Fix: Private repos can not run terraform plan on PR (#1264)

* Try wrapping in withCredentials
hmcts · Sep 2, 2024 · 7dcfa0f · 7dcfa0f
1 parent a1ef8c9
commit 7dcfa0f
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 10 deletions.
diff --git a/resources/uk/gov/hmcts/infrastructure/check-infrastructure-files-changed.sh b/resources/uk/gov/hmcts/infrastructure/check-infrastructure-files-changed.sh
@@ -1,6 +1,9 @@
 #!/bin/bash
-set -ex
+set -x
 
-git fetch origin master:master
+USER_NAME=${1}
+BEARER_TOKEN=${2}
 
+git remote set-url origin $(git config remote.origin.url | sed "s/github.com/${USER_NAME}:${BEARER_TOKEN}@github.com/g")
+git fetch origin master:master
 git diff -s --exit-code master infrastructure/
diff --git a/vars/onTerraformChangeInPR.groovy b/vars/onTerraformChangeInPR.groovy
@@ -1,15 +1,19 @@
 def call(Closure block) {
+  def credentialsId = env.GIT_CREDENTIALS_ID
   folderExists('infrastructure') {
     writeFile file: 'check-infrastructure-files-changed.sh', text: libraryResource('uk/gov/hmcts/infrastructure/check-infrastructure-files-changed.sh')
 
-    def infraFolderHasChanges = sh(
-      script: "chmod +x check-infrastructure-files-changed.sh\n" +
-        "    ./check-infrastructure-files-changed.sh",
-      returnStatus: true
-    )
-    sh 'rm check-infrastructure-files-changed.sh'
-    if (infraFolderHasChanges == 1) {
-      return block.call()
+    withCredentials([usernamePassword(credentialsId: credentialsId, passwordVariable: 'BEARER_TOKEN', usernameVariable: 'APP_ID')]) {
+      def bearerToken = env.BEARER_TOKEN
+      def infraFolderHasChanges = sh(
+        script: "chmod +x check-infrastructure-files-changed.sh\n" +
+          "    ./check-infrastructure-files-changed.sh $credentialsId $bearerToken",
+        returnStatus: true
+      )
+      sh 'rm check-infrastructure-files-changed.sh'
+      if (infraFolderHasChanges == 1) {
+        return block.call()
+      }
     }
   }
 }