Re: GitHub Branch Source: Configuring branch include/exclude from Jenkinsfile

2017-07-20 Thread leandro . lucarella 
BTW, I've seen in Jenkins docs, in the "Steps Reference" that comes with 
Jenkins, that there is a class GitHubSCMSource, I guess there is no way to 
use that as a step to change the configuration from the Jenkinsfile, right? 
It seems to have all the include/exclude conigurations there but I never 
understood how to use these "classes" in a Jenkinsfile.

Thanks!

On Tuesday, 11 July 2017 16:46:16 UTC+2, Stephen Connolly wrote:
>
> Currently I recommend either using multiple org folders or just using 
> multibranch projects directly.
>
> There is some embryonic discussion about how to pull configuration as code 
> up from just the "branch" level to the "repository" and even the "group of 
> repositories" levels... but nothing I would hold my breath waiting on
>
> On 11 July 2017 at 03:25, Leandro Lucarella <leandro@sociomantic.com 
> > wrote:
>
>> Hi, I'm using the GitHub Branch Source plugin to setup an organization
>> folder. The organization is big and have different kind of projects
>> with different needs.
>>
>> Because of this, I need to override global organization configuration
>> (like include/exclude branches) in a per-project basis, so I was
>> wondering if there is any way to control this via the Jenkinsfile.
>>
>> If you know any other methods to deal with this, I'm more than
>> interested to hear about them.
>>
>> Thanks!
>>
>> --
>> Leandro Lucarella
>> Technical Development Lead
>> Sociomantic Labs GmbH <http://www.sociomantic.com>
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-use...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-users/20170711122529.35356669%40labs-064.localdomain
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/3638df72-e07b-4b33-9d8c-01091b7ccc3c%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: GitHub Branch Source: Configuring branch include/exclude from Jenkinsfile

2017-07-20 Thread leandro . lucarella 
Mmm, not the answer I was hoping for, but fair enough.

Thanks!

On Tuesday, 11 July 2017 16:46:16 UTC+2, Stephen Connolly wrote:
>
> Currently I recommend either using multiple org folders or just using 
> multibranch projects directly.
>
> There is some embryonic discussion about how to pull configuration as code 
> up from just the "branch" level to the "repository" and even the "group of 
> repositories" levels... but nothing I would hold my breath waiting on
>
> On 11 July 2017 at 03:25, Leandro Lucarella <leandro@sociomantic.com 
> > wrote:
>
>> Hi, I'm using the GitHub Branch Source plugin to setup an organization
>> folder. The organization is big and have different kind of projects
>> with different needs.
>>
>> Because of this, I need to override global organization configuration
>> (like include/exclude branches) in a per-project basis, so I was
>> wondering if there is any way to control this via the Jenkinsfile.
>>
>> If you know any other methods to deal with this, I'm more than
>> interested to hear about them.
>>
>> Thanks!
>>
>> --
>> Leandro Lucarella
>> Technical Development Lead
>> Sociomantic Labs GmbH <http://www.sociomantic.com>
>>
>> --
>> You received this message because you are subscribed to the Google Groups 
>> "Jenkins Users" group.
>> To unsubscribe from this group and stop receiving emails from it, send an 
>> email to jenkinsci-use...@googlegroups.com .
>> To view this discussion on the web visit 
>> https://groups.google.com/d/msgid/jenkinsci-users/20170711122529.35356669%40labs-064.localdomain
>> .
>> For more options, visit https://groups.google.com/d/optout.
>>
>
>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/51187518-0b1b-45a2-bd32-e960e3f16b07%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

GitHub Branch Source: Configuring branch include/exclude from Jenkinsfile

2017-07-11 Thread Leandro Lucarella 
Hi, I'm using the GitHub Branch Source plugin to setup an organization
folder. The organization is big and have different kind of projects
with different needs.

Because of this, I need to override global organization configuration
(like include/exclude branches) in a per-project basis, so I was
wondering if there is any way to control this via the Jenkinsfile.

If you know any other methods to deal with this, I'm more than
interested to hear about them.

Thanks!

-- 
Leandro Lucarella
Technical Development Lead
Sociomantic Labs GmbH <http://www.sociomantic.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20170711122529.35356669%40labs-064.localdomain.
For more options, visit https://groups.google.com/d/optout.


pgpgd5AXxB1vz.pgp
Description: OpenPGP digital signature

Re: [blueocean] multi-platform builds with multi-stage completely parallel tracks

2017-07-04 Thread leandro . lucarella 


On Tuesday, 4 July 2017 10:50:09 UTC+2, leandro@sociomantic.com wrote:
>
>
> On Tuesday, 4 July 2017 06:43:58 UTC+2, mpapo - Michael Pailloncy wrote:
>>
>> As far as I know, *stage* blocks inside parallel tasks are deprecated => 
>> see 
>> https://github.com/jenkinsci/pipeline-examples/blob/master/docs/BEST_PRACTICES.md#parallelism
>>
>> Have you tried something like :  
>>
>
>> stage ("Setup") {
>>
>
> [snip]
>

BTW, this jenkins plugin testing library should probably be updated if 
stages inside parallel should not be used, my example was based on this:

 
https://github.com/jenkins-infra/pipeline-library/blob/master/vars/buildPlugin.groovy

This is a problem I find very often, pipelines seem to change too fast and 
I always find contradicting examples, and is very hard to find a true 
source of up-to-date documents. I hope this improves soon :)

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/3d81b65d-bf7a-43e2-acf6-2694ed985a7e%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [blueocean] multi-platform builds with multi-stage completely parallel tracks

2017-07-04 Thread leandro . lucarella 
On Tuesday, 4 July 2017 08:57:23 UTC+2, James Dumay wrote:
>
> Michael's solution is probably the closest to that for the time being. We 
> are looking at adding a "matrix" style pipeline capability to Declarative 
> and Blue Ocean in the future. Watch and vote for JENKINS-40986 
>  
>
>
OK, thanks, I will watch that issue. I guess there is no way to know an ETA 
for it, right? I don't see any in the issue. 

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/358b94bc-3c5c-462c-9733-c786205c1f16%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: [blueocean] multi-platform builds with multi-stage completely parallel tracks

2017-07-04 Thread leandro . lucarella 

On Tuesday, 4 July 2017 06:43:58 UTC+2, mpapo - Michael Pailloncy wrote:
>
> As far as I know, *stage* blocks inside parallel tasks are deprecated => 
> see 
> https://github.com/jenkinsci/pipeline-examples/blob/master/docs/BEST_PRACTICES.md#parallelism
>
> Have you tried something like :  
>

> stage ("Setup") {
>

[snip]

Yes, sort of, it's my second example but without the `stage` inside the 
`parallel` call. I guess I still get the (undesired) synchronization points 
with that scheme.
 

>
> parallel (
> 'xenial': {
> node("xenial") {
>sh 'echo xenial setup'
> }
> },
> 'trusty': {
> node("trusty") {
>sh 'echo trusty setup'
> }
> }
> )
> }
> stage ("Build") {
> parallel (
> 'xenial': {
> node("xenial") {
>sh 'echo xenial build'
> }
> },
> 'trusty': {
> node("trusty") {
>sh 'echo trusty build'
> }
> }
> )
> }
>
> IIUC, this pipeline should do what you want. 
>
> If not, have you tried to create your pipeline with BlueOcean Pipeline 
> Editor Plugin ? 
>
>
> 2017-07-03 12:50 GMT+02:00 Leandro Lucarella <leandro@sociomantic.com 
> >:
>
>> Hi, I'm trying to build a pipeline that in principle it sounds like it
>> should be very simple. I basically have a project that I want to build
>> and test for Ubuntu trusty and xenial. So basically I want to run them
>> in separate nodes (which will use Docker).
>>
>> I want to visualize this in blueocean like this:
>>
>>   CheckoutBuild TestDeploy
>>
>>  O--OOO
>>   trusty trusty   trusty   trusty
>>
>>  O--OOO
>>   xenial xenial   xenial   xenial
>>
>> But I can't nail it. TL;DR, is there any way to achieve this? If yes,
>> how? If not, is it planned? If yes, any ETAs?
>>
>> Things that I tried:
>>
>> I can run 2 "jobs" in different nodes completely in parallel, but then
>> stages inside the nodes are not visualized:
>>
>> parallel(
>> 'xenial': {
>> node {
>> stage("Setup") {
>> sh 'echo xenial setup'
>> }
>> stage("Build") {
>> sh 'echo xenial build'
>> }
>> }
>> },
>> 'trusty': {
>> node {
>> stage("Setup") {
>> sh 'echo trusty setup'
>> }
>> stage("Build") {
>> sh 'echo trusty build'
>>  }
>> }
>> }
>> )
>>
>> This shows:
>>
>> Parallel
>>
>> O
>>   xenial
>>
>> O
>>   trusty
>>
>> If I add top-level stages outside of the node{}, then I get a closer
>> visualization, but then both track don't run completely in parallel:
>>
>> stage ("Setup") {
>> parallel (
>> 'xenial': {
>> node {
>> stage("Run") {
>> sh 'echo xenial setup'
>> }
>> }
>> },
>> 'trusty': {
>> node {
>> stage("Run") {
>> sh 'echo trusty setup'
>> }
>> }
>> }
>> )
>> }
>> stage ("Build") {
>> parallel (
>> 'xenial': {
>> node {
>> stage("Run") {
>> sh 'echo xenial build'
>> }
>> }
>> },
>> 'trusty': {
>> node {
>>         stage("Setup") {
>> sh 'echo trusty build'
>> }
>> }
>> }
>> )
>> }
>>
>> And on top of not being really parallel, the synchronization points are
>> shown in the visualization (which makes sense if there are
>> synchronization points:
>>
>>   Checkout Build   Test  Deploy
>>  O-.--.--O-.-.--O-.-.--O
>>   trusty   | |trusty   | |   trusty   | |   trusty
>>| | |

[blueocean] multi-platform builds with multi-stage completely parallel tracks

2017-07-03 Thread Leandro Lucarella 
Hi, I'm trying to build a pipeline that in principle it sounds like it
should be very simple. I basically have a project that I want to build
and test for Ubuntu trusty and xenial. So basically I want to run them
in separate nodes (which will use Docker).

I want to visualize this in blueocean like this:

  CheckoutBuild TestDeploy

 O--OOO
  trusty trusty   trusty   trusty

 O--OOO
  xenial xenial   xenial   xenial

But I can't nail it. TL;DR, is there any way to achieve this? If yes,
how? If not, is it planned? If yes, any ETAs?

Things that I tried:

I can run 2 "jobs" in different nodes completely in parallel, but then
stages inside the nodes are not visualized:

parallel(
'xenial': {
node {
stage("Setup") {
sh 'echo xenial setup'
}
stage("Build") {
sh 'echo xenial build'
}
}
},
'trusty': {
node {
stage("Setup") {
sh 'echo trusty setup'
}
stage("Build") {
sh 'echo trusty build'
 }
}
}
)

This shows:

Parallel

O
  xenial

O
  trusty

If I add top-level stages outside of the node{}, then I get a closer
visualization, but then both track don't run completely in parallel:

stage ("Setup") {
parallel (
'xenial': {
node {
stage("Run") {
sh 'echo xenial setup'
}
}
},
'trusty': {
node {
stage("Run") {
sh 'echo trusty setup'
}
}
}
)
}
stage ("Build") {
parallel (
'xenial': {
node {
stage("Run") {
sh 'echo xenial build'
}
}
},
'trusty': {
node {
stage("Setup") {
sh 'echo trusty build'
}
}
}
)
}

And on top of not being really parallel, the synchronization points are
shown in the visualization (which makes sense if there are
synchronization points:

  Checkout Build   Test  Deploy
 O-.--.--O-.-.--O-.-.--O
  trusty   | |trusty   | |   trusty   | |   trusty
   | | | || |
 O´   `-O-´   `-O-´ `--O
  xenial xenial  xenial xenial


So, questions again for the people that read this far :)
Is there any way to achieve this? If yes, how? If not, is it planned?
If yes, any ETAs?


Thanks a lot!

-- 
Leandro Lucarella
Technical Development Lead
Sociomantic Labs GmbH <http://www.sociomantic.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20170703125023.20deb51c%40labs-064.localdomain.
For more options, visit https://groups.google.com/d/optout.


pgpsHoORchbed.pgp
Description: OpenPGP digital signature

Re: [SECURITY] How to protect pipeline jobs using GitHub branch/PR auto-discovery from doing harm

2016-09-12 Thread Leandro Lucarella 
On Sat, 10 Sep 2016 09:57:33 -0700 (PDT)
jpd4nt <jdrawn...@nationaltheatre.org.uk> wrote:
> Use slaves, not the master to run jobs.
> 
> If you want chroot workspaces you could use docker slaves, run a
> container per job etc.

Mmmm, OK, but we need to create docker images to run the jobs based on
what is in the repository we are fetching. Is it possible to run a
docker container inside a docker slave (which I assume is a container
itself)?

-- 
Leandro Lucarella
Technical Development Lead
Sociomantic Labs GmbH <http://www.sociomantic.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20160912113743.09dd0925%40labs-064.localdomain.
For more options, visit https://groups.google.com/d/optout.

[SECURITY] How to protect pipeline jobs using GitHub branch/PR auto-discovery from doing harm

2016-09-09 Thread leandro . lucarella 
This is particularly important for FLOSS projects wanting to use jenkins 
and test GitHub PR with it.

This was triggered by some problem with one PR, that for some reason ends 
up with a workspace without a git repo in it, combined with the fact that 
we use git itself to version Jenkins configuration.
So, when this happened, the pipeline script included a command to make sure 
the repo is clean, using `git reset --hard`. Since there was no `.git` in 
the workspace, the Jenkins config git was affected, thus losing data.

So it looks like the workspace is not isolated via `chroot` or other means. 
What happens if a malicious user just use `rm -rf $JENKINS_HOME` as the 
pipeline build script in a PR?

How would you recommend to protect against these kind of issues? Is there 
any way to force all pipeline jobs to run inside a docker *before* running 
any commands found in the Jenkinsfile?

Thank you!

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/84775341-aa18-494b-9af7-0809cbd1f63b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Matrix jobs mixed with pipelines

2016-08-19 Thread Leandro Lucarella 
Hi, I'm moving to Jenkins 2.0 pipelines using Jenkinsfiles and I'm
trying to find the best way to translate matrix jobs to it. Is there a
way to define a matrix job or should I emulate it somehow using parallel
stages or something like that?

I tried to write something using parallel, but I get an error message
when defining "stage" inside it, it complains with:

  The ‘stage’ step must not be used inside a ‘parallel’ block.

Also, I'm finding very hard to find good documentation that explains in
more depth how Jenkinsfiles work, or references to the available
functions, like what kind of stuff can be used inside other stuff (like
the problem I had that 'stage' can't be used inside 'parallel'). Most
of the stuff I find are usually short tutorials demonstrating fairly
trivial features. Are there any good resources you can point me to?

Thank you!

PS: Please CC me, I'm not subscribed to the list.

-- 
Leandro Lucarella
Technical Development Lead
Sociomantic Labs GmbH <http://www.sociomantic.com>

-- 
You received this message because you are subscribed to the Google Groups 
"Jenkins Users" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to jenkinsci-users+unsubscr...@googlegroups.com.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/jenkinsci-users/20160818191448.67a1e31c%40labs-064.localdomain.
For more options, visit https://groups.google.com/d/optout.