Jenkins: получить пароль из Credentials Binding Plugin

By | 04/25/2018
 

Задача – добавить и запушить тег после билда, используя логин:пароль репозитория, которые добавлены в Credentials Binding Plugin.

Само решение достаточно костыльное, но рабочее.

Главная проблема в том, что Jenkins маскирует пароль ****.

Т.е. при вызове:

...
withCredentials([usernamePassword(credentialsId: 'git', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {

    sh "echo pass $PASSWORD"
    sh "echo user $USERNAME"
}
...

В результате получим ****:

[EU-api-dev-build] Running shell script
+ echo pass ****
pass ****
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ echo user ****
user ****

Решение нашлось в баге, который был открыт ещё в 2016 году – https://issues.jenkins-ci.org/browse/JENKINS-38181.

Сохраняем значения в переменные, и используем их вне блока withCredentials, теперь функция польностью выглядит так:

def git_set_tag() {

    stage('Set tag') {
        
        withCredentials([usernamePassword(credentialsId: 'git', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
        
            password = env.PASSWORD
            user = env.USERNAME
        
            sh "echo pass $PASSWORD"
            sh "echo user $USERNAME"
        }
        
            echo "PASS ${password}"
            echo "USER ${user}"
    }
}

И её выполнение:

[Pipeline] stage
[Pipeline] { (Set tag)
[Pipeline] withCredentials
[Pipeline] {
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ echo pass ****
pass ****
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ echo user ****
user ****
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] echo
PASS zd%%%ML
[Pipeline] echo
USER svc.lon%%%
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

Осталось добавить тег, обновить .git/config, что бы добавить логин:пароль, и запушить тег в репозиторий:

def git_set_tag() {

    stage('Set tag') {
        
        withCredentials([usernamePassword(credentialsId: 'git', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]) {
        
            gitPassword = env.PASSWORD
            gitUser = env.USERNAME
        }
        
        sh 'git config user.email "jenkins@domain.tld"'
        sh 'git config user.name "TAG Jenkins"'
        sh 'git tag -a ${BUILD_NUMBER} -m "branch: ${REPO_API_BRANCH} environment: ${ENVIRONMENT}"'
        sh 'git tag'
        sh 'git show ${BUILD_NUMBER}'
        sh 'cat .git/config'
        sh "git remote set-url origin https://${gitUser}:${gitPassword}@bitbucket.domain.tld/scm/lontag/tag-server-api.git"
        sh 'cat .git/config'
        sh 'git push origin ${BUILD_NUMBER}'
    }
}

Результат:

[Pipeline] stage
[Pipeline] { (Set tag)
[Pipeline] withCredentials
[Pipeline] {
[Pipeline] }
[Pipeline] // withCredentials
[EU-api-dev-build] Running shell script
+ git config user.email jenkins@domain.tld
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ git config user.name TAG Jenkins
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ git tag -a 593 -m branch: develop environment: dev
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ git tag
591
592
593
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ git show 593
tag 593
Tagger: TAG Jenkins <jenkins@domain.tld>
Date: Wed Apr 25 10:34:30 2018 +0000

branch: develop environment: dev

commit 6c4e987390c011f3a9b4dccda03c1e0bb9a75f34
Merge: 5d4d747 97003ee
Author: *** <***>
Date: Thu Apr 12 16:28:34 2018 +0000

Merge pull request #31 in LON/tag-deployment from bugfix/LTH-4898 to develop

* commit ‘97003ee56d7ff30518b7d704e799014a5bb6d05f’:
LTH-4898 build all flavors

[Pipeline] sh
[EU-api-dev-build] Running shell script
+ cat .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote “origin”]
url = https://bitbucket.domain.tld/scm/lontag/tag-deployment.git
fetch = +refs/heads/*:refs/remotes/origin/*
[user]
email = jenkins@domain.tld
name = TAG Jenkins
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ git remote set-url origin https://gituser:gitpass@bitbucket.domain.tld/scm/lontag/tag-server-api.git
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ cat .git/config
[core]
repositoryformatversion = 0
filemode = true
bare = false
logallrefupdates = true
[remote “origin”]
url = https://gituser:gitpass@bitbucket.domain.tld/scm/lontag/tag-server-api.git
fetch = +refs/heads/*:refs/remotes/origin/*
[user]
email = jenkins@domain.tld
name = TAG Jenkins
[Pipeline] sh
[EU-api-dev-build] Running shell script
+ git push origin 593
To https://gituser:gitpass@bitbucket.domain.tld/scm/lontag/tag-server-api.git
* [new tag] 593 -> 593
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS

Готово.