mirrors/scylladb
1
0
Fork 0
mirror of https://github.com/scylladb/scylladb.git synced 2026-05-22 15:52:13 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
b7fc661fa983f754ed25cd94de5dd8dd1bc9a98c
scylladb/.github/workflows/trigger_jenkins.yaml
Yaniv Michael Kaul f047e6fd5c trigger_jenkins.yaml: add missing permissions and fix script injection 
Add explicit empty permissions block (permissions: {}) since this
workflow only triggers Jenkins and sends Slack notifications using its
own secrets. Also move expression interpolations into env vars to
prevent potential script injection. Fixes code scanning alert #147.

Also remove the pre-existing 'permissions: contents: read' block,
which would result in duplicate YAML keys (invalid per the YAML spec).

Closes scylladb/scylladb#29186
2026-05-18 11:39:39 +03:00

57 lines
2.0 KiB
YAML
Raw Blame History

name: Trigger next gating
on:
push:
branches:
- next**
permissions: {}
jobs:
trigger-jenkins:
runs-on: ubuntu-latest
steps:
- name: Determine Jenkins Job Name
env:
REF_NAME: ${{ github.ref_name }}
run: |
if [[ "$REF_NAME" == "next" ]]; then
FOLDER_NAME="scylla-master"
elif [[ "$REF_NAME" == "next-enterprise" ]]; then
FOLDER_NAME="scylla-enterprise"
else
VERSION=$(echo "$REF_NAME" | awk -F'-' '{print $2}')
if [[ "$VERSION" =~ ^202[0-4]\.[0-9]+$ ]]; then
FOLDER_NAME="enterprise-$VERSION"
elif [[ "$VERSION" =~ ^[0-9]+\.[0-9]+$ ]]; then
FOLDER_NAME="scylla-$VERSION"
fi
fi
echo "JOB_NAME=${FOLDER_NAME}/job/next" >> $GITHUB_ENV
- name: Trigger Jenkins Job
env:
JENKINS_USER: ${{ secrets.JENKINS_USERNAME }}
JENKINS_API_TOKEN: ${{ secrets.JENKINS_TOKEN }}
JENKINS_URL: "https://jenkins.scylladb.com"
SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
REPO: ${{ github.repository }}
RUN_ID: ${{ github.run_id }}
run: |
echo "Triggering Jenkins Job: $JOB_NAME"
if ! curl -X POST "$JENKINS_URL/job/$JOB_NAME/buildWithParameters" --fail --user "$JENKINS_USER:$JENKINS_API_TOKEN" -i -v; then
echo "Error: Jenkins job trigger failed"
# Send Slack message
curl -X POST -H 'Content-type: application/json' \
-H "Authorization: Bearer $SLACK_BOT_TOKEN" \
--data "$(jq -n \
--arg channel '#releng-team' \
--arg text "🚨 @here '${JOB_NAME}' failed to be triggered, please check https://github.com/${REPO}/actions/runs/${RUN_ID} for more details" \
--arg icon ':warning:' \
'{channel: $channel, text: $text, icon_emoji: $icon}')" \
https://slack.com/api/chat.postMessage
exit 1
fi
Reference in New Issue View Git Blame Copy Permalink