Hi, Have a similar problem in upgrading to a more recent image, we were stuck on 2.19 for some time, and now trying to roll forward to the latest LTS.
We have a number of groovy scripts that are triggered by jobs that need to execute in a system context (system groovy build step from https://wiki.jenkins.io/display/JENKINS/Groovy+plugin). Currently in testing I can just approve these scripts via the management console, but for automated deployment I'd like a way to manage which scripts are approved. Hi, Seeing a similar problem to yourself, wondering if there has been any progress in this area? Looking around one approach seems to be to take the script, generate a hash and then add this to the list of approved hashes stored within Jenkins, using a similar API as mentioned https://stackoverflow.com/a/48234868/1597808 to approve script hashes dynamically and place this in the init groovy for the docker image. See https://github.com/cloudbees/jenkins-scripts/blob/master/pipeline-approval-scripts.groovy for examples of this. However this means I need to keep a copy of the script with the Dockerfile or make sure to add the updated hash each time the groovy script definition changes and then update the image and update the jobs. As this this system groovy script is more like a lightweight custom plugin behaviour, it would seem to be more useful if I could have the script just be delivered with the Jenkins container image, and update the jobs to simply load and execute the script as provided. Looking at the Managed Script plugin (https://wiki.jenkins.io/display/JENKINS/Managed+Script+Plugin) was initially promising, but there doesn't appear to be any way to execute managed files as system groovy scripts. So far, the only thing I can think of is to change the jobs to use a small groovy script that runs under the system groovy build step and is set to load a predefined file from the master and execute it. Then use the same file in the master to generate the hash and pre-approve it on startup, and keep the main bulk of the script contents to be distributed along with the master. This should avoid the main script being maintained in two places and is only pre-approving a smaller script that should have no need to change any time we update the main script. Is there any better approach to this? Thanks, Darragh -- You received this message because you are subscribed to the Google Groups "Jenkins Users" group. To unsubscribe from this group and stop receiving emails from it, send an email to jenkinsci-users+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/9cc336d2-5f27-4bdc-b055-7645503e3410%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
