Jenkins常用插件
- 添加Github授权认证(Github OAuth Plugin)
- 在全局安全配置中,选择安全领域为GitHub验证插件。
- 要配置的设置有:GitHub Web URI,GitHub API URI,客户端ID,客户端密钥和OAuth范围。
- 如果您使用GitHub Enterprise,则API URI为https://ghe.example.com/api/v3。
- 推荐的最低GitHub OAuth范围为:org,user:email。
通过脚本控制台自动配置安全领域
import hudson.security.SecurityRealm
import org.jenkinsci.plugins.GithubSecurityRealm
String githubWebUri = 'https://github.com'
String githubApiUri = 'https://api.github.com'
String clientID = 'someid'
String clientSecret = 'somesecret'
String oauthScopes = 'read:org'
SecurityRealm github_realm = new GithubSecurityRealm(githubWebUri, githubApiUri, clientID, clientSecret, oauthScopes)
//check for equality, no need to modify the runtime if no settings changed
if(!github_realm.equals(Jenkins.instance.getSecurityRealm())) {
Jenkins.instance.setSecurityRealm(github_realm)
Jenkins.instance.save()
}
通过脚本控制台自动配置授权策略
import org.jenkinsci.plugins.GithubAuthorizationStrategy
import hudson.security.AuthorizationStrategy
//permissions are ordered similar to web UI
//Admin User Names
String adminUserNames = 'samrocketman'
//Participant in Organization
String organizationNames = ''
//Use Github repository permissions
boolean useRepositoryPermissions = true
//Grant READ permissions to all Authenticated Users
boolean authenticatedUserReadPermission = false
//Grant CREATE Job permissions to all Authenticated Users
boolean authenticatedUserCreateJobPermission = false
//Grant READ permissions for /github-webhook
boolean allowGithubWebHookPermission = false
//Grant READ permissions for /cc.xml
boolean allowCcTrayPermission = false
//Grant READ permissions for Anonymous Users
boolean allowAnonymousReadPermission = false
//Grant ViewStatus permissions for Anonymous Users
boolean allowAnonymousJobStatusPermission = false
AuthorizationStrategy github_authorization = new GithubAuthorizationStrategy(adminUserN