search

indigo-dc / jenkins-pipeline-library

Jenkins pipeline library with common functionalities for CI/CD environments, mainly targeted for the implementation of the SQA baseline requirements from https://indigo-dc.github.io/sqa-baseline/
Apache License 2.0
11 stars 6 forks source link

config:repo needs credentials id from jenkins in case of private repository #78

Closed samuelbernardolip closed 3 years ago

samuelbernardolip commented 4 years ago

Add an additional attribute to repository configurations in config section so is possible to checkout from private domain:

"config_repo_settings": {
            "type": "object",
            "properties": {
                "repo": { "type": "string", "format": "uri" },
                "branch": { "type": "string" },
                "dockerhub": { "type": "string" },
                "dockertag": {
                    "anyOf": [
                        { "type": "string" },
                        { "type": "array" }
                    ]
                }
                "credentials_id": { "type": "string" },
            },
            "required": ["repo"]
        },
samuelbernardolip commented 4 years ago

We can avoid an additional attribute in config.yml using for that predefined environment variables. Those can be set in environment namespace. The variable name syntax would be JPL__CRED.

Example:

config:
  project_repos:
    sqaaas_web:
      repo: 'https://github.com/EOSC-synergy/sqaaas-web.git'
      branch: jpl-branch
    sqaaas_web2:
      repo: 'https://github.com/EOSC-synergy/sqaaas-web.git'
      branch: gh-pages
environment:
  - JPL_SQAAAS_WEB_CRED: userpass_sqaaas_web
  - JPL_SQAAAS_WEB2_CRED: userpass_sqaaas_web

@orviz This requires that schema be updated to only allow the characters expected in environment variables:

"config_repo": {
            "type": "object",
            "minProperties": 1,
            "patternProperties": {
                "[a-z0-9_]*": { "$ref": "#/definitions/config_repo_settings" }
            }
        },

This schema update is also important to keep code style.

samuelbernardolip commented 4 years ago

Looking into the pros and cons related to the introduction of credentials, it's better to rely on config.yml configuration.

We need to add to the documentation the following: If you're using the ssh url then your credentials must be username + private key. If you're using the https clone url instead of the ssh one, then your credentials should be username + password.

samuelbernardolip commented 3 years ago

Already implemented with #PR90.