github bot SSH cannot access jakartaee/persistence repo

https://gitlab.eclipse.org/eclipsefdn/helpdesk/-/issues/3610
eclipse-cbi · Aug 29, 2023 · eadb09a · eadb09a
1 parent af8d0df
commit eadb09a
Show file tree

Hide file tree

Showing 9 changed files with 236 additions and 198 deletions.
diff --git a/instances/ee4j.jpa/config.jsonnet b/instances/ee4j.jpa/config.jsonnet
@@ -4,6 +4,7 @@
     displayName: "Jakarta Persistence",
   },
   jenkins+: {
+    version: "2.387.3",
     plugins+: [
       "copyartifact",
     ],

diff --git a/instances/ee4j.jpa/target/Dockerfile b/instances/ee4j.jpa/target/Dockerfile
@@ -1,4 +1,4 @@
-FROM docker.io/eclipsecbi/jiro-master:2.387.2
+FROM docker.io/eclipsecbi/jiro-master:2.387.3
 
 EXPOSE 8080
 EXPOSE 50000

diff --git a/instances/ee4j.jpa/target/config.json b/instances/ee4j.jpa/target/config.json
@@ -427,11 +427,11 @@
    },
    "docker": {
       "master": {
-         "dockerfile": "FROM docker.io/eclipsecbi/jiro-master:2.387.2\n\nEXPOSE 8080\nEXPOSE 50000\n\nCOPY jenkins/ref/plugins /usr/share/jenkins/ref/plugins\n\nRUN mkdir -p /usr/share/jenkins/ref/userContent/theme/\nCOPY jenkins/quicksilver.css.override /usr/share/jenkins/ref/userContent/theme/\nCOPY jenkins/title.js /usr/share/jenkins/ref/userContent/theme/\n\nUSER 10001\n",
+         "dockerfile": "FROM docker.io/eclipsecbi/jiro-master:2.387.3\n\nEXPOSE 8080\nEXPOSE 50000\n\nCOPY jenkins/ref/plugins /usr/share/jenkins/ref/plugins\n\nRUN mkdir -p /usr/share/jenkins/ref/userContent/theme/\nCOPY jenkins/quicksilver.css.override /usr/share/jenkins/ref/userContent/theme/\nCOPY jenkins/title.js /usr/share/jenkins/ref/userContent/theme/\n\nUSER 10001\n",
          "image": "ee4j.jpa",
          "registry": "docker.io",
          "repository": "eclipsecbijenkins",
-         "tag": "2.387.2"
+         "tag": "2.387.3"
       }
    },
    "gradle": {
@@ -490,9 +490,7 @@
                "View/Configure",
                "View/Create",
                "View/Delete",
-               "View/Read",
-               "Gerrit/ManualTrigger",
-               "Gerrit/Retrigger"
+               "View/Read"
             ],
             "principal": "ee4j.jpa"
          }
@@ -505,19 +503,19 @@
       "staticAgentCount": 0,
       "theme": "quicksilver",
       "timezone": "America/Toronto",
-      "version": "latest"
+      "version": "2.387.3"
    },
    "jiroMaster": {
       "docker": {
          "from": "eclipsecbi/semeru-ubuntu-coreutils:openjdk11-jammy",
          "image": "jiro-master",
          "registry": "docker.io",
          "repository": "eclipsecbi",
-         "tag": "2.387.2"
+         "tag": "2.387.3"
       },
       "dockerfile": "#*******************************************************************************\n# Copyright (c) 2020 Eclipse Foundation and others.\n# This program and the accompanying materials are made available\n# under the terms of the Eclipse Public License 2.0\n# which is available at http://www.eclipse.org/legal/epl-v20.html,\n# or the MIT License which is available at https://opensource.org/licenses/MIT.\n# SPDX-License-Identifier: EPL-2.0 OR MIT\n#*******************************************************************************\nFROM eclipsecbi/semeru-ubuntu-coreutils:openjdk11-jammy\n\n# These environment variables will be used in the uid_entrypoint script from the parent image\nENV USER_NAME=\"jenkins\"\nENV HOME=\"/var/jenkins\"\n\n# jenkins version being bundled in this docker image\nENV JENKINS_HOME=\"/var/jenkins\"\nENV JENKINS_WAR=\"/usr/share/jenkins/jenkins.war\"\nENV COPY_REFERENCE_FILE_LOG=\"/var/jenkins/copy_reference_file.log\"\nENV REF=\"/usr/share/jenkins/ref\"\n\nVOLUME [ \"/var/jenkins\", \"/var/cache/jenkins/war\", \"/var/cache/jenkins/plugins\" ]\nWORKDIR \"/var/jenkins\"\n\nENTRYPOINT [\"uid_entrypoint\", \"/usr/bin/dumb-init\", \"--\", \"/usr/local/bin/jenkins.sh\"]\n\nRUN mkdir -p $(dirname \"/usr/share/jenkins/jenkins.war\") && mkdir -p \"/usr/share/jenkins/ref\"\n\nCOPY scripts/* /usr/local/bin/\nRUN chmod ug+x /usr/local/bin/*\n\nCOPY war/jenkins.war \"/usr/share/jenkins/jenkins.war\"\nCOPY ref/ \"/usr/share/jenkins/ref/\"\n",
       "home": "/var/jenkins",
-      "id": "2.387.2",
+      "id": "2.387.3",
       "key_fingerprint": "5BA31D57EF5975CA",
       "plugin_manager": {
          "jar": "https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/2.12.11/jenkins-plugin-manager-2.12.11.jar",
@@ -539,7 +537,6 @@
          "extended-read-permission",
          "external-monitor-job",
          "extra-columns",
-         "gerrit-trigger",
          "ghprb",
          "git",
          "git-parameter",
@@ -581,9 +578,9 @@
       },
       "updateCenter": "https://updates.jenkins.io",
       "username": "jenkins",
-      "version": "2.387.2",
+      "version": "2.387.3",
       "war": "/usr/share/jenkins/jenkins.war",
-      "warBaseUrl": "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/2.387.2",
+      "warBaseUrl": "https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/2.387.3",
       "webroot": "/var/cache/jenkins/war"
    },
    "kubernetes": {
@@ -735,10 +732,6 @@
                "pull"
             ]
          }
-      },
-      "gerrit-trigger-plugin": {
-         "identityFile": "/run/secrets/jenkins/ssh/id_rsa",
-         "username": "genie.jpa"
       }
    }
 }
diff --git a/instances/ee4j.jpa/target/jenkins/configuration.yml b/instances/ee4j.jpa/target/jenkins/configuration.yml
@@ -20,32 +20,42 @@ jenkins:
 
   authorizationStrategy:
     projectMatrix:
-      permissions:
-        - "GROUP:Overall/Administer:admins"
-        - "USER:Job/Read:anonymous"
-        - "USER:Overall/Read:anonymous"
-        - "GROUP:Job/ExtendedRead:common"
-        - "GROUP:Agent/Build:ee4j.jpa"
-        - "GROUP:Credentials/View:ee4j.jpa"
-        - "GROUP:Gerrit/ManualTrigger:ee4j.jpa"
-        - "GROUP:Gerrit/Retrigger:ee4j.jpa"
-        - "GROUP:Job/Build:ee4j.jpa"
-        - "GROUP:Job/Cancel:ee4j.jpa"
-        - "GROUP:Job/Configure:ee4j.jpa"
-        - "GROUP:Job/Create:ee4j.jpa"
-        - "GROUP:Job/Delete:ee4j.jpa"
-        - "GROUP:Job/Move:ee4j.jpa"
-        - "GROUP:Job/Read:ee4j.jpa"
-        - "GROUP:Job/Workspace:ee4j.jpa"
-        - "GROUP:Overall/Read:ee4j.jpa"
-        - "GROUP:Run/Delete:ee4j.jpa"
-        - "GROUP:Run/Replay:ee4j.jpa"
-        - "GROUP:Run/Update:ee4j.jpa"
-        - "GROUP:SCM/Tag:ee4j.jpa"
-        - "GROUP:View/Configure:ee4j.jpa"
-        - "GROUP:View/Create:ee4j.jpa"
-        - "GROUP:View/Delete:ee4j.jpa"
-        - "GROUP:View/Read:ee4j.jpa"
+      entries:
+          - group:
+              name: admins
+              permissions:
+               - Overall/Administer
+          - user:
+              name: anonymous
+              permissions:
+               - Job/Read
+               - Overall/Read
+          - group:
+              name: common
+              permissions:
+               - Job/ExtendedRead
+          - group:
+              name: ee4j.jpa
+              permissions:
+               - Agent/Build
+               - Credentials/View
+               - Job/Build
+               - Job/Cancel
+               - Job/Configure
+               - Job/Create
+               - Job/Delete
+               - Job/Move
+               - Job/Read
+               - Job/Workspace
+               - Overall/Read
+               - Run/Delete
+               - Run/Replay
+               - Run/Update
+               - SCM/Tag
+               - View/Configure
+               - View/Create
+               - View/Delete
+               - View/Read
 
   markupFormatter: rawHtml
   crumbIssuer:
@@ -427,6 +437,19 @@ security:
         strategy: "triggeringUsersAuthorizationStrategy"
   sSHD:
     port: -1
+  gitHostKeyVerificationConfiguration:
+    sshHostKeyVerificationStrategy:
+      manuallyProvidedKeyVerificationStrategy:
+        approvedHostKeys: |-
+          gitlab.eclipse.org ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIBsuD5uVWgjZX3jrcvdWu0DwbbarL32mfbNAVABi4wCc
+          gitlab.eclipse.org ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCl6Wwb+m463X7a05TsllEYEmRklkwUWgqHVcvxsW6l6n9tPNcUWrcfTWupMQoONe7PuBsr6SkiYXRcSjHJy9qDXo5Nz/F/IU+EQ+haTU5pGfMRXAsQfdAB0AR5mSPOTkurRHL1sGi6jtp2wpgkbEfykcuEnmg36BCBqsARl08K6OuI2CtrKevXN0x5S5bF6vgzmvUm4aRQnF7WIg7HSOYVZIH5QGHsxsqr045xGLyk0scEIz6ZdslsinGYyvg8J9d6WJJebtjMX+KBHtXYKrFx0xqqnIYSj3WACaP32GDVFqPpxeNmJaVIJuymxsxxQMGYCsJT9diDv3dI+efu5xb
+          gitlab.eclipse.org ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBIPik0+gkBsbyVzTLvDq4ESZJMlUSZeb/tjdOHPbTLcSSlHX8R4CdqQwjWdxi4AMQ/76FXUsNH2azvkvgSh/r+E=
+          github.com,192.30.253.*,140.82.112.*,140.82.113.*,140.82.114.* ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQCj7ndNxQowgcQnjshcLrqPEiiphnt+VTTvDP6mHBL9j1aNUkY4Ue1gvwnGLVlOhGeYrnZaMgRK6+PKCUXaDbC7qtbW8gIkhL7aGCsOr/C56SJMy/BCZfxd1nWzAOxSDPgVsmerOBYfNqltV9/hWCqBywINIR+5dIg6JTJ72pcEpEjcYgXkE2YEFXV1JHnsKgbLWNlhScqb2UmyRkQyytRLtL+38TGxkxCflmO+5Z8CSSNY7GidjMIZ7Q4zMjA2n1nGrlTDkzwDCsw+wqFPGQA179cnfGWOWRVruj16z6XyvxvjJwbz0wQZ75XK5tKSb7FNyeIEs4TT4jk+S4dhPeAUC5y+bDYirYgM4GC7uEnztnZyaVWQ7B381AK4Qdrwt51ZqExKbQpTUNn+EjqoTwvqNj4kqx5QUCI0ThS/YkOxJCXmPUWZbhjpCg56i+2aB6CmK2JGhn57K5mj0MNdBXA4/WnwH6XoPWJzK5Nyu2zB3nAZp+S5hpQs+p1vN1/wsjk=
+          github.com,192.30.253.*,140.82.112.*,140.82.113.*,140.82.114.* ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBEmKSENjQEezOmxkZMy7opKgwFB9nkt5YRrYMjNuG5N87uRgg6CLrbo5wAdT/y6v0mKV0U2w0WZ2YB/++Tpockg=
+          github.com,192.30.253.*,140.82.112.*,140.82.113.*,140.82.114.* ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOMqqnkVzrm0SdG6UOoqKLsabgH5C9okWi0dh2l9GKJl
+          projects-storage.eclipse.org,172.25.25.150 ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQDKbQI09/IKbvAi3n8a2nluRcaZTB5HgzXwfJv/FUUKwusSwoyMi25jxqCHJbcQco4oAS89i7UeX7YAb2EnrPDd+VebNuTtNfWewxsBjwGI1qKMUsmQc5cLut0p1pe0VRz5ZgnXQeT9FSVA3zha+mJ3OCDtl0svvu3t4jN0zgZZfrmtwz4KQZjlfVv/cPtTKy5+RhBF9Vmto0ZVG+x8DDvxxhi37w90hXjdIb2JpILO4B65A4gEv910DJuwQ6FmrRu6oyqg7+1gnqIPigha7sHKGOX5h+mVrQTYdmPFAvNVawSYpLcEeajh9RI5kKwML6ftnmS/213KkVUUArXCYf4BxBN4h8kpvWqxBOlBNXy6nBLtzuDOdLviOGJ0HbazksuCrcvrT1lV4CfjCOjPlc9zV2r61XpMKBTq/0WPfq/r7LrIkswdszn3yTzvb1/cFCyQfkCGZvkuXJsen5Doi3Ixb0mOO0u+zL17RiS7//PVFs95DszOXqXlOytyB+u9Hmk=
+          projects-storage.eclipse.org,172.25.25.150 ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlzdHAyNTYAAABBBAOUQ8p0E/Ib3uchk+6wEZ8UtBHTBvyI2E+eA/sOXajLQPKP0XIbVyECy8x5OmrrlvOYs+LxxniGJ69UIjiYZqM=
+          projects-storage.eclipse.org,172.25.25.150 ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAsn6PO2Uemsr7wIUu5x0RnlRcuK36D2sbmYNe2LSKdb
 
 unclassified:
   location:

diff --git a/instances/ee4j.jpa/target/jenkins/partials/permissions.hbs b/instances/ee4j.jpa/target/jenkins/partials/permissions.hbs
@@ -1,25 +1,35 @@
-- "GROUP:Overall/Administer:admins"
-- "USER:Job/Read:anonymous"
-- "USER:Overall/Read:anonymous"
-- "GROUP:Job/ExtendedRead:common"
-- "GROUP:Agent/Build:ee4j.jpa"
-- "GROUP:Credentials/View:ee4j.jpa"
-- "GROUP:Gerrit/ManualTrigger:ee4j.jpa"
-- "GROUP:Gerrit/Retrigger:ee4j.jpa"
-- "GROUP:Job/Build:ee4j.jpa"
-- "GROUP:Job/Cancel:ee4j.jpa"
-- "GROUP:Job/Configure:ee4j.jpa"
-- "GROUP:Job/Create:ee4j.jpa"
-- "GROUP:Job/Delete:ee4j.jpa"
-- "GROUP:Job/Move:ee4j.jpa"
-- "GROUP:Job/Read:ee4j.jpa"
-- "GROUP:Job/Workspace:ee4j.jpa"
-- "GROUP:Overall/Read:ee4j.jpa"
-- "GROUP:Run/Delete:ee4j.jpa"
-- "GROUP:Run/Replay:ee4j.jpa"
-- "GROUP:Run/Update:ee4j.jpa"
-- "GROUP:SCM/Tag:ee4j.jpa"
-- "GROUP:View/Configure:ee4j.jpa"
-- "GROUP:View/Create:ee4j.jpa"
-- "GROUP:View/Delete:ee4j.jpa"
-- "GROUP:View/Read:ee4j.jpa"
+  - group:
+      name: admins
+      permissions:
+       - Overall/Administer
+  - user:
+      name: anonymous
+      permissions:
+       - Job/Read
+       - Overall/Read
+  - group:
+      name: common
+      permissions:
+       - Job/ExtendedRead
+  - group:
+      name: ee4j.jpa
+      permissions:
+       - Agent/Build
+       - Credentials/View
+       - Job/Build
+       - Job/Cancel
+       - Job/Configure
+       - Job/Create
+       - Job/Delete
+       - Job/Move
+       - Job/Read
+       - Job/Workspace
+       - Overall/Read
+       - Run/Delete
+       - Run/Replay
+       - Run/Update
+       - SCM/Tag
+       - View/Configure
+       - View/Create
+       - View/Delete
+       - View/Read