Jenkinsfile: re-add versionPostFix, use variables for repo args.

Follow-up to
  Jenkins: prevent Groovy String interpolation leaking secrets.

Author: greenrobot-team

Jenkinsfile

@@ -6,6 +6,18 @@ String gradleArgs = '-Dorg.gradle.daemon=false --stacktrace'
 boolean isPublish = BRANCH_NAME == 'publish'
 String versionPostfix = isPublish ? '' : BRANCH_NAME // Build script detects empty string as not set.
 
+// Note: using single quotes to avoid Groovy String interpolation leaking secrets.
+def internalRepoArgs = '-PinternalObjectBoxRepo=$MVN_REPO_URL ' +
+                '-PinternalObjectBoxRepoUser=$MVN_REPO_LOGIN_USR ' +
+                '-PinternalObjectBoxRepoPassword=$MVN_REPO_LOGIN_PSW'
+def uploadRepoArgs = '-PpreferredRepo=$MVN_REPO_UPLOAD_URL ' +
+                '-PpreferredUsername=$MVN_REPO_LOGIN_USR ' +
+                '-PpreferredPassword=$MVN_REPO_LOGIN_PSW '
+// Note: add quotes around URL parameter to avoid line breaks due to semicolon in URL.
+def uploadRepoArgsBintray = '\"-PpreferredRepo=$BINTRAY_URL\" ' +
+                '-PpreferredUsername=$BINTRAY_LOGIN_USR ' +
+                '-PpreferredPassword=$BINTRAY_LOGIN_PSW'
+
 // https://jenkins.io/doc/book/pipeline/syntax/
 pipeline {
     agent { label 'java' }
@@ -14,15 +26,7 @@ pipeline {
         GITLAB_URL = credentials('gitlab_url')
         MVN_REPO_LOGIN = credentials('objectbox_internal_mvn_user')
         MVN_REPO_URL = credentials('objectbox_internal_mvn_repo_http')
-        // Warning: use single quotes to avoid Groovy String interpolation leaking secrets.
-        MVN_REPO_ARGS = '-PinternalObjectBoxRepo=$MVN_REPO_URL ' +
-                        '-PinternalObjectBoxRepoUser=$MVN_REPO_LOGIN_USR ' +
-                        '-PinternalObjectBoxRepoPassword=$MVN_REPO_LOGIN_PSW'
         MVN_REPO_UPLOAD_URL = credentials('objectbox_internal_mvn_repo')
-        MVN_REPO_UPLOAD_ARGS = '-PpreferredRepo=$MVN_REPO_UPLOAD_URL ' +
-                        '-PpreferredUsername=$MVN_REPO_LOGIN_USR ' +
-                        '-PpreferredPassword=$MVN_REPO_LOGIN_PSW ' +
-                        '-PversionPostFix=$versionPostfix'
         // Note: for key use Jenkins secret file with PGP key as text in ASCII-armored format.
         ORG_GRADLE_PROJECT_signingKeyFile = credentials('objectbox_signing_key')
         ORG_GRADLE_PROJECT_signingKeyId = credentials('objectbox_signing_key_id')
@@ -55,7 +59,7 @@ pipeline {
 
         stage('build-java') {
             steps {
-                sh "./ci/test-with-asan.sh $gradleArgs $MVN_REPO_ARGS -Dextensive-tests=true clean test " +
+                sh "./ci/test-with-asan.sh $gradleArgs $internalRepoArgs -Dextensive-tests=true clean test " +
                         "--tests io.objectbox.FunctionalTestSuite " +
                         "--tests io.objectbox.test.proguard.ObfuscatedEntityTest " +
                         "--tests io.objectbox.rx.QueryObserverTest " +
@@ -66,7 +70,7 @@ pipeline {
 
         stage('upload-to-internal') {
             steps {
-                sh "./gradlew $gradleArgs $MVN_REPO_ARGS $MVN_REPO_UPLOAD_ARGS uploadArchives"
+                sh "./gradlew $gradleArgs $internalRepoArgs $uploadRepoArgs -PversionPostFix=$versionPostfix uploadArchives"
             }
         }
 
@@ -80,12 +84,8 @@ pipeline {
                 googlechatnotification url: 'id:gchat_java',
                     message: "*Publishing* ${currentBuild.fullDisplayName} to Bintray...\n${env.BUILD_URL}"
 
-                // Note: supply internal Maven repo as tests use native dependencies (can't publish those without the Java libraries).
-                // Note: add quotes around URL parameter to avoid line breaks due to semicolon in URL.
-                // Warning: use single quotes to avoid Groovy String interpolation leaking secrets.
-                sh "./gradlew $gradleArgs $MVN_REPO_ARGS " +
-                   '\"-PpreferredRepo=$BINTRAY_URL\" -PpreferredUsername=$BINTRAY_LOGIN_USR -PpreferredPassword=$BINTRAY_LOGIN_PSW ' +
-                   'uploadArchives'
+                // Note: supply internal repo as tests use native dependencies that might not be published, yet.
+                sh "./gradlew $gradleArgs $internalRepoArgs $uploadRepoArgsBintray uploadArchives"
 
                 googlechatnotification url: 'id:gchat_java',
                     message: "Published ${currentBuild.fullDisplayName} successfully to Bintray - check https://bintray.com/objectbox/objectbox\n${env.BUILD_URL}"

ci/Jenkinsfile-Windows

@@ -2,6 +2,11 @@ String buildsToKeep = '500'
 
 String gradleArgs = '-Dorg.gradle.daemon=false --stacktrace'
 
+// Note: using single quotes to avoid Groovy String interpolation leaking secrets.
+def internalRepoArgsBat = '-PinternalObjectBoxRepo=%MVN_REPO_URL% ' +
+                '-PinternalObjectBoxRepoUser=%MVN_REPO_LOGIN_USR% ' +
+                '-PinternalObjectBoxRepoPassword=%MVN_REPO_LOGIN_PSW%'
+
 // https://jenkins.io/doc/book/pipeline/syntax/
 pipeline {
     agent { label 'windows' }
@@ -10,10 +15,6 @@ pipeline {
         GITLAB_URL = credentials('gitlab_url')
         MVN_REPO_URL = credentials('objectbox_internal_mvn_repo_http')
         MVN_REPO_LOGIN = credentials('objectbox_internal_mvn_user')
-        // Warning: use single quotes to avoid Groovy String interpolation leaking secrets.
-        MVN_REPO_ARGS = '-PinternalObjectBoxRepo=%MVN_REPO_URL% ' +
-                        '-PinternalObjectBoxRepoUser=%MVN_REPO_LOGIN_USR% ' +
-                        '-PinternalObjectBoxRepoPassword=%MVN_REPO_LOGIN_PSW%'
     }
 
     options {
@@ -38,7 +39,7 @@ pipeline {
                 // Remove files to avoid archiving them again.
                 bat 'del /q /s hs_err_pid*.log'
 
-                bat "gradlew $gradleArgs $MVN_REPO_ARGS cleanTest build test"
+                bat "gradlew $gradleArgs $internalRepoArgsBat cleanTest build test"
             }
             post {
                 always {
@@ -57,7 +58,7 @@ pipeline {
                 // 32-bit ObjectBox to run tests (see build.gradle file).
                 // Note: assumes JAVA_HOME_X86 is set to 32-bit JDK path.
                 // Note: no space before && or value has space as well.
-                bat "set TEST_WITH_JAVA_X86=true&& gradlew $gradleArgs $MVN_REPO_ARGS cleanTest build test"
+                bat "set TEST_WITH_JAVA_X86=true&& gradlew $gradleArgs $internalRepoArgsBat cleanTest build test"
             }
             post {
                 always {