Configuration on Jenkins
Masking credentials in Jenkins
Provar now supports execution on Jenkins without needing to check the Provar .secrets file into GitHub. This is to reduce exposure of the credentials used in Test Case execution. The solution is to use Jenkins’ credentials plugin to set up the passwords and security tokens as environment variables.
Prerequisites
- A Jenkins server
- Required privileges on Jenkins to install plugins and create a project
Download required plugins
You will need to download and install three Jenkins plugins:
- Credentials plugin: provides a centralized way to define credentials that can be used by your Jenkins instance, plugins and build jobs.
- Credentials Binding plugin: allows you to configure your build jobs to inject credentials as environment variables.
- Plain Credentials plugin: 1 a plugin dependency required by the Credentials Binding plugin.
When all three plugins are installed, your Jenkins installation has the required directives to allow you to inject secrets into Jenkins.
Please refer to Variable Set Syntax for more information based on your Connection type.
Create credentials
Go to Jenkins (menu) and choose Credentials.
Create a new user and password credentials. Once it’s created, copy its credentials ID. This is a hash which is used by Jenkins to identify these specific credentials.
Create and configure your new build job
Create a new item (new job), name it, and select Freestyle project or any other.
After installing the plugins, you will now have a new option under Build Environment which is called Use secret text(s) or file(s) . Tick this option and a new box will appear: Binding and underneath it Add :
Click Add and choose Username and password (separated) :
A new box will appear. Here you can enter the variable name in the format PROVAR_SF_<connection_name> which will hold the real username as in the credentials. You need to also enter the variable name for the password as PROVAR_SF_<connection_name>_password that will hold the real password as in the credentials. Here <connection_name> represents the Name of the connection in Provar.
Note: Do not use underscores for connection names. Using underscores will not allow you to override the secrets.
Add a Build Step to Invoke Ant and provide the ANT build file path location:
Test configuration
Remove .secrets from the Provar Project.
Run your job and check console output.
Console output
Application successfully launched without having .secrets file in a Project:
And if running the same project from Provar you will see an error message:
Known Issues
However, SF OAuth WebFlow connection only worked when Access Token and Refresh Token is kept in the .secrets file and supplying the Consumer Key and Client Secret as per suggested variables (case-sensitive).
- PROVAR_SF_ADMIN_CLIENTSECRET
- PROVAR_SF_ADMIN_CONSUMERKEY
Connection types currently not supported:
- UI Testing
- Database