feat: add support for custom CA certificates for SSL/TLS connections (#42 )

* feat: add support for custom CA certificates for SSL/TLS connections - Add support for custom CA certificates (via PEM content, file path, or HTTP/HTTPS URL) for SSL/TLS connections. - Document the new CA certificate option and usage examples for CLI, Docker, and Drone CI in the README. - Update Jenkins client initialization to load and validate a custom CA certificate if provided, using a priority where insecure mode overrides custom CA. - Introduce comprehensive tests for CA certificate loading and Jenkins client initialization with different CA certificate sources and error scenarios. - Register the new ca-cert command-line flag and propagate its value through configuration and debug output. - Ensure that error handling for certificate loading fully propagates failures. Signed-off-by: appleboy <appleboy.tw@gmail.com> * test: update test CA certificate with new sample - Replace the sample CA certificate used in tests with a new certificate Signed-off-by: appleboy <appleboy.tw@gmail.com> --------- Signed-off-by: appleboy <appleboy.tw@gmail.com>
chore: update third-party libraries to latest compatible versions
2026-06-16 14:49:16 +08:00 · 2025-12-06 13:11:29 +08:00 · 2025-12-06 10:58:35 +08:00 · 2025-12-02 19:42:44 +08:00 · 2025-12-02 19:40:30 +08:00 · 2025-12-02 17:25:40 +08:00
9 changed files with 709 additions and 76 deletions
@@ -48,6 +48,37 @@ Example configuration with jobs in the folder:

 It will trigger the URL of Jenkins job like as `http://example.com/job/folder_name/job/job_name/`

+Example configuration with build parameters:
+
+```yaml
+- name: trigger jenkins job
+  image: appleboy/drone-jenkins
+  settings:
+    url: http://example.com
+    user: appleboy
+    token: xxxxxxxxxx
+    job: parameterized-job
+    parameters: |
+      ENVIRONMENT=production
+      VERSION=${DRONE_TAG}
+      COMMIT_SHA=${DRONE_COMMIT_SHA}
+```
+
+Example configuration with wait for completion:
+
+```yaml
+- name: trigger jenkins job and wait
+  image: appleboy/drone-jenkins
+  settings:
+    url: http://example.com
+    user: appleboy
+    token: xxxxxxxxxx
+    job: deploy-job
+    wait: true
+    poll_interval: 15s
+    timeout: 1h
+```
+
 ## Parameter Reference

 url
@@ -61,3 +92,21 @@ token

 job
 : jenkins job name
+
+parameters
+: build parameters in multi-line `key=value` format (one per line)
+
+wait
+: wait for job completion (default: false)
+
+poll_interval
+: interval between status checks when waiting (default: 10s)
+
+timeout
+: maximum time to wait for job completion (default: 30m)
+
+insecure
+: allow insecure SSL connections (default: false)
+
+remote_token
+: jenkins remote trigger token (alternative to user/token authentication)
@@ -40,7 +40,8 @@ A [Drone](https://github.com/drone/drone) plugin for triggering [Jenkins](https:
 - Support for Jenkins build parameters
 - Multiple authentication methods (API token or remote trigger token)
 - Wait for job completion with configurable polling and timeout
- SSL/TLS support with optional insecure mode
+- Debug mode with detailed parameter information and secure token masking
+- SSL/TLS support with custom CA certificates (PEM content, file path, or URL)
 - Cross-platform support (Linux, macOS, Windows)
 - Available as binary, Docker image, or Drone plugin

@@ -97,16 +98,9 @@ docker pull ghcr.io/appleboy/drone-jenkins
 Set up a Jenkins server using Docker:

 ```sh
-docker run \
-  --name jenkins \
-  -d --restart always \
-  -p 8080:8080 -p 50000:50000 \
-  -v /data/jenkins:/var/jenkins_home \
-  jenkins/jenkins:lts
+docker run -d -v jenkins_home:/var/jenkins_home -p 8080:8080 -p 50000:50000 --restart=on-failure jenkins/jenkins:slim
 ```

-**Note**: Create the `/data/jenkins` directory before starting Jenkins.
-
 ### Authentication

 Jenkins API tokens are recommended for authentication. To create an API token:
@@ -124,24 +118,36 @@ Alternatively, you can use a remote trigger token configured in your Jenkins job

 ### Parameters Reference

-| Parameter     | CLI Flag             | Environment Variable                            | Required      | Description                                            |
-| ------------- | -------------------- | ----------------------------------------------- | ------------- | ------------------------------------------------------ |
-| Host          | `--host`             | `PLUGIN_URL`, `JENKINS_URL`                     | Yes           | Jenkins base URL (e.g., `http://jenkins.example.com/`) |
-| User          | `--user`, `-u`       | `PLUGIN_USER`, `JENKINS_USER`                   | Conditional\* | Jenkins username                                       |
-| Token         | `--token`, `-t`      | `PLUGIN_TOKEN`, `JENKINS_TOKEN`                 | Conditional\* | Jenkins API token                                      |
-| Remote Token  | `--remote-token`     | `PLUGIN_REMOTE_TOKEN`, `JENKINS_REMOTE_TOKEN`   | Conditional\* | Jenkins remote trigger token                           |
-| Job           | `--job`, `-j`        | `PLUGIN_JOB`, `JENKINS_JOB`                     | Yes           | Jenkins job name(s) - can specify multiple             |
-| Parameters    | `--parameters`, `-p` | `PLUGIN_PARAMETERS`, `JENKINS_PARAMETERS`       | No            | Build parameters in `key=value` format                 |
-| Insecure      | `--insecure`         | `PLUGIN_INSECURE`, `JENKINS_INSECURE`           | No            | Allow insecure SSL connections (default: false)        |
-| Wait          | `--wait`             | `PLUGIN_WAIT`, `JENKINS_WAIT`                   | No            | Wait for job completion (default: false)               |
-| Poll Interval | `--poll-interval`    | `PLUGIN_POLL_INTERVAL`, `JENKINS_POLL_INTERVAL` | No            | Interval between status checks (default: 10s)          |
-| Timeout       | `--timeout`          | `PLUGIN_TIMEOUT`, `JENKINS_TIMEOUT`             | No            | Maximum time to wait for job completion (default: 30m) |
+| Parameter     | CLI Flag             | Environment Variable                            | Required      | Description                                                       |
+| ------------- | -------------------- | ----------------------------------------------- | ------------- | ----------------------------------------------------------------- |
+| Host          | `--host`             | `PLUGIN_URL`, `JENKINS_URL`                     | Yes           | Jenkins base URL (e.g., `http://jenkins.example.com/`)            |
+| User          | `--user`, `-u`       | `PLUGIN_USER`, `JENKINS_USER`                   | Conditional\* | Jenkins username                                                  |
+| Token         | `--token`, `-t`      | `PLUGIN_TOKEN`, `JENKINS_TOKEN`                 | Conditional\* | Jenkins API token                                                 |
+| Remote Token  | `--remote-token`     | `PLUGIN_REMOTE_TOKEN`, `JENKINS_REMOTE_TOKEN`   | Conditional\* | Jenkins remote trigger token                                      |
+| Job           | `--job`, `-j`        | `PLUGIN_JOB`, `JENKINS_JOB`                     | Yes           | Jenkins job name(s) - can specify multiple                        |
+| Parameters    | `--parameters`, `-p` | `PLUGIN_PARAMETERS`, `JENKINS_PARAMETERS`       | No            | Build parameters in multi-line `key=value` format (one per line)  |
+| Insecure      | `--insecure`         | `PLUGIN_INSECURE`, `JENKINS_INSECURE`           | No            | Allow insecure SSL connections (default: false)                   |
+| CA Cert       | `--ca-cert`          | `PLUGIN_CA_CERT`, `JENKINS_CA_CERT`             | No            | Custom CA certificate (PEM content, file path, or HTTP URL)       |
+| Wait          | `--wait`             | `PLUGIN_WAIT`, `JENKINS_WAIT`                   | No            | Wait for job completion (default: false)                          |
+| Poll Interval | `--poll-interval`    | `PLUGIN_POLL_INTERVAL`, `JENKINS_POLL_INTERVAL` | No            | Interval between status checks (default: 10s)                     |
+| Timeout       | `--timeout`          | `PLUGIN_TIMEOUT`, `JENKINS_TIMEOUT`             | No            | Maximum time to wait for job completion (default: 30m)            |
+| Debug         | `--debug`            | `PLUGIN_DEBUG`, `JENKINS_DEBUG`                 | No            | Enable debug mode to show detailed parameter information (default: false) |

 **Authentication Requirements**: You must provide either:

 - `user` + `token` (API token authentication), OR
 - `remote-token` (remote trigger token authentication)

+**Parameters Format**: The `parameters` field accepts a multi-line string where each line contains one `key=value` pair:
+
+- Each parameter should be on a separate line
+- Format: `KEY=VALUE` (one per line)
+- Empty lines are automatically ignored
+- Whitespace-only lines are skipped
+- Keys are trimmed of surrounding whitespace
+- Values preserve intentional spaces
+- Values can contain `=` signs (everything after the first `=` is treated as the value)
+
 ## Usage

 ### Command Line
@@ -175,8 +181,21 @@ drone-jenkins \
  --user appleboy \
  --token XXXXXXXX \
  --job my-jenkins-job \
-  --parameters "ENVIRONMENT=production" \
-  --parameters "VERSION=1.0.0"
+  --parameters $'ENVIRONMENT=production\nVERSION=1.0.0'
+```
+
+Or using environment variable:
+
+```bash
+export JENKINS_PARAMETERS="ENVIRONMENT=production
+VERSION=1.0.0
+BRANCH=main"
+
+drone-jenkins \
+  --host http://jenkins.example.com/ \
+  --user appleboy \
+  --token XXXXXXXX \
+  --job my-jenkins-job
 ```

 **Using remote token authentication:**
@@ -201,6 +220,37 @@ drone-jenkins \
  --timeout 1h
 ```

+**With debug mode:**
+
+```bash
+drone-jenkins \
+  --host http://jenkins.example.com/ \
+  --user appleboy \
+  --token XXXXXXXX \
+  --job my-jenkins-job \
+  --debug
+```
+
+**With custom CA certificate:**
+
+```bash
+# Using a file path
+drone-jenkins \
+  --host https://jenkins.example.com/ \
+  --user appleboy \
+  --token XXXXXXXX \
+  --job my-jenkins-job \
+  --ca-cert /path/to/ca.pem
+
+# Using a URL
+drone-jenkins \
+  --host https://jenkins.example.com/ \
+  --user appleboy \
+  --token XXXXXXXX \
+  --job my-jenkins-job \
+  --ca-cert https://example.com/ca-bundle.crt
+```
+
 ### Docker

 **Single job:**
@@ -233,7 +283,7 @@ docker run --rm \
  -e JENKINS_USER=appleboy \
  -e JENKINS_TOKEN=xxxxxxx \
  -e JENKINS_JOB=my-jenkins-job \
-  -e JENKINS_PARAMETERS="ENVIRONMENT=production,VERSION=1.0.0" \
+  -e JENKINS_PARAMETERS=$'ENVIRONMENT=production\nVERSION=1.0.0\nBRANCH=main' \
  ghcr.io/appleboy/drone-jenkins
 ```

@@ -251,6 +301,41 @@ docker run --rm \
  ghcr.io/appleboy/drone-jenkins
 ```

+**With debug mode:**
+
+```bash
+docker run --rm \
+  -e JENKINS_URL=http://jenkins.example.com/ \
+  -e JENKINS_USER=appleboy \
+  -e JENKINS_TOKEN=xxxxxxx \
+  -e JENKINS_JOB=my-jenkins-job \
+  -e JENKINS_DEBUG=true \
+  ghcr.io/appleboy/drone-jenkins
+```
+
+**With custom CA certificate:**
+
+```bash
+# Using a mounted certificate file
+docker run --rm \
+  -v /path/to/ca.pem:/ca.pem:ro \
+  -e JENKINS_URL=https://jenkins.example.com/ \
+  -e JENKINS_USER=appleboy \
+  -e JENKINS_TOKEN=xxxxxxx \
+  -e JENKINS_JOB=my-jenkins-job \
+  -e JENKINS_CA_CERT=/ca.pem \
+  ghcr.io/appleboy/drone-jenkins
+
+# Using a URL
+docker run --rm \
+  -e JENKINS_URL=https://jenkins.example.com/ \
+  -e JENKINS_USER=appleboy \
+  -e JENKINS_TOKEN=xxxxxxx \
+  -e JENKINS_JOB=my-jenkins-job \
+  -e JENKINS_CA_CERT=https://example.com/ca-bundle.crt \
+  ghcr.io/appleboy/drone-jenkins
+```
+
 ### Drone CI

 Add the plugin to your `.drone.yml`:
@@ -284,10 +369,11 @@ steps:
      job:
        - deploy-frontend
        - deploy-backend
-      parameters:
-        - ENVIRONMENT=production
-        - VERSION=${DRONE_TAG}
-        - COMMIT_SHA=${DRONE_COMMIT_SHA}
+      parameters: |
+        ENVIRONMENT=production
+        VERSION=${DRONE_TAG}
+        COMMIT_SHA=${DRONE_COMMIT_SHA}
+        BRANCH=${DRONE_BRANCH}
 ```

 **Using remote token:**
@@ -320,6 +406,37 @@ steps:
      timeout: 1h
 ```

+**With debug mode:**
+
+```yaml
+steps:
+  - name: trigger-jenkins
+    image: ghcr.io/appleboy/drone-jenkins
+    settings:
+      url: http://jenkins.example.com/
+      user: appleboy
+      token:
+        from_secret: jenkins_token
+      job: my-jenkins-job
+      debug: true
+```
+
+**With custom CA certificate:**
+
+```yaml
+steps:
+  - name: trigger-jenkins
+    image: ghcr.io/appleboy/drone-jenkins
+    settings:
+      url: https://jenkins.example.com/
+      user: appleboy
+      token:
+        from_secret: jenkins_token
+      job: my-jenkins-job
+      ca_cert:
+        from_secret: jenkins_ca_cert
+```
+
 For more detailed examples and advanced configurations, see [DOCS.md](DOCS.md).

 ## Development
@@ -1,11 +1,13 @@
 module github.com/appleboy/drone-jenkins

-go 1.22
+go 1.24.0

 require (
+	github.com/appleboy/com v1.1.1
 	github.com/joho/godotenv v1.5.1
 	github.com/stretchr/testify v1.10.0
-	github.com/urfave/cli/v2 v2.27.5
+	github.com/urfave/cli/v2 v2.27.7
+	github.com/yassinebenaid/godump v0.11.1
 )

 require (
@@ -13,6 +15,6 @@ require (
 	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/russross/blackfriday/v2 v2.1.0 // indirect
-	github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect
+	github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 // indirect
 	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
@@ -1,3 +1,5 @@
+github.com/appleboy/com v1.1.1 h1:iqu+BzrEcO3Towwi4E0GDRLSEeMBix3gf3LRjn9h8ow=
+github.com/appleboy/com v1.1.1/go.mod h1:WKU8+CaWcyLkpm0NLhGA8Wl/yGi3KXfTIXsp7T2ceZc=
 github.com/cpuguy83/go-md2man/v2 v2.0.7 h1:zbFlGlXEAKlwXpmvle3d8Oe3YnkKIK4xSRTd3sHPnBo=
 github.com/cpuguy83/go-md2man/v2 v2.0.7/go.mod h1:oOW0eioCTA6cOiMLiUPZOpcVxMig6NIQQ7OS05n1F4g=
 github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
@@ -10,10 +12,12 @@ github.com/russross/blackfriday/v2 v2.1.0 h1:JIOH55/0cWyOuilr9/qlrm0BSXldqnqwMsf
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/stretchr/testify v1.10.0 h1:Xv5erBjTwe/5IxqUQTdXv5kgmIvbHo3QQyRwhJsOfJA=
 github.com/stretchr/testify v1.10.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY=
-github.com/urfave/cli/v2 v2.27.5 h1:WoHEJLdsXr6dDWoJgMq/CboDmyY/8HMMH1fTECbih+w=
-github.com/urfave/cli/v2 v2.27.5/go.mod h1:3Sevf16NykTbInEnD0yKkjDAeZDS0A6bzhBH5hrMvTQ=
-github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 h1:gEOO8jv9F4OT7lGCjxCBTO/36wtF6j2nSip77qHd4x4=
-github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/urfave/cli/v2 v2.27.7 h1:bH59vdhbjLv3LAvIu6gd0usJHgoTTPhCFib8qqOwXYU=
+github.com/urfave/cli/v2 v2.27.7/go.mod h1:CyNAG/xg+iAOg0N4MPGZqVmv2rCoP267496AOXUZjA4=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342 h1:FnBeRrxr7OU4VvAzt5X7s6266i6cSVkkFPS0TuXWbIg=
+github.com/xrash/smetrics v0.0.0-20250705151800-55b8f293f342/go.mod h1:Ohn+xnUBiLI6FVj/9LpzZWtj1/D6lUovWYBkxHVV3aM=
+github.com/yassinebenaid/godump v0.11.1 h1:SPujx/XaYqGDfmNh7JI3dOyCUVrG0bG2duhO3Eh2EhI=
+github.com/yassinebenaid/godump v0.11.1/go.mod h1:dc/0w8wmg6kVIvNGAzbKH1Oa54dXQx8SNKh4dPRyW44=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
 gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
@@ -3,14 +3,19 @@ package main
 import (
 	"context"
 	"crypto/tls"
+	"crypto/x509"
 	"encoding/json"
 	"fmt"
 	"io"
 	"log"
 	"net/http"
 	"net/url"
+	"os"
 	"strings"
 	"time"
+
+	"github.com/appleboy/com/gh"
+	"github.com/yassinebenaid/godump"
 )

 type (
@@ -26,6 +31,7 @@ type (
 		BaseURL string
 		Token   string // Remote trigger token
 		Client  *http.Client
+		Debug   bool // Enable debug mode to show detailed information
 	}

 	// QueueItem represents a Jenkins queue item response
@@ -52,26 +58,108 @@ type (
 	}
 )

-// NewJenkins is initial Jenkins object
-func NewJenkins(auth *Auth, url string, token string, insecure bool) *Jenkins {
-	url = strings.TrimRight(url, "/")
+// loadCACert loads a CA certificate from various sources:
+// - PEM content (if it starts with "-----BEGIN")
+// - File path (if the file exists)
+// - HTTP/HTTPS URL (if it starts with "http://" or "https://")
+func loadCACert(caCert string) ([]byte, error) {
+	if caCert == "" {
+		return nil, nil
+	}

-	client := http.DefaultClient
+	// Check if it's PEM content (starts with BEGIN marker)
+	if strings.HasPrefix(strings.TrimSpace(caCert), "-----BEGIN") {
+		return []byte(caCert), nil
+	}
+
+	// Check if it's an HTTP/HTTPS URL
+	if strings.HasPrefix(caCert, "http://") || strings.HasPrefix(caCert, "https://") {
+		req, err := http.NewRequestWithContext(context.Background(), http.MethodGet, caCert, nil)
+		if err != nil {
+			return nil, fmt.Errorf("failed to create request for CA certificate URL: %w", err)
+		}
+		resp, err := http.DefaultClient.Do(req) // #nosec G107 -- URL is user-provided configuration
+		if err != nil {
+			return nil, fmt.Errorf("failed to fetch CA certificate from URL: %w", err)
+		}
+		defer resp.Body.Close()
+
+		if resp.StatusCode != http.StatusOK {
+			return nil, fmt.Errorf("failed to fetch CA certificate: HTTP %d", resp.StatusCode)
+		}
+
+		data, err := io.ReadAll(resp.Body)
+		if err != nil {
+			return nil, fmt.Errorf("failed to read CA certificate from URL: %w", err)
+		}
+		return data, nil
+	}
+
+	// Otherwise, treat it as a file path
+	data, err := os.ReadFile(caCert)
+	if err != nil {
+		return nil, fmt.Errorf("failed to read CA certificate file: %w", err)
+	}
+	return data, nil
+}
+
+// NewJenkins is initial Jenkins object
+func NewJenkins(
+	auth *Auth,
+	baseURL string,
+	token string,
+	insecure bool,
+	caCert string,
+	debug bool,
+) (*Jenkins, error) {
+	baseURL = strings.TrimRight(baseURL, "/")
+
+	// Load CA certificate if provided
+	caCertData, err := loadCACert(caCert)
+	if err != nil {
+		return nil, fmt.Errorf("failed to load CA certificate: %w", err)
+	}
+
+	// Build TLS configuration
+	var tlsConfig *tls.Config
 	if insecure {
+		// #nosec G402 -- InsecureSkipVerify is intentionally configurable by user
+		tlsConfig = &tls.Config{InsecureSkipVerify: true}
+	} else if caCertData != nil {
+		// Create certificate pool with custom CA
+		certPool, err := x509.SystemCertPool()
+		if err != nil {
+			// Fall back to empty pool if system pool unavailable
+			certPool = x509.NewCertPool()
+		}
+
+		if !certPool.AppendCertsFromPEM(caCertData) {
+			return nil, fmt.Errorf("failed to parse CA certificate")
+		}
+
+		tlsConfig = &tls.Config{
+			RootCAs:    certPool,
+			MinVersion: tls.VersionTLS12,
+		}
+	}
+
+	// Create HTTP client
+	client := http.DefaultClient
+	if tlsConfig != nil {
 		client = &http.Client{
 			Transport: &http.Transport{
-				// #nosec G402 -- InsecureSkipVerify is intentionally configurable by user
-				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+				TLSClientConfig: tlsConfig,
 			},
 		}
 	}

 	return &Jenkins{
 		Auth:    auth,
-		BaseURL: url,
+		BaseURL: baseURL,
 		Token:   token,
 		Client:  client,
-	}
+		Debug:   debug,
+	}, nil
 }

 func (jenkins *Jenkins) buildURL(path string, params url.Values) (requestURL string) {
@@ -289,6 +377,24 @@ func (jenkins *Jenkins) waitForCompletion(
 				buildNumber,
 				buildInfo.Result,
 			)
+
+			// Debug: Display final build info
+			if jenkins.Debug {
+				log.Println("=== Debug Mode: Build Result ===")
+				if err := godump.Dump(buildInfo); err != nil {
+					log.Printf("warning: failed to dump build info: %v", err)
+				}
+				log.Println("================================")
+			}
+
+			// Set GitHub Actions output
+			if err := gh.SetOutput(map[string]string{
+				"result": buildInfo.Result,
+				"url":    buildInfo.URL,
+			}); err != nil {
+				log.Printf("warning: failed to set GitHub output: %v", err)
+			}
+
 			return buildInfo, nil
 		}

@@ -321,6 +427,42 @@ func (jenkins *Jenkins) trigger(job string, params url.Values) (int, error) {
 		urlPath = jenkins.parseJobPath(job) + "/build"
 	}

+	// Debug: Display parameters being sent
+	if jenkins.Debug {
+		log.Println("=== Debug Mode: Jenkins Job Trigger ===")
+		log.Printf("Job: %s", job)
+		log.Printf("URL Path: %s", urlPath)
+
+		// Build the full URL for display
+		fullURL := jenkins.buildURL(urlPath, params)
+		// Mask token in URL for display
+		if jenkins.Token != "" {
+			fullURL = strings.Replace(fullURL, "token="+jenkins.Token, "token=***MASKED***", 1)
+		}
+		log.Printf("Full URL: %s", fullURL)
+
+		if len(params) > 0 {
+			// Create a copy of params with masked token for display
+			displayParams := url.Values{}
+			for key, values := range params {
+				if key == "token" {
+					// Mask token values for security
+					displayParams[key] = []string{"***MASKED***"}
+				} else {
+					displayParams[key] = values
+				}
+			}
+
+			log.Println("Parameters:")
+			if err := godump.Dump(displayParams); err != nil {
+				log.Printf("warning: failed to dump parameters: %v", err)
+			}
+		} else {
+			log.Println("Parameters: (none)")
+		}
+		log.Println("======================================")
+	}
+
 	// All params (including token) are passed as query parameters
 	// Returns the queue item ID for tracking
 	return jenkins.postAndGetLocation(urlPath, params)
@@ -4,6 +4,8 @@ import (
 	"net/http"
 	"net/http/httptest"
 	"net/url"
+	"os"
+	"path/filepath"
 	"sync/atomic"
 	"testing"
 	"time"
@@ -16,7 +18,8 @@ func TestParseJobPath(t *testing.T) {
 		Username: "appleboy",
 		Token:    "1234",
 	}
-	jenkins := NewJenkins(auth, "http://example.com", "", false)
+	jenkins, err := NewJenkins(auth, "http://example.com", "", false, "", false)
+	assert.NoError(t, err)

 	assert.Equal(t, "/job/foo", jenkins.parseJobPath("/foo/"))
 	assert.Equal(t, "/job/foo", jenkins.parseJobPath("foo/"))
@@ -29,7 +32,8 @@ func TestUnSupportProtocol(t *testing.T) {
 		Username: "foo",
 		Token:    "bar",
 	}
-	jenkins := NewJenkins(auth, "example.com", "", false)
+	jenkins, err := NewJenkins(auth, "example.com", "", false, "", false)
+	assert.NoError(t, err)

 	queueID, err := jenkins.trigger("drone-jenkins", nil)
 	assert.NotNil(t, err)
@@ -50,7 +54,8 @@ func TestTriggerBuild(t *testing.T) {
 		Username: "foo",
 		Token:    "bar",
 	}
-	jenkins := NewJenkins(auth, server.URL, "remote-token", false)
+	jenkins, err := NewJenkins(auth, server.URL, "remote-token", false, "", false)
+	assert.NoError(t, err)

 	params := url.Values{"param": []string{"value"}}
 	queueID, err := jenkins.trigger("drone-jenkins", params)
@@ -110,7 +115,8 @@ func TestPostAndGetLocation(t *testing.T) {
 				Username: "test",
 				Token:    "test",
 			}
-			jenkins := NewJenkins(auth, server.URL, "", false)
+			jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+			assert.NoError(t, err)

 			queueID, err := jenkins.postAndGetLocation("/test", nil)

@@ -186,7 +192,8 @@ func TestGetQueueItem(t *testing.T) {
 				Username: "test",
 				Token:    "test",
 			}
-			jenkins := NewJenkins(auth, server.URL, "", false)
+			jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+			assert.NoError(t, err)

 			queueItem, err := jenkins.getQueueItem(tt.queueID)

@@ -274,7 +281,8 @@ func TestGetBuildInfo(t *testing.T) {
 				Username: "test",
 				Token:    "test",
 			}
-			jenkins := NewJenkins(auth, server.URL, "", false)
+			jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+			assert.NoError(t, err)

 			buildInfo, err := jenkins.getBuildInfo(tt.jobName, tt.buildNumber)

@@ -332,7 +340,8 @@ func TestWaitForCompletion(t *testing.T) {
 			Username: "test",
 			Token:    "test",
 		}
-		jenkins := NewJenkins(auth, server.URL, "", false)
+		jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+		assert.NoError(t, err)

 		buildInfo, err := jenkins.waitForCompletion(
 			"test-job",
@@ -364,7 +373,8 @@ func TestWaitForCompletion(t *testing.T) {
 			Username: "test",
 			Token:    "test",
 		}
-		jenkins := NewJenkins(auth, server.URL, "", false)
+		jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+		assert.NoError(t, err)

 		buildInfo, err := jenkins.waitForCompletion(
 			"test-job",
@@ -404,7 +414,8 @@ func TestWaitForCompletion(t *testing.T) {
 			Username: "test",
 			Token:    "test",
 		}
-		jenkins := NewJenkins(auth, server.URL, "", false)
+		jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+		assert.NoError(t, err)

 		buildInfo, err := jenkins.waitForCompletion(
 			"test-job",
@@ -449,7 +460,8 @@ func TestWaitForCompletion(t *testing.T) {
 			Username: "test",
 			Token:    "test",
 		}
-		jenkins := NewJenkins(auth, server.URL, "", false)
+		jenkins, err := NewJenkins(auth, server.URL, "", false, "", false)
+		assert.NoError(t, err)

 		buildInfo, err := jenkins.waitForCompletion(
 			"test-job",
@@ -465,3 +477,217 @@ func TestWaitForCompletion(t *testing.T) {
 		assert.Equal(t, "FAILURE", buildInfo.Result)
 	})
 }
+
+// Sample CA certificate for testing (self-signed, not for production use)
+const testCACert = `-----BEGIN CERTIFICATE-----
+MIIDAzCCAeugAwIBAgIUGYBGBr+t20UAWJorEPULxzGIXUEwDQYJKoZIhvcNAQEL
+BQAwETEPMA0GA1UEAwwGdGVzdGNhMB4XDTI1MTIwNjA1MDgzMloXDTM1MTIwNDA1
+MDgzMlowETEPMA0GA1UEAwwGdGVzdGNhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8A
+MIIBCgKCAQEAq4bwnABqFenRVUoHLKhPiJXkh6TBFUaCWiEpKYNPywptBJNdyWNf
+ouDxJ8gvQOMCkp3trnAHFcT6W5s8QLM1Hf/70QZI9GU/BtYm0KijU8aM+GJawNto
+sK103TeCd0tVenDkxfamBGYnh3L5jtk0V/jeIsAIfFoe9Citu3MttRfxnSmZ4w2K
+qlS14vKhFlO4WrXAh9j4PaVE5DL7jya/UKe6VVQIONCwUipRN6nU3UXhR7akVSmF
+/bYkFsfdcErXJHjDpg+0xOsa5LJhzRkx5Uoqtviq2oRVVYhZc0eTwjq/407ocJ25
+6WmerfKrtFDpzOZPa4XPVX9Am4vWugtrwQIDAQABo1MwUTAdBgNVHQ4EFgQUh7kL
+LqmsvQP3TI6eiLVK7Gs7A00wHwYDVR0jBBgwFoAUh7kLLqmsvQP3TI6eiLVK7Gs7
+A00wDwYDVR0TAQH/BAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEApLOdWacya+Zi
+w0Fd3UfSveuRsayAkMkZ4p0L9XKlADzwKtSF1Ykn6wiEiYfXd2TvffsR2XglOXFc
+181IpBhP5u2mzK6pRvH9mqTs3w8JTcXMFmg8AKE2Vg5k22tBM2OUJJgKXkiACuHS
+pZeOOvJcnjGunbTRwqais0TLYnkOcFsbgrSBKv82HiVootH/iKZahf1ViFMOURTh
+MqjwIous7Y53Rq4RmfycIjNwODlDW0i5atKe8incDBiIYKw6sH8WN+nuhnHC/vJ5
+5ZQvGCUsGOvma5ojWAiLs8wu4dODuF5ZNID3t+M36PQs7JDaQNN+AkZROOTSMqa/
+ud3vS1A5+g==
+-----END CERTIFICATE-----`
+
+func TestLoadCACert(t *testing.T) {
+	t.Run("empty string returns nil", func(t *testing.T) {
+		data, err := loadCACert("")
+		assert.NoError(t, err)
+		assert.Nil(t, data)
+	})
+
+	t.Run("PEM content directly", func(t *testing.T) {
+		data, err := loadCACert(testCACert)
+		assert.NoError(t, err)
+		assert.NotNil(t, data)
+		assert.Contains(t, string(data), "BEGIN CERTIFICATE")
+	})
+
+	t.Run("PEM content with leading whitespace", func(t *testing.T) {
+		data, err := loadCACert("  \n" + testCACert)
+		assert.NoError(t, err)
+		assert.NotNil(t, data)
+		assert.Contains(t, string(data), "BEGIN CERTIFICATE")
+	})
+
+	t.Run("file path", func(t *testing.T) {
+		// Create a temporary file with the certificate
+		tmpDir := t.TempDir()
+		certFile := filepath.Join(tmpDir, "ca.pem")
+		err := os.WriteFile(certFile, []byte(testCACert), 0o600)
+		assert.NoError(t, err)
+
+		data, err := loadCACert(certFile)
+		assert.NoError(t, err)
+		assert.NotNil(t, data)
+		assert.Contains(t, string(data), "BEGIN CERTIFICATE")
+	})
+
+	t.Run("file not found", func(t *testing.T) {
+		data, err := loadCACert("/nonexistent/path/ca.pem")
+		assert.Error(t, err)
+		assert.Nil(t, data)
+		assert.Contains(t, err.Error(), "failed to read CA certificate file")
+	})
+
+	t.Run("HTTP URL", func(t *testing.T) {
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusOK)
+			_, _ = w.Write([]byte(testCACert))
+		}))
+		defer server.Close()
+
+		data, err := loadCACert(server.URL)
+		assert.NoError(t, err)
+		assert.NotNil(t, data)
+		assert.Contains(t, string(data), "BEGIN CERTIFICATE")
+	})
+
+	t.Run("HTTPS URL", func(t *testing.T) {
+		server := httptest.NewTLSServer(
+			http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+				w.WriteHeader(http.StatusOK)
+				_, _ = w.Write([]byte(testCACert))
+			}),
+		)
+		defer server.Close()
+
+		// Note: This test uses the test server's self-signed cert
+		// In real scenarios, the URL would be to a trusted source
+		// We skip HTTPS verification for this test
+		data, err := loadCACert(server.URL)
+		// This may fail due to certificate verification, which is expected
+		if err != nil {
+			assert.Contains(t, err.Error(), "certificate")
+		} else {
+			assert.NotNil(t, data)
+		}
+	})
+
+	t.Run("HTTP URL returns error status", func(t *testing.T) {
+		server := httptest.NewServer(http.HandlerFunc(func(w http.ResponseWriter, r *http.Request) {
+			w.WriteHeader(http.StatusNotFound)
+		}))
+		defer server.Close()
+
+		data, err := loadCACert(server.URL)
+		assert.Error(t, err)
+		assert.Nil(t, data)
+		assert.Contains(t, err.Error(), "HTTP 404")
+	})
+
+	t.Run("HTTP URL unreachable", func(t *testing.T) {
+		data, err := loadCACert("http://localhost:59999/nonexistent")
+		assert.Error(t, err)
+		assert.Nil(t, data)
+		assert.Contains(t, err.Error(), "failed to fetch CA certificate from URL")
+	})
+}
+
+func TestNewJenkinsWithCACert(t *testing.T) {
+	t.Run("with valid CA certificate", func(t *testing.T) {
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		jenkins, err := NewJenkins(auth, "https://example.com", "", false, testCACert, false)
+		assert.NoError(t, err)
+		assert.NotNil(t, jenkins)
+		assert.NotNil(t, jenkins.Client)
+	})
+
+	t.Run("with CA certificate from file", func(t *testing.T) {
+		tmpDir := t.TempDir()
+		certFile := filepath.Join(tmpDir, "ca.pem")
+		err := os.WriteFile(certFile, []byte(testCACert), 0o600)
+		assert.NoError(t, err)
+
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		jenkins, err := NewJenkins(auth, "https://example.com", "", false, certFile, false)
+		assert.NoError(t, err)
+		assert.NotNil(t, jenkins)
+	})
+
+	t.Run("with invalid CA certificate content", func(t *testing.T) {
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		jenkins, err := NewJenkins(
+			auth,
+			"https://example.com",
+			"",
+			false,
+			"invalid-cert-data",
+			false,
+		)
+		assert.Error(t, err)
+		assert.Nil(t, jenkins)
+		assert.Contains(t, err.Error(), "failed to read CA certificate file")
+	})
+
+	t.Run("with invalid PEM format", func(t *testing.T) {
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		invalidPEM := "-----BEGIN CERTIFICATE-----\ninvalid-base64-data\n-----END CERTIFICATE-----"
+		jenkins, err := NewJenkins(auth, "https://example.com", "", false, invalidPEM, false)
+		assert.Error(t, err)
+		assert.Nil(t, jenkins)
+		assert.Contains(t, err.Error(), "failed to parse CA certificate")
+	})
+
+	t.Run("with nonexistent file path", func(t *testing.T) {
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		jenkins, err := NewJenkins(
+			auth,
+			"https://example.com",
+			"",
+			false,
+			"/nonexistent/ca.pem",
+			false,
+		)
+		assert.Error(t, err)
+		assert.Nil(t, jenkins)
+		assert.Contains(t, err.Error(), "failed to load CA certificate")
+	})
+
+	t.Run("insecure flag takes precedence over CA cert", func(t *testing.T) {
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		// When insecure is true, CA cert should be ignored
+		jenkins, err := NewJenkins(auth, "https://example.com", "", true, testCACert, false)
+		assert.NoError(t, err)
+		assert.NotNil(t, jenkins)
+	})
+
+	t.Run("without CA certificate uses default client", func(t *testing.T) {
+		auth := &Auth{
+			Username: "test",
+			Token:    "test",
+		}
+		jenkins, err := NewJenkins(auth, "https://example.com", "", false, "", false)
+		assert.NoError(t, err)
+		assert.NotNil(t, jenkins)
+		assert.Equal(t, http.DefaultClient, jenkins.Client)
+	})
+}
@@ -8,6 +8,7 @@ import (

 	"github.com/joho/godotenv"
 	"github.com/urfave/cli/v2"
+	"github.com/yassinebenaid/godump"
 )

 // Version set at compile-time
@@ -23,6 +24,14 @@ ________                                            ____.              __   .__
                                                                    version: {{.Version}}
 `

+// maskToken masks a token string for secure display
+func maskToken(token string) string {
+	if token == "" {
+		return ""
+	}
+	return "***MASKED***"
+}
+
 func main() {
 	// Load env-file if it exists first
 	if filename, found := os.LookupEnv("PLUGIN_ENV_FILE"); found {
@@ -83,10 +92,15 @@ func main() {
 			Usage:   "allow insecure server connections when using SSL",
 			EnvVars: []string{"PLUGIN_INSECURE", "JENKINS_INSECURE", "INPUT_INSECURE"},
 		},
-		&cli.StringSliceFlag{
+		&cli.StringFlag{
+			Name:    "ca-cert",
+			Usage:   "custom CA certificate (PEM content, file path, or HTTP URL)",
+			EnvVars: []string{"PLUGIN_CA_CERT", "JENKINS_CA_CERT", "INPUT_CA_CERT"},
+		},
+		&cli.StringFlag{
 			Name:    "parameters",
 			Aliases: []string{"p"},
-			Usage:   "jenkins build parameters",
+			Usage:   "jenkins build parameters (multi-line format: key=value, one per line)",
 			EnvVars: []string{"PLUGIN_PARAMETERS", "JENKINS_PARAMETERS", "INPUT_PARAMETERS"},
 		},
 		&cli.BoolFlag{
@@ -110,6 +124,11 @@ func main() {
 			Value:   30 * time.Minute,
 			EnvVars: []string{"PLUGIN_TIMEOUT", "JENKINS_TIMEOUT", "INPUT_TIMEOUT"},
 		},
+		&cli.BoolFlag{
+			Name:    "debug",
+			Usage:   "enable debug mode to show detailed parameter information",
+			EnvVars: []string{"PLUGIN_DEBUG", "JENKINS_DEBUG", "INPUT_DEBUG"},
+		},
 	}

 	// Override a template
@@ -170,10 +189,51 @@ func run(c *cli.Context) error {
 		RemoteToken:  c.String("remote-token"),
 		Job:          c.StringSlice("job"),
 		Insecure:     c.Bool("insecure"),
-		Parameters:   c.StringSlice("parameters"),
+		CACert:       c.String("ca-cert"),
+		Parameters:   c.String("parameters"),
 		Wait:         c.Bool("wait"),
 		PollInterval: c.Duration("poll-interval"),
 		Timeout:      c.Duration("timeout"),
+		Debug:        c.Bool("debug"),
+	}
+
+	// Display plugin configuration in debug mode
+	if plugin.Debug {
+		log.Println("=== Debug Mode: Plugin Configuration ===")
+
+		// Create a display copy with masked sensitive data
+		displayPlugin := struct {
+			BaseURL      string
+			Username     string
+			Token        string
+			RemoteToken  string
+			Job          []string
+			Insecure     bool
+			CACert       string
+			Parameters   string
+			Wait         bool
+			PollInterval time.Duration
+			Timeout      time.Duration
+			Debug        bool
+		}{
+			BaseURL:      plugin.BaseURL,
+			Username:     plugin.Username,
+			Token:        maskToken(plugin.Token),
+			RemoteToken:  maskToken(plugin.RemoteToken),
+			Job:          plugin.Job,
+			Insecure:     plugin.Insecure,
+			CACert:       plugin.CACert,
+			Parameters:   plugin.Parameters,
+			Wait:         plugin.Wait,
+			PollInterval: plugin.PollInterval,
+			Timeout:      plugin.Timeout,
+			Debug:        plugin.Debug,
+		}
+
+		if err := godump.Dump(displayPlugin); err != nil {
+			log.Printf("warning: failed to dump plugin configuration: %v", err)
+		}
+		log.Println("========================================")
 	}

 	return plugin.Exec()
@@ -19,10 +19,12 @@ type (
 		RemoteToken  string        // Optional remote trigger token for additional security
 		Job          []string      // List of Jenkins job names to trigger
 		Insecure     bool          // Whether to skip TLS certificate verification
-		Parameters   []string      // Job parameters in key=value format
+		CACert       string        // Custom CA certificate (PEM content, file path, or HTTP URL)
+		Parameters   string        // Job parameters in key=value format (one per line)
 		Wait         bool          // Whether to wait for job completion
 		PollInterval time.Duration // Interval between status checks (default: 10s)
 		Timeout      time.Duration // Maximum time to wait for job completion (default: 30m)
+		Debug        bool          // Enable debug mode to show detailed parameter information
 	}
 )

@@ -41,15 +43,27 @@ func trimWhitespaceFromSlice(items []string) []string {
 	return result
 }

-// parseParameters converts a slice of key=value strings into url.Values.
+// parseParameters converts a multi-line string of key=value pairs into url.Values.
+// Each line should contain one key=value pair.
 // It logs a warning for any parameters that don't match the expected format.
-func parseParameters(params []string) url.Values {
+func parseParameters(params string) url.Values {
 	values := url.Values{}

-	for _, param := range params {
-		parts := strings.SplitN(param, "=", 2)
+	// Split by newlines and process each line
+	lines := strings.Split(params, "\n")
+	for _, line := range lines {
+		// Skip empty lines
+		trimmedLine := strings.TrimSpace(line)
+		if trimmedLine == "" {
+			continue
+		}
+
+		parts := strings.SplitN(trimmedLine, "=", 2)
 		if len(parts) != 2 {
-			log.Printf("warning: skipping invalid parameter format (expected key=value): %q", param)
+			log.Printf(
+				"warning: skipping invalid parameter format (expected key=value): %q",
+				trimmedLine,
+			)
 			continue
 		}

@@ -57,7 +71,7 @@ func parseParameters(params []string) url.Values {
 		value := parts[1] // Keep value as-is to preserve intentional spaces

 		if key == "" {
-			log.Printf("warning: skipping parameter with empty key: %q", param)
+			log.Printf("warning: skipping parameter with empty key: %q", trimmedLine)
 			continue
 		}

@@ -104,7 +118,10 @@ func (p Plugin) Exec() error {
 	}

 	// Initialize Jenkins client
-	jenkins := NewJenkins(auth, p.BaseURL, p.RemoteToken, p.Insecure)
+	jenkins, err := NewJenkins(auth, p.BaseURL, p.RemoteToken, p.Insecure, p.CACert, p.Debug)
+	if err != nil {
+		return fmt.Errorf("failed to initialize Jenkins client: %w", err)
+	}

 	// Parse job parameters
 	params := parseParameters(p.Parameters)
@@ -122,12 +122,12 @@ func TestTrimWhitespaceFromSlice(t *testing.T) {
 func TestParseParameters(t *testing.T) {
 	tests := []struct {
 		name     string
-		input    []string
+		input    string
 		expected url.Values
 	}{
 		{
 			name:  "valid parameters",
-			input: []string{"key1=value1", "key2=value2"},
+			input: "key1=value1\nkey2=value2",
 			expected: url.Values{
 				"key1": []string{"value1"},
 				"key2": []string{"value2"},
@@ -135,38 +135,38 @@ func TestParseParameters(t *testing.T) {
 		},
 		{
 			name:  "parameter with multiple equals signs",
-			input: []string{"key=value=with=equals"},
+			input: "key=value=with=equals",
 			expected: url.Values{
 				"key": []string{"value=with=equals"},
 			},
 		},
 		{
 			name:  "parameter with spaces in value",
-			input: []string{"key=value with spaces"},
+			input: "key=value with spaces",
 			expected: url.Values{
 				"key": []string{"value with spaces"},
 			},
 		},
 		{
 			name:  "parameter with empty value",
-			input: []string{"key="},
+			input: "key=",
 			expected: url.Values{
 				"key": []string{""},
 			},
 		},
 		{
 			name:     "invalid parameter format (no equals)",
-			input:    []string{"invalid"},
+			input:    "invalid",
 			expected: url.Values{},
 		},
 		{
 			name:     "parameter with empty key",
-			input:    []string{"=value"},
+			input:    "=value",
 			expected: url.Values{},
 		},
 		{
 			name:  "mixed valid and invalid",
-			input: []string{"valid=yes", "invalid", "also=valid"},
+			input: "valid=yes\ninvalid\nalso=valid",
 			expected: url.Values{
 				"valid": []string{"yes"},
 				"also":  []string{"valid"},
@@ -174,16 +174,32 @@ func TestParseParameters(t *testing.T) {
 		},
 		{
 			name:  "key with surrounding whitespace",
-			input: []string{"  key  =value"},
+			input: "  key  =value",
 			expected: url.Values{
 				"key": []string{"value"},
 			},
 		},
 		{
-			name:     "empty slice",
-			input:    []string{},
+			name:     "empty string",
+			input:    "",
 			expected: url.Values{},
 		},
+		{
+			name:  "multiple empty lines",
+			input: "key1=value1\n\n\nkey2=value2",
+			expected: url.Values{
+				"key1": []string{"value1"},
+				"key2": []string{"value2"},
+			},
+		},
+		{
+			name:  "lines with whitespace only",
+			input: "key1=value1\n   \n\t\nkey2=value2",
+			expected: url.Values{
+				"key1": []string{"value1"},
+				"key2": []string{"value2"},
+			},
+		},
 	}

 	for _, tt := range tests {
@@ -333,7 +349,7 @@ func TestExecWithParameters(t *testing.T) {
 		Username:   "foo",
 		Token:      "bar",
 		Job:        []string{"parameterized-job"},
-		Parameters: []string{"branch=main", "environment=production"},
+		Parameters: "branch=main\nenvironment=production",
 	}

 	err := plugin.Exec()
Author	SHA1	Message	Date
Bo-Yi Wu	02829360ad	feat: add support for custom CA certificates for SSL/TLS connections (#42 ) * feat: add support for custom CA certificates for SSL/TLS connections - Add support for custom CA certificates (via PEM content, file path, or HTTP/HTTPS URL) for SSL/TLS connections. - Document the new CA certificate option and usage examples for CLI, Docker, and Drone CI in the README. - Update Jenkins client initialization to load and validate a custom CA certificate if provided, using a priority where insecure mode overrides custom CA. - Introduce comprehensive tests for CA certificate loading and Jenkins client initialization with different CA certificate sources and error scenarios. - Register the new ca-cert command-line flag and propagate its value through configuration and debug output. - Ensure that error handling for certificate loading fully propagates failures. Signed-off-by: appleboy <appleboy.tw@gmail.com> * test: update test CA certificate with new sample - Replace the sample CA certificate used in tests with a new certificate Signed-off-by: appleboy <appleboy.tw@gmail.com> --------- Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-12-06 13:11:29 +08:00
appleboy	f3a67c62a6	chore: update third-party libraries to latest compatible versions - Update urfave/cli library to version 2.27.7 - Update xrash/smetrics library to a newer commit Signed-off-by: appleboy <appleboy.tw@gmail.com>	2025-12-06 10:58:35 +08:00
Bo-Yi Wu	069e6455cc	ci: update build workflow and dependencies for Go 1.24 compatibility - Update Go version requirement from 1.22 to 1.24.0 - Add github.com/appleboy/com as a dependency - Set GitHub Actions output with build result and URL after Jenkins build completion - Log a warning if setting GitHub output fails Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 19:42:44 +08:00
Bo-Yi Wu	eb51e55e81	build: enable detailed build info logging in debug mode - Add debug logging to display final build information when debug mode is enabled Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 19:40:30 +08:00
Bo-Yi Wu	da87ddb86b	docs: document and illustrate debug mode configuration options - Document the new debug mode, including its purpose and usage - Add examples showing how to enable debug mode via CLI, Docker, and YAML configuration - Update the configuration table to describe the debug option and its environment variables Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 17:25:40 +08:00
Bo-Yi Wu	60874908e6	docs: document and standardize multi-line build parameter configurations - Add example configurations for build parameters and waiting for job completion - Document new settings: wait, poll_interval, timeout, insecure, and remote_token - Update parameters format to require multi-line key=value pairs (one per line) - Clarify handling of whitespace, empty lines, and multiple equals signs in parameter values - Revise CLI and Docker usage examples to use multi-line parameters format - Update YAML configuration example to use multi-line parameters block Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 17:09:52 +08:00
Bo-Yi Wu	f6e62d9c49	feat: switch Jenkins build parameters to multi-line string format - Change the Jenkins build parameters input from a string slice to a multi-line string format - Update parameter parsing to handle multi-line strings, skipping empty and whitespace-only lines - Adjust all usages and tests to support the new string-based parameter format - Add test cases for multiple empty lines and lines containing only whitespace in parameters Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 16:55:46 +08:00
Bo-Yi Wu	cf9b9a0a0d	feat: add debug mode with enhanced logging and token masking (#41 ) * feat: add debug mode with enhanced logging and token masking - Add godump library dependency for improved debug output - Introduce a debug mode flag to the Jenkins and Plugin structs - Update NewJenkins constructor and all usages to support the debug flag - Mask sensitive tokens in debug output for security - Log detailed parameter and configuration information when debug mode is enabled - Add CLI flag to enable debug mode via environment variables Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> * fix: add error handling and logging for godump.Dump failures - Add error handling for godump.Dump calls, logging a warning if dumping fails Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com> --------- Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 15:11:39 +08:00
Bo-Yi Wu	4c54d13899	docs: simplify Jenkins Docker setup and improve reliability - Update Jenkins Docker run instructions to use a named volume and the slim image - Change container restart policy to on-failure - Remove note about creating a host directory for Jenkins data Signed-off-by: Bo-Yi Wu <appleboy.tw@gmail.com>	2025-12-02 14:36:48 +08:00