Red Hat Summit이 콘텐츠는 선택한 언어로 제공되지 않습니다.
Chapter 4. Configuring RHTAP to use built-in Jenkins libraries
By default {ProductLongName} (RHTAP) uses dynamically loaded Jenkins libraries. While dynamically loading provides flexibility, using built-in Jenkins libraries offer improved stability, security, and traceability during builds. Configuring RHTAP to use built-in libraries instead of dynamically loaded ones allows for better Red Hat Enterprise Contract (Enterprise Contract) attestations and enhanced build verification.
Prerequisites
Before making changes, ensure that:
- You have administrator access to the Jenkins instance in RHTAP.
-
You have the Jenkins library git repo URL. For example,
https://github.com/redhat-appstudio/tssc-sample-jenkins. You can find the Git repository URL in the default RHTAP Jenkins CI source repository. -
You have permissions to modify the
Jenkinsfile.
4.1. Define the built-in library in Jenkins
Procedure
- Log in to Jenkins and navigate to Manage Jenkins > System.
- Locate the Global Trusted Pipeline Libraries section.
Click Add and define the new library with the following parameters:
- Name: <your-library-name>
- Default version: Set to a specific branch or commit reference. For example, v1.4.
- Allow default version to be overridden: (Optional) Select this option to restrict users to a specific version of the Jenkins library. This ensures that the users cannot select a different version.
- Include @Library changes in your recent changes: Select this option to track modifications made to the shared library. This feature helps users understand changes that might affect their builds.
Retrieval method: Select Modern SCM.
- From the Source Code Management drop-down list, select Git.
-
In the Project Repository field, enter the Jenkins library URL. For example,
https://github.com/redhat-appstudio/tssc-sample-jenkins. - Select Fresh clone per build, to ensure each build fetches a clean copy of the library.
- Select Save.
4.2. Modify the Jenkins pipeline to use the built-in library
Procedure
- Navigate to your Jenkins CI source repository, For example, https://github.com/redhat-appstudio/tssc-sample-templates/blob/main/skeleton/ci/source-repo/jenkins.
-
Select
Jenkinsfilein edit mode. Replace the dynamic library loading with the
@Libraryannotation.Replace this With this library identifier: 'RHTAP_Jenkins@main', retriever: modernSCM( [$class: 'GitSCMSource', remote: 'https://github.com/redhat-appstudio/tssc-sample-jenkins.git'])
@Library('RHTAP_Jenkins@v1.4') _
- Save and commit the updated Jenkinsfile.
4.3. Use the configured Jenkins library
Procedure
- In your Jenkins instance, navigate to your project.
- Select Build Now to trigger a new build.
Verification
- Check the Jenkins build logs to confirm that the built-in library is loaded instead of dynamically retrieving dependencies.
- Validate that Enterprise Contract attestations now reflect a built-in library.
- Verify the library name, retrieval method, and pipeline script if any error occur.
4.4. Applying changes to one or all RHTAP templates
Depending on your use case, you can apply this configuration to one RHTAP template or all RHTAP templates in Red Hat Developer Hub (RHDH).
- To apply this change to a single template: Modify only the specific pipeline template used in your project. This ensures that only this pipeline uses the built-in Jenkins library, while others continue using dynamic loading.
- To apply this change to all RHTAP templates in RHDH: Update the global RHTAP template configuration to reference the built-in library instead of dynamically loaded ones. This ensures consistency across all RHTAP pipelines.
Applying this change globally may impact all builds using RHTAP. Ensure that the built-in library is correctly defined and tested before making this change across all templates.
