Watch the video: https://www.youtube.com/watch?v=qaUPESDcsGg
This interactive talk allows new users and seasoned experts alike to hone their skills in mastering the Jenkins Script Console. It is the most powerful interface Jenkins offers.
I will discuss steps users and admins can take in order to go about understanding how to interact with the Jenkins Script Console. The talk will involve:
- The role the Script Console plays with the Jenkins configuration.
- Recommendations on operationalizing a Jenkins installation for production use.
- How the Script Console can be used to configure Jenkins settings live, on an instance.
- Solid steps to take in order to get better at using the Script Console.
- Share additional resources which allow one to grow at using the Script Console further.
Please note the source code for this presentation:
- https://github.com/samrocketman/demo-jenkins-world-2017 (all of the security and configuration demos for the script console)
- https://github.com/samrocketman/jenkins-bootstrap-jervis (the demo where it is shown what can be done with the full set of tools learned during the presentation)
3. What to expect?
• Introduction to Jenkins Community Infrastructure
• What is the Script Console?
• Quick tips on Groovy
• DEMO: Security implications
• Operationalize Jenkins
• DEMO: The Script Console and Jenkins Configuration
• Links to help you grow
4. Keep in mind
Be curious and not shy away from source diving.
In the Script Console:
• List methods on a class instance.
– thing.metaClass.methods*.name.sort().unique()
• Determine a class from an instance.
– thing.class or thing.getClass()
5. Also keep in mind
• How do I configure reliably?
• How do I guarantee bootstrapping Jenkins works the
same way if done a year from now?
• How can I start effectively writing my own scripts?
6. Jenkins Community Infrastructure
• Artifactory Maven repo for WAR and plugins:
https://repo.jenkins-ci.org/
• Jenkins Update Center lists Maven GAV coordinates
http://updates.jenkins-ci.org/update-center.json
• Source on GitHub:
https://github.com/jenkinsci/jenkins - Jenkins core
https://github.com/jenkinsci/ - most plugins and infra configs
• Example bootstrap:
https://github.com/samrocketman/demo-jenkins-world-2017
https://github.com/jenkinsci/docker
8. TL;DR Groovy… if you know Java
• Parenthesis on methods optional; Same goes for
semicolons at the end of lines.
• Setters and getters are automatically generated if
they don't already exist.
• Private methods are accessible. Private final
variables can be modified via reflection API.
• instance.getMyMethod() == instance.myMethod
• The last executed statement is the return value.
10. Operationalize Jenkins
• Enable CSRF protection.
• Use TLS and secure Jenkins with AuthN/AuthZ.
• Disable Jenkins CLI and any other services which are
not used.
• Do not allow anybody create job permissions.
• Bootstrap Jenkins by pinning the war and plugins to
specific versions. Refer to Jenkins Community
Infrastructure slide.
11. DEMO: The Script Console
and how it relates to Jenkins configuration.
12. Links to help you grow
• Learning Groovy - http://groovy-lang.org/learn.html
• Jenkins Community Scripts
https://github.com/jenkinsci/jenkins-scripts
• Script Console in Jenkins Wiki
https://wiki.jenkins.io/display/JENKINS/Jenkins+Script+Console
• Examples in GitHub OAuth Plugin Wiki
https://wiki.jenkins.io/display/JENKINS/GitHub+OAuth+Plugin
• Configuration via Script Console is growing
https://issues.jenkins-ci.org/browse/JENKINS-31094
https://github.com/sandscape
https://github.com/samrocketman