Bug 2081: Store Snapcraft Crdentials as Secret 15/12215/1
authorbeierlm <mark.beierl@canonical.com>
Fri, 17 Jun 2022 17:18:17 +0000 (17:18 +0000)
committerbeierlm <mark.beierl@canonical.com>
Fri, 17 Jun 2022 17:20:58 +0000 (19:20 +0200)
Changes the credendtials used for the snapstore from being in a
file in jenkins' home directory to being a secret stored in
the Jenkins server itself.

Fixes bug 2081

Change-Id: Icb78ac46c83bdab1176c9316482f713f7bd89e4b
Signed-off-by: beierlm <mark.beierl@canonical.com>
jenkins/ci-pipelines/ci_stage_2.groovy
jenkins/ci-pipelines/ci_stage_3.groovy

index 72318f9..56972e5 100644 (file)
@@ -86,28 +86,27 @@ def ci_pipeline(mdg,url_prefix,project,branch,refspec,revision,do_stage_3,artifa
 
     if (fileExists('snap/snapcraft.yaml')) {
         stage('Snap build') {
-            sh "docker pull snapcore/snapcraft:stable"
-            sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/ ${WORKSPACE}/*.snap"
-            sh "sudo snapcraft clean --use-lxd"
-            sh "snapcraft --use-lxd"
-            sh "mv ${WORKSPACE}/${mdg}_*.snap ${WORKSPACE}/${mdg}.snap"
-            sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/"
+            withCredentials([string(credentialsId: 'Snapstore', variable: 'SNAPCRAFT_STORE_CREDENTIALS')]) {
+                sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/ ${WORKSPACE}/*.snap"
+                sh "sudo snapcraft clean --use-lxd"
+                sh "snapcraft --use-lxd"
+                sh "mv ${WORKSPACE}/${mdg}_*.snap ${WORKSPACE}/${mdg}.snap"
+                sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/"
 
-            REV=""
-            if ( !JOB_NAME.contains('merge') ) {
-                REV="/"+"${GERRIT_REFSPEC}".replaceAll('/','-')
-            }
-            channel="latest"
-            if (BRANCH_NAME.startsWith("v")) {
-                channel=BRANCH_NAME.substring(1)
-            } else if (BRANCH_NAME!="master") {
-                REV="/"+BRANCH_NAME+REV.replaceAll('/','-')
-            }
+                REV=""
+                if ( !JOB_NAME.contains('merge') ) {
+                    REV="/"+"${GERRIT_REFSPEC}".replaceAll('/','-')
+                }
+                channel="latest"
+                if (BRANCH_NAME.startsWith("v")) {
+                    channel=BRANCH_NAME.substring(1)
+                } else if (BRANCH_NAME!="master") {
+                    REV="/"+BRANCH_NAME+REV.replaceAll('/','-')
+                }
 
-            sh "sudo docker run -v ~/.snapcraft:/snapcraft -v ${WORKSPACE}:/build " +
-                "-w /build snapcore/snapcraft:stable /bin/bash -c " +
-                "\"snapcraft login --with /snapcraft/config ; snapcraft push --release=${channel}/edge${REV} ${mdg}.snap\""
-            sh "sudo rm -rf ${WORKSPACE}/*.snap"
+                sh "snapcraft push --release=${channel}/edge${REV} ${mdg}.snap"
+                sh "sudo rm -rf ${WORKSPACE}/*.snap"
+            }
         }
     }
 
index 22e7d72..c669eee 100644 (file)
@@ -642,30 +642,31 @@ EOF"""
                         }
 
                         stage('Snap promotion') {
-                            snaps = ['osmclient']
-                            sh 'snapcraft login --with ~/.snapcraft/config'
-                            for (snap in snaps) {
-                                channel = 'latest/'
-                                if (BRANCH_NAME.startsWith('v')) {
-                                    channel = BRANCH_NAME.substring(1) + '/'
-                                } else if (BRANCH_NAME != 'master') {
-                                    channel += '/' + BRANCH_NAME.replaceAll('/', '-')
-                                }
-                                track = channel + 'edge\\*'
-                                edge_rev = sh(returnStdout: true,
-                                    script: "snapcraft revisions $snap | " +
-                                    "grep \"$track\" | tail -1 | awk '{print \$1}'").trim()
-                                print "edge rev is $edge_rev"
-                                track = channel + 'beta\\*'
-                                beta_rev = sh(returnStdout: true,
-                                    script: "snapcraft revisions $snap | " +
-                                    "grep \"$track\" | tail -1 | awk '{print \$1}'").trim()
-                                print "beta rev is $beta_rev"
-
-                                if (edge_rev != beta_rev) {
-                                    print "Promoting $edge_rev to beta in place of $beta_rev"
-                                    beta_track = channel + 'beta'
-                                    sh "snapcraft release $snap $edge_rev $beta_track"
+                            withCredentials([string(credentialsId: 'Snapstore', variable: 'SNAPCRAFT_STORE_CREDENTIALS')]) {
+                                snaps = ['osmclient']
+                                for (snap in snaps) {
+                                    channel = 'latest/'
+                                    if (BRANCH_NAME.startsWith('v')) {
+                                        channel = BRANCH_NAME.substring(1) + '/'
+                                    } else if (BRANCH_NAME != 'master') {
+                                        channel += '/' + BRANCH_NAME.replaceAll('/', '-')
+                                    }
+                                    track = channel + 'edge\\*'
+                                    edge_rev = sh(returnStdout: true,
+                                        script: "snapcraft revisions $snap | " +
+                                        "grep \"$track\" | tail -1 | awk '{print \$1}'").trim()
+                                    print "edge rev is $edge_rev"
+                                    track = channel + 'beta\\*'
+                                    beta_rev = sh(returnStdout: true,
+                                        script: "snapcraft revisions $snap | " +
+                                        "grep \"$track\" | tail -1 | awk '{print \$1}'").trim()
+                                    print "beta rev is $beta_rev"
+
+                                    if (edge_rev != beta_rev) {
+                                        print "Promoting $edge_rev to beta in place of $beta_rev"
+                                        beta_track = channel + 'beta'
+                                        sh "snapcraft release $snap $edge_rev $beta_track"
+                                    }
                                 }
                             }
                         } // stage('Snap promotion')