juwan/juwan-backend
1
0
Fork 0
Code Issues Pull Requests Actions 3 Packages Projects Releases Wiki Activity

fix(jenkins): use curl --get --data-urlencode to avoid shell glob, no python3 required

Browse Source
This commit is contained in:
wwweww
2026-05-04 12:53:29 +08:00
parent a3c7c013c5
commit fe84f68648
1 changed files with 21 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files
deploy/jenkins/Jenkinsfile.poll
+21 -49
View File
@@ -98,32 +98,18 @@ pipeline {
]) { ]) {
def services = sh( def services = sh(
script: """ script: """
python3 - <<'PYEOF' curl -sf -u "\${HARBOR_USER}:\${HARBOR_PASS}" \\
import urllib.request, urllib.parse, json, sys, base64 --connect-timeout 10 --max-time 30 \\
--get --data-urlencode "page_size=100" \\
registry = "${HARBOR_API}" "${HARBOR_API}/projects/${params.HARBOR_PROJECT}/repositories" \\
project = "${params.HARBOR_PROJECT}" | tr ',' '\\n' \\
user = "${env.HARBOR_USER}" | grep '"name"' \\
passwd = "${env.HARBOR_PASS}" | sed 's/.*"name":"//' \\
| sed 's/".*//' \\
params = urllib.parse.urlencode({"page_size": 100}) | sed 's|.*/||' \\
url = f"{registry}/projects/{project}/repositories?{params}" | sort \\
| tr '\\n' ',' \\
req = urllib.request.Request(url) | sed 's/,\$//'
creds = base64.b64encode(f"{user}:{passwd}".encode()).decode()
req.add_header("Authorization", f"Basic {creds}")
try:
with urllib.request.urlopen(req, timeout=30) as resp:
repos = json.loads(resp.read())
if not isinstance(repos, list):
sys.exit(1)
names = [r["name"].split("/")[-1] for r in repos]
print(",".join(sorted(names)))
except Exception as e:
print(f"ERROR: {e}", file=sys.stderr)
sys.exit(1)
PYEOF
""", """,
returnStdout: true returnStdout: true
).trim() ).trim()
@@ -159,29 +145,15 @@ PYEOF
def digestResult = sh( def digestResult = sh(
script: """ script: """
python3 - <<'PYEOF' curl -sf -u "\${HARBOR_USER}:\${HARBOR_PASS}" \\
import urllib.request, json, sys, base64 --connect-timeout 10 --max-time 30 \\
"${HARBOR_API}/projects/${params.HARBOR_PROJECT}/repositories/${svc}/artifacts/${params.IMAGE_TAG}" \\
registry = "${HARBOR_API}" | tr ',' '\\n' \\
project = "${params.HARBOR_PROJECT}" | grep '"digest"' \\
svc = "${svc}" | head -1 \\
tag = "${params.IMAGE_TAG}" | sed 's/.*"digest":"//' \\
user = "${env.HARBOR_USER}" | sed 's/".*//' \\
passwd = "${env.HARBOR_PASS}" || true
url = f"{registry}/projects/{project}/repositories/{svc}/artifacts/{tag}"
req = urllib.request.Request(url)
creds = base64.b64encode(f"{user}:{passwd}".encode()).decode()
req.add_header("Authorization", f"Basic {creds}")
try:
with urllib.request.urlopen(req, timeout=30) as resp:
data = json.loads(resp.read())
print(data.get("digest", ""))
except Exception as e:
print(f"ERROR: {e}", file=sys.stderr)
sys.exit(0)
PYEOF
""", """,
returnStdout: true returnStdout: true
).trim() ).trim()