Skip to content

Commit

Permalink
kie-issues#727: define push GH tokens for jenkins
Browse files Browse the repository at this point in the history
  • Loading branch information
jstastny-cz committed Nov 29, 2023
1 parent 75871b8 commit a58b040
Show file tree
Hide file tree
Showing 9 changed files with 79 additions and 43 deletions.
16 changes: 10 additions & 6 deletions .ci/jenkins/Jenkinsfile.deploy
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ pipeline {
script {
dir(getRepoName()) {
if (githubscm.isBranchExist('origin',getPRBranch())) {
githubscm.removeRemoteBranch('origin', getPRBranch())
githubscm.removeRemoteBranch('origin', getPRBranch(), getGitAuthorPushCredsId())
}
githubscm.createBranch(getPRBranch())
}
Expand Down Expand Up @@ -186,7 +186,7 @@ void saveReports() {

void checkoutRepo() {
deleteDir()
checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false))
checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId()))
// need to manually checkout branch since on a detached branch after checkout command
sh "git checkout ${getBuildBranch()}"
}
Expand All @@ -199,8 +199,8 @@ void commitAndCreatePR() {
githubscm.findAndStageNotIgnoredFiles('pom.xml')
githubscm.findAndStageNotIgnoredFiles('antora.yml')
})
githubscm.pushObject('origin', getPRBranch(), getGitAuthorCredsID())
deployProperties["${getRepoName()}.pr.link"] = githubscm.createPRWithLabels(commitMsg, prBody, getBuildBranch(), ['skip-ci'] as String[], getGitAuthorCredsID())
githubscm.pushObject('origin', getPRBranch(), getGitAuthorPushCredsId())
deployProperties["${getRepoName()}.pr.link"] = githubscm.createPRWithLabels(commitMsg, prBody, getBuildBranch(), ['skip-ci'] as String[], getGitAuthorCredsId())
}

void sendNotification() {
Expand Down Expand Up @@ -248,8 +248,12 @@ String getPRBranch() {
return params.DROOLS_PR_BRANCH
}

String getGitAuthorCredsID() {
return env.AUTHOR_CREDS_ID
String getGitAuthorCredsId() {
return env.GIT_AUTHOR_CREDS_ID
}

String getGitAuthorPushCredsId() {
return env.GIT_AUTHOR_PUSH_CREDS_ID
}

void setDeployPropertyIfNeeded(String key, def value) {
Expand Down
24 changes: 14 additions & 10 deletions .ci/jenkins/Jenkinsfile.promote
Original file line number Diff line number Diff line change
Expand Up @@ -57,11 +57,11 @@ pipeline {
script {
dir(getRepoName()) {
checkoutRepo()
if(githubscm.isReleaseExist(getGitTag(), getGitAuthorCredsID())) {
githubscm.deleteRelease(getGitTag(), getGitAuthorCredsID())
if(githubscm.isReleaseExist(getGitTag(), getGitAuthorCredsId())) {
githubscm.deleteRelease(getGitTag(), getGitAuthorCredsId())
}
githubscm.createReleaseWithGeneratedReleaseNotes(getGitTag(), getBuildBranch(), githubscm.getPreviousTagFromVersion(getGitTag()), getGitAuthorCredsID())
githubscm.updateReleaseBody(getGitTag(), getGitAuthorCredsID())
githubscm.createReleaseWithGeneratedReleaseNotes(getGitTag(), getBuildBranch(), githubscm.getPreviousTagFromVersion(getGitTag()), getGitAuthorCredsId())
githubscm.updateReleaseBody(getGitTag(), getGitAuthorCredsId())
}
}
}
Expand Down Expand Up @@ -167,8 +167,12 @@ String getGitAuthor() {
return env.GIT_AUTHOR
}

String getGitAuthorCredsID() {
return env.AUTHOR_CREDS_ID
String getGitAuthorCredsId() {
return env.GIT_AUTHOR_CREDS_ID
}

String getGitAuthorPushCredsId() {
return env.GIT_AUTHOR_PUSH_CREDS_ID
}

String getDeployPrLink() {
Expand All @@ -181,21 +185,21 @@ String getDeployPrLink() {

void checkoutRepo() {
deleteDir()
checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false))
checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId()))
// need to manually checkout branch since on a detached branch after checkout command
sh "git checkout ${getBuildBranch()}"
}

void mergeAndPush(String prLink) {
if (prLink) {
githubscm.mergePR(prLink, getGitAuthorCredsID())
githubscm.pushObject('origin', getBuildBranch(), getGitAuthorCredsID())
githubscm.mergePR(prLink, getGitAuthorCredsId())
githubscm.pushObject('origin', getBuildBranch(), getGitAuthorPushCredsId())
}
}

void tagLatest() {
if (getGitTag()) {
githubscm.tagLocalAndRemoteRepository('origin', getGitTag(), getGitAuthorCredsID(), env.BUILD_TAG, true)
githubscm.tagLocalAndRemoteRepository('origin', getGitTag(), getGitAuthorPushCredsId(), env.BUILD_TAG, true)
}
}

Expand Down
10 changes: 7 additions & 3 deletions .ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ pipeline {
archiveArtifacts artifacts: 'env_props'

dir(getRepoName()) {
checkout(githubscm.resolveRepository(getRepoName(), changeAuthor, changeBranch, false))
checkout(githubscm.resolveRepository(getRepoName(), changeAuthor, changeBranch, false, getGitAuthorCredsId()))
// need to manually checkout branch since on a detached branch after checkout command
sh "git checkout ${changeBranch}"
}
Expand All @@ -51,7 +51,7 @@ pipeline {
steps {
script {
dir(getRepoName()) {
githubscm.pushObject('origin', changeBranch, getGitAuthorCredsId())
githubscm.pushObject('origin', changeBranch, getGitAuthorPushCredsId())
}
}
}
Expand All @@ -74,5 +74,9 @@ String getRepoName() {
}

String getGitAuthorCredsId() {
return env.AUTHOR_CREDS_ID
return env.GIT_AUTHOR_CREDS_ID
}

String getGitAuthorPushCredsId() {
return env.GIT_AUTHOR_PUSH_CREDS_ID
}
10 changes: 7 additions & 3 deletions .ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone
Original file line number Diff line number Diff line change
Expand Up @@ -70,7 +70,7 @@ pipeline {
steps {
script {
dir(getRepoName()) {
githubscm.pushObject('origin', isPRSourceBranch() ? getBuildBranch() : getPRBranch(), getGitAuthorCredsId())
githubscm.pushObject('origin', isPRSourceBranch() ? getBuildBranch() : getPRBranch(), getGitAuthorPushCredsId())
}
}
}
Expand Down Expand Up @@ -121,7 +121,7 @@ void sendNotification(String body) {
}

void checkoutRepo(String repository, String branch) {
checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false))
checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false, getGitAuthorCredsId()))
// need to manually checkout branch since on a detached branch after checkout command
sh "git checkout ${branch}"
}
Expand All @@ -144,7 +144,11 @@ boolean isPRSourceBranch() {
}

String getGitAuthorCredsId() {
return env.AUTHOR_CREDS_ID
return env.GIT_AUTHOR_CREDS_ID
}

String getGitAuthorPushCredsId() {
return env.GIT_AUTHOR_PUSH_CREDS_ID
}

String getPRBranch() {
Expand Down
15 changes: 10 additions & 5 deletions .ci/jenkins/Jenkinsfile.setup-branch
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ pipeline {
githubscm.findAndStageNotIgnoredFiles('pom.xml')
githubscm.findAndStageNotIgnoredFiles('antora.yml')
})
githubscm.pushObject('origin', getBuildBranch(), getGitAuthorCredsId())
githubscm.pushObject('origin', getBuildBranch(), getGitAuthorPushCredsId())
} else {
println '[WARN] no changes to commit'
}
Expand Down Expand Up @@ -103,7 +103,7 @@ void sendNotification() {
}

void checkoutRepo(String repository, String branch) {
checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false))
checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false, getGitAuthorCredsId()))
// need to manually checkout branch since on a detached branch after checkout command
sh "git checkout ${branch}"
}
Expand All @@ -126,9 +126,14 @@ String getDroolsVersion() {
}

String getGitAuthorCredsId() {
return env.AUTHOR_CREDS_ID
return env.GIT_AUTHOR_CREDS_ID
}

String getGitAuthorPushCredsId() {
return env.GIT_AUTHOR_PUSH_CREDS_ID
}


MavenCommand getMavenCommand() {
return new MavenCommand(this, ['-fae', '-ntp'])
.withOptions(env.BUILD_MVN_OPTS ? [ env.BUILD_MVN_OPTS ] : [])
Expand All @@ -142,14 +147,14 @@ boolean isMainBranch() {
String commitAndCreatePR(String commitMsg, String localBranch, String targetBranch) {
def prBody = "Generated by build ${BUILD_TAG}: ${BUILD_URL}"
githubscm.commitChanges(commitMsg)
githubscm.pushObject('origin', localBranch, getGitAuthorCredsId())
githubscm.pushObject('origin', localBranch, getGitAuthorPushCredsId())
return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsId())
}

void mergeAndPush(String prLink, String targetBranch) {
if (prLink?.trim()) {
githubscm.mergePR(prLink, getGitAuthorCredsId())
githubscm.pushObject('origin', targetBranch, getGitAuthorCredsId())
githubscm.pushObject('origin', targetBranch, getGitAuthorPushCredsId())
}
}

Expand Down
5 changes: 5 additions & 0 deletions .ci/jenkins/config/branch.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -60,9 +60,14 @@ git:
# Need to be verified
credentials_id: 399061d0-5ab5-4142-a186-a52081fef742
token_credentials_id: ci-builds
push:
credentials_id: 84811880-2025-45b6-a44c-2f33bef30ad2 # CI Push Access for KIE
token_credentials_id: 41128c14-bb63-4708-9074-d20a318ee630 # GitHub Personal Access Token for KIE
fork_author:
name: kie-ci
credentials_id: kie-ci
push:
credentials_id: kie-ci
quarkus:
author:
name: quarkusio
Expand Down
2 changes: 2 additions & 0 deletions .ci/jenkins/config/main.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,8 @@ seed:
author:
name: apache
credentials_id: ASF_Cloudbees_Jenkins_ci-builds
push:
credentials_id: 84811880-2025-45b6-a44c-2f33bef30ad2 # CI Push Access for KIE
branch: main
path: .ci/jenkins/config/branch.yaml
jenkinsfile: dsl/seed/jenkinsfiles/Jenkinsfile.seed.branch
Expand Down
20 changes: 12 additions & 8 deletions .ci/jenkins/dsl/jobs.groovy
Original file line number Diff line number Diff line change
Expand Up @@ -112,7 +112,8 @@ void setupProjectPostReleaseJob() {

GIT_BRANCH_NAME: "${GIT_BRANCH}",
GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",

DROOLS_STREAM: Utils.getStream(this),
])
Expand Down Expand Up @@ -252,7 +253,8 @@ void createSetupBranchJob() {
JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}",

GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",

MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}",

Expand Down Expand Up @@ -280,8 +282,8 @@ void setupDeployJob(JobType jobType) {
JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}",

GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GITHUB_TOKEN_CREDS_ID: "${GIT_AUTHOR_TOKEN_CREDENTIALS_ID}",
GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",

MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}",
MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}",
Expand Down Expand Up @@ -323,8 +325,8 @@ void setupPromoteJob(JobType jobType) {
JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}",

GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GITHUB_TOKEN_CREDS_ID: "${GIT_AUTHOR_TOKEN_CREDENTIALS_ID}",
GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",

MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}",
MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}",
Expand Down Expand Up @@ -359,7 +361,8 @@ void setupPrQuarkus3RewriteJob() {
commitContext: 'Quarkus 3 rewrite',
])
jobParams.env.putAll([
AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",
MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}",
])
KogitoJobTemplate.createPRJob(this, jobParams)
Expand All @@ -370,7 +373,8 @@ void setupStandaloneQuarkus3RewriteJob() {
JobParamsUtils.setupJobParamsAgentDockerBuilderImageConfiguration(this, jobParams)
jobParams.env.putAll(EnvUtils.getEnvironmentEnvVars(this, 'quarkus-3'))
jobParams.env.putAll([
AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",
JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}",
MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}",
])
Expand Down
20 changes: 12 additions & 8 deletions .ci/jenkins/project/Jenkinsfile.post-release
Original file line number Diff line number Diff line change
Expand Up @@ -51,7 +51,7 @@ pipeline {
prLink = commitAndCreatePR("Upgrade drools-website ${getProjectVersion()}", prBranchName, getBuildBranch())
sh "git checkout ${getBuildBranch()}"
mergeAndPush(prLink, getBuildBranch())
githubscm.removeRemoteBranch('origin', prBranchName, getGitAuthorCredsID())
githubscm.removeRemoteBranch('origin', prBranchName, getGitAuthorPushCredsId())
}
}
}
Expand Down Expand Up @@ -87,8 +87,12 @@ String getNextMinorSnapshotVersion(String currentVersion) {
return util.getNextVersion(currentVersion, 'minor')
}

String getGitAuthorCredsID() {
return env.AUTHOR_CREDS_ID
String getGitAuthorCredsId() {
return env.GIT_AUTHOR_CREDS_ID
}

String getGitAuthorPushCredsId() {
return env.GIT_AUTHOR_PUSH_CREDS_ID
}

String getGitAuthor() {
Expand All @@ -105,22 +109,22 @@ String getReleaseNotesNumber() {

void checkoutRepo(String repo, String branch) {
deleteDir()
checkout(githubscm.resolveRepository(repo, getGitAuthor(), branch, false))
checkout(githubscm.resolveRepository(repo, getGitAuthor(), branch, false, getGitAuthorCredsId()))
// need to manually checkout branch since on a detached branch after checkout command
sh "git checkout ${branch}"
}

void mergeAndPush(String prLink, String targetBranch) {
if (prLink != '') {
githubscm.mergePR(prLink, getGitAuthorCredsID())
githubscm.pushObject('origin', targetBranch, getGitAuthorCredsID())
githubscm.mergePR(prLink, getGitAuthorCredsId())
githubscm.pushObject('origin', targetBranch, getGitAuthorPushCredsId())
}
}

String commitAndCreatePR(String commitMsg, String localBranch, String targetBranch) {
def prBody = "Generated by build ${BUILD_TAG}: ${BUILD_URL}"

githubscm.commitChanges(commitMsg)
githubscm.pushObject('origin', localBranch, getGitAuthorCredsID())
return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsID())
githubscm.pushObject('origin', localBranch, getGitAuthorPushCredsId())
return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsId())
}

0 comments on commit a58b040

Please sign in to comment.