> For the complete documentation index, see [llms.txt](https://imarslo.gitbook.io/ibook/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://imarslo.gitbook.io/ibook/jenkins/script.md). # script * [script console](#script-console) * [usage](#usage) * [setup system property (temporary)](#setup-system-property-temporary) * [extend built-in node executor](#extend-built-in-node-executor) * [execute shell script in console](#execute-shell-script-in-console) * [read & write files](#read--write-files) * [nslookup](#nslookup) * [jenkins system](#jenkins-system) * [get system info](#get-system-info) * [modify log level](#modify-log-level) * [sshd port](#sshd-port) * [theme management](#theme-management) * [RABC](#rabc) * [jobs & builds](#jobs--builds) * [list build status with percentage](#list-build-status-with-percentage) * [get all builds status during certain start-end time](#get-all-builds-status-during-certain-start-end-time) * [list builds which running for more than 24 hours](#list-builds-which-running-for-more-than-24-hours) * [get workspace](#get-workspace) * [shelve jobs](#shelve-jobs) * [plugins](#plugins) * [via api : imarslo: list plugins](#via-api--imarslo-list-plugins) * [simple list](#simple-list) * [list for helm-value.yaml](#list-for-helm-valueyaml) * [with delegate to Servlet container security realm](#with-delegate-to-servlet-container-security-realm) * [list plugin and dependencies](#list-plugin-and-dependencies) * [scriptApproval](#scriptapproval) * [backup & restore all scriptApproval items](#backup--restore-all-scriptapproval-items) * [automatic approval all pending](#automatic-approval-all-pending) * [disable the scriptApproval](#disable-the-scriptapproval) {% hint style="info" %} > reference: > > * [Script Console](https://www.jenkins.io/doc/book/managing/script-console/) > * [Jenkins Features Controlled with System Properties](https://www.jenkins.io/doc/book/managing/system-properties/) > * [Jenkins : Jenkins Script Console](https://wiki.jenkins.io/display/JENKINS/Jenkins-Script-Console.html) > * [Jenkins : Use Jenkins](https://wiki.jenkins.io/display/JENKINS/Use-Jenkins.html) > * [Java API Usage Example](https://programtalk.com/java-api-usage-examples/?api=jenkins) > * [jenkins.model.Jenkins](https://programtalk.com/java-api-usage-examples/jenkins.model.Jenkins/) > * [jenkins.model.BuildDiscarder](https://programtalk.com/java-api-usage-examples/jenkins.model.BuildDiscarder/) > * [org.jenkinsci.plugins.workflow.steps](https://javadoc.jenkins.io/plugin/workflow-basic-steps/org/jenkinsci/plugins/workflow/steps/package-summary.html) > * [I have a stuck Pipeline and I can not stop it](https://docs.cloudbees.com/docs/cloudbees-ci-kb/latest/troubleshooting-guides/i-have-a-stuck-pipeline-and-i-can-not-stop-it) > * scripts: > * [\* jenkinsci/jenkins-scripts](https://github.com/jenkinsci/jenkins-scripts) > * [\* cloudbees/jenkins-scripts](https://github.com/cloudbees/jenkins-scripts) > * [\* dnozay/\_Jenkins+Script+Console.md](https://gist.github.com/dnozay/e7afcf7a7dd8f73a4e05) > * [\* mubbashir/Jenkins+Script+Console.md](https://gist.github.com/mubbashir/484903fda934aeea9f30) > * [Jenkins script](https://blog.csdn.net/lingqiao023/article/details/107029326) > * [Sam Gleske’s jenkins-script-console-scripts repository](https://github.com/samrocketman/jenkins-script-console-scripts) > * [Sam Gleske’s jenkins-bootstrap-shared repository](https://github.com/samrocketman/jenkins-bootstrap-shared) > * [Some scripts at JBoss.org](http://community.jboss.org/wiki/HudsonHowToDebug) > * [mikejoh/jenkins-and-groovy-snippets.md](https://gist.github.com/mikejoh/9a721d1e6de7574059dcb8f851692be9) > * [samrocketman/jenkins-script-console-scripts](https://github.com/samrocketman/jenkins-script-console-scripts) > * [monitor and slack](https://github.com/samrocketman/jenkins-script-console-scripts/blob/main/monitor-agent-queue.groovy) > * [others](https://wiki.jenkins.io/display/JENKINS/Jenkins-Script-Console.html) > * [Jenkins : Monitor and Restart Offline Slaves](https://wiki.jenkins.io/display/JENKINS/Monitor-and-Restart-Offline-Slaves.html) > * [Jenkins : Monitoring Scripts](https://wiki.jenkins.io/display/JENKINS/Monitoring-Scripts.html) > * [Jenkins : Printing a list of credentials and their IDs](https://wiki.jenkins.io/display/JENKINS/Printing-a-list-of-credentials-and-their-IDs.html) > * [Jenkins : Wipe workspaces for a set of jobs on all nodes](https://wiki.jenkins.io/display/JENKINS/Wipe-workspaces-for-a-set-of-jobs-on-all-nodes.html) > * [Jenkins : Invalidate Jenkins HTTP sessions](https://wiki.jenkins.io/display/JENKINS/Invalidate-Jenkins-HTTP-sessions.html) > * [Jenkins : Grant Cancel Permission for user and group that have Build permission](https://wiki.jenkins.io/display/JENKINS/Grant-Cancel-Permission-for-user-and-group-that-have-Build-permission.html) > * python > * [jjb/python-jenkins](https://opendev.org/jjb/python-jenkins) > {% endhint %} > \[!TIP] to list methods on a class instance: > > ```groovy > thing.metaClass.methods*.name.sort().unique() > ``` > > to determine a class from an instance: > > ```groovy > thing.class > // or > thing.getClass() > ``` ### [script console](https://www.jenkins.io/doc/book/managing/script-console/) #### usage > \[!TIP] > > * [CSRF Protection Explained](https://docs.cloudbees.com/docs/cloudbees-ci-kb/latest/client-and-managed-masters/csrf-protection-explained) > * if you authenticate your API calls with a username and a user API token then a crumb is not required from Jenkins 2.96 > * [to get CSRF crumb via curl](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/authorization.html#get-crumb-via-cmd) > > ```bash > $ SERVER="https://localhost:8080" > $ COOKIEJAR="$(mktemp)" > $ CRUMB=$(curl -u "admin:admin" -s --cookie-jar "$COOKIEJAR" "$SERVER/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)") > # to run script via curl > $ curl -d "script=System.getProperties()" \ > -u "admin:admin" \ > --cookie "$COOKIEJAR" \ > -H "$CRUMB" \ > https://${SERVER}/scriptText > ``` > * [or](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/api.html#execute-groovy-script-with-an-api-call) > > ```bash > $ SERVER="https://localhost:8080" > $ COOKIEJAR="$(mktemp)" > $ CRUMB=$(curl -u "admin:admin" \ > --cookie-jar "${COOKIEJAR}" \ > 'https://${SERVER}/crumbIssuer/api/json' | > jq -r '[.crumbRequestField, .crumb] | join(":")' > ) > # verify > $ echo $CRUMB > Jenkins-Crumb:c11dc*******************************************************e463 > $ curl -d "script=System.getProperties()" \ > -u "admin:admin" \ > -s \ > --cookie "$COOKIEJAR" \ > -H "$CRUMB" \ > https://${SERVER}/scriptText > $ curl --data-urlencode "script=$(< ./script.groovy)" \ > -s \ > --netrc-file ~/.netrc \ > --cookie "${COOKIEJAR}" \ > -H "${CRUMB}" \ > https://${SERVER}/scriptText > ``` * remote access ```bash $ curl -d "script=" https://jenkins/script # or to get output as a plain text result (no HTML) $ curl -d "script=" https://jenkins/scriptText ``` * curl submitting groovy file ```bash $ curl --data-urlencode "script=$(< ./somescript.groovy)" https://jenkins/scriptText ``` * via api token ```bash $ curl --user 'username:api-token' \ --data-urlencode \ "script=$(< ./somescript.groovy)" \ https://jenkins/scriptText ``` * via python ```bash with open('somescript.groovy', 'r') as fd: data = fd.read() r = requests.post('https://jenkins/scriptText', auth=('username', 'api-token'), data={'script': data}) ``` #### setup system property (temporary) > \[!TIP|label:references:] > > * [Jenkins Features Controlled with System Properties](https://www.jenkins.io/doc/book/managing/system-properties/) > * [Configuring Content Security Policy](https://www.jenkins.io/doc/book/security/configuring-content-security-policy/) * timestampe ```groovy System.setProperty( 'org.apache.commons.jelly.tags.fmt.timeZone', 'America/Los_Angeles' ) ``` * [shell step aborts](https://issues.jenkins.io/browse/JENKINS-48300) ```groovy System.setProperty( 'org.jenkinsci.plugins.durabletask.BourneShellScript.HEARTBEAT_CHECK_INTERVAL', 36000 ) ``` * to clear property ```groovy System.clearProperty( 'hudson.model.DirectoryBrowserSupport.CSP' ) ``` * to get property ```groovy System.getProperty( 'hudson.model.DirectoryBrowserSupport.CSP' ) ``` * to get all properties ```groovy System.getProperties() // or System.getProperties().sort().collectEntries{[ (it.key), (it.value) ]} System.getProperties().sort().each { println "${it.key} ~> ${it.value}" } System.getProperties().sort().collect{ "${it.key} ~> ${it.value}" }.join('\n') ``` #### extend built-in node executor ```groovy import jenkins.model.* jenkins.model.Jenkins.instance.setNumExecutors(5) ``` #### execute shell script in console > \[!TIP|label:references:] > > * [Run scripts from controller Script Console on agents](https://www.jenkins.io/doc/book/managing/script-console/#run-scripts-from-controller-script-console-on-agents) ```groovy println ( 'uname -a'.execute().text ) // or println ( 'printenv'.execute().in.text ) ``` * result ``` Linux devops-jenkins-685cf57df9-znfs8 4.19.12-1.el7.elrepo.x86_64 #1 SMP Fri Dec 21 11:06:36 EST 2018 x86_64 GNU/Linux ``` * or ```groovy import hudson.util.RemotingDiagnostics import jenkins.model.Jenkins String agentName = 'your agent name' // groovy script you want executed on an agent groovyScript = ''' println System.getenv("PATH") println "uname -a".execute().text '''.stripIndent() String result jenkins.model.Jenkins.instance.slaves.find { agent -> agent.name == agentName }.with { agent -> result = RemotingDiagnostics.executeGroovy( groovyScript, agent.channel ) } println result ``` #### read & write files ```groovy // write new File('/tmp/file.txt').withWriter('UTF-8') { writer -> try { writer << 'hello world\n' } finally { writer.close() } } // read new File('/tmp/file.txt').text ``` * write file in agent ```groovy import hudson.FilePath import hudson.remoting.Channel import jenkins.model.Jenkins String agentName = 'some-agent' String filePath = '/tmp/file.txt' Channel agentChannel = jenkins.model.Jenkins.instance.slaves.find { agent -> agent.name == agentName }.channel new FilePath( agentChannel, filePath ).write().with { os -> try { os << 'hello world\n' } finally { os.close() } } ``` * read file from an agent ```groovy import hudson.FilePath import hudson.remoting.Channel import jenkins.model.Jenkins import java.io.BufferedReader import java.io.InputStreamReader import java.nio.charset.StandardCharsets import java.util.stream.Collectors String agentName = 'some-agent' String filePath = '/tmp/file.txt' Channel agentChannel = jenkins.model.Jenkins.instance.slaves.find { it.name == agentName }.channel String fileContents = '' new FilePath(agentChannel, filePath).read().with { is -> try { fileContents = new BufferedReader( new InputStreamReader(is, StandardCharsets.UTF_8)) .lines() .collect(Collectors.joining("\n") ) } finally { is.close() } } // with // print contents of the file from the agent println '===' println(fileContents) println '===' ``` #### nslookup > \[!NOTE|label:references:] > > * [get-ip-from-dns.groovy](https://github.com/samrocketman/jenkins-script-console-scripts/blob/main/get-ip-from-dns.groovy) ```groovy if( !binding.hasVariable('domain') ) { domain = 'example.com' } if( !(domain in String) ) { throw new Exception('PARAMETER ERROR: domain must be a string.') } InetAddress dnsInetAddress = InetAddress.getByName domain println dnsInetAddress.hostAddress ``` ### jenkins system {% hint style="info" %} > references: > > * [AnalogJ/you-dont-know-jenkins-init](https://github.com/AnalogJ/you-dont-know-jenkins-init) > * [3003.plugin-pipeline-library.groovy](https://github.com/AnalogJ/you-dont-know-jenkins-init/blob/master/3003.plugin-pipeline-library.groovy) > * [Using Hudson/Features controlled by system properties](https://wiki.eclipse.org/Using_Hudson/Features_controlled_by_system_properties) > * [jenkins-stats.groovy](https://github.com/samrocketman/jenkins-script-console-scripts/blob/main/jenkins-stats.groovy) > * scripts: > * [checkPluginUpdateServer.groovy](https://github.com/jenkinsci/jenkins-scripts/blob/master/scriptler/checkPluginUpdateServer.groovy) > * [reloadJobConfig.groovy](https://github.com/jenkinsci/jenkins-scripts/blob/master/scriptler/reloadJobConfig.groovy) > * [copy-move-diagnosis.groovy](https://github.com/cloudbees/jenkins-scripts/blob/master/copy-move-diagnosis.groovy) > {% endhint %} ```groovy import jenkins.model.*; import org.jenkinsci.main.modules.sshd.*; jenins.model.Jenkins instance = jenkins.model.Jenkins.instance instance.setDisableRememberMe( false ) instance.setNumExecutors( 2 ) instance.setSystemMessage( '

welcome to the Jenkins Master

' ) instance.setRawBuildsDir() instance.save() def sshd = SSHD.get() sshd.setPort( 12345 ) sshd.save() ``` #### [get system info](https://www.jenkins.io/participate/report-issue/#what-information-to-provide-for-environment-and-description) ```groovy println( "Groovy: ${GroovySystem.version}" ) println( "Jenkins: ${jenkins.model.Jenkins.instance.getVersion()}" ) println( "OS: ${System.getProperty('os.name')} - ${System.getProperty('os.version')}" ) println( "Java: ${System.getProperty('java.version')} - ${System.getProperty('java.vm.vendor')} (${System.getProperty('java.vm.name')})" ) println "---" jenkins.model.Jenkins.instance.pluginManager.plugins .collect() .sort { it.getShortName() } .each { plugin -> println("${plugin.getShortName()}:${plugin.getVersion()}") } return ``` #### modify log level {% hint style="info" %} > references: > > * [How to change the default or package log levels](https://support.cloudbees.com/hc/en-us/articles/115003914391-How-to-change-the-default-or-package-log-levels) > * [Configure Loggers for Jenkins](https://support.cloudbees.com/hc/en-us/articles/115002626172-Configure-Loggers-for-Jenkins) > * [Disable HttpClient logging](https://stackoverflow.com/a/61128260/2940319) > * [Viewing logs](https://www.jenkins.io/doc/book/system-administration/viewing-logs/) > {% endhint %} ```groovy System.setProperty( 'org.apache.commons.logging.Log', 'org.apache.commons.logging.impl.SimpleLog' ); System.setProperty( 'org.apache.commons.logging.simplelog.showdatetime', 'true' ); System.setProperty( 'org.apache.commons.logging.simplelog.log.httpclient.wire.header', 'error' ); System.setProperty( 'org.apache.commons.logging.simplelog.log.org.apache.http', 'error' ); System.setProperty( 'log4j.logger.org.apache.http', 'error' ); System.setProperty( 'log4j.logger.org.apache.http.wire', 'error' ); System.setProperty( 'org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient', 'error' ); ``` * check log level ```groovy println System.getProperty( 'org.apache.commons.logging.Log' ); println System.getProperty( 'org.apache.commons.logging.simplelog.showdatetime' ); println System.getProperty( 'org.apache.commons.logging.simplelog.log.httpclient.wire.header' ); println System.getProperty( 'org.apache.commons.logging.simplelog.log.org.apache.http' ); println System.getProperty( 'log4j.logger.org.apache.http' ); println System.getProperty( 'log4j.logger.org.apache.http.wire' ); println System.getProperty( 'org.apache.commons.logging.simplelog.log.org.apache.commons.httpclient' ); ``` #### sshd port ```groovy def descriptor = jenkins.model.Jenkins.instance.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD") if ( descriptor == null ) { return "SSHD not enabled or plugin not installed" } println "Configured SSHD port: ${descriptor.port}" println "Actual SSHD port: ${descriptor.sshd?.port ?: 'Not started'}" ``` * [`org.jenkinsci.main.modules.sshd.SSHD`](https://javadoc.jenkins.io/plugin/sshd/org/jenkinsci/main/modules/sshd/package-summary.html) ```groovy def desc = jenkins.model.Jenkins.instance.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD") if (desc == null) { return "SSHD not enabled or plugin not installed" } println """ getDisplayName : ${desc.getDisplayName()} getHelpFile : ${desc.getHelpFile()} getCategory : ${desc.getCategory()} getDescriptorFullUrl : ${desc.getDescriptorFullUrl()} getDescriptorUrl : ${desc.getDescriptorUrl()} getGlobalConfigPage : ${desc.getGlobalConfigPage()} getKlass : ${desc.getKlass()} getJsonSafeClassName : ${desc.getJsonSafeClassName()} """ // output // getDisplayName : SSHD // getHelpFile : null // getCategory : jenkins.model.GlobalConfigurationCategory$Security@2c78d177 // getDescriptorFullUrl : /descriptorByName/org.jenkinsci.main.modules.sshd.SSHD // getDescriptorUrl : descriptorByName/org.jenkinsci.main.modules.sshd.SSHD // getGlobalConfigPage : /org/jenkinsci/main/modules/sshd/SSHD/config.groovy // getKlass : class org.jenkinsci.main.modules.sshd.SSHD // getJsonSafeClassName : org-jenkinsci-main-modules-sshd-SSHD ``` * [`org.apache.sshd.server.SshServer`](https://javadoc.io/doc/org.apache.sshd/sshd-core/2.3.0/org/apache/sshd/server/SshServer.html) ```grovoy def desc = jenkins.model.Jenkins.instance.getDescriptor("org.jenkinsci.main.modules.sshd.SSHD") if (desc == null) { return "SSHD not enabled or plugin not installed" } println ">> getBoundAddresses : ${desc.sshd.getBoundAddresses()}" println ">> getCipherFactories : ${desc.sshd.getCipherFactories()}" println ">> getGlobalRequestHandlers : ${desc.sshd.getGlobalRequestHandlers()}" println ">> getPasswordAuthenticator : ${desc.sshd.getPasswordAuthenticator()}" println ">> getPort : ${desc.sshd.getPort()}" println ">> getSignatureFactories : ${desc.sshd.getSignatureFactories()}" println ">> getVersion : ${desc.sshd.getVersion()}" // output // >> getBoundAddresses : [/0.0.0.0:38239] // >> getCipherFactories : [aes128-ctr, aes192-ctr, aes256-ctr] // >> getGlobalRequestHandlers : [org.apache.sshd.common.global.KeepAliveHandler@38152e54, org.apache.sshd.server.global.NoMoreSessionsHandler@f813145, org.apache.sshd.server.global.TcpipForwardHandler@259d054c, org.apache.sshd.server.global.CancelTcpipForwardHandler@4f856efd, hostkeys-prove-00@openssh.com] // >> getPasswordAuthenticator : null // >> getPort : 38239 // >> getSignatureFactories : [ecdsa-sha2-nistp256-cert-v01@openssh.com, ecdsa-sha2-nistp384-cert-v01@openssh.com, ecdsa-sha2-nistp521-cert-v01@openssh.com, ssh-ed25519-cert-v01@openssh.com, rsa-sha2-512-cert-v01@openssh.com, rsa-sha2-256-cert-v01@openssh.com, ecdsa-sha2-nistp256, ecdsa-sha2-nistp384, ecdsa-sha2-nistp521, ssh-ed25519, sk-ecdsa-sha2-nistp256@openssh.com, sk-ssh-ed25519@openssh.com, rsa-sha2-512, rsa-sha2-256, ssh-rsa] // >> getVersion : APACHE-SSHD-2.15.0 ``` #### theme management ```bash def theme = null // Check if Simple Theme Plugin is installed def themeManager = jenkins.model.Jenkins.instance.getExtensionList('org.codefirst.SimpleThemeDecorator') if ( themeManager && themeManager.size() > 0 ) { theme = themeManager[0].getUrl() println( "Current theme URL: ${theme}" ) } else { println("No theme plugin detected, using default Jenkins theme.") } // Example logic to infer Dark Theme if ( theme && theme.toLowerCase().contains("dark") ) { println("Jenkins is using a Dark Theme.") } else { println("Jenkins is not using a Dark Theme.") } ``` #### RABC > \[!NOTE|label:references:] > > * scripts: > * [GroupsFromLDAP.groovy](https://github.com/cloudbees/jenkins-scripts/blob/master/GroupsFromLDAP.groovy) > * [FindAllGroupsInFolders.groovy](https://github.com/cloudbees/jenkins-scripts/blob/master/FindAllGroupsInFolders.groovy) > * [RBAC\_Example.groovy](https://github.com/cloudbees/jenkins-scripts/blob/master/RBAC_Example.groovy) > * [TriggerRestrictionsAudit.groovy](https://github.com/cloudbees/jenkins-scripts/blob/master/TriggerRestrictionsAudit.groovy) ### jobs & builds > \[!TIP|label:get more:] > > * [\* imarslo : jobs](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/job.html) > * [\* imarslo : builds](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html) #### list build status with percentage * [get all builds result percentage](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-all-builds-result-percentage) * [get builds result percentage within 24 hours](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-percentage-within-24-hours) * [get builds result and percentage within certain start-end time](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-and-percentage-within-certain-start-end-time) #### get all builds status during certain start-end time * [list all builds within 24 hours](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#list-all-builds-within-24-hours) * [get last 24 hours failure builds](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-last-24-hours-failure-builds) * [get last 24 hours failure builds via Map structure](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-last-24-hours-failure-builds-via-map-structure) * [get builds result during certain start-end time](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-during-certain-start-end-time) * [get builds result and percentage within certain start-end time](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-and-percentage-within-certain-start-end-time) #### [list builds which running for more than 24 hours](https://raw.githubusercontent.com/cloudbees/jenkins-scripts/master/builds-running-more-than-24h.groovy) * [list job which running for more than 24 hours](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#list-all-builds-within-24-hours) * [get last 24 hours failure builds](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-last-24-hours-failure-builds) * [get last 24 hours failure builds via Map structure](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-last-24-hours-failure-builds-via-map-structure) * [get builds result percentage within 24 hours](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-percentage-within-24-hours) * [get builds result during certain start-end time](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-during-certain-start-end-time) * [get builds result and percentage within certain start-end time](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/script/build.html#get-builds-result-and-percentage-within-certain-start-end-time) #### [get workspace](https://github.com/jenkinsci/job-dsl-plugin/blob/master/docs/User-Power-Moves.md#list-the-files-in-a-jenkins-jobs-workspace) ```groovy hudson.FilePath workspace = hudson.model.Executor.currentExecutor().getCurrentWorkspace() ``` * [get absolute path](https://github.com/jenkinsci/job-dsl-plugin/wiki/Job-DSL-Commands#script-location) ```groovy println( "script directory: ${new File(__FILE__).parent.absolutePath}" ) ``` #### [shelve jobs](https://support.cloudbees.com/hc/en-us/articles/236353928-Groovy-Scripts-To-Shelve-Jobs) ```groovy // you have to install the Shelve Project Plugin on your Jenkins Master // the maximum value for daysBack is 365, going beyond 365 will break the script. import org.jvnet.hudson.plugins.shelveproject.ShelveProjectTask def daysBack = 365; jenkins.model.Jenkins.instance.getAllItems( AbstractProject.class ).each { it -> def lastBuild = it.getLastBuild() if( lastBuild != null ) { def back = Calendar.getInstance() back.set( Calendar.DAY_OF_YEAR,back.get(Calendar.DAY_OF_YEAR) - daysBack ) if ( lastBuild.getTime().compareTo(back.getTime()) < 0 ) { println it.name + " was built over " + daysBack + " days ago: " + lastBuild.getTime() if ( it instanceof AbstractProject ){ def spt= new ShelveProjectTask(it) Hudson.getInstance().getQueue().schedule(spt , 0 ); } else { println it.name + " was not shelved ----------- " } } } } ``` ### plugins #### via api : [imarslo: list plugins](https://github.com/marslo/ibook/blob/marslo/docs/jenkins/api.html#list-plugins) #### [simple list](https://stackoverflow.com/a/35292719/2940319) ```groovy jenkins.model.Jenkins.instance .pluginManager .plugins .each { plugin -> println ( "${plugin.getDisplayName()} (${plugin.getShortName()}): ${plugin.getVersion()}" ) } ``` #### list for helm-value.yaml ```groovy jenkins.model.Jenkins.instance .pluginManager .plugins .sort(false) { a, b -> a.getShortName().toLowerCase() <=> b.getShortName().toLowerCase() } .each { plugin -> println "- ${plugin.getShortName()}:${plugin.getVersion()}" } "DONE" ``` #### [with delegate to Servlet container security realm](https://www.jenkins.io/doc/book/security/access-control/permissions/) ```groovy ExtensionList.lookup( UnprotectedRootAction ).each { println String.format( "URL: '%s/' provided by '%s' in '%s'", it.urlName, Jenkins.get().pluginManager.whichPlugin(it.class)?.shortName?:"Jenkins Core", it.class.name ) } ``` #### list plugin and dependencies ```groovy println jenkins.model.Jenkins.instance.pluginManager.plugins .sort(false) { a, b -> a.getShortName().toLowerCase() <=> b.getShortName().toLowerCase() } .collect { plugin -> "~~> ${plugin.shortName} : ${plugin.version} : ${plugin.displayName}" + ( plugin.dependants ? "\n\t+++ ${plugin.dependants.join('\n\t+++ ')}" : '' ) + ( plugin.dependencies ? "\n\t... ${plugin.dependencies.join('\n\t... ')}" : '' ) } .join('\n') ``` * get specific plugin dependencies ```groovy List keywords = [ 'jsch' ] println jenkins.model.Jenkins.instance.pluginManager.plugins .findAll { plugin -> keywords.any { it == plugin.shortName } } .sort(false) { a, b -> a.getShortName().toLowerCase() <=> b.getShortName().toLowerCase() } .collect { plugin -> "~~> ${plugin.shortName} : ${plugin.version} : ${plugin.displayName}" + ( plugin.dependants ? "\n\t+++ ${plugin.dependants.join('\n\t+++ ')}" : '' ) + ( plugin.dependencies ? "\n\t... ${plugin.dependencies.join('\n\t... ')}" : '' ) } .join('\n') ``` * get dependency tree ```groovy import hudson.PluginWrapper def getDependencyTree( String keyword, Integer benchmark = 2, Integer index = 0 ) { String prefix = index ? '\t' + "|\t"*(index-1) + "|... " : '' PluginWrapper plugin = jenkins.model.Jenkins.instance.pluginManager.plugins.find { keyword == it.shortName } List dependencies = plugin.collect { it.dependencies }.flatten() ?: [] println prefix + "${plugin.shortName} ( ${plugin.version} )" if ( dependencies && benchmark != index ) { dependencies.collect{ it.shortName }.each { getDependencyTree (it, benchmark, index+1) } } } getDependencyTree( 'jsch', 100 ) "DONE" ``` * result ```groovy jsch ( 0.2.8-65.v052c39de79b_2 ) |... ssh-credentials ( 305.v8f4381501156 ) | |... credentials ( 1254.vb_96f366e7b_a_d ) | | |... structs ( 324.va_f5d6774f3a_d ) | | | |... javax-activation-api ( 1.2.0-6 ) | | | |... javax-mail-api ( 1.6.2-9 ) | | | | |... javax-activation-api ( 1.2.0-6 ) | | | |... instance-identity ( 173.va_37c494ec4e5 ) | | | | |... bouncycastle-api ( 2.28 ) | | |... configuration-as-code ( 1647.ve39ca_b_829b_42 ) | | | |... caffeine-api ( 3.1.6-115.vb_8b_b_328e59d8 ) | | | |... commons-text-api ( 1.10.0-36.vc008c8fcda_7b_ ) | | | | |... commons-lang3-api ( 3.12.0-36.vd97de6465d5b_ ) | | | | | |... javax-activation-api ( 1.2.0-6 ) | | | | | |... javax-mail-api ( 1.6.2-9 ) | | | | | | |... javax-activation-api ( 1.2.0-6 ) | | | | | |... instance-identity ( 173.va_37c494ec4e5 ) | | | | | | |... bouncycastle-api ( 2.28 ) | | | |... snakeyaml-api ( 1.33-95.va_b_a_e3e47b_fa_4 ) | |... trilead-api ( 2.84.v72119de229b_7 ) | |... instance-identity ( 173.va_37c494ec4e5 ) | | |... bouncycastle-api ( 2.28 ) |... trilead-api ( 2.84.v72119de229b_7 ) |... javax-activation-api ( 1.2.0-6 ) |... javax-mail-api ( 1.6.2-9 ) | |... javax-activation-api ( 1.2.0-6 ) |... instance-identity ( 173.va_37c494ec4e5 ) | |... bouncycastle-api ( 2.28 ) ``` * [others](https://stackoverflow.com/a/56864983/2940319) ```groovy def plugins = jenkins.model.Jenkins.instance .pluginManager .plugins .sort(false) { a, b -> a.getShortName().toLowerCase() <=> b.getShortName().toLowerCase() } println "jenkins instance : ${jenkins.model.Jenkins.instance.getComputer('').hostName} + ${jenkins.model.Jenkins.instance.rootUrl}\n" + "installed plugins:\n==================" plugins.each { plugin -> println " ${plugin.getShortName()} : ${plugin.getVersion()} | ${plugin.getDisplayName()}" } println "\nplugins dependency tree (...: dependencies; +++: dependants) :\n=======================" plugins.each { plugin -> println """ ${plugin.getShortName()} : ${plugin.getVersion()} | ${plugin.getDisplayName()} +++ ${plugin.getDependants()} ... ${plugin.getDependencies()} """ } ``` * or ```groovy def jenkins = jenkins.model.Jenkins.instance println """ Jenkins Instance : ${jenkins.getComputer('').hostName} + ${jenkins.rootUrl} Installed Plugins: ================== """ jenkins.pluginManager .plugins .sort(false) { a, b -> a.getShortName().toLowerCase() <=> b.getShortName().toLowerCase() }.each { plugin -> println "${plugin.getShortName()}: ${plugin.getVersion()} | ${plugin.getDisplayName()}" } println """ Plugins Dependency tree (...: dependencies; +++: dependants) : ======================= """ jenkins.pluginManager .plugins .sort(false) { a, b -> a.getShortName().toLowerCase() <=> b.getShortName().toLowerCase() }.each { plugin -> println """ ${plugin.getShortName()} : ${plugin.getVersion()} | ${plugin.getDisplayName()} +++ ${plugin.getDependants()} ... ${plugin.getDependencies()} """ } ``` ### scriptApproval {% hint style="info" %} > references: > > * [Class ScriptApproval](https://javadoc.jenkins.io/plugin/script-security/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.html) > * [ScriptApproval.java](https://github.com/jenkinsci/script-security-plugin/blob/master/src/main/java/org/jenkinsci/plugins/scriptsecurity/scripts/ScriptApproval.java) > * [jenkins.model.CauseOfInterruption](https://programtalk.com/java-api-usage-examples/jenkins.model.CauseOfInterruption/) > * scripts: > * [approve-pending-signatures.groovy](https://github.com/cloudbees/jenkins-scripts/blob/master/approve-pending-signatures.groovy) > * [SecureGroovyScript.java](https://github.com/jenkinsci/script-security-plugin/blob/master/src/main/java/org/jenkinsci/plugins/scriptsecurity/sandbox/groovy/SecureGroovyScript.java) > {% endhint %} #### backup & restore all scriptApproval items * backup ```groovy import java.lang.reflect.* import jenkins.model.Jenkins import jenkins.model.* import org.jenkinsci.plugins.scriptsecurity.scripts.* import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.* import static groovy.json.JsonOutput.* scriptApproval = ScriptApproval.get() alreadyApproved = new HashSet<>(Arrays.asList(scriptApproval.getApprovedSignatures())) println prettyPrint( toJson(alreadyApproved.sort()) ) ``` * restore ```bash def scriptApproval = org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval.get() String[] signs = [ 'method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses' , 'method org.jenkinsci.plugins.workflow.support.steps.input.Rejection getUser' ] for( String sign : signs ) { scriptApproval.approveSignature( sign ) } scriptApproval.save() ``` * [example](https://stackoverflow.com/a/55714171/2940319) ```groovy import java.lang.reflect.*; import jenkins.model.Jenkins; import jenkins.model.*; import org.jenkinsci.plugins.scriptsecurity.scripts.*; import org.jenkinsci.plugins.scriptsecurity.sandbox.whitelists.*; import static groovy.json.JsonOutput.* ScriptApproval scriptApproval = ScriptApproval.get() HashSet alreadyApproved = new HashSet<>(Arrays.asList(scriptApproval.getApprovedSignatures())) Closure approveSignature = { String signature -> if ( ! alreadyApproved?.contains(signature) ) scriptApproval.approveSignature( signature ) } [ 'field org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval$PendingSignature dangerous' , 'field org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval$PendingSignature signature' , 'method org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval$PendingThing getContext' , 'method org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval approveSignature java.lang.String' , 'method org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval getPendingScripts' , 'method org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval getPendingSignatures' , 'staticMethod org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval get' , 'staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods flatten java.util.Set' , 'method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild' ].each { println "~~> ${it}"; approveSignature(it) } scriptApproval.save() ``` * Jenkinsfile ```groovy #!/usr/bin/env groovy import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval timestamps { ansiColor('xterm') { def requester = currentBuild.rawBuild.getCause(UserIdCause.class)?.getUserId() ?: 'jenkins' final List description = [] try { ScriptApproval scriptApproval = ScriptApproval.get() final LinkedHashSet pendingScripts = new HashSet<>(Arrays.asList( scriptApproval.getPendingScripts() )).flatten() final LinkedHashSet pendingSignature = new HashSet<>(Arrays.asList( scriptApproval.getPendingSignatures() )).flatten() if ( ! pendingScripts && ! pendingSignature ) { currentBuild.description = 'NOT_BUILT: nothing can be approved' currentBuild.rawBuild.executor.interrupt( Result.NOT_BUILT ) } if ( pendingScripts ) { println 'scripts pending approval ...' pendingScripts.collect().each { ps -> String log = "${ps.context.user}@${ps.context.psem.fullName} : ${ps.hash} ( ${ps.language.class.simpleName} )" description << log println "~~> ${log}. scripts: \n ${ps.script}" scriptApproval.approveScript( ps.hash ) } scriptApproval.save() } // pendingScripts if ( pendingSignature ) { println 'signatures pending approval ...' pendingSignature.collect().each { ps -> String signature = ps.signature if ( ! ps.dangerous ) { description << signature println "~~> '${signature}'" scriptApproval.approveSignature( signature ) } else { println "~~> '${signature}' is too dangerous to be approval automatically. contact with Jenkins administrator." } scriptApproval.save() } } } catch(e) { def sw = new StringWriter() e.printStackTrace( new PrintWriter(sw) ) echo sw.toString() throw e } finally { if ( description ) { currentBuild.description = "@${requesterId} " + "${buildResults.isSuccess(currentBuild.currentResult) ? 'successful' : 'failed to'} " + "approved : '${description.join('; ')}'" } } // try/catch/finally }} // ansiColor | timestamps // vim:tabstop=2:softtabstop=2:shiftwidth=2:expandtab:filetype=Jenkinsfile ``` * automatic approval ```groovy // libs.groovy def autoAccept( Closure body ) { try { body() } catch ( org.jenkinsci.plugins.scriptsecurity.sandbox.RejectedAccessException e ) { String msg = "NOT_BUILT : interrupted by approval scripts or signature" def cause = { msg as String } as CauseOfInterruption currentBuild.rawBuild.executor.interrupt( Result.NOT_BUILT, cause ) currentBuild.description = msg build wait: false, job: '/marslo/scriptApproval' } } // jenkinsfile libs.autoAccept() { ...content... } ``` #### automatic approval all pending * [list pending scriptApproval](https://stackoverflow.com/a/55940005/2940319) ```groovy import org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval ScriptApproval scriptApproval = ScriptApproval.get() scriptApproval.pendingScripts.each { scriptApproval.approveScript( it.hash ) } ``` * [job dsl support for scriptapproval](https://issues.jenkins-ci.org/browse/JENKINS-31201?focusedCommentId=285330\&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-285330) ```groovy import jenkins.model.Jenkins def scriptApproval = jenkins.model.Jenkins.instance .getExtensionList('org.jenkinsci.plugins.scriptsecurity.scripts.ScriptApproval')[0] def hashesToApprove = scriptApproval.pendingScripts .findAll{ it.script.startsWith(approvalPrefix) } .collect{ it.getHash() } hashesToApprove.each { scriptApproval.approveScript(it) } ``` #### [disable the scriptApproval](https://stackoverflow.com/a/49372857/2940319) > \[!NOTE|label:@deprecated] > > * file: `$JENKINS_HOME/init.groovy.d/disable-script-security.groovy` ```groovy import javaposse.jobdsl.plugin.GlobalJobDslSecurityConfiguration import jenkins.model.GlobalConfiguration // disable Job DSL script approval GlobalConfiguration.all().get(GlobalJobDslSecurityConfiguration.class).useScriptSecurity=false GlobalConfiguration.all().get(GlobalJobDslSecurityConfiguration.class).save() ``` --- # Agent Instructions This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com. ## Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://imarslo.gitbook.io/ibook/jenkins/script.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.