forked from GSA/data.gov
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathjenkins_config.yml.j2
106 lines (100 loc) · 3.23 KB
/
jenkins_config.yml.j2
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
---
# Configuration-as-code plugin https://plugins.jenkins.io/configuration-as-code/
# Use https://ci.sandbox.datagov.us/configuration-as-code/ to export the
# existing configuration for copy/pasting snippets. The plugin does not
# recommend copying the entire configuration as not all options are compatible
# with the configuration-as-code plugin.
#
# TODO resolve whitespace, can we set trim_blocks in Ansible?
# Currently this file is plain text, not YAML. Be careful with Jinja tags
# because whitespace is not trimmed by default.
jenkins:
systemMessage: "{{ jenkins_system_message }}"
globalNodeProperties:
- envVars:
env:
- key: "DATAGOV_WORKFLOW"
value: "{{ jenkins_workflow }}"
authorizationStrategy:
roleBased:
roles:
global:
- name: admin
pattern: .*
assignments: [admin, {{ jenkins_admins | join(', ') }}]
permissions: [{{ jenkins_admins_permissions | join(', ') }}]
- name: build-manager
pattern: .*
assignments:
- ci
permissions:
- Job/Build
- Job/Read
- Overall/Read
items: []
securityRealm:
saml:
advancedConfiguration:
forceAuthn: false
spEntityId: "{{ jenkins_saml_sp_entity_id }}"
binding: "urn:oasis:names:tc:SAML:2.0:bindings:HTTP-Redirect"
displayNameAttributeName: "http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name"
emailAttributeName: "email"
encryptionData:
forceSignRedirectBindingAuthnRequest: false
keystorePassword: "{{ jenkins_saml_keystore_password }}"
keystorePath: "/data/jenkins/saml-key.jks"
privateKeyAlias: "saml-key"
privateKeyPassword: "{{ jenkins_saml_private_key_password }}"
groupsAttributeName: "http://schemas.xmlsoap.org/claims/Group"
idpMetadataConfiguration:
period: 1440
url: "{{ jenkins_saml_idp_metadata_url }}"
logoutUrl: "{{ jenkins_saml_idp_logout_url }}"
maximumAuthenticationLifetime: 86400
usernameAttributeName: "email"
usernameCaseConversion: "lowercase"
unclassified:
gitHubPluginConfig:
configs:
- credentialsId: "github-datagov-bot"
manageHooks: false
name: "GitHub"
hookUrl: "https://{{ jenkins_url }}/github-webhook/"
location:
adminAddress: "{{ datagov_team_email }}"
url: "https://{{ jenkins_url }}/"
timestamper:
allPipelines: true
# https://plugins.jenkins.io/job-dsl/
# https://ci.sandbox.datagov.us/plugin/job-dsl/api-viewer/index.html
jobs:
{% for job in jenkins_jobs %}
- script: |
multibranchPipelineJob('{{ job.name }}-mb') {
branchSources {
branchSource {
source {
git {
remote('{{ job.git_url }}')
credentialsId('datagov-bot-gh')
traits {
gitBranchDiscovery()
wipeWorkspaceTrait()
}
}
}
}
}
orphanedItemStrategy {
discardOldItems {
daysToKeep(90)
}
}
triggers {
periodicFolderTrigger {
interval('5')
}
}
}
{% endfor %}