The Team Foundation Server plugin is not available in Jenkins. The Jenkins official page shows the message:
Distribution of this plugin has been suspended due to unresolved security vulnerabilities
Is there any alternative to this plugin using which I can integrate Team Foundation Server with Jenkins?
MS have effectively abandoned support for TFVC and for the plugin.
You can still grab the plugin from the GitHub TFS plugin releases page and upload manually. ({JENKINS_URL}/pluginManager/advanced ). You may have to reconcile any dependencies manually.
MS recommended alternative is the tf command line from a shell step (brutal), which they also silently abandoned support for TFS SDK/CLI.
ps: aside from the vulnerability ( SECURITY-1506 / CVE-2020-2249 ), it does not meet the OSI open source license requirements - INFRA-2751 to be made available via the plugins site.
2021-03-30: It appears the OSI licensing issue has been resolved. This Jenkins Community post suggests a fix to SECURITY-1506 / CVE-2020-2249 is available in a fork but additional security issues ( SECURITY-2283 / CVE-2021-21636, CVE-2021-21637 (permission check), CVE-2021-21638 (CSRF) ) are outstanding, need to be resolved and released, or someone steps up to adopt the plugin.
pss: M$ also announced (23 February, 2021) retirement for Azure plugins for Jenkins, effective February 29, 2024.
Related
This question already has an answer here:
Team Foundation Server plugin is not available in Jenkins
(1 answer)
Closed 2 years ago.
Unable to find TFVC or Azure DevOps and Team Foundation Server plugin for Jenkins.
Jenkins version - 2.263.1
The official distribution of the TFS plugin has been suspended, because of security vulnerabilities. In the Jenkins plugin browser, you will not find it, however, it is available on GitHub under this link https://github.com/jenkinsci/tfs-plugin/blob/master/README.md. Personally, I wouldn't recommend the implementation, but everything depends on the needs.
I have been using Jenkins with the TFS plugin for several years but after installing Jenkins on a new machine, it seems that the TFS plugin cannot be found in the update center. All the other plugins that I could search for seem to work but not TFS, as if it had been deleted from there. I have tried using both jenkins-lts and jenkins weekly on two separate machines (both macs).
This is the plugin I am talking about: https://github.com/jenkinsci/tfs-plugin
The old wiki page for it also seems to have been removed (I get a HTTP 403 Forbidden reply when trying to access that): http://wiki.jenkins-ci.org/display/JENKINS/Team+Foundation+Server+Plugin and the newer plugin index doesn't seem to know about this plugin: https://plugins.jenkins.io/
I have tried to look on the Jira issue tracker but couldn't find anything that seemed relevant.
Could anyone assist?
Okay so after struggling with this for a while, I figured out what had happened.
There was a security issue for the TFS plugin that hasn't been fixed: https://www.jenkins.io/security/advisory/2020-09-01/#SECURITY-1506
On top of that, it was found that the TFS SDK that is bundled with the plugin is not open source, which goes against Jenkins policy (see INFRA-2751 for more details).
This means that the plugin has been removed from the update center in this commit at the end of October 2020.
If the security issue is acceptable, the plugin can still be installed by downloading the .hpi from Github and then manually install the plugin in Jenkins: Manage Jenkins > Manage Plugins > Advanced > Upload Plugin and select the plugin file downloaded previously (Make sure to have git-plugin installed normally first so all additional dependencies are in place).
Thanks to the people on Jenkins Gitter that reminded me of the security issue as well as #ian-w on here that pointed at the actual problem.
Edit: I edited my answer to include Ian's comment.
2021-08-31: See additional details in this S/O response.
I am trying to update the build agent (TFS 2017) from V1.x to V2.x what i tries are:
I followed these steps 'https://learn.microsoft.com/en-us/vsts/pipelines/agents/v2-windows?view=vsts' but the issue is my url is http not https.
1) is there any easy way to update the build agent instead above link because setting https getting connectivity/cert issues.
Do i have only PAT is the only option? any thing else apart from PAT to update the build agent. i even tries 'update all' nothing happens and no errors.
any help would be great-full. Thanks.
No matter you are using http or https, you could both update build agents properly. If directly entire the url in the browser could not reach the right page.
You could also try to navigate to http://yourserver:8080/tfs/DefaultCollection/_projects page and clcick the configuration button, select the Agent Pools in the drop down list.
Back to the original requirement, according to Daniel Steiner there are 2 kinds of agents:
Windows specific agents (version 1.x)
cross platform agents (version 2.x)
In TFS 2017 the Windows specific agents (version 1.x) are deprecated. Thus they won't be updated from the agent queues admin area. So you have to download the agent from tfs (or github) and install it yourself. After initial installation/configuration the agent updates via tfs should work again. It would have been cool if they automated that process or at least said what to do in tfs.
I am looking for some more specific support details.
I have managed to persuade our management to use Artifactory.
We currently use the following, mostly for WinForms development. We have several dozen products we support.
Visual Studio 2015 Enterprise
TFS 2012 on Prem (working to persuade management to upgrade this soon)
NuGet 3.5. with Project.JSon
I am just not sure if Artifactory can support some of the older tools we use. I can't find any details on their website that are version specific. It just says it supports "TFS".
I read mention in some samples of Packages.config, but we got rid of those bad boys some time ago. Project.json is much better. Once we move to VS 2017 the project.json goes away too.
Does Artifactory support TFS 2012? Project.Json files?
Artifactory NuGet support is agnostic of how you manage your project, the only requirement is that your builds use supported clients (like the one integrated into VS). You can deploy and resolve your own packages or have Artifactory proxy a remote location (as long as it supports the NuGet API)
TFS support is provided by the MSBuild Artifactory Plugin which collects info from your build and also enables you to resolve dependencies via Artifactory, and deploy build artifacts.
If you are on TFS2012, it's still using XAML build. Which means you need to use MSBuild Artifactory Plugin.
The MSBuild Artifactory Plugin is installed as a "Project
Template" using Visual Studio as follows:
Under Tools, choose Extensions and Updates..., select the Visual Studio Gallery source under the Online section, and run a search for
"Artifactory".
Select Artifactory Template Package extension found, and click Install.
So, instead of TFS version limitation, it should be more related to VS version.
And according to the Artifactory Template Package in VisualStudio Marketplace, which including VS2015.
My system is an on-premises setup for TFS 2015 and I am trying to get Release Management working with my Jenkins continuous integration system. I have recently added the ""Visual Studio Team Services Continuous Deployment" plugin to Jenkins. After finding out that I need to have Basic Authentication enabled on my TFS server to avoid a 401 - Unauthorized: Access is denied due to invalid credentials. error I am getting to the next error: NullPointerException.
I have looked through the code for the vsts-cd-plugin to see that there is an explicit reference to this API call that I don't believe is in TFS 2015 Update 3...
"/_apis/release/releases?api-version=3.0-preview.2"
Has anyone been successful in using the vsts-cd-plugin with Jenkins and an on-premises TFS 2015 setup? Does anyone have a suggestion on how I can fix this problem to create a TFS Release from Jenkins?
The API version 3.0-preview.2 is for Visual Studio Team Services, it is not included in On-premise TFS. In On-premise TFS, you need to use 2.2-preview.1.
api-version = 3.0-preview.1
Using on-premises: An earlier, and slightly different, version of this
Release Management API is available in Team Foundation Server 2015
Update 2. To use, you must specify an API version of 2.2-preview.1.
New release references a release definition to deploy an application
comprising of one/
You can try to download the source code of the plugin and update the API version and then build it on your local machine and install it in Jenkins.