From 5a87383ecf1903ef44cd9d3dbcb53eef3adf4427 Mon Sep 17 00:00:00 2001
From: Andrew Grimberg <agrimberg@linuxfoundation.org>
Date: Fri, 16 Jun 2017 13:39:26 -0700
Subject: [PATCH] Add lf-infra-docker-login macro and script

Provide a way to utilize a maven settings file to store the login
credentials to our custom hosted docker registries as well as for
DockerHub (docker.io)

Change-Id: Ifb519b09afecf29c44bedc75a3a81a9b174a978a
Signed-off-by: Andrew Grimberg <agrimberg@linuxfoundation.org>
---
 jjb/lf-macros.yaml    | 29 +++++++++++++++++++
 shell/docker-login.sh | 78 +++++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 107 insertions(+)
 create mode 100644 shell/docker-login.sh

diff --git a/jjb/lf-macros.yaml b/jjb/lf-macros.yaml
index c2b3f2d8..492089da 100644
--- a/jjb/lf-macros.yaml
+++ b/jjb/lf-macros.yaml
@@ -13,6 +13,35 @@
           properties-content: 'SERVER_ID={server-id}'
       - shell: !include-raw-escape: ../shell/create-netrc.sh
 
+- builder:
+    name: lf-infra-docker-login
+    # Login into a custom hosted docker registry and / or docker.io
+    #
+    # The Jenkins system should have the following global variables defined
+    #
+    # DOCKER_REGISTRY : Optional
+    #                   The DNS address of the registry (IP or FQDN)
+    #                   ex: nexus3.example.com
+    #
+    # REGISTRY_PORTS  : Required if DOCKER_REGISTRY is set
+    #                   Space separated listing of the registry ports to login
+    #                   to
+    #                   ex: 10001 10002 10003 10004
+    #
+    # DOCKERHUB_EMAIL : Optional
+    #                   If this variable is set then an attempt to login to
+    #                   DockerHub (docker.io) will be also made. It should be
+    #                   set to the email address for the credentials that will
+    #                   get looked up. Only _one_ credential will ever be found
+    #                   in the maven settings file for DockerHub
+    builders:
+      - lf-provide-maven-settings:
+          global-settings-file: '{global-settings-file}'
+          settings-file: '{settings-file}'
+      - shell: !include-raw:
+          - ../shell/docker-login.sh
+      - lf-provide-maven-settings-cleanup
+
 - builder:
     name: lf-infra-gpg-verify-git-signature
     # Verify gpg signature of the latest commit message in $WORKSPACE
diff --git a/shell/docker-login.sh b/shell/docker-login.sh
new file mode 100644
index 00000000..a2055a9b
--- /dev/null
+++ b/shell/docker-login.sh
@@ -0,0 +1,78 @@
+#!/bin/bash
+# @License EPL-1.0 <http://spdx.org/licenses/EPL-1.0>
+##############################################################################
+# Copyright (c) 2017 The Linux Foundation and others.
+#
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Eclipse Public License v1.0
+# which accompanies this distribution, and is available at
+# http://www.eclipse.org/legal/epl-v10.html
+##############################################################################
+
+# Log into a custom hosted docker registry and / or docker.io
+
+# $DOCKER_REGISTRY : Optional
+#                    Jenkins global variable should be defined
+#                    If set, then this is the base IP or FQDN that will be used
+#                    for logging into the custom docker registry
+#                    ex: nexus3.example.com
+#
+# $REGISTRY_PORTS  : Required if DOCKER_REGISTRY is set
+#                    Jenkins global variable should be defined (space separated)
+#                    Listing of all the registry ports to login to
+#                    ex: 10001 10002 10003 10004
+#
+# $SETTINGS_FILE   : Job level variable with maven settings file location
+#
+# $DOCKERHUB_EMAIL : Optional
+#                    Jenkins global variable that defines the email address that
+#                    should be used for logging into DockerHub
+#                    If defined than an attempt to login to docker hub will
+#                    happen
+
+# Ensure we fail the job if any steps fail
+set -eu -o pipefail
+
+# Execute the credential lookup and login to the registry
+do_login() {
+    echo "$1"
+    CREDENTIAL=$(xmlstarlet sel -N "x=http://maven.apache.org/SETTINGS/1.0.0" \
+        -t -m "/x:settings/x:servers/x:server[starts-with(x:id, '${1}')]" \
+        -v x:username -o ":" -v x:password \
+        "$SETTINGS_FILE")
+
+    USER=$(echo "$CREDENTIAL" | cut -f1 -d:)
+    PASS=$(echo "$CREDENTIAL" | cut -f2 -d:)
+
+    if [ -z "$USER" ]
+    then
+        echo "ERROR: No user provided"
+        return 1
+    fi
+
+    if [ -z "$PASS" ]
+    then
+        echo "ERROR: No password provided"
+        return 1
+    fi
+
+    docker login -u "$USER" -p "$PASS" -e "$2" "$1"
+}
+
+if [ "${REGISTRY:-none}" != 'none' ]
+then
+    for PORT in $REGISTRY_PORTS
+    do
+        REGISTRY="${DOCKER_REGISTRY}:${PORT}"
+
+        # docker login requests an email address if nothing is passed to it
+        # Nexus, however, does not need this and ignores the value
+        do_login "$REGISTRY" none
+    done
+fi
+
+# Attempt to login to docker.io only if $DOCKERHUB_EMAIL is configured
+if [ "${DOCKERHUB_EMAIL:-none}" != 'none' ]
+then
+    do_login docker.io "$DOCKERHUB_EMAIL"
+fi
-- 
2.16.6