diff --git a/README.md b/README.md index 9c85e31..5212fdf 100644 --- a/README.md +++ b/README.md @@ -18,8 +18,8 @@ Amazon Credentials into a Docker CLI Authentication Token. Amazon ECR plugin implements a Docker Token producer to convert Amazon credentials to Jenkins’ API used by (mostly) all Docker-related plugins. -Thank's to this producer, you can select your existing registered Amazon -credentials for various Docker operations in Jenkins, for sample using the +Thanks to this producer, you can select your existing registered Amazon +credentials for various Docker operations in Jenkins, for example using the Docker Build and Publish plugin: ![](.github/build-and-publish.png) @@ -74,6 +74,23 @@ node { ## Development +### Testing + +Unfortunately, testing against AWS isn't very straightforward, since you always +need an AWS account with correct setup, which might incur some costs. Current +tests try to make this as easy as possible. You need a user with read +permission to ECR (AWS IAM policy `AmazonEC2ContainerRegistryReadOnly` should +suffice) and an (empty) container registry. The test expect these details in +the following environment variables: + +```shell +export AWS_ACCESS_KEY_ID= +export AWS_SECRET_ACCESS_KEY= +export AWS_REGISTRY_HOST=.dkr.ecr.us-east-1.amazonaws.com +``` + +When those are set correctly, `mvn test` should run those tests successfully. + ### Code Style This plugin uses [Google Java Code Style], which is enforced by the [spotless] diff --git a/pom.xml b/pom.xml index c3fcdd4..cc2d0f9 100644 --- a/pom.xml +++ b/pom.xml @@ -93,6 +93,16 @@ org.jenkins-ci.plugins.aws-java-sdk aws-java-sdk-ecr + + org.jenkins-ci.plugins + docker-workflow + test + + + org.jenkins-ci.plugins.workflow + workflow-job + test + diff --git a/src/test/java/com/cloudbees/jenkins/plugins/amazonecr/AmazonECSRegistryCredentialPipelineAccessTest.java b/src/test/java/com/cloudbees/jenkins/plugins/amazonecr/AmazonECSRegistryCredentialPipelineAccessTest.java new file mode 100644 index 0000000..0d30085 --- /dev/null +++ b/src/test/java/com/cloudbees/jenkins/plugins/amazonecr/AmazonECSRegistryCredentialPipelineAccessTest.java @@ -0,0 +1,35 @@ +package com.cloudbees.jenkins.plugins.amazonecr; + +import com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl; +import com.cloudbees.plugins.credentials.CredentialsScope; +import com.cloudbees.plugins.credentials.SystemCredentialsProvider; +import org.jenkinsci.plugins.workflow.cps.CpsFlowDefinition; +import org.jenkinsci.plugins.workflow.job.WorkflowJob; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.condition.EnabledIfEnvironmentVariable; +import org.jvnet.hudson.test.JenkinsRule; +import org.jvnet.hudson.test.junit.jupiter.WithJenkins; + +@WithJenkins +class AmazonECSRegistryCredentialPipelineAccessTest { + @Test + @EnabledIfEnvironmentVariable(named = "AWS_ACCESS_KEY_ID", matches = ".{10,}") + void pipelineCanLoginWithCredential(JenkinsRule r) throws Exception { + SystemCredentialsProvider.getInstance() + .getCredentials() + .add(new AWSCredentialsImpl( + CredentialsScope.GLOBAL, + "test", + System.getenv("AWS_ACCESS_KEY_ID"), + System.getenv("AWS_SECRET_ACCESS_KEY"), + "test")); + + String script = + "docker.withRegistry('https://" + System.getenv("AWS_REGISTRY_HOST") + "', 'ecr:us-east-1:test') {}"; + + WorkflowJob p = r.jenkins.createProject(WorkflowJob.class, "testJob"); + p.setDefinition(new CpsFlowDefinition(script, true)); + + r.assertBuildStatusSuccess(p.scheduleBuild2(0)); + } +}