maintenance(jenkins): stabilize ariadne api token bootstrap

2026-04-13 02:55:10 -03:00 · 2026-04-13 02:55:10 -03:00 · 0ffe1e1905
commit 0ffe1e1905
parent 4e9b232a4f
2 changed files with 37 additions and 26 deletions
--- a/services/jenkins/deployment.yaml
+++ b/services/jenkins/deployment.yaml
@ -52,7 +52,7 @@ spec:
          ARIADNE_JENKINS_API_USER={{ .Data.data.username }}
          ARIADNE_JENKINS_API_TOKEN={{ .Data.data.token }}
          {{ end }}
-        bstein.dev/restarted-at: "2026-04-13T05:20:00Z"
+        bstein.dev/restarted-at: "2026-04-13T06:35:00Z"
    spec:
      serviceAccountName: jenkins
      nodeSelector:
--- a/services/jenkins/scripts/ariadne-api-user.groovy
+++ b/services/jenkins/scripts/ariadne-api-user.groovy
@ -2,13 +2,15 @@ import hudson.model.User
 import jenkins.security.ApiTokenProperty
 def userId = (System.getenv("ARIADNE_JENKINS_API_USER") ?: "").trim()
-def tokenValue = (System.getenv("ARIADNE_JENKINS_API_TOKEN") ?: "").trim()
+def envTokenValue = (System.getenv("ARIADNE_JENKINS_API_TOKEN") ?: "").trim()
 def tokenName = "ariadne-weather"
 def tokenFile = new File("/var/jenkins_home/secrets/ariadne-api-token")
 def userFile = new File("/var/jenkins_home/secrets/ariadne-api-user")
 def persistedTokenValue = tokenFile.exists() ? (tokenFile.text ?: "").trim() : ""
 def tokenValue = envTokenValue ?: persistedTokenValue
 if (!userId || !tokenValue) {
-  println("Ariadne API user bootstrap skipped: missing ARIADNE_JENKINS_API_USER or ARIADNE_JENKINS_API_TOKEN")
+  println("Ariadne API user bootstrap skipped: missing ARIADNE_JENKINS_API_USER and no token source available")
  return
 }
@ -28,30 +30,35 @@ if (prop == null) {
  user.addProperty(prop)
 }
 if (persistedTokenValue && prop.matchesPassword(persistedTokenValue)) {
  tokenValue = persistedTokenValue
 }
 if (!prop.matchesPassword(tokenValue)) {
  def store = prop.getTokenStore()
  def existing = store.getTokenListSortedByName().find { token ->
    try {
      token.getName() == tokenName
    } catch (Throwable ignored) {
      false
    }
  }
  if (existing != null) {
    try {
      store.revokeToken(existing.getUuid())
    } catch (Throwable ignored) {
      try {
        store.revokeToken(existing.uuid)
      } catch (Throwable ignoredAgain) {
        println("Ariadne API user bootstrap warning: failed to revoke existing token ${tokenName}")
      }
    }
  }
  boolean configured = false
  try {
    def existing = store.getTokenListSortedByName().find { token ->
      try {
        token.getName() == tokenName
      } catch (Throwable ignored) {
        false
      }
    }
    if (existing != null) {
      try {
        store.revokeToken(existing.getUuid())
      } catch (Throwable ignored) {
        try {
          store.revokeToken(existing.uuid)
        } catch (Throwable ignoredAgain) {
          println("Ariadne API user bootstrap warning: failed to revoke existing token ${tokenName}")
        }
      }
    }
    store.addFixedNewToken(tokenName, tokenValue)
    configured = true
  } catch (Throwable ignored) {
@ -59,11 +66,15 @@ if (!prop.matchesPassword(tokenValue)) {
  }
  if (!configured) {
-    def generated = store.generateNewToken(tokenName)
+    if (persistedTokenValue && prop.matchesPassword(persistedTokenValue)) {
-    if (generated?.plainValue) {
+      tokenValue = persistedTokenValue
-      tokenValue = generated.plainValue
+    } else {
      def generated = store.generateNewToken(tokenName)
      if (generated?.plainValue) {
        tokenValue = generated.plainValue
      }
      println("Ariadne API user bootstrap warning: addFixedNewToken unavailable, generated replacement token")
    }
    println("Ariadne API user bootstrap warning: addFixedNewToken unavailable, generated replacement token")
  }
 }