Last active
March 21, 2020 15:13
-
-
Save fishi0x01/2b33eb533deae0a78ce23b108849bfdc to your computer and use it in GitHub Desktop.
Jenkins as Code. Code for blog post https://fishi.devtail.io/weblog/2019/01/06/jenkins-as-code-part-1/
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| node('master') { | |
| stage('Checkout') { | |
| // Clean workspace and checkout shared library repository on the jenkins master | |
| cleanWs() | |
| checkout scm | |
| } | |
| stage('Configuration') { | |
| // set CasC config in master | |
| sh('cp /var/jenkins_home/workspace/Admin/Configure/resources/config/configuration-as-code-plugin/jenkins.yaml /var/jenkins_home/jenkins.yaml') | |
| // run CasC | |
| load('resources/config/groovy/triggerConfigurationAsCodePlugin.groovy') | |
| // set public key for agent-on-demand bootstrapping user | |
| load('resources/config/groovy/userPublicKeys.groovy') | |
| // set the timezone | |
| load('resources/config/groovy/timezone.groovy') | |
| } | |
| // Create agent networks in cloud provider with terraform | |
| stage('Deploy Agent Networks') { | |
| ansiColor('xterm') { | |
| sh('ln -sfn /var/jenkins_home/agent-bootstrapping-terraform-config/aws-agent-network.backend.config resources/terraform/aws/agent-network/') | |
| sh('ln -sfn /var/jenkins_home/agent-bootstrapping-terraform-config/aws-agent-network.tfvars resources/terraform/aws/agent-network/terraform.tfvars') | |
| sh('cd resources/terraform/ && make deploy-agent-network') | |
| } | |
| } | |
| stage('Job Seeding') { | |
| jobDsl(targets: 'resources/jobDSL/*.groovy', sandbox: false) | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!groovy | |
| // This jobDSL script creates and Admin/Configure pipeline, which will act as | |
| // our seeding and configuration pipeline for Jenkins. The Admin/Configure | |
| // pipeline uses a shared central library hosted on GitHub. | |
| folder('Admin') { | |
| description('Folder containing configuration, bootstrapping and seed jobs') | |
| } | |
| pipelineJob("Admin/Configure") { | |
| parameters { | |
| // We can select a branch of the shared library which we want to use for seeding/configuration | |
| gitParam('revision') { | |
| type('BRANCH_TAG') | |
| sortMode('ASCENDING_SMART') | |
| defaultValue('origin/master') | |
| } | |
| } | |
| logRotator { | |
| numToKeep(50) | |
| } | |
| definition { | |
| cpsScm { | |
| scm { | |
| git { | |
| remote { | |
| github("devtail/jenkins-as-code", "ssh") | |
| credentials("shared-libraries-deploy-key") | |
| } | |
| branch('$revision') | |
| } | |
| } | |
| // This is the config/seed pipeline within the shared repo | |
| scriptPath('resources/init/ConfigurationAndSeedingPipeline.groovy') | |
| } | |
| } | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| FROM jenkins/jenkins:2.164.1 | |
| ENV ARCH=linux_amd64 \ | |
| VAULT_VERSION=1.0.3 \ | |
| TERRAFORM_VERSION=0.11.11 | |
| # Disable install wizard | |
| ENV JAVA_OPTS="-Djenkins.install.runSetupWizard=false -Dorg.jenkinsci.main.modules.sshd.SSHD.hostName=127.0.0.1" | |
| # JCasC Plugin pointer to config/secret values | |
| ENV SECRETS="/var/jenkins_home/" | |
| USER root | |
| # Install deps | |
| RUN apt-get update -y \ | |
| && apt-get install -y build-essential rsync | |
| # Add Vault client | |
| RUN curl -sL https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_${ARCH}.zip -o /tmp/vault_${VAULT_VERSION}_${ARCH}.zip \ | |
| && curl -sL https://releases.hashicorp.com/vault/${VAULT_VERSION}/vault_${VAULT_VERSION}_SHA256SUMS -o /tmp/vault_${VAULT_VERSION}_SHA256SUMS \ | |
| && export CUR_DIR=$(pwd) \ | |
| && cd /tmp \ | |
| && sha256sum -c vault_${VAULT_VERSION}_SHA256SUMS 2>&1 | grep OK \ | |
| && cd ${CUR_DIR} | |
| RUN unzip /tmp/vault_${VAULT_VERSION}_${ARCH}.zip -d /bin | |
| RUN rm -f /tmp/vault_${VAULT_VERSION}_${ARCH}.zip \ | |
| && rm -f /tmp/vault_${VAULT_VERSION}_SHA256SUMS | |
| # Add Terraform client | |
| RUN curl -sL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_${ARCH}.zip -o /tmp/terraform_${TERRAFORM_VERSION}_${ARCH}.zip \ | |
| && curl -sL https://releases.hashicorp.com/terraform/${TERRAFORM_VERSION}/terraform_${TERRAFORM_VERSION}_SHA256SUMS -o /tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS \ | |
| && export CUR_DIR=$(pwd) \ | |
| && cd /tmp \ | |
| && sha256sum -c terraform_${TERRAFORM_VERSION}_SHA256SUMS 2>&1 | grep OK \ | |
| && cd ${CUR_DIR} | |
| RUN unzip /tmp/terraform_${TERRAFORM_VERSION}_${ARCH}.zip -d /bin | |
| RUN rm -f /tmp/terraform_${TERRAFORM_VERSION}_${ARCH}.zip \ | |
| && rm -f /tmp/terraform_${TERRAFORM_VERSION}_SHA256SUMS | |
| USER jenkins | |
| # Add minimum jenkins setup | |
| ADD init.groovy.d /usr/share/jenkins/ref/init.groovy.d | |
| ADD dsl /usr/share/jenkins/ref/dsl | |
| COPY scriptApproval.xml /var/jenkins_home/scriptApproval.xml | |
| # Install plugins | |
| COPY plugins.txt /usr/share/jenkins/ref/plugins.txt | |
| RUN /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| uno-choice | |
| throttle-concurrents | |
| github-oauth | |
| blueocean | |
| configuration-as-code | |
| configuration-as-code-support | |
| ansicolor | |
| mask-passwords | |
| build-user-vars-plugin | |
| git-parameter | |
| authorize-project | |
| slack | |
| job-dsl | |
| jdk-tool | |
| simple-theme-plugin | |
| ace-editor | |
| ant | |
| antisamy-markup-formatter | |
| authentication-tokens | |
| bouncycastle-api | |
| branch-api | |
| build-name-setter | |
| build-pipeline-plugin | |
| build-timeout | |
| cloudbees-folder | |
| command-launcher | |
| conditional-buildstep | |
| credentials-binding | |
| credentials | |
| dashboard-view | |
| display-url-api | |
| docker-commons | |
| docker-workflow | |
| durable-task | |
| email-ext | |
| emailext-template | |
| embeddable-build-status | |
| external-monitor-job | |
| git-client | |
| git-server | |
| git | |
| github-api | |
| github-branch-source | |
| github | |
| handlebars | |
| icon-shim | |
| jackson2-api | |
| javadoc | |
| jquery-detached | |
| jquery | |
| jsch | |
| junit | |
| mailer | |
| matrix-auth | |
| matrix-project | |
| maven-plugin | |
| momentjs | |
| pam-auth | |
| parameterized-trigger | |
| pipeline-build-step | |
| pipeline-github-lib | |
| pipeline-graph-analysis | |
| pipeline-input-step | |
| pipeline-milestone-step | |
| pipeline-model-api | |
| pipeline-model-declarative-agent | |
| pipeline-model-definition | |
| pipeline-model-extensions | |
| pipeline-rest-api | |
| pipeline-stage-step | |
| pipeline-stage-tags-metadata | |
| pipeline-stage-view | |
| plain-credentials | |
| resource-disposer | |
| role-strategy | |
| run-condition | |
| saml | |
| scm-api | |
| script-security | |
| ssh-credentials | |
| ssh-slaves | |
| slave-setup | |
| ssh | |
| structs | |
| timestamper | |
| token-macro | |
| workflow-aggregator | |
| workflow-api | |
| workflow-basic-steps | |
| workflow-cps-global-lib | |
| workflow-cps | |
| workflow-durable-task-step | |
| workflow-job | |
| workflow-multibranch | |
| workflow-scm-step | |
| workflow-step-api | |
| workflow-support | |
| ws-cleanup |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment