diff options
Diffstat (limited to 'nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix')
-rw-r--r-- | nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix | 45 |
1 files changed, 28 insertions, 17 deletions
diff --git a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix index 3ca1542c18f2..8dc06bf26416 100644 --- a/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix +++ b/nixpkgs/nixos/modules/services/continuous-integration/jenkins/job-builder.nix @@ -12,7 +12,7 @@ in { enable = mkOption { type = types.bool; default = false; - description = '' + description = lib.mdDoc '' Whether or not to enable the Jenkins Job Builder (JJB) service. It allows defining jobs for Jenkins in a declarative manner. @@ -24,15 +24,15 @@ in { deleted. Please see the Jenkins Job Builder documentation for more info: - <link xlink:href="http://docs.openstack.org/infra/jenkins-job-builder/"> - http://docs.openstack.org/infra/jenkins-job-builder/</link> + [ + http://docs.openstack.org/infra/jenkins-job-builder/](http://docs.openstack.org/infra/jenkins-job-builder/) ''; }; accessUser = mkOption { default = ""; type = types.str; - description = '' + description = lib.mdDoc '' User id in Jenkins used to reload config. ''; }; @@ -40,10 +40,10 @@ in { accessToken = mkOption { default = ""; type = types.str; - description = '' + description = lib.mdDoc '' User token in Jenkins used to reload config. WARNING: This token will be world readable in the Nix store. To keep - it secret, use the <option>accessTokenFile</option> option instead. + it secret, use the {option}`accessTokenFile` option instead. ''; }; @@ -51,8 +51,8 @@ in { default = ""; type = types.str; example = "/run/keys/jenkins-job-builder-access-token"; - description = '' - File containing the API token for the <option>accessUser</option> + description = lib.mdDoc '' + File containing the API token for the {option}`accessUser` user. ''; }; @@ -66,7 +66,7 @@ in { builders: - shell: echo 'Hello world!' ''; - description = '' + description = lib.mdDoc '' Job descriptions for Jenkins Job Builder in YAML format. ''; }; @@ -86,7 +86,7 @@ in { ''' ] ''; - description = '' + description = lib.mdDoc '' Job descriptions for Jenkins Job Builder in JSON format. ''; }; @@ -104,7 +104,7 @@ in { } ] ''; - description = '' + description = lib.mdDoc '' Job descriptions for Jenkins Job Builder in Nix format. This is a trivial wrapper around jsonJobs, using builtins.toJSON @@ -156,12 +156,22 @@ in { reloadScript = '' echo "Asking Jenkins to reload config" curl_opts="--silent --fail --show-error" - access_token=${if cfg.accessTokenFile != "" - then "$(cat '${cfg.accessTokenFile}')" - else cfg.accessToken} - jenkins_url="http://${cfg.accessUser}:$access_token@${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}" - crumb=$(curl $curl_opts "$jenkins_url"'/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,":",//crumb)') - curl $curl_opts -X POST -H "$crumb" "$jenkins_url"/reload + access_token_file=${if cfg.accessTokenFile != "" + then cfg.accessTokenFile + else "$RUNTIME_DIRECTORY/jenkins_access_token.txt"} + if [ "${cfg.accessToken}" != "" ]; then + (umask 0077; printf "${cfg.accessToken}" >"$access_token_file") + fi + jenkins_url="http://${jenkinsCfg.listenAddress}:${toString jenkinsCfg.port}${jenkinsCfg.prefix}" + auth_file="$RUNTIME_DIRECTORY/jenkins_auth_file.txt" + trap 'rm -f "$auth_file"' EXIT + (umask 0077; printf "${cfg.accessUser}:@password_placeholder@" >"$auth_file") + "${pkgs.replace-secret}/bin/replace-secret" "@password_placeholder@" "$access_token_file" "$auth_file" + + if ! "${pkgs.jenkins}/bin/jenkins-cli" -s "$jenkins_url" -auth "@$auth_file" reload-configuration; then + echo "error: failed to reload configuration" + exit 1 + fi ''; in '' @@ -233,6 +243,7 @@ in { done '' + (if cfg.accessUser != "" then reloadScript else ""); serviceConfig = { + Type = "oneshot"; User = jenkinsCfg.user; RuntimeDirectory = "jenkins-job-builder"; }; |