iinm/README.md

## README.md

      
    Raw
  

              README.md
            
          
    Jenkis

Download & Run Jenkins
./jenkins run
-> http://127.0.0.1:8080/jenkins
Use Jenkins cli
export JENKINS_USER_ID=admin
export JENKINS_API_TOKEN=$(cat ./jenkins_home/.initial_admin_password)
./jenkins cli help
Install Plugins
while read line; do ./jenkins cli install-plugin "$line" -deploy < /dev/null; done << EOF
matrix-auth
credentials
credentials-binding
git
workflow-aggregator
ssh-slaves
simple-theme-plugin
ansicolor
rebuild
EOF
Configure executors
echo "jenkins.model.Jenkins.instance.setNumExecutors(10)" | ./jenkins cli groovy = –
Create account
echo "jenkins.model.Jenkins.instance.securityRealm.createAccount('$user', '$password')" | ./jenkins cli groovy = –

  
## jenkins
#!/usr/bin/env bash

set -eu -o pipefail

DEFAULT_JENKINS_VERSION=2.263.4
DEFAULT_JENKINS_WAR_SHA256=1d4a7409784236a84478b76f3f2139939c0d7a3b4b2e53b1fcef400c14903ab6

JENKINS_INIT_SCRIPT=$(cat << 'EOF'
// https://wiki.jenkins.io/display/JENKINS/Groovy+Hook+Script
import hudson.security.*
import hudson.security.csrf.*
import jenkins.model.*
import jenkins.security.s2m.*

def env = System.getenv()
def jenkins = Jenkins.getInstance()

// set url
urlConfig = JenkinsLocationConfiguration.get()
urlConfig.setUrl(env.JENKINS_URL)
urlConfig.save()

// configure security
if (jenkins.getSecurityRealm().equals(HudsonPrivateSecurityRealm.NO_AUTHENTICATION)) {

    jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false))

    // create admin user
    def password = new File(env.JENKINS_INITIAL_ADMIN_PASSWORD_FILE).getText().trim()
    def user = jenkins.getSecurityRealm().createAccount(env.JENKINS_ADMIN_USER_NAME, password)
    user.save()

    def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
    strategy.setAllowAnonymousRead(false)
    jenkins.setAuthorizationStrategy(strategy)
}

// enable csrf protection
if (jenkins.getCrumbIssuer() == null) {
    jenkins.setCrumbIssuer(new DefaultCrumbIssuer(true))
}

// https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control
jenkins.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)

jenkins.save()
EOF
)

run() {
  : "${JVM_OPTS:=""}"
  : "${JENKINS_HOME:="$(pwd)/jenkins_home"}"
  : "${JENKINS_WAR:="$(pwd)/jenkins.war"}"
  : "${JENKINS_VERSION:="$DEFAULT_JENKINS_VERSION"}"
  : "${JENKINS_WAR_SHA256:="$DEFAULT_JENKINS_WAR_SHA256"}"
  : "${JENKINS_PORT:=8080}"
  : "${JENKINS_LISTEN_ADDRESS:=127.0.0.1}"
  : "${JENKINS_URL_PREFIX:=/jenkins}"
  : "${JENKINS_URL:="http://$JENKINS_LISTEN_ADDRESS:$JENKINS_PORT$JENKINS_URL_PREFIX"}"
  : "${JENKINS_ADMIN_USER_NAME:=admin}"
  : "${JENKINS_INITIAL_ADMIN_PASSWORD_FILE:="$JENKINS_HOME/.initial_admin_password"}"
  : "${JENKINS_ACCESS_LOG:=$(pwd)/access.log}"
  # https://www.jenkins.io/doc/book/system-administration/security/configuring-content-security-policy/
  : "${JENKINS_CSP:="sandbox; default-src 'none'; img-src 'self'; style-src 'self';"}"
  : "${JENKINS_OPTS:=""}"

  if test "$(sha256sum "$JENKINS_WAR" | awk '{ print $1 }')" != "${JENKINS_WAR_SHA256}"; then
    wget -O "$JENKINS_WAR" "http://mirrors.jenkins.io/war-stable/$JENKINS_VERSION/jenkins.war"
  fi

  if test "$(sha256sum "$JENKINS_WAR" | awk '{ print $1 }')" != "${JENKINS_WAR_SHA256}"; then
    echo "error: jenkins.war does not match checksum." >&2
  fi

  mkdir -p "$JENKINS_HOME"
  echo "$JENKINS_INIT_SCRIPT" > "$JENKINS_HOME/init.groovy"

  if test ! -f "$JENKINS_INITIAL_ADMIN_PASSWORD_FILE"; then
    openssl rand -base64 32 > "$JENKINS_INITIAL_ADMIN_PASSWORD_FILE"
    echo "Admin password file created. -> $JENKINS_INITIAL_ADMIN_PASSWORD_FILE"
  fi

  exec env \
    JENKINS_HOME="$JENKINS_HOME" \
    JENKINS_URL="$JENKINS_URL" \
    JENKINS_ADMIN_USER_NAME="$JENKINS_ADMIN_USER_NAME" \
    JENKINS_INITIAL_ADMIN_PASSWORD_FILE="$JENKINS_INITIAL_ADMIN_PASSWORD_FILE" \
    java \
      $JVM_OPTS \
      -Djenkins.install.runSetupWizard=false \
      -Dhudson.model.DirectoryBrowserSupport.CSP="$JENKINS_CSP" \
      -jar "$JENKINS_WAR" \
      --httpPort="$JENKINS_PORT" \
      --httpListenAddress="$JENKINS_LISTEN_ADDRESS" \
      --prefix="$JENKINS_URL_PREFIX" \
      --accessLoggerClassName=winstone.accesslog.SimpleAccessLogger \
      --simpleAccessLogger.format=rproxycombined \
      --simpleAccessLogger.file="$JENKINS_ACCESS_LOG" \
      $JENKINS_OPTS
}

cli() {
  : "${JENKINS_URL:="http://127.0.0.1:8080/jenkins"}"
  : "${JENKINS_CLI_JAR:="$(pwd)/jenkins-cli.jar"}"
  : "${JENKINS_USER_ID?}"
  : "${JENKINS_API_TOKEN?}"

  if test ! -f "$JENKINS_CLI_JAR"; then
    wget -q -O "$JENKINS_CLI_JAR" "$JENKINS_URL/jnlpJars/jenkins-cli.jar"
  fi

  exec java -jar "$JENKINS_CLI_JAR" -s "$JENKINS_URL" "$@"
}


if test "${BASH_SOURCE[0]}" = "$0"; then
  set -eu -o pipefail
  "$@"
fi
	#!/usr/bin/env bash

	set -eu -o pipefail

	DEFAULT_JENKINS_VERSION=2.263.4
	DEFAULT_JENKINS_WAR_SHA256=1d4a7409784236a84478b76f3f2139939c0d7a3b4b2e53b1fcef400c14903ab6

	JENKINS_INIT_SCRIPT=$(cat << 'EOF'
	// https://wiki.jenkins.io/display/JENKINS/Groovy+Hook+Script
	import hudson.security.*
	import hudson.security.csrf.*
	import jenkins.model.*
	import jenkins.security.s2m.*

	def env = System.getenv()
	def jenkins = Jenkins.getInstance()

	// set url
	urlConfig = JenkinsLocationConfiguration.get()
	urlConfig.setUrl(env.JENKINS_URL)
	urlConfig.save()

	// configure security
	if (jenkins.getSecurityRealm().equals(HudsonPrivateSecurityRealm.NO_AUTHENTICATION)) {

	jenkins.setSecurityRealm(new HudsonPrivateSecurityRealm(false))

	// create admin user
	def password = new File(env.JENKINS_INITIAL_ADMIN_PASSWORD_FILE).getText().trim()
	def user = jenkins.getSecurityRealm().createAccount(env.JENKINS_ADMIN_USER_NAME, password)
	user.save()

	def strategy = new FullControlOnceLoggedInAuthorizationStrategy()
	strategy.setAllowAnonymousRead(false)
	jenkins.setAuthorizationStrategy(strategy)
	}

	// enable csrf protection
	if (jenkins.getCrumbIssuer() == null) {
	jenkins.setCrumbIssuer(new DefaultCrumbIssuer(true))
	}

	// https://wiki.jenkins.io/display/JENKINS/Slave+To+Master+Access+Control
	jenkins.getInjector().getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false)

	jenkins.save()
	EOF
	)

	run() {
	: "${JVM_OPTS:=""}"
	: "${JENKINS_HOME:="$(pwd)/jenkins_home"}"
	: "${JENKINS_WAR:="$(pwd)/jenkins.war"}"
	: "${JENKINS_VERSION:="$DEFAULT_JENKINS_VERSION"}"
	: "${JENKINS_WAR_SHA256:="$DEFAULT_JENKINS_WAR_SHA256"}"
	: "${JENKINS_PORT:=8080}"
	: "${JENKINS_LISTEN_ADDRESS:=127.0.0.1}"
	: "${JENKINS_URL_PREFIX:=/jenkins}"
	: "${JENKINS_URL:="http://$JENKINS_LISTEN_ADDRESS:$JENKINS_PORT$JENKINS_URL_PREFIX"}"
	: "${JENKINS_ADMIN_USER_NAME:=admin}"
	: "${JENKINS_INITIAL_ADMIN_PASSWORD_FILE:="$JENKINS_HOME/.initial_admin_password"}"
	: "${JENKINS_ACCESS_LOG:=$(pwd)/access.log}"
	# https://www.jenkins.io/doc/book/system-administration/security/configuring-content-security-policy/
	: "${JENKINS_CSP:="sandbox; default-src 'none'; img-src 'self'; style-src 'self';"}"
	: "${JENKINS_OPTS:=""}"

	if test "$(sha256sum "$JENKINS_WAR" \| awk '{ print $1 }')" != "${JENKINS_WAR_SHA256}"; then
	wget -O "$JENKINS_WAR" "http://mirrors.jenkins.io/war-stable/$JENKINS_VERSION/jenkins.war"
	fi

	if test "$(sha256sum "$JENKINS_WAR" \| awk '{ print $1 }')" != "${JENKINS_WAR_SHA256}"; then
	echo "error: jenkins.war does not match checksum." >&2
	fi

	mkdir -p "$JENKINS_HOME"
	echo "$JENKINS_INIT_SCRIPT" > "$JENKINS_HOME/init.groovy"

	if test ! -f "$JENKINS_INITIAL_ADMIN_PASSWORD_FILE"; then
	openssl rand -base64 32 > "$JENKINS_INITIAL_ADMIN_PASSWORD_FILE"
	echo "Admin password file created. -> $JENKINS_INITIAL_ADMIN_PASSWORD_FILE"
	fi

	exec env \
	JENKINS_HOME="$JENKINS_HOME" \
	JENKINS_URL="$JENKINS_URL" \
	JENKINS_ADMIN_USER_NAME="$JENKINS_ADMIN_USER_NAME" \
	JENKINS_INITIAL_ADMIN_PASSWORD_FILE="$JENKINS_INITIAL_ADMIN_PASSWORD_FILE" \
	java \
	$JVM_OPTS \
	-Djenkins.install.runSetupWizard=false \
	-Dhudson.model.DirectoryBrowserSupport.CSP="$JENKINS_CSP" \
	-jar "$JENKINS_WAR" \
	--httpPort="$JENKINS_PORT" \
	--httpListenAddress="$JENKINS_LISTEN_ADDRESS" \
	--prefix="$JENKINS_URL_PREFIX" \
	--accessLoggerClassName=winstone.accesslog.SimpleAccessLogger \
	--simpleAccessLogger.format=rproxycombined \
	--simpleAccessLogger.file="$JENKINS_ACCESS_LOG" \
	$JENKINS_OPTS
	}

	cli() {
	: "${JENKINS_URL:="http://127.0.0.1:8080/jenkins"}"
	: "${JENKINS_CLI_JAR:="$(pwd)/jenkins-cli.jar"}"
	: "${JENKINS_USER_ID?}"
	: "${JENKINS_API_TOKEN?}"

	if test ! -f "$JENKINS_CLI_JAR"; then
	wget -q -O "$JENKINS_CLI_JAR" "$JENKINS_URL/jnlpJars/jenkins-cli.jar"
	fi

	exec java -jar "$JENKINS_CLI_JAR" -s "$JENKINS_URL" "$@"
	}


	if test "${BASH_SOURCE[0]}" = "$0"; then
	set -eu -o pipefail
	"$@"
	fi