Change nightly call to support new API tokens

check_releasepy.bash

@@ -1,7 +1,6 @@
 #!/bin/bash -e
 
 export _RELEASEPY_DEBUG=1
-export _RELEASEPY_TEST_CREDENTIALS=1
 
 test_dir=$(mktemp -d)
 export _RELEASEPY_TEST_RELEASE_REPO="${test_dir}/test-release"
@@ -27,6 +26,7 @@ exec_releasepy_test()
     ./release.py \
       --dry-run \
       --no-sanity-checks \
+      --auth user:fake \
     gz-foo 1.2.3 ${test_params}
 }
 
@@ -37,6 +37,7 @@ exec_ignition_releasepy_test()
     ./release.py \
       --dry-run \
       --no-sanity-checks \
+      --auth user:fake \
     ign-foo 1.2.3 ${test_params}
 }
 
@@ -47,6 +48,7 @@ exec_ignition_gazebo_releasepy_test()
     ./release.py \
       --dry-run \
       --no-sanity-checks \
+      --auth user:fake \
     ign-gazebo 1.2.3 ${test_params}
 }
 
@@ -56,6 +58,7 @@ exec_releasepy_with_real_gz()
     ./release.py \
       --dry-run \
       --no-sanity-checks \
+      --auth user:fake \
       --source-repo-uri http://github.com/gazebosim/gz-common \
       --source-repo-existing-ref http://github.com/gazebosim/gz-common/foo-tag \
     "${gz_pkg}" "${major_version}.x.y"

jenkins-scripts/dsl/_configs_/OSRFLinuxBuildPkg.groovy

@@ -2,6 +2,7 @@ package _configs_
 
 import javaposse.jobdsl.dsl.Job
 import _configs_.Globals
+import _configs_.OSRFCredentials
 
 /*
   -> OSRFLinuxBuildPkgBase
@@ -27,6 +28,7 @@ class OSRFLinuxBuildPkg
   static void create(Job job, Map default_params = [:])
   {
     OSRFLinuxBuildPkgBase.create(job)
+    OSRFCredentials.allowOsrfbuildToRunTheBuild(job)
 
     job.with
     {

jenkins-scripts/dsl/_configs_/OSRFReleasepy.groovy

@@ -9,6 +9,7 @@ class OSRFReleasepy
   {
     // Base class for the job
     OSRFUNIXBase.create(job)
+    OSRFCredentials.setOSRFCrendentials(job, ['OSRFBUILD_JENKINS_TOKEN'])
 
     job.with
     {
@@ -58,8 +59,6 @@ class OSRFReleasepy
 
         shell("""\
             #!/bin/bash -xe
-            set +x # keep password secret
-            PASS=\$(cat \$HOME/build_pass)
 
             dry_run_str=""
             if \$DRY_RUN; then
@@ -72,10 +71,11 @@ class OSRFReleasepy
             fi
 
             echo "releasing \${n} (from branch \${src_branch})"
-              python3 ./scripts/release.py \${dry_run_str} "\${PACKAGE}" "\${VERSION}" "\${PASS}" \${extra_osrf_repo} \
+              python3 ./scripts/release.py \${dry_run_str} "\${PACKAGE}" "\${VERSION}" \${extra_osrf_repo} \
+                      --auth "\${OSRFBUILD_USER}:\${OSRFBUILD_TOKEN}"' \
                       --source-tarball-uri \${SOURCE_TARBALL_URI} \
                       --release-repo-branch \${RELEASE_REPO_BRANCH} \
-                      --upload-to-repo \${UPLOAD_TO_REPO} > log
+                      --upload-to-repo \${UPLOAD_TO_REPO}
             echo " - done"
             """.stripIndent())
       }

jenkins-scripts/dsl/brew_release.dsl

@@ -51,6 +51,7 @@ void include_common_params(Job job)
 // 1. BREW pull request SHA updater
 def release_job = job("generic-release-homebrew_pull_request_updater")
 OSRFUNIXBase.create(release_job)
+OSRFCredentials.allowOsrfbuildToRunTheBuild(release_job)
 
 include_common_params(release_job)
 release_job.with

jenkins-scripts/dsl/ignition_collection.dsl

@@ -148,6 +148,7 @@ nightly_collection = gz_collections_yaml.collections
 
 def nightly_scheduler_job = job("ignition-${gz_nightly}-nightly-scheduler")
 OSRFUNIXBase.create(nightly_scheduler_job)
+OSRFCredentials.setOSRFCrendentials(nightly_scheduler_job, ['OSRFBUILD_JENKINS_TOKEN'])
 
 nightly_scheduler_job.with
 {
@@ -190,8 +191,6 @@ nightly_scheduler_job.with
   steps {
     shell("""\
           #!/bin/bash -xe
-          set +x # keep password secret
-          PASS=\$(cat \$HOME/build_pass)
 
           dry_run_str=""
           if \$DRY_RUN; then
@@ -240,7 +239,11 @@ nightly_scheduler_job.with
               fi
 
               echo "releasing \${n} (from branch \${src_branch})"
-              python3 ./scripts/release.py \${dry_run_str} "\${n}" nightly "\${PASS}" --release-repo-branch main --nightly-src-branch \${src_branch} --upload-to-repo nightly > log || echo "MARK_AS_UNSTABLE"
+              python3 ./scripts/release.py \${dry_run_str} "\${n}" nightly \
+                      --auth "\${OSRFBUILD_USER}:\${OSRFBUILD_TOKEN}"' \
+                      --release-repo-branch main \
+                      --nightly-src-branch \${src_branch} \
+                      --upload-to-repo nightly
               echo " - done"
           done
 

release.py

@@ -128,6 +128,9 @@ def parse_args(argv):
     parser.add_argument('version', help='which version to release')
     parser.add_argument('--dry-run', dest='dry_run', action='store_true', default=False,
                         help='dry-run; i.e., do actually run any of the commands')
+    parser.add_argument('--auth', dest='auth_input_arg',
+                        default=None,
+                        help='Explicit jenkins user:token string overriding the jenkins.ini credentials file.')
     parser.add_argument('-a', '--package-alias', dest='package_alias',
                         default=None,
                         help='different name that we are releasing under')
@@ -182,12 +185,6 @@ def parse_args(argv):
 # BEGIN: Credentials code copied from ros_buildfarm
 #
 def get_credentials(jenkins_url=None):
-    try:
-        if os.environ['_RELEASEPY_TEST_CREDENTIALS']:
-            return 'fake_user', 'fake_api_token'
-    except KeyError:
-        pass
-
     config = ConfigParser()
     config_file = get_credential_path()
     if not os.path.exists(config_file):
@@ -382,13 +379,8 @@ def sanity_checks(args, repo_dir):
         sanity_check_sdformat_versions(args.package, args.version)
         sanity_project_package_in_stable(args.version, args.upload_to_repository)
 
-    try:
-        if os.environ['_RELEASEPY_TEST_CREDENTIALS']:
-           pass
-    except KeyError:
-        check_credentials()
-        print_success("Jenkins credentials are good")
-
+    check_credentials(args.auth_input_arg)
+    print_success("Jenkins credentials are good")
     shutil.rmtree(repo_dir)
 
 
@@ -539,23 +531,34 @@ def generate_source_params(args):
 
     return params
 
-def build_credentials_header():
-    username, api_token = get_credentials(JENKINS_URL)
-    if not username:
-        exit(1)
+def build_credentials_header(auth_input_arg = None):
+    if auth_input_arg:
+        if len(auth_input_arg.split(':')) != 2:
+            error("Auth string is not in the form of 'user:token' ")
+        username, api_token = auth_input_arg.split(':')
+    else:
+        username, api_token = get_credentials(JENKINS_URL)
+        if not username:
+            exit(1)
 
     return make_headers(basic_auth=f'{username}:{api_token}')
 
-def check_credentials():
+def check_credentials(auth_input_arg = None):
     http = urllib3.PoolManager()
-    response = http.request('GET', JENKINS_URL, headers=build_credentials_header())
+    response = http.request('GET',
+                            JENKINS_URL,
+                            headers=build_credentials_header(auth_input_arg))
     if response.status != 200:
         print(f"Crendentials error: {response.status}: {response.reason}")
         http.clear()
         exit(1)
 
-def call_jenkins_build(job_name, params, output_string,
-                       search_description_help):
+
+def call_jenkins_build(job_name,
+                       params,
+                       output_string,
+                       search_description_help,
+                       auth_input_arg = None):
     # Only to help user feedback this block
     help_url = f'{JENKINS_URL}/job/{job_name}'
     if search_description_help:
@@ -573,7 +576,9 @@ def call_jenkins_build(job_name, params, output_string,
     if not DRY_RUN:
         http = urllib3.PoolManager()
         try :
-            response = http.request('POST', url , headers=build_credentials_header())
+            response = http.request('POST',
+                                    url ,
+                                    headers=build_credentials_header(auth_input_arg))
             # 201 code is "created", it is the expected return of POST
             if response.status != 201:
                 print(f"Error {response.status}: {response.reason}")