-
Notifications
You must be signed in to change notification settings - Fork 2
/
configure-dotci.groovy
124 lines (102 loc) · 6 KB
/
configure-dotci.groovy
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
import hudson.model.*
import hudson.security.*
import jenkins.model.*
import jenkins.security.*
import org.jenkinsci.plugins.GithubSecurityRealm
import com.groupon.jenkins.SetupConfig
// https://github.com/groupon/DotCi/blob/master/src/main/java/com/groupon/jenkins/SetupConfig.java
SetupConfig config = SetupConfig.get()
def instance = Jenkins.getInstance()
def env = System.getenv()
/////////////
// generic //
/////////////
location = jenkins.model.JenkinsLocationConfiguration.get()
// comment out for default otherwise - location.setUrl("http://CHANGE_ME/")
location.setAdminAddress("CHANGE_ME@xxx.com")
////////////////////
// docker publish //
////////////////////
// https://github.com/DotCi/DotCi-DockerPublish/commits/DotCi-DockerPublish-1.0.2 does not yet support docker login
com.groupon.jenkins.DockerComposeDotCi.DockerPublishConfiguration.get().setRegistryHost("CHANGE_ME")
////////////////
// build type //
////////////////
config.setLabel("docker")
config.setDefaultBuildType("com.groupon.jenkins.buildtype.dockercompose.DockerComposeBuild")
// config.setDefaultBuildType("com.groupon.jenkins.buildtype.install_packages.InstallPackagesBuild")
com.groupon.jenkins.buildtype.dockercompose.GlobalConfiguration.get().setCloneUrlTemplate("https://<DOMAIN>/<ORG>/<REPO>.git")
// JNLP slave require ssh key to github repo - com.groupon.jenkins.buildtype.dockercompose.GlobalConfiguration.get().setCloneUrlTemplate("git@<DOMAIN>:<ORG>/<REPO>.git")
config.setFromEmailAddress("CHANGE_ME@xxx.com")
config.save()
println "--> configured the default build type and jenkins label for new DotCi projects into " + env['JENKINS_HOME'] + "/com.groupon.jenkins.SetupConfig.xml"
//////////
// smtp //
//////////
def desc = instance.getDescriptor("hudson.tasks.Mailer")
desc.setSmtpAuth("user", "password")
desc.setReplyToAddress("CHANGE_ME@xxx.com")
desc.setSmtpHost("mailman")
desc.setUseSsl(false)
desc.setSmtpPort("25")
desc.setCharset("UTF-8")
instance.save()
println "--> configured smpt to host:mailman port:25 into " + env['JENKINS_HOME'] + "/config.xml"
/////////////
// mongodb //
/////////////
config.setDbHost("mongodb")
config.setDbPort(27017)
config.setDbName("dotci")
config.save()
println "--> configured mongodb:27017/dotci into " + env['JENKINS_HOME'] + "/com.groupon.jenkins.SetupConfig.xml"
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// github.com => Account settings => Org => Applications => Register new application => callback url:http://xx.xx.xx.xx:port/dotci/finishLogin //
/////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// This next configuration is responsible for enabling github commits to trigger builds on the DotCi docker container.
// It auto-defaults to your docker ip/port. You NEED to manually set this value if github can not reach your docker ip/port or /configure after jenkins startup.
// Your localhost is not registered in DNS so you'll notice that https://github.com/org/repo/settings/hooks will fail to deliver.
// Consider using https://ngrok.com, a tool to expose your localhost docker ip/port behind a NAT or firewall to the internet.
// config.setGithubCallbackUrl("http://CHANGE_ME.ngrok.io/githook/")
config.setGithubWebUrl("https://github.com")
config.setGithubApiUrl("https://api.github.com")
config.setGithubClientID("CHANGE_ME")
config.setGithubClientSecret("CHANGE_ME")
config.setPrivateRepoSupport(false)
config.save()
println "--> configured https://github.com/settings/applications/CHANGE_ME into " + env['JENKINS_HOME'] + "/com.groupon.jenkins.SetupConfig.xml"
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// github.com => Account settings => Org => Applications => Register new application => callback url:https://xx.xx.xx.xx:port/securityRealm/finishLogin //
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// https://github.com/jenkinsci/github-oauth-plugin/blob/github-oauth-0.20/src/main/java/org/jenkinsci/plugins/GithubSecurityRealm.java#L115-L116
instance.setSecurityRealm( new GithubSecurityRealm( "https://github.com", "https://api.github.com", "CHANGE_ME_CLIENT_ID", "CHANGE_ME_CLIENT_SECRET"))
instance.save()
println "--> configured securityRealm to https://github.com/settings/applications/CHANGE_ME into " + env['JENKINS_HOME'] + "/config.xml"
///////////////////////////////
// Configure Global Security //
///////////////////////////////
// the advanatge of performing new authorization is to flush out any modification outside this groovy script
def auth = new GlobalMatrixAuthorizationStrategy();
auth.add(jenkins.model.Jenkins.ADMINISTER,"vvitayau")
auth.add(jenkins.model.Jenkins.READ,"srlochen")
auth.add(jenkins.model.Jenkins.READ,"suryagaddipati")
///////////////////////////////////////////////////////////////////////
// https://wiki.jenkins-ci.org/display/JENKINS/Matrix-based+security //
///////////////////////////////////////////////////////////////////////
auth.add(jenkins.model.Jenkins.READ,"anonymous")
auth.add(hudson.model.Computer.CONNECT,"anonymous")
auth.add(hudson.model.Computer.DISCONNECT,"anonymous")
auth.add(hudson.model.Item.BUILD,"anonymous")
auth.add(hudson.model.Item.CANCEL,"anonymous")
// auth.add(hudson.model.Item.CONFIGURE,"anonymous")
// auth.add(hudson.model.Item.CREATE,"anonymous")
auth.add(hudson.model.Item.DISCOVER,"anonymous")
auth.add(hudson.model.Item.READ,"anonymous")
auth.add(hudson.model.Item.WORKSPACE,"anonymous")
// auth.add(hudson.model.Run.DELETE,"anonymous")
// auth.add(hudson.model.Run.UPDATE,"anonymous")
// auth.add(hudson.model.View.CREATE,"anonymous")
auth.add(hudson.model.View.READ,"anonymous")
instance.setAuthorizationStrategy(auth)
instance.save()
println "--> configured users of GlobalMatrixAuthorizationStrategy into " + env['JENKINS_HOME'] + "/config.xml"