I am setting up a CI/CD system at my company based on Jenkins and SonarQube and I already integrated LDAP in both. I am using Role based plugin in Jenkins and the problem is Jenkins allows me (as Administrator) to assign user to a specific role without requiring that user to login Jenkins in advance. But Sonar with LDAP only create users after logging in, which leads to having to ask at least 8 people (for each project) to go to my Sonar Server page first for authorization. Here's my question: Is there any tools/plugins to match authentication on Jenkins and Sonar, such as people config their own projects on Jenkins can also view bugs/config their projects on Sonar? I appreciate any alternative suggestions. My thanks in advance!
There is no tool or plugin doing this for you. You can assign groups to the user per project and use them in SonarQube to assign the projects.
Or you can create the users manually for SonarQube (Source):
Write directly to the database (there is a simple table called users).
Write a java application that depends on the sonar plugin API, you can then use constructor injection to get a Sonar hibernate session
and persist the user you want. See Here.
Related
everybody.
We have just successfully migrated from ADServer 2019 to ADServices.
We have a single custom process template that is used for all Team Projects. After migration, each team project has its own Process Template, as expected.
However, as all migrated Process Templates are equal, I would like to group all Team Projects in a single Process Template.
In order to do that, I do these steps:
Go to Organization Settings
Select Process
Click on one of my hosted process templates
Click on "Projects"
Click on "..." and select "Change Process"
A pop up appears, where I can select the target process I like to change. It's important to note that all hosted migrated process seems to be avaliable for the change.
When I select another hosted process, and click "Ok", the message "The feature is disabled. Contact your Azure DevOps Server administrator." appears and the change can't be done.
I have been looking how to enable this feature with no success.
Has anyone had this situation?
If is not possible to do that, is there any way to import the future changes of my process template via command line, in order to update all my team projects ?
Thanks in advance for the help.
Regards,
Alba
We evaluated this situation with MS and the answer is that there is no way to make this change of process template between team projects belonging to different hosted process template, even though the process templates are equals.
As we cannot change our Process Template to hosted process by now, our solution was making a script using AD api, in order to make a bulk update of all process templates for all our team projects.
See https://learn.microsoft.com/en-us/rest/api/azure/devops/processadmin/processes/import%20process%20template?view=azure-devops-rest-6.1
From the screenshot, you were trying to change the process used by the team project from a hosted xml to an inherited process. For your scenario, you need to
cloned your Hosted XML process to an inherited process.
Change a project from Hosted XML to an inherited process.
An useful blog for your reference:
https://devblogs.microsoft.com/devops/moving-from-hosted-xml-process-to-inherited-process-ga/
This is a different issue as I am accessing and using my visualstudio.com server. Please see the image.
I am currently working on an automation in powershell which is to create a new project in VSTS using my account. Unfortunately, I am having an error which is below.
System.Management.Automation.RemoteException: The project collection does not have a default location for creating project portal sites configured.
Either configure this location using the Team Foundation Administration Console or specify the /w
ebapplication and /relativepath arguments.
tfpt only works with TFS2015 or more older version. It does not work with VSTS and TFS2017.
You can use Rest API to create the team project via script just as you found. Or you can also consider to use the VSTS CLI: VSTS Create Project.
We run our E2E automation test on build agent (V1.105.xxx) after the build is successfully. The test code leverage Visual studio Unit Test framework to access VSTS work items to load test data using data driven approach (each test case method linked to one test case work item):
[DataSource("Microsoft.VisualStudio.TestTools.DataSource.TestCase","https://myaccount.visualstudio.com/DefaultCollection;MyProject";, "1111111", DataAccessMethod.Sequential)
And we run our V1.x build agent in interactive mode with PAT auth as follows:
C:\agent\agent\VsoAgent.exe /Login:e2etest,xxxxxxxxxxxxxxxxxxxx;AuthType=PAT
But we could not find a way run V2.x agent with PAT auth so as to access the VSTS work items.
Is it still supported in V2.x agent?
When use PAT to configure build agent, the PAT token is used only for the initial configuration of the agent. More information, you can refer to Communication.
Regarding interactive mode, it will prompt the login window to let you authentication when configure or run build agent if the cached account can’t access vsts or there isn’t cached account. You need to change the permission for this user.
You can try to set Read permission to deny for this user in Version Control admin page, the queue build that need to download that source and check the result, the build will not start anymore.
Summarize the issue and solution:
Per starain's comments, in old V1.x agent, regarding the access to VSTS work items from our testing code, it is nothing related to the PAT token we used to run the agent in interactive mode. Actually we run the agent using local admin account of the VM, which we ever used to connect to VSTS, and the credential was cached. The testing code just used that cached credential to access VSTS work items.
So the solution for V2.x is simple, just run the agent service using the local admin account. No need to run in interactive mode.
Thanks starain's great help!
Is it possible to use git hub login for sonar application?
Just like Jenkins can be configured.
if possible please provide steps to configure.
A SonarQube GitHub Authentication Plugin has been created since the accepted answer was written.
For SONAR you need not connect with GITHUB directly, use jenkins to get the latest code to your agent and in the smae job invoke your sonar analysis - either using runner or maven goals, it should work fine
There is currently no plugin allowing the delegation of authentication to GitHub
I have an organization on GitHub with private repositories. I also have Jenkins set up running on port 8080 on a server, with the GitHub plugin installed. I've created an account on GitHub for my jenkins user, which resides in the owners group.
I'm trying to trigger a job on jenkins when a change is pushed to my development branch (or master branch, neither seem to be working).
When I look at the GitHub Hook Logs in Jenkins, it says that Polling has not run yet. When I go to "Manage Jenkins", the GitHub plugin says my account is Verified when I test it.
Any insight on how to configure this? I have multiple repositories I'd like to work with, so deploy keys don't seem like the solution to me.
Update:
As Craig Ringer mentions in his answer, you can select Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
Another update: Webhooks are now (Dec. 2014) available for organization: see WebHooks API for orgs.
Note: the issue 4 of the hudson-github-plugin was about:
Last GitHub Push
Polling has not run yet.
And the conclusion was:
Nevermind, the only missing piece was a permission checkbox for the github user which ain't documented anywhere on the internet.
So is this a permission issue regarding your Jenkins users?
The article "Set up Jenkins-CI on Ubuntu for painless Rails3 app CI testing" includes the following process:
To restrict the CI system and give access to your Team members to use or see the build logs, first you’ve to create an account.
Go to Manage Jenkins > Configure System,
Check the Enable Security checkbox
Under Security Realm, choose Jenkins's own user database
Check the Allow users to sign up checkbox
Under Authorization, choose Project-based Matrix Authorization Strategy
Add first user with the name admin and another with GitHub (Note: the username for Admin access has to be admin) For GitHub named user, just choose the Overall Read only permission. We’ll use this user later with the GitHub hook.
Note: The admin and GitHub user that we’ve added in the above step does not create the User. Then you’ve to create a real user with that same name. Ya, I know, its a bit weird with Jenkins UI.
Go to Manage Jenkins > Manage Users > Create User. Create both admin and GitHub users.
Hooking with the Github web-hooks
Now to run the build automagically when new commit or branch gets pushed onto Github, we have to setup the repository.
Got to the hooks page for your repository. e.g.
github.com/<username>/<project_name>/admin/hooks
Under AVAILABLE SERVICE HOOKS > Post-Receive URLs, add github:github#your-ci-server.com/github-webhook/.
The github:github is the user that we’d created earlier.
Then we have to verify Jenkins with Github. Go to Manage Jenkins > Configure System and under GitHub Web Hook, add your Github username and password and click the Test Credential button to authorize once with Github.
It looks like the accepted answer is no longer necessary with the current version of the GitHub plugin. You can instead check Grant READ permissions for /github-webhook in "Configure Jenkins" under the GitHub plugin settings, allowing the webhook to be called without authentication.
As explained in the help on this option that's quite safe, and frankly no worse than having a user named "github" with password "github" anyway.
There are two ways to achieve automatic builds on Jenkins. What you choose depends on whether GitHub can call the Jenkins server URL you provide. This may not be the case if you are running Jenkins behind a firewall.
If GitHub can reach that URL you can set up the service hook on your repo there.
If not you can set up Jenkins to poll periodically.
You may set up both, but one solution is enough to get it working. I would always go for the first if feasible as it saves resources CPU and traffic wise.
Either way you need the GitHub plugin for Jenkins.
Hope that helps a bit.