我有一个Jenkins作业,该作业仅用于将一个docker映像从注册表移至另一个。
为安全起见,必须将docker命令运行到远程ssh连接中。我想知道如何安全地将用户名/密码传输到此远程连接,也许使用Jenkins凭据
node {
stage('Move artifact') {
GString imageName = "project:imageName"
sshagent (credentials: ['ssh-credentials']) {
runSSHCommand("docker pull source.registry/${imageName}", env.DOCKER_HOST)
runSSHCommand("docker login destination.registry -u=${env.DOCKER_USERNAME} -p=${env.DOCKER_PASSWORD}", env.DOCKER_HOST)
runSSHCommand("docker tag source.registry/${imageName} destination.registry/${imageName}", env.DOCKER_HOST)
runSSHCommand("docker push destination.registry/${imageName}", env.DOCKER_HOST)
}
}
}
def runSSHCommand(GString command, host) {
sh 'ssh -tt -o ExitOnForwardFailure=yes -o StrictHostKeyChecking=no ' + host + ' "' + command + '"'
}
是否有一种安全的方法来不将$ {DOCKER_USERNAME}和$ {DOCKER_PASSWORD}放入环境变量,而是使用Jenkins的凭据?