ci: do not use Groovy string interpolation for credentials

Jenkins warns in the output of CI jobs about the following: Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure. Affected argument(s) used the following variable(s): [CREDS_PASSWD, CREDS_USER] See https://jenkins.io/redirect/groovy-string-interpolation for details. Variable with 'single quotes' and without the {curly brackets} are expecred to not be affected. There is some indirection in the strings passed to the `sh` function, so this approach might not fix it? Signed-off-by: Niels de Vos <ndevos@redhat.com>
2025-06-13 18:43:34 +00:00 · 2021-07-14 15:24:01 +02:00
parent b4fcd2b585
commit aca3745e24
6 changed files with 28 additions and 9 deletions
--- a/mini-e2e-helm.groovy
+++ b/mini-e2e-helm.groovy
@ -122,7 +122,7 @@ node('cico-workspace') {
 			def d_io_regex = ~"^docker.io/"

 			withCredentials([usernamePassword(credentialsId: 'container-registry-auth', usernameVariable: 'CREDS_USER', passwordVariable: 'CREDS_PASSWD')]) {
-				podman_login(ci_registry, "${CREDS_USER}", "${CREDS_PASSWD}")
+				podman_login(ci_registry, '$CREDS_USER', '$CREDS_PASSWD')
 			}

 			// base_image is like ceph/ceph:v15 or docker.io/ceph/ceph:v15, strip "docker.io/"