Jenkaas Jobs

Merge ~saviq/jenkaas-jobs:verify-jenkins-creds into jenkaas-jobs:master

  1. Git
  2. lp:~saviq/jenkaas-jobs
  3. verify-jenkins-creds
  4. Merge into master
Proposed by Michał Sawicz
Status: Merged
Approved by: Michi Henning
Approved revision: 907dcf2e5c22aadc9ab0e0f0482ab47a9be2ccf8
Merged at revision: 67ca3889553aa6b1b9e9b87032c467a4bcb7fe49
Proposed branch: ~saviq/jenkaas-jobs:verify-jenkins-creds
Merge into: jenkaas-jobs:master
Diff against target: 290 lines (+144/-100)
5 files modified
dev/null (+0/-98)
jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-0.py (+15/-0)
jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-1.sh (+98/-0)
jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.yaml (+6/-1)
tests/fixtures/credentials/credentials-3-launchpad-plugin.xml (+25/-1)
Reviewer Review Type Date Requested Status
Michi Henning (community) Approve
Review via email: mp+312889@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Michi Henning (michihenning) wrote :

This is really useful, thank you!

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-0.py b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-0.py
0new file mode 1006440new file mode 100644
index 0000000..c5308bd
--- /dev/null
+++ b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-0.py
@@ -0,0 +1,15 @@
1#!/usr/bin/env python
2
3import os
4import requests
5import sys
6
7if __name__ == '__main__':
8 resp = requests.get('{backend_url}', auth=('{bot_username}', os.environ['jenkins_api_token']))
9 if resp.status_code == 200:
10 print("INFO: Authenticated as: {bot_username}")
11 else:
12 print("Authentication as {bot_username} failed:")
13 print("ERROR: {{}}: {{}}".format(resp.status_code, resp.reason))
14 sys.exit(1)
15
diff --git a/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-1.sh b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-1.sh
0new file mode 10064416new file mode 100644
index 0000000..34b9c41
--- /dev/null
+++ b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin-1.sh
@@ -0,0 +1,98 @@
1#!/bin/bash
2set -e
3
4# Setup the dependencies including tarmac
5sudo apt-get install -y python-launchpadlib python-bzrlib python-lockfile python-yaml tarmac jenkins-launchpad-plugin python-jenkins
6
7# Apply the configuration file.
8CONFIG_DIR="${{JENKINS_HOME}}/.jlp"
9CONFIG_PATH="${{CONFIG_DIR}}/jlp.config"
10
11if [ ! -d "${{CONFIG_DIR}}" ]; then
12 mkdir -p "${{CONFIG_DIR}}"
13fi
14
15cat > "${{CONFIG_PATH}}" << EOF
16#You must explicitely allow users to trigger the jobs on your jenkins
17#Otherwise anybody can run arbitrary code on your jenkins servers.
18allowed_users: [{allowed_users}]
19
20#path to your credentials file. The first time you run one of these scripts,
21#launchpad will ask you to authenticate (via a provided URL). Once you do so
22#(in launchpad) you won't need to do this again.
23#If your jenkins "lives" in /var/lib/jenkins you probably don't need to change
24#this
25credential_store_path: {credentials_path}
26
27# When doing a dput into ppa (in autoland.py) a new changelog entry is
28# generated. DEBEMAIL and DEBFULLNAME are used to generate the entry correctly.
29# Please note that the gpg keys of the user specified here must be available
30# on the host where autoland.py is running
31DEBEMAIL:
32DEBFULLNAME:
33
34#user and password for accessing jenkins. This is needed as we need to find
35#out if a job is being published to public jenkins or not. The user needs to be
36#able to see the job configuration
37jenkins_user: "{bot_username}"
38jenkins_password: "${{jenkins_api_token}}"
39
40#Actual URL of your jenkins (e.g. the jenkins backend URL)
41jenkins_url: "{backend_url}"
42
43#Proxy URL of your jenkins (e.g. the URL accessed by users)
44jenkins_proxy_url: "${{JENKINS_URL}}"
45
46#Token to pass when triggering a jenkins build (leave blank for none)
47jenkins_build_token: "BUILD_ME"
48
49# console output from the following jobs will not be printed to the
50# affected merge proposal (in the "Executed test runs:" section)
51jobs_blacklisted_from_messages:
52{blacklisted_jobs}
53
54#message that is used for "testing in progress" comment
55launchpad_build_in_progress_message: "Jenkins: testing in progress"
56
57#login of the launchpad user you will be using for this plugin
58#ideally this user is part of your project group
59launchpad_login: {bot_username}
60
61#Review type that is used for voting on merge proposals.
62#Usually you don't need to change this
63launchpad_review_type: continuous-integration
64
65# directory containing lockfiles for Launchpad merge proposals
66launchpadlocks_dir: /tmp/jenkins-launchpad-plugin/locks
67
68#lock file that is being used to limit the number of parallel launchpad
69#connections
70lock_name: launchpad-trigger-lock
71
72#you don't need to change this
73lp_app: launchpad-trigger
74
75#which launchpad are you using (production/staging)
76#you don't need to change this
77lp_env: production
78
79#URL of your public jenkins in case you are publishing your jobs to some
80#other jenkins
81public_jenkins_url:
82
83#in case you are running jenkins in a private infrastructure you probably don't
84#want to expose your private IPs in public merge proposals
85#the following defines (IP, replacement) pairs. Your URLs in merge proposals
86#are then replaced by the replacement (and you can e.g. edit your /etc/hosts
87#so the links still work for you). The form to specify a replacement is:
88#urls_to_hide:
89# - ['http://1.2.3.4:8080','http://jenkins:8080']
90#
91#To specify no replacement:
92#urls_to_hide: []
93urls_to_hide: []
94
95# verbosity of the commands
96# one of: debug, info, warning, error, critical
97log_level: debug
98EOF
0\ No newline at end of file99\ No newline at end of file
diff --git a/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.sh b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.sh
1deleted file mode 100644100deleted file mode 100644
index 34b9c41..0000000
--- a/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.sh
+++ /dev/null
@@ -1,98 +0,0 @@
1#!/bin/bash
2set -e
3
4# Setup the dependencies including tarmac
5sudo apt-get install -y python-launchpadlib python-bzrlib python-lockfile python-yaml tarmac jenkins-launchpad-plugin python-jenkins
6
7# Apply the configuration file.
8CONFIG_DIR="${{JENKINS_HOME}}/.jlp"
9CONFIG_PATH="${{CONFIG_DIR}}/jlp.config"
10
11if [ ! -d "${{CONFIG_DIR}}" ]; then
12 mkdir -p "${{CONFIG_DIR}}"
13fi
14
15cat > "${{CONFIG_PATH}}" << EOF
16#You must explicitely allow users to trigger the jobs on your jenkins
17#Otherwise anybody can run arbitrary code on your jenkins servers.
18allowed_users: [{allowed_users}]
19
20#path to your credentials file. The first time you run one of these scripts,
21#launchpad will ask you to authenticate (via a provided URL). Once you do so
22#(in launchpad) you won't need to do this again.
23#If your jenkins "lives" in /var/lib/jenkins you probably don't need to change
24#this
25credential_store_path: {credentials_path}
26
27# When doing a dput into ppa (in autoland.py) a new changelog entry is
28# generated. DEBEMAIL and DEBFULLNAME are used to generate the entry correctly.
29# Please note that the gpg keys of the user specified here must be available
30# on the host where autoland.py is running
31DEBEMAIL:
32DEBFULLNAME:
33
34#user and password for accessing jenkins. This is needed as we need to find
35#out if a job is being published to public jenkins or not. The user needs to be
36#able to see the job configuration
37jenkins_user: "{bot_username}"
38jenkins_password: "${{jenkins_api_token}}"
39
40#Actual URL of your jenkins (e.g. the jenkins backend URL)
41jenkins_url: "{backend_url}"
42
43#Proxy URL of your jenkins (e.g. the URL accessed by users)
44jenkins_proxy_url: "${{JENKINS_URL}}"
45
46#Token to pass when triggering a jenkins build (leave blank for none)
47jenkins_build_token: "BUILD_ME"
48
49# console output from the following jobs will not be printed to the
50# affected merge proposal (in the "Executed test runs:" section)
51jobs_blacklisted_from_messages:
52{blacklisted_jobs}
53
54#message that is used for "testing in progress" comment
55launchpad_build_in_progress_message: "Jenkins: testing in progress"
56
57#login of the launchpad user you will be using for this plugin
58#ideally this user is part of your project group
59launchpad_login: {bot_username}
60
61#Review type that is used for voting on merge proposals.
62#Usually you don't need to change this
63launchpad_review_type: continuous-integration
64
65# directory containing lockfiles for Launchpad merge proposals
66launchpadlocks_dir: /tmp/jenkins-launchpad-plugin/locks
67
68#lock file that is being used to limit the number of parallel launchpad
69#connections
70lock_name: launchpad-trigger-lock
71
72#you don't need to change this
73lp_app: launchpad-trigger
74
75#which launchpad are you using (production/staging)
76#you don't need to change this
77lp_env: production
78
79#URL of your public jenkins in case you are publishing your jobs to some
80#other jenkins
81public_jenkins_url:
82
83#in case you are running jenkins in a private infrastructure you probably don't
84#want to expose your private IPs in public merge proposals
85#the following defines (IP, replacement) pairs. Your URLs in merge proposals
86#are then replaced by the replacement (and you can e.g. edit your /etc/hosts
87#so the links still work for you). The form to specify a replacement is:
88#urls_to_hide:
89# - ['http://1.2.3.4:8080','http://jenkins:8080']
90#
91#To specify no replacement:
92#urls_to_hide: []
93urls_to_hide: []
94
95# verbosity of the commands
96# one of: debug, info, warning, error, critical
97log_level: debug
98EOF
99\ No newline at end of file0\ No newline at end of file
diff --git a/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.yaml b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.yaml
index 926463b..ae0bd4f 100644
--- a/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.yaml
+++ b/jenkaas_jobs/yaml/credentials/credentials-3-launchpad-plugin.yaml
@@ -22,4 +22,9 @@
22 - timestamps22 - timestamps
23 builders:23 builders:
24 - shell:24 - shell:
25 !include-raw: credentials-3-launchpad-plugin.sh25 !include-raw: credentials-3-launchpad-plugin-0.py
26 - shell:
27 !include-raw: credentials-3-launchpad-plugin-1.sh
28 publishers:
29 - description_setter:
30 set_for_matrix: 'true'
diff --git a/tests/fixtures/credentials/credentials-3-launchpad-plugin.xml b/tests/fixtures/credentials/credentials-3-launchpad-plugin.xml
index ac7a8be..3c5dd4d 100644
--- a/tests/fixtures/credentials/credentials-3-launchpad-plugin.xml
+++ b/tests/fixtures/credentials/credentials-3-launchpad-plugin.xml
@@ -49,6 +49,24 @@
49 </axes>49 </axes>
50 <builders>50 <builders>
51 <hudson.tasks.Shell>51 <hudson.tasks.Shell>
52 <command>#!/usr/bin/env python
53
54import os
55import requests
56import sys
57
58if __name__ == '__main__':
59 resp = requests.get('http://your-jenkins-be.internal:8080/', auth=('test-ci-bot', os.environ['jenkins_api_token']))
60 if resp.status_code == 200:
61 print(&quot;INFO: Authenticated as: test-ci-bot&quot;)
62 else:
63 print(&quot;Authentication as test-ci-bot failed:&quot;)
64 print(&quot;ERROR: {}: {}&quot;.format(resp.status_code, resp.reason))
65 sys.exit(1)
66
67</command>
68 </hudson.tasks.Shell>
69 <hudson.tasks.Shell>
52 <command>#!/bin/bash70 <command>#!/bin/bash
53set -e71set -e
5472
@@ -151,7 +169,13 @@ log_level: debug
151EOF</command>169EOF</command>
152 </hudson.tasks.Shell>170 </hudson.tasks.Shell>
153 </builders>171 </builders>
154 <publishers/>172 <publishers>
173 <hudson.plugins.descriptionsetter.DescriptionSetterPublisher>
174 <regexp>^INFO:\s+(.*)</regexp>
175 <regexpForFailed>(^(ERROR|WARNING):\s+.*)</regexpForFailed>
176 <setForMatrix>true</setForMatrix>
177 </hudson.plugins.descriptionsetter.DescriptionSetterPublisher>
178 </publishers>
155 <buildWrappers>179 <buildWrappers>
156 <hudson.plugins.timestamper.TimestamperBuildWrapper plugin="timestamper@1.7.2"/>180 <hudson.plugins.timestamper.TimestamperBuildWrapper plugin="timestamper@1.7.2"/>
157 </buildWrappers>181 </buildWrappers>

Subscribers

People subscribed via source and target branches