feat: Divide JCasC file into multiple files.

dksifoua · Jul 11, 2024 · 094a3de · 094a3de
1 parent 0f38ea9
commit 094a3de
Show file tree

Hide file tree

Showing 10 changed files with 132 additions and 139 deletions.
diff --git a/README.md b/README.md
@@ -3,7 +3,7 @@
 `$ terraform login`
 
 TODOs
-- [] Divide JCasC file into multiple files
+- [x] Divide JCasC file into multiple files
 - [] Use Variables instead of hardcoded values
 - [] Deactivate daily scanning of GitHub organization
 - [] Jenkins System Message

diff --git a/Taskfile.yaml b/Taskfile.yaml
@@ -12,7 +12,7 @@ vars:
         echo "cloud-dksifoua-builder"
       fi
   DOCKER_FILE: modules/jenkins/docker/Dockerfile
-  JCASC_FILE: modules/jenkins/jcasc/jenkins.yaml
+  JCASC_FILES: modules/jenkins/jcasc/*.yaml
   PLUGINS_FILE: modules/jenkins/jcasc/plugins.txt
   REPOSITORY:
     sh: grep 'LABEL repository=' {{.DOCKER_FILE}} | cut -d '"' -f 2
@@ -24,7 +24,7 @@ tasks:
     desc: "Build Jenkins image"
     cmd: |
       docker build \
-        --build-arg JCASC_FILE="{{.JCASC_FILE}}" \
+        --build-arg JCASC_FILES="{{.JCASC_FILES}}" \
         --build-arg PLUGINS_FILE="{{.PLUGINS_FILE}}" \
         --build-arg JENKINS_ADMIN_USER="$JENKINS_ADMIN_USER" \
         --build-arg JENKINS_ADMIN_NAME="$JENKINS_ADMIN_NAME" \

diff --git a/modules/jenkins/docker/Dockerfile b/modules/jenkins/docker/Dockerfile
@@ -5,7 +5,7 @@ LABEL maintainer="Dimitri Sifoua <[email protected]>"
 LABEL repository="dksifoua"
 LABEL version="1.1.6"
 
-ARG JCASC_FILE
+ARG JCASC_FILES
 ARG PLUGINS_FILE
 ARG JENKINS_ADMIN_USER
 ARG JENKINS_ADMIN_NAME
@@ -23,6 +23,8 @@ ENV JENKINS_ADMIN_EMAIL $JENKINS_ADMIN_EMAIL
 ENV GITHUB_USER $GITHUB_USER
 ENV GITHUB_ACCESS_TOKEN $GITHUB_ACCESS_TOKEN
 
+ENV CASC_JENKINS_CONFIG=$JENKINS_HOME/casc_configs
+
 #USER root
 #RUN apt-get update && apt-get install -y lsb-release
 #RUN curl -fsSLo /usr/share/keyrings/docker-archive-keyring.asc \
@@ -34,7 +36,7 @@ ENV GITHUB_ACCESS_TOKEN $GITHUB_ACCESS_TOKEN
 #RUN apt-get update && apt-get install -y docker-ce-cli
 
 USER jenkins
-COPY ${JCASC_FILE} $JENKINS_HOME/jenkins.yaml
+COPY ${JCASC_FILES} $CASC_JENKINS_CONFIG/
 COPY ${PLUGINS_FILE} $REF/plugins.txt
 RUN echo 2.0 > $REF/jenkins.install.UpgradeWizard.state
 RUN jenkins-plugin-cli -f $REF/plugins.txt
diff --git a/modules/jenkins/jcasc/appearance.yaml b/modules/jenkins/jcasc/appearance.yaml
@@ -0,0 +1,4 @@
+appearance:
+  locale:
+    systemLocale: en
+    ignoreAcceptLanguage: true
diff --git a/modules/jenkins/jcasc/authorization.yaml b/modules/jenkins/jcasc/authorization.yaml
@@ -0,0 +1,21 @@
+jenkins:
+  authorizationStrategy:
+    globalMatrix:
+      entries:
+        - user:
+            name: ${JENKINS_ADMIN_USER}
+            permissions:
+              - Overall/Administer
+        - group:
+            name: authenticated
+            permissions:
+              - Overall/Read
+              - Job/Read
+              - View/Read
+              - Run/Replay
+        - user:
+            name: anonymous
+            permissions:
+              - Overall/Read
+              - Job/Read
+              - View/Read
diff --git a/modules/jenkins/jcasc/credentials.yaml b/modules/jenkins/jcasc/credentials.yaml
@@ -0,0 +1,15 @@
+credentials:
+  system:
+    domainCredentials:
+      - credentials:
+          - string:
+              description: GitHub Personal Access Token
+              id: github-token
+              scope: GLOBAL
+              secret: ${GITHUB_ACCESS_TOKEN}
+          - usernamePassword:
+              description: GitHub Username & Password
+              id: github-pass
+              scope: GLOBAL
+              username: ${GITHUB_USER}
+              password: ${GITHUB_ACCESS_TOKEN}
diff --git a/modules/jenkins/jcasc/github.yaml b/modules/jenkins/jcasc/github.yaml
@@ -0,0 +1,10 @@
+unclassified:
+  githubpluginconfig:
+    configs:
+      - name: Default
+        apiUrl: https://api.github.com
+        credentialsId: github-token
+        manageHooks: true
+
+  githubconfiguration:
+    apiRateLimitChecker: NoThrottle
diff --git a/modules/jenkins/jcasc/jenkins.yaml b/modules/jenkins/jcasc/jenkins.yaml
@@ -3,140 +3,7 @@ jenkins:
     <h1  style="background-color: #35824E; color: white; text-align: center;">
     Jenkins Automation Server  for Continuous Integration & Continuous Deployment
     </h1>
-    <p style="text-align: center;">
-    This Jenkins is 100% configured and managed <b>as code</b>.<br />
-    Configuration is now mostly handled by the <b>Jenkins Configuration as Code (JCasC)</b> plugin.<br />
-    JCasC config can be found in the <code>jenkins.yaml</code> file in the <code>/var/jenkins_home</code> folder.
-    </p>
   markupFormatter:
     rawHtml:
       disableSyntaxHighlighting: true
-  numExecutors: 2
-
-  securityRealm:
-    local:
-      allowsSignup: false
-      enableCaptcha: false
-      users:
-        - id: ${JENKINS_ADMIN_USER}
-          name: ${JENKINS_ADMIN_NAME}
-          description: ${JENKINS_ADMIN_DESC}
-          password: ${JENKINS_ADMIN_PASS}
-          properties:
-            - timezone:
-                timeZoneName: America/Toronto
-
-  authorizationStrategy:
-    globalMatrix:
-      entries:
-        - user:
-            name: ${JENKINS_ADMIN_USER}
-            permissions:
-              - Overall/Administer
-        - group:
-            name: authenticated
-            permissions:
-              - Overall/Read
-              - Job/Read
-              - View/Read
-              - Run/Replay
-        - user:
-            name: anonymous
-            permissions:
-              - Overall/Read
-              - Job/Read
-              - View/Read
-
-credentials:
-  system:
-    domainCredentials:
-      - credentials:
-          - string:
-              description: GitHub Personal Access Token
-              id: github-token
-              scope: GLOBAL
-              secret: ${GITHUB_ACCESS_TOKEN}
-          - usernamePassword:
-              description: GitHub Username & Password
-              id: github-pass
-              scope: GLOBAL
-              username: ${GITHUB_USER}
-              password: ${GITHUB_ACCESS_TOKEN}
-
-appearance:
-  locale:
-    systemLocale: en
-    ignoreAcceptLanguage: true
-
-unclassified:
-  githubpluginconfig:
-    configs:
-      - name: Default
-        apiUrl: https://api.github.com
-        credentialsId: github-token
-        manageHooks: true
-
-  githubconfiguration:
-    apiRateLimitChecker: NoThrottle
-
-jobs:
-  - script: >
-      organizationFolder("GitHub Org - ${GITHUB_USER}") {
-        description("This contains all repositories with a Jenkinsfile from my github account")
-        displayName("GitHub Organization Folder - ${GITHUB_USER}")
-      
-        organizations {
-          github {
-            repoOwner("${GITHUB_USER}")
-            apiUri("https://api.github.com")
-            credentialsId("github-pass")
-            enableAvatar(true)
-            
-            traits {
-              gitBranchDiscovery()
-              gitHubExcludeArchivedRepositories()
-              gitHubExcludeForkedRepositories()
-              gitHubIgnoreDraftPullRequestFilter()
-              gitHubTagDiscovery()
-              pruneStaleBranch()
-              pruneStaleTag()
-              wipeWorkspaceTrait()
-              
-              gitHubBranchDiscovery {
-                strategyId(3) // All branches
-              }
-              gitHubPullRequestDiscovery {
-                strategyId(2) // The Current Pull Request Revision
-              }
-              multiBranchProjectDisplayNaming {
-                displayNamingStrategy("RAW_AND_OBJECT_DISPLAY_NAME")
-              }
-              /*userIdentity {
-                extension {
-                // If given, "GIT_COMMITTER_NAME=[this]" and "GIT_AUTHOR_NAME=[this]" are set for builds.
-                name(String value)
-                // If given, "GIT_COMMITTER_EMAIL=[this]" and "GIT_AUTHOR_EMAIL=[this]" are set for builds.
-                email(String value)
-                }
-              }*/
-            }
-          }
-        }
-        
-        orphanedItemStrategy {
-          discardOldItems {
-            daysToKeep(7)
-            numToKeep(20)
-          }
-        }
-        
-        projectFactories {
-          workflowMultiBranchProjectFactory {
-            scriptPath("Jenkinsfile")
-          }
-        }
-      
-        triggers {
-          cron("@daily")
-        }
-      }
+  numExecutors: 2
diff --git a/modules/jenkins/jcasc/jobs.yaml b/modules/jenkins/jcasc/jobs.yaml
@@ -0,0 +1,61 @@
+jobs:
+  - script: >
+      organizationFolder("GitHub Org - ${GITHUB_USER}") {
+        description("This contains all repositories with a Jenkinsfile from my github account")
+        displayName("GitHub Organization Folder - ${GITHUB_USER}")
+      
+        organizations {
+          github {
+            repoOwner("${GITHUB_USER}")
+            apiUri("https://api.github.com")
+            credentialsId("github-pass")
+            enableAvatar(true)
+      
+            traits {
+              gitBranchDiscovery()
+              gitHubExcludeArchivedRepositories()
+              gitHubExcludeForkedRepositories()
+              gitHubIgnoreDraftPullRequestFilter()
+              gitHubTagDiscovery()
+              pruneStaleBranch()
+              pruneStaleTag()
+              wipeWorkspaceTrait()
+      
+              gitHubBranchDiscovery {
+                strategyId(3) // All branches
+              }
+              gitHubPullRequestDiscovery {
+                strategyId(2) // The Current Pull Request Revision
+              }
+              multiBranchProjectDisplayNaming {
+                displayNamingStrategy("RAW_AND_OBJECT_DISPLAY_NAME")
+              }
+              /*userIdentity {
+                extension {
+                // If given, "GIT_COMMITTER_NAME=[this]" and "GIT_AUTHOR_NAME=[this]" are set for builds.
+                name(String value)
+                // If given, "GIT_COMMITTER_EMAIL=[this]" and "GIT_AUTHOR_EMAIL=[this]" are set for builds.
+                email(String value)
+                }
+              }*/
+            }
+          }
+        }
+      
+        orphanedItemStrategy {
+          discardOldItems {
+            daysToKeep(7)
+            numToKeep(20)
+          }
+        }
+      
+        projectFactories {
+          workflowMultiBranchProjectFactory {
+            scriptPath("Jenkinsfile")
+          }
+        }
+      
+        triggers {
+          cron("@daily")
+        }
+      }
diff --git a/modules/jenkins/jcasc/security.yaml b/modules/jenkins/jcasc/security.yaml
@@ -0,0 +1,13 @@
+jenkins:
+  securityRealm:
+    local:
+      allowsSignup: false
+      enableCaptcha: false
+      users:
+        - id: ${JENKINS_ADMIN_USER}
+          name: ${JENKINS_ADMIN_NAME}
+          description: ${JENKINS_ADMIN_DESC}
+          password: ${JENKINS_ADMIN_PASS}
+          properties:
+            - timezone:
+                timeZoneName: America/Toronto