This question was migrated from Stack Overflow because it can be answered on Super User.
Migrated 20 days ago.
I maintain a CICD infrastructure which runs Windows jobs. Pipelines can run arbitrary code, including custom .bat/.cmd scripts.
I found that batch does not propagate exit code properly in many cases, so developers often see that their jobs succeed, even if bash equivalent of such script would have failed (properly). So I want to forbid execution of batch in CICD pipelines. If a job executes batch script anyhow, I would like to fail with an error message saying that it's forbidden.
The problem is that you never know when and which process will execute batch script - it can be make or custom python script. Is there a way to ban execution of .bat/.cmd scripts in a given powershell terminal session or cmd terminal session?
Maybe there's a way to uninstall batch interpreter, or maybe patch it?
Related
I have a few files i want to make sure I keep up to date using Tortoise SVN. I've used commandline and also created a batch file and both run successfully when I user-execute them.
However, when I use Windows Task Scheduler to try and schedule an automation for the batch script, it doesn't run successfully; it just hangs and runs endlessly. The log file looks just the same whether using the automation or not. That said, I have to manually end the automation in task scheduler and then run an SVN cleanup command to remove the locks that remain on the file from the incomplete task.
What is causing this, and how do I make it so that the automation successfully runs and doesn't have the file-locking problem?
My back script's code is below:
svn update --accept theirs-conflict C:/MyFolder/myfile.R
For transparency, I've tried changing the option 'theirs-conflict' to other settings (and removing it completely). The symptoms are the same in every scenario.
I have some trouble keeping alive a background process when launched by TFS.
Usually I use a batch that launch a java server (new window), as long as I keep this window open it works properly.
C:\Users\TFSService\mbs-iot-sdk\osgi\bin\vms\jdk\server.bat
In order to make my process automatic, I include this in TFS. In the step I call a batch that contains the following:
cd C:\Users\TFSService\mbs-iot-sdk\osgi\bin\vms\jdk // necessary to find the batch
start C:\Users\TFSService\mbs-iot-sdk\osgi\bin\vms\jdk\server.bat
In my task manager, I can see in background tasks that java is launched (no new window is opened), exactly as it behaves when launching directly the batch. But after a few seconds, when TFS switches to the next step, it stops.
Then the next step carries on but fails as it requires the server to be launched.
Is there a particular way of doing it in TFS ?
thank you
Alexandre
It's suggest to launch the .bat file from a relative path not directly use cd to hard code the path.
Also recommend you to use Run Batch File task not Run Command Line task to launch the .bat file.
According to your description, seems you are using a run command line task in your build pipeline. Then run the command under the working directory c:\Build_work\5\s, the command cd to C:\Users\TFSService\mbs-iot-sdk\osgi\bin\vms\jdk\ on the build agent, find the server.bat, run the server.bat.
First check if the .bat file is located at the path you are specifying on the build agent. Not sure if the bat file have to run under C:\Users\TFSService\mbs-iot-sdk\osgi\bin\vms\jdk\, guess you are also hard code the path in your server.bat file. Suggest you change all the path to relative path, you could use some built-in variable in TFS.
As for your workaround in comment, seems you want to chain builds in TFS. The official docs literally say "not yet" and have a uservoice in planed. However you could use some workaround, such as create or use other's customize extension (use rest api) to call another build. Detail ways please refer huserben's answer in this question: How to chain builds in TFS 2015?
Note sure you have to go deep into this area for your original issue. Just add some related info in case you are interested or need.
Well,
Just in case someone else goes through the same kind of issue, I found a workaround:
I wish to mix different command line steps, some of them launching Python scripts:
I have one step for launching the server that is required for my testing tool, one step for my testing tool and one Python step for differential testing
I realized that I could embed everything in a Python script.
It can handle server launching process in a separate window (with subprocess), launch my Python part and launch another process for my validation tool.
I have to test the whole chain but, at least, I solved my problem of launching a background process and detach it from TFS
I created a new free-style software project and under "Configure", I added a "Execute Windows batch command" under the section "Build".
My command in the text-box is as follows:
call \\ukvc-miu29-12\c$\Testing1\testing.bat
My console output when I try to run my build is as follows:
Started by user anonymous
Building in workspace C:\Program Files (x86)\Jenkins\jobs\Run comparison script\workspace
[workspace] $ cmd /c call C:\Windows\TEMP\hudson1649447975658279345.bat
C:\Program Files (x86)\Jenkins\jobs\Run comparison script\workspace>call \\ukvc-miu29-12\c$\Testing1\testing.bat
Access is denied.
C:\Program Files (x86)\Jenkins\jobs\Run comparison script\workspace>exit 1
Build step 'Execute Windows batch command' marked build as failure
Finished: FAILURE
Have spent close to two hours looking for a solution online, but I am unable to find one.
New to Jenkins, so any suggestion/s is/are appreciated, thanks!
I guess Jenkins runs as another user than the one you're logged in with. So that user probably isn't allowed to access that network share (or doesn't have the login credentials cached).
The easiest way of making sure it will work, would probably be to add the same user with the same password that Jenkins runs under to \\ukvc-miu29-12.
(As for the call, I'm not sure you really need it and I have a vague suspicion that you end up failing the build every time if you use call here. The temporary batch Jenkins executes there looks like it relies on the fact that control won't return if the batch file was executed successfully. But that's just a guess on my part.)
I use Jenkins to run our builds. What I want to do is to wakeup the monitor before build starts. This is what I have done so far.
Use nircmdc.exe (http://www.nirsoft.net/utils/nircmd.html) and prepare a batch file to turn on monitor. I have tested the script through command prompt and it works fine.
Then I add a build step in Jenkins to execute windows batch file before running the ANT script. Then I remote start the build (via URL). Console shows that the batch file is being executed. But the monitors doesn't wake up.
Then I included a target in ANT to execute the same batch file and tested running the ANT via CMD. This wakes up the monitor and continue with the build steps.
But, if I run this ant script from Jenkins, everything works fine except waking up the monitor.
Is this something to do with privileges ?
Has someone done something similar?
Don't think I've ever heard of a requirement to wake up the monitor, so probably no one has done anything like this.
However, your problem is probably due to Jenkins process running in a separate session from your machine's console. Have a look at my answer here: Open Excel on Jenkins CI, it explains how to get around the session issue.
Long story short... we have multiple servers which we run perflog monitoring on every night. My job is to convert these logs to .csv format and send them to my e-mail.
This bit it already automated via a .sh script an ex-employee wrote.
What I want automated is to run a batch job after the perfmon logging to look at a specific folder and find the latest .blg file and run the sh script on it (the script is called upload) so that I don't have to log in to each server and do it manually.
e.g.
upload myInitials cd /cygdrive/someLocation/logs/$latestFile$.blg
myInitials and the location can be hard-coded... I just wouldn't know how to find the latest file in the folder and automate it all via a batch file.
Any pointers would be very helpful!
# Jeremy:
Sorry, I probably should have mentioned in my question that the servers are running 2003 and 2008.
I don't think it would be absolutely necessary to register a change notification on the folder - If the log runs from noon till 7 in the morning, the script will run immediately after (you can set a script to run after a perfmon log has finished in log properties) so the log will almost definitely be the latest file in the folder anyway.
Like I said, I already have a .sh file in place to convert to csv and send to my e-mail, I just need to incorporate it into a batch file so that instead of me going to each of the servers and opening up cygwin and typing upload xx /cygdrive/location/logs/xyz.blg, I can have it automated to run straight after the log has finished without me having to RDC into it.
Thanks for the input!
If you have a Shell script and you job is to call the shell script from a windows batch file then this will work.This assumes the cygwin is installed in C:
Contents of start_cyg.bat
#echo off
set PATH=%PATH%:"C:\Cygwin\bin"
rem bash --login -i
bash "/cygdrive/d/cyg.sh"
Contents of cyg.sh
#!/bin/bash
TAIL=`ls -lrt | tail -1`
echo "TAIL:$TAIL"
If you call start_cyg.bat from windows command prompt you can get the output of the cyg.sh in the console
for getting newest file in a directory, ls -1tr | tail -1 should work.
First, I don't know if it would meet your requirements, but the Windows Task Scheduler 2 in Vista+ is very robust and can trigger an event even based on log entries. However, extraction and parsing of that log entry may require some scripting, and might have concurrency issues, even if that log entry did indicate the last used process. Chances are none of this is helpful, but just throwing it out there.
Programatically, it would be simple as you can register a change notification on a folder. When a change occurs, you go find the latest file. Then launch the batch file to launch your shell script, or whatever your desired sequence may be.
I think cygwin may even support change notification events via scripting, though I'm unsure. I believe there are linux extensions for this, but I may be wrong.
If it were me, I'd just write a little C++ app to do whatever I wanted.. but for you maybe any (or more likely none) of the above helps ;o.