From 2d0575609f6590598e5e192a6e4dee5fabaad7f3 Mon Sep 17 00:00:00 2001 From: Rodrigo Antunes Date: Thu, 20 Jun 2024 09:44:38 -0300 Subject: [PATCH 1/2] Replace explicit references to quay.io images across CI pipelines --- .ci/jenkins/dsl/jobs.groovy | 12 ++++++++---- .ci/jenkins/scripts/container.groovy | 10 +++++++--- .ci/jenkins/scripts/helper.groovy | 12 ++++++++++-- 3 files changed, 25 insertions(+), 9 deletions(-) diff --git a/.ci/jenkins/dsl/jobs.groovy b/.ci/jenkins/dsl/jobs.groovy index fa683e21e..b2d3de36b 100644 --- a/.ci/jenkins/dsl/jobs.groovy +++ b/.ci/jenkins/dsl/jobs.groovy @@ -112,7 +112,8 @@ void setupDeployJob(JobType jobType) { booleanParam('SKIP_TESTS', false, 'Skip tests') // Deploy information - stringParam('IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Image registry credentials to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Image registry user credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Image registry token credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') stringParam('IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Image registry to use to deploy images') stringParam('IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Image namespace to use to deploy images') stringParam('IMAGE_NAME_SUFFIX', '', 'Image name suffix to use to deploy images. In case you need to change the final image name, you can add a suffix to it.') @@ -153,14 +154,16 @@ void setupPromoteJob(JobType jobType) { stringParam('DEPLOY_BUILD_URL', '', 'URL to jenkins deploy build to retrieve the `deployment.properties` file. If base parameters are defined, they will override the `deployment.properties` information') // Base information which can override `deployment.properties` - stringParam('BASE_IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Override `deployment.properties`. Base Image registry credentials to use to deploy images. Will be ignored if no BASE_IMAGE_REGISTRY is given') + stringParam('BASE_IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Override `deployment.properties`. Base Image registry user credentials id to use to deploy images. Will be ignored if no BASE_IMAGE_REGISTRY is given') + stringParam('BASE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Override `deployment.properties`. Base Image registry token credentials id to use to deploy images. Will be ignored if no BASE_IMAGE_REGISTRY is given') stringParam('BASE_IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Override `deployment.properties`. Base image registry') stringParam('BASE_IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Override `deployment.properties`. Base image namespace') stringParam('BASE_IMAGE_NAME_SUFFIX', '', 'Override `deployment.properties`. Base image name suffix') stringParam('BASE_IMAGE_TAG', '', 'Override `deployment.properties`. Base image tag') // Promote information - stringParam('PROMOTE_IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Promote Image registry credentials to use to deploy images. Will be ignored if no PROMOTE_IMAGE_REGISTRY is given') + stringParam('PROMOTE_IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Promote Image registry user credentials id to use to deploy images. Will be ignored if no PROMOTE_IMAGE_REGISTRY is given') + stringParam('PROMOTE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Promote Image registry token credentials id to use to deploy images. Will be ignored if no PROMOTE_IMAGE_REGISTRY is given') stringParam('PROMOTE_IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Promote image registry') stringParam('PROMOTE_IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Promote image namespace') stringParam('PROMOTE_IMAGE_NAME_SUFFIX', '', 'Promote image name suffix') @@ -227,7 +230,8 @@ void setupWeeklyDeployJob(JobType jobType) { booleanParam('SKIP_TESTS', false, 'Skip tests') // Deploy information - stringParam('IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Image registry credentials to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Image registry user credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Image registry token credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') stringParam('IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Image registry to use to deploy images') stringParam('IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Image namespace to use to deploy images') booleanParam('DEPLOY_WITH_LATEST_TAG', false, 'Set to true if you want the deployed images to also be with the `weekly-latest` tag') diff --git a/.ci/jenkins/scripts/container.groovy b/.ci/jenkins/scripts/container.groovy index 29248d0dd..c4b6e6a36 100644 --- a/.ci/jenkins/scripts/container.groovy +++ b/.ci/jenkins/scripts/container.groovy @@ -37,9 +37,13 @@ void pushImage(String image) { } } -void loginContainerRegistry(String registry, String credsId) { - withCredentials([usernamePassword(credentialsId: credsId, usernameVariable: 'REGISTRY_USER', passwordVariable: 'REGISTRY_PWD')]) { - sh "${containerEngine} login ${containerEngineTlsOptions} -u ${REGISTRY_USER} -p ${REGISTRY_PWD} ${registry}" +void loginContainerRegistry(String registry, String userCredsId, String tokenCredsId) { + withCredentials([string(credentialsId: userCredsId, variable: 'REGISTRY_USER')]) { + withCredentials([string(credentialsId: tokenCredsId, variable: 'REGISTRY_TOKEN')]) { + sh """ + echo "${REGISTRY_TOKEN}" | ${containerEngine} login -u "${REGISTRY_USER}" --password-stdin ${containerEngineTlsOptions} ${registry} + """.trim() + } } } diff --git a/.ci/jenkins/scripts/helper.groovy b/.ci/jenkins/scripts/helper.groovy index 85326e70e..94110cda3 100644 --- a/.ci/jenkins/scripts/helper.groovy +++ b/.ci/jenkins/scripts/helper.groovy @@ -66,8 +66,8 @@ void checkoutRepo(String repoName = '', String directory = '') { void loginRegistry(String paramsPrefix = defaultImageParamsPrefix) { if (isImageInOpenshiftRegistry(paramsPrefix)) { container.loginOpenshiftRegistry() - } else if (getImageRegistryCredentials(paramsPrefix)) { - container.loginContainerRegistry(getImageRegistry(paramsPrefix), getImageRegistryCredentials(paramsPrefix)) + } else if (getImageRegistryUserCredentialsId(paramsPrefix) && getImageRegistryTokenCredentialsId(paramsPrefix)) { + container.loginContainerRegistry(getImageRegistry(paramsPrefix), getImageRegistryUserCredentialsId(paramsPrefix), getImageRegistryTokenCredentialsId(paramsPrefix)) } } @@ -126,6 +126,14 @@ boolean isImageInOpenshiftRegistry(String paramsPrefix = defaultImageParamsPrefi return params[constructKey(paramsPrefix, 'USE_OPENSHIFT_REGISTRY')] } +String getImageRegistryUserCredentialsId(String paramsPrefix = defaultImageParamsPrefix) { + return params[constructKey(paramsPrefix, 'IMAGE_REGISTRY_USER_CREDENTIALS_ID')] +} + +String getImageRegistryTokenCredentialsId(String paramsPrefix = defaultImageParamsPrefix) { + return params[constructKey(paramsPrefix, 'IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID')] +} + String getImageRegistryCredentials(String paramsPrefix = defaultImageParamsPrefix) { return isImageInOpenshiftRegistry(paramsPrefix) ? '' : params[constructKey(paramsPrefix, 'REGISTRY_CREDENTIALS')] } From a1228aff62c1290618ff96ad5dff83618c869e48 Mon Sep 17 00:00:00 2001 From: Rodrigo Antunes Date: Thu, 20 Jun 2024 09:50:57 -0300 Subject: [PATCH 2/2] Fix ci wrong references --- .github/workflows/jenkins-tests-PR.yml | 2 +- .github/workflows/pr-backporting.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/jenkins-tests-PR.yml b/.github/workflows/jenkins-tests-PR.yml index 324a2deb1..d9bb4083b 100644 --- a/.github/workflows/jenkins-tests-PR.yml +++ b/.github/workflows/jenkins-tests-PR.yml @@ -15,7 +15,7 @@ jobs: runs-on: ubuntu-latest steps: - name: DSL tests - uses: kiegroup/kie-ci/.ci/actions/dsl-tests@main + uses: apache/incubator-kie-kogito-pipelines/.ci/actions/dsl-tests@main with: main-config-file-repo: apache/incubator-kie-kogito-pipelines main-config-file-path: .ci/jenkins/config/main.yaml diff --git a/.github/workflows/pr-backporting.yml b/.github/workflows/pr-backporting.yml index ae52e051d..e70052457 100644 --- a/.github/workflows/pr-backporting.yml +++ b/.github/workflows/pr-backporting.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Set target branches id: set-targets - uses: kiegroup/kie-ci/.ci/actions/parse-labels@main + uses: apache/incubator-kie-kogito-pipelines/.ci/actions/parse-labels@main with: labels: ${LABELS} @@ -34,7 +34,7 @@ jobs: REVIEWERS: ${{ toJSON(github.event.pull_request.requested_reviewers) }} steps: - name: Backporting - uses: kiegroup/kie-ci/.ci/actions/backporting@main + uses: apache/incubator-kie-kogito-pipelines/.ci/actions/backporting@main with: target-branch: ${{ matrix.target-branch }} additional-reviewers: ${REVIEWERS} \ No newline at end of file