Compare commits
5 Commits
9e5032497d
...
3d726addfe
| Author | SHA1 | Date | |
|---|---|---|---|
|
3d726addfe | ||
|
|
9a564261f7 | ||
|
|
417dd0e23a | ||
| 2bb6c5ecb8 | |||
|
|
2c1b15e468 |
@@ -1,3 +0,0 @@
|
||||
--no-variable_scope-check
|
||||
--no-top_scope_facts
|
||||
--no-140chars-check
|
||||
129
Jenkinsfile
vendored
129
Jenkinsfile
vendored
@@ -1,129 +0,0 @@
|
||||
pipeline {
|
||||
agent {
|
||||
label 'puppet'
|
||||
}
|
||||
|
||||
post {
|
||||
always {
|
||||
deleteDir() /* clean up our workspace */
|
||||
}
|
||||
success {
|
||||
updateGitlabCommitStatus state: 'success'
|
||||
}
|
||||
failure {
|
||||
updateGitlabCommitStatus state: 'failed'
|
||||
step([$class: 'Mailer', notifyEveryUnstableBuild: true, recipients: 'support@confdroid.com', sendToIndividuals: true])
|
||||
}
|
||||
}
|
||||
|
||||
options {
|
||||
gitLabConnection('gitlab.confdroid.com')
|
||||
}
|
||||
|
||||
stages {
|
||||
|
||||
stage('pull master') {
|
||||
steps {
|
||||
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
|
||||
sh '''
|
||||
git config user.name "Jenkins Server"
|
||||
git config user.email jenkins@confdroid.com
|
||||
# Ensure we're on the development branch (triggered by push)
|
||||
git checkout development
|
||||
# Create jenkins branch from development
|
||||
git checkout -b jenkins-build-$BUILD_NUMBER
|
||||
# Optionally merge master into jenkins to ensure compatibility
|
||||
git merge origin/master --no-ff || { echo "Merge conflict detected"; exit 1; }
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('puppet parser') {
|
||||
steps {
|
||||
sh '''for file in $(find . -iname \'*.pp\'); do
|
||||
/opt/puppetlabs/bin/puppet parser validate --color false --render-as s --modulepath=modules $file || exit 1;
|
||||
done;'''
|
||||
}
|
||||
}
|
||||
|
||||
stage('check templates') {
|
||||
steps{
|
||||
sh '''for file in $(find . -iname \'*.erb\');
|
||||
do erb -P -x -T "-" $file | ruby -c || exit 1;
|
||||
done;'''
|
||||
}
|
||||
}
|
||||
|
||||
stage('puppet-lint') {
|
||||
steps {
|
||||
sh '''/usr/local/bin/puppet-lint . \\
|
||||
--no-variable_scope-check \\
|
||||
|| { echo "Puppet lint failed"; exit 1; }
|
||||
'''
|
||||
}
|
||||
}
|
||||
|
||||
stage('SonarScan') {
|
||||
steps {
|
||||
withCredentials([string(credentialsId: 'sonar-token', variable: 'SONAR_TOKEN')]) {
|
||||
sh '''
|
||||
/opt/sonar-scanner/bin/sonar-scanner \
|
||||
-Dsonar.projectKey=confdroid_ssh \
|
||||
-Dsonar.sources=. \
|
||||
-Dsonar.host.url=https://sonarqube.confdroid.com \
|
||||
-Dsonar.token=$SONAR_TOKEN
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('create Puppet documentation') {
|
||||
steps {
|
||||
sh '/opt/puppetlabs/bin/puppet strings'
|
||||
}
|
||||
}
|
||||
|
||||
stage('update repo') {
|
||||
steps {
|
||||
sshagent(['edd05eb6-26b5-4c7b-a5cc-ea2ab899f4fa']) {
|
||||
sh '''
|
||||
git config user.name "Jenkins Server"
|
||||
git config user.email jenkins@confdroid.com
|
||||
git add -A && git commit -am "Recommit for updates in build $BUILD_NUMBER" || echo "No changes to commit"
|
||||
git push -o merge_request.create \
|
||||
-o merge_request.target=master \
|
||||
-o merge_request.title="Auto-merge for build $BUILD_NUMBER" \
|
||||
-o merge_request.description="Automated changes from Jenkins build $BUILD_NUMBER" \
|
||||
-o merge_request.merge_when_pipeline_succeeds=true \
|
||||
origin jenkins-build-$BUILD_NUMBER
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
stage('Mirror to Gitea') {
|
||||
steps {
|
||||
withCredentials([usernamePassword(
|
||||
credentialsId: 'Jenkins-gitea',
|
||||
usernameVariable: 'GITEA_USER',
|
||||
passwordVariable: 'GITEA_TOKEN')]) {
|
||||
script {
|
||||
// Checkout from GitLab (already done implicitly)
|
||||
sh '''
|
||||
git checkout master
|
||||
git pull origin master
|
||||
git branch -D development
|
||||
git branch -D jenkins-build-$BUILD_NUMBER
|
||||
git rm -f Jenkinsfile
|
||||
git rm -r --cached .vscode || echo "No .vscode to remove from git"
|
||||
git commit --amend --no-edit --allow-empty
|
||||
git remote add master https://sourcecode.confdroid.com/confdroid/confdroid_ssh.git
|
||||
git -c credential.helper="!f() { echo username=${GITEA_USER}; echo password=${GITEA_TOKEN}; }; f" \
|
||||
push master --mirror
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -1150,6 +1150,24 @@
|
||||
—
|
||||
<div class='inline'>
|
||||
<p>setting for sshd_config. Default is ‘none’, which means that no version addendum will be included in the SSH banner, but can be set to a custom string if you want to include additional information in the SSH version banner. This can be used for branding purposes, but should be used with caution as it can potentially leak information about the server that could be useful to attackers.</p>
|
||||
</div>
|
||||
|
||||
</li>
|
||||
|
||||
<li>
|
||||
|
||||
<span class='name'>ssh_banner</span>
|
||||
|
||||
|
||||
<span class='type'>(<tt>String</tt>)</span>
|
||||
|
||||
|
||||
<em class="default">(defaults to: <tt>'none'</tt>)</em>
|
||||
|
||||
|
||||
—
|
||||
<div class='inline'>
|
||||
<p>setting for sshd_config. Default is ‘none’, which means that no banner will be displayed to users when they connect, but can be set to a valid file path if you want to display a custom banner message to users when they connect. This can be used to display legal notices, security warnings, or other information to users when they connect to the SSH server.</p>
|
||||
</div>
|
||||
|
||||
</li>
|
||||
@@ -1165,12 +1183,6 @@
|
||||
<pre class="lines">
|
||||
|
||||
|
||||
188
|
||||
189
|
||||
190
|
||||
191
|
||||
192
|
||||
193
|
||||
194
|
||||
195
|
||||
196
|
||||
@@ -1250,10 +1262,17 @@
|
||||
270
|
||||
271
|
||||
272
|
||||
273</pre>
|
||||
273
|
||||
274
|
||||
275
|
||||
276
|
||||
277
|
||||
278
|
||||
279
|
||||
280</pre>
|
||||
</td>
|
||||
<td>
|
||||
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 188</span>
|
||||
<pre class="code"><span class="info file"># File 'manifests/params.pp', line 194</span>
|
||||
|
||||
class confdroid_ssh::params (
|
||||
|
||||
@@ -1319,6 +1338,7 @@ class confdroid_ssh::params (
|
||||
String $ssh_permit_tunnel = 'no',
|
||||
String $ssh_chroot_directory = 'none',
|
||||
String $ssh_version_addendum = 'none',
|
||||
String $ssh_banner = 'none',
|
||||
|
||||
) {
|
||||
# default facts
|
||||
|
||||
@@ -184,6 +184,12 @@
|
||||
# additional information in the SSH version banner. This can be used for
|
||||
# branding purposes, but should be used with caution as it can potentially
|
||||
# leak information about the server that could be useful to attackers.
|
||||
# @param [String] ssh_banner setting for sshd_config.
|
||||
# Default is 'none', which means that no banner will be displayed to users
|
||||
# when they connect, but can be set to a valid file path if you want to
|
||||
# display a custom banner message to users when they connect. This can be used
|
||||
# to display legal notices, security warnings, or other information to users when
|
||||
# they connect to the SSH server.
|
||||
##############################################################################
|
||||
class confdroid_ssh::params (
|
||||
|
||||
@@ -249,6 +255,7 @@ class confdroid_ssh::params (
|
||||
String $ssh_permit_tunnel = 'no',
|
||||
String $ssh_chroot_directory = 'none',
|
||||
String $ssh_version_addendum = 'none',
|
||||
String $ssh_banner = 'none',
|
||||
|
||||
) {
|
||||
# default facts
|
||||
|
||||
@@ -67,4 +67,6 @@ PidFile <%= @ssh_pid_file %>
|
||||
MaxStartups <%= @ssh_max_startups %>
|
||||
PermitTunnel <%= @ssh_permit_tunnel %>
|
||||
ChrootDirectory <%= @ssh_chroot_directory %>
|
||||
VersionAddendum <%= @ssh_version_addendum %>
|
||||
VersionAddendum <%= @ssh_version_addendum %>
|
||||
|
||||
Banner <%= @ssh_banner %>
|
||||
Reference in New Issue
Block a user