nwl-ci/docker/nwl-cicd.yaml

jenkins:
  systemMessage: "Ansible NWL Jenkins Controller"
  scmCheckoutRetryCount: 3
  mode: NORMAL
  labelString: "nwl-jenkins-controller"
  numExecutors: 6

  securityRealm:
    local:
      allowsSignup: false
      users:
        - id: admin
          password: "${jenkinsUserAdmin}"
        - id: developer
          password: "${jenkinsUserDeveloper}"

  authorizationStrategy:
    globalMatrix:
      permissions:
        - "USER:Overall/Administer:admin"
        - "GROUP:Overall/Read:authenticated"
        - "GROUP:Agent/Build:authenticated"
        - "GROUP:Job/Read:authenticated"
        - "GROUP:Job/Build:authenticated"
        - "GROUP:Job/Cancel:authenticated"
        - "GROUP:Job/Workspace:authenticated"
        - "GROUP:Run/Replay:authenticated"
        - "GROUP:Run/Delete:authenticated"

  crumbIssuer:
    standard:
      excludeClientIPFromCrumb: true

security:
  GlobalJobDslSecurityConfiguration:
    useScriptSecurity: false
  queueItemAuthenticator:
    authenticators:
    - global:
        strategy:
          specificUsersAuthorizationStrategy:
            userid: admin

credentials:
  system:
    domainCredentials:
      - credentials:
        - basicSSHUserPrivateKey:
            scope: GLOBAL
            id: gitCredentials
            username: testvm
            passphrase: "${gitSsh}"
            description: "git access over SSH"
            privateKeySource:
              directEntry:
                privateKey: "${readFile:${SSH_GIT_FILE_PATH}}"
        - usernamePassword:
              scope: GLOBAL
              id: nexusCredentials
              username: "ci-build-user"
              password: "${nexusUser}"
              description: "Nexus artifactory access"

unclassified:
  location:
    url: http://10.115.101.101:8080
    adminAddress: Mr Jenkins <no-reply@netmodule.com>

tool:
  git:
    installations:
      - name: Default
        home: "git"

jobs:
  - script: >
      SEEDING_BRANCH = 'main'

      freeStyleJob('Seed Job') {
        scm {
          git {
            remote {
              url('ssh://git@bitbucket.gad.local:7999/nm-nsp/nwl-ci.git')
              credentials('gitCredentials')
            }
            extensions {
              disableRemotePoll()
              wipeWorkspace()
            }
          }
        }
        parameters {
          stringParam('SEEDING_BRANCH', 'main', "The branch to seed the jobs from, e.g. develop or main")
        }
        steps {
          shell('git checkout $SEEDING_BRANCH')
          dsl {
            external("jobs/Jenkinsfile_Seed")
            removeAction('DELETE')
          }
        }
      }