Support environment variable creation in Jenkins

All variables are being created as credentials in Jenkins.
Credentials get masked in Jenkins logs which is unwanted for non-secret
variables that should be exposed to users via EYECATCHER.

Add a script for creating a Jenkins global variable and use it in the
existing hack script for setup

Signed-off-by: Tomáš Nevrlka <tnevrlka@redhat.com>

rh-pre-commit.version: 2.3.2
rh-pre-commit.check-secrets: ENABLED

Author: tnevrlka

ci-test.sh

@@ -146,7 +146,7 @@ updateRepos $GITLAB_GITOPS
 # Jenkins
 # note, jenkins secrets are global so set once"
 if [ $SKIP_SECRETS == "false" ]; then
-    bash hack/jenkins-set-secrets
+    bash hack/jenkins-set-variables
 fi
 updateRepos $JENKINS_BUILD
 updateRepos $JENKINS_GITOPS

hack/jenkins-create-secret

@@ -14,7 +14,6 @@ cat << CREDS > $CREDS
 </org.jenkinsci.plugins.plaincredentials.impl.StringCredentialsImpl>
 CREDS
 
-#cat $CREDS
 echo "Creating Jenkins credential $SECRET_NAME"
 java -jar $SCRIPTDIR/jenkins-cli.jar -s $MY_JENKINS_SERVER \
     -auth $MY_JENKINS_USER:$MY_JENKINS_TOKEN \

hack/jenkins-create-variable

@@ -0,0 +1,31 @@
+#!/bin/bash
+
+set -euo pipefail
+
+SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
+
+if [ $# -ne 2 ]; then
+    echo "Invalid number of arguments"
+    echo
+    echo "Usage: $0 <key> <value>"
+    exit 1
+fi
+
+key="$1"
+value="$2"
+
+# Define a Groovy script that creates/updates an environment variable
+read -r -d '' groovy_create_var << EOF
+import jenkins.model.*
+nodes = Jenkins.instance.globalNodeProperties
+nodes.getAll(hudson.slaves.EnvironmentVariablesNodeProperty.class)
+envVars = nodes[0].envVars
+envVars['${key}'] = '"${value}"'
+println("Set '${key}' to: " + envVars['${key}'])
+EOF
+
+# Run the Groovy script via Jenkins CLI
+java -jar "$SCRIPTDIR/jenkins-cli.jar" \
+    -s "$MY_JENKINS_SERVER" \
+    -auth "$MY_JENKINS_USER:$MY_JENKINS_TOKEN" \
+    groovy = < <(echo "$groovy_create_var")

hack/jenkins-set-secrets

@@ -0,0 +1,25 @@
+#!/bin/bash
+SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
+
+ENV="MY_JENKINS_SERVER MY_JENKINS_USER MY_JENKINS_TOKEN COSIGN_SECRET_PASSWORD COSIGN_SECRET_KEY COSIGN_PUBLIC_KEY "
+
+ENV+=" ACS__API_TOKEN ACS__CENTRAL_ENDPOINT GITOPS_AUTH_PASSWORD "
+source "$SCRIPTDIR/../rhtap/verify-deps-exist" "$ENV" "java "
+
+bash "$SCRIPTDIR/jenkins-create-secret" ROX_API_TOKEN "$ACS__API_TOKEN"
+bash "$SCRIPTDIR/jenkins-create-variable" ROX_CENTRAL_ENDPOINT "$ACS__CENTRAL_ENDPOINT"
+
+bash "$SCRIPTDIR/jenkins-create-secret" GITOPS_AUTH_PASSWORD "$GITOPS_AUTH_PASSWORD"
+
+bash "$SCRIPTDIR/jenkins-create-secret" COSIGN_SECRET_PASSWORD "$COSIGN_SECRET_PASSWORD"
+bash "$SCRIPTDIR/jenkins-create-secret" COSIGN_SECRET_KEY "$COSIGN_SECRET_KEY"
+bash "$SCRIPTDIR/jenkins-create-variable" COSIGN_PUBLIC_KEY "$COSIGN_PUBLIC_KEY"
+
+bash "$SCRIPTDIR/jenkins-create-variable" TRUSTIFICATION_BOMBASTIC_API_URL "$TRUSTIFICATION_BOMBASTIC_API_URL"
+bash "$SCRIPTDIR/jenkins-create-variable" TRUSTIFICATION_OIDC_ISSUER_URL "$TRUSTIFICATION_OIDC_ISSUER_URL"
+bash "$SCRIPTDIR/jenkins-create-variable" TRUSTIFICATION_OIDC_CLIENT_ID "$TRUSTIFICATION_OIDC_CLIENT_ID"
+bash "$SCRIPTDIR/jenkins-create-secret" TRUSTIFICATION_OIDC_CLIENT_SECRET "$TRUSTIFICATION_OIDC_CLIENT_SECRET"
+bash "$SCRIPTDIR/jenkins-create-variable" TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION "$TRUSTIFICATION_SUPPORTED_CYCLONEDX_VERSION"
+
+bash "$SCRIPTDIR/jenkins-create-user-password" QUAY_IO_CREDS "$MY_QUAY_USER" "$MY_QUAY_PW"
+