From 4c65d2a654d9e1d3dced632f89e3a924cc251bac Mon Sep 17 00:00:00 2001 From: Viacheslav Sarzhan Date: Fri, 17 Mar 2023 13:26:19 +0200 Subject: [PATCH 1/2] pass docker credentials flawlessly --- cloud/jenkins/ps_containers_docker_build.groovy | 14 +++++--------- 1 file changed, 5 insertions(+), 9 deletions(-) diff --git a/cloud/jenkins/ps_containers_docker_build.groovy b/cloud/jenkins/ps_containers_docker_build.groovy index f36f92fa7f..5f676be4a3 100644 --- a/cloud/jenkins/ps_containers_docker_build.groovy +++ b/cloud/jenkins/ps_containers_docker_build.groovy @@ -33,7 +33,7 @@ void checkImageForDocker(String IMAGE_SUFFIX){ sh """ IMAGE_SUFFIX=${IMAGE_SUFFIX} IMAGE_NAME='percona-server-mysql-operator' - TrivyLog="$WORKSPACE/trivy-\$IMAGE_NAME-\${IMAGE_SUFFIX}.xml" + TrivyLog="$WORKSPACE/trivy-\$IMAGE_NAME-${IMAGE_SUFFIX}.xml" wget https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/junit.tpl sg docker -c " @@ -44,20 +44,16 @@ void checkImageForDocker(String IMAGE_SUFFIX){ } } void pushImageToDocker(String IMAGE_POSTFIX){ - withCredentials([usernamePassword(credentialsId: 'hub.docker.com', passwordVariable: 'PASS', usernameVariable: 'USER'), file(credentialsId: 'DOCKER_REPO_KEY', variable: 'docker_key')]) { + withCredentials([usernamePassword(credentialsId: 'hub.docker.com', passwordVariable: 'PASS', usernameVariable: 'USER')]) { sh """ - sg docker -c ' - if [ ! -d ~/.docker/trust/private ]; then - mkdir -p /home/ec2-user/.docker/trust/private - cp "${docker_key}" ~/.docker/trust/private/ - fi - + IMAGE_POSTFIX=${IMAGE_POSTFIX} + sg docker -c " docker login -u '${USER}' -p '${PASS}' export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="${DOCKER_REPOSITORY_PASSPHRASE}" docker trust sign perconalab/percona-server-mysql-operator:${GIT_PD_BRANCH}-${IMAGE_POSTFIX} docker push perconalab/percona-server-mysql-operator:${GIT_PD_BRANCH}-${IMAGE_POSTFIX} docker logout - ' + " """ } } From 6b1a6bc0759f332696bbbc4462719ab7fdfde8b7 Mon Sep 17 00:00:00 2001 From: Viacheslav Sarzhan Date: Fri, 17 Mar 2023 13:49:13 +0200 Subject: [PATCH 2/2] fix enterin passphrase --- cloud/jenkins/ps_containers_docker_build.groovy | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/cloud/jenkins/ps_containers_docker_build.groovy b/cloud/jenkins/ps_containers_docker_build.groovy index 5f676be4a3..dd46a26f6c 100644 --- a/cloud/jenkins/ps_containers_docker_build.groovy +++ b/cloud/jenkins/ps_containers_docker_build.groovy @@ -44,10 +44,14 @@ void checkImageForDocker(String IMAGE_SUFFIX){ } } void pushImageToDocker(String IMAGE_POSTFIX){ - withCredentials([usernamePassword(credentialsId: 'hub.docker.com', passwordVariable: 'PASS', usernameVariable: 'USER')]) { + withCredentials([usernamePassword(credentialsId: 'hub.docker.com', passwordVariable: 'PASS', usernameVariable: 'USER'), file(credentialsId: 'DOCKER_REPO_KEY', variable: 'docker_key')]) { sh """ IMAGE_POSTFIX=${IMAGE_POSTFIX} sg docker -c " + if [ ! -d ~/.docker/trust/private ]; then + mkdir -p /home/ec2-user/.docker/trust/private + cp '${docker_key}' ~/.docker/trust/private/ + fi docker login -u '${USER}' -p '${PASS}' export DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE="${DOCKER_REPOSITORY_PASSPHRASE}" docker trust sign perconalab/percona-server-mysql-operator:${GIT_PD_BRANCH}-${IMAGE_POSTFIX}