Skip to content

Commit

Permalink
Support ssh private key Jenkins credentials for chart publish (#747)
Browse files Browse the repository at this point in the history
  • Loading branch information
andytson-inviqa authored Mar 14, 2023
1 parent 7c551c3 commit b2ee54e
Show file tree
Hide file tree
Showing 3 changed files with 17 additions and 8 deletions.
9 changes: 7 additions & 2 deletions src/_base/application/overlay/Jenkinsfile.twig
Original file line number Diff line number Diff line change
Expand Up @@ -67,11 +67,16 @@ pipeline {
{% endif %}
{% if bool(@('pipeline.publish.enabled')) %}
stage('Publish') {
{% if @('pipeline.publish.environment') %}
{% set env = @('pipeline.publish.environment') %}
{% set ssh_credential_id = @('pipeline.publish.chart.git.ssh_credential_id') %}
{% if env or ssh_credential_id %}
environment {
{% for key, value in @('pipeline.publish.environment') %}
{% for key, value in env %}
{{ key }} = {{ value }}
{% endfor %}
{% if ssh_credential_id %}
WS_APP_PUBLISH_CHART_SSH_PRIVATE_KEY = credentials('{{ ssh_credential_id }}')
{% endif %}
}
{% endif %}
when {
Expand Down
6 changes: 4 additions & 2 deletions src/_base/harness/attributes/common.yml
Original file line number Diff line number Diff line change
Expand Up @@ -44,14 +44,16 @@ attributes.default:
# * is deprecated and will be limited to one branch by default in a future release
branches:
- '*'
# For defining environment variables in Jenkins, e.g. loading up docker username/password from a Jenkins
# credential
# For defining environment variables in Jenkins
environment: {}
# when enabled the application helm chart will be published
# to the given git repository.
chart:
enabled: false
git:
# A SSH Username with private key Jenkins credential id.
# Preferred over ssh_private_key to store credentials local development doesn't need
ssh_credential_id: ~
# private key with write access to the repository
ssh_private_key: = @('pipeline.publish.chart.git.key')
# eg. git@github.com:organisation/project.git
Expand Down
10 changes: 6 additions & 4 deletions src/_base/harness/config/pipeline.yml
Original file line number Diff line number Diff line change
Expand Up @@ -60,10 +60,13 @@ command('app publish chart <release> <message>'):
#!bash(workspace:/)|@
run rm -rf build-artifacts-repository
echo "${SSH_PRIVATE_KEY}" | base64 -d > id_rsa
chmod 0600 id_rsa
export GIT_SSH_COMMAND='ssh -i ./id_rsa -o "IdentitiesOnly yes" -F /dev/null -o StrictHostKeyChecking=no'
if [ -n "${SSH_PRIVATE_KEY:-}" ]; then
WS_APP_PUBLISH_CHART_SSH_PRIVATE_KEY="$(pwd)/id_ssh"
(umask 0077 && echo "${SSH_PRIVATE_KEY}" | base64 -d > "${WS_APP_PUBLISH_CHART_SSH_PRIVATE_KEY}")
fi
export GIT_SSH_COMMAND='ssh -i '"$(printf '%q' "$WS_APP_PUBLISH_CHART_SSH_PRIVATE_KEY")"' -o "IdentitiesOnly yes" -F /dev/null -o StrictHostKeyChecking=no'
run git clone "$REPOSITORY" ./build-artifacts-repository
run git -C ./build-artifacts-repository config user.name "${GIT_USER_NAME}"
Expand All @@ -72,7 +75,6 @@ command('app publish chart <release> <message>'):
run mkdir -p $ARTIFACTS_PATH
run rsync --exclude='*.twig' --exclude='_twig' --delete -a .my127ws/helm/app/ "${ARTIFACTS_PATH}/"
export GIT_SSH_COMMAND='ssh -i ../id_rsa -o "IdentitiesOnly yes" -F /dev/null -o StrictHostKeyChecking=no'
run git -C ./build-artifacts-repository add .
run "git -C ./build-artifacts-repository commit --allow-empty -m '${MESSAGE}'"
run git -C ./build-artifacts-repository push origin -u HEAD
Expand Down

0 comments on commit b2ee54e

Please sign in to comment.