Home > database >  Declarative Pipeline Jenkinsfile: Export variables out of sh call
Declarative Pipeline Jenkinsfile: Export variables out of sh call

Time:07-19

How can I export some variables out of an sh block so they can be used in later stages?

The following does not give me any errors but the values are never available as environment variables in later stages.

steps {
     sh """
          ASSUME_ROLE_RESPONSE=\$(aws sts assume-role --role-arn "arn:aws:iam::${env.NON_PROD_ACCOUNT_ID}:role/${env.AWS_ROLE}" --role-session-name "${env.AWS_ROLE_SESSION}" --duration-seconds 3600)
          ${env.ACCESS_KEY_ID}=\$(echo \$ASSUME_ROLE_RESPONSE | jq --raw-output '.Credentials.AccessKeyId')
          ${env.SECRET_ACCESS_KEY}=\$(echo \$ASSUME_ROLE_RESPONSE | jq --raw-output '.Credentials.SecretAccessKey')
          ${env.SESSION_TOKEN}=\$(echo \$ASSUME_ROLE_RESPONSE | jq --raw-output '.Credentials.SessionToken')

          echo "AWS_ACCESS_KEY_ID=${ACCESS_KEY_ID},AWS_SECRET_ACCESS_KEY=${SECRET_ACCESS_KEY},AWS_SESSION_TOKEN=${SESSION_TOKEN}"
          printenv | sort
        """
      }

CodePudding user response:

I have got this working but I cannot say it is elegant, if someone has a better\cleaner answer I would happily accept it.

Here is my solution:

stage("Authenticate To Non-Prod Account") {
      steps {
        script {
          aws_credentials = sh(script: """
            ASSUME_ROLE_RESPONSE=\$(aws sts assume-role --role-arn "arn:aws:iam::${env.NON_PROD_ACCOUNT_ID}:role/${env.AWS_ROLE}" --role-session-name "${env.AWS_ROLE_SESSION}" --duration-seconds 3600)
            ACCESS_KEY_ID=\$(echo \$ASSUME_ROLE_RESPONSE | jq --raw-output '.Credentials.AccessKeyId')
            SECRET_ACCESS_KEY=\$(echo \$ASSUME_ROLE_RESPONSE | jq --raw-output '.Credentials.SecretAccessKey')
            SESSION_TOKEN=\$(echo \$ASSUME_ROLE_RESPONSE | jq --raw-output '.Credentials.SessionToken')

            echo "AWS_ACCESS_KEY_ID=\$ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY=\$SECRET_ACCESS_KEY,AWS_SESSION_TOKEN=\$SESSION_TOKEN"
          """, returnStdout: true)

          env.ACCESS_KEY_ID = aws_credentials.split(',')[0].split('=')[1].trim()
          env.AWS_SECRET_KEY = aws_credentials.split(',')[1].split('=')[1].trim()
          env.SESSION_TOKEN = aws_credentials.split(',')[2].split('=')[1].trim()
        }
      }
    }

I am answering as I have read a heap of posts which have suggested ideas that didnt work for me so this, for now, is the best option I have for authentication to AWS and ensuring the credentials are available in subsequent stages.

CodePudding user response:

To export vars out of sh try using this:

env.var = sh (returnStdout: true, script: ''' SOME SH COMMAND ''').trim()

This will export your bash values to groovy variables in fact it can push the vars to the environment.

Page link:https//www.codepudding.com/database/480007.html

Prev:How can I get the size of the embedded fonts?
Next:How to merge code from one Git repo A to Git repo B using Jenkins
  • Related

About Us:  Contact Us      Terms of Service       Privacy Policy

Copyright © 2010-2023,Powered By CodePudding