Encryption should used wherever possible (and plausible).
The demo shows us how we can use SOPS to tick most of the boxes.
- checkout this gist
- run
./setup.sh - follow the instructions
Steve Boardwell sboardwell
sboardwell
/ #EncryptionByDesign.md
Last active
March 31, 2024 13:49
Encryption by design - tech talk @ techpunk
sboardwell
/ matrix-based-auth.groovy
Created
August 4, 2019 12:26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Inspiration taken from the github page below. | |
| Changes made: | |
| - allowing the configuration to be taken from a file | |
| - this will allow the script to be used in a docker/k8s environment | |
| with the configuration in a mounted secret. | |
| */ | |
| /* | |
| Copyright (c) 2015-2018 Sam Gleske - https://github.com/samrocketman/jenkins-bootstrap-shared |
sboardwell
/ keybase.md
Created
March 6, 2020 09:40
I hereby claim:
- I am sboardwell on github.
- I am lostinberlin (https://keybase.io/lostinberlin) on keybase.
- I have a public key whose fingerprint is 2FC7 0D27 5F78 8558 B25F F375 741E A426 5ADA 66F9
To claim this, I am signing this object:
sboardwell
/ jenkins-google-oauth.groovy
Created
August 3, 2019 19:48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| // SecurityRealm | |
| import jenkins.model.Jenkins | |
| import hudson.security.SecurityRealm | |
| import org.jenkinsci.plugins.googlelogin.GoogleOAuth2SecurityRealm | |
| clientID = null | |
| clientSecret = null | |
| securityRealm = null | |
| // secret sanity check |
sboardwell
/ jenkins-operator.log
Created
September 11, 2019 15:56
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"component":"jenkins-operator","file":"prow/cmd/jenkins-operator/main.go:279","func":"main.gather","level":"debug","metrics-duration":"718.562µs","msg":"Metrics synced","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:675","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetEnqueuedBuilds","level":"debug","msg":"GetEnqueuedBuilds","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetBuilds","level":"debug","msg":"GetBuilds(myproj/view/change-requests/job/PR-1798)","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715","func":"k8s.io/test-infra/prow/jenkins.(*Client).GetBuilds","level":"debug","msg":"GetBuilds(myproj/view/change-requests/job/PR-1801)","time":"2019-09-11T15:20:07Z"} | |
| {"client":"jenkins","component":"jenkins-operator","file":"prow/jenkins/jenkins.go:715 |
sboardwell
/ jenkins-operator.log
Created
September 10, 2019 22:31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| {"component":"jenkins-operator","duration":"467.19302ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:00:07Z"} | |
| {"component":"jenkins-operator","duration":"480.632256ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:00:37Z"} | |
| {"component":"jenkins-operator","duration":"541.922802ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:01:07Z"} | |
| {"component":"jenkins-operator","duration":"443.892985ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:01:37Z"} | |
| {"component":"jenkins-operator","duration":"483.265286ms","file":"prow/cmd/jenkins-operator/main.go:227","func":"main.main","level":"info","msg":"Synced","time":"2019-09-10T16:02:07Z"} | |
| {"component":"jenkins-operator","duration":"371.763669ms","file":"prow/cmd/jenkins-operator/main.go: |
sboardwell
/ Script to list the Jenkins plugins for a remote server
Last active
September 2, 2019 20:14
list-jenkins-plugins
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Script to get a list of plugins from a Jenkins server | |
| set -euo pipefail | |
| # set the necessary vars | |
| JENKINS_URL=${JENKINS_URL:-http://localhost:8080} | |
| JENKINS_USER=${JENKINS_USER:-admin} | |
| JENKINS_TOKEN=${JENKINS_TOKEN} # eg. abcd1234abcd1234abcd1234 |
sboardwell
/ add_custom_repos_function.sh
Created
August 23, 2019 14:18
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| add_custom_nexus_repos() { | |
| local dir=$1 | |
| local volumeNames subPaths repoFiles patchItemString= patchFile separator='' | |
| echo "Getting nexus deployment volume names..." | |
| volumeNames=$(kubectl get deployment jenkins-x-nexus -o 'jsonpath={ .spec.template.spec.volumes[*].name}') | |
| echo "Getting nexus deployment volumeMount subPaths..." | |
| subPaths=$(kubectl get deployment jenkins-x-nexus -o 'jsonpath={ .spec.template.spec.containers[0].volumeMounts[*].subPath}') | |
| repoFiles=$(cat "${dir}/nexus-repos/nexus-custom-repo-files.yaml" | docker run -i --rm evns/yq -j -r '.data' | docker run -i --rm imega/jq -r 'keys[]' | xargs) |
sboardwell
/ demo-script.groovy
Last active
August 23, 2019 13:34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| def updateGroup(def name, def members) { | |
| if (!repository.getRepositoryManager().exists(name)) { | |
| repository.createMavenGroup(name, members) | |
| } | |
| def mgConfig = repository.getRepositoryManager().get(name).configuration.copy() | |
| mgConfig.attributes['group']['memberNames'] = members | |
| repository.repositoryManager.update(mgConfig) | |
| } | |
| updateGroup('maven-group',['maven-public', 'maven-central', 'maven-releases', 'spring-milestone', 'spring-release', 'jitpack', 'jenkins-release', 'maven-jenkinsci', 'jenkins-public', 'plugins-gradle', 'my-protected-repo']) | |
| updateGroup('maven-group-snapshots',['maven-snapshots', 'apache-org-snapshots', 'spring-io-libs-snapshot', 'oss-sonatype-snapshots']) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| kind: ConfigMap | |
| apiVersion: v1 | |
| metadata: | |
| name: nexus-custom-repo-files | |
| namespace: jx | |
| labels: | |
| app: nexus-custom-repo-files | |
| data: | |
| redshift-maven-repository.json: | | |
| { |
NewerOlder