Is there a way to configure a build configuration in a way that it may run only for certain branches. I'm not only talking about automatic triggers, I also want to prevent users from manually triggering a run for other branches.
Under the version control settings for a build configuration you can add branch filters:
To prevent users from manually triggering a build, you need to set user permissions. This can be done under Administration > users/groups > group name/username > roles.
If you want them to only view the project, you can assign the role Project Viewer.
You can also make your own roles with your own set of rules by clicking Administration > roles.
Related
Is it possible to delegate the deletion of projects in sonar to users ?
Knowing that the authentication of my sonar is managed by an ldap directory.
Thanks.
In SonarQube, project administrators have the right to delete the projects. So if you want to delegate deletion of projects to users, you must make sure that those users are granted Admin rights on the relevant projects.
As you are using an LDAP, you can do the following:
At global level, create one group per project called (for instance) "admin_projectName" (replace "projectName" by each project name)
In your LDAP, set the "admin_projectName" group on every user who should be project admin of a given project
Configure the LDAP plugin to synchronize the groups (called "Group Mapping")
I'm using Nexus Repository Manager 3.1.0-04, and I want to create a user to just have deployment permissions. What are the minimal set of privileges required for that?
Right now I created a role nx-deploy with the following privileges:
nx-repository-admin---read
nx-repository-admin---browse
nx-repository-admin---delete
nx-repository-admin---edit
nx-repository-admin---add
Then I created a user deployment with the role nx-deploy. I can deploy artifacts now, however, I believe I am giving too much privileges? The admin part is not what I want the deployment user to be, so that part has me a bit nervous.
Needless to say, there are just too many privileges to choose from under the security section.
The general rule is nx-repository-admin privileges are for administering the repositories and their details; nx-repository-view privileges are for use of the repositories once set up. Assign the latter.
To tweak repository privileges of your Deployment user(s) you should use the nx-repository-view-*-*-* as the assigned privilege, instead of nx-repository-admin. So, remove all the privileges you addressed in your question, and replace the ‘Given’ field with nx-repository-view-*-*-*. Since the privilege is denoted with asterisks, your Deployment users can perform all the above actions (i.e. browse, read, edit, add, and delete).
See the screenshot for reference:
Configuring the nx-deploy Privilege for the Deployment Role
You can read more about Privileges in the Security chapter: https://help.sonatype.com/repomanager3/security/privileges
If you need minimal privileges to just deploy artifacts, nx-repository-view-*-*-edit is enough.
nx-repository-admin is used for administration and configuration
Repository Admin
These are privileges related to the administration and configuration of a specific repository
and edit is enough to modify repository content
edit
This action allows privileges to modify associated scripts, repository content, and repository administration.
BTW, you need nx-component-upload to upload components in web UI.
https://help.sonatype.com/repomanager3/user-interface/uploading-components
Successful deployment by maven 3 with Nexus 3.8.0 the following rights are required
nx-repository-view-*-*-edit
nx-repository-view-*-*-read
nx-repository-view-maven2-maven-snapshots-edit
nx-repository-view-maven2-maven-snapshots-read
"maven2"is recipe,"maven-snapshots" is your repository name.
Is it possible for the Atlassian Bamboo's administrator to create a default stage and have it automatically added to all the build plans( both existing and new build plans ) ? This stage should be read only to the users, meaning they should not be able to modify this stage.
This feature will let the administrator do certain house keeping things on the bamboo agents each time a new build job starts running on the agent.
I tried to search for it in the Atlassian's documentation but could not find anything as such.
We are talking about two things: a) stage Level Permission , b) adding one default stage to all plans.
Adding one default stage to all plans: You can create one template plan with default stage and permission. Every time a new plan creation request comes, you can just clone this template plan and add additional steps/repos etc. But for already existing plans, you will have to modify them individually.
Whereas I know, Bamboo provides plan level permission. You can give View/Build permission to users and Edit/Clone type of permissions to Bamboo administrators.
In your scenario, is user allowed to edit other stages except default stage?Why do you want user to be able to edit Build Plans?
With the Hudson or Jenkins continuous integration servers, when a build is triggered either by an anonymous user, or by the CI server polling the repository, a pseudo-user is created with the data scraped from the commit information of the last commit.
How do I prevent this, as it's cluttering the list of registered users? I try to default to using post-receive hooks for scheduling builds, but for some repositories (e.g. those hosted by SourceForge), this is not an option as the machine running the repository is prevented from accessing external URLs
You can't prevent these from being created, as they are involved with how Jenkins logging and tracking works. However, if you need to see a list of only "real" users, you can do this easily by going to manage jenkins/manage users - users that lack a login will not appear.
I configured a hudson instance and have created jobs. While creating builds, I was able to see this option "Trigger the build by accessing this URL + SecretTOKEN" option. Now, I am unable to see that for any new jobs I create. Am I missing some setting or a configuration? The only change I made was running the servlet container from Root to a regular user.
In my Hudson (1.349) when creating a new job, there's an option under Build Triggers called Trigger Builds Remotely (e.g. from scripts), which when selected allows you to enter an Authentication Token (which has the descriptive text from your question).
I'm not aware of any system configuration that disables this. It doesn't sound like a Hudson user permissions problem if you can have permissions to create/edit jobs.
What appears under Build Triggers when you create a new job?
I had the same problem with the missing Trigger Builds Remotely option. The fix in my case was to enable security in the main Hudson configuration (with Anyone can do anything selected)