Jenkins plugin

Important: This topic describes using a CI tool plugin to interact with Release. However, as a preferred alternative starting with version 9.0, you can utilize a wrapper script to bootstrap XL CLI commands on your Unix or Windows-based Continuous Integration (CI) servers without having to install the XL CLI executable itself. The script is stored with your project YAML files and you can execute XL CLI commands from within your CI tool scripts. For details, see the following topics:

About the plugin

You can configure the Release plugin for Jenkins at the global and job levels.

Global Jenkins configuration

Manage the global Jenkins configuration by navigating to Manage Jenkins > Configure System. You can specify the Release server URL and one or more sets of credentials. Different credentials can be used for different jobs.

Release plugin - global configuration

CSRF Protection

From the Jenkins Documentation: “A cross site request forgery (or CSRF/XSRF) is an exploit that enables an unauthorized third party to perform requests against a web application by impersonating another, authenticated, user. In the context of a Jenkins environment, a CSRF attack could allow an malicious actor to delete projects, alter builds, or modify Jenkins’ system configuration. To guard against this class of vulnerabilities, CSRF protection has been enabled by default with all Jenkins versions since 2.0.

Manage CSRF protections by navigating to Manage Jenkins > Configure System. Enable the “Prevent Cross Site Request Forgery exploits” and “Default Crumb Issuer”.

Jenkins CSRF

This will enforce API token authentication in the XLR Jenkins Shared Configuration settings.

Jenkins config

Note: Before Jenkins version 2.176.2 it was possible disable CSRF directly by Configure Global Security. Now to avoid secure issues since 2.176.2 that option it was removed. You can find more information on this topic here under ‘Cross Site Request Forgery’:

Job configuration

In the job configuration page, select Post-build Actions > Add post-build action > Release with Release. Enter the template name in the box and select a value from the drop-down list.

Tip: You can type / in front of a folder name to see the subfolders and template names in the specified folder.

Release plugin - select a job

After you select the template, click Validate template.

Release plugin - validate template

To get information about each setting, click ? located next to the setting.

Using the Jenkinsfile

You can use the Jenkins Pipeline feature with the Release plugin for Jenkins. This feature allows you to create a “pipeline as code” in a Jenkinsfile, using the Pipeline DSL. You can then store the Jenkinsfile in a source control repository.

For more information about the Jenkins task in Release, see Create a Jenkins task.

Create a Jenkinsfile

To start using Jenkinsfile, create a pipeline job and add the Jenkinsfile content to the Pipeline section of the job configuration.

Additional resources:

Jenkinsfile example

The following Jenkinsfile can be used to build a pipeline and deploy a simple web application to a Tomcat environment configured in Release.

node {
stage('Package') {
  xldCreatePackage artifactsPath: 'build/libs', manifestPath: 'deployit-manifest.xml', darPath: '$JOB_NAME-$BUILD_NUMBER.0.dar'
stage('Publish') {
  xldPublishPackage serverCredentials: '<user_name>', darPath: '$JOB_NAME-$BUILD_NUMBER.0.dar'
stage('Deploy') {
  xldDeploy serverCredentials: '<user_name>', environmentId: 'Environments/Dev', packageId: 'Applications/<app_name>/$BUILD_NUMBER.0'
stage('Start XLR Release') {
      xlrCreateRelease serverCredentials: '<user_name>', template: 'Release <app_name>', releaseTitle: 'Release for $BUILD_TAG', variables: [[propertyName: 'version', propertyValue: '$BUILD_NUMBER.0']], startRelease: true
- release

Release notes

Version 10.0.0

Bug fixes

  • ENG-3023 - Added documentation for CSRF Protection
  • ENG-2074 - Enabled multibranch pipeline scan
  • ENG-2493 - Added support for token based authentication for Jenkins Integration

Version 9.7.0

Bug fixes

  • ENG-428 - Jenkins task should fail for illegal choice for parameter. Also support for backport versions.

Version 7.5.5

Bug fixes

  • XLINT-596 - Added support for all XLR variable types

Version 7.5.4

Bug fixes

  • XLINT-458 - Fix non-default URL was not picked up when in use. Fix non-unique key when looking up the XLReleaseServerConnector in the HashMap.
  • XLINT-706 - Fix startup performance issues

Version 7.5.3

Bug fixes

  • XLINT-53 - Fix plugin to allow selecting non text variable
  • Fix override credentials
  • DEPL-11051 - Configure Release jobs of xld-jenkins and xlr-jenkins plugin on jenkins
  • DEPL-10994 - Edit XLR Jenkinsfile help text

Version 7.5.2

Bug fixes

  • XLINT-458 - Make secondary server available for triggering XLR tasks
  • REL-6772 - Change overrideCredentialId optional

Version 7.5.1


  • REL-6099 - Adding override credentials functionality in Jenkinsfile.

Version 7.5.0


  • REL-5850 - Allow user to override credentials in plugin.

Version 6.1.2


  • REL-4251 - Show deprecation warning in Jenkins Release plugin when the version parameter is used

Bug fixes

  • REL-4280 - Variable names set in Jenkins post-build action are overwritten by first variable in list
  • REL-4282 - Jenkins Release plugin 6.1.1 does not support Java 7

Version 6.1.1


  • REL-4105 - Rename the version parameter on the xldCreateRelease step to releaseTitle


  • Version 6.1.1 of the plugin is not compatible with Java 7. To use version 6.1.1, you must use Java 8. To use the plugin with Java 7, upgrade the plugin to version 6.1.2.
  • The version parameter is now deprecated.

Version 6.1.0


  • Support Jenkins Pipeline, which allows you to create a “pipeline as code” in a Jenkinsfile that can be checked into source control

Version 6.0.0


  • Support for Release 6.0.0 with folders
  • Variable names shown without ${ }

Version 5.0.0


  • REL-3468 - Support Jenkins credentials in Release plugin for Jenkins

Note: The Jenkins Credentials Plugin must be installed and enabled in Jenkins.