From d3d6a70b1bc26e8f2ec9711aa435a314887e6c1a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Wed, 6 Dec 2017 16:49:09 +0100 Subject: [PATCH 1/2] See #1: update the pipeline to work with the NPM 2FA system (tokens) --- Jenkinsfile | 41 ++++++++++++++------------------ doc/CONFIGURE_JENKINS.md | 43 +++++++++++++++++++--------------- doc/INSTALL.md | 7 ++---- setup/all-in-one-template.yaml | 16 +------------ 4 files changed, 45 insertions(+), 62 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 282fc9a..835d97f 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -5,9 +5,8 @@ * - Credentials Binding (https://plugins.jenkins.io/credentials-binding) * * This pipeline accepts the following parameters : - * - NPM_CREDENTIALS_ID: The Jenkins Credentials ID that holds login and password to login on NPM Registry - * - NPM_EMAIL: The email address associated with the NPM Account pointed by NPM_CREDENTIALS_ID - * - NPM_REGISTRY: Private NPM registry to log in to (Default if not provided: https://registry.npmjs.org) + * - NPM_CREDENTIALS_ID: The Jenkins Credentials ID that holds the NPM token to login on NPM Registry + * - NPM_TAG: The tag to use to publish the package to the NPM registry (defaults to 'latest') * - OPENSHIFT_IMAGE_STREAM: The ImageStream name to use to tag the built images * - OPENSHIFT_BUILD_CONFIG: The BuildConfig name to use * - OPENSHIFT_SERVICE: The Service object to update (either green or blue) @@ -33,32 +32,28 @@ node('nodejs') { def newVersion = "$currentVersion-$BUILD_NUMBER" def packageName = thisPackage.name def packageSpec = "$packageName@$newVersion" - - // You will need the "credential binding" plugin. See here how to install it : - // https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs - withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: params.NPM_CREDENTIALS_ID, - usernameVariable: 'NPM_USER', passwordVariable: 'NPM_PASS']]) { - stage("Login to NPM") { - echo "Using NPM CredentialsID = '${params.NPM_CREDENTIALS_ID}'" - echo "About to login on NPM with ${env.NPM_USER}/${params.NPM_EMAIL}" - sh ''' - set +x - npm install -g npm-cli-login publish - npm-cli-login - ''' - } - } + def packageTag = (params.NPM_TAG != null && params.NPM_TAG != "") ? params.NPM_TAG : 'latest' // Run the unit tests stage('Unit Tests') { sh "npm test" } - // Package the app and publish it to NPM - stage('Package and Publish to NPM') { - echo "Will publish version $newVersion to NPM" - sh "npm version --no-git-tag-version $newVersion" - sh "publish" + // You will need the "credential binding" plugin. See here how to install it : + // https://support.cloudbees.com/hc/en-us/articles/203802500-Injecting-Secrets-into-Jenkins-Build-Jobs + withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: params.NPM_CREDENTIALS_ID, + usernameVariable: 'DUMMY', passwordVariable: 'NPM_TOKEN']]) { + // Package the app and publish it to NPM + stage('Package and Publish to NPM') { + echo "Using NPM CredentialsID = '${params.NPM_CREDENTIALS_ID}'" + + // Store the NPM Token in the config file + sh "npm config set //registry.npmjs.org/:_authToken ${NPM_TOKEN}" + + echo "Will publish version $newVersion to NPM (tagged as 'latest')" + sh "npm --no-git-tag-version version ${newVersion}" + sh "npm publish --tag ${packageTag}" + } } // Build the OpenShift Image in OpenShift using the artifacts from NPM diff --git a/doc/CONFIGURE_JENKINS.md b/doc/CONFIGURE_JENKINS.md index fff2aed..64bcb22 100644 --- a/doc/CONFIGURE_JENKINS.md +++ b/doc/CONFIGURE_JENKINS.md @@ -1,12 +1,28 @@ # Configure Jenkins +## Login to NPM and generate a token + +Log in the NPM registry with: +``` +npm login +``` + +And create a new read/write token: +``` +npm token create +``` + +Keep the generated token in a safe place ! + +See [the NPM documentation](https://docs.npmjs.com/getting-started/working_with_tokens) for more information. + ## Create a credential named `npm-secret` Login to Jenkins with your OpenShift credentials and create a Jenkins credential with the following parameters : - Scope: global - Kind: Username with password - - Username: \ - - Password: \ + - Username: `npm-secret` (or anything else, only the password is used) + - Password: \ - ID: npm-secret To create a Jenkins Credentials : @@ -37,29 +53,18 @@ Quick reminder to install a plugin : __Note :__ to update a plugin, select the `Updates` tab instead of the `Available` tab. -## Create/Update the Jenkins Pipeline +## Create the Jenkins Pipeline (Manual Install ONLY) Depending if you created a JenkinsPipeline BuildConfig, OpenShift may have created -a Jenkins pipeline for you. In such a case, the Jenkins Pipeline is named `/`. - -So, if you installed the demo : - - manually, you need to create the pipeline from scratch - - automatically with the provided template, you need to update the pipeline to add the following parameters - -__Note :__ As of today, OpenShift does not accept build environment variables with Jenkins pipelines. -So you have to update the Jenkins pipeline created by OpenShift to add those variable. -In the next version this may change as there is a pull request for this feature -(see [\#11293](https://github.com/openshift/origin/issues/11293) -and [\#12323](https://github.com/openshift/origin/pull/12323)). +a Jenkins pipeline for you. In such a case, the Jenkins Pipeline is named `/` +and you have nothing more to do. -So, create a Jenkins Pipeline that accepts the following parameters or update -the existing Jenkins Pipeline so that it accepts the following parameters : +Whereas if you installed the demo manually, you need to create the pipeline from scratch. +If this is the case, create a Jenkins Pipeline that accepts the following parameters : | Parameter Name | Parameter Type | Default Value | Description | | --- | --- | --- | --- | -| NPM_CREDENTIALS_ID | String | npm-secret | The Jenkins Credentials ID that holds login and password to login on NPM Registry | -| NPM_EMAIL | String | \ | The email address associated with the NPM Account pointed by NPM_CREDENTIALS_ID | -| NPM_REGISTRY | String | https://registry.npmjs.org | Private NPM registry to log in to (Default if not provided: https://registry.npmjs.org) | +| NPM_CREDENTIALS_ID | String | npm-secret | The Jenkins Credentials ID that holds the token to login on NPM Registry | | OPENSHIFT_IMAGE_STREAM | String | openshift-demo-nodejs | The ImageStream name to use to tag the built images | | OPENSHIFT_BUILD_CONFIG | String | openshift-demo-nodejs | The BuildConfig name to use | | OPENSHIFT_SERVICE | String | openshift-demo-nodejs | The Service object to update (either green or blue) | diff --git a/doc/INSTALL.md b/doc/INSTALL.md index 3e5556e..60e1d32 100644 --- a/doc/INSTALL.md +++ b/doc/INSTALL.md @@ -26,7 +26,7 @@ my other project : the [OpenShift-Hostpath-Provisioner](https://github.com/nmass Create all other objects using the template : ``` -oc process -f setup/all-in-one-template.yaml TEST_ROUTE_HOSTNAME=demo.test.app.openshift.test PROD_ROUTE_HOSTNAME=demo.prod.app.openshift.test NPM_EMAIL=your@npm.email > objects.json +oc process -f setup/all-in-one-template.yaml TEST_ROUTE_HOSTNAME=demo.test.app.openshift.test PROD_ROUTE_HOSTNAME=demo.prod.app.openshift.test > objects.json oc create -f objects.json ``` @@ -36,7 +36,6 @@ __Notes :__ - Replace the `demo.test.app.openshift.test` and `demo.prod.app.openshift.test` by meaningful values for your environment. It will be your routes in TEST and PROD environments. - - Replace `your@npm.email` by the email address associated with your NPM Account. All parameters are documented here : @@ -44,9 +43,7 @@ All parameters are documented here : | --- | --- | --- | --- | | TEST_ROUTE_HOSTNAME | Yes | - | The route to create in the TEST environment and which we will use to run the integration tests | | PROD_ROUTE_HOSTNAME | Yes | - | The route to create in the PROD environment | -| NPM_EMAIL | Yes | - | Email address of your NPM Account | -| NPM_CREDENTIALS_ID | No | npm-secret | The Jenkins Credentials ID that holds login and password to login on NPM Registry | -| NPM_REGISTRY | No | https://registry.npmjs.org | Private NPM registry to log in to | +| NPM_CREDENTIALS_ID | No | npm-secret | The Jenkins Credentials ID that holds the token to login on NPM Registry | | GIT_REPO | No | https://github.com/nmasse-itix/OpenShift-Demo-NodeJS.git | The GIT repository to use. This will be useful if you clone this repo. | | NODEJS_IMAGE_STREAM_TAG | No | nodejs:latest | Name of the ImageStreamTag to be used for the NodeJS image. Change this if you plan to use your own NodeJS S2I image. | | NODEJS_IMAGE_STREAM_NAMESPACE | No | openshift | The OpenShift Namespace where the NodeJS ImageStream resides. | diff --git a/setup/all-in-one-template.yaml b/setup/all-in-one-template.yaml index 3c97e44..f1e9b20 100644 --- a/setup/all-in-one-template.yaml +++ b/setup/all-in-one-template.yaml @@ -108,10 +108,6 @@ objects: env: - name: NPM_CREDENTIALS_ID value: ${NPM_CREDENTIALS_ID} - - name: NPM_EMAIL - value: ${NPM_EMAIL} - - name: NPM_REGISTRY - value: ${NPM_REGISTRY} - name: OPENSHIFT_IMAGE_STREAM value: openshift-demo-nodejs - name: OPENSHIFT_BUILD_CONFIG @@ -507,21 +503,11 @@ parameters: name: NODEJS_IMAGE_STREAM_TAG value: nodejs:latest -- description: The Jenkins Credentials ID that holds login and password to login on NPM Registry +- description: The Jenkins Credentials ID that holds the token to login on NPM Registry displayName: Jenkins Credentials ID for NPM Registry name: NPM_CREDENTIALS_ID value: npm-secret -- description: The email address associated with the NPM Account pointed by NPM_CREDENTIALS_ID - displayName: Email address of your NPM Account - name: NPM_EMAIL - required: true - -- description: Private NPM registry to log in to - displayName: NPM Registry URL - name: NPM_REGISTRY - value: https://registry.npmjs.org - - description: The route to create in the TEST environment and which we will use to run the integration tests displayName: Application Hostname in the TEST environment name: TEST_ROUTE_HOSTNAME From 5eaf1fbe6fbdd08b7a259437b20e4fa8067eda34 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Nicolas=20Mass=C3=A9?= Date: Wed, 6 Dec 2017 16:50:56 +0100 Subject: [PATCH 2/2] backport commit b321b94 --- package.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/package.json b/package.json index cdc97b0..7fab2c7 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "openshift-demo-nodejs-nmasse", - "version": "0.1.4", + "version": "0.1.5", "description": "An OpenShift Demo app running on NodeJS", "main": "server.js", "scripts": {