I have a strange use case here I know, but basically I have a CI / CD solution that starts be a developer creating a zip file of a set of resources. This zip is then sucked in to SVN via the tools internal programs.
Currently the solution works, using the FSTRigger to poll for an updated zip. When it see it, then the process kicks off and we're happy.
going forward I'd like the builds to be triggered by a Jira job reaching a certain status and have been looking at the Jira trigger plugin. It looks like it will help satisfy me with regards the triggering of the build and passing data from Jira to Jenkins to use for delivery notes etc. However it would still depend on the zip file being in a certain location to be picked up.
I'm wondering if it's possible to attach the zip to the Jira task and then as part of the task status hitting 'build' kick off the Jenkins job and copy the zip so it can be picked up by by the Jenkins build task.
for reasons to complex to mention, checking the zip into svn first won't really work.
When your Jenkins build is triggered via jira-trigger-plugin, you would be able to access JIRA_ISSUE_KEY environment variable that contains the JIRA issue which status has changed.
With the JIRA issue key, you can hit Get Issue JIRA REST API to retrieve the issue details. The issue details would contain the attachment information, which would then be able to be used for downloading the zip in Jenkins.
Related
I was recently put in charge of all Jenkins-related work at my job, and was tasked with storing build artifacts from our declarative pipelines in a place where:
- They are accessible to everyone on the team
- They can be stored for long periods of time
Ideally they would be visible on the Jenkins interface, where they appear when using the default 'archiveArtifacts' command. I know this saves them in the JENKINS_HOME directory. The problem is that I have to discard old builds to avoid running out of space and the artifacts are deleted with them. Furthermore, I don't have access to the server that Jenkins runs on because it's managed by a separate team, so I can't go into JENKINS_HOME.
I looked into a few ARMs like Nexus and Artifactory, but from my understanding those are only supposed to be used for full releases. I'm looking to save artifacts after every new merge, which can happen multiple times a day.
I'm currently saving them on a functional user's home directory, but I'm the only one with direct access to it so that's no good. I also looked into plugins like ArtifactDeployer, which doesn't support pipelines and only does as much as a 'cp' command as far as I could tell.
I ended up creating some freestyle jobs that copy artifacts from the pipelines and save them directly in their workspace. This way they're stored on our Jenkins slaves and visible through the interface to anyone who has permission to view job workspaces.
Nexus does not care what kind of artifacts you drop there. Its a good idea to use it.
I need some help to ingrate Jenkins with jira my user case is this one : i would like to feed urls of builds related to a Jira fix version. This is important for us ( audit & compliance purposes )
How can i do that ?
Think you in advance.
regards,
This is how we handled it:
Add a custom text field to every jira issue type. it can be 'build number' or 'build url' or whatever information you need to display regarding the jenkins build
Create a python script that receives as parameters a list of jira issues and a build number.
Using the JIRA python module (pip install jira), the script creates a connection to jira, goes over the list of issues and updates the custom field above to the given build number.
if the list of issues is not known in advance, then instead of parameter you can provide (or hard-code) a JQL query which the script can use to obtain the list of issues.
Depending on your needs, you may want to skip updating issues who already has a build
number set (either manually or by a previous build)
(Sorry, i can't share exact code but it shouldn't be complicated.)
In your Jenkins build, add a 'batch command' item which runs that python script with the appropriate parameters.
This seems simple enough, but I can't find a solution for this online.
I am integrating SonarQube into our build definitions that get triggered on check in. I want the version SonarQube uses to be tied back to the project number defined by the business side of things.
Ideally, I would like to be able to prompt the user for input. When you go to check in and it kicks off the build, it would ask you for the project number to be used as the version for SonarQube. Is this something TFS 2015 supports?
User input for build definitions
As far as I know, build definitions that are not manually triggered do not prompt for user input. A prompt allowing users to set build variables is shown for manually triggered builds from the VSTS web page.
SonarQube project version
I would recommend against you using the build or assembly version in your build tasks. This is because the SonarQube concept of version is quite different from the build concept. SonarQube uses versions as a baselining mechanism / to determine the leak period. If you up the version number often, the leak period is going to be too short to be actionable.
I'd recommend keeping the SonarQube project version in sync with your release schedule instead.
The short answer to this question is no, there is no way to prompt for input on a non-manually triggered CI build.
Here's what we did to work around this:
I wrote a Powershell script to read a config file and set the values to environment variables exposed to later build steps. Those variables are then what are specified in the Sonar Begin Analysis build task. I packaged that script up as a custom build task that will read a "sonar.config" file. This means all we have to do is add a "sonar.config" file to each solution we want to run Sonar analysis for, defining the key, name and version for the project, and then this build task will populate all necessary environment variables as the first step in the build.
So not a perfect solution, but it gets the job done without us having to add a lot of extra code to our solutions.
I have searched many links but could not find the appropriate answer. I need to know when should I use "trigger builds remotely". I have gone through Integration Jenkins with SVN, there I saw that I need to check this option. I am not getting any idea regarding this.
This is used when someone commits to the source control (SVN) it shall ping Jenkins to trigger a build.
The "trigger builds remotely" option is used when you want to trigger a build from another tool:
As explain, you can trigger a job using the Jenkins URL:
http://your-jenkins-url/jobs/your-job/build
You can secure this URL by using an authentication token.
I hope it helps :)
You don't have to use it. There are multiple ways a build can be triggered
Build periodically - based on repeating cron schedule.
Poll SCM - based on SCM commits. This is also required when building on SCM hooks.
Build after/before other projects / Various - multiple ways to setup cross-project dependencies for selecting when to build.
Trigger builds remotely - to delegate the logic for monitoring/triggering builds to 3rd party applications/scripts.
The last one is used when you don't want Jenkins to be doing the triggering of the jobs (but Jenkins will still do the execution). It allows you to trigger a build through a specific URL. To avoid unauthorized triggering (since there is no login at this point), an authentication token can be provided.
This URL can be invoked any way you want: manually, command-line script, or some other 3rd-party application.
I have a plugin in Jenkins for Checkmarx which scans the source code for static code analysis. Is there to make that plugin be compulsory for every job in jenkins?
For that matter any plugin.
The answer, that you probably don't want to hear, is: No.
The only way you can enforce something to happen at all times, is by writing your own plugin for your own "Project type" (instead of Maven or Free-style), and then enforce that everyone uses your project type.
Found a implicit way to do it.
Using jenkins rest api(batch,python,ruby) - run through all job
config.xml.
Download the jobConfig.xml
Update the xml with the plugin(checkmarx in this case) config
Upload(POST) it back to jenkins server.
Run this on a schedule and it shall force everyone to use it.
As I said its an implicit way of doing it.
Checkmarx plugin provides a build step, so it will run every time the job runs. No need to force, if I understand the question correctly. Just make sure the "Skip scan if triggered by SCM Changes" flag is unchecked, which is the default. See more info about the plugin here: https://checkmarx.atlassian.net/wiki/display/KC/Configuring+a+Scan+Action
Downloading the config.xml for the job and posting it back is a bad idea for several reasons. First checkmarx does not require the code to be compiled so you are wasting precious cycles on a build slave. Second Jenkins jobs can do more than compile and they could deploy to production accidentally. Just don't do it. The best way to do what you want to do is to download the config.xml file and then extract the repository url. You can use the Checkmarx rest api to perform a scan. You can probably name the program in checkmarx in some way to relate it back to the jenkins job.