CI: set up staging credentials when pushing to upstream
The commit 7d9550327b8d added a push back to staging repositories
after pushing to upstream in order to propagate phase changes.
Therefore we have to set up credentials needed to push to staging
to make it work in CI context.
--- a/ci/steps.groovy Sun Jul 10 10:54:11 2022 +0200
+++ b/ci/steps.groovy Wed Jul 27 10:44:38 2022 +0100
@@ -223,7 +223,6 @@
return combinations;
}
-
def matrix(configurations, block) {
def combinations = combine(configurations).toArray()
def branches = [failFast: true]
@@ -312,8 +311,8 @@
*/
def withCredentialsForUpstream(block) {
/*
- * Kludge: Upstream repositories may be on a public BitBucket
- * server. To access repos on BitBucket, I (JV) don't
+ * Kludge: Upstream repositories may be on a different (public)
+ * server. To access repos on there, I (JV) don't
* want to use the same key / password as for checkouts from
* staging repositories,
*
@@ -322,38 +321,54 @@
* push to upstrem repository. If no such credentials exist,
* use standard credentials.
*
- * So, here we go:
+ * Also, the push-upstream also pushed back to repositories
+ * we checked out (staging repositories). This is to correctly
+ * propagate phase changes back, especially when draft changeset
+ * become public.
+ *
+ * So, we need to use both while pushing.
+ *
+ * Kludge: we assume here that "staging" credentials are using
+ * SSH. This is a limitation coming from Rakefiles.
*/
- def id1 = "workflow-push-upstream";
- def id2 = scm.getCredentialsId();
- def credentials = null;
+ def stagingCredsId = "workflow-push-upstream";
+ def stagingCreds = null;
+ def upstreamCred = null;
for (StandardUsernameCredentials c : CredentialsProvider.lookupCredentials(StandardUsernameCredentials.class)) {
- if (c.getId().equals(id1)) {
- credentials = c;
- break;
- }
- }
- if (credentials == null) {
- for (StandardUsernameCredentials c : CredentialsProvider.lookupCredentials(StandardUsernameCredentials.class)) {
- if (c.getId().equals(id2)) {
- credentials = c;
- break;
- }
+ if (c.getId().equals(scm.getCredentialsId())) {
+ stagingCreds = c;
+ } else if (c.getId().equals(stagingCredsId)) {
+ upstreamCred = c;
}
}
- println "Using upstream credentials ${credentials.getId()}: ${credentials.getDescription()}"
+ //
+ // Validate credentials
+ //
+ if (stagingCreds == null) {
+ error("Staging repository credentials not found (id ${scm.getCredentialsId()})")
+ } else if (! (stagingCreds instanceof SSHUserPrivateKey)) {
+ error("Staging repository credentials are not of type 'SSH private key' (id ${scm.getCredentialsId()})")
+ }
- if (credentials instanceof SSHUserPrivateKey) {
- sshagent([ credentials.getId() ]) {
- // sh "rake \"workflow:push-upstream\""
- block(null, null)
- }
- } else {
- withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: credentials.getId(), passwordVariable: 'pass', usernameVariable: 'user']]) {
- // sh "rake \"workflow:push-upstream[${user}, ${pass}]\""
- block(user, pass)
+ if (upstreamCred == null) {
+ println "Upstream repository credentials not found (id ${stagingCredsId}), using staging credentials for upstream"
+ upstreamCred = stagingCreds;
+ }
+
+ println "Using staging repository credentials ${stagingCreds.getId()}: ${stagingCreds.getDescription()}"
+ println "Using upstream repository credentials ${upstreamCred.getId()}: ${upstreamCred.getDescription()}"
+
+ sshagent([ stagingCreds.getId() ]) {
+ if (upstreamCred instanceof SSHUserPrivateKey) {
+ sshagent([ upstreamCred.getId() ]) {
+ block(null, null)
+ }
+ } else {
+ withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: upstreamCred.getId(), passwordVariable: 'pass', usernameVariable: 'user']]) {
+ block(user, pass)
+ }
}
}
}