Is there a yaml checker/sanitizer for Jenkins pipeline jobs?

723 views
Skip to first unread message

Tony C

unread,
Oct 11, 2019, 7:06:25 PM10/11/19
to Jenkins Users

We have a lot of Jenkins jobs that fail due to ill-formed yaml.
Unfortunately, These often throw useless Java exceptions that are meaningless.

I would like to invoke a yaml checker/sanitizer on that yaml, BEFORE Jenkins starts parsing it.

Does anyone know if a Plugin exists, or if there is another way to validate YAML before it is parsed?
I've noticed that copying and pasting yaml from a text file into the Pipeline file can also cause the yaml to be ill-formed, so
we need to catch that and display a useful error message, instead of a useless Java exception.

I can't believe that Jenkins is so fragile that it crashes due to bad yaml.

Ivan Fernandez Calvo

unread,
Oct 12, 2019, 2:29:02 PM10/12/19
to Jenkins Users
We use pre-commit on a stage, pre-commit has a bunch of linters, syntax check, YAML linter, JSON linter, best practices check on code and scripts, .... https://pre-commit.com/ also you can configure it to run locally as a git hook to check your project before commit something

Tony Cappellini

unread,
Oct 12, 2019, 4:08:37 PM10/12/19
to jenkins...@googlegroups.com
Thanks- this might work for yank files  but 
I can’t see how it would work for pipeline jobs that have embedded yaml. This yaml gets edited just before the use clicks the BUILD button. Essentially, I need to call the yaml sanitizer just after BUILD is clicked, but before Jenkins parses it.

On Sat, Oct 12, 2019 at 11:29 AM Ivan Fernandez Calvo <kuisat...@gmail.com> wrote:
We use pre-commit on a stage, pre-commit has a bunch of linters, syntax check, YAML linter, JSON linter, best practices check on code and scripts, .... https://pre-commit.com/ also you can configure it to run locally as a git hook to check your project before commit something

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/uFsC3geutC0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/2a832ccd-303c-448b-b83a-cc15a7c26603%40googlegroups.com.

Casey Vega

unread,
Oct 13, 2019, 1:30:43 PM10/13/19
to Jenkins Users

Why embed YAML into the Jenkinsfile when you can read it as a file? What Ivan is describing is the correct answer. Prevent this type of mistake from ever entering the codebase at the time of commit. If you absolutely have to validate inline YAML it might look something like this (which purposely fails due to a missing colon for size key):

pipeline {
  agent any
  stages {
    stage("read yaml") {
      steps {
        script {        
          try {
            readYaml text: """
something: 'my datas'
size 3
isEmpty: false
"""
          } catch (Exception err) {
            currentBuild.result = 'ABORTED'
            error("Malformed YAML detected:\n${err}")
          }
        }
        echo "YAML verified"
      }
    }
  }
}

Errors look like this in the console output, this happens before anything is built (next echo step) based on the example above:

ERROR: Malformed YAML detected:
while scanning a simple key
 in 'reader', line 4, column 1:
    size 3
    ^
could not find expected ':'
 in 'reader', line 5, column 1:
    isEmpty: false
    ^

Finished: ABORTED

Again, I highly recommend looking into Ivan's suggestion and decoupling your YAML from your Jenkinsfile so you're not adding complexity to your pipeline.

On Saturday, October 12, 2019 at 1:08:37 PM UTC-7, Tony Cappellini wrote:
Thanks- this might work for yank files  but 
I can’t see how it would work for pipeline jobs that have embedded yaml. This yaml gets edited just before the use clicks the BUILD button. Essentially, I need to call the yaml sanitizer just after BUILD is clicked, but before Jenkins parses it.
On Sat, Oct 12, 2019 at 11:29 AM Ivan Fernandez Calvo <kuisat...@gmail.com> wrote:
We use pre-commit on a stage, pre-commit has a bunch of linters, syntax check, YAML linter, JSON linter, best practices check on code and scripts, .... https://pre-commit.com/ also you can configure it to run locally as a git hook to check your project before commit something

--
You received this message because you are subscribed to a topic in the Google Groups "Jenkins Users" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jenkinsci-users/uFsC3geutC0/unsubscribe.
To unsubscribe from this group and all its topics, send an email to jenkins...@googlegroups.com.

Tony Cappellini

unread,
Oct 13, 2019, 7:44:30 PM10/13/19
to jenkins...@googlegroups.com
Because it needs to be changed when the user runs the job

To unsubscribe from this group and all its topics, send an email to jenkinsci-use...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/jenkinsci-users/00356736-acae-4314-99dc-207d919d4fed%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages