Jenkins pipeline manual step permission - jenkins

In our existing CD pipeline there is a manual step to push from test to production. Furthermore only certain persons can authorise this. We control this through Jenkins freestyle jobs in views with certain users having permissions to different views.
Now we are thinking about using Jenkins pipelines. There is an input step for a user to manually approve the go ahead to the next stage.
Is there a way to control who can perform the manual input? Alternatively, is there an API for progressing the pipeline, in which case we could build the tooling to let relevant users have permission.
Research
This SO post suggests it's not possible to do the API call.
This Jenkins issue tells me there is no ability to resume a pipeline that is stopped because of a failure
So far it's looking like a resounding "NO" to authorisation of manual step and progressing via API. Any other ideas appreciated.

From the documentation that you linked to, there's a submitter parameter where you can specify the allowed users/external groups allowed to respond to the input, which sounds like it should be what you're looking for.
submitter (optional)
User IDs and/or external group names of person or people permitted to respond to the input, separated by ','. If you configure "alice, bob", will match with "alice" but not with "bob". You need to remove all the white spaces.

Related

Show help about comment triggered jenkins jobs in gerrit

I have a gerrit - jenkins setup. Several jenkins jobs are started by a trigger based on a comment inserted to gerrit. The number of comment based triggers increases continuously. The project has a separate document with information what keyword in a comment executes what action.
It would be nice to provide a list of keywords directly in gerrit so developers do not need open documentation when searching for a specific keyword. Is there a way how to customize gerrit to show some hints when a user edits a comment?
Please follow the Checks plugin - currently is active development. It is/will be a complete redesign of how CI will do checks and how users interact with the CI checks being run. I don't think there's Jenkins integration for this already other than (custom) Groovy scripting polling the REST API at the time of writing.
The UI will allow users to trigger, re-run checks without the need for adding some magic comment! :-)
It's currently deployed on the Gerrit of Gerrit for purely optional checks:
So far (Gerrit 3.0.0) there isn't a way to do that.

Is there any way to ask user questions in Jenkins job parameter?

I want to ask user some questions before he/she builds. Questions will be like
Are you sure you have included all the files? (Answers: Yes, No )
Have you created a ticket in JIRA related to this fix? (Answer: Yes, No )
Is there any way I can do it? is there any plugin available for this?
A freestyle job can be configured to build with parameters. See:
https://wiki.jenkins.io/display/JENKINS/Parameterized+Build
You can configure the parameter type (string, boolean, drop down etc), give a description of the parameter and a default value. The job parameters can even include more complex things like validation rules:
https://wiki.jenkins.io/display/JENKINS/Validating+String+Parameter+Plugin
Or groovy scripts:
https://wiki.jenkins.io/display/JENKINS/Dynamic+Parameter+Plug-in
Or values shown in one parameter list change depending on the value of another:
https://wiki.jenkins.io/display/JENKINS/Active+Choices+Plugin
Your user then has to start the job by building with parameters - in effect being shown the parameter and descriptions (a bit like being asked the question).
Further validation can be done before initiating build steps using the 'Prepare an environment for the run' from the:
https://wiki.jenkins.io/display/JENKINS/EnvInject+Plugin
Build steps can be made optional based on user responses using:
https://wiki.jenkins.io/display/JENKINS/Conditional+BuildStep+Plugin
or
https://wiki.jenkins.io/display/JENKINS/Groovy+plugin
I've used all of the above to refine the choices the user has and what gets done with/because of those choices. I'm using Jenkins 2.116 in process of planning for upgrade to pipeline.
you can use input in your pipeline builds, with the questions you interested to provide to user. You can read more of usage in official doc of Jenkins here - https://jenkins.io/doc/pipeline/steps/pipeline-input-step/

Avoid Jenkins add as users Committers

Currently, Jenkins add as a user any known user of Jenkins plus any user mentioned in a commit message.
This effectively means that if you are managing several projects in Jenkins instance and each project with tenths of developers then it is really hard to maintain.
Another side effect is that JENKINS_HOME/users are populated with one xml for each of these users, so Jenkins becomes somehow unmanageable. Not the end of the world, that's true, but at the same time you start seeing users from outside of team/organization.
So, is there any way to disable this behaviour?
Thak you so much.

Is there a way to configure a view of builds that I started in Jenkins?

We have 'try' build jobs that developers can initiate with parameterized variables to point to a particular branch for pulling the code and trial running the build in jenkins. Is there a way I can customize a custom personal view showing only the builds that I have started?
The custom way
I think there's a way to customize a personal view by coding / modifying your Jenkins installation, jan-molak worked on that feature here.
You can check the commits and maybe implement something by your own, especially this and this.
The plugin
Take a look on View Job Filter If you configure it, there are options which seems to acomplish what you want:
Logged-in User Relevance Filter: This adds/removes jobs based on their
relevance to the logged in user. For example: matching jobs that were
started by the user, or where the user committed changes to the source
code of the job; matching jobs with a name that contains the user’s
name or login id.

How to wait for user prompt when calling a job

here is my problem : I use jenkins v1.613, my job A is parameterized ( choice) of countries and I have a job B parameterized (List subversion tags) where the repository URL is like http://my-svn.com/xxx/{$country}/tags.
I create a multijob for "chaining" job A and B but after calling the job A, I'm waiting from jenkins to open me a new window with prompt on job B in order to select a tags from http://my-svn.com/xxx/spain/tags....no way
please help, any clues ??
Thanks
This is indeed possible if you use the Workflow Plugin.
It's probably much more effort to set up than the answer from Slav, but workflow makes a lot of complicated setups possible.
In a workflow, you can define an input step, which will pause and wait for user input.
This can prompt with a given message and a list of parameters, which function in the same way as a regular parameterised build. See this question for an example, or check out the documentation and workflow snippet generator.
Not going to happen, the way you described it. Jenkins is meant to be run automatically. It can take any number of parameters upfront before triggering the job, but it won't stop and prompt/wait for user once it is running.
You need to select the country and tags on the first screen (Job A) and then pass the tags value to the downstream job.
Consider Dynamic Extended Choice Parameter plugin to achieve this in the same page. They have detailed instructions on the wiki.

Resources