* Move pull image parameters to general section
* Allow no nesting override
* Test dockerPullImage can be set to true
As the default is false, we need to make sure it can still be set to true.
* The metadata for artifactPrepareVersion-go specifies a container for when the buildTool is maven.
* The alias to 'mavenExecute' was removed. The problem with this is that when a section containers is included in the metadata, dockerImage will always be picked up from mavenExecute, the conditional dependency on buildTool will not even be considered. Parameters such as m2Path, projectSettingsFile and globalSettingsFile should be configured in general/maven if necessary.
* When the step ends up being executed within dockerExecuteOnKubernetes, we need to preserve the .git folder. This folder would normally be excluded by the default excludes of the stash step. There was already a comment that suppressing this behavior by passing useDefaultExcludes: false was problematic (unfortunately without going into details), so I've added a new parameter to dockerExecute and dockerExecuteOnKubernetes named stashNoDefaultExcludes (note the reverted meaning to ease preserving the default behavior when this parameter is not provided). This parameter is passed to piperExecuteBin from the artifactPreferVersion groovy wrapper.
The parameter map is directly handed over from outside into the step via signature of the call method.
The container map is defined as step parameters, not as parameter handed over (only) via the parameters map.
With the current approach only the container map from the parameters is taken into account. In case the
parametersMap is defined elsewhere it is not taken into account.
* dockerExecuteOnKubernetes - add stashBack configuration
For certain cases it is valuable to only bring back some of the files from an execution inside a container back to the workspace.
This is now added.
Closes#753
* refactor according to PR review
* Take proper jnlp image as default for Kubernetes execution
Following changes are contained:
* removal of custom jnlp image as default
* allow customization of jnlp image via system environment
fixes#757
* add documentation
* dockerExecuteOnKubernetes - hide yaml by default
* hide step parameters to not leak sensitive parameter values into the log
* add more details to log output
stashing .git directory had negative side-effects.
Solution would be to stash `.git` folder and unstash in `dockerExecuteOnKubernetes` only if required for a dedicated scenario.
Certain steps should always fail, even though resilience option `failOnError=false` is used.
* Docker execution typically happens in another step. We should not hide errors here but rather handle their resilience in the step which uses `dockerExecute` and `dockerExecuteOnKubernetes`.
* Wrapper steps like `pipelineExecute`, `pipelineRestartSteps` should not hide errors. If an error occured this has to be considered as **intentional** and not hidden accidentially in case resilience option is switched on.
When dealing with stashes in dockerExecuteOnKubernetes the global
stash list was updated from the step. This resulted in stashes
transported between the steps, which in turn resulted in having
old stashes unstashed in a pod later down the build. E.g.: mtaBuild
followed by neoDeploy: mtaBuild created a stash, the stash was
rememebered in the default stash list and re-used later on by
neoDeploy. Since the stash was created before the mtaBuild the
deployable was missing in the step.
* Define pod using k8s yaml manifest
The Kubernetes plugin allows to define pods directly via the Kubernetes
API specification:
https://github.com/jenkinsci/kubernetes-plugin#using-yaml-to-define-pod-templates
This has the advantage of unlocking Kubernetes features which are not
exposed via the Kubernetes plugin, including all Kubernetes security
featues.
Using the Kubernetes API directly is also better from development
point of view because it is stable and better desgined then the API the
plugin offers.
* Make the Kubernetes ns configurable
If one Jenkins Master is used by multiple Teams, it is desirable to
schedule K8S workloads in seperatae workspaces.
* Add securityContext to define uid and fsGroup
In the context of the Jenkins k8s plugin it is uids and fsGroups play an
important role, because the containers share a common file system.
Therefore it is benefical to configure this data centraly.
* fix indention
* Undo format changes
* Extend and fix unit tests
* Fix port mapping
* Don't set uid globally
This does not work with jaas due to permissions problems.
* Fix sidecar test
* Make security context configurable at stage level
* Extract json serialization
* Cleanup unit tests
* Provide flag for skipping docker image pulls
Usefull for testing while developing images. Without pulling images it is possible to
use images available in the local registry only.
Fix stashing behavior to include all files in workspace.
This was for example an issue for PR-voting in Docker pipeline since `Dockerfile` has been excluded from stashing
