Cc-devops-skills jenkinsfile-validator
Validate, lint, audit, or check Jenkinsfiles and shared libraries.
install
source · Clone the upstream repo
git clone https://github.com/akin-ozer/cc-devops-skills
Claude Code · Install into ~/.claude/skills/
T=$(mktemp -d) && git clone --depth=1 https://github.com/akin-ozer/cc-devops-skills "$T" && mkdir -p ~/.claude/skills && cp -r "$T/devops-skills-plugin/skills/jenkinsfile-validator" ~/.claude/skills/akin-ozer-cc-devops-skills-jenkinsfile-validator && rm -rf "$T"
manifest:
devops-skills-plugin/skills/jenkinsfile-validator/SKILL.mdsource content
Jenkinsfile Validator Skill
Use this skill to validate Jenkins pipelines and shared libraries with local scripts first, then optionally enrich findings with plugin documentation.
Trigger Phrases
Use this skill when requests look like:
- "Validate this Jenkinsfile"
- "Check this pipeline for security issues"
- "Lint my Declarative/Scripted pipeline"
- "Why is this Jenkins pipeline failing syntax checks?"
- "Validate vars/.groovy or src/**/.groovy shared library files"
Scope
This skill validates:
- Declarative pipelines (
)pipeline { ... } - Scripted pipelines (
and Groovy-style pipelines)node { ... } - Shared library files (
,vars/*.groovy
)src/**/*.groovy - Hardcoded credential patterns
- Pipeline best practices and maintainability signals
Prerequisites
Run commands from repository root unless noted.
Required tools
bashgrepsedawkheadwc
(needed for shared-library directory scans)find
Recommended tools
(optional; improves JSON-heavy troubleshooting workflows)jq
Script prerequisites
- Scripts live in
devops-skills-plugin/skills/jenkinsfile-validator/scripts/ - Main orchestrator can run child scripts even if
is missing (it uses+x
fallback)bash - If you want direct execution (
), make scripts executable:./script.sh
chmod +x devops-skills-plugin/skills/jenkinsfile-validator/scripts/*.sh
Preflight check (recommended)
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" command -v bash grep sed awk head wc find >/dev/null && echo "required tools: ok" || echo "required tools: missing" command -v jq >/dev/null && echo "jq: installed (optional)" || echo "jq: missing (optional)" [ -d "$SKILL_DIR/scripts" ] && echo "scripts dir: ok" || echo "scripts dir: missing" [ -f "$SKILL_DIR/scripts/validate_jenkinsfile.sh" ] && echo "main validator: ok" || echo "main validator: missing"
Quick Start (Normalized Paths)
Use a single base path variable to avoid path ambiguity.
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" TARGET_JENKINSFILE="Jenkinsfile" # Full validation (recommended) bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" "$TARGET_JENKINSFILE"
Common options
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" TARGET_JENKINSFILE="Jenkinsfile" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --syntax-only "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --security-only "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --best-practices "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --no-security "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --no-best-practices "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --strict "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --assume-declarative "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" --assume-scripted "$TARGET_JENKINSFILE"
Shared library validation
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" bash "$SKILL_DIR/scripts/validate_shared_library.sh" vars/myStep.groovy bash "$SKILL_DIR/scripts/validate_shared_library.sh" vars/ bash "$SKILL_DIR/scripts/validate_shared_library.sh" src/ bash "$SKILL_DIR/scripts/validate_shared_library.sh" /path/to/shared-library
Regression and local CI checks
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" bash "$SKILL_DIR/tests/run_local_ci.sh"
run_local_ci.sh
syntax checks for allbash -n
andscripts/*.sh
filestests/*.sh
regression scenariostests/test_validate_jenkinsfile.sh
Deterministic Validation Flow
1) Detect pipeline type
=> Declarative validatorpipeline {
ornode (...)
=> Scripted validatornode {- Unknown => fails closed by default (
)ERROR [TypeDetection] - Override intentionally ambiguous files with
or--assume-declarative--assume-scripted
2) Run syntax validation
- Declarative:
validate_declarative.sh - Scripted:
validate_scripted.sh
3) Run security scan
common_validation.sh check_credentials
4) Run best practices check
best_practices.sh
5) Aggregate and return final status
- Unified summary with pass/fail per phase and final exit code
6) Run regression suite after script changes
bash tests/run_local_ci.sh- Intended for both local pre-commit checks and CI job wiring
Individual Script Commands (Advanced)
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" TARGET_JENKINSFILE="Jenkinsfile" # Type detection bash "$SKILL_DIR/scripts/common_validation.sh" detect_type "$TARGET_JENKINSFILE" # Syntax-only by type bash "$SKILL_DIR/scripts/validate_declarative.sh" "$TARGET_JENKINSFILE" bash "$SKILL_DIR/scripts/validate_scripted.sh" "$TARGET_JENKINSFILE" # Security-only bash "$SKILL_DIR/scripts/common_validation.sh" check_credentials "$TARGET_JENKINSFILE" # Best-practices-only bash "$SKILL_DIR/scripts/best_practices.sh" "$TARGET_JENKINSFILE"
Exit Code and Log Interpretation
Main orchestrator: validate_jenkinsfile.sh
validate_jenkinsfile.sh
: Validation passed0
: Validation failed (syntax/security errors, or warnings in1
mode)--strict
: Usage or environment error (bad args, missing file, missing required tools)2
Sub-scripts
:validate_declarative.sh
pass (errors=0),0
usage/file/validation failure1
:validate_scripted.sh
pass (errors=0),0
usage/file/validation failure1
:common_validation.sh check_credentials
no credential errors,0
credential issues found1
:validate_shared_library.sh
pass,0
validation errors found,1
invalid input target2
:best_practices.sh
only for usage/file errors; content findings are reported in logs and score output1
Log severity patterns
=> must fixERROR [Line N]: ...
=> should reviewWARNING [Line N]: ...
=> optional improvementINFO [Line N]: ...- Summary banners (
) determine final interpretation quicklyVALIDATION PASSED/FAILED
Practical interpretation rules
- For CI gating, rely on main orchestrator exit code.
- Use
when warnings should fail pipelines.--strict - When
is run standalone, read report sections (best_practices.sh
,CRITICAL ISSUES
, score); do not rely only on exit code.IMPROVEMENTS RECOMMENDED
Fallback Behavior
Missing optional tools
- If
is missing, continue validation; treat as non-blocking.jq
Non-executable child scripts
- Main orchestrator warns and falls back to
execution.bash <script>
Missing child scripts
- Main orchestrator reports runner error and returns failure for that phase.
Unknown plugin steps
Use this order:
- Check local reference:
devops-skills-plugin/skills/jenkinsfile-validator/references/common_plugins.md - Context7 lookup:
with query likemcp__context7__resolve-library-idjenkinsci <plugin-name>-plugin
for usage and parametersmcp__context7__query-docs
- Web fallback: plugins.jenkins.io and official Jenkins docs
Offline/air-gapped mode
- Run all local validators.
- If plugin docs cannot be fetched, report: "Plugin docs lookup skipped due to environment constraints; local validation only."
Plugin Documentation Lookup Workflow
When plugin-specific validation is requested:
- Identify unknown steps from Jenkinsfile or validator logs.
- Check
first.references/common_plugins.md - If missing, use Context7 (
thenresolve-library-id
).query-docs - If still missing, use web search against official plugin index/docs.
- Return required parameters, optional parameters, version-sensitive notes, and security guidance.
References
Local references:
devops-skills-plugin/skills/jenkinsfile-validator/references/declarative_syntax.mddevops-skills-plugin/skills/jenkinsfile-validator/references/scripted_syntax.mddevops-skills-plugin/skills/jenkinsfile-validator/references/best_practices.mddevops-skills-plugin/skills/jenkinsfile-validator/references/common_plugins.md
External references:
Reporting Template
Use this structure in validation responses:
Validation Target: <path> Pipeline Type: <Declarative|Scripted|Shared Library|Unknown> Findings: - ERROR [Line X]: <issue> - WARNING [Line Y]: <issue> - INFO [Line Z]: <suggestion> Phase Results: - Syntax: <PASSED|FAILED|SKIPPED> - Security: <PASSED|FAILED|SKIPPED> - Best Practices: <PASSED|REVIEW NEEDED|SKIPPED> Exit Code: <0|1|2> Next Actions: 1. <highest-priority fix> 2. <second fix>
Example Flows
Example 1: Full Jenkinsfile validation
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" bash "$SKILL_DIR/scripts/validate_jenkinsfile.sh" Jenkinsfile
Expected behavior:
- Runs syntax + security + best practices
- Prints per-phase results and unified summary
- Returns
per orchestrator rules0/1/2
Example 2: Shared library directory validation
SKILL_DIR="devops-skills-plugin/skills/jenkinsfile-validator" bash "$SKILL_DIR/scripts/validate_shared_library.sh" examples/shared-library
Expected behavior:
- Validates both
andvars/
filessrc/ - Aggregates issues with line references
- Returns
when errors are present1
Example 3: Unknown plugin step follow-up
Input step:
nexusArtifactUploader artifacts: [[...]], nexusUrl: 'https://nexus.example.com'
Flow:
- Validate locally first.
- If step behavior is unclear, resolve docs via Context7.
- If unavailable, use plugin site docs.
- Report usage guidance and security-safe parameter patterns.
Done Criteria
The skill usage is complete when all are true:
- Commands use normalized paths (
) with no cwd ambiguity.$SKILL_DIR/scripts/... - Prerequisites and optional dependencies are explicit.
- Exit-code semantics and log-severity interpretation are documented.
- Fallback behavior is defined for missing tools/docs and constrained environments.
- At least one runnable example exists for full validation and shared-library validation.
- Reporting format is deterministic and actionable.