From a58b04095fb48d91068662dfd9d4b35785881204 Mon Sep 17 00:00:00 2001 From: jstastny-cz Date: Tue, 28 Nov 2023 08:05:55 +0100 Subject: [PATCH] kie-issues#727: define push GH tokens for jenkins --- .ci/jenkins/Jenkinsfile.deploy | 16 ++++++++----- .ci/jenkins/Jenkinsfile.promote | 24 +++++++++++-------- .ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr | 10 +++++--- .../Jenkinsfile.quarkus-3.rewrite.standalone | 10 +++++--- .ci/jenkins/Jenkinsfile.setup-branch | 15 ++++++++---- .ci/jenkins/config/branch.yaml | 5 ++++ .ci/jenkins/config/main.yaml | 2 ++ .ci/jenkins/dsl/jobs.groovy | 20 +++++++++------- .ci/jenkins/project/Jenkinsfile.post-release | 20 +++++++++------- 9 files changed, 79 insertions(+), 43 deletions(-) diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 602ac06923d..1b3addc2e4d 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -70,7 +70,7 @@ pipeline { script { dir(getRepoName()) { if (githubscm.isBranchExist('origin',getPRBranch())) { - githubscm.removeRemoteBranch('origin', getPRBranch()) + githubscm.removeRemoteBranch('origin', getPRBranch(), getGitAuthorPushCredsId()) } githubscm.createBranch(getPRBranch()) } @@ -186,7 +186,7 @@ void saveReports() { void checkoutRepo() { deleteDir() - checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false)) + checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${getBuildBranch()}" } @@ -199,8 +199,8 @@ void commitAndCreatePR() { githubscm.findAndStageNotIgnoredFiles('pom.xml') githubscm.findAndStageNotIgnoredFiles('antora.yml') }) - githubscm.pushObject('origin', getPRBranch(), getGitAuthorCredsID()) - deployProperties["${getRepoName()}.pr.link"] = githubscm.createPRWithLabels(commitMsg, prBody, getBuildBranch(), ['skip-ci'] as String[], getGitAuthorCredsID()) + githubscm.pushObject('origin', getPRBranch(), getGitAuthorPushCredsId()) + deployProperties["${getRepoName()}.pr.link"] = githubscm.createPRWithLabels(commitMsg, prBody, getBuildBranch(), ['skip-ci'] as String[], getGitAuthorCredsId()) } void sendNotification() { @@ -248,8 +248,12 @@ String getPRBranch() { return params.DROOLS_PR_BRANCH } -String getGitAuthorCredsID() { - return env.AUTHOR_CREDS_ID +String getGitAuthorCredsId() { + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } void setDeployPropertyIfNeeded(String key, def value) { diff --git a/.ci/jenkins/Jenkinsfile.promote b/.ci/jenkins/Jenkinsfile.promote index 661c6e1d305..9001c28c627 100644 --- a/.ci/jenkins/Jenkinsfile.promote +++ b/.ci/jenkins/Jenkinsfile.promote @@ -57,11 +57,11 @@ pipeline { script { dir(getRepoName()) { checkoutRepo() - if(githubscm.isReleaseExist(getGitTag(), getGitAuthorCredsID())) { - githubscm.deleteRelease(getGitTag(), getGitAuthorCredsID()) + if(githubscm.isReleaseExist(getGitTag(), getGitAuthorCredsId())) { + githubscm.deleteRelease(getGitTag(), getGitAuthorCredsId()) } - githubscm.createReleaseWithGeneratedReleaseNotes(getGitTag(), getBuildBranch(), githubscm.getPreviousTagFromVersion(getGitTag()), getGitAuthorCredsID()) - githubscm.updateReleaseBody(getGitTag(), getGitAuthorCredsID()) + githubscm.createReleaseWithGeneratedReleaseNotes(getGitTag(), getBuildBranch(), githubscm.getPreviousTagFromVersion(getGitTag()), getGitAuthorCredsId()) + githubscm.updateReleaseBody(getGitTag(), getGitAuthorCredsId()) } } } @@ -167,8 +167,12 @@ String getGitAuthor() { return env.GIT_AUTHOR } -String getGitAuthorCredsID() { - return env.AUTHOR_CREDS_ID +String getGitAuthorCredsId() { + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } String getDeployPrLink() { @@ -181,21 +185,21 @@ String getDeployPrLink() { void checkoutRepo() { deleteDir() - checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false)) + checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${getBuildBranch()}" } void mergeAndPush(String prLink) { if (prLink) { - githubscm.mergePR(prLink, getGitAuthorCredsID()) - githubscm.pushObject('origin', getBuildBranch(), getGitAuthorCredsID()) + githubscm.mergePR(prLink, getGitAuthorCredsId()) + githubscm.pushObject('origin', getBuildBranch(), getGitAuthorPushCredsId()) } } void tagLatest() { if (getGitTag()) { - githubscm.tagLocalAndRemoteRepository('origin', getGitTag(), getGitAuthorCredsID(), env.BUILD_TAG, true) + githubscm.tagLocalAndRemoteRepository('origin', getGitTag(), getGitAuthorPushCredsId(), env.BUILD_TAG, true) } } diff --git a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr index b034906a550..5ebb1c84f41 100644 --- a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr +++ b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.pr @@ -26,7 +26,7 @@ pipeline { archiveArtifacts artifacts: 'env_props' dir(getRepoName()) { - checkout(githubscm.resolveRepository(getRepoName(), changeAuthor, changeBranch, false)) + checkout(githubscm.resolveRepository(getRepoName(), changeAuthor, changeBranch, false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${changeBranch}" } @@ -51,7 +51,7 @@ pipeline { steps { script { dir(getRepoName()) { - githubscm.pushObject('origin', changeBranch, getGitAuthorCredsId()) + githubscm.pushObject('origin', changeBranch, getGitAuthorPushCredsId()) } } } @@ -74,5 +74,9 @@ String getRepoName() { } String getGitAuthorCredsId() { - return env.AUTHOR_CREDS_ID + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } diff --git a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone index 03d3f07cc3f..63edb346a49 100644 --- a/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone +++ b/.ci/jenkins/Jenkinsfile.quarkus-3.rewrite.standalone @@ -70,7 +70,7 @@ pipeline { steps { script { dir(getRepoName()) { - githubscm.pushObject('origin', isPRSourceBranch() ? getBuildBranch() : getPRBranch(), getGitAuthorCredsId()) + githubscm.pushObject('origin', isPRSourceBranch() ? getBuildBranch() : getPRBranch(), getGitAuthorPushCredsId()) } } } @@ -121,7 +121,7 @@ void sendNotification(String body) { } void checkoutRepo(String repository, String branch) { - checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false)) + checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${branch}" } @@ -144,7 +144,11 @@ boolean isPRSourceBranch() { } String getGitAuthorCredsId() { - return env.AUTHOR_CREDS_ID + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } String getPRBranch() { diff --git a/.ci/jenkins/Jenkinsfile.setup-branch b/.ci/jenkins/Jenkinsfile.setup-branch index b8502466ea9..00174a9ee24 100644 --- a/.ci/jenkins/Jenkinsfile.setup-branch +++ b/.ci/jenkins/Jenkinsfile.setup-branch @@ -63,7 +63,7 @@ pipeline { githubscm.findAndStageNotIgnoredFiles('pom.xml') githubscm.findAndStageNotIgnoredFiles('antora.yml') }) - githubscm.pushObject('origin', getBuildBranch(), getGitAuthorCredsId()) + githubscm.pushObject('origin', getBuildBranch(), getGitAuthorPushCredsId()) } else { println '[WARN] no changes to commit' } @@ -103,7 +103,7 @@ void sendNotification() { } void checkoutRepo(String repository, String branch) { - checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false)) + checkout(githubscm.resolveRepository(repository, getGitAuthor(), branch, false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${branch}" } @@ -126,9 +126,14 @@ String getDroolsVersion() { } String getGitAuthorCredsId() { - return env.AUTHOR_CREDS_ID + return env.GIT_AUTHOR_CREDS_ID } +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID +} + + MavenCommand getMavenCommand() { return new MavenCommand(this, ['-fae', '-ntp']) .withOptions(env.BUILD_MVN_OPTS ? [ env.BUILD_MVN_OPTS ] : []) @@ -142,14 +147,14 @@ boolean isMainBranch() { String commitAndCreatePR(String commitMsg, String localBranch, String targetBranch) { def prBody = "Generated by build ${BUILD_TAG}: ${BUILD_URL}" githubscm.commitChanges(commitMsg) - githubscm.pushObject('origin', localBranch, getGitAuthorCredsId()) + githubscm.pushObject('origin', localBranch, getGitAuthorPushCredsId()) return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsId()) } void mergeAndPush(String prLink, String targetBranch) { if (prLink?.trim()) { githubscm.mergePR(prLink, getGitAuthorCredsId()) - githubscm.pushObject('origin', targetBranch, getGitAuthorCredsId()) + githubscm.pushObject('origin', targetBranch, getGitAuthorPushCredsId()) } } diff --git a/.ci/jenkins/config/branch.yaml b/.ci/jenkins/config/branch.yaml index b0b67ba1a38..f49107e9b9d 100644 --- a/.ci/jenkins/config/branch.yaml +++ b/.ci/jenkins/config/branch.yaml @@ -60,9 +60,14 @@ git: # Need to be verified credentials_id: 399061d0-5ab5-4142-a186-a52081fef742 token_credentials_id: ci-builds + push: + credentials_id: 84811880-2025-45b6-a44c-2f33bef30ad2 # CI Push Access for KIE + token_credentials_id: 41128c14-bb63-4708-9074-d20a318ee630 # GitHub Personal Access Token for KIE fork_author: name: kie-ci credentials_id: kie-ci + push: + credentials_id: kie-ci quarkus: author: name: quarkusio diff --git a/.ci/jenkins/config/main.yaml b/.ci/jenkins/config/main.yaml index 82538f85d31..b35fd4acafe 100644 --- a/.ci/jenkins/config/main.yaml +++ b/.ci/jenkins/config/main.yaml @@ -24,6 +24,8 @@ seed: author: name: apache credentials_id: ASF_Cloudbees_Jenkins_ci-builds + push: + credentials_id: 84811880-2025-45b6-a44c-2f33bef30ad2 # CI Push Access for KIE branch: main path: .ci/jenkins/config/branch.yaml jenkinsfile: dsl/seed/jenkinsfiles/Jenkinsfile.seed.branch diff --git a/.ci/jenkins/dsl/jobs.groovy b/.ci/jenkins/dsl/jobs.groovy index b36c69c13a9..d6171b07044 100644 --- a/.ci/jenkins/dsl/jobs.groovy +++ b/.ci/jenkins/dsl/jobs.groovy @@ -112,7 +112,8 @@ void setupProjectPostReleaseJob() { GIT_BRANCH_NAME: "${GIT_BRANCH}", GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", DROOLS_STREAM: Utils.getStream(this), ]) @@ -252,7 +253,8 @@ void createSetupBranchJob() { JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", @@ -280,8 +282,8 @@ void setupDeployJob(JobType jobType) { JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", - GITHUB_TOKEN_CREDS_ID: "${GIT_AUTHOR_TOKEN_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}", @@ -323,8 +325,8 @@ void setupPromoteJob(JobType jobType) { JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", GIT_AUTHOR: "${GIT_AUTHOR_NAME}", - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", - GITHUB_TOKEN_CREDS_ID: "${GIT_AUTHOR_TOKEN_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", MAVEN_DEPENDENCIES_REPOSITORY: "${MAVEN_ARTIFACTS_REPOSITORY}", @@ -359,7 +361,8 @@ void setupPrQuarkus3RewriteJob() { commitContext: 'Quarkus 3 rewrite', ]) jobParams.env.putAll([ - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", ]) KogitoJobTemplate.createPRJob(this, jobParams) @@ -370,7 +373,8 @@ void setupStandaloneQuarkus3RewriteJob() { JobParamsUtils.setupJobParamsAgentDockerBuilderImageConfiguration(this, jobParams) jobParams.env.putAll(EnvUtils.getEnvironmentEnvVars(this, 'quarkus-3')) jobParams.env.putAll([ - AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}", + GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}", JENKINS_EMAIL_CREDS_ID: "${JENKINS_EMAIL_CREDS_ID}", MAVEN_SETTINGS_CONFIG_FILE_ID: "${MAVEN_SETTINGS_FILE_ID}", ]) diff --git a/.ci/jenkins/project/Jenkinsfile.post-release b/.ci/jenkins/project/Jenkinsfile.post-release index bbe70e1c238..16fd4f475ff 100644 --- a/.ci/jenkins/project/Jenkinsfile.post-release +++ b/.ci/jenkins/project/Jenkinsfile.post-release @@ -51,7 +51,7 @@ pipeline { prLink = commitAndCreatePR("Upgrade drools-website ${getProjectVersion()}", prBranchName, getBuildBranch()) sh "git checkout ${getBuildBranch()}" mergeAndPush(prLink, getBuildBranch()) - githubscm.removeRemoteBranch('origin', prBranchName, getGitAuthorCredsID()) + githubscm.removeRemoteBranch('origin', prBranchName, getGitAuthorPushCredsId()) } } } @@ -87,8 +87,12 @@ String getNextMinorSnapshotVersion(String currentVersion) { return util.getNextVersion(currentVersion, 'minor') } -String getGitAuthorCredsID() { - return env.AUTHOR_CREDS_ID +String getGitAuthorCredsId() { + return env.GIT_AUTHOR_CREDS_ID +} + +String getGitAuthorPushCredsId() { + return env.GIT_AUTHOR_PUSH_CREDS_ID } String getGitAuthor() { @@ -105,15 +109,15 @@ String getReleaseNotesNumber() { void checkoutRepo(String repo, String branch) { deleteDir() - checkout(githubscm.resolveRepository(repo, getGitAuthor(), branch, false)) + checkout(githubscm.resolveRepository(repo, getGitAuthor(), branch, false, getGitAuthorCredsId())) // need to manually checkout branch since on a detached branch after checkout command sh "git checkout ${branch}" } void mergeAndPush(String prLink, String targetBranch) { if (prLink != '') { - githubscm.mergePR(prLink, getGitAuthorCredsID()) - githubscm.pushObject('origin', targetBranch, getGitAuthorCredsID()) + githubscm.mergePR(prLink, getGitAuthorCredsId()) + githubscm.pushObject('origin', targetBranch, getGitAuthorPushCredsId()) } } @@ -121,6 +125,6 @@ String commitAndCreatePR(String commitMsg, String localBranch, String targetBran def prBody = "Generated by build ${BUILD_TAG}: ${BUILD_URL}" githubscm.commitChanges(commitMsg) - githubscm.pushObject('origin', localBranch, getGitAuthorCredsID()) - return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsID()) + githubscm.pushObject('origin', localBranch, getGitAuthorPushCredsId()) + return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsId()) } \ No newline at end of file