I'm setting up a new Jenkins master server and configuring it using the Jenkins Configuration as code (JCASC) plugin.
https://github.com/jenkinsci/configuration-as-code-plugin/blob/master/README.md
I've configured most plugins with JCASC, based on documentation and examples inside the project, but I can't find the syntax for configuring plugin 'Fortify Jenkins Plugin' version 18.10.
I need to set these properties:
URL of the remote Fortify server, authentication token (generated on the fortify server) and which template to use.
Can anyone assist with an example or syntax for the yml file used by the JCASC plugin for Fortify plugin?
I don't know if fortify-plugin is compatible with JCasC, it might be or it might need some modifications. That said, if it is compatible, then the configuration export should work for it.
So, spin up a Jenkins instance, install the plugin, configure whatever you want in the Jenkins UI and then go to the CasC page and use the configuration export. That should give you a JCasC file containing your setup.
Alternatively, you can try the JCasC Schema experimental feature. It's a JSON schema generated by Jenkins that you can use in your YAML editor for autocompletion. More information here.
we have just released an update of the Fortify plugin with support for JCasC. Keep in mind, versions of the plugin prior to v21.1.36 were unable to support it, we had to make changes to make it happen.
You can find official documentation on how to use our configuration elements here. There's one correction to the documentation, though. Our top level configuration element is called fortifyPlugin instead of fortify mentioned in the documentation. It is going to be corrected in the next documentation update.
Here's a sample configuration for your quick reference:
unclassified:
fortifyPlugin:
url: "https://qa-plg-ssc3.prgqa.hpecorp.net:8443/ssc"
token: "3ab8c774-0850-483b-8be6-2907722a81d8"
proxyConfig:
proxyUrl: "web-proxy.us.softwaregrp.net:8080"
projectTemplate: "Prioritized High Risk Issue Template"
connectTimeout: "10"
readTimeout: "20"
writeTimeout: "10"
breakdownPageSize: "50"
ctrlToken: "5176d380-26ac-430f-95d7-0a2272cf3297"
Related
pmd plugin is not available in jenkins
Neither it is available on jenkins plugins page
Searching the Jenkins plugin site reveals nothing as observed.
But if you look in GitHub, it shows the following:
This plugin reached end-of-life.
All functionality has been integrated into the Warnings Next
Generation Plugin
and the Static Analysis Model and Parsers
Library.
If you look on the Jenkins plugins site, it shows "forbidden". That suggests it's been pulled and its use discouraged.
Instead, install the Warnings Next Generation Plugin (needs some latest dependencies).
In your job, add a build-step "Records compiler warnings and static analysis results".
Choose "Static Analysis Tool | Tool" [ PMD ]. The default intake is "'**/pmd.xml'".
The plugin's main page gives an overview and notes support for more than hundred report formats. There is additional documentation describing all the extra features.
ps: Perhaps Jenkins needs a better mechanism (WEBSITE-764:Deprecated plugin handling - UX) to handle removed plugins?
I want to update Jenkins plugin via Artifactory.
Create a remote repo named Jenkins-update
Create a local repo named jenkins-update-center
Get the update-center.json from repo Jenkins-update to local and modify the URL from 'http://updates.jenkins-ci.org/' to my own URL 'https://artifacts.xxx.com/artifactory/Jenkins-update/' in update-center.json, then put update-center.json into local repo.
#!/bin/sh
curl -L -o /tmp/update-center.json http://localhost:8081/artifactory/Jenkins-update-cache/update-center.json
sed -i 's#http://updates.jenkins-ci.org/#https://artifacts.xxx.com/artifactory/Jenkins-update/#g' /tmp/update-center.json
curl -L -uuser:pass -T /tmp/update-center.json "http://localhost:8081/artifactory/jenkins-update-center/update-center.json"
Change the default update site from 'http://updates.jenkins-ci.org/' to 'https://artifacts.xxx.com/artifactory/jenkins-update-center/update-center.json' in Jenkins
There is an error 'SHA-512 digest mismatch: expected=49a22dc23f739a76623d10128b6803f79e0489de3ded0f1d01f3dfba4557136c7f318baaf4749a7713ec4b3f56633f2ac3afc4703e87d423ede029d68f84c74d in 'update site 'default''' when I click 'check now' button.
What should I do to make Jenkins update plugins from Artifactory?
Tkx
As soon as the content of update-center.json changed you need to re-generate "signature" section of this file.
For that you need to generate your key pair (see more details in How to create a local mirror of public Jenkins update site?)
Also you may use the following proposed approach :
there is probably a better way, by having a sandbox Jenkins on a system that has access to the internet. You update the server using the UI and then you can test that updated Jenkins thoroughly. When done, you just need to copy the war and hpi files over to your 'production' Jenkins. now you have even a nice process and QA in place.
Another way is to setup a transparent https proxy between your Jenkins and Artifactory server - in that case update-center.json will not change and signature verification should work fine.
With best regards,
Dmytro Gorbunov
As of 2023-01-10 there is a problem with making a mirror of the jenkins plugins on artifactory.
Artifactory documentation decribes only how to create a mirror: https://jfrog.com/knowledge-base/how-to-configure-artifactory-as-a-mirror-for-jenkins-plugins/
But this is not a complete solution. Because this leads to the situation when every plugin shall be manually updated. Having plugins with bunch of dependencies it is huge effort.
There is a need to generate a file: update-center.json
There is an internal jenkins tool to do this: https://github.com/jenkins-infra/update-center2, but documentation is poor and contains vague statements like:
With a few modifications it could easily be used to generate your corporate update center as well.
Without clear description, what shall be done.
I tried to follow steps and completely failed. Tool require some special environment variables, which are also not documented and so on.
So as of my experience mirroring jenkins plugins on artifactory is practically not possible. And honestly spoken, I would like to be wrong here.
I'm trying to figure it out on how to work with a specific version of a Shared Library.
Jenkins documentation about this isn't quite clear so I've being making some experimenting but with no success.
They basically say:
But how should I configure somelib on 'Global Pipeline Libraries' section under Manage Jenkins > System Config menu so I can use any of the available stable versions?!
The thing is:
Imagine that I've my somelib Project under version control and, currently, I've released 2 stable versions of it: v0.1 and v0.2 (so I have 2 tags named v0.1 and v0.2).
And in some Pipeline I want to use somelib's version v0.1 and on another Pipeline I need to use v0.2 version.
How can I do this using the #Library annotation provided by Jenkins?
In the Global Pipeline Libraries under Jenkins > System Config you only set the default library version to use if not specified otherwise inside the Jenkinsfile. This might look like this (ignore the Failed to connect to repo error here):
Inside the Jenkinsfile you can explicitly specify which version you want to use if you do not want the default:
#Library('somelib#<tag/branch/commitRef>')
That way you can freely choose at any time which pipeline version to use for you project.
Following #fishi response I just want to leave an important note.
During library configuration on Global Pipeline Libraries you must select Modern SCM option so things can work seamlessly.
If you select Legacy Mode instead you'll not be able to use the library as desired.
If for some reason Modern SCM does not appear in the Retrieval Mode option it means that you need to upgrade Global Pipeline Libraries plugin or even Jenkins
Basically "Version" is the branch name for the repo which stores the shared library codes. If you don't have any branch other than main or master, make sure to fill it in Default Version in your Global Pipeline Library configuration
We use Jenkins and Urban Code Deploy to do our builds and deployments respectively. Post the deployment we manually go ahead and validate the JVM logs. Most of the Applications we deploy are JBOSS and WAS8.5. I wanted some suggestion on automating this post deployment validation task. Is there any tool, plugin that can be integrated with Urban Code Deploy to perform this log parsing against certain keywords.
I have "Log parser" plugin which is an open source plugin in Jenkins. Are there any better ideas?
In UrbanCode Deploy you can use the step called "Monitor File Contents" to check if a regular expression is contained in a file.
Another way would be to output the log file content in a shell step, like cat logfile, and then use a post-processing script to check if an expression is in the file. In this case, you can use JavaScript syntax. See
I installed the TSLint plugin for sonarqube in my Jenkins server https://github.com/Pablissimo/SonarTsPlugin. But its not described the git page as to how to set the configuration properties and values. How to specify the source directory, how to ignore test directory are two main concerns. Can some one provide an example configuration property set with basic configurations that I can use in my Jenkins?
You can use a sonar-project.properties file for configuration. There are some example projects provided by SonarSource that might be helpful.
Here's a quick example of how you could set the source directory, test directory, and files to ignore:
sonar.sources=client-app/src
sonar.tests=client-app/test
sonar.exclusions=client-app/node_modules, client-app/lib
UPDATE:
The sample projects have moved here. There isn't a JavaScript example anymore, but the syntax would be the same for any language.
The documentation for parameters that can be set is currently located here:
https://docs.sonarqube.org/display/SONAR/Analysis+Parameters