ls1intum · b-fein · Sep 16, 2024 · Sep 19, 2024 · Sep 21, 2024 · b-fein
@@ -485,48 +485,48 @@ do either do it manually or using the following command:
 
 2. You can now first build and deploy Jenkins, then you can also start the other services which weren't started yet:
 
-    .. code:: bash
+   .. code:: bash
 
-       JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f docker/<Jenkins setup to be launched>.yml up --build -d jenkins
-       docker compose -f docker/<Jenkins setup to be launched>.yml up -d
+      JAVA_OPTS=-Djenkins.install.runSetupWizard=false docker compose -f docker/<Jenkins setup to be launched>.yml up --build -d jenkins
+      docker compose -f docker/<Jenkins setup to be launched>.yml up -d
 
    Jenkins is then reachable under ``http://localhost:8082/`` and you can login using the credentials specified
    in ``jenkins-casc-config-gitlab.yml`` (defaults to ``artemis_admin`` as both username and password).
 
 3. The `application-local.yml` must be adapted with the values configured in ``jenkins-casc-config-gitlab.yml``:
 
-.. code:: yaml
-
-    artemis:
-        user-management:
-            use-external: false
-            internal-admin:
-                username: artemis_admin
-                password: artemis_admin
-        version-control:
-            url: http://localhost:8081
-            user: artemis_admin
-            password: artemis_admin
-        continuous-integration:
-            user: artemis_admin
-            password: artemis_admin
-            url: http://localhost:8082
-            vcs-credentials: artemis_gitlab_admin_credentials
-            artemis-authentication-token-key: artemis_notification_plugin_token
-            artemis-authentication-token-value: artemis_admin
+   .. code:: yaml
 
-5. Open the ``src/main/resources/config/application-jenkins.yml`` and change the following:
+       artemis:
+           user-management:
+               use-external: false
+               internal-admin:
+                   username: artemis_admin
+                   password: artemis_admin
+           version-control:
+               url: http://localhost:8081
+               user: artemis_admin
+               password: artemis_admin
+           continuous-integration:
+               user: artemis_admin
+               password: artemis_admin
+               url: http://localhost:8082
+               vcs-credentials: artemis_gitlab_admin_credentials
+               artemis-authentication-token-key: artemis_notification_plugin_token
+               artemis-authentication-token-value: artemis_admin
+
+4. Open the ``src/main/resources/config/application-jenkins.yml`` and change the following:
    Again, if you are using a development setup, the template in the beginning of this page already contains the
    correct values.
 
-.. code:: yaml
+   .. code:: yaml
 
-    jenkins:
-        internal-urls:
-            ci-url: http://jenkins:8080
-            vcs-url: http://gitlab:80
+       jenkins:
+           internal-urls:
+               ci-url: http://jenkins:8080
+               vcs-url: http://gitlab:80
 
-6. You're done. You can now run Artemis with the GitLab/Jenkins environment.
+5. You're done. You can now run Artemis with the GitLab/Jenkins environment.
 
 Manual Jenkins Server Setup
 """""""""""""""""""""""""""
@@ -691,6 +691,18 @@ Start Jenkins
                user: your.chosen.username
                password: your.chosen.password
 
+11. In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden.
+    This is done be executing the following command:
+    ``docker compose -f docker/<Jenkins setup to be launched>.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < docker/jenkins/jenkins-disable-csrf.groovy``
+
+    The last step is to disable the ``use-crumb`` option in ``application-local.yml``:
+
+    .. code:: yaml
+
+       jenkins:
+           use-crumb: false
+
+
 Required Jenkins Plugins
 """"""""""""""""""""""""
 
@@ -858,6 +870,7 @@ GitLab Repository Access
            continuous-integration:
                vcs-credentials: the.id.of.the.username.and.password.credentials.from.jenkins
 
+
 Upgrading Jenkins
 """""""""""""""""
 

@@ -49,15 +49,6 @@ You can override the following configuration options in this file.
            user: <username>    # e.g. ga12abc
            token: <token>      # Enter a valid token generated by the CI system or leave this empty to use the fallback authentication user + password
            password: <password>
-           # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications
-           # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan
-           # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then
-           # triggering the plan.
-           # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in
-           # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the
-           # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself!
-           # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice.
-           secret-push-token: <token hash>
            # Key of the saved credentials for the VCS service
            # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and
            #          password for the VCS are stored

@@ -46,8 +46,6 @@ public class JenkinsBuildPlanCreator implements JenkinsXmlConfigBuilder {
 
     private static final String REPLACE_SOLUTION_CHECKOUT_PATH = "#solutionCheckoutPath";
 
-    private static final String REPLACE_PUSH_TOKEN = "#secretPushToken";
-
     private static final String REPLACE_ARTEMIS_NOTIFICATION_URL = "#notificationsUrl";
 
     private static final String REPLACE_NOTIFICATIONS_TOKEN = "#jenkinsNotificationToken";
@@ -62,9 +60,6 @@ public class JenkinsBuildPlanCreator implements JenkinsXmlConfigBuilder {
 
     private String artemisNotificationUrl;
 
-    @Value("${artemis.continuous-integration.secret-push-token}")
-    private String pushToken;
-
     @Value("${artemis.continuous-integration.vcs-credentials}")
     private String gitCredentialsKey;
 
@@ -97,7 +92,7 @@ public Document buildBasicConfig(final ProgrammingLanguage programmingLanguage,
         final String jenkinsfile = getJenkinsfile(internalVcsRepositoryURLs, programmingLanguage, checkoutSolution, buildPlanUrl);
 
         final Path configFilePath = Path.of("templates", "jenkins", "config.xml");
-        final var configFileReplacements = Map.of(REPLACE_PIPELINE_SCRIPT, jenkinsfile, REPLACE_PUSH_TOKEN, pushToken);
+        final var configFileReplacements = Map.of(REPLACE_PIPELINE_SCRIPT, jenkinsfile);
         final var xmlResource = resourceLoaderService.getResource(configFilePath);
         return JenkinsXmlFileUtils.readXmlFile(xmlResource, configFileReplacements);
     }

@@ -64,15 +64,6 @@ artemis:
     password: <password>
     token: <token>                  # Enter a valid token generated in the CI system giving Artemis full Admin access
     url: <url>
-    # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications
-    # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan
-    # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then
-    # triggering the plan.
-    # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in
-    # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the
-    # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself!
-    # You can retrieve this by getting any job.xml for a job with an activated GitLab step and your token value of choice.
-    secret-push-token: <token hash>
     # Key of the saved credentials for the VCS service
     # GitLab CI: not needed
     # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and

@@ -12,36 +12,6 @@
 <description></description>
 <keepDependencies>false</keepDependencies>
 <properties>
-    <com.dabsquared.gitlabjenkins.connection.GitLabConnectionProperty plugin="gitlab-plugin">
-        <gitLabConnection>GitLab</gitLabConnection>
-    </com.dabsquared.gitlabjenkins.connection.GitLabConnectionProperty>
-    <org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
-        <triggers>
-            <com.dabsquared.gitlabjenkins.GitLabPushTrigger plugin="gitlab-plugin">
-                <spec></spec>
-                <triggerOnPush>true</triggerOnPush>
-                <triggerOnMergeRequest>false</triggerOnMergeRequest>
-                <triggerOnPipelineEvent>false</triggerOnPipelineEvent>
-                <triggerOnAcceptedMergeRequest>false</triggerOnAcceptedMergeRequest>
-                <triggerOnClosedMergeRequest>false</triggerOnClosedMergeRequest>
-                <triggerOnApprovedMergeRequest>false</triggerOnApprovedMergeRequest>
-                <triggerOpenMergeRequestOnPush>never</triggerOpenMergeRequestOnPush>
-                <triggerOnNoteRequest>false</triggerOnNoteRequest>
-                <noteRegex>Jenkins please retry a build</noteRegex>
-                <ciSkip>true</ciSkip>
-                <skipWorkInProgressMergeRequest>true</skipWorkInProgressMergeRequest>
-                <setBuildDescription>true</setBuildDescription>
-                <branchFilterType>All</branchFilterType>
-                <includeBranchesSpec></includeBranchesSpec>
-                <excludeBranchesSpec></excludeBranchesSpec>
-                <sourceBranchRegex></sourceBranchRegex>
-                <targetBranchRegex></targetBranchRegex>
-                <secretToken>{#secretPushToken}</secretToken>
-                <pendingBuildName></pendingBuildName>
-                <cancelPendingBuildsOnUpdate>false</cancelPendingBuildsOnUpdate>
-            </com.dabsquared.gitlabjenkins.GitLabPushTrigger>
-        </triggers>
-    </org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
 </properties>
 <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="[email protected]">
     <script>#pipelineScript</script>

@@ -48,7 +48,6 @@ artemis:
         password: fake-password
         token: fake-token
         url: https://continuous-integration.fake.fake
-        secret-push-token: fake-token-hash
         vcs-credentials: fake-key
         artemis-authentication-token-key: fake-key
         artemis-authentication-token-value: fake-token