ci: use the credentials-binding plugin for the GitHub API Token

The standard credentials() function does not seem to do what we need. So
use the credentials-binding Jenkins plugin instead.

See-also: https://www.jenkins.io/doc/pipeline/steps/credentials-binding/
Signed-off-by: Niels de Vos <ndevos@redhat.com>
This commit is contained in:
Niels de Vos 2020-10-19 12:52:16 +02:00 committed by mergify[bot]
parent a6ca8e31dc
commit ed671ec207
3 changed files with 63 additions and 69 deletions

View File

@ -16,11 +16,6 @@ def ssh(cmd) {
sh "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@${CICO_NODE} \"${cmd}\"" sh "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@${CICO_NODE} \"${cmd}\""
} }
environment {
// "github-api-token" is a secret text credential configured in Jenkins
GITHUB_API_TOKEN = credentials("github-api-token")
}
node('cico-workspace') { node('cico-workspace') {
stage('checkout ci repository') { stage('checkout ci repository') {
git url: "${ci_git_repo}", git url: "${ci_git_repo}",
@ -28,27 +23,30 @@ node('cico-workspace') {
changelog: false changelog: false
} }
stage('skip ci/skip/e2e label') { // "github-api-token" is a secret text credential configured in Jenkins
if (params.ghprbPullId == null) { withCredentials([string(credentialsId: 'github-api-token', variable: 'GITHUB_API_TOKEN')]) {
skip_e2e = 1 stage('skip ci/skip/e2e label') {
if (params.ghprbPullId == null) {
skip_e2e = 1
return
}
skip_e2e = sh(
script: "./scripts/get_github_labels.py --id=${ghprbPullId} --has-label=ci/skip/e2e",
returnStatus: true)
}
// if skip_e2e returned 0, do not run full tests
if (skip_e2e == 0) {
currentBuild.result = 'SUCCESS'
return return
} }
skip_e2e = sh( stage("detect k8s-${k8s_version} patch release") {
script: "./scripts/get_github_labels.py --id=${ghprbPullId} --has-label=ci/skip/e2e", k8s_release = sh(
returnStatus: true) script: "./scripts/get_patch_release.py --version=${k8s_version}",
} returnStdout: true).trim()
// if skip_e2e returned 0, do not run full tests echo "detected Kubernetes patch release: ${k8s_release}"
if (skip_e2e == 0) { }
currentBuild.result = 'SUCCESS'
return
}
stage("detect k8s-${k8s_version} patch release") {
k8s_release = sh(
script: "./scripts/get_patch_release.py --version=${k8s_version}",
returnStdout: true).trim()
echo "detected Kubernetes patch release: ${k8s_release}"
} }
stage('checkout PR') { stage('checkout PR') {

View File

@ -13,11 +13,6 @@ def ssh(cmd) {
sh "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@${CICO_NODE} '${cmd}'" sh "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@${CICO_NODE} '${cmd}'"
} }
environment {
// "github-api-token" is a secret text credential configured in Jenkins
GITHUB_API_TOKEN = credentials("github-api-token")
}
node('cico-workspace') { node('cico-workspace') {
stage('checkout ci repository') { stage('checkout ci repository') {
git url: "${ci_git_repo}", git url: "${ci_git_repo}",
@ -25,27 +20,30 @@ node('cico-workspace') {
changelog: false changelog: false
} }
stage('skip ci/skip/e2e label') { // "github-api-token" is a secret text credential configured in Jenkins
if (params.ghprbPullId == null) { withCredentials([string(credentialsId: 'github-api-token', variable: 'GITHUB_API_TOKEN')]) {
skip_e2e = 1 stage('skip ci/skip/e2e label') {
if (params.ghprbPullId == null) {
skip_e2e = 1
return
}
skip_e2e = sh(
script: "./scripts/get_github_labels.py --id=${ghprbPullId} --has-label=ci/skip/e2e",
returnStatus: true)
}
// if skip_e2e returned 0, do not run full tests
if (skip_e2e == 0) {
currentBuild.result = 'SUCCESS'
return return
} }
skip_e2e = sh( stage("detect k8s-${k8s_version} patch release") {
script: "./scripts/get_github_labels.py --id=${ghprbPullId} --has-label=ci/skip/e2e", k8s_release = sh(
returnStatus: true) script: "./scripts/get_patch_release.py --version=${k8s_version}",
} returnStdout: true).trim()
// if skip_e2e returned 0, do not run full tests echo "detected Kubernetes patch release: ${k8s_release}"
if (skip_e2e == 0) { }
currentBuild.result = 'SUCCESS'
return
}
stage("detect k8s-${k8s_version} patch release") {
k8s_release = sh(
script: "./scripts/get_patch_release.py --version=${k8s_version}",
returnStdout: true).trim()
echo "detected Kubernetes patch release: ${k8s_release}"
} }
stage('checkout PR') { stage('checkout PR') {

View File

@ -14,38 +14,36 @@ def ssh(cmd) {
} }
node('cico-workspace') { node('cico-workspace') {
environment {
// "github-api-token" is a secret text credential configured in Jenkins
GITHUB_API_TOKEN = credentials("github-api-token")
}
stage('checkout ci repository') { stage('checkout ci repository') {
git url: "${ci_git_repo}", git url: "${ci_git_repo}",
branch: "${ci_git_branch}", branch: "${ci_git_branch}",
changelog: false changelog: false
} }
stage('skip ci/skip/e2e label') { // "github-api-token" is a secret text credential configured in Jenkins
if (params.ghprbPullId == null) { withCredentials([string(credentialsId: 'github-api-token', variable: 'GITHUB_API_TOKEN')]) {
skip_e2e = 1 stage('skip ci/skip/e2e label') {
if (params.ghprbPullId == null) {
skip_e2e = 1
return
}
skip_e2e = sh(
script: "./scripts/get_github_labels.py --id=${ghprbPullId} --has-label=ci/skip/e2e",
returnStatus: true)
}
// if skip_e2e returned 0, do not run full tests
if (skip_e2e == 0) {
currentBuild.result = 'SUCCESS'
return return
} }
skip_e2e = sh( stage("detect k8s-${k8s_version} patch release") {
script: "./scripts/get_github_labels.py --id=${ghprbPullId} --has-label=ci/skip/e2e", k8s_release = sh(
returnStatus: true) script: "./scripts/get_patch_release.py --version=${k8s_version}",
} returnStdout: true).trim()
// if skip_e2e returned 0, do not run full tests echo "detected Kubernetes patch release: ${k8s_release}"
if (skip_e2e == 0) { }
currentBuild.result = 'SUCCESS'
return
}
stage("detect k8s-${k8s_version} patch release") {
k8s_release = sh(
script: "./scripts/get_patch_release.py --version=${k8s_version}",
returnStdout: true).trim()
echo "detected Kubernetes patch release: ${k8s_release}"
} }
stage('checkout PR') { stage('checkout PR') {