Jenkins - "docker login" on staging server with jenkins credential

Question

After pushing to git I want Jenkins to build and deploy the new version of my software (docker image) to a staging environment immediately.

I can make it work but I feel there should be a better way of doing this, especially pulling and running the docker image on the staging server.

How I do it now:

1. multistage docker build and publish to my private registry
2. copy a secret file (managed in Jenkins credentials) to the Jenkins workspace
3. copy the secret file from the Jenkins workspace to the staging server with sshTransfer
4. cat secretFile >> docker login my.private.registry --password-stdin

The problems with this (those that I see, there are probably more)

• 2-4 ist just to hide the docker password from history entries, instead of that I have those files that could be read (especially if I forget to delete them afterward)
• In sshTransfer execCommand runs in a different directory than copying files. Therefore I need to hardcode the absolute path to the copied secret file in the execCommand. So I would have to change the jenkinsfile if I change the "Remote Directory" in the SSHPublisher config.

Answer 1

You can use the Jenkins credentials store directly. Just create a credential with the username and password and add this to your pipeline.

withCredentials([usernamePassword(credentialsId: '<credentials-id>', passwordVariable: 'password', usernameVariable: 'username')]) {
    sh "docker login -u $username -p $password ..."
}

It will hide the password automatically.