docker secrets support

build.gradle

@@ -7,6 +7,8 @@ plugins {
 group project.artifact_group
 version project.artifact_version
 
+project.projectDir
+
 java {
     withSourcesJar()
     sourceCompatibility = targetCompatibility = project.java_min_version

src/main/groovy/util/DockerLogin.groovy

@@ -3,6 +3,8 @@ package util
 import groovy.transform.CompileStatic
 import groovy.transform.Memoized
 
+import java.util.function.Supplier
+
 @CompileStatic
 class DockerLogin {
 
@@ -20,21 +22,60 @@ class DockerLogin {
         ScriptLog.printf "Performing login to registry..."
 
         def registryName = CIProperties.getProperty("docker.registry")
-        def registryUser = CIProperties.getProperty("docker.registry.username")
-        def registryPassword = CIProperties.getProperty("docker.registry.password")
 
         if (registryName.isNullOrBlank()) {
             throw new IllegalStateException("Docker registry name not set")
         }
-        if (registryUser.isNullOrBlank()) {
-            throw new IllegalStateException("Docker registry user not set")
-        }
-        if (registryPassword.isNullOrBlank()) {
-            throw new IllegalStateException("Docker registry password not set")
-        }
 
-        sh "docker login $registryName -u $registryUser -p $registryPassword"
+        def credentials = getDockerCredentials()
+        validateCredentials(credentials)
+        invokeLogin(registryName, credentials)
 
         ScriptLog.printf "Login into docker registry '${registryName}' successful!"
     }
+
+    private static void invokeLogin(String registryName, DockerRegistryCredentials credentials) {
+        sh "docker login $registryName -u $credentials.username -p $credentials.password"
+    }
+
+    private static void validateCredentials(DockerRegistryCredentials credentials) {
+        if (credentials?.username?.isNullOrBlank()) {
+            throw new IllegalStateException("Docker registry user not set")
+        }
+        if (credentials?.password?.isNullOrBlank()) {
+            throw new IllegalStateException("Docker registry password not set")
+        }
+    }
+
+    private static DockerRegistryCredentials getDockerCredentials() {
+        def useFiles = CIProperties.findProperty("docker.registry.use-files")
+            .orNull()?.toBoolean() ?: false
+
+        if (useFiles) {
+            ScriptLog.printf "Reading docker registry credentials from files"
+            return readCredentialsFromFiles()
+        } else {
+            ScriptLog.printf "Reading docker registry credentials from envs"
+            return readCredentialsFromEnvs()
+        }
+    }
+
+    private static DockerRegistryCredentials readCredentialsFromEnvs() {
+        return new DockerRegistryCredentials(
+            username: CIProperties.getProperty("docker.registry.username"),
+            password: CIProperties.getProperty("docker.registry.password")
+        )
+    }
+
+    private static DockerRegistryCredentials readCredentialsFromFiles() {
+        return new DockerRegistryCredentials(
+            username: DockerSecret.read("registry.username"),
+            password: DockerSecret.read("registry.password")
+        )
+    }
+}
+
+class DockerRegistryCredentials {
+    String username
+    String password
 }

src/main/groovy/util/DockerSecret.groovy

@@ -0,0 +1,14 @@
+package util
+
+import groovy.transform.CompileStatic
+
+@CompileStatic
+class DockerSecret {
+
+    public static final String SECRET_NAME_PROPERTY_PREFIX = "docker.registry.secret"
+
+    static String read(String secretName) {
+        def location = CIProperties.getProperty("${SECRET_NAME_PROPERTY_PREFIX}.${secretName}")
+        return new File(location).in().readAllAsString()
+    }
+}