Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

chore(pipeline) Migrate from trusted.ci.jenkins.io to infra.ci.jenkins.io #37

Merged
merged 1 commit into from
Apr 25, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
16 changes: 16 additions & 0 deletions JenkinsAgentPodTemplate.yaml
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
apiVersion: v1
kind: Pod
spec:
containers:
- image: "jenkinsciinfra/helmfile:2.3.23"
imagePullPolicy: "IfNotPresent"
name: "jnlp"
resources:
limits:
memory: "256Mi"
cpu: "1"
requests:
memory: "256Mi"
cpu: "1"
securityContext:
privileged: false
124 changes: 0 additions & 124 deletions Jenkinsfile

This file was deleted.

60 changes: 39 additions & 21 deletions README.md
Original file line number Diff line number Diff line change
@@ -1,25 +1,35 @@
# Jenkins GitHub Reports

Use [octokit.rb](http://octokit.github.io/octokit.rb/) to generate reports about the `jenkinsci` GitHub organization.
If you want to execute these scripts locally, use the Docker image `jenkinsciinfra/helmfile` (source code at <https://github.com/jenkins-infra/docker-helmfile>).
It includes all the required dependencies:

- Ruby
- Ruby Gems for [octokit.rb](http://octokit.github.io/octokit.rb/) to generate reports about the `jenkinsci` GitHub organization and graphql
- Bash
- JQ, Azure and other command lines used by bash scripts

You can check the exact image version by checking the Jenkins agent pod template specified in `./JenkinsAgentPodTemplate.yaml`.

## Permissions Report

Prints a two-dimensional JSON array optimized for use in [DataTables](https://www.datatables.net/).

Format example:

[
[
"ldap-plugin",
"olamy",
"push"
],
[
"ldap-plugin",
"jglick",
"push"
]
]
```json
[
[
"ldap-plugin",
"olamy",
"push"
],
[
"ldap-plugin",
"jglick",
"push"
]
]
```

### Usage

Expand All @@ -29,32 +39,40 @@ We use a Github App for that, you'll need to define the following environment va
- GITHUB_APP_ID: The GitHub App's identifier (type integer) set when registering an app
- GITHUB_ORG_NAME: The Github organization name (ex: "jenkinsci")

docker build permissions-report -t permissions-report
docker run -e GITHUB_APP_PRIVATE_KEY_B64 -e GITHUB_APP_ID -e GITHUB_ORG_NAME permissions-report
```shell
cd permisions-report/
ruby ./permisions-report.rb
```

## Artifactory Users Report

Creates a report listing all user accounts in Artifactory.

Consumed by https://github.com/jenkins-infra/repository-permissions-updater/blob/master/src/main/groovy/io/jenkins/infra/repository_permissions_updater/KnownUsers.groovy
Consumed by <https://github.com/jenkins-infra/repository-permissions-updater/blob/master/src/main/groovy/io/jenkins/infra/repository_permissions_updater/KnownUsers.groovy>

### Usage

This requires Artifactory admin user credentials.

docker build artifactory-users-report -t artifactory-users-report
docker run -e ARTIFACTORY_AUTH=admin-username:admin-token artifactory-users-report
```bash
cd artifactory-users-report/
export ARTIFACTORY_AUTH=admin-username:admin-token
bash ./user-report.sh
```

## Jira Users Report

Creates a report listing all user accounts in a Jira group containing plugin maintainers.
Currently, we use `jira-users` for that, but may in the future use a more limited group.

Consumed by https://github.com/jenkins-infra/repository-permissions-updater/blob/master/src/main/groovy/io/jenkins/infra/repository_permissions_updater/KnownUsers.groovy
Consumed by <https://github.com/jenkins-infra/repository-permissions-updater/blob/master/src/main/groovy/io/jenkins/infra/repository_permissions_updater/KnownUsers.groovy>

### Usage

This requires Jira admin user credentials.

docker build jira-users-report -t jira-users-report
docker run -e JIRA_AUTH=theUser:thePassword jira-users-report
```bash
cd jira-users-report/
export JIRA_AUTH=admin-username:admin-token
bash ./user-report
```
8 changes: 0 additions & 8 deletions artifactory-users-report/Dockerfile

This file was deleted.

44 changes: 44 additions & 0 deletions artifactory-users-report/Jenkinsfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,44 @@
@Library('pipeline-library@pull/348/head') _

def cronExpr = env.BRANCH_IS_PRIMARY ? '@hourly' : ''
def reportName = env.BRANCH_IS_PRIMARY ? 'artifactory-ldap-users-report.json' : "artifactory-ldap-users-report-${env.BRANCH_NAME}.json"

pipeline {
triggers {
cron(cronExpr)
}
options {
// This pipeline takes 1-2 minutes max to execute
timeout(time: 10, unit: 'MINUTES')
lock(resource: 'infra-reports-artifactory-users', inversePrecedence: true)
dduportal marked this conversation as resolved.
Show resolved Hide resolved
}
agent {
kubernetes {
yamlFile 'JenkinsAgentPodTemplate.yaml'
}
}
stages {
stage('Generate Artifactory Users Report') {
environment {
ARTIFACTORY_AUTH = credentials('artifactoryAdmin')
REPORT_NAME = "${reportName}"
}
steps {
dir('artifactory-users-report') {
sh 'bash ./user-report.sh > "${REPORT_NAME}"'
archiveArtifacts reportName
}
}
}
stage('Publish Artifactory Users Report') {
when {
expression { env.BRANCH_IS_PRIMARY }
}
steps {
dduportal marked this conversation as resolved.
Show resolved Hide resolved
dir('artifactory-users-report') {
publishReports ([reportName])
}
}
}
}
}
7 changes: 4 additions & 3 deletions artifactory-users-report/user-report.sh
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,9 @@
set -o nounset
set -o errexit

wget -O jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 || { echo "Failed to download jq" >&2 ; exit 1; }
chmod +x jq || { echo "Failed to make jq executable" >&2 ; exit 1; }
## Ensure that jq v1.5 (v1.6 and alpine v1.5 are not working as expected)
wget -q -O jq https://github.com/stedolan/jq/releases/download/jq-1.5/jq-linux64 || { echo "Failed to download jq" >&2 ; exit 1 ; }
chmod +x jq || { echo "Failed to make jq executable" >&2 ; exit 1 ; }

curl -X GET -H 'Content-Length: 0' -u $ARTIFACTORY_AUTH "https://repo.jenkins-ci.org/api/security/users" > artifactory-users-raw.json
curl -X GET -H 'Content-Length: 0' -u "${ARTIFACTORY_AUTH}" "https://repo.jenkins-ci.org/api/security/users" > artifactory-users-raw.json
./jq 'map(select(.realm | test("ldap"))) | [ .[].name ] | sort' artifactory-users-raw.json
7 changes: 0 additions & 7 deletions fork-report/Dockerfile

This file was deleted.

45 changes: 45 additions & 0 deletions fork-report/Jenkinsfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,45 @@
@Library('pipeline-library@pull/348/head') _

def cronExpr = env.BRANCH_IS_PRIMARY ? '@daily' : ''
def reportName = env.BRANCH_IS_PRIMARY ? 'github-jenkinsci-fork-report.json' : "github-jenkinsci-fork-report-${env.BRANCH_NAME}.json"

pipeline {
triggers {
cron(cronExpr)
}
options {
// This pipeline takes 1-2 minutes max to execute
timeout(time: 10, unit: 'MINUTES')
lock(resource: 'infra-reports-github-forks', inversePrecedence: true)
}
agent {
kubernetes {
yamlFile 'JenkinsAgentPodTemplate.yaml'
}
}
stages {
stage('Generate GitHub Forks Report') {
environment {
// Requires 'jenkins-infra-reports' to be of type GithubAppCredentials so $GITHUB_AUTH_PSW holds an IAT (Github Installation Access Token) valid for 1 hour
GITHUB_AUTH = credentials('jenkins-infra-reports')
REPORT_NAME = "${reportName}"
}
steps {
dir('fork-report') {
sh 'ruby ./fork-report.rb> "${REPORT_NAME}"'
archiveArtifacts reportName
}
}
}
stage('Publish GitHub Forks Report') {
when {
expression { env.BRANCH_IS_PRIMARY }
}
steps {
dduportal marked this conversation as resolved.
Show resolved Hide resolved
dir('fork-report') {
publishReports ([reportName])
}
}
}
}
}
2 changes: 1 addition & 1 deletion fork-report/fork-report.rb
Original file line number Diff line number Diff line change
Expand Up @@ -6,7 +6,7 @@
require 'pp'
require 'json'

$auth = "bearer #{ENV['GITHUB_API_TOKEN']}"
$auth = "bearer #{ENV['GITHUB_AUTH_PSW']}"

module GitHubGraphQL
HTTP = GraphQL::Client::HTTP.new('https://api.github.com/graphql') do
Expand Down
9 changes: 0 additions & 9 deletions jira-users-report/Dockerfile

This file was deleted.

Loading