...
java-demo
...
3306 database internal
...
mule
...
ws-mocks
...
dreamfactorysoftware
...
redis
...
6379 interal
...
sebp/elk
...
5601 external Kibana UI,
9200 external Elastic Search,
5044 internal Log stash
...
hee-filebeat
...
Table of Contents |
---|
Simple Maven Build Pipeline
To build a Mavenised project on Jenkins is quite simple;
- In Jenkins, click the 'New Item' link in the left hand navigation
- Enter the project name and at the bottom enter 'keycloak-client' in the Copy from text box.
- Update project description
- Change the Git Repository URL to match your repository.
- In the Post Steps > Trigger/call builds on other projects, check to make sure that the Predefined parameters match the Maven groupId, artifactId and version (you can use environment variables here if you want to).
- Save and run the build, this should create a docker container for your project.
- Create a second job to run your new docker image using docker-compose. Go to 'New Item' from step 1 and copy 'keycloak-dev-deploy'
- Update the description for the new job
- Change the Build Trigger to listen to your first new job.
- Change the STACK environment variable in the Execute Shell section to match the name of your stack.
- Save and run the job and your containers should start on the dev platform.
Slack Notifications
Configuration
- Go to 'Post-build Actions' and click 'Add post-build action'
- Select 'Slack Notifications' from the pop-up list
- Click on the 'Advanced' button to view all available options and settings.
- Check "Notify Failure" and "Notify Repeated Failure"
- Set the channel you want to notify, 'jenkins_azure' can be used for testing.
Open the channel in Slack then click 'Test Connection' in Jenkins. You should see a message in Slack along the lines of;
Code Block Slack/Jenkins plugin: you're all set on https://build.tis.nhs.uk/jenkins/
- Click 'Save' to persist the changes.
Notes
- Note that you don't need to supply additional credentials, they are configured in the Jenkins settings for the server.
- If you don't add the "Notify Repeated Failure" event then Jenkins will only alert on the first failure and will not send any notifications until the job has been fixed.
Modify Content Security Policy
Ref: https://content-security-policy.com/ and https://wiki.jenkins-ci.org/display/JENKINS/Configuring+Content+Security+Policy
Jenkins URL (Azure VM) : https://build.tis.nhs.uk/jenkins/script
Code Block |
---|
System.setProperty(hudson.model.DirectoryBrowserSupport.class.getName() + ".CSP", "script-src 'unsafe-inline' 'self';")
System.setProperty("jenkins.model.DirectoryBrowserSupport.CSP", "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline';")
|
To persist the security changes the following command can be executed from the command line :
Code Block |
---|
$ java -Dhudson.model.DirectoryBrowserSupport.CSP="sandbox allow-scripts; default-src 'self'; script-src * 'unsafe-eval'; img-src *; style-src * 'unsafe-inline'; font-src *" -jar jenkins.war |
NOTE : The web browser refresh does not always reload the page with the new relaxed rules due to caching. To ensure this doesn't happen it's advised to restart your browser.
If this needs to be reset to default (more secure) the run the following command :
Code Block |
---|
System.clearProperty("hudson.model.DirectoryBrowserSupport.CSP") |