java -Dhudson.footerURL=http://example.org -jar jenkins.warThis is one stop global knowledge base where you can learn about all the products, solutions and support features.
Jenkins has several "hidden" features that can be enabled with system properties. This page documents many of them and explain how to configure them on your instance.
Some system properties related to the Remoting library used for communication between controller and agents are documented in that component’s repository.
System properties are defined by passing
-Dproperty=value
to the
java
command line to start Jenkins.
Make sure to pass all of these arguments
before
the
-jar
argument, otherwise they will be ignored.
Example:
java -Dhudson.footerURL=http://example.org -jar jenkins.warThe following lists the properties and the version of Jenkins they were introduced in.
Property
- Java property name
Default - Default value if not explicitly set
Since - The version of Jenkins the property was introduced in
Description - Other notes
We do NOT guarantee that system properties will remain unchanged and functional indefinitely. These switches are often experimental in nature, and subject to change without notice. If you find these useful, please file a ticket to promote it to an official feature.
| Due to the very large number of system properties used, often just added as a "safety valve" or "escape hatch" in case a change causes problems, this list is not expected to be complete. |
debug.YUI
false
Whether to use the minified (
false
) or debug (
true
) JS files for the YUI library.
executable-war
Path to
jenkins.war
when invoked as
java -jar jenkins.war
, undefined otherwise.
This is the path to
jenkins.war
and set by the
executable-war
wrapper when invoked using
java -jar jenkins.war
.
This allows Jenkins to find its own
.war
file and e.g. replace it to apply an update.
If undefined, Jenkins will not e.g. offer to update itself.
historyWidget.descriptionLimit
100
Defines a limit for the characters shown in the description field for each build row in the Build History column.
A positive integer (e.g.
300
) will define the limit.
After the limit is reached (…) will be shown.
The value
-1
disables the limit and allows unlimited characters in the build description.
The value
0
shows no description.
hudson.bundled.plugins
undefined
Specify a location for additional bundled plugins during plugin development (
hpi:run
).
There is no reason this would be set by an administrator.
hudson.ClassicPluginStrategy.noBytecodeTransformer
false
Disable the bytecode transformer that retains compatibility at runtime after changing public Java APIs. Has no effect since 2.296, as the bytecode transformer has been removed.
hudson.ClassicPluginStrategy.useAntClassLoader
false
(until 2.309 and since 2.348),
true
(from 2.310 to 2.347)
Unused between 1.527 and 2.309.
Since 2.310, can be set to
false
to use
URLClassLoader
instead.
This is the default since 2.347.
hudson.cli.CLI.pingInterval
3000
Client-side HTTP CLI ping interval in milliseconds.
Set on the CLI client (
java -jar jenkins-cli.jar
), not Jenkins server process.
hudson.ConsoleNote.INSECURE
false
Whether to load unsigned console notes. See SECURITY-382 on Jenkins Security Advisory 2017-02-01.
hudson.consoleTailKB
150
How many KB of console log to show in default console view. This property had no effect from Jenkins 2.4 (inclusive) until 2.98/2.89.3 (exclusive), see JENKINS-48593.
hudson.diagnosis.HudsonHomeDiskUsageChecker.freeSpaceThreshold
1073741824
(1 GB, up to 2.39),
10737418240
(10 GB, from 2.40)
If there’s less than this amount of free disk space, in bytes, on the disk with the Jenkins home directory, and the disk is 90% or more full, a warning will be shown to administrators.
hudson.diyChunking
false
Set to
true
if the servlet container doesn’t support chunked encoding.
hudson.DNSMultiCast.disabled
false
until 2.218,
true
in 2.219
Set to
true
to disable DNS multicast.
Has no effect since 2.220 as the feature has been removed.
See SECURITY-1641
hudson.FilePath.VALIDATE_ANT_FILE_MASK_BOUND
10000
Max. number of operations to validate a file mask (e.g. pattern to archive artifacts).
hudson.footerURL
https://jenkins.io
Allows tweaking the URL displayed at the bottom of Jenkins' UI
hudson.Functions.autoRefreshSeconds
10
Number of seconds between reloads when Auto Refresh is enabled. Obsolete since the feature was removed in Jenkins 2.223.
hudson.Functions.hidingPasswordFields
true
Jenkins 2.205 and newer attempts to prevent browsers from offering to auto-fill password form fields by using a custom password control.
Setting this to
false
reverts to the legacy behavior of using mostly standard password form fields.
hudson.lifecycle
automatically determined based on environment, see
hudson.lifecycle.Lifecycle
Specify full class name for Lifecycle implementation to override default. See documentation for class names.
hudson.logging.LogRecorderManager.skipPermissionCheck
false
Disable security hardening for LogRecorderManager Stapler access. Possibly unsafe, see 2018-12-05 security advisory.
hudson.Main.development
false
in production,
true
in development
This is set to
true
by the development tooling to identify when Jenkins is running via
jetty:run
or
hpi:run
.
Can be used to distinguish between development and production use; most prominently used to bypass the setup wizard when running with an empty Jenkins home directory during development.
hudson.Main.timeout
15000
When using
jenkins-core.jar
from the CLI, this is the connection timeout connecting to Jenkins to report a build result.
hudson.markup.MarkupFormatter.previewsAllowGET
false
Controls whether URLs implementing markup formatter previews are accessible via GET. See 2021-01-13 security advisory.
hudson.markup.MarkupFormatter.previewsSetCSP
true
Controls whether to set restrictive Content-Security-Policy headers on URLs implementing markup formatter previews. See 2021-01-13 security advisory.
hudson.matrix.MatrixConfiguration.useShortWorkspaceName
false
Use shorter but cryptic names in matrix build workspace directories. Avoids problems with 256 character limit on paths in Cygwin, path depths problems on Windows, and shell metacharacter problems with label expressions on most platforms. See JENKINS-25783.
hudson.model.AbstractItem.skipPermissionCheck
false
Disable security hardening related to Stapler routing for AbstractItem. Possibly unsafe, see 2018-12-05 security advisory.
hudson.model.Api.INSECURE
false
Set to
true
to permit accessing the Jenkins remote API in an unsafe manner.
See SECURITY-47.
Deprecated, use e.g. Secure Requester Whitelist instead.
hudson.model.AsyncAperiodicWork.logRotateMinutes
1440
The number of minutes after which to try and rotate the log file used by any AsyncAperiodicWork extension.
For fine-grained control of a specific extension you can use the
FullyQualifiedClassName
.logRotateMinutes
system property to only affect a specific extension.
It is not anticipated that you will ever need to change these defaults.
hudson.model.AsyncAperiodicWork.logRotateSize
-1
When starting a new run of any AsyncAperiodicWork extension, if this value is non-negative and the existing log file is larger than the specified number of bytes then the log file will be rotated.
For fine-grained control of a specific extension you can use theÂ
FullyQualifiedClassName
.logRotateSize
system property to only affect a specific extension.
It is not anticipated that you will ever need to change these defaults.
hudson.model.AsyncPeriodicWork.logRotateMinutes
1440
The number of minutes after which to try and rotate the log file used by any AsyncPeriodicWork extension.
For fine-grained control of a specific extension you can use theÂ
FullyQualifiedClassName
.logRotateMinutes
system property to only affect a specific extension.
It is not anticipated that you will ever need to change these defaults.
Some implementations that can be individually configured (see FullyQualifiedClassName above):
hudson.model.WorkspaceCleanupThread
hudson.model.FingerprintCleanupThread
hudson.slaves.ConnectionActivityMonitor
jenkins.DailyCheck
jenkins.model.BackgroundGlobalBuildDiscarder
jenkins.telemetry.Telemetry$TelemetryReporter
hudson.model.AsyncPeriodicWork.logRotateSize
-1
When starting a new run of any AsyncPeriodicWork extension, if this value is non-negative and the existing log file is larger than the specified number of bytes then the log file will be rotated.
For fine-grained control of a specific extension you can use theÂ
FullyQualifiedClassName
.logRotateSize
system property to only affect a specific extension.
It is not anticipated that you will ever need to change these defaults
Some implementations that can be individually configured (see FullyQualifiedClassName above):
hudson.model.WorkspaceCleanupThread
hudson.model.FingerprintCleanupThread
hudson.slaves.ConnectionActivityMonitor
jenkins.DailyCheck
jenkins.model.BackgroundGlobalBuildDiscarder
jenkins.telemetry.Telemetry$TelemetryReporter
hudson.model.DirectoryBrowserSupport.allowAbsolutePath
false
Escape hatch for SECURITY-2481.
Set this to
true
to allow browsing to absolute paths.
hudson.model.DirectoryBrowserSupport.allowSymlinkEscape
false
Escape hatch for SECURITY-904 and SECURITY-1452.
hudson.model.DirectoryBrowserSupport.CSP
sandbox; default-src 'none'; image-src 'self'; style-src 'self';
Determines the Content Security Policy header sent for static files served by Jenkins. Only affects instances that don’t have a resource root URL set up. See Configuring Content Security Policy for more details.
hudson.model.DownloadService$Downloadable.defaultInterval
86400000
(1 day)
Interval between periodic downloads of Downloadables , typically tool installer metadata.
hudson.model.DownloadService.never
false
Suppress the periodic download of data files for plugins via browser-based download. Since Jenkins 2.200, this has no effect.
hudson.model.DownloadService.noSignatureCheck
false
Skip the update site signature check.
Setting this to
true
can be unsafe.
hudson.model.Hudson.flyweightSupport
false
before 1.337;
true
from 1.337; unused since 1.598
Matrix parent job and other flyweight tasks (e.g. Build Flow plugin) won’t consume an executor when
true
.
Unused since 1.598, flyweight support is now always enabled.
hudson.model.Hudson.initLogLevel
Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.initLogLevel
.
Removed since 2.272.
hudson.model.Hudson.killAfterLoad
Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.killAfterLoad
.
Removed since 2.272.
hudson.model.Hudson.logStartupPerformance
Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.logStartupPerformance
.
Removed since 2.272.
hudson.model.Hudson.parallelLoad
Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.parallelLoad
.
Removed since 2.272.
hudson.model.Hudson.workspaceDirName
Deprecated: Backward-compatible fallback for
jenkins.model.Jenkins.workspaceDirName
.
Removed since 2.272.
hudson.model.LabelAtom.allowFolderTraversal
false
Controls whether label names containing unsafe characters that lead to path traversal can be saved. See 2.263.2 upgrade guide.
hudson.model.LoadStatistics.clock
10000
(10 seconds)
Load statistics clock cycle in milliseconds.
hudson.model.LoadStatistics.decay
0.9
Decay ratio for every clock cycle in node utilization charts.
hudson.model.MultiStageTimeSeries.chartFont
SansSerif-10
Font used for load statistics. See Java documentation on how the value is decoded.
hudson.model.Node.SKIP_BUILD_CHECK_ON_FLYWEIGHTS
true
Whether to allow building flyweight tasks even if the necessary permission (Computer/Build) is missing. See JENKINS-46652.
hudson.model.ParametersAction.keepUndefinedParameters
undefined
If true, not discard parameters for builds that are not defined on the job. Enabling this can be unsafe. Since Jenkins 2.40, if set to false, will not log a warning message that parameters were defined but ignored.
hudson.model.ParametersAction.safeParameters
undefined
Comma-separated list of additional build parameter names that should not be discarded even when not defined on the job.
hudson.model.Queue.cacheRefreshPeriod
1000
Defines the refresh period for the internal queue cache (in milliseconds). The greater period workarounds web UI delays on large installations, which may be caused by locking of the build queue by build executors. Downside: Builds appear in the queue with a noticeable delay.
hudson.model.Queue.Saver.DELAY_SECONDS
60
Maximal delay of a save operation when content of Jenkins queue changes. This works as a balancing factor between queue consistency guarantee in case of Jenkins crash (short delay) and decreasing IO activity based on Jenkins load (long delay).
hudson.model.Run.ArtifactList.listCutoff
16
More artifacts than this will use tree view or simple link rather than listing out artifacts
hudson.model.Run.ArtifactList.treeCutoff
40
More artifacts than this will show a simple link to directory browser rather than showing artifacts in tree view
hudson.model.Slave.workspaceRoot
workspace
name of the folder within the agent root directory to contain workspaces
hudson.model.UpdateCenter.className
effectively
hudson.model.UpdateCenter
This allows overriding the implementation class for update center when customizing the
.war
packaging of Jenkins.
Cannot be used for plugins.
hudson.model.UpdateCenter.defaultUpdateSiteId
default
Configure a different ID for the default update site. Useful for custom war distributions or externally provided UC data files.
hudson.model.UpdateCenter.never
false
When true, don’t automatically check for new versions
hudson.model.UpdateCenter.pluginDownloadReadTimeoutSeconds
60
Read timeout in seconds for downloading plugins.
hudson.model.UpdateCenter.skipPermissionCheck
false
Disable security hardening related to Stapler routing for UpdateCenter. Possibly unsafe, see 2018-12-05 security advisory.
hudson.model.UpdateCenter.updateCenterUrl
https://updates.jenkins.io/
Deprecated: Override the default update site URL. May have no effect since Jenkins 1.333.
hudson.model.UsageStatistics.disabled
false
Set to
true
to opt out of usage statistics collection, independent of UI option.
hudson.model.User.allowNonExistentUserToLogin
false
When
true
, does not check auth realm for existence of user if there’s a record in Jenkins.
Unsafe, but may be used on some instances for service accounts
hudson.model.User.allowUserCreationViaUrl
false
Whether admins accessing
/user/example
creates a user record (see SECURITY-406 on Jenkins Security Advisory 2017-02-01)
hudson.model.User.SECURITY_243_FULL_DEFENSE
true
When false, skips part of the fix that tries to determine whether a given user ID exists, and if so, doesn’t consider users with the same full name during resolution.
hudson.model.User.skipPermissionCheck
false
Disable security hardening related to Stapler routing for User. Possibly unsafe, see 2018-12-05 security advisory.
hudson.model.WorkspaceCleanupThread.disabled
false
Don’t clean up old workspaces on agent nodes
hudson.model.WorkspaceCleanupThread.recurrencePeriodHours
24
How frequently workspace cleanup should run, in hours.
hudson.model.WorkspaceCleanupThread.retainForDays
30
Unused workspaces are retained for this many days before qualifying for deletion.
hudson.node_monitors.AbstractNodeMonitorDescriptor.periodMinutes
60
(1 hour)
How frequently to update node monitors by default, in minutes.
hudson.PluginManager.checkUpdateAttempts
1
Number of attempts to check the updates sites.
hudson.PluginManager.checkUpdateSleepTimeMillis
1000
Time (milliseconds) elapsed between retries to check the updates sites.
hudson.PluginManager.className
effectively
hudson.LocalPluginManager
Can be used to specify a different
PluginManager
implementation when customizing the
.war
packaging of Jenkins.
Cannot be used for plugins.
hudson.PluginManager.noFastLookup
false
Disable fast lookup using
ClassLoaderReflectionToolkit
which reflectively accesses internal methods of
ClassLoader
.
hudson.PluginManager.skipPermissionCheck
false
Disable security hardening related to Stapler routing for PluginManager. Possibly unsafe, see 2018-12-05 security advisory.
hudson.PluginManager.workDir
undefined
Location of the base directory for all exploded .hpi/.jpi plugins.
By default the plugins will be extracted under
$JENKINS_HOME/plugins/
.
hudson.PluginStrategy
effectively
hudson.ClassicPluginStrategy
Allow plugins to be loaded into a different environment, such as an existing DI container like Plexus.
Specify the full class name of a
hudson.PluginStrategy
implementation to override the default.
hudson.PluginWrapper.dependenciesVersionCheck.enabled
true
Set to
false
to skip the version check for plugin dependencies.
hudson.ProxyConfiguration.DEFAULT_CONNECT_TIMEOUT_MILLIS
20000
Connection timeout applied to connections e.g. to the update site.
hudson.remoting.ChannelBuilder.allCallablesCanIgnoreRoleChecker
false
Disable requirement for remoting callables to perform a role check. See the description in the upgrade guide.
hudson.remoting.ChannelBuilder.specificCallablesCanIgnoreRoleChecker
undefined
Comma-separated list of class names allowed to bypass role check requirement. See the description in the upgrade guide.
hudson.remoting.ClassFilter
undefined
Allow or disallow the deserialization of specified types.
Comma-separated class names, entries are whitelisted unless prefixed with
!
.
See JEP-200#backwards-compatibility: JEP-200 and JENKINS-47736.
hudson.scheduledRetention
false
Control a agent based on a schedule
hudson.scm.SCM.useAutoBrowserHolder
false
since Jenkins 2.9,
true
before
When set to
true
, Jenkins will guess the repository browser used to render links in the changelog.
hudson.script.noCache
false
in production,
true
during development
When set to true, Jenkins will not reference resource files through the
/static/…/
URL space, preventing their caching.
This is set to
true
during development by default, and
false
otherwise.
hudson.search.Search.skipPermissionCheck
false
Disable security hardening related to Stapler routing for Search. Possibly unsafe, see 2018-12-05 security advisory.
hudson.security.AccessDeniedException2.REPORT_GROUP_HEADERS
false
If set to true, restore pre-2.46 behavior of sending HTTP headers on "access denied" pages listing group memberships.
hudson.security.ArtifactsPermission
false
The Artifacts permission allows to control access to artifacts; When this property is unset or set to false, access to artifacts is not controlled
hudson.security.csrf.CrumbFilter.UNPROCESSED_PATHINFO
false
Escape hatch for SECURITY-1774.
hudson.security.csrf.DefaultCrumbIssuer.EXCLUDE_SESSION_ID
false
Escape hatch for SECURITY-626.
hudson.security.csrf.GlobalCrumbIssuerConfiguration.DISABLE_CSRF_PROTECTION
false
Restore the ability to disable CSRF protection after the UI for doing so was removed from Jenkins 2.222.
hudson.security.csrf.requestfield
.crumb
(Jenkins 1.x),
Jenkins-Crumb
(Jenkins 2.0)
Parameter name that contains a crumb value on POST requests
hudson.security.ExtendedReadPermission
false
The ExtendedReadPermission allows read-only access to "Configure" pages; can also enable with extended-read-permission plugin
hudson.security.HudsonPrivateSecurityRealm.ID_REGEX
[a-zA-Z0-9_-]+
Regex for legal user names in Jenkins user database. See SECURITY-786.
hudson.security.HudsonPrivateSecurityRealm.maximumBCryptLogRound
18
Limits the number of rounds for pre-computed BCrypt hashes of user passwords for the Jenkins user database to prevent excessive computation.
hudson.security.LDAPSecurityRealm.groupSearch
LDAP filter to look for groups by their names
hudson.security.SecurityRealm.sessionFixationProtectionMode
1
Escape hatch for SECURITY-2371.
Set to
0
to disable the fix or to
2
to select an alternative implementation.
hudson.security.TokenBasedRememberMeServices2.skipTooFarExpirationDateCheck
false
Escape hatch for SECURITY-868
hudson.security.WipeOutPermission
false
The WipeOut permission allows to control access to the "Wipe Out Workspace" action, which is normally available as soon as the Build permission is granted
hudson.slaves.ChannelPinger.pingInterval
5
Frequency (in minutes) of pings between the controller and agents.
Deprecated since 2.37, use
hudson.slaves.ChannelPinger.pingIntervalSeconds
instead.
hudson.slaves.ChannelPinger.pingIntervalSeconds
300
Frequency of pings between the controller and agents, in seconds
hudson.slaves.ChannelPinger.pingTimeoutSeconds
240
Timeout for each ping between the controller and agents, in seconds
hudson.slaves.ConnectionActivityMonitor.enabled
false
Whether to enable this feature that checks whether agents are alive and cuts them off if not.
hudson.slaves.ConnectionActivityMonitor.frequency
10000
(10 seconds)
How frequently to check for channel activity, in milliseconds.
hudson.slaves.ConnectionActivityMonitor.timeToPing
180000
(3 minutes)
How long to wait after startup to start checking agent connections, in milliseconds.
hudson.slaves.NodeProvisioner.initialDelay
10 times
hudson.model.LoadStatistics.clock
, typically 100 seconds
How long to wait after startup before starting to provision nodes from clouds. This will allow static agents to start and handle the load first.
hudson.slaves.NodeProvisioner.MARGIN
hudson.slaves.NodeProvisioner.MARGIN0
hudson.slaves.NodeProvisioner.MARGIN_DECAY
hudson.slaves.NodeProvisioner.recurrencePeriod
Equal to
hudson.model.LoadStatistics.clock
, typically 10 seconds
How frequently to possibly provision nodes.
hudson.slaves.SlaveComputer.allowUnsupportedRemotingVersions
false
Allow connection by agents running unsupported remoting versions.
hudson.slaves.WorkspaceList
@
When concurrent builds is enabled, a unique workspace directory name is required for each concurrent build. To create this name, this token is placed between project name and a unique ID, e.g. "my-project@123".
hudson.tasks.ArtifactArchiver.warnOnEmpty
false
When true, builds don’t fail when there is nothing to archive
hudson.tasks.Fingerprinter.enableFingerprintsInDependencyGraph
false
When true, jobs associated through fingerprints are added to the dependency graph, even when there is no configured upstream/downstream relationship between them.
hudson.tasks.MailSender.maxLogLines
250
Number of lines of console output to include in emails
hudson.TcpSlaveAgentListener.hostName
Same as the configured Jenkins root URL
Host name that Jenkins advertises to inbound TCP agents. Especially useful when running Jenkins behind a reverse proxy.
hudson.TcpSlaveAgentListener.port
Same as the configured TCP agent port
Port that Jenkins advertises to inbound TCP agents. Especially useful when running Jenkins behind a reverse proxy.
hudson.TreeView
false
Enables the experimental nested views feature. Has no effect since 2.302, as the experimental nested views feature has been removed.
hudson.triggers.SafeTimerTask.logsTargetDir
$JENKINS_HOME/logs
Allows to move the logs usually found under
$JENKINS_HOME/logs
to another location.
Beware that no migration is handled if you change it on an existing instance.
hudson.triggers.SCMTrigger.starvationThreshold
3600000
(1 hour)
Milliseconds waiting for polling executor before trigger reports it is clogged.
hudson.udp
33848
until 2.218,
-1
in 2.219
Port for UDP multicast broadcast. Set to -1 to disable. Has no effect since 2.220 as the feature has been removed. See SECURITY-1641
hudson.upstreamCulprits
false
Pass blame information to downstream jobs.
hudson.util.AtomicFileWriter.DISABLE_FORCED_FLUSH
false
Disables the forced flushing when calling
#close()
.
Not expected to be used.
hudson.util.CharacterEncodingFilter.disableFilter
false
Set to
true
to disable the filter that sets request encoding to UTF-8 if it’s undefined and its content type is
text/xml
or
application/xml
(API submissions).
hudson.util.CharacterEncodingFilter.forceEncoding
false
Set to
true
to force the request encoding to UTF-8 even if a different character set is declared.
hudson.Util.deletionRetryWait
100
The time (in milliseconds) to wait between attempts to delete files when retrying. This has no effect unless hudson.Util.maxFileDeletionRetries is greater than 1. If zero, there will be no delay between attempts. If negative, the delay will be a (linearly) increasing multiple of this value between attempts.
hudson.util.Digester2.UNSAFE
false
Opts out of a change in default behavior that disables the processing of XML external entities (XXE) for the
Digester2
class in Jenkins if set to
true
.
This system property can be changed while Jenkins is running and the change is effective immediately.
See 2.263.2 upgrade guide.
Has no effect since 2.297, as the
Digester2
class has been removed.
hudson.util.FormValidation.applyContentSecurityPolicyHeaders
true
Controls whether to set restrictive Content-Security-Policy headers on URLs implementing form validation responses. This reduces the impact of cross-site scripting (XSS) vulnerabilities in form validation output. See 2.263.2 upgrade guide.
hudson.util.Graph.maxArea
10000000
(10 million)
Controls the maximum size (area) for requests to render graphs like load statistics. See 2021-01-13 security advisory.
hudson.Util.maxFileDeletionRetries
3
The number of times to attempt to delete files/directory trees before giving up and throwing an exception. Specifying a value less than 1 is invalid and will be treated as if a value of 1 (i.e. one attempt, no retries) was specified. See JENKINS-10113 and JENKINS-15331.
hudson.Util.noSymLink
false
True to disable creation of symbolic links in job/builds directories
hudson.Util.performGCOnFailedDelete
false
If this flag is set to
true
then we will request a garbage collection after a deletion failure before we next retry the delete.
It is ignored unless
hudson.Util.maxFileDeletionRetries
is greater than 1.
Setting this flag to
true
may
resolve some problems on Windows, and also for directory trees residing on an NFS share, but it can have a negative impact on performance and may have no effect at all (GC behavior is JVM-specific).
Warning
: This should only ever be used if you find that your builds are failing because Jenkins is unable to delete files, that this failure is because Jenkins itself has those files locked "open", and even then it should only be used on agents with relatively few executors (because the garbage collection can impact the performance of all job executors on that agent).
Setting this flag is a act of last resort - it is not recommended, and should not be used on your main Jenkins server unless you can tolerate the performance impact
.
hudson.util.ProcessTree.disable
false
True to disable cleanup of child processes.
hudson.util.RingBufferLogHandler.defaultSize
256
Number of log entries in loggers available on the UI at
/log/
hudson.util.RobustReflectionConverter.recordFailuresForAdmins
false
If set to
true
, Old Data Monitor will record some failures to load data submitted by users with Overall/Administer permission, partially disabling a security fix.
See 2021-01-13 security advisory and
hudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications
.
hudson.util.RobustReflectionConverter.recordFailuresForAllAuthentications
false
If set to
true
, Old Data Monitor will record some failures to load data submitted by all authorized users, completely disabling a security fix.
See 2021-01-13 security advisory and
hudson.util.RobustReflectionConverter.recordFailuresForAdmins
.
hudson.util.Secret.AUTO_ENCRYPT_PASSWORD_CONTROL
true
Jenkins automatically round-trips
f:password
based form fields as encrypted
Secret
even if the field is not of type
Secret
.
Set this to
false
to disable this behavior, doing so is discouraged.
hudson.util.Secret.BLANK_NONSECRET_PASSWORD_FIELDS_WITHOUT_ITEM_CONFIGURE
true
If the user is missing
Item/Configure
permission, Jenkins 2.236 and newer will blank out the password value automatically even if the form field is not backed by a
Secret
.
Set this to
false
to disable this behavior, doing so is discouraged.
hudson.util.Secret.provider
system default
Force a particular crypto provider; with Glassfish Enterprise set value to
SunJCE
to workaround JENKINS-6459 and GLASSFISH-11862.
hudson.util.StreamTaskListener.AUTO_FLUSH
false
Jenkins no longer automatically flushes streams for code running remotely on agents for better performance. This may lead to loss of messages for plugins which print to a build log from the agent machine but do not flush their output. Use this flag to restore the previous behavior for freestyle builds.
hudson.Util.symlinkEscapeHatch
false
True to use exec of "ln" binary to create symbolic links instead of native code
hudson.Util.useNativeChmodAndMode
false
True to use native (JNA/JNR) implementation to set file permissions instead of NIO. Removed without replacement in 2.304.
hudson.util.XStream2.collectionUpdateLimit
5
The maximum number of seconds that adding elements to collections may cumulatively take when loading an XML document using XStream, or
-1
to disable.
See 2022-02-09 security advisory for context.
hudson.WebAppMain.forceSessionTrackingByCookie
true
Set to
false
to not force session tracking to be done via cookie.
Escape hatch for JENKINS-61738.
hudson.widgets.HistoryWidget.threshold
30
How many builds to show in the build history side panel widget.
HUDSON_HOME
n/a
Backward compatible fallback name for
JENKINS_HOME
.
See documentation there.
jekins.SoloFilePathFilter.redactErrors
true
Set to
false
to not redact error messages when the agent-to-controller file path filters reject a file access.
This can give attackers information about files and directories on the Jenkins controller file system.
jenkins.CLI.disabled
false
true
to disable Jenkins CLI via JNLP and HTTP (SSHD can still be enabled)
jenkins.InitReactorRunner.concurrency
2x of CPU
During start of Jenkins, loading of jobs in parallel have a fixed number of threads by default (twice the CPU).
To make Jenkins load time 8x faster (assuming sufficient IO), increase it to 8x.
For example, 24 CPU Jenkins controller host use this:
-Dhudson.InitReactorRunner.concurrency=192
jenkins.install.runSetupWizard
undefined
Set to
false
to skip install wizard.
Note that doing so leaves Jenkins unsecured.
Development-mode only: Set to
true
to not skip showing the setup wizard during Jenkins development.
This property is only effective the first time you run Jenkins in given
JENKINS_HOME
.
jenkins.install.SetupWizard.adminInitialApiToken
The default admin account will not have an API Token unless a value is provided for this system property
This property determines the behavior during the SetupWizard install phase concerning the API Token creation for the initial admin account. The behavior depends on the provided value:
true
A token is generated using random value at startup and the information is put in the file
$JENKINS_HOME/secrets/initialAdminApiToken
.
A fixed API Token will be created for the user with provided value as the token.
A fixed API Token will be created for the user with the value read from the file. Jenkins will not delete the file after read, so the script is responsible to remove it when no longer needed.
Token format is
[2-char hash version][32-hex-char of secret]
, where the hash version is currently only 11, e.g.,
110123456789abcdef0123456789abcdef
.
For example can be generated in following ways:
manually by prepending
11
to output of random generator website.
Ask for 32 hex digits or 16 bytes in hex, e.g. https://www.browserling.com/tools/random-hex, https://www.random.org/bytes/
in a shell:
echo "11$(openssl rand -hex 16)"
in JavaScript:
const genRanHex = size ⇒ […Array(size)].map) ⇒ Math.floor(Math.random() * 16).toString(16.join(''); console.log('11' + genRanHex(32));
When the API Token is generated using this system property, it should be revoked during the installation script using the other ways at your disposal so that you have a fresh (random) token with less traces for your script.
See ApiTokenProperty#generateNewToken(String) and ApiTokenProperty#revokeAllTokensExceptOne(String) for scripting methods or using the web API calls:
/user/[user-login]/descriptorByName/jenkins.security.ApiTokenProperty/generateNewToken
and
/user/[user-login]/descriptorByName/jenkins.security.ApiTokenProperty/revokeAllExcept
jenkins.model.Jenkins.additionalReadablePaths
undefined
A comma-separated list of additional top level path segments that should be accessible to users without Overall/Read permission. See 2021-01-13 security advisory.
jenkins.model.Jenkins.buildsDir
${ITEM_ROOTDIR}/builds
The configuration of a given job is located underÂ
$JENKINS_HOME/jobs/[JOB_NAME]/config.xml
 and its builds are underÂ
$JENKINS_HOME/jobs/[JOB_NAME]/builds
by default.
This option allows you to store builds elsewhere, which can be useful with finer-grained backup policies, or to store the build data on a faster disk such as an SSD.
The following placeholders are supported for this value:
${JENKINS_HOME}
 â Resolves to the Jenkins home directory.
${ITEM_ROOTDIR}
â The directory containing the job metadata within Jenkins home.
${ITEM_FULL_NAME}
â The full name of the item, with file system unsafe characters replaced by others.
${ITEM_FULLNAME}
â See above, but does not replace unsafe characters.
This is a legacy option and should not be used.
For instance, if you would like to store builds outside of Jenkins home, you can use a value like the following:Â
/some_other_root/builds/${ITEM_FULL_NAME}
This used to be a UI setting, but was removed in 2.119 as it did not support migration of existing build records and could lead to build-related errors until restart.
To manually migrate existing build records when starting to use this option (
TARGET_DIR
is the value supplied to
jenkins.model.Jenkins.buildsDir
):
For Pipeline and Freestyle job types, run this for each
JOB_NAME
:
mkdir -p [TARGET_DIR]
mv $JENKINS_HOME/jobs/[JOB_NAME]/builds [TARGET_DIR]/[JOB_NAME]
For Multibranch Pipeline jobs, run for each
BRANCH_NAME
:
mkdir -p [TARGET_DIR]/[JOB_NAME]/branches/
mv $JENKINS_HOME/jobs/[JOB_NAME]/branches/[BRANCH_NAME]/builds \
[TARGET_DIR]/[JOB_NAME]/branches/[BRANCH_NAME]
For Organization Folders, run this for each
REPO_NAME
and
BRANCH_NAME
:
mkdir -p [TARGET_DIR]/[ORG_NAME]/jobs/[REPO_NAME]/branches/
mv $JENKINS_HOME/jobs/[ORG_NAME]/jobs/[REPO_NAME]/branches/[BRANCH_NAME]/builds \
[TARGET_DIR]/[ORG_NAME]/jobs/[REPO_NAME]/branches/[BRANCH_NAME]
jenkins.model.Jenkins.crumbIssuerProxyCompatibility
false
true
to enable crumb proxy compatibility when running the Setup Wizard for the first time.
jenkins.model.Jenkins.disableExceptionOnNullInstance
false
true
to disable throwing an
IllegalStateException
when
Jenkins.getInstance()
returns
null
jenkins.model.Jenkins.enableExceptionOnNullInstance
false
true
to enable throwing an
IllegalStateException
when
Jenkins.getInstance()
returns
null
jenkins.model.Jenkins.exitCodeOnRestart
5
When using the
-Dhudson.lifecycle=hudson.lifecycle.ExitLifecycle
, exit using this exit code when Jenkins is restarted
jenkins.model.Jenkins.initLogLevel
FINE
Log level for verbose messages from the init reactor listener.
jenkins.model.Jenkins.killAfterLoad
false
Exit Jenkins right after loading. Intended as a development/testing aid only.
jenkins.model.Jenkins.logStartupPerformance
false
Log startup timing info. Note that some messages are not logged on levels visible by default (i.e. INFO and up).
jenkins.model.Jenkins.nameValidationRejectsTrailingDot
true
Set to
false
to allow names to end with a trailing
.
character, which can cause problems on Windows.
Escape hatch for SECURITY-2424.
jenkins.model.Jenkins.parallelLoad
true
Loads job configurations in parallel on startup.
jenkins.model.Jenkins.slaveAgentPort
-1
(disabled) since 2.0,
0
in Jenkins 1.x.
Specifies the default TCP agent port unless/until configured differently on the UI.
-1
to disable,
0
for random port, other values for fixed port.
jenkins.model.Jenkins.slaveAgentPortEnforce
false
If true, enforces the specified
jenkins.model.Jenkins.slaveAgentPort
on startup and will not allow changing it through the UI
jenkins.model.Jenkins.workspaceDirName
workspace
Obsolete: Was used as the default workspace directory name in the legacy workspace directory layout (workspace directories within job directories).
jenkins.model.Jenkins.workspacesDir
${JENKINS_HOME}/workspace/${ITEM_FULL_NAME}
Allows to change the directory layout for the job workspaces on the controller node.
SeeÂ
jenkins.model.Jenkins.buildsDir
for supported placeholders.
jenkins.model.JenkinsLocationConfiguration.disableUrlValidation
false
Disable URL validation intended to prevent an XSS vulnerability. See SECURITY-1471 for details.
jenkins.model.lazy.BuildReference.MODE
soft
Configure the kind of reference Jenkins uses to hold builds in memory.
Choose from among
soft
,
weak
,
strong
, and
not
(do not hold builds in memory at all).
Intended mostly as a debugging aid.
See JENKINS-19400.
jenkins.model.Nodes.enforceNameRestrictions
true
Whether to enforce new name restrictions for agent names. See 2021-01-13 security advisory.
jenkins.model.StandardArtifactManager.disableTrafficCompression
false
true
to disable GZIP compression of artifacts when they’re transferred from agent nodes to controller. Uses less CPU at the cost of increased network traffic.
jenkins.monitor.JavaVersionRecommendationAdminMonitor.disable
false
true
to disable the monitor that recommends Java 11.
jenkins.security.ApiTokenProperty.adminCanGenerateNewTokensÂ
false
true
to allow users with Overall/Administer permission to create API tokens using the new system for any user.
Note that the user will not be able to use that token since it’s only displayed to the creator, once.
jenkins.security.ApiTokenProperty.showTokenToAdmins
false
True to show API tokens for users to administrators on the user configuration page.
This was set to
false
as part of SECURITY-200
jenkins.security.ClassFilterImpl.SUPPRESS_ALL
false
Do not perform any JEP-200 class filtering when deserializing data.
Setting this to
true
is unsafe.
See documentation.
jenkins.security.ClassFilterImpl.SUPPRESS_WHITELIST
false
Do not perform whitelist-based JEP-200 class filtering when deserializing data.
With this flag set, only explicitly blacklisted types will be rejected.
Setting this to
true
is unsafe.
See documentation.
jenkins.security.FrameOptionsPageDecorator.enabled
true
Whether to send
X-Frame-Options: sameorigin
header, set to
false
to disable and make Jenkins embeddable
jenkins.security.ignoreBasicAuth
false
When set to
true
, disable
Basic
authentication with username and password (rather than API token).
jenkins.security.ManagePermission
false
Enable the optional Overall/Manage permission that allows limited access to administrative features suitable for a hosted Jenkins environment. See JEP-223.
jenkins.security.ResourceDomainRootAction.validForMinutes
30
How long a resource URL served from the resource root URL will be valid for before users are required to reauthenticate to access it. See inline documentation in Jenkins for details.
jenkins.security.s2m.CallableDirectionChecker.allow
false
This flag can be set to
true
to disable the agent-to-controller security system entirely.
Since Jenkins 2.326, this is the only way to do that, as the UI option has been removed.
jenkins.security.s2m.CallableDirectionChecker.allowAnyRole
true
This flag can be set to
false
to explicitly reject
Callable
implementations that do not declare any required role.
It is unclear whether this can safely be set to
false
in Jenkins before 2.335, or whether that would cause problems with some remoting built-in callables.
This flag was removed in Jenkins 2.335.
jenkins.security.s2m.DefaultFilePathFilter.allow
false
Allow all file paths on the Jenkins controller to be accessed from agents. This disables a big part of SECURITY-144 protections.
jenkins.security.s2m.RunningBuildFilePathFilter.FAIL
true
Set to
false
to not reject attempts to access file paths in build directories of builds not currently being built on the accessing agent.
Instead, only a warning is logged.
Attempts to access file paths in build directories from other processes will still fail.
See the description of the SECURITY-2458 security fix for context.
jenkins.security.s2m.RunningBuildFilePathFilter.SKIP
false
Set to
true
to disable the additional protection to not reject attempts to access file paths in build directories.
This will restore access to any build directories both from agents and from other processes with a remoting channel, like Maven Integration Plugin.
See the description of the SECURITY-2458 security fix for context.
jenkins.security.seed.UserSeedProperty.disableUserSeed
false
Disables user seed . Escape hatch for SECURITY-901.
jenkins.security.seed.UserSeedProperty.hideUserSeedSection
false
Hide the UI for user seed introduced for SECURITY-901.
jenkins.security.stapler.StaplerDispatchValidator.disabled
false
Escape hatch for SECURITY-534.
jenkins.security.stapler.StaplerDispatchValidator.whitelist
stapler-views-whitelist.txt
in
JENKINS_HOME
Override the location of the user configurable whitelist for stapler view dispatches. This augments the built-in whitelist for SECURITY-534 that allows dispatches to views that would otherwise be prohibited.
jenkins.security.stapler.StaticRoutingDecisionProvider.whitelist
stapler-whitelist.txt
in
JENKINS_HOME
Override the location of the user configurable whitelist for stapler request routing. This augments the built-in whitelist for SECURITY-595 that allows routing requests through methods that would otherwise be prohibited.
jenkins.security.stapler.TypedFilter.prohibitStaticAccess
true
Prohibits access to
public static
fields when routing requests in Stapler.
Escape hatch for SECURITY-595.
jenkins.security.stapler.TypedFilter.skipTypeCheck
false
Skip (return) type check when determining whether a method or field should be routable with Stapler (i.e. allow any return type). Escape hatch for SECURITY-595.
jenkins.security.SuspiciousRequestFilter.allowSemicolonsInPath
false
Escape hatch for SECURITY-1774.
Allows requests to URLs with semicolon characters (
;
) in the request path.
jenkins.security.SystemReadPermission
false
Enable the optional Overall/SystemRead permission that allows read-only access to administrative features suitable for a managed Jenkins Configuration as Code environment. See JEP-224.
jenkins.security.UserDetailsCache.EXPIRE_AFTER_WRITE_SEC
120
(2 minutes)
How long a cache for
UserDetails
should be valid for before it is looked up again from the security realm.
See JENKINS-35493.
jenkins.slaves.DefaultJnlpSlaveReceiver.disableStrictVerification
false
jenkins.slaves.JnlpSlaveAgentProtocol3.enabled
undefined
false
to disable the JNLP3 agent protocol,
true
to enable it.
Otherwise it’s randomly enabled/disabled to A/B test it.
Obsolete since the protocol was removed in 2.214.
jenkins.slaves.NioChannelSelector.disabled
false
true
to disable Nio for JNLP agents
jenkins.slaves.StandardOutputSwapper.disabled
false
Some Unix-like agents (e.g. SSH Build Agents) can communicate via stdin/stdout, which is very convenient. Unfortunately, some JVM output (e.g. related to GC) also goes to standard out. This will swap output streams around to prevent stream corruption through unexpected writes to standard out.
jenkins.telemetry.Telemetry.endpoint
https://uplink.jenkins.io/events
Change the endpoint that JEP-214/Uplink telemetry sends data to. Expected to be used for testing only.
jenkins.ui.refresh
false
true
to enable the new experimental UX on Jenkins.
See JENKINS-60920.
Also see Jenkins UX SIG.
Has no effect since 2.344 as the feature has been removed.
jenkins.util.groovy.GroovyHookScript.ROOT_PATH
$JENKINS_HOME
Set the root directory used to load groovy hooks scripts.
jenkins.util.ProgressiveRendering.DEBUG_SLEEP
0
Debug/development option to slow down the cancelling of progressive rendering when the client fails to send a heartbeat.
JENKINS_HOME
~/.jenkins
While typically set as an environment variable, Jenkins also looks up the path to its home directory as a system property.
JENKINS_HOME
set via JNDI context has higher priority than this, but this takes precedence over the environment variable.
org.jenkinsci.main.modules.sshd.SSHD.idle-timeout
undefined
Allows to configure the SSHD client idle timeout (value in milliseconds). Default value is 10min (600000ms).
org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.REMOTE_TIMEOUT
20 seconds
How long to wait, in seconds, before interrupting remote calls and forcing cleanup when the step is stopped. See JENKINS-46507 for more information.
org.jenkinsci.plugins.workflow.steps.durable_task.DurableTaskStep.USE_WATCHING
false
true
to enable the experimental push mode for durable task logging.
See JENKINS-52165 for more information.
org.jenkinsci.plugins.workflow.support.pickles.ExecutorPickle.timeoutForNodeMillis
5 minutes (300,000 milliseconds)
How long to wait, in milliseconds, before aborting the build if an agent has been removed. See JENKINS-36013 for more information.
org.jenkinsci.plugins.workflow.support.steps.ExecutorStepExecution.REMOVED_NODE_DETECTION
true
false
to prevent Jenkins from aborting the build if an agent has been removed.
See JENKINS-49707 for more information.
org.kohsuke.stapler.Facet.allowViewNamePathTraversal
false
Allows specifying non-simple names for views, including ones resulting in path traversal. This is an escape hatch for the SECURITY-867 fix.
org.kohsuke.stapler.jelly.IncludeTag.skipLoggingClassSetter
false
Do not log attempts to set the
class
property of
st:include
tags directly.
No log messages should be emitted in regular use, but they can be disabled if they cause unnecessary noise in the system log.
org.kohsuke.stapler.RequestImpl.ALLOWED_HTTP_VERBS_FOR_FORMS
POST
HTTP verbs of requests that are allowed to provide
StaplerRequest#getSubmittedForm
or
@SubmittedForm
.
Escape hatch for a security hardening, see 2.277.2 upgrade guide.
stapler.jelly.noCache
false
Controls both caching of various cacheable resources (Jelly scripts etc.) as well as the
Expires
HTTP response header for some static resources.
Useful during development to see the effect of changes after reload.
stapler.jelly.trace
false
Enables tracing of Jelly view composition. View the resulting page source to see comments indicating which parts of the view were created from which view fragments.
stapler.legacyGetterDispatcherMode
false
Do not filter get methods at the Stapler framework level. Escape hatch for SECURITY-595.
stapler.legacyWebMethodDispatcherMode
false
Do not filter web methods ("do" actions) at the Stapler framework level. Escape hatch for SECURITY-595.
stapler.resourcePath
undefined
Additional debug resource paths. Set by the core development tooling so developers can see the effect of changes immediately after reloading the page.
stapler.trace
true
when run using
mvn jetty:run
(core war) or
mvn hpi:run
(plugins),
false
otherwise
Trace request handling and report the result using
Stapler-Trace-…
response headers.
Additionally renders a diagnostic HTTP 404 error page when the request could not be processed.
stapler.trace.per-request
false
Trace request handling (see above) for requests with the
X-Stapler-Trace
request header set.
Was this page helpful?
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.
|
This section is a work in progress. Want to help? Check out the jenkinsci-docs mailing list. For other ways to contribute to the Jenkins project, see this page about participating and contributing. |
Was this page helpful?
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.
It is possible to customize Jenkins' appearance with custom themes. This feature is not a part of the Jenkins core, but it is supported through plugins.
There are several plugins that provide built-in themes, the most popular are
Dark Theme Plugin - provides a dark theme for Jenkins. Supports configuration as code to select the theme configuration.
Material Theme Plugin - port of Afonso F’s Jenkins material theme to use Theme Manager.
Solarized Theme Plugin - provides Solarized (light and dark) themes.
Installing any of these will also install their common dependency: the Theme Manager Plugin. This plugin allows administrators to set the default theme for a Jenkins installation via Manage Jenkins > Configure System > Built-in Themes and users can set their preferred theme in their personal settings. You can also configure this plugin using Configuration-as-Code Plugin. See the plugin documentation for more details.
To be able to fully customize Jenkins appearance you can install the Simple Theme Plugin. It allows customizing the Jenkins UI by providing custom CSS and Javascript files. It also supports replacing the Favicon.
To configure a theme, you can go to Manage Jenkins > Configure System > Theme and enter the URL of your stylesheet and/or Javascript file. You can also configure this plugin using Configuration-as-Code Plugin. See the plugin documentation for the detailed usage guidelines and links to sample themes.
Since Jenkins 2.128 themes configured using Simple Theme Plugin do not allow you to customize the login screen (announcement). To customize the login screen you can install the Login Theme Plugin.
| Jenkins themes are provided âas isâ, without warranty of any kind, implicit or explicit. The Jenkins core, plugins and other component updates may break theme compatibility without notice. |
At the moment, the Jenkins project does not provide specification for layouts/CSS, and we cannot guarantee backward or forward compatibility. We try to reflect major changes in changelogs (e.g. see the âdeveloperâ changes in the Jenkins changelog), but minor changes may not be included there.
There is an ongoing effort focused on improving Jenkins look-and-feel, accessibility, and user experience. This area is mission-critical to the project. There are multiple initiatives in the Jenkins Roadmap being coordinated by the Jenkins User Experience SIG.
Major UI changes imply incompatible changes in layouts and the CSS structure which is critical for theme plugins. Historically Jenkins had no explicit support policy for themes, and we do not want to provide compatibility requirements which would create obstacles for reworking the main Jenkins interface. Later, once the Jenkins UI rework reaches its destination and the UI becomes more stable, we could consider creating specifications for theme extensibility so that we could make themes more stable and maintain compatibility.
For built-in themes, users are welcome to report discovered compatibility issues to theme maintainers, and to submit patches there.
We will generally reject bug reports to the Jenkins core/plugins involving broken UI elements with a custom theme. We will consider pull requests which restore compatibility and do not block further Web UI evolvement.
If a theme outside the jenkinsci GitHub organization is no longer maintained,
it is fine to fork it and to create a new version.
For themes hosted within the
jenkinsci
organization,
we have an adoption process which also applies to themes.
|
We encourage Jenkins users to create themes and to share them. Such themes could be a great way to experiment with UI enhancements, and we would be happy to consider enhancements from them for a default Jenkins theme.
To improve the user experience, please consider the following recommendations:
Explicitly document compatibility for themes.
Compatibility documentation should include: required theme plugins and versions, target Jenkins core version, plugin requirements and versions if applicable (UI/CSS are overridden), and browser compatibility.
Examples of such documentation: Jenkins Atlassian Theme, Neo2
Version themes with tags on Git and to maintain changelogs with explicit references to changes in the supported versions (e.g. see our release drafter documentation as one of the ways to automate changelogs).
Explicitly define an OSI-approved open source license so that users can freely modify and redistribute them.
This is also a prerequisite for hosting themes in Jenkins GitHub organizations and, in the future, theme marketplaces or other similar promotion engines.
If you would like to share a story about Jenkins themes, please let the Advocacy&Outreach SIG know!
Was this page helpful?
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.
Jenkins has a mechanism known as "User Content", where administrators can place files inside
$JENKINS_HOME/userContent
,
and these files are served from http://yourhost/jenkins/userContent. This can be thought of as a mini HTTP server to serve
images, stylesheets, and other static resources that you can use from various description fields inside Jenkins.
Note that these files are not subject to any access controls beyond requiring Overall/Read access.
See Git userContent plugin for how to manage these files through a Git repository.
Was this page helpful?
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.
|
This section is a work in progress. Want to help? Check out the jenkinsci-docs mailing list. For other ways to contribute to the Jenkins project, see this page about participating and contributing. |
Was this page helpful?
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.
@NonCPS
GString
Â
Jenkins Pipeline uses a library called Groovy CPS to run Pipeline scripts.
While Pipeline uses the Groovy parser and compiler, unlike a regular Groovy environment it runs most of the program inside a special interpreter.
This uses a continuation-passing style (CPS) transform to turn your code into a version that can save its current state to disk (a file called
program.dat
  inside your build directory) and continue running even after Jenkins has restarted.
(You can get some more technical background on the Pipeline: Groovy plugin page and the library page.)
While the CPS transform is usually transparent to users, there are limitations to what Groovy language constructs can be supported, and in some circumstances it can lead to counterintuitive behavior. JENKINS-31314Â makes the runtime try to detect the most common mistake: calling CPS-transformed code from non-CPS-transformed code. The following kinds of things are CPS-transformed:
Almost all of the Pipeline script you write (including in libraries)
Most Pipeline steps, including all those which take a block
The following kinds of things are not  CPS-transformed:
Compiled Java bytecode, including
the Java Platform
Jenkins core and plugins
the runtime for the Groovy language
Constructor bodies in your Pipeline script
Any method in your Pipeline script marked with theÂ
@NonCPS
 annotation
A few Pipeline steps which take no block and act instantaneously, such asÂ
echo
 orÂ
properties
CPS-transformed code may call non-CPS-transformed code or other CPS-transformed code, and non-CPS-transformed code may call other non-CPS-transformed code, but non-CPS-transformed code may not call CPS-transformed code. If you try to call CPS-transformed code from non-CPS-transformed code, the CPS interpreter is unable to operate correctly, resulting in incorrect and often confusing results.
@NonCPS
Sometimes users will apply theÂ
@NonCPS
 annotation to a method definition in order to bypass the CPS transform inside that method.
This can be done to work around limitations in Groovy language coverage (since the body of the method will execute using the native Groovy semantics), or to get better performance (the interpreter imposes a substantial overhead).
However, such methods must not call CPS-transformed code such as Pipeline steps.
For example, the following will not work:
@NonCPS
def compileOnPlatforms() {
['linux', 'windows'].each { arch ->
node(arch) {
sh 'make'
}
}
}
compileOnPlatforms()
Using theÂ
node
 orÂ
sh
 steps from this method is illegal, and the behavior will be anomalous.
The warning in the logs from running this script looks like this:
expected to call WorkflowScript.compileOnPlatforms but wound up catching node
To fix this case, simply remove the annotation â it was not needed. (Longtime Pipeline users might have thought it was, prior to the fix of JENKINS-26481.)
Some Groovy and Java methods take complex types as parameters to support dynamic behavior. A common case is sorting methods that allow callers to specify a method to use for comparing objects (JENKINS-44924). Many similar methods in the Groovy standard library work correctly after the fix for JENKINS-26481, but some methods remain unfixed. For example, the following will not work:
def sortByLength(List<String> list) {
list.toSorted { a, b -> Integer.valueOf(a.length()).compareTo(b.length()) }
}
def sorted = sortByLength(['333', '1', '4444', '22'])
echo(sorted.toString())
The closure passed toÂ
Iterable.toSorted
is CPS-transformed, but
Iterable.toSorted
itself is not CPS-transformed internally, so this will not work as intended.
The current behavior is that the return value of the call to
toSorted
will be the return value of the first call to the closure.
In the example, this results inÂ
sorted
being set to
-1
, and the warning in the logs looks like this:
expected to call java.util.ArrayList.toSorted but wound up catching org.jenkinsci.plugins.workflow.cps.CpsClosure2.call
To fix this case, any argument passed to these methods must not be CPS-transformed.
This can be accomplished by encapsulating the problematic method (
Iterable.toSorted
in the example) inside another method, and annotating the outer method withÂ
@NonCPS
, or by creating an explicit class definition for the closure and annotating all methods on that class withÂ
@NonCPS
.
Occasionally, users may attempt to use CPS-transformed code such as Pipeline steps inside of a constructor in a Pipeline script.
Unfortunately, the construction of objects via theÂ
new
 operator in Groovy is not something that can be CPS-transformed (JENKINS-26313), and so this will not work.
Here is an example that calls a CPS-transformed method in a constructor:
class Test {
def x
public Test() {
setX()
}
private void setX() {
this.x = 1;
}
}
def x = new Test().x
echo "${x}"
The construction ofÂ
Test
 will fail when the constructor calls
Test.setX
because
setX
 is a CPS-transformed method.
The warning in the logs from running this script looks like this:
expected to call Test.<init> but wound up catching Test.setX
To fix this case, ensure that any methods defined in a Pipeline script that are called from inside of a constructor are annotated withÂ
@NonCPS
 and that constructors do not call any Pipeline steps.
If you must call CPS-transformed code such a Pipeline steps from the constructor, you need move the logic related to the CPS-transformed methods out of the constructor, for example into a static factory method that calls the CPS-transformed code and then passes the results to the constructor.
Users may create a class in a Pipeline Script that extends a preexisting class defined outside of the Pipeline script, for example from the Java or Groovy standard libraries.
When doing so, the subclass must ensure that any overriding methods are annotated with
@NonCPS
 and do not use any CPS-transformed code internally.
Otherwise, the overriding methods will fail if called from a non-CPS context.
For example, the following will not work:
class Test {
@Override
public String toString() {
return "Test"
}
}
def builder = new StringBuilder()
builder.append(new Test())
echo(builder.toString())
Calling the CPS-transformed override ofÂ
toString
 from non-CPS-transformed code such as
StringBuilder.append
is not permitted and will not work as expected in most cases.
The warning in the logs from running this script looks like this:
expected to call java.lang.StringBuilder.append but wound up catching Test.toString
To fix this case, add the
@NonCPS
annotation to the overriding method, and remove any uses of CPS-transformed code such as Pipeline steps from the method.
GString
Â
In Groovy, it is possible to use a closure in a
GString
so that the closure is evaluated every time the
GString
is used as a
String
.
However, in Pipeline scripts, this will not work as expected, because the closure inside of the GString will be CPS-transformed.
Here is an example:
def x = 1
def s = "x = ${-> x}"
x = 2
echo(s)
Using a closure inside of aÂ
GString
 as in this example will not work.
The warning from the logs when running this script looks like this:
expected to call WorkflowScript.echo but wound up catching org.jenkinsci.plugins.workflow.cps.CpsClosure2.call
To fix this case, replace the original GString with a closure that returns a GString that uses a normal expression rather than a closure, and then call the closure where you would have used the original
GString
 as follows:
def x = 1
def s = { -> x = "${x}" }
x = 2
echo(s())
Unfortunately, some expressions may incorrectly trigger this warning even though they execute correctly.
If you run into such a case, please file a new issue (after first checking for duplicates) for
workflow-cps-plugin
.
Was this page helpful?
Please submit your feedback about this page through this quick form.
Alternatively, if you don't wish to complete the quick form, you can simply indicate if you found this page helpful?
See existing feedback here.