From 0358708af085ba020b691a7711625712d6a5315d Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:23:04 +0000 Subject: [PATCH 01/13] initial attempt --- .github/workflows/jenkins.yml | 29 +++++++++++++++++++++++++++++ README.md | 6 ++++++ Jenkinsfile => jenkins/Jenkinsfile | 4 ++-- jenkins/plugins.txt | 4 ++++ 4 files changed, 41 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/jenkins.yml rename Jenkinsfile => jenkins/Jenkinsfile (94%) create mode 100644 jenkins/plugins.txt diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml new file mode 100644 index 0000000..cfe8e88 --- /dev/null +++ b/.github/workflows/jenkins.yml @@ -0,0 +1,29 @@ +name: 'Mayhem for API on Jenkins' +on: + push: + branches: [ main ] + pull_request: + branches: [ main ] + workflow_dispatch: + + +jobs: + jenkins-container-pipeline: + runs-on: ubuntu-latest + container: + image: ghcr.io/jenkinsci/jenkinsfile-runner:master + + steps: + - name: 'Checkout' + uses: actions/checkout@v4 + - name: 'Run Jenkins job' + uses: + jenkinsci/jfr-container-action@master + with: + command: run + jenkinsfile: jenkins/Jenkinsfile + pluginstxt: jenkins/plugins.txt + env: + MAYHEM_URL: 'https://app.mayhem.security' + MAYHEM_TOKEN: ${{ secrets.MAYHEM_TOKEN }} + diff --git a/README.md b/README.md index 61b111b..bc3180d 100644 --- a/README.md +++ b/README.md @@ -117,3 +117,9 @@ If your API server sends back stacktraces in the 500 Internal Server Error (only do this in a test environment -- never in production!), Mayhem for API will try to map issues it finds to the exact line of code that triggered the issue. + +## Example runs + +- Github: see [this repo.](https://github.com/ForAllSecure/mapi-action-examples/actions/workflows/mapi.yml) +- Gitlab: see [https://gitlab.com/mayhem-forallsecure/mayhem-demo/-/jobs/10201916810](https://gitlab.com/mayhem-forallsecure/mayhem-demo/-/jobs/10201916810) +- Jenkins: see [this repo.](https://github.com/ForAllSecure/mapi-action-examples/actions/workflows/jenkins.yml) \ No newline at end of file diff --git a/Jenkinsfile b/jenkins/Jenkinsfile similarity index 94% rename from Jenkinsfile rename to jenkins/Jenkinsfile index d93770a..c120f06 100644 --- a/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -27,9 +27,9 @@ pipeline { sh ''' curl -Lo mapi ${MAYHEM_URL}/cli/mapi/linux-musl/latest/mapi && chmod +x mapi ''' - withCredentials([string(credentialsId: 'MAPI_TOKEN', variable: 'MAPI_TOKEN')]) { + withCredentials([string(credentialsId: 'MAYHEM_TOKEN', variable: 'MAYHEM_TOKEN')]) { sh ''' - ./mapi login ${MAPI_TOKEN} + ./mapi login ${MAYHEM_TOKEN} ./mapi run forallsecure-demo/mapi-action-examples/fastapi auto "http://localhost:8000/openapi.json" --url "http://localhost:8000/" --junit junit.xml --sarif mapi.sarif --html mapi.html ''' } diff --git a/jenkins/plugins.txt b/jenkins/plugins.txt new file mode 100644 index 0000000..d8654a4 --- /dev/null +++ b/jenkins/plugins.txt @@ -0,0 +1,4 @@ +git +docker +junit +credentials \ No newline at end of file From a79382ad16e72dd447ad3f259ca6e27f00e47831 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:24:07 +0000 Subject: [PATCH 02/13] enable testing --- .github/workflows/jenkins.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index cfe8e88..4646584 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -1,12 +1,13 @@ name: 'Mayhem for API on Jenkins' on: push: - branches: [ main ] + branches: [ main, jenkins-example ] pull_request: - branches: [ main ] + branches: [ main, jenkins-example ] workflow_dispatch: + jobs: jenkins-container-pipeline: runs-on: ubuntu-latest From 4eb07c0be9b346be25a3c4437ca3561a2ba48b97 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:24:55 +0000 Subject: [PATCH 03/13] v2 --- .github/workflows/jenkins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index 4646584..840991f 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -16,7 +16,7 @@ jobs: steps: - name: 'Checkout' - uses: actions/checkout@v4 + uses: actions/checkout@v2 - name: 'Run Jenkins job' uses: jenkinsci/jfr-container-action@master From 4f6627acf71b1ce321797bf6c5dfc9a6f201de44 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:27:18 +0000 Subject: [PATCH 04/13] change image --- .github/workflows/jenkins.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index 840991f..81db9e7 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -10,13 +10,13 @@ on: jobs: jenkins-container-pipeline: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 container: image: ghcr.io/jenkinsci/jenkinsfile-runner:master steps: - name: 'Checkout' - uses: actions/checkout@v2 + uses: actions/checkout@v4 - name: 'Run Jenkins job' uses: jenkinsci/jfr-container-action@master From b2c727b7d493bc6f14da7b087ba356e2ac38361d Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 16:27:47 +0000 Subject: [PATCH 05/13] change image again --- .github/workflows/jenkins.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index 81db9e7..c204372 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -10,7 +10,7 @@ on: jobs: jenkins-container-pipeline: - runs-on: ubuntu-22.04 + runs-on: ubuntu-20.04 container: image: ghcr.io/jenkinsci/jenkinsfile-runner:master From 52810e0340597d1b7769677105a242cad1ce2800 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 17:38:05 +0000 Subject: [PATCH 06/13] attempt --- .github/workflows/jenkins.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index c204372..e007adc 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -1,22 +1,17 @@ name: 'Mayhem for API on Jenkins' -on: - push: - branches: [ main, jenkins-example ] - pull_request: - branches: [ main, jenkins-example ] - workflow_dispatch: +on: workflow_dispatch jobs: jenkins-container-pipeline: - runs-on: ubuntu-20.04 + runs-on: ubuntu-22.04 container: image: ghcr.io/jenkinsci/jenkinsfile-runner:master steps: - name: 'Checkout' - uses: actions/checkout@v4 + uses: actions/checkout@v1 - name: 'Run Jenkins job' uses: jenkinsci/jfr-container-action@master From 64fb7a6b7bf272d2fb06826c38037d97549597cc Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 17:39:12 +0000 Subject: [PATCH 07/13] try --- .github/workflows/jenkins.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index e007adc..c99459d 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -1,5 +1,11 @@ name: 'Mayhem for API on Jenkins' -on: workflow_dispatch +on: + push: + branches: [ main, jenkins-example ] + pull_request: + branches: [ main, jenkins-example ] + workflow_dispatch + From c7a1c389343559b110ab3184a08c00a1b79982ec Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 17:39:33 +0000 Subject: [PATCH 08/13] typo --- .github/workflows/jenkins.yml | 5 +---- 1 file changed, 1 insertion(+), 4 deletions(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index c99459d..68af5f0 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -4,10 +4,7 @@ on: branches: [ main, jenkins-example ] pull_request: branches: [ main, jenkins-example ] - workflow_dispatch - - - + workflow_dispatch: jobs: jenkins-container-pipeline: From 24f2188145a08ce01b9bbd47afa9bf64d0efb73b Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 22:34:26 +0000 Subject: [PATCH 09/13] update plugins --- jenkins/plugins.txt | 2 ++ 1 file changed, 2 insertions(+) diff --git a/jenkins/plugins.txt b/jenkins/plugins.txt index d8654a4..8e1e9c3 100644 --- a/jenkins/plugins.txt +++ b/jenkins/plugins.txt @@ -1,4 +1,6 @@ git docker +docker-pipeline +warnings junit credentials \ No newline at end of file From ce385aa69c3b6511817c47979407cc92ec19d536 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 23:47:41 +0000 Subject: [PATCH 10/13] update jenkins example --- jenkins/Jenkinsfile | 16 ++++++++++++---- jenkins/plugins.txt | 1 + 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c120f06..c3135e5 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -1,12 +1,19 @@ // First job pipeline { - agent any + agent { + docker { image 'python:3.9' } + } + + environment { + MAYHEM_URL = 'https://app.mayhem.security' + } stages { stage('Build') { steps { echo 'Building..' sh ''' + cd /workspace pip install -r requirements.txt ''' } @@ -38,7 +45,7 @@ pipeline { sh 'pgrep python3 | xargs kill || true' /* Generate coverage report */ - sh 'python3 -m coverage xml -o coverage.xml' + sh 'python3 -m coverage xml -o coverage.xml || true' } } } @@ -54,7 +61,8 @@ pipeline { junit 'junit.xml' recordIssues(enabledForFailure: true, tool: sarif(pattern: 'mapi.sarif')) - cobertura coberturaReportFile: 'coverage.xml', onlyStable: 'false' + recordCoverage(tools: [[parser: 'COBERTURA', pattern: 'coverage.xml']], + sourceCodeRetention: 'LAST_BUILD') } } -} +} \ No newline at end of file diff --git a/jenkins/plugins.txt b/jenkins/plugins.txt index 8e1e9c3..b548a79 100644 --- a/jenkins/plugins.txt +++ b/jenkins/plugins.txt @@ -3,4 +3,5 @@ docker docker-pipeline warnings junit +coverage credentials \ No newline at end of file From 746ef81263e29cbc56f662e2e69cf8c90a4e4952 Mon Sep 17 00:00:00 2001 From: xansec <76011430+xansec@users.noreply.github.com> Date: Fri, 18 Jul 2025 20:04:27 -0400 Subject: [PATCH 11/13] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index bc3180d..c61279e 100644 --- a/README.md +++ b/README.md @@ -122,4 +122,4 @@ that triggered the issue. - Github: see [this repo.](https://github.com/ForAllSecure/mapi-action-examples/actions/workflows/mapi.yml) - Gitlab: see [https://gitlab.com/mayhem-forallsecure/mayhem-demo/-/jobs/10201916810](https://gitlab.com/mayhem-forallsecure/mayhem-demo/-/jobs/10201916810) -- Jenkins: see [this repo.](https://github.com/ForAllSecure/mapi-action-examples/actions/workflows/jenkins.yml) \ No newline at end of file +- Jenkins: copy the existing [Jenkinsfile](https://github.com/ForAllSecure/mapi-action-examples/blob/jenkins-example/jenkins/Jenkinsfile) into a new pipeline configuration and run the pipeline. Make sure to install the [plugins](https://github.com/ForAllSecure/mapi-action-examples/blob/jenkins-example/jenkins/plugins.txt) From d20e03816d44818b914c451ec4057b2a8742905f Mon Sep 17 00:00:00 2001 From: xansec Date: Thu, 24 Jul 2025 15:18:47 -0400 Subject: [PATCH 12/13] pipeline script --- jenkins/Jenkinsfile | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/jenkins/Jenkinsfile b/jenkins/Jenkinsfile index c3135e5..8969445 100644 --- a/jenkins/Jenkinsfile +++ b/jenkins/Jenkinsfile @@ -22,6 +22,7 @@ pipeline { steps { echo 'Building..' sh ''' + cd /workspace FASTAPI_ENV=test python3 -m coverage run -m uvicorn src.main:app & ''' } @@ -65,4 +66,4 @@ pipeline { sourceCodeRetention: 'LAST_BUILD') } } -} \ No newline at end of file +} From 978e7672a4720b23da5438940b22b57bd6592ae8 Mon Sep 17 00:00:00 2001 From: xansec Date: Thu, 24 Jul 2025 16:57:18 -0400 Subject: [PATCH 13/13] disable git workflow --- .github/workflows/jenkins.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/jenkins.yml b/.github/workflows/jenkins.yml index 68af5f0..c834ac0 100644 --- a/.github/workflows/jenkins.yml +++ b/.github/workflows/jenkins.yml @@ -1,9 +1,5 @@ name: 'Mayhem for API on Jenkins' on: - push: - branches: [ main, jenkins-example ] - pull_request: - branches: [ main, jenkins-example ] workflow_dispatch: jobs: