From 276e63b48819a9d17bc61267a0b5d476b8e6be7a Mon Sep 17 00:00:00 2001 From: James Date: Tue, 12 Sep 2023 10:16:37 -0400 Subject: [PATCH] [ALS-4893] Pin versions of both jenkins and plugins (#78) * Add current versions of plugins * Pin jenkins version * Update plugins.txt * Switch plugins file to yml * Update plugins.yml * Update plugins.yml * Update versions * Update Dockerfile * Update plugins.yml * Update config.xml move from " and & to the character literals * Update config.xml Revert && for && * Update analytics_id field to analyticsId * Update analytics id field * Add more GA sites to the CSP --------- Co-authored-by: Gcolon021 <34667267+Gcolon021@users.noreply.github.com> --- .../config/httpd/httpd-vhosts.conf | 2 +- .../config/httpd/picsureui_settings.json | 2 +- .../jenkins/jenkins-docker/Dockerfile | 6 +- .../Configure Google Analytics/config.xml | 12 +-- .../jenkins/jenkins-docker/plugins.txt | 24 ------ .../jenkins/jenkins-docker/plugins.yml | 73 +++++++++++++++++++ 6 files changed, 84 insertions(+), 35 deletions(-) delete mode 100644 initial-configuration/jenkins/jenkins-docker/plugins.txt create mode 100644 initial-configuration/jenkins/jenkins-docker/plugins.yml diff --git a/initial-configuration/config/httpd/httpd-vhosts.conf b/initial-configuration/config/httpd/httpd-vhosts.conf index f579e358..9145565d 100644 --- a/initial-configuration/config/httpd/httpd-vhosts.conf +++ b/initial-configuration/config/httpd/httpd-vhosts.conf @@ -62,7 +62,7 @@ ServerTokens Prod # unsafe-inline - Allows inline JavaScript, CSS, and event handlers # style-src - Allows inline styles but only from the same origin # img-src - Allows images from the same origin and data: URIs - Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; img-src 'self' data:;" + Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;" # A fall back for legacy browsers that don't yet support CSP frame-ancestors. Header always set X-Frame-Options "DENY" diff --git a/initial-configuration/config/httpd/picsureui_settings.json b/initial-configuration/config/httpd/picsureui_settings.json index 39a7caaf..47e87b13 100644 --- a/initial-configuration/config/httpd/picsureui_settings.json +++ b/initial-configuration/config/httpd/picsureui_settings.json @@ -21,5 +21,5 @@ "customizeAuth0Login": true, "auth0domain":"__AUTH0_DOMAIN__", "client_id":"__PIC_SURE_CLIENT_ID__", - "analytics_id": "__ANALYTICS_ID__" + "analyticsId": "__ANALYTICS_ID__" } diff --git a/initial-configuration/jenkins/jenkins-docker/Dockerfile b/initial-configuration/jenkins/jenkins-docker/Dockerfile index ce257734..128c8d1e 100644 --- a/initial-configuration/jenkins/jenkins-docker/Dockerfile +++ b/initial-configuration/jenkins/jenkins-docker/Dockerfile @@ -1,6 +1,6 @@ -FROM jenkins/jenkins:latest +FROM jenkins/jenkins:2.421-jdk11 -COPY plugins.txt /usr/share/jenkins/ref/plugins.txt +COPY plugins.yml /usr/share/jenkins/ref/plugins.yml COPY config.xml /var/jenkins_home/config.xml @@ -26,4 +26,4 @@ RUN apt-get install jq -y RUN apt-get -y install uuid-runtime -RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.txt +RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.yml diff --git a/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml b/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml index 1ecf5d0e..d9be0508 100644 --- a/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml +++ b/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml @@ -29,20 +29,20 @@ # If the $ANALYTICS_ID variable is blank, set it to __ANALYTICS_ID__ : ${ANALYTICS_ID:="__ANALYTICS_ID__"} - # Check for the presence of the analytics_id key and fetch its value - value=$(jq -r 'select(.analytics_id != null) | .analytics_id' /usr/local/docker-config/httpd/picsureui_settings.json) + # Check for the presence of the analyticsId key and fetch its value + value=$(jq -r 'select(.analyticsId != null) | .analyticsId' /usr/local/docker-config/httpd/picsureui_settings.json) # Check if the key is missing if [[ -z $value ]]; then - # Add the analytics_id key with value of $ANALYTICS_ID - jq --arg ANALYTICS_ID "$ANALYTICS_ID" '. + {"analytics_id": $ANALYTICS_ID}' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json && mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json + # Add the analyticsId key with value of $ANALYTICS_ID + jq --arg ANALYTICS_ID "$ANALYTICS_ID" '. + {"analyticsId": $ANALYTICS_ID}' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json && mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json else # Replace the old value with the value of $ANALYTICS_ID - jq --arg ANALYTICS_ID "$ANALYTICS_ID" '.analytics_id = $ANALYTICS_ID' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json && mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json + jq --arg ANALYTICS_ID "$ANALYTICS_ID" '.analyticsId = $ANALYTICS_ID' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json && mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json fi - \ No newline at end of file + diff --git a/initial-configuration/jenkins/jenkins-docker/plugins.txt b/initial-configuration/jenkins/jenkins-docker/plugins.txt deleted file mode 100644 index 24544e66..00000000 --- a/initial-configuration/jenkins/jenkins-docker/plugins.txt +++ /dev/null @@ -1,24 +0,0 @@ -groovy -timestamper -credentials-binding -email-ext -build-timeout -workflow-aggregator -pipeline-stage-view -ant -github-branch-source -ssh-slaves -pipeline-github-lib -matrix-auth -mailer -antisamy-markup-formatter -gradle -pam-auth -git -ws-cleanup -subversion -ldap -cloudbees-folder -list-git-branches-parameter -copyartifact -docker-workflow diff --git a/initial-configuration/jenkins/jenkins-docker/plugins.yml b/initial-configuration/jenkins/jenkins-docker/plugins.yml new file mode 100644 index 00000000..77852f97 --- /dev/null +++ b/initial-configuration/jenkins/jenkins-docker/plugins.yml @@ -0,0 +1,73 @@ +plugins: + - artifactId: groovy + source: + version: 453.vcdb_a_c5c99890 + - artifactId: timestamper + source: + version: 1.26 + - artifactId: credentials-binding + source: + version: 626.v8d9034b_8ea_cc + - artifactId: email-ext + source: + version: 2.99 + - artifactId: build-timeout + source: + version: 1.31 + - artifactId: workflow-aggregator + source: + version: 596.v8c21c963d92d + - artifactId: pipeline-stage-view + source: + version: 2.33 + - artifactId: ant + source: + version: 487.vd79d090d4ea_e + - artifactId: github-branch-source + source: + version: 1728.v859147241f49 + - artifactId: ssh-slaves + source: + version: 2.877.v365f5eb_a_b_eec + - artifactId: pipeline-github-lib + source: + version: 42.v0739460cda_c4 + - artifactId: matrix-auth + source: + version: 3.2 + - artifactId: mailer + source: + version: 457.v3f72cb_e015e5 + - artifactId: antisamy-markup-formatter + source: + version: 159.v25b_c67cd35fb_ + - artifactId: gradle + source: + version: 2.8.2 + - artifactId: pam-auth + source: + version: 1.10 + - artifactId: git + source: + version: 5.2.0 + - artifactId: ws-cleanup + source: + version: 0.45 + - artifactId: subversion + source: + version: 2.17.3 + - artifactId: ldap + source: + version: 694.vc02a_69c9787f + - artifactId: cloudbees-folder + source: + version: 6.848.ve3b_fd7839a_81 + - artifactId: list-git-branches-parameter + source: + version: 0.0.13 + - artifactId: copyartifact + source: + version: 714.v28a_34f8c563f + - artifactId: docker-workflow + source: + version: 572.v950f58993843