Skip to content

Commit

Permalink
Update Matrix Security syntax Because of Plugin upgrade (#957)
Browse files Browse the repository at this point in the history 
* migrate to new matrix security plugin syntax, leave old syntax commented out for reference, Copilot is our friend

* Add commas to separate elements in the array because Groovy
  • Loading branch information
@karianna
karianna authored Mar 5, 2024
1 parent 3f4d0de commit 8b483bc
Show file tree
Hide file tree
Showing 3 changed files with 182 additions and 26 deletions.
68 changes: 60 additions & 8 deletions pipelines/build/common/create_job_from_template.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -72,16 +72,68 @@ pipelineJob("$buildFolder/$JOB_NAME") {
// Do not inherit permissions from global configuration
nonInheriting()
}
permissions(['GROUP:hudson.model.Item.Build:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build-triage',

entries {
group {
name('AdoptOpenJDK*build')
permissions(
[
'Job/Build', // 'hudson.model.Item.Build'
'Job/Cancel', // 'hudson.model.Item.Cancel'
'Job/Configure', // 'hudson.model.Item.Configure'
'Job/Read', // 'hudson.model.Item.Read'
'Job/Workspace', // 'hudson.model.Item.Workspace'
'Run/Update' // 'hudson.model.Run.Update'
])

}
group {
name('AdoptOpenJDK*build-triage')
permissions(
[
'Job/Build', // 'hudson.model.Item.Build'
'Job/Cancel', // 'hudson.model.Item.Cancel'
'Job/Configure', // 'hudson.model.Item.Configure'
'Job/Read', // 'hudson.model.Item.Read'
'Job/Workspace', // 'hudson.model.Item.Workspace'
'Run/Update' // 'hudson.model.Run.Update'
])
}
// eclipse-temurin-bot needs read access for TRSS
user {
name('eclipse-temurin-bot')
permissions(
[
'Job/Read' // 'hudson.model.Item.Read'
])
}
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance for copying artifacts
user {
name('eclipse-temurin-compliance-bot')
permissions(
[
'Job/Read' // 'hudson.model.Item.Read'
])
}
}

//permissions([
//'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build-triage', MIGRATED
// eclipse-temurin-bot needs read access for TRSS
'USER:hudson.model.Item.Read:eclipse-temurin-bot',
//'USER:hudson.model.Item.Read:eclipse-temurin-bot', MIGRATED
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance
'USER:hudson.model.Item.Read:eclipse-temurin-compliance-bot',
'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build', 'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build-triage'])
//'USER:hudson.model.Item.Read:eclipse-temurin-compliance-bot', MIGRATED
//'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build-triage']) MIGRATED
}
}
disableConcurrentBuilds()
Expand Down
68 changes: 60 additions & 8 deletions pipelines/jobs/pipeline_job_template.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -65,16 +65,68 @@ pipelineJob("${BUILD_FOLDER}/${JOB_NAME}") {
// Do not inherit permissions from global configuration
nonInheriting()
}
permissions(['GROUP:hudson.model.Item.Build:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build-triage',

entries {
group {
name('AdoptOpenJDK*build')
permissions(
[
'Job/Build', // 'hudson.model.Item.Build'
'Job/Cancel', // 'hudson.model.Item.Cancel'
'Job/Configure', // 'hudson.model.Item.Configure'
'Job/Read', // 'hudson.model.Item.Read'
'Job/Workspace', // 'hudson.model.Item.Workspace'
'Run/Update' // 'hudson.model.Run.Update'
])

}
group {
name('AdoptOpenJDK*build-triage')
permissions(
[
'Job/Build', // 'hudson.model.Item.Build'
'Job/Cancel', // 'hudson.model.Item.Cancel'
'Job/Configure', // 'hudson.model.Item.Configure'
'Job/Read', // 'hudson.model.Item.Read'
'Job/Workspace', // 'hudson.model.Item.Workspace'
'Run/Update' // 'hudson.model.Run.Update'
])
}
// eclipse-temurin-bot needs read access for TRSS
user {
name('eclipse-temurin-bot')
permissions(
[
'Job/Read' // 'hudson.model.Item.Read'
])
}
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance for copying artifacts
user {
name('eclipse-temurin-compliance-bot')
permissions(
[
'Job/Read' // 'hudson.model.Item.Read'
])
}
}

//permissions([
//'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build-triage', MIGRATED
// eclipse-temurin-bot needs read access for TRSS
'USER:hudson.model.Item.Read:eclipse-temurin-bot',
//'USER:hudson.model.Item.Read:eclipse-temurin-bot', MIGRATED
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance
'USER:hudson.model.Item.Read:eclipse-temurin-compliance-bot',
'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build', 'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build-triage'])
//'USER:hudson.model.Item.Read:eclipse-temurin-compliance-bot', MIGRATED
//'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build-triage']) MIGRATED
}
}
pipelineTriggers {
Expand Down
72 changes: 62 additions & 10 deletions pipelines/jobs/release_pipeline_job_template.groovy
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,16 +43,68 @@ pipelineJob("${BUILD_FOLDER}/${JOB_NAME}") {
// Do not inherit permissions from global configuration
nonInheriting()
}
permissions(['GROUP:hudson.model.Item.Build:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build-triage',
// eclipse-temurin-bot needs read access for TRSS
'USER:hudson.model.Item.Read:eclipse-temurin-bot',
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance
'USER:hudson.model.Item.Read:eclipse-temurin-compliance-bot',
'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build', 'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build-triage',
'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build', 'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build-triage'])

entries {
group {
name('AdoptOpenJDK*build')
permissions(
[
'Job/Build', // 'hudson.model.Item.Build'
'Job/Cancel', // 'hudson.model.Item.Cancel'
'Job/Configure', // 'hudson.model.Item.Configure'
'Job/Read', // 'hudson.model.Item.Read'
'Job/Workspace', // 'hudson.model.Item.Workspace'
'Run/Update' // 'hudson.model.Run.Update'
])

}
group {
name('AdoptOpenJDK*build-triage')
permissions(
[
'Job/Build', // 'hudson.model.Item.Build'
'Job/Cancel', // 'hudson.model.Item.Cancel'
'Job/Configure', // 'hudson.model.Item.Configure'
'Job/Read', // 'hudson.model.Item.Read'
'Job/Workspace', // 'hudson.model.Item.Workspace'
'Run/Update' // 'hudson.model.Run.Update'
])
}
// eclipse-temurin-bot needs read access for TRSS
user {
name('eclipse-temurin-bot')
permissions(
[
'Job/Read' // 'hudson.model.Item.Read'
])
}
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance for copying artifacts
user {
name('eclipse-temurin-compliance-bot')
permissions(
[
'Job/Read' // 'hudson.model.Item.Read'
])
}

//permissions([
//'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Build:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Cancel:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Configure:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Read:AdoptOpenJDK*build-triage', MIGRATED
// eclipse-temurin-bot needs read access for TRSS
//'USER:hudson.model.Item.Read:eclipse-temurin-bot', MIGRATED
// eclipse-temurin-compliance bot needs read access for https://ci.eclipse.org/temurin-compliance
//'USER:hudson.model.Item.Read:eclipse-temurin-compliance-bot', MIGRATED
//'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Item.Workspace:AdoptOpenJDK*build-triage', MIGRATED
//'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build', MIGRATED
//'GROUP:hudson.model.Run.Update:AdoptOpenJDK*build-triage']) MIGRATED
}
}
copyArtifactPermission {
projectNames('*')
Expand Down

0 comments on commit 8b483bc

Please sign in to comment.