Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-51646

Pipeline does not resolve credentials symlinks

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Not A Defect
    • Icon: Minor Minor
    • docker-plugin
    • Jenkins 2.107.3
      Docker Pipeline 1.17

      Given these two Jenkinsfile, the one with the cp of the credentials file will be read when trying to do a docker push of a signed image using the private key,

      however, if we were to symlink to the file credentials it would not be found when trying to push a signed image. 

      node('master') {
 stage('Push to private registry') {
 withCredentials([
 string(credentialsId: 'repo_passphrase', variable: 'SIGNED_PASSPHRASE'),
 file(credentialsId: 'docker_pw', variable: 'DOCKER_PW'),
 file(credentialsId: 'trust_key', variable: 'TRUST_KEY')]) {
 withEnv([
 'DOCKER_CONTENT_TRUST=1',
 'DOCKER_CONTENT_TRUST_SERVER=https://privateregistry:4443',
 "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${NEMOUI_SIGNED_PASSPHRASE}"]) {
 sh "mkdir -p ${HOME}/.docker/trust/private"
 sh "ln -s ${TRUST_KEY} ${env.HOME}/.docker/trust/private/`basename ${TRUST_KEY}`"
 sh 'cat ${DOCKER_PW} | docker login privateregistry.com --username jenkins --password-stdin'
 sh "docker push privateregistry.com/library/image:${env.BUILD_ID}"
 sh 'docker logout privateregistry.com'
 sh "rm ${HOME}/.docker/trust/private/`basename ${TRUST_KEY}`"
 }
 }
 }
}

       

       

      node('master') {
 stage('Push to private registry') {
 withCredentials([
 string(credentialsId: 'repo_passphrase', variable: 'SIGNED_PASSPHRASE'),
 file(credentialsId: 'docker_pw', variable: 'DOCKER_PW'),
 file(credentialsId: 'trust_key', variable: 'TRUST_KEY')]) {
 withEnv([
 'DOCKER_CONTENT_TRUST=1',
 'DOCKER_CONTENT_TRUST_SERVER=https://privateregistry:4443',
 "DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE=${SIGNED_PASSPHRASE}"]) {
 sh "if [[ -d ${HOME}/.docker ]]; then rm -rf ${HOME}/.docker; fi"
 sh "mkdir -p ${HOME}/.docker/trust/private"
 sh "cp ${TRUST_KEY} ${HOME}/.docker/trust/private/`basename ${TRUST_KEY}`"
 sh 'ls -lah ${HOME}/.docker/trust/private/'
 sh 'cat ${DOCKER_PW} | docker login privateregistry.com --username jenkins --password-stdin'
 sh "docker push privateregistry.com/library/image:${BUILD_ID}"
 sh 'docker logout privateregistry.com'
 sh "rm ${HOME}/.docker/trust/private/`basename ${TRUST_KEY}`"
 }
 }
 }
}

          [JENKINS-51646] Pipeline does not resolve credentials symlinks

          ZackQ created issue -
          ZackQ made changes -
          Summary Original: Pipeline does not resolve symlinks New: Pipeline does not resolve credentials symlinks
          ZackQ made changes -
          Resolution New: Not A Defect [ 7 ]
          Status Original: Open [ 1 ] New: Closed [ 6 ]

            ndeloof Nicolas De Loof
            zackq ZackQ
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

              Created:
              Updated:
              Resolved: