How can I hide certain parameters or **** them when I execute scripts inside stage.
The command that is producing the output which I want to hide is:
sh "./wsagent_execute.sh -s -apiKey ${WHITESOURCE_API_KEY} -projectToken ${WHITESOURCE_PROJECT_TOKEN} -C ${configPath} -d ${directoryPath} -logLevel info"
The parameters I want to hide are -apiKey and -projectToken. How can I do it?
If you get your credentials from a vault, you can use Mask Passwords plugin. It does not state that it supports Pipelines but actually it does.
pipeline {
agent any
stages {
stage('doing something') {
steps {
script {
def current_nano = "1616407597607795668"
sh label: "Now you see it", script: "echo ${current_nano}"
maskPasswords(varPasswordPairs: [[password: current_nano, var: 'IGNORE']]) {
sh label: "Now you don't", script: "echo ${current_nano}"
}
}
}
}
}
}
Output:
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/jenkins_home/workspace/
[Pipeline] {
[Pipeline] stage
[Pipeline] { (doing something)
[Pipeline] script
[Pipeline] {
[Pipeline] sh (Now you see it)
+ echo 1616407597607795668
1616407597607795668
[Pipeline] maskPasswords
[Pipeline] {
[Pipeline] sh (Now you don't)
+ echo ********
********
[Pipeline] }
[Pipeline] // maskPasswords
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS
Are these keys calculated in the pipeline or are they statics?
You can try to use it like credentials in Jenkins and you don't see their values in the log.
If you use a secret define in Jenkins credential, Jenkins will automatically mask that for you and in the log, it will show as ****
let's say you have defined your apiKey in jenkins credential with Id: apikey. Than you can use that on your pipeline like below example.
more details can be found here
node() {
withCredentials([string(credentialsId: 'apikey', variable: 'TOKEN')]) {
sh "./wsagent_execute.sh -s -apiKey $TOKEN -projectToken ${WHITESOURCE_PROJECT_TOKEN} -C ${configPath} -d ${directoryPath} -logLevel info"
}
}
If you are not happy with that use mask password or something similar plugins
Related
I have checked all the topics on the same mistake, tried everything, and yet I was unable to find anything to help me solving my issue.
my code builds a docker container, starts a flask application and run a python script, run tests and then should merge Master. The code is the following :
pipeline {
agent any
stages {
stage('Master merging'){
steps{
script{
passwordVariable = 'password'
usernameVariable = 'unsername'
// Variables for input
if(env.BRANCH_NAME == 'features'||env.BRANCH_NAME == 'main'){
sh 'git checkout origin/features'
sh 'git pull'
sh 'git remote update'
sh 'git fetch'
sh 'git checkout origin/main'
sh 'git merge origin/features'
withCredentials([usernamePassword(credentialsId : 'GitHub', passwordVariable:'GIT_PASSWORD', usernameVariable:'GIT_USERNAME')]){
sh "git push http://${GIT_USERNAME}:${GIT_PASSWORD}#github.com/Username/Repo.git"
}
}}
}
}
}
}
when I arrive to stage('master merging'), I have the following mistake
Masking supported pattern matches of $GIT_PASSWORD
[Pipeline] {
[Pipeline] }
[Pipeline] // withCredentials
[Pipeline] }
[Pipeline] // script
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (container shutdown)
Stage "container shutdown" skipped due to earlier failure(s)
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
groovy.lang.MissingPropertyException: No such property: GIT_PASSWORD for class: groovy.lang.Binding
at groovy.lang.Binding.getVariable(Binding.java:63)
Thanks a lot in advance for your help :)
I have an answer :)
Prerequisites : create a credential on Manage jenkins -> Manage credentials -> jenkins -> Global credentials (unrestricted) -> username with password. Inquire github username as username and Personal access token as password. ID is up to you.
Code :
stage('Master merging'){
steps{
script{
// Variables for input
if(env.BRANCH_NAME == 'features'||env.BRANCH_NAME == 'main'){
sh 'git checkout features'
sh 'git pull'
sh 'git remote update'
sh 'git fetch'
sh 'git checkout origin/main'
sh 'git merge features'
sh "git config user.email \"GITHUB EMAIL\""
sh "git config user.name \"GITHUB USERNAME\""
withCredentials([gitUsernamePassword(credentialsId:'ID you inquired in credentials')]) {
sh 'git push https://github.com/Username/Repo.git'
}
}
}
}
}
I'm trying to set a Jenkins pipeline to build an Ionic app inside a Linux server (ec2 instance on amazon services) My first stage inside the jenkinsfile is to run npm install, but it returns permission denied.
I've tried setting permissions to the folder using:
chmod 777 /home/ec2-user/.nvm/versions/node/v10.16.0/bin
I've also tried adding the Jenkins user to the group that also has permissions. none of these seemed to work.
This is my Jenkinsfile
pipeline {
agent any
environment {
PATH='/usr/local/bin:/usr/bin:/bin'
}
stages {
stage('NPM Setup') {
steps { sh '/home/ec2-user/.nvm/versions/node/v10.16.0/bin/npm install' }
}
stage('Android Build') {
steps {
sh 'ionic cordova build android --release'
}
}
stage('APK Sign') {
steps {
echo "Sign Android APK Action"
}
}
stage('Zip APK') {
steps {
echo "Zip the APK Action"
}
}
}
}
I get this output
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (NPM Setup)
[Pipeline] sh
+ /home/ec2-user/.nvm/versions/node/v10.16.0/bin/npm install
/var/lib/jenkins/workspace/p-ionic4_borderapp_ionic4_master#tmp/durable-9b0ecc49/script.sh: line 1: /home/ec2-user/.nvm/versions/node/v10.16.0/bin/npm: Permission denied
There is my code
def build() {
try {
// some build gradle task here
// gradle install task
}
catch(Throwable err) {
// println "DEBUGGGGGGG"
globalVar.echo "TEST#"
globalVar.echo "TEST#"
globalVar.echo err.getMessage()
globalVar.echo "TEST"
globalVar.echo err.getCause()
globalVar.echo "TESTSSSS"
throw err
}
finally {
}
jenkins Output from my job:
Pipeline] echo
TEST#
[Pipeline] echo
TEST#
[Pipeline] echo
null
[Pipeline] echo
TEST
Finished: FAILURE [Pipeline] echo null [Pipeline] echo TESTSSSS
then trows Exception
hudson.model.Run$RunnerAbortedException
at org.jfrog.hudson.pipeline.common.executors.GradleExecutor.exe(GradleExecutor.java:144)
at org.jfrog.hudson.pipeline.common.executors.GradleExecutor.execute(GradleExecutor.java:69)
at org.jfrog.hudson.pipeline.scripted.steps.ArtifactoryGradleBuild$Execution.run(ArtifactoryGradleBuild.java:89)
at org.jfrog.hudson.pipeline.scripted.steps.ArtifactoryGradleBuild$Execution.run(ArtifactoryGradleBuild.java:65)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1$1.call(AbstractSynchronousNonBlockingStepExecution.java:47)
at hudson.security.ACL.impersonate(ACL.java:290)
at org.jenkinsci.plugins.workflow.steps.AbstractSynchronousNonBlockingStepExecution$1.run(AbstractSynchronousNonBlockingStepExecution.java:44)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)
How can I get Exception cause ? in my case if i run gradle install from command line ( without jenkins ) is :
error: incompatible types: cannot be converted to boolean
but I would to see error in jenkins job console output
Try -
try{
//your code
}
catch (exc){
println exc
}
Works for me.
These are the logs of my jenkins execution:
> Step 1/2 : FROM tomcat:9.0.4-jre8-alpine
---> 631138bc037d
Step 2/2 : COPY /Fatcat-1.0-SNAPSHOT.war /usr/local/tomcat/webapps/fatcat.war
---> Using cache
---> 700d13ec5fb5
Successfully built 700d13ec5fb5
>
> [Pipeline] dockerFingerprintFrom
>
> [Pipeline] }
>
> [Pipeline] // stage
>
> [Pipeline] sh
>
> [unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA]
> Running shell script
>
> + docker inspect -f . 3bf1d418c6b61a03e2f2abe9d37b4c5e759e0b0a
>
> . [Pipeline] withDockerContainer Jenkins does not seem to be running
> inside a container
>
> $ docker run -t -d -u 1000:1000 -w /data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA
> -v /data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA:/data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA:rw,z
> -v /data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA#tmp:/data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA#tmp:rw,z
> -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** 3bf1d418c6b61a03e2f2abe9d37b4c5e759e0b0a cat
> $ docker top f3826ded71315b33b4d352ac2181035655f73d58a7c998040db36b6d664f1421 -eo
> pid,comm
>
> [Pipeline] { [Pipeline] stage [Pipeline] { (Test) [Pipeline] sh
> [unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA]
> Running shell script
> + node --version /data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA#tmp/durable-f0e86b83/script.sh:
> line 1: node: Permission denied [Pipeline] }enter code here [Pipeline]
> // stage [Pipeline] }
> `$ docker stop --time=1`
> f3826ded71315b33b4d352ac2181035655f73d58a7c998040db36b6d664f1421
>
> $ docker rm -f f3826ded71315b33b4d352ac2181035655f73d58a7c998040db36b6d664f1421
>
> [Pipeline] // withDockerContainer [Pipeline] } [Pipeline] // node
> [Pipeline] End of Pipeline ERROR: script returned exit code 127
> Finished: FAILURE
The issue is in this line:
> [unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA] Running shell script
>
> + node --version
>
> > /data/jenkins_ws/unFatCat_master-RSJASSVAHZJXKMANQQZOIIGTV3YC2D2GJS65WJ23OAY3WGXOVRJA#tmp/durable-f0e86b83/script.sh:
> > line 1: node: Permission denied
I want to use a local ad-hoc Docker. This is the Dockerfile:
FROM node:7-alpine
FROM tomcat:9.0.4-jre8-alpine
COPY /Fatcat-1.0-SNAPSHOT.war /usr/local/tomcat/webapps/fatcat.war
Notice I load the node:7-alpine in the Docker and not in the Jenkins configuration
This is my Jenkinsfile:
pipeline {
agent { dockerfile true }
stages {
stage('Test') {
steps {
sh 'node --version'
sh 'mvn --version'
}
}
}
}
I installed Nodejs plugin in Jenkins.
These are my questions:
Why node --version is not executed?
why the permission denied error is reported?
Can the problem be that node --version is not executed inside the container?
I already checked the permission denied error from this link. However the partition is mounted with exec parameter . So the proposed solution is not valid for me.
Change your Jenkins Declaritive pipeline in below format. Hope you will get the result.
pipeline {
agent {
docker {
image 'maven:3-alpine'
image 'node:7-alpine'
}
}
stages {
stage('Test') {
steps {
sh 'node --version'
sh 'mvn --version'
}
}
}
}
i need some help with my Jenkins pipeline.
What i want to do is trigger some builds in a specific order to login to a platform, deploy apps and logout again.
The builds are implemented as nodejs scripts and store data and access data from previous builds by using environment variables.
My problem is that when i'm trying to access environment variables from within my nodejs scripts i always receive undefined. For example: In the 'LoginToPlatform' build i'm using process.env.username to receive the username but even though i set the environment variable in the environment block of my pipeline i receive undefined.
So my question is how can i access the environment variables from within my builds (nodejs scripts)?
Here is the build order:
1. 'LoginToPlatform'
Uses process.env.username and process.env.password
Sets process.env.session
2. 'DeployOnPlatform'
Uses process.env.session
3. 'LogoutFromPlatform'
Uses process.env.session
My Jenkins Pipeline:
pipeline {
agent any
environment {
username = 'abc'
password = 'asdf'
}
stages {
stage ('Login') {
steps {
echo 'Login.'
build job: 'LoginToPlatform'
}
}
stage ('Deployment') {
steps {
echo 'Deployment.'
build job: 'DeployOnPlatform'
}
}
stage ('Logout') {
steps {
echo 'Logout.'
build job: 'LogoutFromPlatform'
}
}
}
}
Here is one of the ways to access env variables.
Jenkinsfile
pipeline {
agent {
docker {
image 'node:6-alpine'
}
}
environment {
VARIABLE_1="10"
VARIABLE_2="7"
}
stages {
stage('Build') {
steps {
sh 'node main.js'
}
}
}
}
main.js
const envOne = process.env.VARIABLE_1;
const envTwo = process.env.VARIABLE_2;
console.log("envOne: " + envOne);
console.log("envTwo: " + envTwo);
Output:
Jenkins seems to be running inside container 646633d29eac6e0e5b56e4aef28055075b5a2274e26b159387a7a34f35919fe3
$ docker run -t -d -u 0:0 -p 3000:3000 -w /var/jenkins_home/workspace/fff_master-RUQD36MGKNUXMF26H5CQBCDE6AKFWFLUOG7MTQ6WMTXNXKQHCNMA --volumes-from 646633d29eac6e0e5b56e4aef28055075b5a2274e26b159387a7a34f35919fe3 -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** -e ******** node:6-alpine cat
$ docker top 3fe3059a78e890dc2cadd722c25b97d5a023da059cc807cef3acb29237f0261f -eo pid,comm
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build)
[Pipeline] sh
[fff_master-RUQD36MGKNUXMF26H5CQBCDE6AKFWFLUOG7MTQ6WMTXNXKQHCNMA] Running shell script
+ node main.js
envOne: 10
envTwo: 7
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
$ docker stop --time=1 3fe3059a78e890dc2cadd722c25b97d5a023da059cc807cef3acb29237f0261f
$ docker rm -f 3fe3059a78e890dc2cadd722c25b97d5a023da059cc807cef3acb29237f0261f
[Pipeline] // withDockerContainer
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline