From: beierlm Date: Fri, 17 Jun 2022 17:18:17 +0000 (+0000) Subject: Bug 2082: Store Snapcraft Crdentials as Secret X-Git-Tag: v10.1.2~4 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=5a2df1a785904b5eb52118a6388bf40767601278;p=osm%2Fdevops.git Bug 2082: Store Snapcraft Crdentials as Secret Changes the credendtials used for the snapstore from being in a file in jenkins' home directory to being a secret stored in the Jenkins server itself. Fixes bug 2082 Change-Id: Icb78ac46c83bdab1176c9316482f713f7bd89e4b Signed-off-by: beierlm --- diff --git a/jenkins/ci-pipelines/ci_stage_2.groovy b/jenkins/ci-pipelines/ci_stage_2.groovy index d17d7155..f987136a 100644 --- a/jenkins/ci-pipelines/ci_stage_2.groovy +++ b/jenkins/ci-pipelines/ci_stage_2.groovy @@ -100,28 +100,27 @@ def ci_pipeline(mdg,url_prefix,project,branch,refspec,revision,do_stage_3,artifa if (fileExists('snap/snapcraft.yaml')) { stage('Snap build') { - sh "docker pull snapcore/snapcraft:stable" - sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/ ${WORKSPACE}/*.snap" - sh "sudo snapcraft clean --use-lxd" - sh "snapcraft --use-lxd" - sh "mv ${WORKSPACE}/${mdg}_*.snap ${WORKSPACE}/${mdg}.snap" - sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/" - - REV="" - if ( !JOB_NAME.contains('merge') ) { - REV="/"+"${GERRIT_REFSPEC}".replaceAll('/','-') + withCredentials([string(credentialsId: 'Snapstore', variable: 'SNAPCRAFT_STORE_CREDENTIALS')]) { + sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/ ${WORKSPACE}/*.snap" + sh "sudo snapcraft clean --use-lxd" + sh "snapcraft --use-lxd" + sh "mv ${WORKSPACE}/${mdg}_*.snap ${WORKSPACE}/${mdg}.snap" + sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/" + + REV="" + if ( !JOB_NAME.contains('merge') ) { + REV="/"+"${GERRIT_REFSPEC}".replaceAll('/','-') + } + channel="latest" + if (BRANCH_NAME.startsWith("v")) { + channel=BRANCH_NAME.substring(1) + } else if (BRANCH_NAME!="master") { + REV="/"+BRANCH_NAME+REV.replaceAll('/','-') + } + + sh "snapcraft push --release=${channel}/edge${REV} ${mdg}.snap" + sh "sudo rm -rf ${WORKSPACE}/*.snap" } - channel="latest" - if (BRANCH_NAME.startsWith("v")) { - channel=BRANCH_NAME.substring(1) - } else if (BRANCH_NAME!="master") { - REV="/"+BRANCH_NAME+REV.replaceAll('/','-') - } - - sh "sudo docker run -v ~/.snapcraft:/snapcraft -v ${WORKSPACE}:/build " + - "-w /build snapcore/snapcraft:stable /bin/bash -c " + - "\"snapcraft login --with /snapcraft/config ; snapcraft push --release=${channel}/edge${REV} ${mdg}.snap\"" - sh "sudo rm -rf ${WORKSPACE}/*.snap" } } diff --git a/jenkins/ci-pipelines/ci_stage_3.groovy b/jenkins/ci-pipelines/ci_stage_3.groovy index 801ddbb0..eb5bd138 100644 --- a/jenkins/ci-pipelines/ci_stage_3.groovy +++ b/jenkins/ci-pipelines/ci_stage_3.groovy @@ -611,31 +611,32 @@ EOF""" parallel parallelSteps } - stage("Snap promotion") { - def snaps = ["osmclient"] - sh "snapcraft login --with ~/.snapcraft/config" - for (snap in snaps) { - channel="latest/" - if (BRANCH_NAME.startsWith("v")) { - channel=BRANCH_NAME.substring(1)+"/" - } else if (BRANCH_NAME!="master") { - channel+="/"+BRANCH_NAME.replaceAll('/','-') - } - track=channel+"edge\\*" - edge_rev=sh(returnStdout: true, - script: "snapcraft revisions $snap | " + - "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() - print "edge rev is $edge_rev" - track=channel+"beta\\*" - beta_rev=sh(returnStdout: true, - script: "snapcraft revisions $snap | " + - "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() - print "beta rev is $beta_rev" - - if ( edge_rev != beta_rev ) { - print "Promoting $edge_rev to beta in place of $beta_rev" - beta_track=channel+"beta" - sh "snapcraft release $snap $edge_rev $beta_track" + stage('Snap promotion') { + withCredentials([string(credentialsId: 'Snapstore', variable: 'SNAPCRAFT_STORE_CREDENTIALS')]) { + snaps = ['osmclient'] + for (snap in snaps) { + channel = 'latest/' + if (BRANCH_NAME.startsWith('v')) { + channel = BRANCH_NAME.substring(1) + '/' + } else if (BRANCH_NAME != 'master') { + channel += '/' + BRANCH_NAME.replaceAll('/', '-') + } + track = channel + 'edge\\*' + edge_rev = sh(returnStdout: true, + script: "snapcraft revisions $snap | " + + "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() + print "edge rev is $edge_rev" + track = channel + 'beta\\*' + beta_rev = sh(returnStdout: true, + script: "snapcraft revisions $snap | " + + "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() + print "beta rev is $beta_rev" + + if (edge_rev != beta_rev) { + print "Promoting $edge_rev to beta in place of $beta_rev" + beta_track = channel + 'beta' + sh "snapcraft release $snap $edge_rev $beta_track" + } } } } // stage("Snap promotion")