feat(hadolint): enable authentication when fetching config file (#2225)

* use httpRequest to fetch config file * set default * provide authentication for config url * adjust test case
2024-12-12 10:55:20 +02:00 · 2020-10-23 13:57:22 +02:00 · 2020-10-23 13:57:22 +02:00 · bdfe90ed49
commit bdfe90ed49
parent 272231ab42
2 changed files with 18 additions and 3 deletions
--- a/test/groovy/HadolintExecuteTest.groovy
+++ b/test/groovy/HadolintExecuteTest.groovy
@ -12,6 +12,7 @@ import util.JenkinsLoggingRule
 import util.JenkinsReadYamlRule
 import util.JenkinsShellCallRule
 import util.JenkinsStepRule
+import util.JenkinsWriteFileRule
 import util.Rules

 import static org.junit.Assert.assertThat
@ -27,6 +28,7 @@ class HadolintExecuteTest extends BasePiperTest {
    private JenkinsStepRule stepRule = new JenkinsStepRule(this)
    private JenkinsReadYamlRule yamlRule = new JenkinsReadYamlRule(this)
    private JenkinsLoggingRule loggingRule = new JenkinsLoggingRule(this)
+    private JenkinsWriteFileRule writeFileRule = new JenkinsWriteFileRule(this)

    @Rule
    public RuleChain ruleChain = Rules
@ -37,6 +39,7 @@ class HadolintExecuteTest extends BasePiperTest {
        .around(shellRule)
        .around(stepRule)
        .around(loggingRule)
+        .around(writeFileRule)

    @Before
    void init() {
@ -45,6 +48,9 @@ class HadolintExecuteTest extends BasePiperTest {
        helper.registerAllowedMethod 'checkStyle', [Map], { m -> assertThat(m.pattern, is('hadolint.xml')); return 'checkstyle' }
        helper.registerAllowedMethod 'recordIssues', [Map], { m -> assertThat(m.tools, hasItem('checkstyle')) }
        helper.registerAllowedMethod 'archiveArtifacts', [String], { String p -> assertThat('hadolint.xml', is(p)) }
+        helper.registerAllowedMethod('httpRequest', [Map.class] , {
+            return [content: "empty", status: 200]
+        })
        Utils.metaClass.echo = { def m -> }
    }

@ -55,15 +61,15 @@ class HadolintExecuteTest extends BasePiperTest {

    @Test
    void testHadolintExecute() {
-        stepRule.step.hadolintExecute(script: nullScript, juStabUtils: utils, dockerImage: 'hadolint/hadolint:latest-debian', configurationUrl: 'https://github.com/raw/SGS/Hadolint-Dockerfile/master/.hadolint.yaml')
+        stepRule.step.hadolintExecute(script: nullScript, juStabUtils: utils, dockerImage: 'hadolint/hadolint:latest-debian', configurationUrl: 'https://github.com/raw/SAP/jenkins-library/master/.hadolint.yaml')
        assertThat(dockerExecuteRule.dockerParams.dockerImage, is('hadolint/hadolint:latest-debian'))
        assertThat(loggingRule.log, containsString("Unstash content: buildDescriptor"))
        assertThat(shellRule.shell,
            hasItems(
-                "curl --fail --location --output .hadolint.yaml https://github.com/raw/SGS/Hadolint-Dockerfile/master/.hadolint.yaml",
                "hadolint ./Dockerfile --config .hadolint.yaml --format checkstyle > hadolint.xml"
            )
        )
+        assertThat(writeFileRule.files['.hadolint.yaml'], is('empty'))
    }

    @Test
--- a/vars/hadolintExecute.groovy
+++ b/vars/hadolintExecute.groovy
@ -24,6 +24,10 @@ import groovy.transform.Field
     * URL pointing to the .hadolint.yaml exclude configuration to be used for linting. Also have a look at `configurationFile` which could avoid central configuration download in case the file is part of your repository.
     */
    'configurationUrl',
+    /**
+     * If the url provided as configurationUrl is protected, this Jenkins credential can be used to authenticate the request.
+     */
+    'configurationCredentialsId',
    /**
     * Docker options to be set when starting the container.
     */
@ -75,7 +79,7 @@ void call(Map parameters = [:]) {
        }

        if(!fileExists(configuration.configurationFile) && configuration.configurationUrl) {
-            sh "curl --fail --location --output ${configuration.configurationFile} ${configuration.configurationUrl}"
+            downloadFile(configuration.configurationUrl, configuration.configurationFile, configuration.configurationCredentialsId)
            if(existingStashes) {
                def stashName = 'hadolintConfiguration'
                stash name: stashName, includes: configuration.configurationFile
@ -120,3 +124,8 @@ void call(Map parameters = [:]) {
        }
    }
 }
+
+void downloadFile(url, target, authentication = null){
+        def response = httpRequest url: url, authentication: authentication, timeout: 20
+        writeFile text: response.content, file: target
+}