Get full jenkins job name :
Jenkins.instance.getAllItems(AbstractItem.class).each {
println(it.fullName)
};Kill: Jenkins job which is stuck
Jenkins.instance
.getItemByFullName(“Tenerity-Platform/BizOps/apg-chargeback”)
.getBranch(“develop”)
.getBuildByNumber(716)
.finish(hudson.model.Result.ABORTED, new java.io.IOException(“Aborting build”));
Docker with TLS:
###### server
dockerd \
--tlsverify \
--tlscacert=ca.pem \
--tlscert=server-cert.pem \
--tlskey=server-key.pem \
-H=0.0.0.0:2376
##### client
docker --tlsverify \
--tlscacert=ca.pem \
--tlscert=cert.pem \
--tlskey=key.pem \
-H=$HOST:2376 version
##### secure by default
mkdir -pv ~/.docker
cp -v {ca,cert,key}.pem ~/.docker
export DOCKER_HOST=tcp://$HOST:2376 DOCKER_TLS_VERIFY=1
##### make sure to have correct host/DNS name while creating the server certMethod 1: (all user have same admin access)
Domain name : example.com
Domain Controller : ad.exmaple.com
Bind DN : [email protected]
Bind Password : <jenkins-svc-account password>
Else it will give Error: simple bind failed: ad.example.com:389 error
Also Domain Name(example.com) should be resolved from jenkins host or entry should be in /etc/hosts
192.168.122.6 example.com
Method 2: Matrix-based security
Method3: Role based strategy(pending)
AD user and jenkins screenshot for reference
tnc example.com -port 389
Test-NetConnection -ComputerName example.com -Port 389
Manage Jenkins > Configure system > search “E-mail Notification”
gmail smtp server: smtp.gmail.com
port : 587 need TLS
Note: Allow google Less Secure App(should be turned on).
email.Jenkinsfile
pipeline
{
agent { label 'worker1' }
stages{
stage('send-email'){
steps{
script
{
emailext subject: 'Test email subject', body: 'Test email body', to: '[email protected]'
}
sh "echo hola"
}
}
}
}ssh-keygen -b 2048 -t rsa -f /tmp/sshkey -q -N ""ssh -o StrictHostKeyChecking=no -i /tmp/sshkey [email protected] << EOF
ls -ltr
hostname
EOFpipeline {
agent {label 'master'}
parameters {
string(name: 'string1', defaultValue: 's1', description: 's1')
choice(name: 'CHOICES', choices: ['one', 'two', 'three'], description: 'chose')
password(name: 'password', defaultValue: 'SECRET', description: 'password')
}
stages{
stage('one'){
steps{
sh "echo abc > abc.txt"
stash includes: 'abc.txt', name: 'abc'
sh "rm -rf abc.txt"
}
}
stage('two'){
steps{
unstash 'abc'
sh "cat abc.txt"
}
}
}
}pipeline {
agent {label 'master'}
stages{
stage('one'){
steps{
sh "echo abc > abc.txt"
stash includes: 'abc.txt', name: 'abc'
sh "rm -rf abc.txt"
}
}
stage('two'){
steps{
unstash 'abc'
sh "cat abc.txt"
}
}
}
}def git_url = 'https://github.com/initedit/note.initedit'
def git_branch = 'main'
def server_report = "ERROR"
pipeline
{
agent
{
label 'master'
}
stages
{
stage('Git Checkout')
{
steps
{
git credentialsId: 'github', url: git_url , branch: git_branch
}
}
stage('sonarqube analysis')
{
steps
{
script
{
withSonarQubeEnv('sonarqube')
{
def temp_job_name = JOB_NAME.replaceAll('/','-')
sh "PATH=$PATH:/var/jenkins_home/node12/bin;NODE_PATH=/var/jenkins_home/node12/lib/node_modules;npm install typescript;/var/jenkins_home/sonar_scanner/bin/sonar-scanner -Dsonar.sourceEncoding=UTF-8 -Dsonar.sources=${WORKSPACE} -Dsonar.projectKey=${temp_job_name}-${git_branch} -Dsonar.projectName=${temp_job_name}-${git_branch};"
withCredentials([usernamePassword(credentialsId: 'sonarqube-user', usernameVariable: 'uname' , passwordVariable: 'upass')])
{
sh """
cd .scannerwork
sonar_job_url=\$(cat report-task.txt | grep ceTaskUrl | awk -F 'ceTaskUrl=' '{print \$NF}')
while(true)
do
sonar_job_status=\$(curl -s --user "\$uname:\$upass" \$sonar_job_url | awk -F '"status":' '{print \$NF}' | cut -d ',' -f1 | sed 's/"//g')
sleep 10
if [ "\$sonar_job_status" != 'IN_PROGRESS' ]
then
echo "sonar job completed"
#get new bugs
new_vulnerabilities=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_vulnerabilities | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
new_bugs=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_bugs | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
new_violations=\$(curl -s --user "\$uname:\$upass" http://sonarqube.initedit.com/api/measures/search_history?component="${temp_job_name}-${git_branch}"'&'metrics=new_violations | awk -F '"value":' '{print \$NF}' | awk -F '}' '{print \$1}' | sed 's/"//g')
echo "new_vulnerabilities=\$new_vulnerabilities new_bugs=\$new_bugs new_violations=\$new_violations" > /tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt
cat "/tmp/\${JOB_BASE_NAME}-\${BUILD_ID}.txt"
echo "new_vulnerabilities: \$new_vulnerabilities , new_bugs : \$new_bugs , new_violations : \$new_violations"
exit
fi
done
"""
}
}
def qualitygate = waitForQualityGate()
server_report = qualitygate.status
}
}
}
stage('sonar-qualitygate')
{
steps
{
script
{
if (server_report != 'OK')
{
sh '''
echo "not ok"
'''
}
}
}
}
}
}