I am trying to pass to a shell step on my Jenkins job a variable defined like (script step):
env.PGPASSWORD = credentials('test')
When I try too access (sh''' step) to that variable(PGPASSWORD) making the exportto let my postgres grab the secret text:
export "${PGPASSWORD}"
It seems like that command from above is not grabbing the secret contained on the Jenkins credentials.
If I try to echo the PGPASSWORD variable it outputs:
#credentials(<anonymous>=test)
Related
I'm trying to get my head around Jenkins, I've uploaded a secret file to credentials and made it global but I can't seem to use it in my stage.
I'm trying to just echo out the file for now
steps { echo("My File: ${credentials('local_instance')}") }
but in the log I don't see the contents of the file just My File: #credentials(<anonymous>=local_instance). I need to be able to get the contents of the file and write it to a file named local.env, or as I uploaded it with local.env can I just pull the file and have it stored in my root?
The proper way to get access to credentials in Jenkins is withCredentials step.
withCredentials([file(credentialsId: 'youCredId', variable: 'secretFile')]) {
// do something with the file, for instance
sh 'cat $secretFile'
}
Where youCredId your file credential ID in Jenkins.
More information is here: https://www.jenkins.io/doc/pipeline/steps/credentials-binding/
There is another approach. In environment section of your declarative pipeline, you can assign an env variable with a credential value.
environment {
SECRET_FILE = credentials('youCredId')
}
But the first approach is more preferable because it allows you to reduce the scope of secret variable.
More information is here: https://www.jenkins.io/doc/book/pipeline/jenkinsfile/#handling-credentials
For my pipeline, I want to keep the subscription ID, tenant ID, client ID, and password all out of source control, and keep all of those in a single credential store in Jenkins. It seems that there is not a $class that matches this for withCredentials, but I just want to use credentials() in the environment anyways. Am I mistaken that the credentials('file') method reads as a single value, or is there a way to format that file such that Jenkins will parse it and make each secret available?
//Jenkinsfile (Declarative Pipeline)
pipeline {
agent { label 'AZcli' }
environment {
SECRETS_FILE = credentials('AZJenkinsSecretsFile')
}
Then what?
Let's say this is the AZJenkinsSecretsFile.txt that I've uploaded.
subscription=xxxx-xxx-xx-xx-x
tenant=xxx-xxx-xxx-xx
client=xxx-xxxx-xxx
password=password
When you create a Secretfile you will be given a Path to a temporary file with the secret content. Secret files are intended to be passed as a whole file. For example, you can have your kubeconfigs file as a Secretfile and then pass it directly to kubectl like kubectl --kubeconfig $SECRET_CONFIG.
If you want to export each line in the secret file as a variable, it's doable. But when you start using them in your shell steps their values will be exposed in the logs. In order to use them, you can use something like below.
sh """
source $SECRETS_FILE
echo "\$subscription"
echo "\$tenant"
"""
While all sites about environment variables on Azure Pipelines seem to talk about setting variables before pipeline start, I want to set (change) the variable PATH in one step and use it in a later step.
But using
steps:
- script: source ./export_variables.sh
displayName: "export variables"
- script: $PATH
displayName: "verify"
condition: succeeded()
where ./export_variables.sh contains something like
#!/bin/bash
export PATH=abc/def/bin:$PATH
does not fulfill the task: In the verify step PATH does not contain abc/def/bin.
What has to be changed so that upates of $PATH become permanent on the machine?
I have had the same issue. It was solved with the following lines in the YAML
steps:
- bash: |
export PATH="${PATH}:${HOME}/.local/bin"
echo "##vso[task.setvariable variable=PATH;]${PATH}"
Which gives me the variable set over the entire stage. Note that this will overwrite the PATH so use with care :)
I have two Jenkins job secret file variables called stage_xfile and prod_xfile.
ENV is another variable which contains the deploy environment variable stage/prod.
I want to dynamically access secret file for stage and prod in sh command like this:
cp ${${ENV}_xfile} db/secret/
I'm not able to make it work after trying different combinations. Any suggestions.
You can create file name in separate variable and then use it:
def fileName = "${ENV}_xfile"
sh "cp ${fileName} db/secret/"
Jenkins version: 2.6, Linux
Problem: The parameterized build variables are not are not visible (as env variables) in the Execution step "shell script", They used to be visible in the older 1.x jenkins version.
Steps:
Create a parameterized build with a multi configuration project.
Add a parameter to the build (using This project is parameterized-> string parameter, {if that matters} ).
Add a build step "Execute shell" to the job.
Access these parameters in this shell script as env variables.
echo "++++++++++++ building $lib_name ($lib_version) ++++++++++++++"
To solve this, I have tried to create a groovy script in "Prepare an environment for the run" section. I created env variables using hardcoded values which are pased to shell script as env vars.
def map = ['lib_name':'lib1']
map['lib_version'] = 'master'
return map
But, without hardcoding, I cannot access these variable values even when using solution from
How to retrieve Jenkins build parameters using the Groovy API?
I dont know what else has to be done. Can some one please suggest?
---> Updating based on the comments on this question:
When I run the following lines in jenkins, I get exception:
def buildVariablesMap = Thread.currentThread().executable.buildVariables
buildVariablesMap.each{ k, v -> println "${k}:${v}" }
FATAL: No such property: executable for class: hudson.model.OneOffExecutor
groovy.lang.MissingPropertyException: No such property: executable for class: hudson.model.OneOffExecutor
at org.codehaus.groovy.runtime.ScriptBytecodeAdapter.unwrap(ScriptBytecodeAdapter.java:53)
at org.codehaus.groovy.runtime.callsite.GetEffectivePojoPropertySite.getProperty(GetEffectivePojoPropertySite.java:66)
at org.codehaus.groovy.runtime.callsite.AbstractCallSite.callGetProperty(AbstractCallSite.java:296)
I have had also similar problem. This is a solution which worked for me. I created a method which always takes and delivers exactly one build parameter which I need.
method:
String readingBuildParameters(VariableResolver varRes, String paramName){
return varRes.resolve(paramName)
}
the line how I use it in a code:
Build currentBuild = Executor.currentExecutor().currentExecutable
VariableResolver varResolver = currentBuild.getBuildVariableResolver()
df_parameter = readingBuildParameters(varResolver, "parameter_name")
BR,
Zoltan
To access the parameters in your shell script:
to evaluate them in echo: e.g. echo "${myParam}"
to use them in code: def myNewvalueParam = ${myOtherParam}
To retrieve build variables from groovy script as a build step:
def buildVariablesMap = Thread.currentThread().executable.buildVariables
println buildVariablesMap['BUILD_NUMBER']
But please note that for your custom/altered environment variables to be visible for the next steps you should use EnvInject plugin, with it you can define a step that will export new env variables as key-value pair just like properties file.
This was a bug in jenkins, probably in the credentials plugin:
https://issues.jenkins-ci.org/browse/JENKINS-35921
Thanks for all your help!