Jenkinsfile §
- The
agent directive tells Jenkins where and how to execute the Pipeline
Simple Jenkinsfile §
pipeline {
agent { docker { image 'maven:3.9.0-eclipse-temurijn-11' } }
stages {
stage('build') {
sh 'mvn --version'
}
}
}
Timeout, Retry, Post Action §
pipeline {
agent any
stages {
stage('Build') {
steps {
sh './gradlew build'
}
}
stage('Sanity check') {
steps {
input "Continue with Deploy?"
}
}
stage('Deploy') {
steps {
retry(3) {
sh './flakey-deploy.sh'
}
timeout(time: 3, unit: 'MINUTES') {
sh './health-check.sh'
}
}
}
}
post {
always {
echo 'This will always run'
archiveArtifacts artifacts: 'build/libs/**/*.jar', fingerprint: true
junit 'build/reports/**/*.xml'
}
success {
echo 'This will run only if successful'
slackSend channel: '#ops-room',
color: 'good',
message: "The pipeline ${currentBuild.fullDisplayName} completed successfully."
}
failure {
echo 'This will run only if failed'
mail to: 'team@example.com',
subject: "Failed Pipeline: ${currentBuild.fullDisplayName}",
body: "Something is wrong with ${env.BUILD_URL}"
}
unstable {
echo 'This will run only if the run was marked as unstable'
}
changed {
echo 'This will run only if the state of the Pipeline has changed'
echo 'For example, if the Pipeline was previously failing but is now successful'
}
}
}
String Interpolation §
- Jenkins uses the identical rules Groovy has for String interpolation
- These variables will be masked by Jenkins in the console output
- But Env vars in double quotes will be expandend by the shell, exposing it to operating system process listings
- So to avoid leaking credentials, use single quoted String interpolation
node {
withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) {
sh '''
set +x
curl -H "Token: $TOKEN" https://some.api/
'''
}
}
/* LESS SECURE! */
node {
withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) {
sh """
set +x
curl -H "Token: $TOKEN" https://some.api/
"""
}
}