Echo off in Jenkins Console Output

JenkinsAndroid Gradle-PluginEchoAndroid Keystore

Jenkins Problem Overview

I'm following guideline how to sign Android apk with Jenkins. I have parametrized Jenkins job with KSTOREPWD and KEYPWD. A part of Jenkins' job configuration (Build->Execute shell) is to take those parameters and store them as environment variables:

export KSTOREPWD=${KSTOREPWD}
export KEYPWD=${KEYPWD}
...
./gradlew assembleRelease

The problem is when the build is over anybody can access the build "Console Output" and see what passwords were entered; part of that output:

08:06:57 + export KSTOREPWD=secretStorePwd
08:06:57 + KSTOREPWD=secretStorePwd
08:06:57 + export KEYPWD=secretPwd
08:06:57 + KEYPWD=secretPwd

So I'd like to suppress echo before output from export commands and re-enable echo after export commands.

Jenkins Solutions

Solution 1 - Jenkins

By default, Jenkins launches Execute Shell script with set -x. This causes all commands to be echoed

You can type set +x before any command to temporary override that behavior. Of course you will need set -x to start showing them again.

You can override this behaviour for the whole script by putting the following at the top of the build step:
#!/bin/bash +x

Solution 2 - Jenkins

Here is an example of how to write the sh parameter in Jenkinsfile with no output in a more secure way, as suggested in official documentation. The set +x does the main magic as has been written in this answer.

> The single-quotes will > cause the secret to be expanded by the shell as an environment > variable. The double-quotes are potentially less secure as the secret > is interpolated by Groovy, and so typical operating system process > listings (as well as Blue Ocean, and the pipeline steps tree in the > classic UI) will accidentally disclose it:

Insecure, wrong usage:

node {
  withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) {
    sh /* WRONG! */ """
      set +x
      curl -H 'Token: $TOKEN' https://some.api/
    """
  }
}

Correct usage ✅:

node {
  withCredentials([string(credentialsId: 'mytoken', variable: 'TOKEN')]) {
    sh '''
      set +x
      curl -H 'Token: $TOKEN' https://some.api/
    '''
  }
}

Solution 3 - Jenkins

In your specific situation (using gradle and jenkins) you could also use a Password Parameter, using Gradle's pattern for environment variables (ORG_GRADLE_PROJECT_prop). Gradle will then set a propproperty on your project.

In your case this would look something like this

enter image description here

And you can use it in your gradle.properties like this

signingConfigs {
    release {
        storeFile file(KEYSTORE)
        storePassword KSTOREPWD
        keyAlias ALIAS
        keyPassword KEYPWD
    }
}

BTW - I recommend using the credentials binding plugin for KEYSTORE enter image description here

Categories
Recommended Jenkins Solutions
Recommended Android Gradle-Plugin Solutions
Recommended Echo Solutions
Recommended Android Keystore Solutions

Previous Solution:

How can I log each request/response using Alamofire?

IosDebuggingAfnetworking 2Alamofire

Next Solution:

Quickest way to apply a formula to an entire column?

Libreoffice

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionMarian PaździochView Question on Stackoverflow
Solution 1 - JenkinsSlavView Answer on Stackoverflow
Solution 2 - JenkinsIvanRublevView Answer on Stackoverflow
Solution 3 - JenkinsschnattererView Answer on Stackoverflow