I am working on adding automated tests for a Jenkins plugin. These tests would need access a secret token while running.
I want to understand if this can be achieved in ci.jenkins.io builds(similar to adding a GitHub secret and using it in Actions).
Also, before running the tests, I need to install a product which can be done by running some shell commands. Can this be done in the Jenkinsfile used in the jenkinsci repo?
What is the recommended way to achieve this test set up and running the tests with token?
I am afraid this public server, which is read-only outside the Jenkins infrastructure team, does not offer the option of using a per-repo secret during CI builds. If you are an administrator of the plugin repo then I suppose you could use GitHub Actions to run selected tests requiring a secret in parallel with the Jenkinsfile. (Conventionally the test would use org.junit.Assume to quietly skip execution if the secret were not provided in a given environment.) Securing such a setup could be tricky, however; you would not want to run the workflow unconditionally for any pull request, or anyone on the Internet could trivially obtain the secret.
As a workaround, I am thinking of configuring the maven-surefire-plugin to only run unit tests and maven-failsafe-plugin to run system tests by following a naming convention and using excludes property. This configuration works as expected on Windows(only units tests are run) and in ci.jenkins.io/ builds I can see that on Windows mvn clean and install steps are run. But on Linux, all the tests(both system and unit) are run which is unexpected. What are the maven build steps that are run on Linux in ci.jenkins.io/ builds?
What maven build steps that are run as part of buildPlugin method especially on Linux?