Jenkins 2.x参数化触发器插件计算参数

Question

I am using the above plugin in a Jenkins job, but want to pass the invoked job some parameter that is computed and/or fetched from some custom source. Easy enough to do in a shell script, except that none of the Add Parameters options that are built-in allow for a way to do this kind of dynamic computation.

I have found the EnvInject plugin, but the problem here is that the computed parameter is a secret and needs to avoid being stored anywhere on disk. The only way I could figure out in the EnvInject plugin requires first writing the computed secret to disk and then read it in from that disk file as an environment variable in a subsequent step using the EnvInject plugin.

So the question is, is there any known parameter source for the Parameterized Trigger Plugin (docs says the parameter sources themselves are pluggable) that would allow me to compute the parameter dynamically?

Answer 1

So I found that the EnvInject plugin can inject environment variables from evaluating a Groovy script. A little less convenient than a simple shell script, especially as there aren't that many examples to be found online or in the plugin docs, but it works.

An example script, which you can put in the Build Environment section by checking the "Inject environment variables" checkbox:

try {
  def json = /curl -s -H "X-Vault-Token:${VAULT_TOKEN}" -X GET https://xxx.yyy.zzz/v1/secret/oe/dmp/aws/mykey.key/.execute().text
  def access_key_id = /echo '${json}' | jq -r '.data' | jq -r '.aws_access_key_id'/.execute().text>
  def secret_access_key = /echo '${json}' | jq -r '.data' | jq -r '.aws_secret_access_key'/.execute().text

  return ['AWS_SECRET_ACCESS_KEY' : secret_access_key, 'AWS_ACCESS_KEY_ID' : access_key_id]
} catch (Throwable t) {
  println(t)
  throw t;
}