Skip to content

C
configuration
Unverified Commit 88286b59 by Michael Youngstrom Committed by GitHub
Options

Merge pull request #4703 from edx/youngstrom/jenkins_container_compose 

Bump Build Jenkins plugins for security updates
parents 623b78f2 15ef2449
Showing with 19 additions and 41 deletions
playbooks/roles/jenkins_build/defaults/main.yml
...@@ -36,6 +36,9 @@ build_jenkins_plugins_list: ...@@ -36,6 +36,9 @@ build_jenkins_plugins_list:
- name: 'antisamy-markup-formatter' - name: 'antisamy-markup-formatter'
version: '1.5' version: '1.5'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'badge'
version: '1.5'
group: 'org.jenkins-ci.plugins'
- name: 'bouncycastle-api' - name: 'bouncycastle-api'
version: '2.16.1' version: '2.16.1'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
...@@ -61,13 +64,13 @@ build_jenkins_plugins_list: ...@@ -61,13 +64,13 @@ build_jenkins_plugins_list:
version: '1.5' version: '1.5'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'cobertura' - name: 'cobertura'
version: '1.11' version: '1.12.1'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'copyartifact' - name: 'copyartifact'
version: '1.39' version: '1.39'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'credentials' - name: 'credentials'
version: '2.1.16' version: '2.1.18'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'credentials-binding' - name: 'credentials-binding'
version: '1.15' version: '1.15'
...@@ -100,16 +103,16 @@ build_jenkins_plugins_list: ...@@ -100,16 +103,16 @@ build_jenkins_plugins_list:
version: '1.42.0' version: '1.42.0'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'git' - name: 'git'
version: '3.8.0' version: '3.9.1'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'github' - name: 'github'
version: '1.28.1' version: '1.29.2'
group: 'com.coravy.hudson.plugins.github' group: 'com.coravy.hudson.plugins.github'
- name: 'github-api' - name: 'github-api'
version: '1.90' version: '1.90'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'github-branch-source' - name: 'github-branch-source'
version: '2.3.3' version: '2.3.6'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'github-oauth' - name: 'github-oauth'
version: '0.29' version: '0.29'
...@@ -157,7 +160,7 @@ build_jenkins_plugins_list: ...@@ -157,7 +160,7 @@ build_jenkins_plugins_list:
version: '1.12' version: '1.12'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'maven-plugin' - name: 'maven-plugin'
version: '3.1' version: '3.1.2'
group: 'org.jenkins-ci.main' group: 'org.jenkins-ci.main'
- name: 'monitoring' - name: 'monitoring'
version: '1.71.0' version: '1.71.0'
...@@ -205,7 +208,7 @@ build_jenkins_plugins_list: ...@@ -205,7 +208,7 @@ build_jenkins_plugins_list:
version: '1.14' version: '1.14'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'ssh-credentials' - name: 'ssh-credentials'
version: '1.13' version: '1.14'
group: 'org.jenkins-ci.plugins' group: 'org.jenkins-ci.plugins'
- name: 'ssh-slaves' - name: 'ssh-slaves'
version: '1.26' version: '1.26'
......
playbooks/roles/jenkins_common/defaults/main.yml
...@@ -123,8 +123,7 @@ JENKINS_SECRET_FILES_LIST: [] ...@@ -123,8 +123,7 @@ JENKINS_SECRET_FILES_LIST: []
JENKINS_USERNAME_PASSWORD_LIST: [] JENKINS_USERNAME_PASSWORD_LIST: []
JENKINS_SECRET_TEXT_LIST: [] JENKINS_SECRET_TEXT_LIST: []
JENKINS_CERTIFICATES_LIST: [] JENKINS_CERTIFICATES_LIST: []
JENKINS_MASTER_SSH_LIST: [] JENKINS_SSH_LIST: []
JENKINS_CUSTOM_SSH_LIST: []
# security # security
jenkins_common_dsl_script_security_enabled: true jenkins_common_dsl_script_security_enabled: true
...@@ -147,7 +146,6 @@ jenkins_common_github_configs: ...@@ -147,7 +146,6 @@ jenkins_common_github_configs:
CACHE_SIZE: 20 CACHE_SIZE: 20
# github oauth settings # github oauth settings
jenkins_common_security_scopes: 'read:org,user:email' jenkins_common_security_scopes: 'read:org,user:email'
JENKINS_SECURITY_CLIENT_ID: '' JENKINS_SECURITY_CLIENT_ID: ''
......
playbooks/roles/jenkins_common/tasks/main.yml
...@@ -316,20 +316,6 @@ ...@@ -316,20 +316,6 @@
- install:jenkins-configuration - install:jenkins-configuration
- jenkins:local-dev - jenkins:local-dev
- name: Copy ssh key credentials
copy:
content: "{{ item.content }}"
dest: '{{ jenkins_common_config_path }}/credentials/{{ item.name }}'
owner: '{{ jenkins_common_user }}'
group: '{{ jenkins_common_group }}'
with_items: '{{ JENKINS_CUSTOM_SSH_LIST }}'
no_log: yes
tags:
- install
- install:base
- install:jenkins-configuration
- jenkins:local-dev
- name: Copy ec2 key - name: Copy ec2 key
copy: copy:
content: '{{ JENKINS_EC2_PRIVATE_KEY }}' content: '{{ JENKINS_EC2_PRIVATE_KEY }}'
......
playbooks/roles/jenkins_common/templates/config/credentials.yml.j2
...@@ -30,22 +30,13 @@ ...@@ -30,22 +30,13 @@
description: '{{ cert.description }}' description: '{{ cert.description }}'
id: '{{ cert.id }}' id: '{{ cert.id }}'
{% endfor %} {% endfor %}
{% for master_ssh in JENKINS_MASTER_SSH_LIST %} {% for ssh in JENKINS_SSH_LIST %}
- credentialType: 'ssh' - credentialType: 'ssh'
scope: '{{ master_ssh.scope }}' scope: '{{ ssh.scope }}'
username: '{{ master_ssh.username }}' username: '{{ ssh.username }}'
isJenkinsMasterSsh: true sshKey: |
passphrase: '{{ master_ssh.passphrase }}' {{ ssh.sshKey | indent(4) }}
description: '{{ master_ssh.description }}' passphrase: '{{ ssh.passphrase }}'
id: '{{ master_ssh.id }}' description: '{{ ssh.description }}'
{% endfor %} id: '{{ ssh.id }}'
{% for custom_ssh in JENKINS_CUSTOM_SSH_LIST %}
- credentialType: 'ssh'
scope: '{{ custom_ssh.scope }}'
username: '{{ custom_ssh.username }}'
isJenkinsMasterSsh: false
path: 'credentials/{{ custom_ssh.name }}'
passphrase: '{{ custom_ssh.passphrase }}'
description: '{{ custom_ssh.description }}'
id: '{{ custom_ssh.id }}'
{% endfor %} {% endfor %}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment