maintenance(jenkins): stabilize ariadne api token bootstrap

2026-04-13 02:55:10 -03:00 · 2026-04-13 02:55:10 -03:00 · 0ffe1e1905
commit 0ffe1e1905
parent 4e9b232a4f
2 changed files with 37 additions and 26 deletions
--- a/services/jenkins/deployment.yaml
+++ b/services/jenkins/deployment.yaml
@ -52,7 +52,7 @@ spec:
          ARIADNE_JENKINS_API_USER={{ .Data.data.username }}
          ARIADNE_JENKINS_API_TOKEN={{ .Data.data.token }}
          {{ end }}
-        bstein.dev/restarted-at: "2026-04-13T05:20:00Z"
+        bstein.dev/restarted-at: "2026-04-13T06:35:00Z"
    spec:
      serviceAccountName: jenkins
      nodeSelector:
--- a/services/jenkins/scripts/ariadne-api-user.groovy
+++ b/services/jenkins/scripts/ariadne-api-user.groovy
@ -2,13 +2,15 @@ import hudson.model.User
 import jenkins.security.ApiTokenProperty

 def userId = (System.getenv("ARIADNE_JENKINS_API_USER") ?: "").trim()
-def tokenValue = (System.getenv("ARIADNE_JENKINS_API_TOKEN") ?: "").trim()
+def envTokenValue = (System.getenv("ARIADNE_JENKINS_API_TOKEN") ?: "").trim()
 def tokenName = "ariadne-weather"
 def tokenFile = new File("/var/jenkins_home/secrets/ariadne-api-token")
 def userFile = new File("/var/jenkins_home/secrets/ariadne-api-user")
+def persistedTokenValue = tokenFile.exists() ? (tokenFile.text ?: "").trim() : ""
+def tokenValue = envTokenValue ?: persistedTokenValue

 if (!userId || !tokenValue) {
-  println("Ariadne API user bootstrap skipped: missing ARIADNE_JENKINS_API_USER or ARIADNE_JENKINS_API_TOKEN")
+  println("Ariadne API user bootstrap skipped: missing ARIADNE_JENKINS_API_USER and no token source available")
  return
 }

@ -28,30 +30,35 @@ if (prop == null) {
  user.addProperty(prop)
 }

+if (persistedTokenValue && prop.matchesPassword(persistedTokenValue)) {
+  tokenValue = persistedTokenValue
+}
+
 if (!prop.matchesPassword(tokenValue)) {
  def store = prop.getTokenStore()
-  def existing = store.getTokenListSortedByName().find { token ->
-    try {
-      token.getName() == tokenName
-    } catch (Throwable ignored) {
-      false
-    }
-  }
-
-  if (existing != null) {
-    try {
-      store.revokeToken(existing.getUuid())
-    } catch (Throwable ignored) {
-      try {
-        store.revokeToken(existing.uuid)
-      } catch (Throwable ignoredAgain) {
-        println("Ariadne API user bootstrap warning: failed to revoke existing token ${tokenName}")
-      }
-    }
-  }

  boolean configured = false
  try {
+    def existing = store.getTokenListSortedByName().find { token ->
+      try {
+        token.getName() == tokenName
+      } catch (Throwable ignored) {
+        false
+      }
+    }
+
+    if (existing != null) {
+      try {
+        store.revokeToken(existing.getUuid())
+      } catch (Throwable ignored) {
+        try {
+          store.revokeToken(existing.uuid)
+        } catch (Throwable ignoredAgain) {
+          println("Ariadne API user bootstrap warning: failed to revoke existing token ${tokenName}")
+        }
+      }
+    }
+
    store.addFixedNewToken(tokenName, tokenValue)
    configured = true
  } catch (Throwable ignored) {
@ -59,11 +66,15 @@ if (!prop.matchesPassword(tokenValue)) {
  }

  if (!configured) {
-    def generated = store.generateNewToken(tokenName)
-    if (generated?.plainValue) {
-      tokenValue = generated.plainValue
+    if (persistedTokenValue && prop.matchesPassword(persistedTokenValue)) {
+      tokenValue = persistedTokenValue
+    } else {
+      def generated = store.generateNewToken(tokenName)
+      if (generated?.plainValue) {
+        tokenValue = generated.plainValue
+      }
+      println("Ariadne API user bootstrap warning: addFixedNewToken unavailable, generated replacement token")
    }
-    println("Ariadne API user bootstrap warning: addFixedNewToken unavailable, generated replacement token")
  }
 }