commit 7dc8bdf8c93d312d51c72e9ddf8021883f4a5fd9
author Paul Sokolovsky <paul.sokolovsky@linaro.org> Mon Mar 25 12:25:29 2024 +0700
committer Paul Sokolovsky <paul.sokolovsky@linaro.org> Mon Mar 25 12:25:29 2024 +0700
tree f111a6b6fad849bdb41c3a0e2eb12deb36f73289
parent d615c939d3fae31a74ed6776d3f33c342bb0eaba

jenkins/ci.jpl: Fix Groovy warning of insecure variable interpolation

Credential-holding vars should be interpolated on the shell, not Groovy,
level. So, the dollar sign prefixes should be quoted in Groovy strings
to be passed verbatim to shell.

Signed-off-by: Paul Sokolovsky <paul.sokolovsky@linaro.org>
Change-Id: I932523ad5d0c4b7cabd2694f3f39f22cafdd5e8c

jenkins/ci.jpl

diff --git a/jenkins/ci.jpl b/jenkins/ci.jpl
index c614444..b7c6a82 100644
--- a/jenkins/ci.jpl
+++ b/jenkins/ci.jpl
@@ -396,7 +396,7 @@
             }
             withCredentials([usernamePassword(credentialsId: env.LAVA_CREDENTIALS, passwordVariable: 'LAVA_TOKEN', usernameVariable: 'LAVA_USER')]) {
               sh(script: """./tf-m-ci-scripts/lava_helper/lava_wait_jobs.py --job-ids ${all_jobs.join(",")} \
-                         --lava-url ${env.LAVA_URL} --lava-user ${LAVA_USER} --lava-token ${LAVA_TOKEN} \
+                         --lava-url ${env.LAVA_URL} --lava-user \${LAVA_USER} --lava-token \${LAVA_TOKEN} \
                          --artifacts-path cfgs --lava-timeout ${lava_timeout} > output.log
                          """)
               if (env.CODE_COVERAGE_EN == "TRUE") {