ls1intum · krusche · Sep 28, 2024 · Sep 16, 2024 · Sep 19, 2024 · Sep 21, 2024
@@ -63,7 +63,6 @@ the `Gitlab Server Quickstart <#gitlab-server-quickstart>`__ guide.
         user: artemis_admin
         password: artemis_admin
         url: http://localhost:8082
-        secret-push-token: AQAAABAAAAAg/aKNFWpF9m2Ust7VHDKJJJvLkntkaap2Ka3ZBhy5XjRd8s16vZhBz4fxzd4TH8Su # pre-generated or replaced in Automated Jenkins Server step 3
         vcs-credentials: artemis_gitlab_admin_credentials
         artemis-authentication-token-key: artemis_notification_plugin_token
         artemis-authentication-token-value: artemis_admin
@@ -488,18 +487,7 @@ do either do it manually or using the following command:
    Jenkins is then reachable under ``http://localhost:8082/`` and you can login using the credentials specified
    in ``jenkins-casc-config.yml`` (defaults to ``artemis_admin`` as both username and password).
 
-3. You need to generate the `secret-push-token`.
-
-   ..
-       Workaround as long as Github Issue 5973 (Default Push Notifications GitLab → Jenkins not working)
-       for now just generate the secret-push-token manually
-
-   As there is currently an `open issue with the presets for Jenkins in Development environments <https://github.com/ls1intum/Artemis/issues/5973>`__,
-   follow the steps described in
-   `Gitlab to Jenkins push notification token <#gitlab-to-jenkins-push-notification-token>`__ to generate the token.
-   In a production setup, you should use a random ``master.key`` in the file ``gitlab-jenkins-mysql.yml``.
-
-4. The `application-local.yml` must be adapted with the values configured in ``jenkins-casc-config.yml``:
+3. The `application-local.yml` must be adapted with the values configured in ``jenkins-casc-config.yml``:
 
 .. code:: yaml
 
@@ -517,12 +505,11 @@ do either do it manually or using the following command:
             user: artemis_admin
             password: artemis_admin
             url: http://localhost:8082
-            secret-push-token: # pre-generated or replaced in Automated Jenkins Server step 3
             vcs-credentials: artemis_gitlab_admin_credentials
             artemis-authentication-token-key: artemis_notification_plugin_token
             artemis-authentication-token-value: artemis_admin
 
-5. Open the ``src/main/resources/config/application-jenkins.yml`` and change the following:
+4. Open the ``src/main/resources/config/application-jenkins.yml`` and change the following:
    Again, if you are using a development setup, the template in the beginning of this page already contains the
    correct values.
 
@@ -533,7 +520,7 @@ do either do it manually or using the following command:
             ci-url: http://jenkins:8080
             vcs-url: http://gitlab:80
 
-6. You're done. You can now run Artemis with the GitLab/Jenkins environment.
+5. You're done. You can now run Artemis with the GitLab/Jenkins environment.
 
 Manual Jenkins Server Setup
 """""""""""""""""""""""""""
@@ -897,48 +884,7 @@ the following steps:
    .. figure:: jenkins-gitlab/jenkins_test_project.png
       :align: center
 
-8.  Perform a *GET* request to the following URL (e.g. with Postman)
-    using Basic Authentication and the username and password you chose
-    for the Jenkins admin account:
-
-    ::
-
-        GET https://your.jenkins.domain/job/TestProject/config.xml
-
-    If you have xmllint installed, you can use this command, which will output the ``secret-push-token`` from
-    steps 9 and 10 (you may have to adjust the username and password):
-
-    .. code:: bash
-
-        curl -u artemis_admin:artemis_admin http://localhost:8082/job/TestProject/config.xml | xmllint --nowarning --xpath "//project/triggers/com.dabsquared.gitlabjenkins.GitLabPushTrigger/secretToken/text()" - | sed 's/^.\(.*\).$/\1/'
-
-9.  You will get the whole configuration XML of the just created build
-    plan, there you will find the following tag:
-
-    ::
-
-        <secretToken>{$some-long-encrypted-value}</secretToken>
-
-   .. figure:: jenkins-gitlab/jenkins_project_config_xml.png
-      :align: center
-
-      Job configuration XML
-
-10. Copy the ``secret-push-token value`` in the line
-    ``<secretToken>{secret-push-token}</secretToken>``. This is the encrypted value of the ``gitlab-push-token``
-    you generated in step 5.
-
-11. Now, you can delete this test project and input the following values
-    into your Artemis configuration *application-artemis.yml* (replace
-    the placeholders with the actual values you wrote down)
-
-    .. code:: yaml
-
-       artemis:
-           continuous-integration:
-               secret-push-token: $some-long-encrypted-value
-
-12. In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden.
+8. In a local setup, you have to disable CSRF otherwise some API endpoints will return HTTP Status 403 Forbidden.
     This is done be executing the following command:
     ``docker compose -f docker/<Jenkins setup to be launched>.yml exec -T jenkins dd of=/var/jenkins_home/init.groovy < docker/jenkins/jenkins-disable-csrf.groovy``
 

@@ -49,15 +49,6 @@ You can override the following configuration options in this file.
            user: <username>    # e.g. ga12abc
            token: <token>      # Enter a valid token generated by the CI system or leave this empty to use the fallback authentication user + password
            password: <password>
-           # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications
-           # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan
-           # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then
-           # triggering the plan.
-           # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in
-           # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the
-           # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself!
-           # You can get this by GETting any job.xml for a job with an activated GitLab step and your token value of choice.
-           secret-push-token: <token hash>
            # Key of the saved credentials for the VCS service
            # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and
            #          password for the VCS are stored

@@ -46,8 +46,6 @@ public class JenkinsBuildPlanCreator implements JenkinsXmlConfigBuilder {
 
     private static final String REPLACE_SOLUTION_CHECKOUT_PATH = "#solutionCheckoutPath";
 
-    private static final String REPLACE_PUSH_TOKEN = "#secretPushToken";
-
     private static final String REPLACE_ARTEMIS_NOTIFICATION_URL = "#notificationsUrl";
 
     private static final String REPLACE_NOTIFICATIONS_TOKEN = "#jenkinsNotificationToken";
@@ -62,9 +60,6 @@ public class JenkinsBuildPlanCreator implements JenkinsXmlConfigBuilder {
 
     private String artemisNotificationUrl;
 
-    @Value("${artemis.continuous-integration.secret-push-token}")
-    private String pushToken;
-
     @Value("${artemis.continuous-integration.vcs-credentials}")
     private String gitCredentialsKey;
 
@@ -97,7 +92,7 @@ public Document buildBasicConfig(final ProgrammingLanguage programmingLanguage,
         final String jenkinsfile = getJenkinsfile(internalVcsRepositoryURLs, programmingLanguage, checkoutSolution, buildPlanUrl);
 
         final Path configFilePath = Path.of("templates", "jenkins", "config.xml");
-        final var configFileReplacements = Map.of(REPLACE_PIPELINE_SCRIPT, jenkinsfile, REPLACE_PUSH_TOKEN, pushToken);
+        final var configFileReplacements = Map.of(REPLACE_PIPELINE_SCRIPT, jenkinsfile);
         final var xmlResource = resourceLoaderService.getResource(configFilePath);
         return JenkinsXmlFileUtils.readXmlFile(xmlResource, configFileReplacements);
     }

@@ -64,15 +64,6 @@ artemis:
     password: <password>
     token: <token>                  # Enter a valid token generated in the CI system giving Artemis full Admin access
     url: <url>
-    # Some CI systems, like Jenkins, offer a specific token that gets checked against any incoming notifications
-    # from a VCS trying to trigger a build plan. Only if the notification request contains the correct token, the plan
-    # is triggered. This can be seen as an alternative to sending an authenticated request to a REST API and then
-    # triggering the plan.
-    # In the case of Artemis, this is only really needed for the Jenkins + GitLab setup, since the GitLab plugin in
-    # Jenkins only allows triggering the Jenkins jobs using such a token. Furthermore, in this case, the value of the
-    # hudson.util.Secret is stored in the build plan, so you also have to specify this encrypted string here and NOT the actual token value itself!
-    # You can retrieve this by getting any job.xml for a job with an activated GitLab step and your token value of choice.
-    secret-push-token: <token hash>
     # Key of the saved credentials for the VCS service
     # GitLab CI: not needed
     # Jenkins: You have to specify the key from the credentials page in Jenkins under which the user and

@@ -12,36 +12,6 @@
 <description></description>
 <keepDependencies>false</keepDependencies>
 <properties>
-    <com.dabsquared.gitlabjenkins.connection.GitLabConnectionProperty plugin="gitlab-plugin">
-        <gitLabConnection>GitLab</gitLabConnection>
-    </com.dabsquared.gitlabjenkins.connection.GitLabConnectionProperty>
-    <org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
-        <triggers>
-            <com.dabsquared.gitlabjenkins.GitLabPushTrigger plugin="gitlab-plugin">
-                <spec></spec>
-                <triggerOnPush>true</triggerOnPush>
-                <triggerOnMergeRequest>false</triggerOnMergeRequest>
-                <triggerOnPipelineEvent>false</triggerOnPipelineEvent>
-                <triggerOnAcceptedMergeRequest>false</triggerOnAcceptedMergeRequest>
-                <triggerOnClosedMergeRequest>false</triggerOnClosedMergeRequest>
-                <triggerOnApprovedMergeRequest>false</triggerOnApprovedMergeRequest>
-                <triggerOpenMergeRequestOnPush>never</triggerOpenMergeRequestOnPush>
-                <triggerOnNoteRequest>false</triggerOnNoteRequest>
-                <noteRegex>Jenkins please retry a build</noteRegex>
-                <ciSkip>true</ciSkip>
-                <skipWorkInProgressMergeRequest>true</skipWorkInProgressMergeRequest>
-                <setBuildDescription>true</setBuildDescription>
-                <branchFilterType>All</branchFilterType>
-                <includeBranchesSpec></includeBranchesSpec>
-                <excludeBranchesSpec></excludeBranchesSpec>
-                <sourceBranchRegex></sourceBranchRegex>
-                <targetBranchRegex></targetBranchRegex>
-                <secretToken>{#secretPushToken}</secretToken>
-                <pendingBuildName></pendingBuildName>
-                <cancelPendingBuildsOnUpdate>false</cancelPendingBuildsOnUpdate>
-            </com.dabsquared.gitlabjenkins.GitLabPushTrigger>
-        </triggers>
-    </org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
 </properties>
 <definition class="org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition" plugin="[email protected]">
     <script>#pipelineScript</script>

@@ -48,7 +48,6 @@ artemis:
         password: fake-password
         token: fake-token
         url: https://continuous-integration.fake.fake
-        secret-push-token: fake-token-hash
         vcs-credentials: fake-key
         artemis-authentication-token-key: fake-key
         artemis-authentication-token-value: fake-token