diff --git a/check_releasepy.bash b/check_releasepy.bash index 161319ce5..814924955 100755 --- a/check_releasepy.bash +++ b/check_releasepy.bash @@ -1,7 +1,6 @@ #!/bin/bash -e export _RELEASEPY_DEBUG=1 -export _RELEASEPY_TEST_CREDENTIALS=1 test_dir=$(mktemp -d) export _RELEASEPY_TEST_RELEASE_REPO="${test_dir}/test-release" @@ -27,6 +26,7 @@ exec_releasepy_test() ./release.py \ --dry-run \ --no-sanity-checks \ + --auth user:fake \ gz-foo 1.2.3 ${test_params} } @@ -37,6 +37,7 @@ exec_ignition_releasepy_test() ./release.py \ --dry-run \ --no-sanity-checks \ + --auth user:fake \ ign-foo 1.2.3 ${test_params} } @@ -47,6 +48,7 @@ exec_ignition_gazebo_releasepy_test() ./release.py \ --dry-run \ --no-sanity-checks \ + --auth user:fake \ ign-gazebo 1.2.3 ${test_params} } @@ -56,6 +58,7 @@ exec_releasepy_with_real_gz() ./release.py \ --dry-run \ --no-sanity-checks \ + --auth user:fake \ --source-repo-uri http://github.com/gazebosim/gz-common \ --source-repo-existing-ref http://github.com/gazebosim/gz-common/foo-tag \ "${gz_pkg}" "${major_version}.x.y" diff --git a/jenkins-scripts/dsl/_configs_/OSRFLinuxBuildPkg.groovy b/jenkins-scripts/dsl/_configs_/OSRFLinuxBuildPkg.groovy index 97ad235a3..fa100e6d9 100644 --- a/jenkins-scripts/dsl/_configs_/OSRFLinuxBuildPkg.groovy +++ b/jenkins-scripts/dsl/_configs_/OSRFLinuxBuildPkg.groovy @@ -2,6 +2,7 @@ package _configs_ import javaposse.jobdsl.dsl.Job import _configs_.Globals +import _configs_.OSRFCredentials /* -> OSRFLinuxBuildPkgBase @@ -27,6 +28,7 @@ class OSRFLinuxBuildPkg static void create(Job job, Map default_params = [:]) { OSRFLinuxBuildPkgBase.create(job) + OSRFCredentials.allowOsrfbuildToRunTheBuild(job) job.with { diff --git a/jenkins-scripts/dsl/_configs_/OSRFReleasepy.groovy b/jenkins-scripts/dsl/_configs_/OSRFReleasepy.groovy index 2dac2bce2..203dade3c 100644 --- a/jenkins-scripts/dsl/_configs_/OSRFReleasepy.groovy +++ b/jenkins-scripts/dsl/_configs_/OSRFReleasepy.groovy @@ -9,6 +9,7 @@ class OSRFReleasepy { // Base class for the job OSRFUNIXBase.create(job) + OSRFCredentials.setOSRFCrendentials(job, ['OSRFBUILD_JENKINS_TOKEN']) job.with { @@ -58,8 +59,6 @@ class OSRFReleasepy shell("""\ #!/bin/bash -xe - set +x # keep password secret - PASS=\$(cat \$HOME/build_pass) dry_run_str="" if \$DRY_RUN; then @@ -72,10 +71,11 @@ class OSRFReleasepy fi echo "releasing \${n} (from branch \${src_branch})" - python3 ./scripts/release.py \${dry_run_str} "\${PACKAGE}" "\${VERSION}" "\${PASS}" \${extra_osrf_repo} \ + python3 ./scripts/release.py \${dry_run_str} "\${PACKAGE}" "\${VERSION}" \${extra_osrf_repo} \ + --auth "\${OSRFBUILD_USER}:\${OSRFBUILD_TOKEN}"' \ --source-tarball-uri \${SOURCE_TARBALL_URI} \ --release-repo-branch \${RELEASE_REPO_BRANCH} \ - --upload-to-repo \${UPLOAD_TO_REPO} > log + --upload-to-repo \${UPLOAD_TO_REPO} echo " - done" """.stripIndent()) } diff --git a/jenkins-scripts/dsl/brew_release.dsl b/jenkins-scripts/dsl/brew_release.dsl index 3644b0c31..c467c6fe4 100644 --- a/jenkins-scripts/dsl/brew_release.dsl +++ b/jenkins-scripts/dsl/brew_release.dsl @@ -51,6 +51,7 @@ void include_common_params(Job job) // 1. BREW pull request SHA updater def release_job = job("generic-release-homebrew_pull_request_updater") OSRFUNIXBase.create(release_job) +OSRFCredentials.allowOsrfbuildToRunTheBuild(release_job) include_common_params(release_job) release_job.with diff --git a/jenkins-scripts/dsl/ignition_collection.dsl b/jenkins-scripts/dsl/ignition_collection.dsl index f214e5a9b..fabdbfb2a 100644 --- a/jenkins-scripts/dsl/ignition_collection.dsl +++ b/jenkins-scripts/dsl/ignition_collection.dsl @@ -148,6 +148,7 @@ nightly_collection = gz_collections_yaml.collections def nightly_scheduler_job = job("ignition-${gz_nightly}-nightly-scheduler") OSRFUNIXBase.create(nightly_scheduler_job) +OSRFCredentials.setOSRFCrendentials(nightly_scheduler_job, ['OSRFBUILD_JENKINS_TOKEN']) nightly_scheduler_job.with { @@ -190,8 +191,6 @@ nightly_scheduler_job.with steps { shell("""\ #!/bin/bash -xe - set +x # keep password secret - PASS=\$(cat \$HOME/build_pass) dry_run_str="" if \$DRY_RUN; then @@ -240,7 +239,11 @@ nightly_scheduler_job.with fi echo "releasing \${n} (from branch \${src_branch})" - python3 ./scripts/release.py \${dry_run_str} "\${n}" nightly "\${PASS}" --release-repo-branch main --nightly-src-branch \${src_branch} --upload-to-repo nightly > log || echo "MARK_AS_UNSTABLE" + python3 ./scripts/release.py \${dry_run_str} "\${n}" nightly \ + --auth "\${OSRFBUILD_USER}:\${OSRFBUILD_TOKEN}"' \ + --release-repo-branch main \ + --nightly-src-branch \${src_branch} \ + --upload-to-repo nightly echo " - done" done diff --git a/release.py b/release.py index 3f024c0ee..d27cebbd2 100755 --- a/release.py +++ b/release.py @@ -128,6 +128,9 @@ def parse_args(argv): parser.add_argument('version', help='which version to release') parser.add_argument('--dry-run', dest='dry_run', action='store_true', default=False, help='dry-run; i.e., do actually run any of the commands') + parser.add_argument('--auth', dest='auth_input_arg', + default=None, + help='Explicit jenkins user:token string overriding the jenkins.ini credentials file.') parser.add_argument('-a', '--package-alias', dest='package_alias', default=None, help='different name that we are releasing under') @@ -182,12 +185,6 @@ def parse_args(argv): # BEGIN: Credentials code copied from ros_buildfarm # def get_credentials(jenkins_url=None): - try: - if os.environ['_RELEASEPY_TEST_CREDENTIALS']: - return 'fake_user', 'fake_api_token' - except KeyError: - pass - config = ConfigParser() config_file = get_credential_path() if not os.path.exists(config_file): @@ -382,13 +379,8 @@ def sanity_checks(args, repo_dir): sanity_check_sdformat_versions(args.package, args.version) sanity_project_package_in_stable(args.version, args.upload_to_repository) - try: - if os.environ['_RELEASEPY_TEST_CREDENTIALS']: - pass - except KeyError: - check_credentials() - print_success("Jenkins credentials are good") - + check_credentials(args.auth_input_arg) + print_success("Jenkins credentials are good") shutil.rmtree(repo_dir) @@ -539,23 +531,34 @@ def generate_source_params(args): return params -def build_credentials_header(): - username, api_token = get_credentials(JENKINS_URL) - if not username: - exit(1) +def build_credentials_header(auth_input_arg = None): + if auth_input_arg: + if len(auth_input_arg.split(':')) != 2: + error("Auth string is not in the form of 'user:token' ") + username, api_token = auth_input_arg.split(':') + else: + username, api_token = get_credentials(JENKINS_URL) + if not username: + exit(1) return make_headers(basic_auth=f'{username}:{api_token}') -def check_credentials(): +def check_credentials(auth_input_arg = None): http = urllib3.PoolManager() - response = http.request('GET', JENKINS_URL, headers=build_credentials_header()) + response = http.request('GET', + JENKINS_URL, + headers=build_credentials_header(auth_input_arg)) if response.status != 200: print(f"Crendentials error: {response.status}: {response.reason}") http.clear() exit(1) -def call_jenkins_build(job_name, params, output_string, - search_description_help): + +def call_jenkins_build(job_name, + params, + output_string, + search_description_help, + auth_input_arg = None): # Only to help user feedback this block help_url = f'{JENKINS_URL}/job/{job_name}' if search_description_help: @@ -573,7 +576,9 @@ def call_jenkins_build(job_name, params, output_string, if not DRY_RUN: http = urllib3.PoolManager() try : - response = http.request('POST', url , headers=build_credentials_header()) + response = http.request('POST', + url , + headers=build_credentials_header(auth_input_arg)) # 201 code is "created", it is the expected return of POST if response.status != 201: print(f"Error {response.status}: {response.reason}")