Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

gitignore for JENKINS_HOME Jenkins settings #1763

Merged
merged 2 commits into from
Apr 7, 2019
Merged

gitignore for JENKINS_HOME Jenkins settings #1763

merged 2 commits into from
Apr 7, 2019

Conversation

samrocketman
Copy link
Contributor

This allows an admin to use git to keep a backup of Jenkins settings without tracking binary artifacts. Useful for preserving settings during plugin upgrades.

Note: secret.key is purposefully not tracked by git. This should be backed up separately because configs may contain secrets which were encrypted using the secret.key.

See also:

@samrocketman
gitignore for JENKINS_HOME Jenkins settings
5263ddb 
This allows an admin to use git to keep a backup of Jenkins settings
without tracking binary artifacts.  Useful for preserving settings during
plugin upgrades.

Note: secret.key is purposefully not tracked by git.  This should be
backed up separately because configs may contain secrets which were
encrypted using the secret.key.

See also:

* http://jenkins-ci.org/
* https://wiki.jenkins-ci.org/display/JENKINS/Administering+Jenkins
@stephengroat
Copy link
Contributor

This has been working well for me. I've been using it to version control configs for different slaves

@samrocketman
Copy link
Contributor Author

Awesome :). I also use a dailycommit.sh script in a cron job so that it regularly takes a snapshot of the commits. https://gist.github.com/samrocketman/9391439

@samrocketman samrocketman mentioned this pull request Feb 26, 2016
Open
@samrocketman
Copy link
Contributor Author

Is there any interest in merging this?

@samrocketman
Copy link
Contributor Author

@shiftkey mind taking a look at this again?

@Stargator
Copy link

@samrocketman What about the config-history folder? Should that be ignored by default?

I think anything that is either a binary or contains credentials should be ignore too (next build numbers are optional, which I like)

Is there anything else like config-history that could be useful?

@samrocketman
Copy link
Contributor Author

@Stargator

config-history folder is added by a Jenkins plugin so should not be included by default. I don’t typically see it installed though I know people use it. Should be straight forward to add an entry after getting this one.

binaries are already ignored.

Credentials are strongly encrypted so as long as you back up secret* separately from the JENKINS_HOME config. I’m confident storing credentials.xml will be fine. Jenkins stores credentials in many places beyond credentials.xml so it is not possible to separate credentials from configuration. I’m very familiar with this aspect because I independently discovered Jenkins storing credentials with a weak encryption algorithm in older releases of Jenkins (which has been updated Jenkins 2.0 and beyond).

Note: the default gitignore does not track the secret files which are used in conjunction with config.xml to decrypt Jenkins credentials in XML configuration.

@samrocketman
Copy link
Contributor Author

@Stargator I just realized this config does not omit secret* even though my personal config does. I haven’t looked at this in a very long time so will update it.

@samrocketman
Copy link
Contributor Author

@Stargator correction I was confused. It already does not track secret*.

@samrocketman samrocketman mentioned this pull request Apr 5, 2019
Closed
@shiftkey
Copy link
Member

shiftkey commented Apr 7, 2019

@samrocketman @Stargator @stephengroat thanks for working through the details!

@shiftkey shiftkey merged commit c1b7904 into github:master Apr 7, 2019
@samrocketman samrocketman deleted the jenkins-gitignore branch April 12, 2019 14:15
@samrocketman
Copy link
Contributor Author

Thanks for your time @shiftkey !

Ortega-Dan pushed a commit to Ortega-Dan/gitignore that referenced this pull request Jun 26, 2019
@samrocketman
gitignore for JENKINS_HOME Jenkins settings (github#1763)
ba9b43a 
* gitignore for JENKINS_HOME Jenkins settings

This allows an admin to use git to keep a backup of Jenkins settings
without tracking binary artifacts.  Useful for preserving settings during
plugin upgrades.

Note: secret.key is purposefully not tracked by git.  This should be
backed up separately because configs may contain secrets which were
encrypted using the secret.key.

See also:

* http://jenkins-ci.org/
* https://wiki.jenkins-ci.org/display/JENKINS/Administering+Jenkins

* Add a few entries to Jenkins gitignore
@samrocketman samrocketman mentioned this pull request Mar 8, 2020
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
new template
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@samrocketman @stephengroat @Stargator @shiftkey