From 27f4a5508121db2678df38a19e2a0eb9821c2f3c Mon Sep 17 00:00:00 2001 From: jstastny-cz Date: Wed, 8 Nov 2023 08:45:05 +0100 Subject: [PATCH] kie-issues#727: define push GH tokens for jenkins --- .ci/jenkins/Jenkinsfile.deploy | 16 ++++++++----- .ci/jenkins/Jenkinsfile.promote | 24 +++++++++++-------- .ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr | 8 +++++-- .../Jenkinsfile.quarkus-3.rewrite.standalone | 8 +++++-- .ci/jenkins/Jenkinsfile.setup-branch | 12 ++++++---- .ci/jenkins/dsl/jobs.groovy | 17 +++++++------ 6 files changed, 54 insertions(+), 31 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index f646f168ff1..6aacba6e0f2 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -78,7 +78,7 @@ pipeline { script { dir(getRepoName()) { if (githubscm.isBranchExist('origin',getPRBranch())) { - githubscm.removeRemoteBranch('origin', getPRBranch()) + githubscm.removeRemoteBranch('origin', getPRBranch(), getGitAuthorPushCredsId()) } githubscm.createBranch(getPRBranch()) } @@ -228,7 +228,7 @@ void saveReports() { void checkoutRepo() { deleteDir() - checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false)) + checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId())) } void commitAndCreatePR() { @@ -236,8 +236,8 @@ void commitAndCreatePR() { def prBody = "Generated by build ${BUILD_TAG}: ${BUILD_URL}.\nPlease do not merge, it should be merged automatically." githubscm.commitChanges(commitMsg, { githubscm.findAndStageNotIgnoredFiles('pom.xml') }) - githubscm.pushObject('origin', getPRBranch(), getGitAuthorCredsID()) - deployProperties["${getRepoName()}.pr.link"] = githubscm.createPRWithLabels(commitMsg, prBody, getBuildBranch(), ['skip-ci'] as String[], getGitAuthorCredsID()) + githubscm.pushObject('origin', getPRBranch(), getGitAuthorPushCredsId()) + deployProperties["${getRepoName()}.pr.link"] = githubscm.createPRWithLabels(commitMsg, prBody, getBuildBranch(), ['skip-ci'] as String[], getGitAuthorCredsId()) } void sendNotification() { @@ -277,8 +277,12 @@ String getGitAuthor() { return "${GIT_AUTHOR}" } -String getGitAuthorCredsID() { - return env.AUTHOR_CREDS_ID +String getGitAuthorCredsId() { + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } String getBuildBranch() { diff --git a/.ci/jenkins/Jenkinsfile.promote b/.ci/jenkins/Jenkinsfile.promote index 8aaa4c2e7d5..f769035ac1b 100644 --- a/.ci/jenkins/Jenkinsfile.promote +++ b/.ci/jenkins/Jenkinsfile.promote @@ -57,11 +57,11 @@ pipeline { script { dir(getRepoName()) { checkoutRepo() - if(githubscm.isReleaseExist(getGitTag(), getGitAuthorCredsID())) { - githubscm.deleteRelease(getGitTag(), getGitAuthorCredsID()) + if(githubscm.isReleaseExist(getGitTag(), getGitAuthorCredsId())) { + githubscm.deleteRelease(getGitTag(), getGitAuthorCredsId()) } - githubscm.createReleaseWithGeneratedReleaseNotes(getGitTag(), getBuildBranch(), githubscm.getPreviousTagFromVersion(getGitTag()), getGitAuthorCredsID()) - githubscm.updateReleaseBody(getGitTag(), getGitAuthorCredsID()) + githubscm.createReleaseWithGeneratedReleaseNotes(getGitTag(), getBuildBranch(), githubscm.getPreviousTagFromVersion(getGitTag()), getGitAuthorCredsId()) + githubscm.updateReleaseBody(getGitTag(), getGitAuthorCredsId()) } } } @@ -158,8 +158,12 @@ String getGitAuthor() { return env.GIT_AUTHOR } -String getGitAuthorCredsID() { - return env.AUTHOR_CREDS_ID +String getGitAuthorCredsId() { + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } String getDeployPrLink() { @@ -172,20 +176,20 @@ String getDeployPrLink() { void checkoutRepo() { deleteDir() - checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false)) + checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${getBuildBranch()}" } void mergeAndPush(String prLink) { if (prLink) { - githubscm.mergePR(prLink, getGitAuthorCredsID()) - githubscm.pushObject('origin', getBuildBranch(), getGitAuthorCredsID()) + githubscm.mergePR(prLink, getGitAuthorCredsId()) + githubscm.pushObject('origin', getBuildBranch(), getGitAuthorPushCredsId()) } } void tagLatest() { if (getGitTag()) { - githubscm.tagLocalAndRemoteRepository('origin', getGitTag(), getGitAuthorCredsID(), env.BUILD_TAG, true) + githubscm.tagLocalAndRemoteRepository('origin', getGitTag(), getGitAuthorPushCredsId(), env.BUILD_TAG, true) } } diff --git a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr index bfcec397e15..0e91e5a8dc4 100644 --- a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr +++ b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr @@ -68,7 +68,7 @@ pipeline { steps { script { dir(getRepoName()) { - githubscm.pushObject('origin', changeBranch, getGitAuthorCredsId()) + githubscm.pushObject('origin', changeBranch, getGitAuthorPushCredsId()) } } } @@ -91,7 +91,11 @@ String getRepoName() { } String getGitAuthorCredsId() { - return env.AUTHOR_CREDS_ID + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } MavenCommand getMavenCommand() { diff --git a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone index 3875fbb125a..44ee7244847 100644 --- a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone +++ b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone @@ -85,7 +85,7 @@ pipeline { steps { script { dir(getRepoName()) { - githubscm.pushObject('origin', isPRSourceBranch() ? getBuildBranch() : getPRBranch(), getGitAuthorCredsId()) + githubscm.pushObject('origin', isPRSourceBranch() ? getBuildBranch() : getPRBranch(), getGitAuthorPushCredsId()) } } } @@ -167,7 +167,11 @@ boolean isPRSourceBranch() { } String getGitAuthorCredsId() { - return env.AUTHOR_CREDS_ID + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } String getPRBranch() { diff --git a/.ci/jenkins/Jenkinsfile.setup-branch b/.ci/jenkins/Jenkinsfile.setup-branch index 4e05e672473..f2ec2cc9544 100644 --- a/.ci/jenkins/Jenkinsfile.setup-branch +++ b/.ci/jenkins/Jenkinsfile.setup-branch @@ -93,7 +93,7 @@ pipeline { def commitMsg = "Update version to Kogito ${getKogitoVersion()} / Drools ${getDroolsVersion()}" githubscm.commitChanges(commitMsg, { githubscm.findAndStageNotIgnoredFiles('pom.xml') }) - githubscm.pushObject('origin', getBuildBranch(), getGitAuthorCredsID()) + githubscm.pushObject('origin', getBuildBranch(), getGitAuthorPushCredsId()) } else { println '[WARN] no changes to commit' } @@ -125,7 +125,7 @@ void sendNotification() { void checkoutRepo(String repository, String branch) { dir(repository) { deleteDir() - checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false)) + checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${branch}" } @@ -164,8 +164,12 @@ String getDroolsVersion() { return params.DROOLS_VERSION } -String getGitAuthorCredsID() { - return env.AUTHOR_CREDS_ID +String getGitAuthorCredsId() { + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } MavenCommand getMavenCommand(String directory) { diff --git a/.ci/jenkins/dsl/jobs.groovy b/.ci/jenkins/dsl/jobs.groovy index d8e97121b54..30d21901557 100644 --- a/.ci/jenkins/dsl/jobs.groovy +++ b/.ci/jenkins/dsl/jobs.groovy @@ -155,7 +155,8 @@ void createSetupBranchJob() { JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", @@ -182,8 +183,8 @@ void setupReleaseDeployJob() { JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", - GITHUB_TOKEN_CREDS_ID: "${GIT_AUTHOR_TOKEN_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}", @@ -225,8 +226,8 @@ void setupReleasePromoteJob() { GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", - GITHUB_TOKEN_CREDS_ID: "${GIT_AUTHOR_TOKEN_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}", @@ -265,7 +266,8 @@ void setupPrQuarkus3RewriteJob() { commitContext: 'Quarkus 3 rewrite', ]) jobParams.env.putAll([ - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", ]) KogitoJobTemplate.createPRJob(this, jobParams) @@ -276,7 +278,8 @@ void setupStandaloneQuarkus3RewriteJob() { jobParams.env.putAll(EnvUtils.getEnvironmentEnvVars(this, 'quarkus-3')) JobParamsUtils.setupJobParamsAgentDockerBuilderImageConfiguration(this, jobParams) jobParams.env.putAll([ - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", BASE_BRANCH: Utils.getGitBranch(this), BASE_AUTHOR: Utils.getGitAuthor(this),