bstein/titan-iac
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

jenkins: automate notifyCommit token

Browse Source
This commit is contained in:
Brad Stein 2026-01-20 11:54:15 -03:00
parent b54da8e3e0
commit f5eec19e11
4 changed files with 44 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
services/jenkins/deployment.yaml
View File

@ -40,8 +40,9 @@ spec:
{{ end }} {{ end }}
{{ with secret "kv/data/atlas/jenkins/webhook-tokens" }} {{ with secret "kv/data/atlas/jenkins/webhook-tokens" }}
TITAN_IAC_WEBHOOK_TOKEN={{ .Data.data.titan_iac_quality_gate }} TITAN_IAC_WEBHOOK_TOKEN={{ .Data.data.titan_iac_quality_gate }}
GIT_NOTIFY_TOKEN_BSTEIN_DEV_HOME={{ .Data.data.git_notify_bstein_dev_home }}
{{ end }} {{ end }}
bstein.dev/restarted-at: "2026-01-20T14:35:00Z" bstein.dev/restarted-at: "2026-01-20T14:52:41Z"
spec: spec:
serviceAccountName: jenkins serviceAccountName: jenkins
nodeSelector: nodeSelector:

1
services/jenkins/kustomization.yaml
View File

@ -16,6 +16,7 @@ configMapGenerator:
- name: jenkins-init-scripts - name: jenkins-init-scripts
namespace: jenkins namespace: jenkins
files: files:
- git-notify-token.groovy=scripts/git-notify-token.groovy
- theme.groovy=scripts/theme.groovy - theme.groovy=scripts/theme.groovy
options: options:
disableNameSuffixHash: true disableNameSuffixHash: true

41
services/jenkins/scripts/git-notify-token.groovy Normal file
View File

@ -0,0 +1,41 @@
import hudson.plugins.git.ApiTokenPropertyConfiguration
import hudson.Util
import java.nio.charset.StandardCharsets
import java.security.MessageDigest
def entries = [
[env: 'GIT_NOTIFY_TOKEN_BSTEIN_DEV_HOME', name: 'gitea-bstein-dev-home'],
]
entries.each { entry ->
def token = System.getenv(entry.env)
if (!token || token.trim().isEmpty()) {
println("Git notifyCommit token ${entry.env} missing; skipping")
return
}
try {
def config = ApiTokenPropertyConfiguration.get()
if (config.hasMatchingApiToken(token)) {
println("Git notifyCommit token ${entry.name} already configured")
return
}
def digest = MessageDigest.getInstance("SHA-256")
def hash = Util.toHexString(digest.digest(token.getBytes(StandardCharsets.US_ASCII)))
def field = ApiTokenPropertyConfiguration.class.getDeclaredField("apiTokens")
field.setAccessible(true)
def tokens = field.get(config)
def ctor = ApiTokenPropertyConfiguration.HashedApiToken.class.getDeclaredConstructor(String.class, String.class)
ctor.setAccessible(true)
tokens.add(ctor.newInstance(entry.name, hash))
config.save()
println("Added git notifyCommit access token ${entry.name}")
} catch (Throwable e) {
println("Failed to configure git notifyCommit token ${entry.name}: ${e.class.simpleName}: ${e.message}")
}
}

1
services/jenkins/scripts/theme.groovy
View File

@ -8,7 +8,6 @@ if (decorators?.size() > 0) {
def theme = decorators[0] def theme = decorators[0]
theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css") theme.setCssUrl("https://jenkins-contrib-themes.github.io/jenkins-material-theme/dist/material-ocean.css")
theme.setJsUrl("") theme.setJsUrl("")
theme.setTheme("")
instance.save() instance.save()
println("Applied simple-theme-plugin dark theme") println("Applied simple-theme-plugin dark theme")
} else { } else {