Merge pull request #54 from RobertNorthard/master

Upgrade Jenkins to 2.107.3 LTS, plugins and remove scriptler

.gitattributes

@@ -1 +1 @@
-* -text
+* -text

Dockerfile

@@ -1,35 +1,35 @@
-FROM jenkins:2.7.4
-
-MAINTAINER Nick Griffin, <nicholas.griffin>
-
-ENV GERRIT_HOST_NAME gerrit
-ENV GERRIT_PORT 8080
-ENV GERRIT_SSH_PORT 29418
-ENV GERRIT_PROFILE="ADOP Gerrit" GERRIT_JENKINS_USERNAME="" GERRIT_JENKINS_PASSWORD=""
-
-# Copy in configuration files
-COPY resources/plugins.txt /usr/share/jenkins/ref/
-COPY resources/init.groovy.d/ /usr/share/jenkins/ref/init.groovy.d/
-COPY resources/scripts/ /usr/share/jenkins/ref/adop_scripts/
-COPY resources/jobs/ /usr/share/jenkins/ref/jobs/
-COPY resources/scriptler/ /usr/share/jenkins/ref/scriptler/scripts/
-COPY resources/views/ /usr/share/jenkins/ref/init.groovy.d/
-COPY resources/m2/ /usr/share/jenkins/ref/.m2
-COPY resources/entrypoint.sh /entrypoint.sh
-COPY resources/scriptApproval.xml /usr/share/jenkins/ref/
-
-# Reprotect
-USER root
-RUN chmod +x -R /usr/share/jenkins/ref/adop_scripts/ && chmod +x /entrypoint.sh
-# USER jenkins
-
-# Environment variables
-ENV ADOP_LDAP_ENABLED=true LDAP_IS_MODIFIABLE=true ADOP_ACL_ENABLED=true ADOP_SONAR_ENABLED=true ADOP_ANT_ENABLED=true ADOP_MAVEN_ENABLED=true ADOP_NODEJS_ENABLED=true ADOP_GERRIT_ENABLED=true
-ENV LDAP_GROUP_NAME_ADMIN=""
-ENV JENKINS_OPTS="--prefix=/jenkins -Djenkins.install.runSetupWizard=false"
-ENV PLUGGABLE_SCM_PROVIDER_PROPERTIES_PATH="/var/jenkins_home/userContent/datastore/pluggable/scm"
-ENV PLUGGABLE_SCM_PROVIDER_PATH="/var/jenkins_home/userContent/job_dsl_additional_classpath/"
-
-RUN /usr/local/bin/plugins.sh /usr/share/jenkins/ref/plugins.txt
-
-ENTRYPOINT ["/entrypoint.sh"]
+FROM jenkins/jenkins:2.107.3
+
+MAINTAINER Nick Griffin, <nicholas.griffin>
+
+ENV GERRIT_HOST_NAME gerrit
+ENV GERRIT_PORT 8080
+ENV GERRIT_SSH_PORT 29418
+ENV GERRIT_PROFILE="ADOP Gerrit" GERRIT_JENKINS_USERNAME="" GERRIT_JENKINS_PASSWORD=""
+
+# Copy in configuration files
+COPY resources/plugins.txt /usr/share/jenkins/ref/
+COPY resources/init.groovy.d/ /usr/share/jenkins/ref/init.groovy.d/
+COPY resources/scripts/ /usr/share/jenkins/ref/adop_scripts/
+COPY resources/jobs/ /usr/share/jenkins/ref/jobs/
+COPY resources/views/ /usr/share/jenkins/ref/init.groovy.d/
+COPY resources/m2/ /usr/share/jenkins/ref/.m2
+COPY resources/entrypoint.sh /entrypoint.sh
+COPY resources/scriptApproval.xml /usr/share/jenkins/ref/
+
+# Reprotect
+USER root
+RUN chmod +x -R /usr/share/jenkins/ref/adop_scripts/ && chmod +x /entrypoint.sh
+# USER jenkins
+
+# Environment variables
+ENV ADOP_LDAP_ENABLED=true LDAP_IS_MODIFIABLE=true ADOP_ACL_ENABLED=true ADOP_SONAR_ENABLED=true ADOP_ANT_ENABLED=true ADOP_MAVEN_ENABLED=true ADOP_NODEJS_ENABLED=true ADOP_GERRIT_ENABLED=true
+ENV LDAP_GROUP_NAME_ADMIN=""
+ENV JENKINS_OPTS="--prefix=/jenkins -Djenkins.install.runSetupWizard=false"
+ENV PLUGGABLE_SCM_PROVIDER_PROPERTIES_PATH="/var/jenkins_home/userContent/datastore/pluggable/scm"
+ENV PLUGGABLE_SCM_PROVIDER_PATH="/var/jenkins_home/userContent/job_dsl_additional_classpath/"
+
+RUN xargs /usr/local/bin/install-plugins.sh < /usr/share/jenkins/ref/plugins.txt
+RUN echo "KexAlgorithms diffie-hellman-group1-sha1" >> /etc/ssh/ssh_config
+
+ENTRYPOINT ["/entrypoint.sh"]

resources/entrypoint.sh

@@ -14,9 +14,6 @@ mkdir -p $PLUGGABLE_SCM_PROVIDER_PROPERTIES_PATH $PLUGGABLE_SCM_PROVIDER_PATH
 mkdir -p ${PLUGGABLE_SCM_PROVIDER_PROPERTIES_PATH}/CartridgeLoader ${PLUGGABLE_SCM_PROVIDER_PROPERTIES_PATH}/ScmProviders
 nohup /usr/share/jenkins/ref/adop\_scripts/generate_gerrit_scm.sh -i ${gerrit_provider_id} -p ${gerrit_protocol} -h ${host} &
 
-echo "Tokenising scriptler scripts..."
-sed -i "s,###SCM_PROVIDER_PROPERTIES_PATH###,$PLUGGABLE_SCM_PROVIDER_PROPERTIES_PATH,g" /usr/share/jenkins/ref/scriptler/scripts/retrieve_scm_props.groovy
-
 echo "skip upgrade wizard step after installation"
 echo "2.7.4" > /var/jenkins_home/jenkins.install.UpgradeWizard.state
 

resources/init.groovy.d/adop_csrf.groovy

@@ -0,0 +1,11 @@
+import hudson.security.csrf.DefaultCrumbIssuer
+import jenkins.model.Jenkins
+
+Thread.sleep {
+
+    sleep 3000
+
+    def instance = Jenkins.instance
+    instance.setCrumbIssuer(new DefaultCrumbIssuer(false))
+    instance.save()
+}

resources/init.groovy.d/adop_general.groovy

@@ -174,12 +174,11 @@ Thread.start {
     if(!ssh_credentials_file_exist) {
 
         def ssh_key_domain = com.cloudbees.plugins.credentials.domains.Domain.global()
-        def ssh_key_file = new FileCredentialsImpl(ssh_key_scope, ssh_key_file_id, ssh_key_file_description, fileItem, null, null)
+        def ssh_key_file = new FileCredentialsImpl(ssh_key_scope, ssh_key_file_id, ssh_key_file_description, fileItem, "", "")
 
         system_credentials_provider.addCredentials(ssh_key_domain,ssh_key_file)
     }
 
-
     // Jenkins cartridge sources
     if ( cartridgeSources != null ) {
         envVars.put("CARTRIDGE_SOURCES", cartridgeSources)

resources/init.groovy.d/adop_jnlp_agent_protocols.groovy

@@ -0,0 +1,39 @@
+/*
+   Copyright (c) 2015-2018 Sam Gleske - https://github.com/samrocketman/jenkins-bootstrap-shared
+   Licensed under the Apache License, Version 2.0 (the "License");
+   you may not use this file except in compliance with the License.
+   You may obtain a copy of the License at
+       http://www.apache.org/licenses/LICENSE-2.0
+   Unless required by applicable law or agreed to in writing, software
+   distributed under the License is distributed on an "AS IS" BASIS,
+   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+   See the License for the specific language governing permissions and
+   limitations under the License.
+*/
+
+/*
+   Disable all JNLP protocols except for JNLP4.  JNLP4 is the most secure agent
+   protocol because it is using standard TLS.
+   
+   source: https://github.com/samrocketman/jenkins-bootstrap-shared/blob/master/scripts/configure-jnlp-agent-protocols.groovy
+ */
+import jenkins.model.Jenkins
+
+Thread.start {
+    sleep 3000
+
+    println "--> Configuring JNLP Agent Protocols"
+
+    Jenkins jenkins = Jenkins.instance
+
+    if(!jenkins.isQuietingDown()) {
+        Set<String> agentProtocolsList = ['JNLP4-connect', 'JNLP2-connect', 'Ping']
+        if(!jenkins.getAgentProtocols().equals(agentProtocolsList)) {
+            jenkins.setAgentProtocols(agentProtocolsList)
+            jenkins.save()
+        }
+    }
+    else {
+        println 'Shutdown mode enabled.  Configure Agent Protocols SKIPPED.'
+    }
+}

resources/init.groovy.d/adop_slave_master_access_control.groovy

@@ -0,0 +1,12 @@
+import jenkins.model.*
+import jenkins.security.s2m.AdminWhitelistRule
+
+Thread.start {
+    sleep 3000
+
+    println "--> Enabling slave master access control"
+
+    Jenkins.instance.injector.getInstance(AdminWhitelistRule.class).setMasterKillSwitch(false);
+
+    Jenkins.instance.save()
+}

resources/init.groovy.d/cli-shutdown.groovy

@@ -35,3 +35,6 @@ def removal = { lst ->
 def j = Jenkins.instance;
 removal(j.getExtensionList(RootAction.class))
 removal(j.actions)
+
+println "--> Disable Jenkins CLI Remoting interface"
+Jenkins.instance.getDescriptor("jenkins.CLI").get().setEnabled(false)