/.netrc.

Resources