Last month I decided to create a complete Jenkins tutorial that covers the most important and useful CI/CD topics. This tutorial is published weekly on the ITNEXT.IO platform. Currently, I have planned to release about 30 articles that include the following topics:
Jenkins DSL language
Jenkins and Groovy language
Jenkins Pipeline essential commands and methods
Jenkins and Git plugin
Jenkins, Unit testing, and Code coverage
Jenkins and Docker pipelines
Jenkins and Kubernetes, OpenShift, Rancher
Jenkins and Terraform
Jenkins and Ansible
Jenkins Automation (JCasC)
Jenkins Notification plugins
Jenkins monitoring (Prometheus)
Right now, I have published five parts of this tutorial series.
If you interested in, STARize the following GitHub repo.
Looking over part 2, all of the snippets implement a command injection vulnerability. In this case it is exploitable only by users able to control the credentials, but it’s a small step to changing from credentials to build parameters (as soon as part 3 does something useful, it’s going to be a potential problem).
As a general rule, always make the string arguments to sh single-quoted, so variables are interpolated by the shell, not the DSL. See also Using a Jenkinsfile
Part 7 of the complete Jenkins tutorial was released.
In this part, you will learn the Jenkins INPUT directive to pause the job during the build process. This directive is very useful in continuous delivery pipelines.
Part 9 of the completest Jenkins tutorial is published. In this part, you will learn many things about basic pipeline steps and commands. Now, you can write better pipelines.
