This is the second part of the Jenkins Crash Course. See part one here: https://www.taos.com/resources/blog/jenkins-crash-course-part-1/
Agents should be fungible (i.e. replaceable). This means that local configuration on the agent should be kept to a minimum and global configuration on the master should be preferred.
Extensions to Jenkins that extend its functionality.
Allows you to add, remove, disable, or enable plugins. Also provides information about a plugin such as version conflicts and issues that may arise from an update or installation.
A REST API for programmatically interacting with the Jenkins Server.
Provides the ability to configure security based on different sections or contexts. Can be Global based or project-based.
Security Inheritance Options
- Inherit from Parent: for projects that are in a folder or the child of another object. Inherits the security of the parent object.
- Inherit Globally-defined Permissions: For projects that are in a folder or are the child of another object, but only want global permissions, not parent permissions
- Do Not inherit permission grants from other ACLs: Prevents job from inheriting any permissions from global or parent items. Only explicitly defined permissions are allowed.
The process of verifying that the access permissions are working as intended.
Jenkins is inherently an explicit allow model. This means that anything that is not explicitly allowed, is denied.
Jenkins Permissions are additive. Allows are stacked Global, Parent, then job. If something is allowed at a level above and inheritance is allowed, then it is allowed in all the levels below.
Any value that provides access to a restricted resource, AKA a secret. This can be a username and password combination, a Personal Access Token, or anything you want to keep secret.
A location that has been configured for Jenkins to retrieve credentials from.
Used to determine which build produced the artifact. A fingerprint is a globally unique hash used to track artifacts or other entities. Stored in the fingerprints directory in the Jenkins home directory. In the fingerprints directory, files are stored in a hierarchy based on the first characters of the checksum. Must be enabled on the project configuration screen.
A policy for how long artifacts and other items are retained. These are configured to prevent bloating of the repos.
Jenkins has no explicit denial, only explicit allows. By default Jenkins denies all-access, and one can only access something are given an allow-on.
- Step: A build step in the pipeline.
- Node: A step that does 2 things:
- Schedules the steps
- Creates the workspace
- Stage: A step that calls supported APIs. It is a logical grouping of items in a pipeline.
Steps can be run in parallel with the parallel directive. This allows Jenkins to run these steps simultaneously instead of in sequence. Depending on the pipeline, this can save on time immensely.
A promoted build is a build that is distinguished from other builds based on some criteria, such as additional tests. This allows the main build process to be done quickly and give developers feedback quickly while having other processes able to run and verify more complete builds.
A Jenkinsfile is a file that lives in a repository that tells Jenkins what to run. These serve the same function as having a declarative pipeline on the Jenkins server. The advantage to a Jenkinsfile is that it can be committed to a code repository and versioned like other code.
A declarative pipeline is a newer, simpler way to write pipelines. The syntax is simpler and easier to understand. It is a way to codify declarative steps (such as the steps that would be made in a Freestyle project) so that it may be checked into a code repository. However Declarative Pipelines come at the cost of flexibility. A simple pipeline can be done in a declarative pipeline, however more complex pipelines will need scripted elements.
This is the traditional way pipelines were written in Jenkins. A scripted pipeline uses the Groovy Domain Specific Language which can be unwieldy. However, Scripted pipelines allow you much greater control and the flexibility of a more fully-featured programming language.
Docker and Jenkins
A common pattern is to use Docker with Jenkins. Docker support is available through a plugin. Docker allows teams to have their build environments run in Docker containers and to be completely disposable. A Docker container will have tools available for a specific project’s build process. Additionally, a pipeline can use different docker containers at different steps in the build process for more complex pipelines.