diff --git a/.ci/jenkins/Jenkinsfile.build-image b/.ci/jenkins/Jenkinsfile.build-image index 23cff1e4d..de59f6e4e 100644 --- a/.ci/jenkins/Jenkinsfile.build-image +++ b/.ci/jenkins/Jenkinsfile.build-image @@ -66,8 +66,8 @@ pipeline { if (isDeployImageInOpenshiftRegistry()) { cloud.loginOpenShift(getOpenShiftAPI(), env.OPENSHIFT_CREDS_KEY) cloud.loginOpenshiftRegistry(env.CONTAINER_ENGINE, env.CONTAINER_ENGINE_TLS_OPTIONS ?: '') - } else if (getDeployImageRegistryCredentials()) { - cloud.loginContainerRegistry(getDeployImageRegistry(), getDeployImageRegistryCredentials(), env.CONTAINER_ENGINE, env.CONTAINER_ENGINE_TLS_OPTIONS ?: '') + } else if (getDeployImageRegistryUserCredentialsId() && getDeployImageRegistryTokenCredentialsId()) { + cloud.loginContainerRegistry(getDeployImageRegistry(), getDeployImageRegistryUserCredentialsId(), getDeployImageRegistryTokenCredentialsId(), env.CONTAINER_ENGINE, env.CONTAINER_ENGINE_TLS_OPTIONS ?: '') } } } @@ -295,8 +295,12 @@ boolean isDeployImageInOpenshiftRegistry() { return params.DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY } -String getDeployImageRegistryCredentials() { - return params.DEPLOY_IMAGE_REGISTRY_CREDENTIALS +String getDeployImageRegistryUserCredentialsId() { + return params.DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID +} + +String getDeployImageRegistryTokenCredentialsId() { + return params.DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID } String getDeployImageRegistry() { diff --git a/.ci/jenkins/Jenkinsfile.deploy b/.ci/jenkins/Jenkinsfile.deploy index 1a53590f6..396fa00dc 100644 --- a/.ci/jenkins/Jenkinsfile.deploy +++ b/.ci/jenkins/Jenkinsfile.deploy @@ -309,7 +309,8 @@ void createBuildAndTestStageClosure(String image) { buildParams.add(booleanParam(name: 'DEPLOY_IMAGE', value: isDeployImage())) buildParams.add(booleanParam(name: 'DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', value: isDeployImageInOpenshiftRegistry())) - buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_CREDENTIALS', value: getDeployImageRegistryCredentials())) + buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID', value: getDeployImageRegistryUserCredentialsId())) + buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', value: getDeployImageRegistryTokenCredentialsId())) buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY', value: getDeployImageRegistry())) buildParams.add(string(name: 'DEPLOY_IMAGE_NAMESPACE', value: getDeployImageNamespace())) buildParams.add(string(name: 'DEPLOY_IMAGE_NAME_SUFFIX', value: getDeployImageNameSuffix())) @@ -370,8 +371,12 @@ boolean isDeployImageInOpenshiftRegistry() { return params.IMAGE_USE_OPENSHIFT_REGISTRY } -String getDeployImageRegistryCredentials() { - return params.IMAGE_REGISTRY_CREDENTIALS +String getDeployImageRegistryUserCredentialsId() { + return params.IMAGE_REGISTRY_USER_CREDENTIALS_ID +} + +String getDeployImageRegistryTokenCredentialsId() { + return params.IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID } String getDeployImageRegistry() { diff --git a/.ci/jenkins/Jenkinsfile.promote b/.ci/jenkins/Jenkinsfile.promote index 2b7cbbd6c..8497669a0 100644 --- a/.ci/jenkins/Jenkinsfile.promote +++ b/.ci/jenkins/Jenkinsfile.promote @@ -64,15 +64,15 @@ pipeline { // Login old registry if (isOldImageInOpenshiftRegistry()) { loginOpenshiftRegistry() - } else if (getOldImageRegistryCredentials() != '') { - loginContainerRegistry(getOldImageRegistry(), getOldImageRegistryCredentials()) + } else if (getOldImageRegistryUserCredentialsId() != '' && getOldImageRegistryTokenCredentialsId() != '') { + loginContainerRegistry(getOldImageRegistry(), getOldImageRegistryUserCredentialsId(), getOldImageRegistryTokenCredentialsId()) } // Login new registry if (isNewImageInOpenshiftRegistry()) { loginOpenshiftRegistry() - } else if (getNewImageRegistryCredentials() != '') { - loginContainerRegistry(getNewImageRegistry(), getNewImageRegistryCredentials()) + } else if (getNewImageRegistryUserCredentialsId() != '' && getNewImageRegistryTokenCredentialsId() != '') { + loginContainerRegistry(getNewImageRegistry(), getNewImageRegistryUserCredentialsId(), getNewImageRegistryTokenCredentialsId()) } dir(getRepoName()) { @@ -212,9 +212,11 @@ void loginOpenshiftRegistry() { sh "set +x && ${env.CONTAINER_ENGINE} login -u anything -p \$(oc whoami -t) ${env.CONTAINER_ENGINE_TLS_OPTIONS ?: ''} ${env.OPENSHIFT_REGISTRY}" } -void loginContainerRegistry(String registry, String credsId) { - withCredentials([usernamePassword(credentialsId: credsId, usernameVariable: 'REGISTRY_USER', passwordVariable: 'REGISTRY_PWD')]) { - sh "${env.CONTAINER_ENGINE} login -u ${REGISTRY_USER} -p ${REGISTRY_PWD} ${env.CONTAINER_ENGINE_TLS_OPTIONS ?: ''} ${registry}" +void loginContainerRegistry(String registry, String userCredsId, String tokenCredsId) { + withCredentials([string(credentialsId: userCredsId, variable: 'DOCKER_USER')]) { + withCredentials([string(credentialsId: tokenCredsId, variable: 'DOCKER_TOKEN')]) { + sh "${env.CONTAINER_ENGINE} login -u ${DOCKER_USER} -p ${DOCKER_TOKEN} ${env.CONTAINER_ENGINE_TLS_OPTIONS ?: ''} ${registry}" + } } } @@ -294,8 +296,12 @@ boolean isOldImageInOpenshiftRegistry() { return params.BASE_IMAGE_USE_OPENSHIFT_REGISTRY } -String getOldImageRegistryCredentials() { - return params.BASE_IMAGE_REGISTRY_CREDENTIALS +String getOldImageRegistryUserCredentialsId() { + return params.BASE_IMAGE_REGISTRY_USER_CREDENTIALS_ID +} + +String getOldImageRegistryTokenCredentialsId() { + return params.BASE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID } String getOldImageRegistry() { @@ -326,8 +332,12 @@ boolean isNewImageInOpenshiftRegistry() { return params.PROMOTE_IMAGE_USE_OPENSHIFT_REGISTRY } -String getNewImageRegistryCredentials() { - return params.PROMOTE_IMAGE_REGISTRY_CREDENTIALS +String getNewImageRegistryUserCredentialsId() { + return params.PROMOTE_IMAGE_REGISTRY_USER_CREDENTIALS_ID +} + +String getNewImageRegistryTokenCredentialsId() { + return params.PROMOTE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID } String getNewImageRegistry() { diff --git a/.ci/jenkins/Jenkinsfile.weekly.deploy b/.ci/jenkins/Jenkinsfile.weekly.deploy index d16596874..fd03c959b 100644 --- a/.ci/jenkins/Jenkinsfile.weekly.deploy +++ b/.ci/jenkins/Jenkinsfile.weekly.deploy @@ -206,7 +206,8 @@ void createBuildAndTestStageClosure(String image) { buildParams.add(booleanParam(name: 'DEPLOY_IMAGE', value: true)) buildParams.add(booleanParam(name: 'DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', value: isDeployImageInOpenshiftRegistry())) - buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_CREDENTIALS', value: getDeployImageRegistryCredentials())) + buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID', value: getDeployImageRegistryUserCredentialsId())) + buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', value: getDeployImageRegistryTokenCredentialsId())) buildParams.add(string(name: 'DEPLOY_IMAGE_REGISTRY', value: getDeployImageRegistry())) buildParams.add(string(name: 'DEPLOY_IMAGE_NAMESPACE', value: getDeployImageNamespace())) buildParams.add(string(name: 'DEPLOY_IMAGE_NAME_SUFFIX', value: getDeployImageNameSuffix())) @@ -262,8 +263,12 @@ boolean isDeployImageInOpenshiftRegistry() { return params.IMAGE_USE_OPENSHIFT_REGISTRY } -String getDeployImageRegistryCredentials() { - return params.IMAGE_REGISTRY_CREDENTIALS +String getDeployImageRegistryUserCredentialsId() { + return params.IMAGE_REGISTRY_USER_CREDENTIALS_ID +} + +String getDeployImageRegistryTokenCredentialsId() { + return params.IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID } String getDeployImageRegistry() { diff --git a/.ci/jenkins/dsl/jobs.groovy b/.ci/jenkins/dsl/jobs.groovy index 52238919d..4997d4bed 100644 --- a/.ci/jenkins/dsl/jobs.groovy +++ b/.ci/jenkins/dsl/jobs.groovy @@ -136,8 +136,9 @@ void setupDeployJob(JobType jobType) { stringParam('EXAMPLES_REF', '', 'Git reference (branch/tag) to the kogito-examples repository to use for tests.') // Deploy information - booleanParam('IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, IMAGE_REGISTRY_CREDENTIALS, IMAGE_REGISTRY and IMAGE_NAMESPACE parameters will be ignored') - stringParam('IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Image registry credentials to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + booleanParam('IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, IMAGE_REGISTRY_USER_CREDENTIALS_ID, IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID, IMAGE_REGISTRY and IMAGE_NAMESPACE parameters will be ignored') + stringParam('IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Image registry user credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Image registry token credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') stringParam('IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Image registry to use to deploy images') stringParam('IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Image namespace to use to deploy images') stringParam('IMAGE_NAME_SUFFIX', '', 'Image name suffix to use to deploy images. In case you need to change the final image name, you can add a suffix to it.') @@ -203,8 +204,9 @@ void setupBuildImageJob(JobType jobType) { // Deploy information booleanParam('DEPLOY_IMAGE', false, 'Should we deploy image to given deploy registry ?') - booleanParam('DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, IMAGE_REGISTRY_CREDENTIALS, IMAGE_REGISTRY and IMAGE_NAMESPACE parameters will be ignored') - stringParam('DEPLOY_IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Image registry credentials to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + booleanParam('DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID, DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID, DEPLOY_IMAGE_REGISTRY and DEPLOY_IMAGE_NAMESPACE parameters will be ignored') + stringParam('DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Image registry user credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Image registry token credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') stringParam('DEPLOY_IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Image registry to use to deploy images') stringParam('DEPLOY_IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Image namespace to use to deploy images') stringParam('DEPLOY_IMAGE_NAME_SUFFIX', '', 'Image name suffix to use to deploy images. In case you need to change the final image name, you can add a suffix to it.') @@ -260,8 +262,9 @@ void setupBuildAndTestJob(JobType jobType) { // Deploy information booleanParam('DEPLOY_IMAGE', false, 'Should we deploy image to given deploy registry ?') - booleanParam('DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, IMAGE_REGISTRY_CREDENTIALS, IMAGE_REGISTRY and IMAGE_NAMESPACE parameters will be ignored') - stringParam('DEPLOY_IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Image registry credentials to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + booleanParam('DEPLOY_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID, DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID, DEPLOY_IMAGE_REGISTRY and DEPLOY_IMAGE_NAMESPACE parameters will be ignored') + stringParam('DEPLOY_IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Image registry user credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('DEPLOY_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Image registry token credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') stringParam('DEPLOY_IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Image registry to use to deploy images') stringParam('DEPLOY_IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Image namespace to use to deploy images') stringParam('DEPLOY_IMAGE_NAME_SUFFIX', '', 'Image name suffix to use to deploy images. In case you need to change the final image name, you can add a suffix to it.') @@ -302,8 +305,9 @@ void setupPromoteJob(JobType jobType) { stringParam('DEPLOY_BUILD_URL', '', 'URL to jenkins deploy build to retrieve the `deployment.properties` file. If base parameters are defined, they will override the `deployment.properties` information') // Base images information which can override `deployment.properties` - booleanParam('BASE_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Override `deployment.properties`. Set to true if base image should be retrieved from Openshift registry.In this case, BASE_IMAGE_REGISTRY_CREDENTIALS, BASE_IMAGE_REGISTRY and BASE_IMAGE_NAMESPACE parameters will be ignored') - stringParam('BASE_IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Override `deployment.properties`. Base Image registry credentials to use to deploy images. Will be ignored if no BASE_IMAGE_REGISTRY is given') + booleanParam('BASE_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Override `deployment.properties`. Set to true if base image should be retrieved from Openshift registry.In this case, BASE_IMAGE_REGISTRY_USER_CREDENTIALS_ID, BASE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID, BASE_IMAGE_REGISTRY and BASE_IMAGE_NAMESPACE parameters will be ignored') + stringParam('BASE_IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Override `deployment.properties`. Base Image registry user credentials id to use to deploy images. Will be ignored if no BASE_IMAGE_REGISTRY is given') + stringParam('BASE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Override `deployment.properties`. Base Image registry token credentials id to use to deploy images. Will be ignored if no BASE_IMAGE_REGISTRY is given') stringParam('BASE_IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Override `deployment.properties`. Base image registry') stringParam('BASE_IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Override `deployment.properties`. Base image namespace') stringParam('BASE_IMAGE_NAMES', '', 'Override `deployment.properties`. Comma separated list of images') @@ -311,8 +315,9 @@ void setupPromoteJob(JobType jobType) { stringParam('BASE_IMAGE_TAG', '', 'Override `deployment.properties`. Base image tag') // Promote images information - booleanParam('PROMOTE_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if base image should be deployed in Openshift registry.In this case, PROMOTE_IMAGE_REGISTRY_CREDENTIALS, PROMOTE_IMAGE_REGISTRY and PROMOTE_IMAGE_NAMESPACE parameters will be ignored') - stringParam('PROMOTE_IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Promote Image registry credentials to use to deploy images. Will be ignored if no PROMOTE_IMAGE_REGISTRY is given') + booleanParam('PROMOTE_IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if base image should be deployed in Openshift registry.In this case, PROMOTE_IMAGE_REGISTRY_USER_CREDENTIALS_ID, PROMOTE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID, PROMOTE_IMAGE_REGISTRY and PROMOTE_IMAGE_NAMESPACE parameters will be ignored') + stringParam('PROMOTE_IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Promote Image registry user credentials id to use to deploy images. Will be ignored if no PROMOTE_IMAGE_REGISTRY is given') + stringParam('PROMOTE_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Promote Image registry token credentials id to use to deploy images. Will be ignored if no PROMOTE_IMAGE_REGISTRY is given') stringParam('PROMOTE_IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Promote image registry') stringParam('PROMOTE_IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Promote image namespace') stringParam('PROMOTE_IMAGE_NAME_SUFFIX', '', 'Promote image name suffix') @@ -375,8 +380,9 @@ void setupWeeklyDeployJob(JobType jobType) { stringParam('EXAMPLES_REF', '', 'Git reference (branch/tag) to the kogito-examples repository to use for tests.') // Deploy information - booleanParam('IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, IMAGE_REGISTRY_CREDENTIALS, IMAGE_REGISTRY and IMAGE_NAMESPACE parameters will be ignored') - stringParam('IMAGE_REGISTRY_CREDENTIALS', "${CLOUD_IMAGE_REGISTRY_CREDENTIALS}", 'Image registry credentials to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + booleanParam('IMAGE_USE_OPENSHIFT_REGISTRY', false, 'Set to true if image should be deployed in Openshift registry.In this case, IMAGE_REGISTRY_USER_CREDENTIALS_ID, IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID, IMAGE_REGISTRY and IMAGE_NAMESPACE parameters will be ignored') + stringParam('IMAGE_REGISTRY_USER_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_USER_CREDENTIALS_ID}", 'Image registry user credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') + stringParam('IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID', "${CLOUD_IMAGE_REGISTRY_TOKEN_CREDENTIALS_ID}", 'Image registry token credentials id to use to deploy images. Will be ignored if no IMAGE_REGISTRY is given') stringParam('IMAGE_REGISTRY', "${CLOUD_IMAGE_REGISTRY}", 'Image registry to use to deploy images') stringParam('IMAGE_NAMESPACE', "${CLOUD_IMAGE_NAMESPACE}", 'Image namespace to use to deploy images') stringParam('IMAGE_NAME_SUFFIX', '', 'Image name suffix to use to deploy images. In case you need to change the final image name, you can add a suffix to it.')