gazebo-tooling · j-rivero · Dec 4, 2020 · Feb 23, 2021 · Feb 23, 2021 · Feb 23, 2021
@@ -0,0 +1,19 @@
+package _configs_
+
+import javaposse.jobdsl.dsl.Job
+
+class GitHubCredentials
+{
+  static void createOsrfbuildToken(Job job)
+  {
+    job.with
+    {
+      wrappers {
+        // credential name needs to be in sync with provision code at infra/osrf-chef repo
+        credentialsBinding {
+          string('GITHUB_TOKEN', 'osrfbuild-token')
+        }
+      }
+    }
+  }
+}
@@ -52,6 +52,7 @@ void include_common_params(Job job)
 def release_job = job("generic-release-homebrew_pull_request_updater")
 OSRFUNIXBase.create(release_job)
 GenericRemoteToken.create(release_job)
+GitHubCredentials.createOsrfbuildToken(release_job)
 
 include_common_params(release_job)
 release_job.with
@@ -133,10 +134,6 @@ bottle_job_builder.with
 {
    wrappers {
         preBuildCleanup()
-        credentialsBinding {
-          // crendetial name needs to be in sync with provision code at infra/osrf-chef repo
-          string('GITHUB_TOKEN', 'osrf-migration-token')
-        }
    }
 
    properties {
@@ -241,6 +238,7 @@ bottle_job_builder.with
 def bottle_job_hash_updater = job(bottle_hash_updater_job_name)
 OSRFUNIXBase.create(bottle_job_hash_updater)
 GenericRemoteToken.create(bottle_job_hash_updater)
+GitHubCredentials.createOsrfbuildToken(bottle_job_hash_updater)
 
 include_common_params(bottle_job_hash_updater)
 bottle_job_hash_updater.with
@@ -254,9 +252,9 @@ bottle_job_hash_updater.with
 
   parameters
   {
-    // reuse the pull request created by homebrew_pull_request_updater in step 1
-    stringParam("PULL_REQUEST_URL", '',
-                'Pull request URL (osrf/homebrew-simulation) pointing to a pull request.')
+     // reuse the pull request created by homebrew_pull_request_updater in step 1
+     stringParam("PULL_REQUEST_URL", '',
+                 'Pull request URL (osrf/homebrew-simulation) pointing to a pull request.')
   }
 
   steps

@@ -15,3 +15,55 @@ OSRFLinuxCompilationAnyGitHub.create(ignition_ci_pr_job,
                                      false,
                                      false,
                                      ['main'])
+def test_credentials_token_job = job("_test_job_osrfbuild-credentials-token_from_dsl")
+OSRFBase.create(test_credentials_token_job)
+GitHubCredentials.createOsrfbuildToken(test_credentials_token_job)
+test_credentials_token_job.with
+{
+  label "osx"
+
+  steps {
+    shell("""\
+          #!/bin/bash -xe
+
+          # Check push+commit permissions for osrfbuild by uploading/deleting a
+          # branch. Note that call to the API for permissions require of admin
+          # perms that osrfbuild user does not have. Personal tokens don't
+          # support ssh but https only.
+
+          git clone https://github.com/osrfbuild/homebrew-simulation.git
+          cd homebrew-simulation
+          git config user.name 'osrfbuild' --replace-all
+          git config user.email '[email protected]' --replace-all
+          set +x
+          git config url."https://osrfbuild:\${GITHUB_TOKEN}@github.com/osrfbuild/homebrew-simulation.git".InsteadOf https://github.com/osrfbuild/homebrew-simulation.git
+          set -x
+          git checkout -b _test_job_osrfbuild_
+          git commit --allow-empty -m "testing commit"
+          # protect token from errors
+          git push -u origin _test_job_osrfbuild_ > push_log
+          git push origin --delete _test_job_osrfbuild_ >> push_log
+          """.stripIndent())
+    }
+
+    publishers
+    {
+      postBuildScripts {
+        steps {
+          shell("""\
+                #!/bin/bash -xe
+
+                # remove token after the build ends unconditionally
+                rm -fr \${WORKSPACE}/homebrew-simulation/.git/config
+                """.stripIndent())
+        }
+
+        onlyIfBuildSucceeds(false)
+        onlyIfBuildFails(false)
+      }
+    }
+
+    wrappers {
+      preBuildCleanup()
+    }
+}
@@ -61,7 +61,7 @@ ${GIT} status
 echo
 ${GIT} show HEAD
 echo
-${GIT} push -u pr_head ${PULL_REQUEST_BRANCH}
+${GIT} push -u pr_head ${PULL_REQUEST_BRANCH} > ${WORKSPACE}/git-push.log
 
 
 # Create a pull request if one doesn't yet exist

@@ -8,32 +8,11 @@ echo '# BEGIN SECTION: check variables'
 if [ -z "${PULL_REQUEST_HEAD_REPO}" ]; then
   echo PULL_REQUEST_HEAD_REPO not specified, setting to osrfbuild
   echo
-  [email protected]:osrfbuild/homebrew-simulation.git
+  # personal tokens only support https
+  PULL_REQUEST_HEAD_REPO=https://github.com/osrfbuild/homebrew-simulation.git
 fi
 echo '# END SECTION'
 
-echo '# BEGIN SECTION: check github perms'
-# Github autentication. git access is provided by public key access
-# and hub cli needs a token
-if [[ -z $(ssh -T [email protected] 2>&1 | grep successfully) ]]; then
-    echo "The github connection seems not to be valid:"
-    ssh -T [email protected]
-    echo "Please check that the ssh key authentication is working"
-    exit 1
-fi
-
-GITHUB_TOKEN_FILE="/var/lib/jenkins/.github_token"
-if [[ ! -f ${GITHUB_TOKEN_FILE} ]]; then
-   echo "The hub cli tool needs a valid token at file ${GITHUB_TOKEN_FILE}"
-   echo "The file was not found"
-   exit 1
-fi
-
-set +x # keep password secret
-export GITHUB_TOKEN=`cat $GITHUB_TOKEN_FILE`
-set -x # back to debug
-echo '# END SECTION'
-
 echo '# BEGIN SECTION: download linuxbrew'
 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/master/install.sh)"
 echo '# END SECTION'
@@ -50,6 +29,14 @@ ${BREW} tap osrf/simulation
 TAP_PREFIX=$(${BREW} --repo osrf/simulation)
 GIT="git -C ${TAP_PREFIX}"
 ${GIT} remote add pr_head ${PULL_REQUEST_HEAD_REPO}
+# manage credentials
+if [[ -z ${GITHUB_TOKEN} ]]; then
+  echo "No GITHUB_TOKEN defined. Check the DSL configuration"
+  exit 1
+fi
+set +x
+git config url."https://osrfbuild:\${GITHUB_TOKEN}@github.com/osrfbuild/homebrew-simulation.git".InsteadOf https://github.com/osrfbuild/homebrew-simulation.git
+set -x
 # unshallow to get a full clone able to push
 ${GIT} fetch --unshallow || true
 ${GIT} fetch pr_head

@@ -26,7 +26,7 @@ if [ -z "${SOURCE_TARBALL_SHA}" ]; then
 fi
 echo '# END SECTION'
 
-PULL_REQUEST_HEAD_REPO=git@github.com:osrfbuild/homebrew-simulation.git
+PULL_REQUEST_HEAD_REPO=https://github.com/osrfbuild/homebrew-simulation.git
 
 . ${SCRIPT_LIBDIR}/_homebrew_github_setup.bash
 . ${SCRIPT_LIBDIR}/_homebrew_github_get_formula_path.bash