jenkinsfile-validator
Comprehensive toolkit for validating, linting, testing, and automating Jenkinsfile pipelines (both Declarative and Scripted). Use this skill when working with Jenkins pipeline files, validating pipeline syntax, checking best practices, debugging pipeline issues, or working with custom plugins.
16 stars
Best use case
jenkinsfile-validator is best used when you need a repeatable AI agent workflow instead of a one-off prompt.
Comprehensive toolkit for validating, linting, testing, and automating Jenkinsfile pipelines (both Declarative and Scripted). Use this skill when working with Jenkins pipeline files, validating pipeline syntax, checking best practices, debugging pipeline issues, or working with custom plugins.
Teams using jenkinsfile-validator should expect a more consistent output, faster repeated execution, less prompt rewriting.
When to use this skill
- You want a reusable workflow that can be run more than once with consistent structure.
When not to use this skill
- You only need a quick one-off answer and do not need a reusable workflow.
- You cannot install or maintain the underlying files, dependencies, or repository context.
Installation
Claude Code / Cursor / Codex
$curl -o ~/.claude/skills/jenkinsfile-validator/SKILL.md --create-dirs "https://raw.githubusercontent.com/diegosouzapw/awesome-omni-skill/main/skills/tools/jenkinsfile-validator/SKILL.md"
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/jenkinsfile-validator/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How jenkinsfile-validator Compares
| Feature / Agent | jenkinsfile-validator | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Comprehensive toolkit for validating, linting, testing, and automating Jenkinsfile pipelines (both Declarative and Scripted). Use this skill when working with Jenkins pipeline files, validating pipeline syntax, checking best practices, debugging pipeline issues, or working with custom plugins.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
SKILL.md Source
# Jenkinsfile Validator Skill
Comprehensive toolkit for validating, linting, and testing Jenkinsfile pipelines (both Declarative and Scripted). This skill applies when working with Jenkins pipeline files, validating pipeline syntax, checking best practices, debugging pipeline issues, or working with custom plugins that require documentation lookup.
## When to Use This Skill
- Validating Jenkinsfile syntax before committing to repository
- Checking Jenkins pipeline best practices compliance
- Debugging pipeline syntax errors or configuration issues
- Validating both Declarative and Scripted pipeline syntaxes
- **Validating Jenkins Shared Library files (vars/*.groovy, src/**/*.groovy)**
- Working with plugin-specific steps that need documentation
- Ensuring proper credential handling and security practices
- Checking for common anti-patterns and performance issues
- Verifying variable usage and scope
## Validation Capabilities
### Declarative Pipeline Validation
- **Syntax Structure**: Validates required sections (pipeline, agent, stages, steps)
- **Directive Validation**: Checks proper usage of environment, options, parameters, triggers, tools, when, input
- **Best Practices**: Parallel execution, credential management, combined shell commands
- **Section Placement**: Ensures directives are in correct locations
### Scripted Pipeline Validation
- **Groovy Syntax**: Validates Groovy code syntax and structure
- **Node Blocks**: Ensures proper node/agent block usage
- **Error Handling**: Checks for try-catch-finally patterns
- **Best Practices**: @NonCPS usage, agent-based operations, proper variable scoping
### Common Validations (Both Types)
- **Security**: Detects hardcoded credentials, passwords, API keys
- **Performance**: Identifies controller-heavy operations (JsonSlurper, HttpRequest on controller)
- **Variables**: Validates variable declarations and usage
- **Plugins**: Detects and validates plugin-specific steps with dynamic documentation lookup
### Shared Library Validation
- **vars/*.groovy**: Validates global variable files (callable steps)
- call() method presence and signature
- @NonCPS annotation correctness (no pipeline steps in @NonCPS methods)
- CPS compatibility (closures with .each{}, .collect{}, etc.)
- Hardcoded credentials detection
- Controller-heavy operations (JsonSlurper, new URL(), new File())
- Thread.sleep() vs sleep() step
- System.getenv() vs env.VAR_NAME
- File naming conventions (camelCase)
- Documentation comment presence
- **src/**/*.groovy**: Validates Groovy source class files
- Package declaration presence
- Class naming matches filename
- Serializable implementation (required for CPS)
- Wildcard import warnings
- Static method CPS compatibility
## Pipeline Type Detection
The skill automatically detects the pipeline type:
- **Declarative**: Starts with `pipeline {` block
- **Scripted**: Starts with `node` or contains Groovy code outside pipeline block
- **Ambiguous**: Will ask for clarification if uncertain
## Core Validation Workflow
Follow this workflow when validating Jenkinsfiles to catch issues early and ensure pipeline quality:
### Quick Start - Full Validation (Recommended)
```bash
# Run complete validation (syntax + security + best practices)
bash scripts/validate_jenkinsfile.sh Jenkinsfile
```
This single command:
1. Auto-detects pipeline type (Declarative/Scripted)
2. Runs syntax validation
3. Runs security scan (credential detection)
4. Runs best practices check
5. Provides a unified summary with pass/fail status
### Validation Options
```bash
# Full validation (default)
bash scripts/validate_jenkinsfile.sh Jenkinsfile
# Syntax validation only (fastest)
bash scripts/validate_jenkinsfile.sh --syntax-only Jenkinsfile
# Security audit only
bash scripts/validate_jenkinsfile.sh --security-only Jenkinsfile
# Best practices check only
bash scripts/validate_jenkinsfile.sh --best-practices Jenkinsfile
# Skip security checks
bash scripts/validate_jenkinsfile.sh --no-security Jenkinsfile
# Skip best practices
bash scripts/validate_jenkinsfile.sh --no-best-practices Jenkinsfile
# Strict mode (fail on warnings)
bash scripts/validate_jenkinsfile.sh --strict Jenkinsfile
```
### Workflow Diagram
```
┌─────────────────────────────────────────────────────────────┐
│ 1. Type Detection (Automatic) │
│ ├─ Declarative: starts with 'pipeline {' │
│ └─ Scripted: starts with 'node' or Groovy code │
│ ↓ │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 2. Syntax Validation (Required) │
│ ├─ Structure validation │
│ ├─ Required sections │
│ └─ Groovy syntax │
│ ↓ │
│ Reports errors → Continues to next phase │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 3. Security Scan (Required) │
│ ├─ Hardcoded credentials │
│ ├─ API keys / tokens │
│ ├─ Cloud provider credentials │
│ └─ Private keys / certificates │
│ ↓ │
│ Reports issues → Continues to next phase │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 4. Best Practices Check (Recommended) │
│ ├─ Combined shell commands │
│ ├─ Timeout configuration │
│ ├─ Workspace cleanup │
│ ├─ Error handling │
│ └─ Test result publishing │
│ ↓ │
│ Reports suggestions → Complete with summary │
└─────────────────────────────────────────────────────────────┘
**Note:** All validation phases run regardless of errors found in previous phases.
This ensures comprehensive reporting of all issues in a single run.
```
### Script Architecture
The validation system uses a modular script architecture:
```
scripts/
├── validate_jenkinsfile.sh # Main orchestrator (USE THIS)
│ ├── Auto-detects pipeline type
│ ├── Runs syntax validation
│ ├── Runs security scan
│ ├── Runs best practices check
│ └── Produces unified summary
│
├── validate_declarative.sh # Declarative syntax validator
│ └── Called automatically for pipeline {} blocks
│
├── validate_scripted.sh # Scripted syntax validator
│ └── Called automatically for node {} blocks
│
├── common_validation.sh # Shared functions + security scan
│ ├── detect_type: Determine pipeline type
│ ├── check_credentials: Security credential scan
│ └── Common utilities
│
├── best_practices.sh # 15-point best practices scorer
│ └── Performance, security, maintainability checks
│
└── validate_shared_library.sh # Shared library validator
└── For vars/*.groovy and src/**/*.groovy files
```
**Key Point**: Always use `validate_jenkinsfile.sh` as the main entry point - it orchestrates all other scripts automatically.
### Individual Scripts (Advanced Usage)
If you need to run validators separately (for debugging or specific checks):
```bash
# Detect pipeline type
bash scripts/common_validation.sh detect_type Jenkinsfile
# Run syntax validation only
bash scripts/validate_declarative.sh Jenkinsfile # For declarative
bash scripts/validate_scripted.sh Jenkinsfile # For scripted
# Run security checks only
bash scripts/common_validation.sh check_credentials Jenkinsfile
# Run best practices check only
bash scripts/best_practices.sh Jenkinsfile
```
### Shared Library Validation
Validate Jenkins Shared Library files using `validate_shared_library.sh`:
```bash
# Validate a single vars file
bash scripts/validate_shared_library.sh vars/myStep.groovy
# Validate entire shared library directory
bash scripts/validate_shared_library.sh /path/to/shared-library
# Validate just vars directory
bash scripts/validate_shared_library.sh vars/
# Validate just src directory
bash scripts/validate_shared_library.sh src/
```
The shared library validator checks:
- **vars/*.groovy files**: call() method, @NonCPS usage, CPS compatibility, credential handling
- **src/**/*.groovy files**: Package declaration, class naming, Serializable implementation, imports
Example output:
```
=== Validating Global Variable: myStep ===
File: vars/myStep.groovy
=== Validation Results ===
ERRORS (2):
ERROR [Line 15]: @NonCPS method contains pipeline steps (sh, echo, etc.)
ERROR [Line 15]: → Pipeline steps cannot be used in @NonCPS methods
WARNINGS (3):
WARNING [Line 22]: Using 'new File()' - prefer readFile/writeFile for pipeline compatibility
WARNING [Line 1]: No call() method found - file may not be callable as a step
WARNING [Line 1]: Filename 'BadStep' should be camelCase starting with lowercase
=== Summary ===
✗ Validation failed with 2 error(s) and 3 warning(s)
```
## Plugin Documentation Lookup
**Important**: Plugin documentation lookup is Claude's responsibility (not automated in scripts). After running validation, Claude should identify unknown plugins and look them up.
### When to Look Up Plugin Documentation
Look up documentation when you encounter:
- Steps not in `references/common_plugins.md` (e.g., `customDeploy`, `sendToDatadog`, `grafanaNotify`)
- Plugin-specific configuration (e.g., `nexusArtifactUploader`, `sonarQubeScanner`)
- User questions about plugin parameters or best practices
### Plugin Lookup Workflow (Claude's Responsibility)
```
┌─────────────────────────────────────────────────────────────┐
│ 1. Identify Unknown Plugin Step │
│ - Review Jenkinsfile for unrecognized steps │
│ - Example: customDeploy, nexusPublish, datadogEvent │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 2. Check Local Reference First │
│ - Read: references/common_plugins.md │
│ - Contains: git, docker, kubernetes, credentials, etc. │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 3. Use Context7 MCP (if not in local reference) │
│ - mcp__context7__resolve-library-id │
│ query: "jenkinsci <plugin-name>-plugin" │
│ - mcp__context7__get-library-docs │
│ for usage examples and parameters │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 4. Web Search Fallback (if Context7 has no results) │
│ - WebSearch: "Jenkins <plugin-name> plugin documentation"│
│ - Official source: https://plugins.jenkins.io/ │
└─────────────────────────────────────────────────────────────┘
↓
┌─────────────────────────────────────────────────────────────┐
│ 5. Provide Usage Guidance │
│ - Required vs optional parameters │
│ - Best practices for the plugin │
│ - Security considerations │
└─────────────────────────────────────────────────────────────┘
```
### Example: Unknown Plugin Detection
```groovy
// User's Jenkinsfile contains:
stage('Deploy') {
steps {
nexusArtifactUploader artifacts: [[...]], nexusUrl: 'http://nexus'
datadogEvent title: 'Deployment', text: 'Deployed v1.0'
}
}
```
**Claude's Actions:**
1. Recognize `nexusArtifactUploader` and `datadogEvent` are not in common_plugins.md
2. Use Context7: `mcp__context7__resolve-library-id` with "jenkinsci nexus-artifact-uploader"
3. If not found, WebSearch: "Jenkins nexus artifact uploader plugin documentation"
4. Provide guidance: "The nexusArtifactUploader step requires credentialsId for authentication..."
## Reference Documentation
The skill includes comprehensive reference documentation:
- **declarative_syntax.md**: Complete Declarative pipeline syntax reference
- **scripted_syntax.md**: Scripted pipeline and Groovy patterns
- **best_practices.md**: Comprehensive best practices guide from official Jenkins docs
- **common_plugins.md**: Documentation for popular plugins (git, docker, kubernetes, credentials, etc.)
## Validation Rules
### Syntax Issues
- Missing required sections (agent, stages, steps)
- Invalid section names or misplaced directives
- Groovy syntax errors
- Missing braces, quotes, or brackets
- Semicolons at end of lines (unnecessary in Jenkins pipelines)
### Best Practices
- **Combine Shell Commands**: Use single `sh` step with multiple commands instead of multiple `sh` steps
- **Credential Management**: Use `credentials()` or `withCredentials`, never hardcode secrets
- **Agent Operations**: Perform heavy operations on agents, not controller
- **Parallel Execution**: Use `parallel` for independent stages
- **Error Handling**: Wrap critical sections in try-catch blocks
- **Timeouts**: Define timeouts in options to prevent hung builds
- **Clean Workspace**: Clean workspace before/after builds
### Variable Usage
- Proper variable declaration and scoping
- Correct interpolation syntax (`${VAR}` vs `$VAR`)
- Undefined variable detection
- Environment variable usage
### Security
- No hardcoded passwords, API keys, or tokens
- Proper use of Jenkins Credentials Manager
- Secrets management best practices
- Role-based access control recommendations
## Error Reporting
Validation results include:
- **Line numbers** for each issue
- **Severity levels**: Error, Warning, Info
- **Descriptions**: Clear explanation of the issue
- **Suggestions**: How to fix the problem
- **References**: Links to documentation
### Example Output
```
ERROR [Line 5]: Missing required section 'agent'
→ Add 'agent any' or specific agent configuration at top level
WARNING [Line 12]: Multiple consecutive 'sh' steps detected
→ Combine into single sh step with triple-quoted string
→ See: best_practices.md#combine-shell-commands
INFO [Line 23]: Consider using parallel execution for independent stages
→ See: references/declarative_syntax.md#parallel-stages
```
## Usage Instructions
When a user provides a Jenkinsfile for validation:
1. **Run the main validation script** (recommended - handles everything automatically):
```bash
bash scripts/validate_jenkinsfile.sh <path-to-jenkinsfile>
```
This single command auto-detects pipeline type, runs syntax validation, security scan, and best practices check.
2. **Optionally read the Jenkinsfile** using the Read tool if you need to:
- Understand the pipeline structure before validation
- Provide context-specific advice
- Identify specific plugins being used
3. **After validation, scan for unknown plugins** (Claude's responsibility):
- Review the validation output for any unrecognized step names
- Check `references/common_plugins.md` first for documentation
- If not found, use Context7 MCP: `mcp__context7__resolve-library-id` with query "jenkinsci <plugin-name>"
- If still not found, use WebSearch: "Jenkins <plugin-name> plugin documentation"
- Provide usage guidance based on found documentation
4. **Report results** with line numbers, severity, and actionable suggestions
5. **Provide inline fix suggestions** when errors are found (do not use AskUserQuestion - include corrected code snippets directly in the response)
## Common Validation Scenarios
### Scenario 1: Validate Declarative Pipeline
```markdown
User: "Validate my Jenkinsfile"
1. Read the Jenkinsfile
2. Detect type: Declarative (starts with 'pipeline {')
3. Run: bash scripts/validate_declarative.sh Jenkinsfile
4. Run: bash scripts/best_practices.sh Jenkinsfile
5. Report results with suggestions
```
### Scenario 2: Validate with Unknown Plugin
```markdown
User: "Check this pipeline with custom plugin steps"
1. Read Jenkinsfile
2. Run validation
3. Detect unknown step (e.g., 'customDeploy')
4. Search context7 for plugin docs
5. If not found, web search "Jenkins custom deploy plugin"
6. Validate plugin usage against found documentation
7. Report results
```
### Scenario 3: Security Audit
```markdown
User: "Check for security issues in my pipeline"
1. Read Jenkinsfile
2. Run: bash scripts/common_validation.sh check_credentials Jenkinsfile
3. Scan for hardcoded secrets, passwords, API keys
4. Check credential management best practices
5. Report security findings with fix suggestions
```
## Tools Available
- **Bash**: Execute validation scripts
- **Read**: Read Jenkinsfile content
- **Grep**: Search for patterns in pipeline files
- **WebSearch**: Find plugin documentation online
- **Context7 MCP**: Access Jenkins and plugin documentation
- **WebFetch**: Retrieve specific documentation pages
## Best Practice Examples
### Good: Combined Shell Commands
```groovy
sh '''
echo "Building..."
mkdir build
./gradlew build
echo "Build complete"
'''
```
### Bad: Multiple Shell Steps
```groovy
sh 'echo "Building..."'
sh 'mkdir build'
sh './gradlew build'
sh 'echo "Build complete"'
```
### Good: Credential Management
```groovy
withCredentials([string(credentialsId: 'api-key', variable: 'API_KEY')]) {
sh 'curl -H "Authorization: Bearer $API_KEY" ...'
}
```
### Bad: Hardcoded Credentials
```groovy
sh 'curl -H "Authorization: Bearer abc123xyz" ...'
```
## Additional Capabilities
- **Dry-run Testing**: Validate without Jenkins server (all validation is local)
- **Plugin Version Checking**: Warn about deprecated plugin versions
- **Performance Analysis**: Identify potential performance bottlenecks
- **Compliance Checking**: Validate against organizational standards
- **Multi-file Support**: Validate multiple Jenkinsfiles in a directory
## References
- Official Jenkins Pipeline Syntax: https://www.jenkins.io/doc/book/pipeline/syntax/
- Pipeline Development Tools: https://www.jenkins.io/doc/book/pipeline/development/
- Pipeline Best Practices: https://www.jenkins.io/doc/book/pipeline/pipeline-best-practices/
- Jenkins Plugins: https://plugins.jenkins.io/
## Automatic Actions
When this skill is invoked:
1. Always validate syntax first (errors block execution)
2. Then check best practices (warnings for improvement)
3. Look up unknown plugins automatically
4. Provide actionable suggestions with every issue
5. Reference documentation files for detailed guidance
## Troubleshooting
### Common Issues
**Issue: "Best practices check shows false negatives"**
- **Cause**: Comment stripping may interfere with pattern detection
- **Solution**: update to latest version
**Issue: "Syntax validation passes but pipeline fails on Jenkins"**
- **Explanation**: Local validation catches structural issues but cannot verify:
- Plugin availability
- Agent/node availability
- Credential existence
- Network connectivity
- **Solution**: Validate on Jenkins using Replay feature or Pipeline Unit Testing Framework
**Issue: "Security scan shows passed but best practices finds credentials"**
- **Solution**: security scan now properly detects all credential patterns
**Issue: "Scripts not executable"**
- **Solution**: Run `chmod +x scripts/*.sh`
### Debug Mode
Enable verbose output for troubleshooting:
```bash
# Run with bash debug mode
bash -x scripts/validate_jenkinsfile.sh Jenkinsfile
# Check individual validator output
bash scripts/validate_declarative.sh Jenkinsfile
bash scripts/best_practices.sh Jenkinsfile
bash scripts/common_validation.sh check_credentials Jenkinsfile
```
## Limitations
- **No Jenkins Server Required**: All validation is local (no live testing)
- **Plugin Steps**: Cannot fully validate custom plugin steps without documentation
- **Runtime Behavior**: Cannot detect runtime issues (permissions, network, etc.)
- **Complex Groovy**: Advanced Groovy constructs may not be fully validated
- **Shared Libraries**: Remote shared libraries are not fetched or validatedRelated Skills
helm-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive toolkit for validating, linting, testing, and analyzing Helm charts and their rendered Kubernetes resources. Use this skill when working with Helm charts, validating templates, debugging chart issues, working with Custom Resource Definitions (CRDs) that require documentation lookup, or checking Helm best practices.
github-actions-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive toolkit for validating, linting, and testing GitHub Actions workflow files, custom local actions, and public actions. Use this skill when working with GitHub Actions YAML files (.github/workflows/*.yml), validating workflow syntax, testing workflow execution with act, or debugging workflow issues.
fluentbit-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive toolkit for validating, linting, and testing Fluent Bit configurations. Use this skill when working with Fluent Bit config files, validating syntax, checking for best practices, identifying security issues, or performing dry-run testing.
dockerfile-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive toolkit for validating, linting, and securing Dockerfiles. Use this skill when validating Dockerfile syntax, checking security best practices, optimizing image builds. Applies to all Dockerfile variants (Dockerfile, Dockerfile.prod, Dockerfile.dev, etc.).
commit-validator
16
from diegosouzapw/awesome-omni-skill
Validates commit messages against Conventional Commits specification using programmatic validation. Replaces the git-conventional-commit-messages text file with a tool that provides instant feedback.
bash-script-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive toolkit for validating, linting, and optimizing bash and shell scripts. Use this skill when working with shell scripts (.sh, .bash), validating script syntax, checking for best practices, identifying security issues, or debugging shell script problems.
animation-interaction-validator
16
from diegosouzapw/awesome-omni-skill
Ensures engaging user experience through validation of animations, transitions, micro-interactions, and feedback states, preventing flat/static interfaces that lack polish and engagement. Works with Tanstack Start (React) + shadcn/ui components.
ai-output-validator
16
from diegosouzapw/awesome-omni-skill
AI出力の品質を自動検証するスキル。事実確認、論理性、一貫性、幻覚(ハルシネーション)検出、バイアス分析、安全性チェックを実施し、改善提案を提供。
documentation-structure-validator
16
from diegosouzapw/awesome-omni-skill
Validate documentation structure, check for missing sections, verify markdown syntax, ensure consistency with templates. Use when user mentions docs validation, structure check, README review, documentation quality, or wants to verify documentation completeness.
doc-validator
16
from diegosouzapw/awesome-omni-skill
Validate documentation files for completeness, accuracy, and consistency with the codebase. Use when user mentions "check documentation", "validate docs", "is the README up to date?", requests documentation review, says "docs are wrong" or "fix the docs", or is working on documentation improvements. Covers README files, API docs, CHANGELOG, and any markdown documentation.
yaml-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive YAML syntax validation, error fixing, and schema validation for various formats (GitHub Actions, Docker Compose, Kubernetes, GitLab CI). Use when Claude needs to: (1) Validate YAML syntax, (2) Check YAML files for errors, (3) Fix common YAML formatting issues, (4) Validate against schemas like GitHub Actions workflows, Docker Compose files, Kubernetes manifests, or GitLab CI pipelines, (5) Debug YAML parsing errors. Triggers on phrases like "check yaml", "validate yaml", "fix yaml errors", "yaml syntax".
terraform-validator
16
from diegosouzapw/awesome-omni-skill
Comprehensive toolkit for validating, linting, testing, and automating Terraform configurations and HCL files. Use this skill when working with Terraform files (.tf, .tfvars), validating infrastructure-as-code, debugging Terraform configurations, performing dry-run testing with terraform plan, or working with custom providers and modules.