diff --git a/build-gitea.jenkins b/build-gitea.jenkins index e2af64d..abd03d5 100644 --- a/build-gitea.jenkins +++ b/build-gitea.jenkins @@ -1,78 +1,51 @@ -def label = "jenkins-${UUID.randomUUID().toString()}" +#!groovy def repository = "registry.c.test-chamber-13.lan" -def kanikoImage = "${repository}/library/kaniko:latest" def repositoryCreds = "harbor-repository-creds" -podTemplate( - label: label, - name: "pipeline-worker", - yaml: """--- -apiVersion: v1 -kind: Pod -metadata: - name: pipeline-worker -spec: - containers: - - name: kaniko - imagePullPolicy: Always - image: ${kanikoImage} - tty: true - command: - - /busybox/cat -""", -) { - node (label) { - def workspace = pwd() - - stage ("Prepare Kaniko") { - container ("kaniko") { - withCredentials([usernameColonPassword( - credentialsId: repositoryCreds, - variable: "dCreds", - )]) { - def dockerJSON = """{ - "auths": { - "${repository}": { - "auth": "${dcreds.bytes.encodeBase64().toString()}" - } - } - }""" - sh """ - set +x - echo '${dockerJSON}' > /kaniko/.docker/config.json - """ - } - } - } - - stage("Build Latest Alpine with CA") { - container("kaniko") { - def DF = """FROM ${repository}/dockerhub/gitea/gitea:latest-rootless +def DF = """FROM ${repository}/dockerhub/gitea/gitea:latest-rootless USER root -RUN printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\ - "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\ - "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\ - "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\ - "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\ - "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\ - "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\ - "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\ - "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\ - "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\ - "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\ - "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\ - "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\ - "-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt && \\ - update-ca-certificates --verbose +COPY test-chamber-13.lan.root.crt /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt + +RUN apk add --no-cache --virtual=.packagecache ca-certificates && \\ + update-ca-certificates --fresh && \\ + apk del .packagecache USER git """ - writeFile(file: workspace + "/Dockerfile", text: DF) - sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/gitea:latest-rootless\" --single-snapshot" - } - } - } + +def label = "kubernetes-${UUID.randomUUID().toString()}" +def templateName = "pipeline-worker" +podTemplate( + label: label, + name: templateName, + yaml: functions.podYaml( + repo: repository, + templateName: templateName, + kaniko: true, + ) +) { + node (label) { + def workspace = pwd() + + stage ('Write cert to local file') { + writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getLocalRootCA()) + } + + functions.buildContainer( + repository: repository, + imageDest: "${repository}/library/gitea:latest-rootless", + dockerFile: dockerFile, + repoCreds: repositoryCreds + ) + + functions.deletePod( + kubeAuth: "k8s-monitoring-access", + kubeURL: "https://kubernetes.test-chamber-13.lan:6443", + namespace: "monitoring", + selector: "app=gitea,app.kubernetes.io/name=gitea" + ) + } } \ No newline at end of file