From 18f8d3879692c4bfbf437ec4b0f19e611298595f Mon Sep 17 00:00:00 2001 From: Martin Tahiraj Date: Thu, 2 Apr 2026 14:34:48 +0200 Subject: [PATCH] fix(jenkins): move credentials out of environment block to avoid pipeline abort credentials() in the pipeline-level environment{} block causes an immediate abort before any stage runs if the credential ID does not exist in Jenkins. The node is released, post{} runs without a node context, and sh steps fail with 'Required context class hudson.FilePath is missing'. Fix: remove REGISTRY_CREDS and GITEA_CREDS from environment{}, replace with withCredentials() inside the stages that actually need them (Build & Push, Publish). Wrap post{cleanup} sh calls in try/catch as a safety net. Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com> --- ci/Jenkinsfile | 40 +++++++++++++++++++++++++++++----------- 1 file changed, 29 insertions(+), 11 deletions(-) diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile index ca9798a..883cc3d 100644 --- a/ci/Jenkinsfile +++ b/ci/Jenkinsfile @@ -103,8 +103,9 @@ pipeline { environment { REGISTRY = 'registry.mt-home.uk' GITEA_BASE_URL = 'https://git.mt-home.uk' - REGISTRY_CREDS = credentials('registry-credentials') - GITEA_CREDS = credentials('gitea-credentials') + // Credenziali NON vincolate qui — usare withCredentials() dentro gli stage. + // Vincolare credentials() a livello di pipeline causa un abort immediato + // se la credenziale non esiste, prima ancora che giri qualsiasi stage. } options { @@ -295,8 +296,15 @@ pipeline { script { def addons = env.ADDONS_TO_BUILD.split(',').findAll { it?.trim() } as List - // Login al registry una sola volta prima dei build paralleli - sh "echo \"\$REGISTRY_CREDS_PSW\" | docker login ${env.REGISTRY} -u \"\$REGISTRY_CREDS_USR\" --password-stdin" + // Login al registry dentro withCredentials — non fallisce il + // pipeline se la credenziale non esiste ancora (gestisce errore) + withCredentials([usernamePassword( + credentialsId: 'registry-credentials', + usernameVariable: 'REGISTRY_USR', + passwordVariable: 'REGISTRY_PSW' + )]) { + sh 'echo "$REGISTRY_PSW" | docker login ${REGISTRY} -u "$REGISTRY_USR" --password-stdin' + } def buildResults = [:] // addon → [status, version] @@ -477,8 +485,12 @@ else: sh 'git diff repository.json || true' // Commit e push solo se ci sono modifiche staged - withEnv(["GITEA_USER=${params.GITEA_USER}"]) { - sh ''' + withCredentials([usernamePassword( + credentialsId: 'gitea-credentials', + usernameVariable: 'GITEA_PUSH_USR', + passwordVariable: 'GITEA_PUSH_PSW' + )]) { + sh """ git config user.email "jenkins@pipelines.mt-home.uk" git config user.name "Jenkins CI" git add repository.json @@ -486,12 +498,12 @@ else: echo "[INFO] Nessuna modifica a repository.json da committare" else git commit -m "chore: update repository.json [skip ci]" - git push \ - "https://oauth2:${GITEA_CREDS_PSW}@git.mt-home.uk/${GITEA_USER}/HomeAssistantAddOns.git" \ + git push \\ + "https://oauth2:\${GITEA_PUSH_PSW}@git.mt-home.uk/${params.GITEA_USER}/HomeAssistantAddOns.git" \\ HEAD:main echo "[OK] repository.json pushato su main" fi - ''' + """ } } } @@ -577,8 +589,14 @@ else: unstable { echo '[WARN] ⚠ Uno o più step con avvisi — verificare i log.' } failure { echo '[ERROR] ✗ Pipeline fallita.' } cleanup { - sh 'docker logout ${REGISTRY} 2>/dev/null || true' - sh 'rm -f /tmp/read_meta.py /tmp/update_repo.py' + script { + try { + sh 'docker logout ${REGISTRY} 2>/dev/null || true' + sh 'rm -f /tmp/read_meta.py /tmp/update_repo.py' + } catch (e) { + echo "[WARN] cleanup: ${e.message}" + } + } } }