I configured jenkins multibranch pipeline on Jenkins version 2.60.2
I'm looking for a way to keep my passwords in jenkins multibranch pipline configuration, so Jenkinsfile could take them as parameters for execution of its stages. Is there a way to set these properties within the jenkins UI?
I found a similar question here, but I think there is a more preferred way.
Thanks
For using credentials in a Jenkins Pipeline, there are a couple plugins that I would consider essentially part of the Jenkins Core (even though they are plugins):
Credentials Plugin
Credentials Binding Plugin
These can combine to give you a way to administratively manage credentials as well as provide for ways to consume them inside of Jobs. There are additional plugins built on top of these providing credential type implementations. For example, the SSH Credentials Plugin allows you to store SSH credentials in Jenkins.
The Credentials Binding Plugin provides the withCredentials step. The documentation has some examples on how you could use it. Here is an example from the documentation:
node {
withCredentials(
[
usernameColonPassword(
credentialsId: 'mylogin',
variable: 'USERPASS'
)
]
) {
sh '''
set +x
curl -u $USERPASS https://private.server/ > output
'''
}
}
Related
I am using organization "Organizational Folder" in jenkins and able to create multibranch pipeline jobs for all my repos available in my organization folder in bitbucket.
Each of the repos contains Jenkinsfile because of which the job gets created. Now I am stuck at a point, I want to publish sonar report of all the repos but it is trying to publish at sonar default url. One solution I am aware of is to provide sonar url and login credentials in each of the Jenkinsfile. But I don't want to do that as I will have to make changes in more than 50 repos.
I am using shared instance of Jenkins, thus, does not have admin access to configure settings.xml for maven.
Is there any way by which I can pass sonar url and credentials to all the multibranch pipeline jobs via configuration in "Organizational Folder" or at the folder level where I have admin access
You can define sonarQube server in environment section of jenkinsfile and also create token on sonarQube and add it in credentials of jenkins and use it like this
environment {
SONAR_URL = "https://YOUR_SONARQUBE_URL"
SONAR_TOKEN = credentials('ID_OF_YOUR_CREDENTIALS')
}
stage("Run SonarQube Analysis") {
steps {
script {
sh 'mvn clean package sonar:sonar -Dsonar.host.url=$SONAR_URL -Dsonar.login=$SONAR_TOKEN -Dsonar.profile="Sonar way"'
}
}
}
I am trying the access the values set on a job's configuration page from within my pipeline. These values are not made available as params, nor are they injected as envvars.
Setup
Jenkins, v2.263.1
GitLab Branch Source plugin, v1.5.3 (link)
Multibranch pipeline job which is pointed to a Gitlab repo
Remote Jenkinsfile Provider, v1.13 (link)
Problem
Ordinarily, one would have a Jenkinsfile in the root of the repo and therefore the scm would be associated with the repo we want to checkout and build. However, in my case the code I want to build is in a different repo to the Jenkinsfile (hence the Remote Jenkinsfile Provider plugin).
This means that I need to checkout the code I wish to build as an explicit step in the pipeline, and to do that I need to know the repo. This repo is, however, already defined in the job config.
The Branch Source plugin does export things like the branch name or merge request number/branch/target into appropriate envvars, but NOT the actual repo.
As this is a multibranch pipeline, I cannot use something like envInject either (multibranch jobs do not provide the option to 'Prepare an environment for the run' as with other jobs)
Goal
I would like to be able to access the server, owner and project fields set in the job config page. Ultimately I could manage with just the project's ssh/http address even.
Is there some clever way of accessing a job's config from within the pipeline?
Thanks for any suggestions!
Reference images
Within the gitlab branch source plugin (and the documentation) you have a lot more information, than just with the normal branch source plugin. there are environment variables for the project like GITLAB_PROJECT_GIT_SSH_URL/GITLAB_PROJECT_GIT_HTTPS_URL for the git source and many more. So far i did not see one for the server, but that would be parse-able our of the URLs.
Within this information, it should be fairly easy to checkout the repository and build it.
As through the process it came clear, that it is needed to also trigger the pipeline manually, and this is normally also possible with variables (not sure about the Remote File plugin). I assume your Jenkinsfile is a groovy script, which opens up a lot of possibilities. You can define variables and use some logic to determine if the env variable or the parameter is used.
pipeline {
parameters {
string(name: 'projectUrl', defaultValue: "")
}
stages {
stage('Prepare') {
steps {
def projectUrl = env.GITLAB_PROJECT_GIT_SSH_URL ?: params.projectUrl
// DO Checkout with projectUrl
}
}
}
}
The only critical thing you have to take into account, is that the multibranch pipeline, has to run once, for each branch or mr - so they detect the variables. Afterwards you can easily trigger it, manually by providing your values.
This allows you, to utilize webhooks for automatic actions, and also allows you to trigger the build manually when ever you like.
Sidenote: if you use the centralized jenkinsfile, for reducing duplication, you might also want to checkout Shared libraries for jenkins.
For completeness, here is a list of all current environment variables added by the jenkins gitlab branch source plugin version 1.5.3 (and only for Push Events - but they are pretty similar in the other event types too)
GITLAB_OBJECT_KIND
GITLAB_AFTER
GITLAB_BEFORE
GITLAB_REF
GITLAB_CHECKOUT_SHA
GITLAB_USER_ID
GITLAB_USER_NAME
GITLAB_USER_EMAIL
GITLAB_PROJECT_ID
GITLAB_PROJECT_ID_2
GITLAB_PROJECT_NAME
GITLAB_PROJECT_DESCRIPTION
GITLAB_PROJECT_WEB_URL
GITLAB_PROJECT_AVATAR_URL
GITLAB_PROJECT_GIT_SSH_URL
GITLAB_PROJECT_GIT_HTTP_URL
GITLAB_PROJECT_NAMESPACE
GITLAB_PROJECT_VISIBILITY_LEVEL
GITLAB_PROJECT_PATH_NAMESPACE
GITLAB_PROJECT_CI_CONFIG_PATH
GITLAB_PROJECT_DEFAULT_BRANCH
GITLAB_PROJECT_HOMEPAGE
GITLAB_PROJECT_URL
GITLAB_PROJECT_SSH_URL
GITLAB_PROJECT_HTTP_URL
GITLAB_REPO_NAME
GITLAB_REPO_URL
GITLAB_REPO_DESCRIPTION
GITLAB_REPO_HOMEPAGE
GITLAB_REPO_GIT_SSH_URL
GITLAB_REPO_GIT_HTTP_URL
GITLAB_REPO_VISIBILITY_LEVEL
GITLAB_COMMIT_COUNT
GITLAB_COMMIT_ID_#
GITLAB_COMMIT_MESSAGE_#
GITLAB_COMMIT_TIMESTAMP_#
GITLAB_COMMIT_URL_#
GITLAB_COMMIT_AUTHOR_AVATAR_URL_#
GITLAB_COMMIT_AUTHOR_CREATED_AT_#
GITLAB_COMMIT_AUTHOR_EMAIL_#
GITLAB_COMMIT_AUTHOR_ID_#
GITLAB_COMMIT_AUTHOR_NAME_#
GITLAB_COMMIT_AUTHOR_STATE_#
GITLAB_COMMIT_AUTHOR_USERNAME_#
GITLAB_COMMIT_AUTHOR_WEB_URL_#
GITLAB_COMMIT_ADDED_#
GITLAB_COMMIT_MODIFIED_#
GITLAB_COMMIT_REMOVED_#
GITLAB_REQUEST_URL
GITLAB_REQUEST_STRING
GITLAB_REQUEST_TOKEN
GITLAB_REFS_HEAD
It might sound silly but I was trying to store my dockerhub password inside Mange credentials of jenkins as Secret text so that it can be accessed in the pipeline script.
Here is the secret which I have created
Here is a pipeline script where i trying to access the password using the ID
node {
stage("Docker Login"){
sh 'docker login -u rahulwagh17 -p ${DOCKER_HUB_PASSWORD}'
}
}
But it always fails with -
You're looking for the withCredentials method of jenkins' pipeline DSL.
Have a look here:
https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs
Every Job has it's pipeline syntax button available in it's dashboard:
$JENKINs_URL/$YOUR_JOB/pipeline-syntax/.
You can generate an adequate withCredentials blog there.
How can I get access to passwords defined in Jenkins Global Configuration?
Passwords are not injected by default and I was trying code below and was able to access "Global properties" but not luck with passwords.
def envVars = Jenkins.instance.getGlobalNodeProperties()[0].getEnvVars()
println envVars['MY_VARIABLE']
Use the withCredentials step, which comes with the Credentials Binding Plugin.
Are you referring to Jenkins -> Manage Jenkins -> Global properties ?
If yes, below is how we retrieve them in our groovy script:
import jenkins.model.*
instance = Jenkins.getInstance()
globalNodeProperties = instance.getGlobalNodeProperties()
globalNodeProperties.each {
envVars = it.getEnvVars()
if (envVars.get('ARTIFACTORY_USR') != null) {
artifactory_usr = envVars.get('ARTIFACTORY_USR');
}
if (envVars.get('ARTIFACTORY_PSW') != null) {
artifactory_pwd = envVars.get('ARTIFACTORY_PSW');
}
}
ARTIFACTORY_USR and ARTIFACTORY_PSW are pre-defined global properties
In general, I create credentials in Jenkins -> credentials page to access the credential in the pipeline.
How to create Credentials in Jenkins
1. Open Credential page (Jenkins --> Credential)
2. Create a credential with Username and password and define a valid ID (For Example:myCredentialId)
How to access the credential using withCredentials in the pipeline
pipeline {
agent any
stages {
stage("Access the credentials") {
steps {
script {
withCredentials([[
$class:'UsernamePasswordMultiBinding',
credentialsId: 'myCredentialId',
usernameVariable:'username',
passwordVariable:'token'
]]) {
sh '''
curl -u ${username}:${token} -L <replace your git URL> -o master.txt
cat master.txt
'''
}
}
}
}
}
}
The inject global passwords option for non-pipeline jobs comes from the EnvInject plugin, which isn't fully supported for pipeline jobs:
https://plugins.jenkins.io/envinject/
Jenkins Pipeline compatibility
Even though it is possible to set up the EnvInject Job Property and build step in Pipeline, the plugin does not provide full compatibility with Jenkins Pipeline.
Supported use-cases:
Injection of EnvVars defined in the "Properties Content" field of the Job Property
These EnvVars are being injected to the script environment and will be inaccessible via the "env" Pipeline global variable
Please note there is also a known compatibility issue with Durable Task
Plugin 1.13
All other use-cases of the plugin may work incorrectly in Jenkins Pipeline. Please see JENKINS-42614 for more information about unsupported use-cases. There is no short-term plan to fix the compatibility issues though any pull requests to the plugin will be appreciated.
I had the same use case and ended up recreating the global password as a credential.
I am creating a CI/CD pipeline. I am trying to create a groovy function in order to deploy a build to udeploy.
I know I will need to pass the parameters used in to the function such as:
udeployServer,
component,
artifactDirectory,
version,
deployApplication,
environment and
deployProcess.
I was wondering has anyone tried to implement this or has anyone any idea how I should approach this?
Thanks
I don't know anything about udeploy servers but I do know there is no pipeline plugin for udeploy, which means that you will not have a function such as :
udeploy: server=yourserver component=yourcomponent artifactDirectory=...
However Jenkins allow you to use shell commands inside your groovy pipeline, so you should be able to do pretty much everything you need. So I guess the real question is how do you usually deploy a build to udeploy ? Do you do it via a REST API, do you push a file via FTP, ... ?
Jenkins build will be pretty straightforward, have a look at how to checkout and build using Jenkins pipeline.
An example pipeline could look like :
{
stage 'Build'
def mvnHome = tool 'M3'
sh "${mvnHome}/bin/mvn clean install"
//... Some other stages as needed...
stage 'Deploy'
sh "execute sh deploy script here..."
}
... where you deploy stage could use other plugins to copy files to your server, run REST API requests, etc. While writing a pipeline, have a look at Pipeline Syntax link for a Snippet Generator giving more detailed information about existing plugins.