From f94679ca6b8aa5f4257140b21cfd42fd3ff84e61 Mon Sep 17 00:00:00 2001
From: jstastny-cz <jan.stastny@ibm.com>
Date: Thu, 20 Jun 2024 10:48:16 +0200
Subject: [PATCH] NO-ISSUE: fix buildchain for native build

---
 dsl/seed/jenkinsfiles/Jenkinsfile.buildchain | 17 +++++++++++------
 1 file changed, 11 insertions(+), 6 deletions(-)

diff --git a/dsl/seed/jenkinsfiles/Jenkinsfile.buildchain b/dsl/seed/jenkinsfiles/Jenkinsfile.buildchain
index e8a9b3c49..54918b58b 100644
--- a/dsl/seed/jenkinsfiles/Jenkinsfile.buildchain
+++ b/dsl/seed/jenkinsfiles/Jenkinsfile.buildchain
@@ -101,12 +101,7 @@ pipeline {
                         script {
                             env.BUILD_MVN_OPTS_CURRENT = "${env.BUILD_MVN_OPTS_CURRENT ?: ''} ${getBuildMavenOptsCurrent()}"
                             echo "BUILD_MVN_OPTS_CURRENT = ${BUILD_MVN_OPTS_CURRENT}"
-                            withCredentials([usernamePassword(credentialsId: mavenDeployRepositoryCredsId, usernameVariable: 'REPOSITORY_USER', passwordVariable: 'REPOSITORY_TOKEN')]) {
-                                if (mavenDeployArtifacts) {
-                                    env.DEPLOY_MVN_OPTS = "${env.DEPLOY_MVN_OPTS ?: ''} -DdeployAtEnd -Dapache.repository.username=${REPOSITORY_USER} -Dapache.repository.password=${REPOSITORY_TOKEN} -DretryFailedDeploymentCount=5"
-                                    echo "DEPLOY_MVN_OPTS = ${DEPLOY_MVN_OPTS}"
-                                }
-
+                            Closure buildchainCommandClosure = {
                                 configFileProvider([configFile(fileId: settingsXmlId, variable: 'MAVEN_SETTINGS_FILE')]) {
                                     withCredentials([string(credentialsId: "${BUILDCHAIN_CONFIG_GIT_TOKEN_CREDENTIALS_ID}", variable: 'GITHUB_TOKEN')]) {
                                         env.BUILD_MVN_OPTS = "${env.BUILD_MVN_OPTS ?: ''} -s ${MAVEN_SETTINGS_FILE} -Dmaven.wagon.http.ssl.insecure=true -Dmaven.test.failure.ignore=true"
@@ -116,6 +111,16 @@ pipeline {
                                     }
                                 }
                             }
+                            if (mavenDeployArtifacts) {
+                                withCredentials([usernamePassword(credentialsId: mavenDeployRepositoryCredsId, usernameVariable: 'REPOSITORY_USER', passwordVariable: 'REPOSITORY_TOKEN')]) {
+                                    env.DEPLOY_MVN_OPTS = "${env.DEPLOY_MVN_OPTS ?: ''} -DdeployAtEnd -Dapache.repository.username=${REPOSITORY_USER} -Dapache.repository.password=${REPOSITORY_TOKEN} -DretryFailedDeploymentCount=5"
+                                    echo "DEPLOY_MVN_OPTS = ${DEPLOY_MVN_OPTS}"
+                                    // for buildchain not to leak credentials this needs to stay in withCredentials scope
+                                    buildchainCommandClosure()
+                                }
+                            } else {
+                                buildchainCommandClosure()
+                            }
                         }
                     }
                     post {