I’m working on the lab for my Automating Your CI/CD Stack with Java and Groovy Oracle Code One session. And of course I tripped over Jenkins Script Security plugin.
I don’t need script security. I’m running a lab. But you can’t turn off that feature. Sigh.
I can run this code from the scripting console as an admin. I can also run it from within a job using the embedded Groovy console option. If I try to pull the same code from GitHub and run it from the same job as a Groovy script, I can’t. Script security views the SAME script to be more dangerous because I put it in source control.
import jenkins.model.Jenkins def instance = Jenkins.getInstance() def realm = Jenkins.getInstance().securityRealm
I can think of three ways to “solve” the problem that Cloudbees created.
Option 1: Deal with script security
I can configure script security to allow these signatures. However, this does not make things more secure. I want these to be available to admins not for general use. So approving them or whitelisting them is the wrong decision. (Ok. It doesn’t matter here since this is just a lab. But in this hypothetical use case…)
Option 2: Authorized Build plugin
There’s an authorize project plugin that lets you run the build as an admin. I didn’t try it, but it appears to provide a decent workaround to this problem. (I’m trying to minimize setup)
Option 3: Just run the code through the Groovy console
I’m going with this. Up to 50 people are going to be doing this manually in a lab. Copy/paste is the easiest solution.