Restrict aptly promote pipeline with whatever source and target
Change-Id: I8b24f94c337286eaa571a0474bc3b8c899675895
diff --git a/aptly-promote-pipeline.groovy b/aptly-promote-pipeline.groovy
index bf73bec..ec058ce 100644
--- a/aptly-promote-pipeline.groovy
+++ b/aptly-promote-pipeline.groovy
@@ -30,15 +30,19 @@
try {
stage("promote") {
// promote is restricted to users in aptly-promote-users LDAP group
- lock("aptly-api") {
- for (storage in storages) {
- if (storage == "local") {
- storage = ""
- }
- retry(2) {
- aptly.promotePublish(APTLY_URL, SOURCE, TARGET, RECREATE, components, packages, DIFF_ONLY, '-d --timeout 600', DUMP_PUBLISH.toBoolean(), storage)
- }
- }
+ if(jenkinsUtils.currentUserInGroups(["mcp-cicd-admins", "release-engineering"])){
+ lock("aptly-api") {
+ for (storage in storages) {
+ if (storage == "local") {
+ storage = ""
+ }
+ retry(2) {
+ aptly.promotePublish(APTLY_URL, SOURCE, TARGET, RECREATE, components, packages, DIFF_ONLY, '-d --timeout 600', DUMP_PUBLISH.toBoolean(), storage)
+ }
+ }
+ }
+ }else{
+ throw new Exception(String.format("You don't have permissions to make aptly promote from source:%s to target:%s! Only CI/CD and QA team can perform aptly promote.", SOURCE, TARGET))
}
}
} catch (Throwable e) {
@@ -60,4 +64,3 @@
}
}
}
-