[ALS-4893] Pin versions of both jenkins and plugins (#78)

* Add current versions of plugins * Pin jenkins version * Update plugins.txt * Switch plugins file to yml * Update plugins.yml * Update plugins.yml * Update versions * Update Dockerfile * Update plugins.yml * Update config.xml move from &quot and &amp to the character literals * Update config.xml Revert && for && * Update analytics_id field to analyticsId * Update analytics id field * Add more GA sites to the CSP --------- Co-authored-by: Gcolon021 <34667267+Gcolon021@users.noreply.github.com>
hms-dbmi · Sep 12, 2023 · 276e63b · 276e63b
1 parent 47d8eb1
commit 276e63b
Show file tree

Hide file tree

Showing 6 changed files with 84 additions and 35 deletions.
diff --git a/initial-configuration/config/httpd/httpd-vhosts.conf b/initial-configuration/config/httpd/httpd-vhosts.conf
@@ -62,7 +62,7 @@ ServerTokens Prod
     # unsafe-inline - Allows inline JavaScript, CSS, and event handlers
     # style-src - Allows inline styles but only from the same origin
     # img-src - Allows images from the same origin and data: URIs
-    Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://www.googletagmanager.com; img-src 'self' data:;"
+    Header always set Content-Security-Policy "frame-ancestors 'none'; default-src 'self'; style-src 'self' 'unsafe-inline'; worker-src 'self' blob:; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://*.googletagmanager.com; img-src 'self' data: https://*.google-analytics.com https://*.googletagmanager.com; connect-src 'self' https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com;"
 
     # A fall back for legacy browsers that don't yet support CSP frame-ancestors.
     Header always set X-Frame-Options "DENY"

diff --git a/initial-configuration/config/httpd/picsureui_settings.json b/initial-configuration/config/httpd/picsureui_settings.json
@@ -21,5 +21,5 @@
   "customizeAuth0Login": true,
   "auth0domain":"__AUTH0_DOMAIN__",
   "client_id":"__PIC_SURE_CLIENT_ID__",
-  "analytics_id": "__ANALYTICS_ID__"
+  "analyticsId": "__ANALYTICS_ID__"
 }
diff --git a/initial-configuration/jenkins/jenkins-docker/Dockerfile b/initial-configuration/jenkins/jenkins-docker/Dockerfile
@@ -1,6 +1,6 @@
-FROM jenkins/jenkins:latest
+FROM jenkins/jenkins:2.421-jdk11
 
-COPY plugins.txt /usr/share/jenkins/ref/plugins.txt
+COPY plugins.yml /usr/share/jenkins/ref/plugins.yml
 
 COPY config.xml /var/jenkins_home/config.xml
 
@@ -26,4 +26,4 @@ RUN apt-get install jq -y
 
 RUN apt-get -y install uuid-runtime
 
-RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.txt
+RUN jenkins-plugin-cli --plugin-file /usr/share/jenkins/ref/plugins.yml
diff --git a/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml b/initial-configuration/jenkins/jenkins-docker/jobs/Configure Google Analytics/config.xml
@@ -29,20 +29,20 @@
                 # If the $ANALYTICS_ID variable is blank, set it to __ANALYTICS_ID__
                 : ${ANALYTICS_ID:="__ANALYTICS_ID__"}
 
-                # Check for the presence of the analytics_id key and fetch its value
-                value=$(jq -r 'select(.analytics_id != null) | .analytics_id' /usr/local/docker-config/httpd/picsureui_settings.json)
+                # Check for the presence of the analyticsId key and fetch its value
+                value=$(jq -r 'select(.analyticsId != null) | .analyticsId' /usr/local/docker-config/httpd/picsureui_settings.json)
 
                 # Check if the key is missing
                 if [[ -z $value ]]; then
-                # Add the analytics_id key with value of $ANALYTICS_ID
-                jq --arg ANALYTICS_ID &quot;$ANALYTICS_ID&quot; '. + {&quot;analytics_id&quot;: $ANALYTICS_ID}' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json &amp;&amp; mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json
+                # Add the analyticsId key with value of $ANALYTICS_ID
+                jq --arg ANALYTICS_ID "$ANALYTICS_ID" '. + {"analyticsId": $ANALYTICS_ID}' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json &amp;&amp; mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json
                 else
                 # Replace the old value with the value of $ANALYTICS_ID
-                jq --arg ANALYTICS_ID &quot;$ANALYTICS_ID&quot; '.analytics_id = $ANALYTICS_ID' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json &amp;&amp; mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json
+                jq --arg ANALYTICS_ID "$ANALYTICS_ID" '.analyticsId = $ANALYTICS_ID' /usr/local/docker-config/httpd/picsureui_settings.json > /tmp/temp.json &amp;&amp; mv /tmp/temp.json /usr/local/docker-config/httpd/picsureui_settings.json
                 fi
             </command>
         </hudson.tasks.Shell>
     </builders>
     <publishers/>
     <buildWrappers/>
-</project>
+</project>
diff --git a/initial-configuration/jenkins/jenkins-docker/plugins.txt b/initial-configuration/jenkins/jenkins-docker/plugins.txt
diff --git a/initial-configuration/jenkins/jenkins-docker/plugins.yml b/initial-configuration/jenkins/jenkins-docker/plugins.yml
@@ -0,0 +1,73 @@
+plugins:
+  - artifactId: groovy
+    source:
+      version: 453.vcdb_a_c5c99890
+  - artifactId: timestamper
+    source:
+      version: 1.26
+  - artifactId: credentials-binding
+    source:
+      version: 626.v8d9034b_8ea_cc
+  - artifactId: email-ext
+    source:
+      version: 2.99
+  - artifactId: build-timeout
+    source:
+      version: 1.31
+  - artifactId: workflow-aggregator
+    source:
+      version: 596.v8c21c963d92d
+  - artifactId: pipeline-stage-view
+    source:
+      version: 2.33
+  - artifactId: ant
+    source:
+      version: 487.vd79d090d4ea_e
+  - artifactId: github-branch-source
+    source:
+      version: 1728.v859147241f49
+  - artifactId: ssh-slaves
+    source:
+      version: 2.877.v365f5eb_a_b_eec
+  - artifactId: pipeline-github-lib
+    source:
+      version: 42.v0739460cda_c4
+  - artifactId: matrix-auth
+    source:
+      version: 3.2
+  - artifactId: mailer
+    source:
+      version: 457.v3f72cb_e015e5
+  - artifactId: antisamy-markup-formatter
+    source:
+      version: 159.v25b_c67cd35fb_
+  - artifactId: gradle
+    source:
+      version: 2.8.2
+  - artifactId: pam-auth
+    source:
+      version: 1.10
+  - artifactId: git
+    source:
+      version: 5.2.0
+  - artifactId: ws-cleanup
+    source:
+      version: 0.45
+  - artifactId: subversion
+    source:
+      version: 2.17.3
+  - artifactId: ldap
+    source:
+      version: 694.vc02a_69c9787f
+  - artifactId: cloudbees-folder
+    source:
+      version: 6.848.ve3b_fd7839a_81
+  - artifactId: list-git-branches-parameter
+    source:
+      version: 0.0.13
+  - artifactId: copyartifact
+    source:
+      version: 714.v28a_34f8c563f
+  - artifactId: docker-workflow
+    source:
+      version: 572.v950f58993843