docker secrets support
This commit is contained in:
@@ -3,6 +3,8 @@ package util
|
||||
import groovy.transform.CompileStatic
|
||||
import groovy.transform.Memoized
|
||||
|
||||
import java.util.function.Supplier
|
||||
|
||||
@CompileStatic
|
||||
class DockerLogin {
|
||||
|
||||
@@ -20,21 +22,60 @@ class DockerLogin {
|
||||
ScriptLog.printf "Performing login to registry..."
|
||||
|
||||
def registryName = CIProperties.getProperty("docker.registry")
|
||||
def registryUser = CIProperties.getProperty("docker.registry.username")
|
||||
def registryPassword = CIProperties.getProperty("docker.registry.password")
|
||||
|
||||
if (registryName.isNullOrBlank()) {
|
||||
throw new IllegalStateException("Docker registry name not set")
|
||||
}
|
||||
if (registryUser.isNullOrBlank()) {
|
||||
throw new IllegalStateException("Docker registry user not set")
|
||||
}
|
||||
if (registryPassword.isNullOrBlank()) {
|
||||
throw new IllegalStateException("Docker registry password not set")
|
||||
}
|
||||
|
||||
sh "docker login $registryName -u $registryUser -p $registryPassword"
|
||||
def credentials = getDockerCredentials()
|
||||
validateCredentials(credentials)
|
||||
invokeLogin(registryName, credentials)
|
||||
|
||||
ScriptLog.printf "Login into docker registry '${registryName}' successful!"
|
||||
}
|
||||
|
||||
private static void invokeLogin(String registryName, DockerRegistryCredentials credentials) {
|
||||
sh "docker login $registryName -u $credentials.username -p $credentials.password"
|
||||
}
|
||||
|
||||
private static void validateCredentials(DockerRegistryCredentials credentials) {
|
||||
if (credentials?.username?.isNullOrBlank()) {
|
||||
throw new IllegalStateException("Docker registry user not set")
|
||||
}
|
||||
if (credentials?.password?.isNullOrBlank()) {
|
||||
throw new IllegalStateException("Docker registry password not set")
|
||||
}
|
||||
}
|
||||
|
||||
private static DockerRegistryCredentials getDockerCredentials() {
|
||||
def useFiles = CIProperties.findProperty("docker.registry.use-files")
|
||||
.orNull()?.toBoolean() ?: false
|
||||
|
||||
if (useFiles) {
|
||||
ScriptLog.printf "Reading docker registry credentials from files"
|
||||
return readCredentialsFromFiles()
|
||||
} else {
|
||||
ScriptLog.printf "Reading docker registry credentials from envs"
|
||||
return readCredentialsFromEnvs()
|
||||
}
|
||||
}
|
||||
|
||||
private static DockerRegistryCredentials readCredentialsFromEnvs() {
|
||||
return new DockerRegistryCredentials(
|
||||
username: CIProperties.getProperty("docker.registry.username"),
|
||||
password: CIProperties.getProperty("docker.registry.password")
|
||||
)
|
||||
}
|
||||
|
||||
private static DockerRegistryCredentials readCredentialsFromFiles() {
|
||||
return new DockerRegistryCredentials(
|
||||
username: DockerSecret.read("registry.username"),
|
||||
password: DockerSecret.read("registry.password")
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
class DockerRegistryCredentials {
|
||||
String username
|
||||
String password
|
||||
}
|
||||
Reference in New Issue
Block a user