feat: Upgrade all the things (#262)

* feat: Upgrade all the things Upgraded all the plugins using the plugin script in the repo. Upgraded Jenkins to the latest LTS. Made changes to the config handlers for the plugin updates. Made changes to the tests to ensure they run with latest actions versions. Moved over to the BATS provided GitHub Action for running BATS. feat: Upgrade to latest gosu version. Upgraded gosu to latest upstream. Upgraded envconsul to latest upstream. * plugins and platform * plugins and removed support for oic-realm --------- Co-authored-by: Rob Lazzurs <[email protected]>
odavid · Oct 13, 2024 · b939642 · b939642
1 parent 0515e9a
commit b939642
Show file tree

Hide file tree

Showing 16 changed files with 221 additions and 331 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -8,7 +8,7 @@ jobs:
         dist: [debian, alpine, jdk11]
     steps:
       - name: Setup BATS
-        uses: mig4/setup-bats@v1
+        uses: bats-core/bats[email protected]
 
       - uses: actions/checkout@v2
 

diff --git a/Dockerfile b/Dockerfile
@@ -1,8 +1,8 @@
-ARG FROM_TAG=2.426.3
+ARG FROM_TAG=2.462.3
 
 FROM jenkins/jenkins:${FROM_TAG}
 
-ARG GOSU_VERSION=1.12
+ARG GOSU_VERSION=1.17
 
 # Install plugins
 COPY plugins.txt /usr/share/jenkins/ref/
@@ -32,7 +32,7 @@ RUN  pip3 install --break-system-packages --no-cache-dir --upgrade pip \
   && pip install --break-system-packages --no-cache-dir wheel \
   && pip install --break-system-packages --no-cache-dir awscli PyYAML six requests botocore boto3
 
-RUN curl $CURL_OPTIONS https://releases.hashicorp.com/envconsul/0.10.0/envconsul_0.10.0_linux_amd64.tgz | tar -C /usr/bin -xvzf - && \
+RUN curl $CURL_OPTIONS https://releases.hashicorp.com/envconsul/0.13.2/envconsul_0.13.2_linux_amd64.zip -o /tmp/envconsul.zip && unzip /tmp/envconsul.zip -d /usr/bin/ && \
     chmod +x /usr/bin/envconsul
 
 RUN curl $CURL_OPTIONS -o /usr/bin/gosu https://github.com/tianon/gosu/releases/download/${GOSU_VERSION}/gosu-amd64 && \

diff --git a/LTS_VERSION.txt b/LTS_VERSION.txt
@@ -1 +1 @@
-2.426.3
+2.462.3
diff --git a/Makefile b/Makefile
@@ -10,13 +10,13 @@ build-all: build-alpine build-debian build-jdk11
 test-all: test-alpine test-debian test-jdk11
 
 build-alpine:
-	docker build --rm --force-rm -t odavid/my-bloody-jenkins $(DEFAULT_BUILD_ARGS) --build-arg=FROM_TAG=$(LTS_VERSION)-alpine .
+	docker build --platform linux/amd64 --rm --force-rm -t odavid/my-bloody-jenkins $(DEFAULT_BUILD_ARGS) --build-arg=FROM_TAG=$(LTS_VERSION)-alpine .
 
 build-debian:
-	docker build --rm --force-rm -t odavid/my-bloody-jenkins $(DEFAULT_BUILD_ARGS) --build-arg=FROM_TAG=$(LTS_VERSION) .
+	docker build --platform linux/amd64 --rm --force-rm -t odavid/my-bloody-jenkins $(DEFAULT_BUILD_ARGS) --build-arg=FROM_TAG=$(LTS_VERSION) .
 
 build-jdk11:
-	docker build --rm --force-rm -t odavid/my-bloody-jenkins $(DEFAULT_BUILD_ARGS) --build-arg=FROM_TAG=$(LTS_VERSION)-jdk11 .
+	docker build --platform linux/amd64 --rm --force-rm -t odavid/my-bloody-jenkins $(DEFAULT_BUILD_ARGS) --build-arg=FROM_TAG=$(LTS_VERSION)-jdk11 .
 
 test-alpine: build-alpine
 	bats tests

diff --git a/README.md b/README.md
@@ -350,39 +350,6 @@ security:
     domain: domain
 ```
 
-```yaml
-# oid - openid-connect configuration must be provided
-security:
-  realm: oic
-  realmConfig:
-    ### See https://plugins.jenkins.io/oic-auth/
-    clientId: String
-    clientSecret: String
-    # auto / manual
-    automanualconfigure: manual
-    # The Well Known Configuration source URL
-    wellKnownOpenIDConfigurationUrl: http://xxx.yyy
-    # Manual Configuration (not need if you have set the wellKnownOpenIDConfigurationUrl)
-    tokenServerUrl: http://xxx.yyy
-    authorizationServerUrl: http://xxx.yyy
-    userInfoServerUrl: http://xxx.yyy
-    logoutFromOpenidProvider: true
-    endSessionEndpoint: http://xxx.yyy
-    postLogoutRedirectUrl: http://jenkins
-    userNameField: preferred_username
-    fullNameFieldName: name
-    emailFieldName: email
-    scopes: openid profile email
-    groupsFieldName: groups
-    disableSslVerification: false
-    tokenFieldToCheckKey:
-    tokenFieldToCheckValue:
-    escapeHatchEnabled: true
-    escapeHatchUsername: admin
-    escapeHatchSecret: password
-    escapeHatchGroup:
-```
-
 ```yaml
 # github - github-oauth configuration must be provided
 security:

diff --git a/config-handlers/CloudsConfig.groovy b/config-handlers/CloudsConfig.groovy
@@ -6,6 +6,7 @@ import jenkins.model.Jenkins
 import com.nirima.jenkins.plugins.docker.*
 import com.nirima.jenkins.plugins.docker.launcher.*
 import com.nirima.jenkins.plugins.docker.strategy.*
+import io.jenkins.docker.connector.DockerComputerJNLPConnector
 
 import com.cloudbees.jenkins.plugins.amazonecs.*
 import static com.cloudbees.jenkins.plugins.amazonecs.ECSTaskTemplate.*
@@ -116,9 +117,7 @@ def dockerCloud(config){
 
                 def dockerTemplate = new DockerTemplate(
                     dockerTemplateBase,
-                    new io.jenkins.docker.connector.DockerComputerJNLPConnector(
-                        new JNLPLauncher(tunnel, temp.jvmArgs)
-                    ),
+                    new DockerComputerJNLPConnector(),
                     temp.labels?.join(' '),
                     temp.remoteFs?:'',
                     temp.instanceCap?.toString() ?: ""

diff --git a/config-handlers/CredsConfig.groovy b/config-handlers/CredsConfig.groovy
@@ -7,6 +7,7 @@ import com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl
 import org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl
 import jenkins.model.Jenkins
 import hudson.util.Secret
+import hudson.model.FileParameterValue
 import org.jenkinsci.plugins.structs.describable.DescribableModel
 
 def asInt(value, defaultValue=0){
@@ -133,7 +134,7 @@ def certCred(config){
             def secretBytes = com.cloudbees.plugins.credentials.SecretBytes.fromString(base64)
             keyStoreSource = new com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.UploadedKeyStoreSource(secretBytes)
         }else if(fileOnMaster){
-            keyStoreSource = new com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.FileOnMasterKeyStoreSource(fileOnMaster)
+            keyStoreSource = new com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl.UploadedKeyStoreSource(new FileParameterValue.FileItemImpl(fileOnMaster), null)
         }
         return new com.cloudbees.plugins.credentials.impl.CertificateCredentialsImpl(
             CredentialsScope.GLOBAL,

diff --git a/config-handlers/SecurityConfig.groovy b/config-handlers/SecurityConfig.groovy
@@ -171,12 +171,6 @@ def setupSecurityOptions(config){
     }
 }
 
-def setupOpenIDConnect(config){
-    def realmConfig = config.realmConfig
-    realmConfig.escapeHatchSecret = realmConfig.escapeHatchSecret ? hudson.util.Secret.fromString(realmConfig.escapeHatchSecret) : null
-    return realmConfig ? DescribableModel.of(org.jenkinsci.plugins.oic.OicSecurityRealm).instantiate(realmConfig) : null
-}
-
 def setupGithubOAuth2(config){
     def realmConfig = config.realmConfig
     return realmConfig ? DescribableModel.of(org.jenkinsci.plugins.GithubSecurityRealm).instantiate(realmConfig) : null
@@ -205,9 +199,6 @@ def setup(config){
         case 'google':
             realm = setupGoogleOAuth2(config)
             break
-        case 'oic':
-            realm = setupOpenIDConnect(config)
-            break
         case 'github':
             realm = setupGithubOAuth2(config)
             break