-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile
143 lines (140 loc) · 4.94 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
// these values are configured on a per-project basis:
dockerRepoHost = 'docker.io'
dockerRepoUser = 'kingdonb' // (this User must match the value in jenkinsDockerSecret)
dockerRepoProj = 'cdk-gitpusher'
// these refer to a Jenkins secret (by secret "id"), can be in Jenkins global scope:
jenkinsDockerSecret = 'docker-registry-kingdonb'
jenkinsSshSecret = 'flux-ssh-deploy'
// blank values that are filled in by pipeline steps below:
gitCommit = ''
imageTag = ''
pipeline {
agent {
kubernetes { yamlFile "jenkins/docker-pod.yaml" }
}
stages {
// Build a Docker image and keep it locally for now
stage('Build') {
steps {
container('docker') {
withCredentials([sshUserPrivateKey(
credentialsId: jenkinsSshSecret,
keyFileVariable: 'SSH_KEY'),
[$class: 'UsernamePasswordMultiBinding',
credentialsId: jenkinsDockerSecret,
usernameVariable: 'DOCKER_REPO_USER',
passwordVariable: 'DOCKER_REPO_PASSWORD']
]) {
script {
gitCommit = env.GIT_COMMIT.substring(0,8)
imageTag = sh (script: "./jenkins/image-tag.sh", returnStdout: true)
}
sh """\
#!/bin/sh
export DOCKER_REPO_USER DOCKER_REPO_PASSWORD
export DOCKER_REPO_HOST="${dockerRepoHost}"
export DOCKER_REPO_PROJ="${dockerRepoProj}"
export GIT_COMMIT="${gitCommit}"
# eval \$(ssh-agent) && ssh-add ${SSH_KEY} && ssh-add -l
./jenkins/docker-build.sh
""".stripIndent()
}
}
}
}
stage('Dev') {
parallel {
stage('Push') {
steps {
withCredentials([[$class: 'UsernamePasswordMultiBinding',
credentialsId: jenkinsDockerSecret,
usernameVariable: 'DOCKER_REPO_USER',
passwordVariable: 'DOCKER_REPO_PASSWORD']]) {
container('docker') {
sh """\
#!/bin/sh
export DOCKER_REPO_USER DOCKER_REPO_PASSWORD
export DOCKER_REPO_HOST="${dockerRepoHost}"
export DOCKER_REPO_PROJ="${dockerRepoProj}"
export GIT_COMMIT="${gitCommit}"
./jenkins/docker-push.sh
""".stripIndent()
}
}
}
}
stage('Test') {
agent {
kubernetes {
yaml """\
apiVersion: v1
kind: Pod
spec:
volumes:
- name: ssh-deploy-key
secret:
secretName: flux-synths-writer-ssh
nodeSelector:
jenkins.teamhephy.info/dockerbuilder: ruby
tolerations:
- key: jenkins.teamhephy.info/dockerbuilder
operator: Equal
value: ruby
effect: NoSchedule
containers:
- name: test
image: ${dockerRepoHost}/${dockerRepoUser}/${dockerRepoProj}:jenkins_${gitCommit}
imagePullPolicy: Never
securityContext:
runAsUser: 1000
volumeMounts:
- name: ssh-deploy-key
readOnly: true
mountPath: "/home/jenkins/.ssh"
command:
- cat
resources:
requests:
memory: 256Mi
cpu: 50m
limits:
memory: 1Gi
cpu: 1200m
tty: true
""".stripIndent()
}
}
options { skipDefaultCheckout(true) }
steps {
// In jenkins-specific test image which has been set up for Jenkins
// to run with user 1000, NB. this is a hard requirement of Jenkins,
// (this is not a requirement of docker or rvm-docker-support)
container('test') {
sh (script: "cd /home/rvm/app && GIT_COMMIT=${gitCommit} ssh-agent ./jenkins/rake-ci.sh")
}
}
}
}
}
stage('Push Tag') {
steps {
container('docker') {
withCredentials([[$class: 'UsernamePasswordMultiBinding',
credentialsId: jenkinsDockerSecret,
usernameVariable: 'DOCKER_REPO_USER',
passwordVariable: 'DOCKER_REPO_PASSWORD']]) {
sh """\
#!/bin/sh
export DOCKER_REPO_USER DOCKER_REPO_PASSWORD
export DOCKER_REPO_HOST="${dockerRepoHost}"
export DOCKER_REPO_PROJ="${dockerRepoProj}"
export GIT_COMMIT="${gitCommit}"
export GIT_TAG_REF="${imageTag}"
./jenkins/docker-hub-tag-success-push.sh
""".stripIndent()
}
}
}
}
}
}