Merge pull request #4703 from edx/youngstrom/jenkins_container_compose

Bump Build Jenkins plugins for security updates

Merge pull request #4703 from edx/youngstrom/jenkins_container_compose
Bump Build Jenkins plugins for security updates
88286b59 · Michael Youngstrom · GitHub · 623b78f2 · 15ef2449 · 88286b59
Unverified Commit 88286b59 authored Jul 25, 2018 by Michael Youngstrom Committed by GitHub Jul 25, 2018
4 changed files
--- a/playbooks/roles/jenkins_build/defaults/main.yml
+++ b/playbooks/roles/jenkins_build/defaults/main.yml
@@ -36,6 +36,9 @@ build_jenkins_plugins_list:
  - name: 'antisamy-markup-formatter'
    version: '1.5'
    group: 'org.jenkins-ci.plugins'
+  - name: 'badge'
+    version: '1.5'
+    group: 'org.jenkins-ci.plugins'
  - name: 'bouncycastle-api'
    version: '2.16.1'
    group: 'org.jenkins-ci.plugins'
@@ -61,13 +64,13 @@ build_jenkins_plugins_list:
    version: '1.5'
    group: 'org.jenkins-ci.plugins'
  - name: 'cobertura'
-    version: '1.11'
+    version: '1.12.1'
    group: 'org.jenkins-ci.plugins'
  - name: 'copyartifact'
    version: '1.39'
    group: 'org.jenkins-ci.plugins'
  - name: 'credentials'
-    version: '2.1.16'
+    version: '2.1.18'
    group: 'org.jenkins-ci.plugins'
  - name: 'credentials-binding'
    version: '1.15'
@@ -100,16 +103,16 @@ build_jenkins_plugins_list:
    version: '1.42.0'
    group: 'org.jenkins-ci.plugins'
  - name: 'git'
-    version: '3.8.0'
+    version: '3.9.1'
    group: 'org.jenkins-ci.plugins'
  - name: 'github'
-    version: '1.28.1'
+    version: '1.29.2'
    group: 'com.coravy.hudson.plugins.github'
  - name: 'github-api'
    version: '1.90'
    group: 'org.jenkins-ci.plugins'
  - name: 'github-branch-source'
-    version: '2.3.3'
+    version: '2.3.6'
    group: 'org.jenkins-ci.plugins'
  - name: 'github-oauth'
    version: '0.29'
@@ -157,7 +160,7 @@ build_jenkins_plugins_list:
    version: '1.12'
    group: 'org.jenkins-ci.plugins'
  - name: 'maven-plugin'
-    version: '3.1'
+    version: '3.1.2'
    group: 'org.jenkins-ci.main'
  - name: 'monitoring'
    version: '1.71.0'
@@ -205,7 +208,7 @@ build_jenkins_plugins_list:
    version: '1.14'
    group: 'org.jenkins-ci.plugins'
  - name: 'ssh-credentials'
-    version: '1.13'
+    version: '1.14'
    group: 'org.jenkins-ci.plugins'
  - name: 'ssh-slaves'
    version: '1.26'

--- a/playbooks/roles/jenkins_common/defaults/main.yml
+++ b/playbooks/roles/jenkins_common/defaults/main.yml
@@ -123,8 +123,7 @@ JENKINS_SECRET_FILES_LIST: []
 JENKINS_USERNAME_PASSWORD_LIST: []
 JENKINS_SECRET_TEXT_LIST: []
 JENKINS_CERTIFICATES_LIST: []
-JENKINS_MASTER_SSH_LIST: []
-JENKINS_CUSTOM_SSH_LIST: []
+JENKINS_SSH_LIST: []

 # security
 jenkins_common_dsl_script_security_enabled: true
@@ -147,7 +146,6 @@ jenkins_common_github_configs:
    CACHE_SIZE: 20

 # github oauth settings
-
 jenkins_common_security_scopes: 'read:org,user:email'

 JENKINS_SECURITY_CLIENT_ID: ''

--- a/playbooks/roles/jenkins_common/tasks/main.yml
+++ b/playbooks/roles/jenkins_common/tasks/main.yml
@@ -316,20 +316,6 @@
    - install:jenkins-configuration
    - jenkins:local-dev

- name: Copy ssh key credentials
-  copy:
-    content: "{{ item.content }}"
-    dest: '{{ jenkins_common_config_path }}/credentials/{{ item.name }}'
-    owner: '{{ jenkins_common_user }}'
-    group: '{{ jenkins_common_group }}'
-  with_items: '{{ JENKINS_CUSTOM_SSH_LIST }}'
-  no_log: yes
-  tags:
-    - install
-    - install:base
-    - install:jenkins-configuration
-    - jenkins:local-dev
-
 - name: Copy ec2 key
  copy:
    content: '{{ JENKINS_EC2_PRIVATE_KEY }}'

--- a/playbooks/roles/jenkins_common/templates/config/credentials.yml.j2
+++ b/playbooks/roles/jenkins_common/templates/config/credentials.yml.j2
@@ -30,22 +30,13 @@
  description: '{{ cert.description }}'
  id: '{{ cert.id }}'
 {% endfor %}
-{% for master_ssh in JENKINS_MASTER_SSH_LIST %}
+{% for ssh in JENKINS_SSH_LIST %}
 - credentialType: 'ssh'
-  scope: '{{ master_ssh.scope }}'
-  username: '{{ master_ssh.username }}'
-  isJenkinsMasterSsh: true
-  passphrase: '{{ master_ssh.passphrase }}'
-  description: '{{ master_ssh.description }}'
-  id: '{{ master_ssh.id }}'
-{% endfor %}
-{% for custom_ssh in JENKINS_CUSTOM_SSH_LIST %}
- credentialType: 'ssh'
-  scope: '{{ custom_ssh.scope }}'
-  username: '{{ custom_ssh.username }}'
-  isJenkinsMasterSsh: false
-  path: 'credentials/{{ custom_ssh.name }}'
-  passphrase: '{{ custom_ssh.passphrase }}'
-  description: '{{ custom_ssh.description }}'
-  id: '{{ custom_ssh.id }}'
+  scope: '{{ ssh.scope }}'
+  username: '{{ ssh.username }}'
+  sshKey: |
+    {{ ssh.sshKey | indent(4) }}
+  passphrase: '{{ ssh.passphrase }}'
+  description: '{{ ssh.description }}'
+  id: '{{ ssh.id }}'
 {% endfor %}