CI: Add https credentials to gerrit checkouts
authorGeorge Joseph <gjoseph@digium.com>
Thu, 16 Aug 2018 17:08:21 +0000 (11:08 -0600)
committerGeorge Joseph <gjoseph@digium.com>
Thu, 16 Aug 2018 18:34:07 +0000 (12:34 -0600)
If the review to be tested is in a project with restricted access,
we need to use the jenkins user's gerrit https credentials when we
do the checkout or the checkout will fail.

Change-Id: I9dc9994763c5ebfeb9f1cff60fb53f6902b7fd5f

tests/CI/gates.jenkinsfile
tests/CI/unittests.jenkinsfile

index ab0fd1c..c23114b 100644 (file)
@@ -79,33 +79,44 @@ pipeline {
                                                 *
                                                 * The Gerrit Trigger provides all the URLs and refspecs to
                                                 * check out the change.
+                                                *
+                                                * We need to retrieve the jenkins2 gerrit https credentials
+                                                * in case this review is in a restricted project.
                                                 */
-                                               checkout scm: [$class: 'GitSCM',
-                                                       branches: [[name: env.GERRIT_BRANCH ]],
-                                                       extensions: [
-                                                               [$class: 'ScmName', name: 'gerrit-public'],
-                                                               [$class: 'CleanBeforeCheckout'],
-                                                               [$class: 'PreBuildMerge', options: [
-                                                                       mergeRemote: 'gerrit-public',
-                                                                       fastForwardMode: 'NO_FF',
-                                                                       mergeStrategy: 'RECURSIVE',
-                                                                       mergeTarget: env.GERRIT_BRANCH]],
-                                                               [$class: 'CloneOption',
-                                                                       honorRefspec: true,
-                                                                       noTags: true,
-                                                                       depth: 10,
-                                                                       shallow: true
+                                               withCredentials([usernamePassword(credentialsId: env.JENKINS_GERRIT_CREDS,
+                                                       usernameVariable: 'gerrit_user')]) {
+
+                                                       checkout scm: [$class: 'GitSCM',
+                                                               branches: [[name: env.GERRIT_BRANCH ]],
+                                                               extensions: [
+                                                                       [$class: 'ScmName', name: 'gerrit-public'],
+                                                                       [$class: 'CleanBeforeCheckout'],
+                                                                       [$class: 'PreBuildMerge', options: [
+                                                                               mergeRemote: 'gerrit-public',
+                                                                               fastForwardMode: 'NO_FF',
+                                                                               mergeStrategy: 'RECURSIVE',
+                                                                               mergeTarget: env.GERRIT_BRANCH]],
+                                                                       [$class: 'CloneOption',
+                                                                               honorRefspec: true,
+                                                                               noTags: true,
+                                                                               depth: 10,
+                                                                               shallow: true
+                                                                       ],
+                                                                       [$class: 'PruneStaleBranch'],
+                                                                       [$class: 'BuildChooserSetting',
+                                                                               buildChooser: [$class: 'GerritTriggerBuildChooser']
+                                                                       ]
                                                                ],
-                                                               [$class: 'PruneStaleBranch'],
-                                                               [$class: 'BuildChooserSetting',
-                                                                       buildChooser: [$class: 'GerritTriggerBuildChooser']
+                                                               userRemoteConfigs: [
+                                                                       [
+                                                                       credentialsId: env.JENKINS_GERRIT_CREDS,
+                                                                       name: env.GERRIT_NAME,
+                                                                       refspec: env.GERRIT_REFSPEC,
+                                                                       url: env.GERRIT_PROJECT_URL.replaceAll("http(s)?://", "http\$1://${gerrit_user}@")
+                                                                       ]
                                                                ]
-                                                       ],
-                                                       userRemoteConfigs: [
-                                                               [name: env.GERRIT_NAME, refspec: env.GERRIT_REFSPEC, url: env.GERRIT_PROJECT_URL ]
                                                        ]
-                                               ]
-
+                                               }
                                                sh "sudo tests/CI/setupJenkinsEnvironment.sh"
                                        }
 
index 82bafff..332975c 100644 (file)
@@ -80,32 +80,44 @@ pipeline {
                                                 *
                                                 * The Gerrit Trigger provides all the URLs and refspecs to
                                                 * check out the change.
+                                                *
+                                                * We need to retrieve the jenkins2 gerrit https credentials
+                                                * in case this review is in a restricted project.
                                                 */
-                                               checkout scm: [$class: 'GitSCM',
-                                                       branches: [[name: env.GERRIT_BRANCH ]],
-                                                       extensions: [
-                                                               [$class: 'ScmName', name: 'gerrit-public'],
-                                                               [$class: 'CleanBeforeCheckout'],
-                                                               [$class: 'PreBuildMerge', options: [
-                                                                       mergeRemote: 'gerrit-public',
-                                                                       fastForwardMode: 'NO_FF',
-                                                                       mergeStrategy: 'RECURSIVE',
-                                                                       mergeTarget: env.GERRIT_BRANCH]],
-                                                               [$class: 'CloneOption',
-                                                                       honorRefspec: true,
-                                                                       noTags: true,
-                                                                       depth: 10,
-                                                                       shallow: true
+                                               withCredentials([usernamePassword(credentialsId: env.JENKINS_GERRIT_CREDS,
+                                                       usernameVariable: 'gerrit_user')]) {
+
+                                                       checkout scm: [$class: 'GitSCM',
+                                                               branches: [[name: env.GERRIT_BRANCH ]],
+                                                               extensions: [
+                                                                       [$class: 'ScmName', name: 'gerrit-public'],
+                                                                       [$class: 'CleanBeforeCheckout'],
+                                                                       [$class: 'PreBuildMerge', options: [
+                                                                               mergeRemote: 'gerrit-public',
+                                                                               fastForwardMode: 'NO_FF',
+                                                                               mergeStrategy: 'RECURSIVE',
+                                                                               mergeTarget: env.GERRIT_BRANCH]],
+                                                                       [$class: 'CloneOption',
+                                                                               honorRefspec: true,
+                                                                               noTags: true,
+                                                                               depth: 10,
+                                                                               shallow: true
+                                                                       ],
+                                                                       [$class: 'PruneStaleBranch'],
+                                                                       [$class: 'BuildChooserSetting',
+                                                                               buildChooser: [$class: 'GerritTriggerBuildChooser']
+                                                                       ]
                                                                ],
-                                                               [$class: 'PruneStaleBranch'],
-                                                               [$class: 'BuildChooserSetting',
-                                                                       buildChooser: [$class: 'GerritTriggerBuildChooser']
+                                                               userRemoteConfigs: [
+                                                                       [
+                                                                       credentialsId: env.JENKINS_GERRIT_CREDS,
+                                                                       name: env.GERRIT_NAME,
+                                                                       refspec: env.GERRIT_REFSPEC,
+                                                                       url: env.GERRIT_PROJECT_URL.replaceAll("http(s)?://", "http\$1://${gerrit_user}@")
+                                                                       ]
                                                                ]
-                                                       ],
-                                                       userRemoteConfigs: [
-                                                               [name: env.GERRIT_NAME, refspec: env.GERRIT_REFSPEC, url: env.GERRIT_PROJECT_URL ]
                                                        ]
-                                               ]
+                                               }
 
                                                sh "sudo tests/CI/setupJenkinsEnvironment.sh"
                                        }