From a59dc268a0c6c8d1fcac8152f40bd03a8ae9ce65 Mon Sep 17 00:00:00 2001 From: "R. Tyler Croy" Date: Wed, 20 Dec 2017 15:53:09 -0800 Subject: [PATCH] Move all the master code into codevalet/master --- .dockerignore | 4 - Dockerfile.builder | 3 - Dockerfile.master | 97 -------------- Jenkinsfile | 22 --- Makefile | 38 +----- init.groovy.d/.gitignore | 2 - init.groovy.d/README.adoc | 29 ---- init.groovy.d/configure-datadog.groovy | 17 --- init.groovy.d/configure-quiet-period.groovy | 9 -- init.groovy.d/configure-sentry.groovy | 0 init.groovy.d/disable-cli.groovy | 6 - init.groovy.d/enable-csrf-protection.groovy | 14 -- init.groovy.d/limit-jnlp-protocols.groovy | 14 -- init.groovy.d/limit-master-executors.groovy | 8 -- .../pipeline-global-configuration.groovy | 34 ----- init.groovy.d/set-instance-url.groovy | 9 -- init.groovy.d/setup-azure-cloud.groovy.erb | 126 ------------------ init.groovy.d/setup-git.groovy | 19 --- init.groovy.d/setup-github-oauth.groovy | 45 ------- nginx.master.conf | 28 ---- plugins.txt | 8 -- scripts/build-plugins | 85 ------------ scripts/plugins-from-pom | 47 ------- scripts/record-sha1sums | 13 -- scripts/render-agent-templates | 22 --- supervisord.conf | 19 --- 26 files changed, 4 insertions(+), 714 deletions(-) delete mode 100644 .dockerignore delete mode 100644 Dockerfile.builder delete mode 100644 Dockerfile.master delete mode 100644 init.groovy.d/.gitignore delete mode 100644 init.groovy.d/README.adoc delete mode 100644 init.groovy.d/configure-datadog.groovy delete mode 100644 init.groovy.d/configure-quiet-period.groovy delete mode 100644 init.groovy.d/configure-sentry.groovy delete mode 100644 init.groovy.d/disable-cli.groovy delete mode 100644 init.groovy.d/enable-csrf-protection.groovy delete mode 100644 init.groovy.d/limit-jnlp-protocols.groovy delete mode 100644 init.groovy.d/limit-master-executors.groovy delete mode 100644 init.groovy.d/pipeline-global-configuration.groovy delete mode 100644 init.groovy.d/set-instance-url.groovy delete mode 100644 init.groovy.d/setup-azure-cloud.groovy.erb delete mode 100644 init.groovy.d/setup-git.groovy delete mode 100644 init.groovy.d/setup-github-oauth.groovy delete mode 100644 nginx.master.conf delete mode 100644 plugins.txt delete mode 100755 scripts/build-plugins delete mode 100755 scripts/plugins-from-pom delete mode 100755 scripts/record-sha1sums delete mode 100644 scripts/render-agent-templates delete mode 100644 supervisord.conf diff --git a/.dockerignore b/.dockerignore deleted file mode 100644 index 805fd1e..0000000 --- a/.dockerignore +++ /dev/null @@ -1,4 +0,0 @@ -build/repos -webapp/ -proxy/ -assets/ diff --git a/Dockerfile.builder b/Dockerfile.builder deleted file mode 100644 index d2ac21c..0000000 --- a/Dockerfile.builder +++ /dev/null @@ -1,3 +0,0 @@ -FROM maven:3 - -RUN apt-get update && apt-get install -qy git nodejs node-gyp diff --git a/Dockerfile.master b/Dockerfile.master deleted file mode 100644 index f26214f..0000000 --- a/Dockerfile.master +++ /dev/null @@ -1,97 +0,0 @@ -FROM nginx:alpine -USER root - -# Prepare the alpine image with some Jenkins dependencies -################################################################################ -RUN apk add --no-cache git \ - openssh-client \ - curl \ - unzip \ - bash \ - ttf-dejavu \ - coreutils \ - supervisor \ - openjdk8-jre && \ - mkdir -p /usr/share/jenkins && \ - curl -sSL https://ci.jenkins.io/job/Core/job/jenkins/job/master/lastSuccessfulBuild/artifact/war/target/linux-jenkins.war > /usr/share/jenkins/jenkins.war -################################################################################ - - -# Snippet taken from Dockerfile.alpine -################################################################################ -ARG user=jenkins -ARG group=jenkins -ARG uid=1000 -ARG gid=1000 -ARG http_port=8080 -ARG agent_port=50000 - -ENV JENKINS_HOME /var/jenkins_home -ENV JENKINS_SLAVE_AGENT_PORT ${agent_port} -# Jenkins is run with user `jenkins`, uid = 1000 -# If you bind mount a volume from the host or a data container, -# ensure you use the same uid -RUN addgroup -g ${gid} ${group} \ - && adduser -h "$JENKINS_HOME" -u ${uid} -G ${group} -s /bin/bash -D ${user} - -# Jenkins home directory is a volume, so configuration and build history -# can be persisted and survive image upgrades -VOLUME /var/jenkins_home - -# `/usr/share/jenkins/ref/` contains all reference configuration we want -# to set on a fresh new installation. Use it to bundle additional plugins -# or config file with your custom jenkins Docker image. -RUN mkdir -p /usr/share/jenkins/ref/init.groovy.d - -ENV TINI_VERSION 0.14.0 -ENV TINI_SHA 6c41ec7d33e857d4779f14d9c74924cab0c7973485d2972419a3b7c7620ff5fd - -# Use tini as subreaper in Docker container to adopt zombie processes -RUN curl -fsSL https://github.com/krallin/tini/releases/download/v${TINI_VERSION}/tini-static-amd64 -o /bin/tini && chmod +x /bin/tini \ - && echo "$TINI_SHA /bin/tini" | sha256sum -c - - -ENV JENKINS_UC https://updates.jenkins.io -RUN chown -R ${user} "$JENKINS_HOME" /usr/share/jenkins/ref - -# for main web interface: -EXPOSE ${http_port} - -# will be used by attached agents: -EXPOSE ${agent_port} -################################################################################ - - -# Grab the latest jenkins.sh from the Jenkins on Docker project -RUN curl -fsSL https://github.com/jenkinsci/docker/raw/master/jenkins.sh > /usr/local/bin/jenkins.sh && \ - chmod +x /usr/local/bin/jenkins.sh -RUN curl -fsSL https://github.com/jenkinsci/docker/raw/master/jenkins-support > /usr/local/bin/jenkins-support - - -# Ensure that all our plugins are bundled properly, along with Groovy bootstrap -# scripts and other build-related content. -################################################################################ -ADD build/plugins/*.hpi /usr/share/jenkins/ref/plugins/ -RUN for f in /usr/share/jenkins/ref/plugins/*.hpi; do mv $f $f.override ; done -ADD init.groovy.d/*.groovy /usr/share/jenkins/ref/init.groovy.d/ -# Link all our files with .override as the suffix to ensure copy_reference_file -# overrides any existing versions on the persistent volume. Basically, we -# always want the init.groovy.d/ in the container to win. -RUN for f in /usr/share/jenkins/ref/init.groovy.d/*.groovy; do mv $f $f.override ; done - -RUN mkdir /usr/share/jenkins/ref/userContent -RUN date > /usr/share/jenkins/ref/userContent/builtOn.txt -ADD build/git-refs.txt /usr/share/jenkins/ref/userContent -RUN for f in /usr/share/jenkins/ref/userContent/*.txt; do mv $f $f.override ; done -################################################################################ - - -# Prepare the nginx instance itself -################################################################################ -COPY nginx.master.conf /etc/nginx/conf.d/default.conf -################################################################################ - -# Prepare the supervisor script to run nginx and Jenkins inside the container -################################################################################ -COPY supervisord.conf /etc/supervisor/conf.d/supervisord.conf -CMD /usr/bin/supervisord -c /etc/supervisor/conf.d/supervisord.conf -################################################################################ diff --git a/Jenkinsfile b/Jenkinsfile index ac1eba5..8d183a4 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -16,28 +16,6 @@ pipeline { sh 'make generate-k8s' } } - stage('Create builder') { - steps { - sh 'make builder' - } - } - stage('Build necessary plugins') { - when { branch 'master' } - steps { - sh 'make plugins' - } - } - stage('Create master container') { - when { branch 'master' } - steps { - sh 'make master' - } - post { - always { - archiveArtifacts artifacts: 'build/git-refs.txt', fingerprint: true - } - } - } stage('Test') { steps { sh 'make check' diff --git a/Makefile b/Makefile index a48c941..0a40398 100644 --- a/Makefile +++ b/Makefile @@ -1,50 +1,20 @@ -IMAGE_PREFIX="rtyler/codevalet" TF_VARFILE=.terraform.cb.json TERRAFORM=./scripts/terraform check: generate validate $(MAKE) -C webapp check -all: plugins master - -generate: generate-k8s agent-templates +generate: generate-k8s run: webapp docker-compose up clean: - rm -f build/git-refs.txt k8/generated + rm -rf k8s/generated docker-compose down || true $(MAKE) -C webapp clean -## Build the Jenkins master image -############################################################### -builder: Dockerfile.builder - docker build -t ${IMAGE_PREFIX}-$@ -f Dockerfile.$@ . - -master: Dockerfile.master build/git-refs.txt agent-templates - docker build -t ${IMAGE_PREFIX}-$@ -f Dockerfile.$@ . - -plugins: ./scripts/build-plugins plugins.txt builder - ./scripts/build-plugins - -build/git-refs.txt: - ./scripts/record-sha1sums -############################################################### - - -## Handling for agent-templates which is an external repository -############################################################### -agent-templates: build/agent-templates - (cd build/agent-templates && git pull --rebase) - docker run --rm -v $(PWD):$(PWD) -w $(PWD) ruby:2-alpine \ - ruby ./scripts/render-agent-templates build/agent-templates - -build/agent-templates: - git clone --depth 1 https://github.com/codevalet/agent-templates.git build/agent-templates -############################################################### - ## Handle sub-projects ############################################################### @@ -101,6 +71,6 @@ k8s/generated: ############################################################### -.PHONY: clean all plugins master builder plan validate \ +.PHONY: clean all plan validate \ deploy generate-k8s deploy-k8s webapp check generate \ - agent-templates run tfinit + run tfinit diff --git a/init.groovy.d/.gitignore b/init.groovy.d/.gitignore deleted file mode 100644 index e735110..0000000 --- a/init.groovy.d/.gitignore +++ /dev/null @@ -1,2 +0,0 @@ -setup-azure-cloud.groovy -*.class diff --git a/init.groovy.d/README.adoc b/init.groovy.d/README.adoc deleted file mode 100644 index e2e89fb..0000000 --- a/init.groovy.d/README.adoc +++ /dev/null @@ -1,29 +0,0 @@ -= Groovy bootstrap scripts for Jenkins - -This directory contains a number Groovy-based scripts which will execute when -the Jenkins instances boot up, providing the baseline configuration required -per instance. - -== Environment Variables - -The environment variables that these scripts need to be present when Jenkins -executes are: - -=== GITHUB_USER - -The user on link:https://github.com[github.com] who should "own" this instance. -This will automatically set up some permissions for the set `GITHUB_USER` - -=== CLIENT_SECRET - -The GitHub OAuth "Client Secret" for the OAuth Application which should be used -for authentication against these Jenkins instances. - - -=== AZURE_TENANT_ID - -=== AZURE_SUBSCRIPTION_ID - -=== AZURE_CLIENT_ID - -=== AZURE_CLIENT_SECRET diff --git a/init.groovy.d/configure-datadog.groovy b/init.groovy.d/configure-datadog.groovy deleted file mode 100644 index 586e593..0000000 --- a/init.groovy.d/configure-datadog.groovy +++ /dev/null @@ -1,17 +0,0 @@ -#!/usr/bin/env groovy - -/* Configure the Datadog plugin for this instance */ - -import jenkins.model.* -import org.datadog.jenkins.plugins.datadog.DatadogBuildListener - -def dog = Jenkins.instance.getDescriptor('org.datadog.jenkins.plugins.datadog.DatadogBuildListener') - -if (System.env.get('GITHUB_USER')) { - dog.hostname = "${System.env.get('GITHUB_USER')}.codevalet.io" -} - -dog.tagNode = true -dog.apiKey = System.env.get('DATADOG_API_KEY') ?: 'dummy-datadog-api-key' - -dog.save() diff --git a/init.groovy.d/configure-quiet-period.groovy b/init.groovy.d/configure-quiet-period.groovy deleted file mode 100644 index 0754c1d..0000000 --- a/init.groovy.d/configure-quiet-period.groovy +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env groovy -/* - * Set the global quiet period to zero to avoid any delays in provisioning - * infrastructure or executing Pipelines - */ - -import jenkins.model.Jenkins - -Jenkins.instance.quietPeriod = 0 diff --git a/init.groovy.d/configure-sentry.groovy b/init.groovy.d/configure-sentry.groovy deleted file mode 100644 index e69de29..0000000 diff --git a/init.groovy.d/disable-cli.groovy b/init.groovy.d/disable-cli.groovy deleted file mode 100644 index ec36dfc..0000000 --- a/init.groovy.d/disable-cli.groovy +++ /dev/null @@ -1,6 +0,0 @@ -#!/usr/bin/env groovy -/* - * Disable the CLI by default - */ - -jenkins.CLI.get().setEnabled(false) diff --git a/init.groovy.d/enable-csrf-protection.groovy b/init.groovy.d/enable-csrf-protection.groovy deleted file mode 100644 index e7ce0eb..0000000 --- a/init.groovy.d/enable-csrf-protection.groovy +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env groovy -/* - * Set up the CSRF protection which would normally be defaulted in 2.0 , but - * are not in our instances because we're * skipping the setup wizard - */ - -import jenkins.model.* -import hudson.security.csrf.* - -println "Checking CSRF protection..." -if (Jenkins.instance.crumbIssuer == null) { - println "Enabling CSRF protection" - Jenkins.instance.crumbIssuer = new DefaultCrumbIssuer(true) -} diff --git a/init.groovy.d/limit-jnlp-protocols.groovy b/init.groovy.d/limit-jnlp-protocols.groovy deleted file mode 100644 index d1af963..0000000 --- a/init.groovy.d/limit-jnlp-protocols.groovy +++ /dev/null @@ -1,14 +0,0 @@ -#!/usr/bin/env groovy -/* - * Restrict the JNLP protocols to only those which should be enabled (modern - * and secure ones) - */ - -import jenkins.model.* -import org.kohsuke.stapler.StaplerProxy -import jenkins.security.s2m.AdminWhitelistRule - -Jenkins.instance.agentProtocols = ['JNLP4-connect', 'Ping'] -Jenkins.instance.save() - -Jenkins.instance.getExtensionList(StaplerProxy).get(AdminWhitelistRule).masterKillSwitch = false diff --git a/init.groovy.d/limit-master-executors.groovy b/init.groovy.d/limit-master-executors.groovy deleted file mode 100644 index c18466e..0000000 --- a/init.groovy.d/limit-master-executors.groovy +++ /dev/null @@ -1,8 +0,0 @@ -#!/usr/bin/env groovy -/* - * Make sure the number of executors available on the master is set to zero for - * security purposes - */ - -import jenkins.model.* -Jenkins.instance.setNumExecutors(0) diff --git a/init.groovy.d/pipeline-global-configuration.groovy b/init.groovy.d/pipeline-global-configuration.groovy deleted file mode 100644 index 3e54e0e..0000000 --- a/init.groovy.d/pipeline-global-configuration.groovy +++ /dev/null @@ -1,34 +0,0 @@ -#!/usr/bin/env groovy - -/* - * This file is responsible for setting Global Pipeline configurations to the - * sensible defaults which are necessary - */ - - -import jenkins.model.* -import jenkins.plugins.git.GitSCMSource -import org.jenkinsci.plugins.workflow.libs.* -import jenkins.model.GlobalConfiguration -import org.jenkinsci.plugins.pipeline.modeldefinition.config.GlobalConfig - - -/* Set the default Docker label for Declarative Pipeline to .. wait for it .. docker */ -GlobalConfig c = GlobalConfiguration.all().find { it instanceof GlobalConfig } -c?.dockerLabel = 'docker' - - -/* Add our global library properly */ -List libs = [] - -['pipeline-library', 'inline-pipeline-secrets'].each { - GitSCMSource source= new GitSCMSource(it, "https://github.com/codevalet/${it}.git", - null, null, null, false) - - LibraryConfiguration lib = new LibraryConfiguration(it, new SCMSourceRetriever(source)) - lib.implicit = true - lib.defaultVersion = 'master' - libs.add (lib) -} - -GlobalLibraries.get().libraries = libs diff --git a/init.groovy.d/set-instance-url.groovy b/init.groovy.d/set-instance-url.groovy deleted file mode 100644 index 1bd4926..0000000 --- a/init.groovy.d/set-instance-url.groovy +++ /dev/null @@ -1,9 +0,0 @@ -#!/usr/bin/env groovy - -/* Configure the instance's URL based on the GITHUB_USER */ - -import jenkins.model.* - -if (System.env.get('GITHUB_USER')) { - JenkinsLocationConfiguration.get().setUrl("https://${System.env.get('GITHUB_USER')}.codevalet.io/") -} diff --git a/init.groovy.d/setup-azure-cloud.groovy.erb b/init.groovy.d/setup-azure-cloud.groovy.erb deleted file mode 100644 index 0d079ca..0000000 --- a/init.groovy.d/setup-azure-cloud.groovy.erb +++ /dev/null @@ -1,126 +0,0 @@ -#!/usr/bin/env groovy - -/* - * Set up the Azure VM Cloud plugin. - * - * This file is generated from an ERB template! - */ - -import jenkins.model.* -import com.microsoft.azure.vmagent.* -import com.microsoft.azure.util.* - -import com.cloudbees.plugins.credentials.* -import com.cloudbees.plugins.credentials.impl.* -import com.cloudbees.plugins.credentials.domains.Domain - -final String maxAgents = System.env.get('MAX_AGENTS') ?: '2' -final String cloudName = 'Azure' -final String githubUser = System.env.get('GITHUB_USER') ?: 'max-the-code-monkey' -final String resourceGroup = "azureagents-for-codevalet" -final String credentialsId = 'azure-agents-credential' -final String adminCredentialsId = 'azure-agent-admin-credential' -final String tenantId = System.env.get('AZURE_TENANT_ID') ?: 'dummy-tenant-id' -final String subscriptionId = System.env.get('AZURE_SUBSCRIPTION_ID') ?: 'dummy-subscription-id' -final String clientId = System.env.get('AZURE_CLIENT_ID') ?: 'dummy-client-id' -final String clientSecret = System.env.get('AZURE_CLIENT_SECRET') ?: 'dummy-secret' -CredentialsScope scope = CredentialsScope.valueOf('SYSTEM') -AzureCredentials.ServicePrincipal principle = AzureCredentials.getServicePrincipal(credentialsId) -final String id = java.util.UUID.randomUUID().toString() -final Credentials c = new UsernamePasswordCredentialsImpl(scope, - adminCredentialsId, - adminCredentialsId, - 'azureuser', - id) - -SystemCredentialsProvider.instance.store.addCredentials(Domain.global(), c) - -println ">> Credential: ${id}" - -/* If the credentials hasn't already been defined, let's create one! */ -if (principle.isBlank()) { - AzureCredentials credential = new AzureCredentials(scope, /* Scope for the credential */ - credentialsId, /* */ - 'Azure credentials for provisioning agent', /* description */ - subscriptionId, /* subscriptionId */ - clientId, /* clientId */ - clientSecret) /* clientSecret */ - credential.tenant = tenantId - - SystemCredentialsProvider.instance.store.addCredentials(Domain.global(), credential) -} - - -Jenkins.instance.clouds.clear() -def cloud = Jenkins.instance.clouds.find { it.name == cloudName } - -/* Avoid adding the AzureVMCloud over and over and over again */ -if (cloud == null) { - cloud = new AzureVMCloud(cloudName, /* Cloud Name */ - credentialsId, /* credentials id */ - maxAgents, /* Max Agents */ - '1200', /* Deployment Timeout (s) */ - 'existing', /* Resource group reference type */ - '', /* New resource group name */ - resourceGroup, /* Existing resource group name */ - null) /* VM Templates */ - Jenkins.instance.clouds.add(cloud) -} - - -/* Nuke all our templates */ -cloud.clearVmTemplates() - -final String agentWorkspace = '/home/azureuser/workspace' -def retentionTime = null -def imageReference = null -def vmTemplate = null -def vhd = null - -<% agents.each_pair do |name, d| %> - - vhd = '<%= d['image']['vhd'] %>' - retentionTime = new AzureVMCloudRetensionStrategy(<%= d['retention'] %>) - imageReference = new AzureVMAgentTemplate.ImageReferenceTypeClass(vhd, vhd, vhd, vhd, vhd) - vmTemplate = new AzureVMAgentTemplate('<%= name %>', - '<%= d['description'] %>', /* description */ - '<%= d['labels'].join(' ') %>', /* labels */ - 'West US', /* location */ - '<%= d['size'] %>', /* VM Size */ - 'existing', /* Storage account Name reference type */ - 'Standard_LRS', /* Storage account type */ - '', /* new storage account name */ - 'codevaletimages', /* existing storage account name */ - 'unmanaged', /* disk type */ - '<%= d['executors'] %>', /* number of executors */ - 'NORMAL', /* Usage mode */ - '', /* built-in image */ - false, /* install git */ - false, /* install maven */ - false, /* install docker */ - 'Linux', /* OS type */ - 'custom', /* image top level type */ - false, /* image reference? */ - imageReference, /* image reference class */ - 'SSH', /* agent launch method */ - false, /* pre install SSH */ - '<%= d['initscript']%>', /* init script */ - adminCredentialsId, /* admin credential Id */ - '', /* virtual network name */ - '', /* virtual network resource group name */ - '', /* subnet name */ - false, /* use private IP */ - '', /* Network security group name */ - agentWorkspace, /* agent workspace */ - '', /* JVM options */ - retentionTime, /* retention time */ - false, /* shutdown on idle */ - false, /* template disabled */ - '', /* template status details */ - true, /* execute init script as root */ - true /* do not use machine if init fails */ - ) - vmTemplate.azureCloud = cloud - cloud.addVmTemplate(vmTemplate) - -<% end %> diff --git a/init.groovy.d/setup-git.groovy b/init.groovy.d/setup-git.groovy deleted file mode 100644 index 9d30f98..0000000 --- a/init.groovy.d/setup-git.groovy +++ /dev/null @@ -1,19 +0,0 @@ -#!/usr/bin/env groovy -/* - * Pre-configure the Git plugin and the default git tooling in Jenkins - */ -import org.jenkinsci.plugins.gitclient.* -import hudson.plugins.git.* -import jenkins.model.Jenkins - -def gitConfig = Jenkins.instance.getDescriptor('hudson.plugins.git.GitSCM') -def tools = Jenkins.instance.getDescriptor('hudson.plugins.git.GitTool') - -GitTool[] gitTools = new GitTool[1] -gitTools[0] = new JGitTool() - -tools.installations = gitTools -tools.save() - -gitConfig.globalConfigName = 'max' -gitConfig.globalConfigEmail = 'max@example.com' diff --git a/init.groovy.d/setup-github-oauth.groovy b/init.groovy.d/setup-github-oauth.groovy deleted file mode 100644 index f33c6c7..0000000 --- a/init.groovy.d/setup-github-oauth.groovy +++ /dev/null @@ -1,45 +0,0 @@ -#!/usr/bin/env groovy -/* - * Set up the basic GitHub OAuth permissions for this instance - */ - -if (System.env.get('SUPER_DANGEROUS_LOCAL_ONLY_DISABLE_AUTH')) { - return -} - -import jenkins.model.* -import hudson.security.* -import hudson.model.Item -import org.jenkinsci.plugins.workflow.cps.replay.ReplayAction -import org.jenkinsci.plugins.GithubAuthorizationStrategy -import org.jenkinsci.plugins.GithubSecurityRealm - -def authorization = new GlobalMatrixAuthorizationStrategy() -authorization.add(Jenkins.READ, 'Anonymous') -authorization.add(Item.READ, 'Anonymous') -authorization.add(Jenkins.ADMINISTER, 'rtyler') - -[ - Jenkins.READ, - Item.BUILD, - Item.CANCEL, - Item.CONFIGURE, - Item.CREATE, - Item.DELETE, - Item.DISCOVER, - Item.READ, - ReplayAction.REPLAY, -].each { permission -> - authorization.add(permission, System.env.get('GITHUB_USER') ?: 'rtyler') -} - - -def realm = new GithubSecurityRealm('https://github.com', /* GitHub web URI */ - 'https://api.github.com', /* GitHub API URI */ - System.env.get('CLIENT_ID') ?: 'f19661554c93f3b11cfe', /* OAuth Client ID */ - System.env.get('CLIENT_SECRET') ?: '0672e14addb9f41dec11b5da1219017edfc82a58',/* OAuth Client Secret */ - 'read:public_repo,user:email' /* OAuth permission scopes */ - ) -Jenkins.instance.authorizationStrategy = authorization -Jenkins.instance.securityRealm = realm -Jenkins.instance.save() diff --git a/nginx.master.conf b/nginx.master.conf deleted file mode 100644 index cf4caea..0000000 --- a/nginx.master.conf +++ /dev/null @@ -1,28 +0,0 @@ -# -# This nginx configuration is meant to be embedded into a Jenkins master container -# for automatically routing some things -# -# Related to: https://issues.jenkins-ci.org/browse/JENKINS-46706 - -server { - listen 80; - - location = / { - return 301 /blue/pipelines; - } - - # Only allow the usage of the Blue Ocean Pipeline creation flow. - # https://github.com/CodeValet/codevalet/issues/10 - location = /newJob { - return 301 /blue/organizations/jenkins/create-pipeline; - } - - location / { - proxy_redirect off; - proxy_set_header Host $http_host; - proxy_set_header X-Real-IP $remote_addr; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto $scheme; - proxy_pass http://localhost:8080; - } -} diff --git a/plugins.txt b/plugins.txt deleted file mode 100644 index 7c34307..0000000 --- a/plugins.txt +++ /dev/null @@ -1,8 +0,0 @@ -workflow-aggregator-plugin -blueocean-plugin -github-oauth-plugin -azure-vm-agents-plugin -kubernetes-plugin -matrix-auth-plugin -embeddable-build-status-plugin -sentry-plugin diff --git a/scripts/build-plugins b/scripts/build-plugins deleted file mode 100755 index 28b3d1d..0000000 --- a/scripts/build-plugins +++ /dev/null @@ -1,85 +0,0 @@ -#!/bin/bash - -BUILD_DIR=$PWD/build -REPOS_DIR=$BUILD_DIR/repos -SCRIPTS_DIR=$(realpath $(dirname $0)) -PLUGINS_OUTPUT_DIR=$BUILD_DIR/plugins -BUILDER_CONTAINER="rtyler/codevalet-builder" - -mkdir -p $REPOS_DIR -mkdir -p $PLUGINS_OUTPUT_DIR - -declare -A PROCESSED - -function cloneWithDependencies() { - if [ ! ${PROCESSED[$1]} ]; then - PROCESSED[$1]="$1" - if [ ! -d $1 ]; then - git clone --depth 1 git://github.com/jenkinsci/$1.git - fi; - - for pom in $(find $1 -iname 'pom.xml' -maxdepth 2 -type f); do - (cd $(dirname $pom) && ${SCRIPTS_DIR}/plugins-from-pom 'pom.xml') - done; - - for dep in $(find $1 -iname '.plugins.txt' -type f -exec cat {} \; | sort -u); do - cloneWithDependencies "${dep}-plugin" - done; - fi; -} - -tty --quiet -if [ $? -eq 0 ]; then - echo "We're interactive, adjusting the Docker arguments accordingly"; - TTY_ARGS="-ti"; -fi; - -pushd $REPOS_DIR - - # See https://github.com/jenkinsci/azure-commons-plugin/pull/15 - git clone --depth 1 -b jenkins-48636 git://github.com/abayer/azure-commons-plugin.git - - # Grab the latest datadog plugin from their org (it's not in jenkinsci) - git clone --depth 1 git://github.com/datadog/jenkins-datadog-plugin.git datadog-plugin - - # pubsub-light-module is a plugin but not called a plugin - git clone --depth 1 git://github.com/jenkinsci/pubsub-light-module.git pubsub-light-plugin - - # the artifact is called cloudbees-bitbucket-branch-source but the repo isn't - git clone --depth 1 git://github.com/jenkinsci/bitbucket-branch-source-plugin.git cloudbees-bitbucket-branch-source-plugin - - git clone --depth 1 git://github.com/jenkinsci/js-libs.git js-libs-plugin - # https://issues.jenkins-ci.org/browse/JENKINS-45668 - (cd js-libs-plugin && find . -maxdepth 1 -type d -exec mkdir -p {}/src/main/webapp/jsmodules \;) - - - for plugin in $(cat $SCRIPTS_DIR/../plugins.txt); do - cloneWithDependencies $plugin - done; - - # This was merged into the blueocean-plugin repository but still exists as a tombstone - rm -rf blueocean-pipeline-editor-plugin - - set -e - for d in *-plugin; do - pushd $d - - if [ -f pom.xml ]; then - echo ">> Building $d" - git pull --rebase - docker run --rm ${TTY_ARGS} -v $HOME/.m2:/root/.m2 \ - -v $PWD:/data -w /data ${BUILDER_CONTAINER} mvn install -e -B -DskipTests - fi; - popd - done; - set +e - - # Handle an old tombstoned dependency which will not build from source - # anymore :( - # https://github.com/jenkinsci/pipeline-model-definition-plugin/blob/master/pipeline-model-definition/pom.xml#L117-L123 - curl https://repo.jenkins-ci.org/releases/org/jenkinsci/plugins/pipeline-model-declarative-agent/1.1.1/pipeline-model-declarative-agent-1.1.1.hpi > $PLUGINS_OUTPUT_DIR/pipeline-model-declarative-agent.hpi - - for hpi in $(find . -iname "*.hpi" | grep -v "test-classes" | grep -v "target/plugins/"); do - cp $hpi $PLUGINS_OUTPUT_DIR - done; -popd diff --git a/scripts/plugins-from-pom b/scripts/plugins-from-pom deleted file mode 100755 index 1cb52e7..0000000 --- a/scripts/plugins-from-pom +++ /dev/null @@ -1,47 +0,0 @@ -#!/usr/bin/env python - -import sys - -from xml.etree.ElementTree import ElementTree - - -def main(): - document = ElementTree(file=sys.argv[1]) - plugins = [] - ns = {'mvn' : 'http://maven.apache.org/POM/4.0.0'} - packaging = document.find('mvn:packaging', ns) - - if (packaging is not None) and (packaging.text == 'hpi'): - for e in document.findall('mvn:dependencies', ns): - for dep in list(e): - scope = dep.find('mvn:scope', ns) - if scope is None: - optional = dep.find('mvn:optional', ns) - if optional is None: - group = dep.find('mvn:groupId', ns).text - plugin = dep.find('mvn:artifactId', ns).text - # Avoid the github-organization-folder since it's - # tombstoned - if plugin == 'github-organization-folder': - next - try: - ['org.jvnet.hudson.plugins', 'org.jenkins-ci.plugins', - 'org.jenkinsci.plugins', 'org.jenkins-ci.plugins.icon-shim', - '${project.groupId}', 'io.jenkins.plugins', - 'io.jenkins.blueocean', - 'org.jenkins-ci.main', 'com.coravy.hudson.plugins.github', - 'org.6wind.jenkins', 'org.jenkins-ci.plugins.pipeline-stage-view', - 'org.jenkins-ci.ui', 'org.jenkins-ci.plugins.workflow'].index(group) - # Let's only bother with dependencies that are actually Jenkins - # plugins :) - plugins.append(plugin) - except ValueError: - pass - - with open('.plugins.txt', 'w+') as fd: - for plugin in plugins: - fd.write(plugin) - fd.write('\n') - -if __name__ == '__main__': - main() diff --git a/scripts/record-sha1sums b/scripts/record-sha1sums deleted file mode 100755 index f098f20..0000000 --- a/scripts/record-sha1sums +++ /dev/null @@ -1,13 +0,0 @@ -#!/bin/bash - -mkdir build - -OUTPUT_FILE=build/git-refs.txt - -echo > $OUTPUT_FILE - -for plugin in build/repos/*-plugin; do - echo ">> Record HEAD for ${plugin}"; - SHA=$(cd $plugin && git rev-parse HEAD) - echo "${plugin},${SHA}" >> $OUTPUT_FILE -done; diff --git a/scripts/render-agent-templates b/scripts/render-agent-templates deleted file mode 100644 index b2ef864..0000000 --- a/scripts/render-agent-templates +++ /dev/null @@ -1,22 +0,0 @@ -#!/usr/bin/env ruby - -require 'erb' -require 'yaml' - -repo_dir = ARGV.first - -puts ">> Using #{repo_dir} as the agent templates directory" - -agents = {} - -Dir.glob("#{repo_dir}/**/*.yml").each do |agent| - data = YAML.load(File.read(agent)) - name = File.basename(agent, File.extname(agent)) - agents[name] = data -end - - -template = ERB.new(File.read('init.groovy.d/setup-azure-cloud.groovy.erb')) -File.open('init.groovy.d/setup-azure-cloud.groovy', 'w+') do |f| - f.write(template.result) -end diff --git a/supervisord.conf b/supervisord.conf deleted file mode 100644 index d4dbb4a..0000000 --- a/supervisord.conf +++ /dev/null @@ -1,19 +0,0 @@ -[supervisord] -nodaemon=true - -[program:nginx] -command=nginx -g "daemon off;" -autorestart=true -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -redirect_stderr=true - -[program:jenkins] -command=/usr/local/bin/jenkins.sh -directory=/var/jenkins_home -environment=JENKINS_HOME=/var/jenkins_home,COPY_REFERENCE_FILE_LOG=$JENKINS_HOME/copy_reference_file.log -user=jenkins -stdout_logfile=/dev/stdout -stdout_logfile_maxbytes=0 -redirect_stderr=true -startsecs=10