Klaus

authsch

 Mon, 09 Nov 2020 14:48:00 +0100 
Oh Jenkins :sigh

#^Jenkins Security Advisory 2020-11-04
This advisory announces vulnerabilities in the following Jenkins deliverables:
* Active Directory Plugin
...

o_O
Login allowed with hardcoded password by Active Directory Plugin
Login allowed with empty password by Active Directory Plugin
Authentication cache in Active Directory Plugin allows logging in with any password
Missing permission check in Active Directory Plugin allows accessing domain health check page
CSRF vulnerability in Active Directory Plugin
Klaus

Jenkinsfile in GitLab CI

 Tue, 07 Jan 2020 17:57:48 +0100 
Tempting...

#^Running Jenkins Files inside GitLab CI
Learn how to lift and shift your Jenkins jobs over to GitLab CI while you migrate.

First, I want to set some ground rules for this. For starters, this process is not meant for long term use. There are many downsides to this - Such as it only runs in one GitLab Stage and isn’t asyncronous. However this process can be used to run your Jenkins builds in GitLab CI, While you’re migrating your Jenkinsfile to GitLab CI Syntax. Make no mistake - This doesn’t solve your migration woes, But it does allow you to run your Jenkinsfile inside GitLab for the time being. It’s a stop-gap measure.
Klaus

CI/CD tools

 Fri, 11 Jan 2019 17:45:01 +0100 
#^7 CI/CD tools for sysadmins | Opensource.com
Image/photo
An easy guide to the top open source continuous integration, continuous delivery, and continuous deployment tools.
Klaus

2.150.1

 Wed, 05 Dec 2018 12:42:19 +0100 
o_O

#^Jenkins Security Advisory 2018-12-05
Code execution through crafted URLs
Jenkins uses the Stapler web framework for HTTP request handling. Stapler’s basic premise is that it uses reflective access to code elements matching its naming conventions. For example, any public method whose name starts with get, and that has a String, int, long, or no argument can be invoked this way on objects that are reachable through these means. As these naming conventions closely match common code patterns in Java, accessing crafted URLs could invoke methods never intended to be invoked this way.
Klaus

pipeline-examples

 Tue, 26 Sep 2017 17:27:08 +0200 
Nice collection of #Jenkins pipeline examples.

#^jenkinsci/pipeline-examples
Image/photo
pipeline-examples - A collection of examples, tips and tricks and snippets of scripting for the Jenkins Pipeline plugin
Klaus

Jenkins Shared Libraries

 Fri, 04 Aug 2017 18:53:36 +0200 
Should have used shared libraries much earlier.

#^Jenkins Shared Libraries Workshop
by Julien Pivotto on SlideShare
Klaus

CI/CD

 Sun, 29 Jan 2017 02:12:59 +0100 
Since October last year I try to understand Travis CI and have over 70 builds already, but I still don't get it. I don't know if it is Travis CI (random failures, no DB socket available, etc.), PHPUnit, HHVM (extremely slow running unit tests). Just tired.

Last week I had to work with Jenkins' Pipelines for a work project. It also took me 2 full days and 60 replays to learn and understand, but it is really amazing! I have a complete workflow with building, testing, feedback to Gerrit, publishing of reports, ordinary artifacts archiving, deployment to QA, eMail notifications and manual approval to deploy to production. There are also some bugs, no question, especially I am missing Gerrit trigger for multi-branch Pipelines, so I can test pull requests already, but it makes so much more fun to work with.
Klaus

Tear down docker test containers based on image name

 Thu, 01 Sep 2016 16:49:47 +0200 
Given your #CI generates #Docker images from your Git commits and tags them with something like web01-qa:$BUILD_NUMBER. Right now I can not set a name for the container that gets spun up after every commit, so I needed a solution to tear down the old containers after successful start of a new container based on the image they were created from. This is what I came up with:

docker ps --format "{{.ID}}\t{{.Image}}" | awk -F ':' '/web01-qa/{print $NF, $0}' | sort -r -n | tail -n+2 | awk '/web01-qa/{system("docker stop " $2)}'
Get all running containers, sort them by $BUILD_NUMBER for the image name containing web01-qa, stop all matching containers except the one from the newest image.

Or use docker rm -f if not interested in the old containers anymore.