kie-issues#727: define push GH tokens for jenkins

.ci/jenkins/Jenkinsfile.nightly

@@ -118,10 +118,10 @@ pipeline {
                                 // Update examples nightly branch
                                 dir('kogito-examples') {
                                     deleteDir()
-                                    checkout(githubscm.resolveRepository('incubator-kie-kogito-examples', getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsID()))
+                                    checkout(githubscm.resolveRepository('incubator-kie-kogito-examples', getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId()))
                                     String nightlyBranch = "nightly-${getBuildBranch()}"
                                     githubscm.createBranch(nightlyBranch)
-                                    githubscm.pushObject('origin', nightlyBranch, getGitAuthorCredsID())
+                                    githubscm.pushObject('origin', nightlyBranch, getGitAuthorPushCredsId())
                                 }
                             }
                         }
@@ -243,6 +243,10 @@ String getGitAuthor() {
     return env.GIT_AUTHOR
 }
 
-String getGitAuthorCredsID() {
+String getGitAuthorCredsId() {
     return env.GIT_AUTHOR_CREDS_ID
 }
+
+String getGitAuthorPushCredsId() {
+    return env.GIT_AUTHOR_PUSH_CREDS_ID
+}

.ci/jenkins/Jenkinsfile.nightly.cloud

@@ -306,7 +306,7 @@ String getGitAuthor() {
     return env.GIT_AUTHOR
 }
 
-String getGitAuthorCredsID() {
+String getGitAuthorCredsId() {
     return env.GIT_AUTHOR_CREDS_ID
 }
 

.ci/jenkins/Jenkinsfile.setup-branch

@@ -75,10 +75,10 @@ pipeline {
                         // Update examples nightly branch
                         dir('kogito-examples') {
                             deleteDir()
-                            checkout(githubscm.resolveRepository('incubator-kie-kogito-examples', getGitAuthor(), getBuildBranch(), false))
+                            checkout(githubscm.resolveRepository('incubator-kie-kogito-examples', getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId()))
                             String nightlyBranch = "nightly-${getBuildBranch()}"
                             githubscm.createBranch(nightlyBranch)
-                            githubscm.pushObject('origin', nightlyBranch, getGitAuthorCredsID())
+                            githubscm.pushObject('origin', nightlyBranch, getGitAuthorPushCredsId())
                         }
                     }
                 }
@@ -231,10 +231,14 @@ String getGitAuthor() {
     return env.GIT_AUTHOR
 }
 
-String getGitAuthorCredsID() {
+String getGitAuthorCredsId() {
     return env.GIT_AUTHOR_CREDS_ID
 }
 
+String getGitAuthorPushCredsId() {
+    return env.GIT_AUTHOR_PUSH_CREDS_ID
+}
+
 String getDroolsVersion() {
     return params.DROOLS_VERSION ?: getVersionFromReleaseBranch(util.calculateTargetReleaseBranch(getBuildBranch(), 7))
 }

.ci/jenkins/Jenkinsfile.setup-branch.cloud

@@ -191,7 +191,7 @@ String getGitAuthor() {
     return env.GIT_AUTHOR
 }
 
-String getGitAuthorCredsID() {
+String getGitAuthorCredsId() {
     return env.GIT_AUTHOR_CREDS_ID
 }
 

.ci/jenkins/Jenkinsfile.tools.update-jenkins-dependencies

@@ -29,9 +29,9 @@ pipeline {
                         deleteDir()
 
                         // Checkout repository
-                        checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsID()))
-                        githubscm.setUserConfig(getGitAuthorCredsID())
-                        branchCreated = getOrCreateGitBranch(getPRBranch(), getGitAuthorCredsID())
+                        checkout(githubscm.resolveRepository(getRepoName(), getGitAuthor(), getBuildBranch(), false, getGitAuthorCredsId()))
+                        githubscm.setUserConfig(getGitAuthorCredsId())
+                        branchCreated = getOrCreateGitBranch(getPRBranch(), getGitAuthorPushCredsId())
                     }
                 }
             }
@@ -127,11 +127,11 @@ pipeline {
                                 githubscm.findAndStageNotIgnoredFiles('pom.xml')
                                 githubscm.findAndStageNotIgnoredFiles('gradle.properties')
                             })
-                            githubscm.pushObject('origin', getPRBranch(), getGitAuthorCredsID())
+                            githubscm.pushObject('origin', getPRBranch(), getGitAuthorPushCredsId())
 
                             if (branchCreated) {
                                 def prBody = "Generated by build ${BUILD_TAG}: ${BUILD_URL}.\nPlease review and merge."
-                                prLink = githubscm.createPR(commitMsg, prBody, getBuildBranch(), getGitAuthorCredsID())
+                                prLink = githubscm.createPR(commitMsg, prBody, getBuildBranch(), getGitAuthorCredsId())
 
                                 sendNotification("Please review PR ${prLink}")
                             } else {
@@ -185,8 +185,12 @@ String getGitAuthor() {
     return env.GIT_AUTHOR
 }
 
-String getGitAuthorCredsID() {
-    return env.AUTHOR_CREDS_ID
+String getGitAuthorCredsId() {
+    return env.GIT_AUTHOR_CREDS_ID
+}
+
+String getGitAuthorPushCredsId() {
+    return env.GIT_AUTHOR_PUSH_CREDS_ID
 }
 
 String getPRBranch() {

.ci/jenkins/config/branch.yaml

@@ -54,8 +54,6 @@ repositories:
   job_display_name: kogito-serverless-operator
 - name: incubator-kie-kogito-docs
   job_display_name: kogito-docs
-# - name: incubator-kie-tools // Commented as this one will be treated at another time
-#   job_display_name: kie-tools
 - name: incubator-kie-docs
   job_display_name: kie-docs
   branch: main-kogito
@@ -66,9 +64,14 @@ git:
     # Need to be verified
     credentials_id: 399061d0-5ab5-4142-a186-a52081fef742
     token_credentials_id: ci-builds
+    push:
+      credentials_id: 84811880-2025-45b6-a44c-2f33bef30ad2 # CI Push Access for KIE
+      token_credentials_id: 41128c14-bb63-4708-9074-d20a318ee630 # GitHub Personal Access Token for KIE
   fork_author:
     name: kie-ci
     credentials_id: kie-ci
+    push:
+      credentials_id: kie-ci
   quarkus:
     author:
       name: quarkusio

.ci/jenkins/config/main.yaml

@@ -29,6 +29,8 @@ seed:
       author:
         name: apache
         credentials_id: ASF_Cloudbees_Jenkins_ci-builds
+        push:
+          credentials_id: 84811880-2025-45b6-a44c-2f33bef30ad2 # CI Push Access for KIE
       branch: main
     path: .ci/jenkins/config/branch.yaml
   jenkinsfile: dsl/seed/jenkinsfiles/Jenkinsfile.seed.branch

.ci/jenkins/dsl/jobs.groovy

@@ -120,7 +120,8 @@ void setupUpdateJenkinsDependenciesJob() {
 
         BUILD_BRANCH_NAME: "${GIT_BRANCH}",
         GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
-        AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
+        GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
+        GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",
     ])
     KogitoJobTemplate.createPipelineJob(this, jobParams)
 }
@@ -133,6 +134,7 @@ void createSetupBranchJob() {
         GIT_BRANCH_NAME: "${GIT_BRANCH}",
         GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
         GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
+        GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",
     ])
     KogitoJobTemplate.createPipelineJob(this, jobParams)?.with {
         parameters {
@@ -170,6 +172,7 @@ void setupNightlyJob() {
         GIT_BRANCH_NAME: "${GIT_BRANCH}",
         GIT_AUTHOR: "${GIT_AUTHOR_NAME}",
         GIT_AUTHOR_CREDS_ID: "${GIT_AUTHOR_CREDENTIALS_ID}",
+        GIT_AUTHOR_PUSH_CREDS_ID: "${GIT_AUTHOR_PUSH_CREDENTIALS_ID}",
     ])
     KogitoJobTemplate.createPipelineJob(this, jobParams)?.with {
         parameters {

.ci/pull-request-config.yaml

@@ -57,14 +57,16 @@ build:
   - project: apache/incubator-kie-kogito-examples
     build-command:
       # First install the main pom
-      # Then build the required submodule pom
+      # Then build the required submodule pom if provided, otherwise build whole
       current: |
-        export MVN_CMD=`bash -c "if [ '${{ env.ENABLE_DEPLOY }}' = 'true' ]; then printf 'deploy ${{ env.DEPLOY_MVN_OPTS }} ${{ env.KOGITO_EXAMPLES_DEPLOY_MVN_OPTS }}'; else printf 'install'; fi"`
-        mvn dependency:tree -pl :kogito-examples clean ${{ env.MVN_CMD }} ${{ env.BUILD_MVN_OPTS }} ${{ env.BUILD_MVN_OPTS_CURRENT }} ${{ env.KOGITO_EXAMPLES_BUILD_MVN_OPTS }}
-        mvn dependency:tree -f ${{ env.KOGITO_EXAMPLES_SUBFOLDER_POM }}pom.xml clean ${{ env.MVN_CMD }} ${{ env.BUILD_MVN_OPTS }} ${{ env.BUILD_MVN_OPTS_CURRENT }} ${{ env.KOGITO_EXAMPLES_BUILD_MVN_OPTS }}
+        mvn dependency:tree -pl :kogito-examples clean install ${{ env.BUILD_MVN_OPTS }} ${{ env.BUILD_MVN_OPTS_CURRENT }} ${{ env.KOGITO_EXAMPLES_BUILD_MVN_OPTS }}
+        mvn dependency:tree -f ${{ env.KOGITO_EXAMPLES_SUBFOLDER_POM }}pom.xml clean install ${{ env.BUILD_MVN_OPTS }} ${{ env.BUILD_MVN_OPTS_CURRENT }} ${{ env.KOGITO_EXAMPLES_BUILD_MVN_OPTS }}
       upstream: |
         mvn dependency:tree clean install -DskipTests -DskipITs ${{ env.BUILD_MVN_OPTS }} ${{ env.BUILD_MVN_OPTS_UPSTREAM }} ${{ env.KOGITO_EXAMPLES_BUILD_MVN_OPTS_UPSTREAM }}
-  
+      after:
+        # In case of deploy, deploy the parent poms only.
+        current: |
+          bash -c "if [ '${{ env.ENABLE_DEPLOY }}' = 'true' ]; then mvn dependency:tree -DskipTests -DskipITs -pl .,kogito-quarkus-examples,kogito-springboot-examples,serverless-workflow-examples deploy ${{ env.DEPLOY_MVN_OPTS }} ${{ env.KOGITO_EXAMPLES_DEPLOY_MVN_OPTS }}; else echo 'No deploy is scheduled'; fi"
   # - project: kiegroup/kie-jpmml-integration
   #   build-command:
   #     current: |

dsl/seed/jenkinsfiles/Jenkinsfile.environment.integration-branch

@@ -99,7 +99,7 @@ String getGitAuthor() {
 }
 
 String getGitAuthorCredsId() {
-    return "${AUTHOR_CREDS_ID}"
+    return "${GIT_AUTHOR_CREDS_ID}"
 }
 
 String getGitAuthorTokenCredsId() {

dsl/seed/jenkinsfiles/Jenkinsfile.release.prepare

@@ -71,7 +71,7 @@ pipeline {
                         if (githubscm.isThereAnyChanges()) {
                             sh 'git diff'
                             githubscm.commitChanges('Setup DSL branch config after cut-off')
-                            githubscm.pushObject('origin', newBranch, getMainBranchConfigFileGitAuthorCredentialsId())
+                            githubscm.pushObject('origin', newBranch, getMainBranchConfigFileGitAuthorPushCredentialsId())
 
                             sendNotification("Branch config on ${newBranch} has been updated with correct configuration")
                         } else {
@@ -126,7 +126,7 @@ pipeline {
                         if (githubscm.isThereAnyChanges()) {
                             sh 'git diff'
                             githubscm.commitChanges("Add release branch ${getEcosystemReleaseBranch()} after cut-off")
-                            githubscm.pushObject('origin', env.SEED_CONFIG_FILE_GIT_BRANCH, env.SEED_CONFIG_FILE_GIT_AUTHOR_CREDS_ID)
+                            githubscm.pushObject('origin', env.SEED_CONFIG_FILE_GIT_BRANCH, env.SEED_CONFIG_FILE_GIT_AUTHOR_PUSH_CREDS_ID)
 
                             sendNotification("Main config has been updated with release branch ${getEcosystemReleaseBranch()}")
                         } else {
@@ -257,15 +257,15 @@ void createBranches(List repositories) {
         String repoName = repoConfig.name
         String baseBranch = repoConfig.branch
         String releaseBranch = getReleaseBranchFromRepository(repoConfig.name)
-        String gitAuthorCredsId = repoConfig.author?.credentials_id ?: readMainBranchConfig().git.author.credentials_id
-        assert gitAuthorCredsId : "Cannot find any credentials Id for git author ${repoConfig.author.name}. Please check your branch seed config file."
+        String gitAuthorPushCredsId = repoConfig.author?.push?.credentials_id ?: readMainBranchConfig().git.author.push.credentials_id
+        assert gitAuthorPushCredsId : "Cannot find any credentials Id for git author ${repoConfig.author.name}. Please check your branch seed config file."
         String gitAuthor = repoConfig.author?.name ?: readMainBranchConfig().git.author.name
 
         echo "Checkout repo ${gitAuthor}/${repoName} on branch ${baseBranch}"
         dir(repoName) {
             deleteDir()
-            checkout(githubscm.resolveRepository(repoName, gitAuthor, baseBranch, false, gitAuthorCredsId))
-            getOrCreateGitBranch(releaseBranch, gitAuthorCredsId)
+            checkout(githubscm.resolveRepository(repoName, gitAuthor, baseBranch, false, gitAuthorPushCredsId))
+            getOrCreateGitBranch(releaseBranch, gitAuthorPushCredsId)
         }
         // Update the branch with the new release branch
         repoConfig.branch = releaseBranch
@@ -403,6 +403,10 @@ String getMainBranchConfigFileGitAuthorCredentialsId() {
     return readSeedConfig().seed.config_file.git.author.credentials_id
 }
 
+String getMainBranchConfigFileGitAuthorPushCredentialsId() {
+    return readSeedConfig().seed.config_file.git.author.push.credentials_id
+}
+
 String getMainBranchConfigFileGitBranch() {
     return readSeedConfig().seed.config_file.git.branch
 }

dsl/seed/jenkinsfiles/Jenkinsfile.remove.branches

@@ -72,7 +72,7 @@ pipeline {
                             String prLink = commitAndCreatePR(commitMsg, localBranch, targetBranch)
                             sh "git checkout ${targetBranch}"
                             mergeAndPush(prLink, targetBranch)
-                            githubscm.removeRemoteBranch('origin', localBranch, getGitAuthorCredsId())
+                            githubscm.removeRemoteBranch('origin', localBranch, getGitAuthorPushCredsId())
                         } else {
                             println '[WARN] no changes to commit'
                         }
@@ -114,6 +114,10 @@ void getGitAuthorCredsId(){
     return env.GIT_AUTHOR_CREDENTIALS_ID
 }
 
+void getGitAuthorPushCredsId(){
+    return env.GIT_AUTHOR_PUSH_CREDENTIALS_ID
+}
+
 void getGitAuthor() {
     return env.GIT_AUTHOR
 }
@@ -131,13 +135,13 @@ void sendErrorNotification() {
 String commitAndCreatePR(String commitMsg, String localBranch, String targetBranch) {
     def prBody = "Generated by ${BUILD_URL}"
     githubscm.commitChanges(commitMsg)
-    githubscm.pushObject('origin', localBranch, getGitAuthorCredsId())
+    githubscm.pushObject('origin', localBranch, getGitAuthorPushCredsId())
     return githubscm.createPR(commitMsg, prBody, targetBranch, getGitAuthorCredsId())
 }
 
 void mergeAndPush(String prLink, String targetBranch) {
     if (prLink?.trim()) {
         githubscm.mergePR(prLink, getGitAuthorCredsId())
-        githubscm.pushObject('origin', targetBranch, getGitAuthorCredsId())
+        githubscm.pushObject('origin', targetBranch, getGitAuthorPushCredsId())
     }
 }

dsl/seed/jenkinsfiles/Jenkinsfile.seed.branch

@@ -135,6 +135,7 @@ pipeline {
                                 (generateEnvKey(it, 'git_branch')): getRepoConfig(it).git.branch,
                                 (generateEnvKey(it, 'git_author')): getRepoConfig(it).git.author.name,
                                 (generateEnvKey(it, 'git_author_credentials_id')): getRepoConfig(it).git.author.credentials_id,
+                                (generateEnvKey(it, 'git_author_push_credentials_id')): getRepoConfig(it).git.author.push.credentials_id,
                             ]
                         }
 
@@ -269,7 +270,9 @@ def getRepoConfig(String repository, String generationBranch = "${GENERATION_BRA
     cfg.git.author = cfg.git.author ?: [:]
     cfg.git.author.name = repoConfig.author?.name ?: cfg.git.author.name
     cfg.git.author.credentials_id = repoConfig.author?.credentials_id ?: cfg.git.author.credentials_id
+    cfg.git.author.push.credentials_id = repoConfig.author?.push?.credentials_id ?: cfg.git.author.push.credentials_id
     cfg.git.author.token_credentials_id = repoConfig.author?.credentials_id ?: cfg.git.author.token_credentials_id
+    cfg.git.author.push.token_credentials_id = repoConfig.author?.push?.token_credentials_id ?: cfg.git.author.push.token_credentials_id
 
     String buildchainRepo = cfg.buildchain_config?.git?.repository
     if (buildchainRepo) {

dsl/seed/jenkinsfiles/Jenkinsfile.seed.main

@@ -54,6 +54,7 @@ pipeline {
                         SEED_CONFIG_FILE_GIT_REPOSITORY: "${SEED_CONFIG_FILE_GIT_REPOSITORY}",
                         SEED_CONFIG_FILE_GIT_AUTHOR_NAME: "${SEED_CONFIG_FILE_GIT_AUTHOR_NAME}",
                         SEED_CONFIG_FILE_GIT_AUTHOR_CREDS_ID: "${SEED_CONFIG_FILE_GIT_AUTHOR_CREDS_ID}",
+                        SEED_CONFIG_FILE_GIT_AUTHOR_PUSH_CREDS_ID: readSeedConfig().seed.config_file.git.author.push.credentials_id,
                         SEED_CONFIG_FILE_GIT_BRANCH: "${SEED_CONFIG_FILE_GIT_BRANCH}",
                         SEED_CONFIG_FILE_PATH: "${SEED_CONFIG_FILE_PATH}",
                         ALL_BRANCHES: readSeedConfig().git.branches.collect { it.name }.join(','),
@@ -98,6 +99,7 @@ pipeline {
                             SEED_CONFIG_FILE_GIT_REPOSITORY: branchConfigFileInfo.repository,
                             SEED_CONFIG_FILE_GIT_AUTHOR_NAME: branchConfigFileInfo.author,
                             SEED_CONFIG_FILE_GIT_AUTHOR_CREDS_ID: branchConfigFileInfo.credentials,
+                            SEED_CONFIG_FILE_GIT_AUTHOR_PUSH_CREDS_ID: branchConfigFileInfo.push_credentials,
                             SEED_CONFIG_FILE_GIT_BRANCH: branchConfigFileInfo.branch,
                             SEED_CONFIG_FILE_PATH: branchConfigFileInfo.filepath,
                         ]
@@ -226,6 +228,7 @@ def getBranchConfigFileInfo(branchInfo) {
         repository: branchInfo.seed?.config_file?.git?.repository ?: readSeedConfig().seed.config_file.git.repository,
         author: branchInfo.seed?.config_file?.git?.author?.name ?: readSeedConfig().seed.config_file.git.author.name,
         credentials: branchInfo.seed?.config_file?.git?.author?.credentials_id ?: readSeedConfig().seed.config_file.git.author.credentials_id,
+        push_credentials: branchInfo.seed?.config_file?.git?.author?.push?.credentials_id ?: readSeedConfig().seed.config_file.git.author.push.credentials_id,
         branch: branchInfo.seed?.config_file?.git?.branch ?: branchInfo.name,
         filepath: branchInfo.seed?.config_file?.path ?: readSeedConfig().seed.config_file.path,
         jenkinsfile: branchInfo.seed?.jenkinsfile ?: (readSeedConfig().seed.jenkinsfile ?: 'dsl/seed/jenkinsfiles/Jenkinsfile.seed.branch'),

dsl/seed/jenkinsfiles/Jenkinsfile.tools.toggle-triggers

@@ -56,7 +56,7 @@ pipeline {
                             String commitMsg = "[${getSeedConfigBranch()}] DSL triggers ${DISABLE_TRIGGERS ? 'disabled' : 'enabled'}"
                             githubscm.createBranch(getPRBranch())
                             githubscm.commitChanges(commitMsg)
-                            githubscm.pushObject('origin', getPRBranch(), getSeedConfigAuthorCredsId())
+                            githubscm.pushObject('origin', getPRBranch(), getSeedConfigAuthorPushCredsId())
 
                             // Create PR
                             def prBody = "Generated by ${BUILD_URL}"
@@ -65,8 +65,8 @@ pipeline {
                             // Merge automatically PR
                             sh "git checkout ${getSeedConfigBranch()}"
                             githubscm.mergePR(prLink, getSeedConfigAuthorCredsId())
-                            githubscm.pushObject('origin', getSeedConfigBranch(), getSeedConfigAuthorCredsId())
-                            githubscm.removeRemoteBranch('origin', getPRBranch(), SEED_CONFIG_FILE_GIT_AUTHOR_CREDS_ID)
+                            githubscm.pushObject('origin', getSeedConfigBranch(), getSeedConfigAuthorPushCredsId())
+                            githubscm.removeRemoteBranch('origin', getPRBranch(), getSeedConfigAuthorPushCredsId())
                         } else {
                             println '[WARN] no changes to commit'
                         }
@@ -103,6 +103,10 @@ String getSeedConfigAuthorCredsId() {
     return env.SEED_CONFIG_FILE_GIT_AUTHOR_CREDS_ID
 }
 
+String getSeedConfigAuthorPushCredsId() {
+    return env.SEED_CONFIG_FILE_GIT_AUTHOR_PUSH_CREDS_ID
+}
+
 String getSeedConfigBranch() {
     return env.SEED_CONFIG_FILE_GIT_BRANCH
 }