diff options
| author |   Cédric Ollivier <cedric.ollivier@orange.com> | 2022-12-16 15:07:09 +0100 |
|---|---|---|
| committer | Cédric Ollivier <cedric.ollivier@orange.com> | 2022-12-16 15:07:09 +0100 |
| commit | 5af3fe8e2cd633ea9519a5c0dc2e75ea65b3915b (patch) | |
| tree | 2c6aa18030a1ecadb2c319a9a071ddbe5eb2bbf1 | |
| parent | b414adf86db84a994f8e2a0ea9c8960cc9565f12 (diff) | |
Harden Jenkins jobs
It allows any ssh connection from Ubuntu 22.04 and
precises the ssh user.
Change-Id: I660b88d5b1640f8057d4081226517abad94889db
Signed-off-by: Cédric Ollivier <cedric.ollivier@orange.com>
| -rw-r--r-- | jjb/global/releng-macros.yaml | 5 | ||||
| -rw-r--r-- | jjb/releng/releng-release-create-branch.sh | 2 |
2 files changed, 4 insertions, 3 deletions
diff --git a/jjb/global/releng-macros.yaml b/jjb/global/releng-macros.yaml index 031e24070..ddf2a730e 100644 --- a/jjb/global/releng-macros.yaml +++ b/jjb/global/releng-macros.yaml @@ -358,7 +358,8 @@ echo cat gerrit_comment.txt echo - ssh -p 29418 gerrit.opnfv.org \ + ssh -o 'PubkeyAcceptedKeyTypes +ssh-rsa' \ + -p 29418 jenkins-ci@gerrit.opnfv.org \ "gerrit review -p $GERRIT_PROJECT \ -m '$(cat gerrit_comment.txt)' \ $GERRIT_PATCHSET_REVISION \ @@ -419,7 +420,7 @@ msg="Found syntax error and/or coding style violation(s) in the files modified by your patchset." sed -i -e "1s#^#${msg}\n\n#" violation.log cmd="gerrit review -p $GERRIT_PROJECT -m \"$(cat violation.log)\" $GERRIT_PATCHSET_REVISION --notify NONE" - ssh -p 29418 gerrit.opnfv.org "$cmd" + ssh -o 'PubkeyAcceptedKeyTypes +ssh-rsa' -p 29418 jenkins-ci@gerrit.opnfv.org "$cmd" # Make sure the caller job failed exit 1 diff --git a/jjb/releng/releng-release-create-branch.sh b/jjb/releng/releng-release-create-branch.sh index bbb9257d7..917a4c721 100644 --- a/jjb/releng/releng-release-create-branch.sh +++ b/jjb/releng/releng-release-create-branch.sh @@ -44,7 +44,7 @@ fi run_merge(){ unset NEW_FILES if [[ $REF_EXISTS = true && "$JOB_NAME" =~ "merge" ]]; then - ssh -n -f -p 29418 gerrit.opnfv.org gerrit create-branch "$repo" "$branch" "$ref" + ssh -o 'PubkeyAcceptedKeyTypes +ssh-rsa' -n -f -p 29418 jenkins-ci@gerrit.opnfv.org gerrit create-branch "$repo" "$branch" "$ref" python3 releases/scripts/create_jobs.py -f $release_file NEW_FILES=$(git status --porcelain --untracked=no | cut -c4-) fi |