From d1d0fcd2ca083301deb4e2495a4d996fb15dc87d Mon Sep 17 00:00:00 2001 From: Apostolof Date: Sat, 14 Mar 2020 22:03:38 +0200 Subject: [PATCH] Add groovy script for git credentials configuration --- jenkins/Dockerfile | 5 ++ jenkins/configuration/credentials.groovy | 52 +++++++++++++++++++ jenkins/plugins.txt | 4 ++ .../printJenkinsGitlabSSHPublicKey.sh | 4 ++ 4 files changed, 65 insertions(+) create mode 100644 jenkins/configuration/credentials.groovy create mode 100755 utility-scripts/printJenkinsGitlabSSHPublicKey.sh diff --git a/jenkins/Dockerfile b/jenkins/Dockerfile index 6a2e449..e89a75c 100644 --- a/jenkins/Dockerfile +++ b/jenkins/Dockerfile @@ -13,6 +13,11 @@ RUN chown -R jenkins:jenkins /var/cache/jenkins ARG VERSION=18.09 RUN curl -fsSL https://get.docker.com -o get-docker.sh | sh +# Generates an SSH key-pair to use with Gitlab +# TODO: replace placeholder email (note that this is not really necessary) +RUN mkdir -p "/home/jenkins/.ssh" +RUN ssh-keygen -t ed25519 -C "example@email.com" -N "" -f "/home/jenkins/.ssh/gitlab-ssh" + USER jenkins # Security configuration scripts diff --git a/jenkins/configuration/credentials.groovy b/jenkins/configuration/credentials.groovy new file mode 100644 index 0000000..25f7500 --- /dev/null +++ b/jenkins/configuration/credentials.groovy @@ -0,0 +1,52 @@ +// This script is based on the sources listed bellow: +// https://gist.github.com/hayderimran7/d6ab8a6a770cb970349e +// https://gist.github.com/ivan-pinatti/de063b610d1bdf2da229c7874968f4d9 +// https://support.cloudbees.com/hc/en-us/articles/217708168-create-credentials-from-groovy + +import jenkins.model.Jenkins +import com.cloudbees.jenkins.plugins.sshcredentials.impl.* +import com.cloudbees.plugins.credentials.* +import com.cloudbees.plugins.credentials.common.* +import com.cloudbees.plugins.credentials.domains.Domain +import com.cloudbees.plugins.credentials.impl.* +import hudson.util.Secret +import java.nio.file.Files +import net.sf.json.JSONObject +import org.jenkinsci.plugins.plaincredentials.impl.* + +String privateKeyFilePath = "/home/jenkins/.ssh/gitlab-ssh" +File privateKeyFile = new File(privateKeyFilePath) +String privateKeyString = privateKeyFile.text + +def gitlabSSHKeyParameters = [ + description: 'Gitlab SSH Key', + id: 'gitlab-ssh-key', + secret: '', + userName: 'jenkins', + key: new BasicSSHUserPrivateKey.DirectEntryPrivateKeySource(privateKeyString) +] + +// Gets Jenkins instance +Jenkins jenkins = Jenkins.getInstance() + +// Gets credentials domain +def globalDomain = Domain.global() + +// Gets credentials store +def credentialsStore = jenkins.getExtensionList('com.cloudbees.plugins.credentials.SystemCredentialsProvider')[0].getStore() + +// Defines private key +def privatKey = new BasicSSHUserPrivateKey( + CredentialsScope.GLOBAL, + gitlabSSHKeyParameters.id, + gitlabSSHKeyParameters.username, + gitlabSSHKeyParameters.key, + gitlabSSHKeyParameters.secret, + gitlabSSHKeyParameters.description +) + +// Adds credential to store +credentialsStore.addCredentials(globalDomain, privatKey) + +// Saves to disk +jenkins.save() \ No newline at end of file diff --git a/jenkins/plugins.txt b/jenkins/plugins.txt index 2d2002e..fbfb223 100644 --- a/jenkins/plugins.txt +++ b/jenkins/plugins.txt @@ -24,10 +24,12 @@ blueocean-rest blueocean-rest-impl blueocean-web bouncycastle-api +bouncycastle-api.bak branch-api cloudbees-bitbucket-branch-source cloudbees-folder command-launcher +command-launcher.bak credentials credentials-binding display-url-api @@ -41,10 +43,12 @@ git-server github github-api github-branch-source +gitlab-plugin handy-uri-templates-2-api htmlpublisher jackson2-api jdk-tool +jdk-tool.bak jenkins-design-language jira jquery-detached diff --git a/utility-scripts/printJenkinsGitlabSSHPublicKey.sh b/utility-scripts/printJenkinsGitlabSSHPublicKey.sh new file mode 100755 index 0000000..dfafff4 --- /dev/null +++ b/utility-scripts/printJenkinsGitlabSSHPublicKey.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" >/dev/null 2>&1 && pwd )" +docker exec -it jenkins cat "/home/jenkins/.ssh/gitlab-ssh.pub"