Performing better masking on credentials; renaming env variables; cleaning up after Docker agents.

2022-09-03 23:28:54 -04:00 · 2022-09-03 23:28:54 -04:00 · 9d3b41f338
parent 5e4a63af9c
commit 9d3b41f338
2 changed files with 30 additions and 13 deletions
--- a/.groovylintrc.json
+++ b/.groovylintrc.json
@ -0,0 +1,8 @@
+{
+    "extends": "recommended",
+    "rules": {
+        "NestedBlockDepth": {
+            "enabled": false
+        }
+    }
+}
--- a/31
+++ b/31
@ -1,19 +1,21 @@
 pipeline {
-
    agent none

    environment {
        HOME = "${env.WORKSPACE}"
-        DOCKER_REGISTRY = 'https://registry.digitalocean.com'
-        DOCKER_IMAGE_NAME = 'registry.digitalocean.com/ailuridae-registry/ailuridae.io/everybodymov'
-        DOCKER_IMAGE = ''
+        PYTHON_IMAGE = 'python:3.10-slim-bullseye'
+        CREDENTIALS_ID = 'digital-ocean-ailuridae-registry'
+        REGISTRY = 'https://registry.digitalocean.com'
+        IMAGE_NAME = 'registry.digitalocean.com/ailuridae-registry/ailuridae.io/everybodymov'
+        IMAGE_BUILD = ''
    }

    stages {
        stage('Setup') {
            agent {
                docker {
-                    image 'python:3.10-slim-bullseye'
+                    image env.PYTHON_IMAGE
+                    args '--rm'
                }
            }
            steps {
@ -25,7 +27,8 @@ pipeline {
        stage('Check') {
            agent {
                docker {
-                    image 'python:3.10-slim-bullseye'
+                    image env.PYTHON_IMAGE
+                    args '--rm'
                }
            }
            steps {
@ -40,7 +43,7 @@ pipeline {
            }
            steps {
                script {
-                    DOCKER_IMAGE = docker.build("${DOCKER_IMAGE_NAME}")
+                    IMAGE_BUILD = docker.build("${IMAGE_NAME}")
                }
            }
        }
@ -53,9 +56,16 @@ pipeline {
            }
            steps {
                script {
-                    docker.withRegistry(env.DOCKER_REGISTRY, 'digital-ocean-ailuridae-registry') {
-                        DOCKER_IMAGE.push("${BUILD_NUMBER}")
-                        DOCKER_IMAGE.push('latest')
+                    // withCredentials annoyingly required to mask token.
+                    withCredentials([usernamePassword(
+                        credentialsId: env.CREDENTIALS_ID,
+                        usernameVariable: 'API_TOKEN_USER',
+                        passwordVariable: 'API_TOKEN_PASS'
+                    )]) {
+                        docker.withRegistry(env.REGISTRY, env.CREDENTIALS_ID) {
+                            IMAGE_BUILD.push("${BUILD_NUMBER}")
+                            IMAGE_BUILD.push('latest')
+                        }
                    }
                }
            }
@ -69,5 +79,4 @@ pipeline {
            }
        }
    }
-
 }