From 8e9db51f9da4fdd8cb8701f4a098de1ba157cbde Mon Sep 17 00:00:00 2001 From: Brad Stein Date: Tue, 20 Jan 2026 10:15:33 -0300 Subject: [PATCH] jenkins: restore multibranch + webhook token --- services/jenkins/configmap-jcasc.yaml | 40 +++++++++++++++++-------- services/jenkins/configmap-plugins.yaml | 22 +++++++++----- services/jenkins/deployment.yaml | 17 ++++++----- 3 files changed, 52 insertions(+), 27 deletions(-) diff --git a/services/jenkins/configmap-jcasc.yaml b/services/jenkins/configmap-jcasc.yaml index 9e116c0..ca3a722 100644 --- a/services/jenkins/configmap-jcasc.yaml +++ b/services/jenkins/configmap-jcasc.yaml @@ -158,24 +158,40 @@ data: } } } - pipelineJob('titan-iac-quality-gate') { - triggers { - scm('H/12 * * * *') - } - definition { - cpsScm { - scm { + multibranchPipelineJob('titan-iac-quality-gate') { + branchSources { + branchSource { + source { git { - remote { - url('https://scm.bstein.dev/bstein/titan-iac.git') - credentials('gitea-pat') - } - branches('*/main') + id('titan-iac-quality-gate') + remote('https://scm.bstein.dev/bstein/titan-iac.git') + credentialsId('gitea-pat') } } + } + } + factory { + workflowBranchProjectFactory { scriptPath('ci/Jenkinsfile.titan-iac') } } + orphanedItemStrategy { + discardOldItems { + numToKeep(30) + } + } + triggers { + periodicFolderTrigger { + interval('12h') + } + } + configure { node -> + def token = System.getenv('TITAN_IAC_WEBHOOK_TOKEN') ?: '' + def triggers = node / 'triggers' + triggers << 'com.igalg.jenkins.plugins.mswt.trigger.ComputedFolderWebHookTrigger' { + token(token) + } + } } base.yaml: | jenkins: diff --git a/services/jenkins/configmap-plugins.yaml b/services/jenkins/configmap-plugins.yaml index d20a283..3529512 100644 --- a/services/jenkins/configmap-plugins.yaml +++ b/services/jenkins/configmap-plugins.yaml @@ -6,11 +6,17 @@ metadata: namespace: jenkins data: plugins.txt: | - kubernetes - workflow-aggregator - git - pipeline-utility-steps - configuration-as-code - oic-auth - job-dsl - simple-theme-plugin + kubernetes:4416.v2ea_b_5372da_a_e + workflow-aggregator:608.v67378e9d3db_1 + git:5.8.1 + pipeline-utility-steps:2.20.0 + configuration-as-code:2031.veb_a_fdda_b_3ffd + oic-auth:4.626.ve5a_d9f26c051 + job-dsl:1.93 + simple-theme-plugin:230.v8b_fd91b_b_800c + workflow-multibranch:821.vc3b_4ea_780798 + branch-api:2.1268.v044a_87612da_8 + scm-api:724.v7d839074eb_5c + gitea:268.v75e47974c01d + gitea-checks:603.621.vc708da_fb_371d + multibranch-scan-webhook-trigger:1.0.11 diff --git a/services/jenkins/deployment.yaml b/services/jenkins/deployment.yaml index fdb8d10..c82a6af 100644 --- a/services/jenkins/deployment.yaml +++ b/services/jenkins/deployment.yaml @@ -22,23 +22,26 @@ spec: vault.hashicorp.com/role: "jenkins" vault.hashicorp.com/agent-inject-secret-jenkins-env: "kv/data/atlas/jenkins/jenkins-oidc" vault.hashicorp.com/agent-inject-template-jenkins-env: | - {{- with secret "kv/data/atlas/jenkins/jenkins-oidc" -}} + {{ with secret "kv/data/atlas/jenkins/jenkins-oidc" }} OIDC_CLIENT_ID={{ .Data.data.clientId }} OIDC_CLIENT_SECRET={{ .Data.data.clientSecret }} OIDC_AUTH_URL={{ .Data.data.authorizationUrl }} OIDC_TOKEN_URL={{ .Data.data.tokenUrl }} OIDC_USERINFO_URL={{ .Data.data.userInfoUrl }} OIDC_LOGOUT_URL={{ .Data.data.logoutUrl }} - {{- end }} - {{- with secret "kv/data/atlas/jenkins/harbor-robot-creds" -}} + {{ end }} + {{ with secret "kv/data/atlas/jenkins/harbor-robot-creds" }} HARBOR_ROBOT_USERNAME={{ .Data.data.username }} HARBOR_ROBOT_PASSWORD={{ .Data.data.password }} - {{- end }} - {{- with secret "kv/data/atlas/jenkins/gitea-pat" -}} + {{ end }} + {{ with secret "kv/data/atlas/jenkins/gitea-pat" }} GITEA_PAT_USERNAME={{ .Data.data.username }} GITEA_PAT_TOKEN={{ .Data.data.token }} - {{- end -}} - bstein.dev/restarted-at: "2026-01-20T05:05:00Z" + {{ end }} + {{ with secret "kv/data/atlas/jenkins/webhook-tokens" }} + TITAN_IAC_WEBHOOK_TOKEN={{ .Data.data.titan_iac_quality_gate }} + {{ end }} + bstein.dev/restarted-at: "2026-01-20T13:10:00Z" spec: serviceAccountName: jenkins nodeSelector: