| commit | 5ac4171b9450d26261fc2eb9c4f52a89d0a1f795 | [log] [tgz] |
|---|---|---|
| author | Marcin Czech <maczech@gmail.com> | Thu Feb 22 15:45:22 2024 +0100 |
| committer | Marcin Czech <maczech@gmail.com> | Wed Mar 20 11:34:25 2024 +0100 |
| tree | 00eecdfb924a7beb23bcd68f85d8eff53803c5c1 | |
| parent | 078d63f426878a06115698a7ba3860008cc5e150 [diff] |
Split Jenkins jobs to internally and externally accessible Jenkins jobs are deployed to a single Jenkins controller, posing potential security risks due to varying job requirements, such as additional access or credentials like AWS user and password or Firebase token. To mitigate these risks, split jobs into two groups: * external - verifiers and branch build jobs * internal - job requiring extra credentials or access This segregation enable the deployment of a separate Jenkins controller, facilitating the deployment of only internal jobs and removing extra credentials from the internet facing Jenkins controller. Bug: Issue 324929060 Change-Id: Iba46340c89f2653982e653668f8d5fde095ad8fe
This project uses Jenkins Jobs Builder [1] to generate jobs from yaml descriptor files.
To add new jobs reuse existing templates, defaults etc. as much as possible. E.g. adding a job to build an additional branch of a project may be as easy as adding the name of the branch to an existing project.
To ensure well readable yaml-files, use yamllint [2] to lint the yaml-files. Yamllint can be downloaded using Python Pip:
pip3 install --require-hashes yamllint
To run the linter, execute this command from the project's root directory:
yamllint -c yamllint-config.yaml jenkins/**/*.yaml
Yamllint will not fix detected issues itself.
[1] https://docs.openstack.org/infra/jenkins-job-builder/index.html [2] https://pypi.org/project/yamllint/