From 60fbb95e099692f52594cf7af053b276a4731700 Mon Sep 17 00:00:00 2001 From: beierlm Date: Fri, 17 Jun 2022 17:18:17 +0000 Subject: [PATCH] Bug 2080: Store Snapcraft Crdentials as Secret Changes the credendtials used for the snapstore from being in a file in jenkins' home directory to being a secret stored in the Jenkins server itself. Fixes bug 2080 Change-Id: Icb78ac46c83bdab1176c9316482f713f7bd89e4b Signed-off-by: beierlm --- jenkins/ci-pipelines/ci_stage_2.groovy | 39 ++++++++++---------- jenkins/ci-pipelines/ci_stage_3.groovy | 49 +++++++++++++------------- 2 files changed, 44 insertions(+), 44 deletions(-) diff --git a/jenkins/ci-pipelines/ci_stage_2.groovy b/jenkins/ci-pipelines/ci_stage_2.groovy index d0a4fe1f..99d07566 100644 --- a/jenkins/ci-pipelines/ci_stage_2.groovy +++ b/jenkins/ci-pipelines/ci_stage_2.groovy @@ -87,28 +87,27 @@ def ci_pipeline(mdg,url_prefix,project,branch,refspec,revision,do_stage_3,artifa if (fileExists('snap/snapcraft.yaml')) { stage('Snap build') { - sh "docker pull snapcore/snapcraft:stable" - sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/ ${WORKSPACE}/*.snap" - sh "sudo snapcraft clean --use-lxd" - sh "snapcraft --use-lxd" - sh "mv ${WORKSPACE}/${mdg}_*.snap ${WORKSPACE}/${mdg}.snap" - sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/" + withCredentials([string(credentialsId: 'Snapstore', variable: 'SNAPCRAFT_STORE_CREDENTIALS')]) { + sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/ ${WORKSPACE}/*.snap" + sh "sudo snapcraft clean --use-lxd" + sh "snapcraft --use-lxd" + sh "mv ${WORKSPACE}/${mdg}_*.snap ${WORKSPACE}/${mdg}.snap" + sh "sudo rm -rf ${WORKSPACE}/stage/ ${WORKSPACE}/parts/ ${WORKSPACE}/prime/" - REV="" - if ( !JOB_NAME.contains('merge') ) { - REV="/"+"${GERRIT_REFSPEC}".replaceAll('/','-') - } - channel="latest" - if (BRANCH_NAME.startsWith("v")) { - channel=BRANCH_NAME.substring(1) - } else if (BRANCH_NAME!="master") { - REV="/"+BRANCH_NAME+REV.replaceAll('/','-') - } + REV="" + if ( !JOB_NAME.contains('merge') ) { + REV="/"+"${GERRIT_REFSPEC}".replaceAll('/','-') + } + channel="latest" + if (BRANCH_NAME.startsWith("v")) { + channel=BRANCH_NAME.substring(1) + } else if (BRANCH_NAME!="master") { + REV="/"+BRANCH_NAME+REV.replaceAll('/','-') + } - sh "sudo docker run -v ~/.snapcraft:/snapcraft -v ${WORKSPACE}:/build " + - "-w /build snapcore/snapcraft:stable /bin/bash -c " + - "\"snapcraft login --with /snapcraft/config ; snapcraft push --release=${channel}/edge${REV} ${mdg}.snap\"" - sh "sudo rm -rf ${WORKSPACE}/*.snap" + sh "snapcraft push --release=${channel}/edge${REV} ${mdg}.snap" + sh "sudo rm -rf ${WORKSPACE}/*.snap" + } } } diff --git a/jenkins/ci-pipelines/ci_stage_3.groovy b/jenkins/ci-pipelines/ci_stage_3.groovy index 5f8369ea..4fea5919 100644 --- a/jenkins/ci-pipelines/ci_stage_3.groovy +++ b/jenkins/ci-pipelines/ci_stage_3.groovy @@ -647,30 +647,31 @@ EOF""" } stage('Snap promotion') { - snaps = ['osmclient'] - sh 'snapcraft login --with ~/.snapcraft/config' - for (snap in snaps) { - channel = 'latest/' - if (BRANCH_NAME.startsWith('v')) { - channel = BRANCH_NAME.substring(1) + '/' - } else if (BRANCH_NAME != 'master') { - channel += '/' + BRANCH_NAME.replaceAll('/', '-') - } - track = channel + 'edge\\*' - edge_rev = sh(returnStdout: true, - script: "snapcraft revisions $snap | " + - "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() - print "edge rev is $edge_rev" - track = channel + 'beta\\*' - beta_rev = sh(returnStdout: true, - script: "snapcraft revisions $snap | " + - "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() - print "beta rev is $beta_rev" - - if (edge_rev != beta_rev) { - print "Promoting $edge_rev to beta in place of $beta_rev" - beta_track = channel + 'beta' - sh "snapcraft release $snap $edge_rev $beta_track" + withCredentials([string(credentialsId: 'Snapstore', variable: 'SNAPCRAFT_STORE_CREDENTIALS')]) { + snaps = ['osmclient'] + for (snap in snaps) { + channel = 'latest/' + if (BRANCH_NAME.startsWith('v')) { + channel = BRANCH_NAME.substring(1) + '/' + } else if (BRANCH_NAME != 'master') { + channel += '/' + BRANCH_NAME.replaceAll('/', '-') + } + track = channel + 'edge\\*' + edge_rev = sh(returnStdout: true, + script: "snapcraft revisions $snap | " + + "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() + print "edge rev is $edge_rev" + track = channel + 'beta\\*' + beta_rev = sh(returnStdout: true, + script: "snapcraft revisions $snap | " + + "grep \"$track\" | tail -1 | awk '{print \$1}'").trim() + print "beta rev is $beta_rev" + + if (edge_rev != beta_rev) { + print "Promoting $edge_rev to beta in place of $beta_rev" + beta_track = channel + 'beta' + sh "snapcraft release $snap $edge_rev $beta_track" + } } } } // stage('Snap promotion') -- 2.17.1