From 7b1b8c1f2a062a5066e3cf5cacd4b1305d6a8de4 Mon Sep 17 00:00:00 2001 From: The_Spider Date: Wed, 26 Jan 2022 09:02:59 -0600 Subject: [PATCH] updates RedHat Universal Boot Images --- build-ubi.jenkins | 119 +++++++++++++--------------------------------- 1 file changed, 32 insertions(+), 87 deletions(-) diff --git a/build-ubi.jenkins b/build-ubi.jenkins index 1c791da..9ca9ce8 100644 --- a/build-ubi.jenkins +++ b/build-ubi.jenkins @@ -1,104 +1,49 @@ -def label = "jenkins-${UUID.randomUUID().toString()}" - def repository = "registry.c.test-chamber-13.lan" -def kanikoImage = "${repository}/library/kaniko:latest" def repositoryCreds = "harbor-repository-creds" def ubiOS = ["8"] def ubiImages = ["ubi-minimal", "ubi"] -podTemplate( +def label = "kubernetes-${UUID.randomUUID().toString()}" +def templateName = "pipeline-worker" +podTemplate ( label: label, - name: "pipeline-worker", - yaml: """--- -apiVersion: v1 -kind: Pod -metadata: - name: pipeline-worker -spec: - containers: - - name: kaniko - imagePullPolicy: Always - image: ${kanikoImage} - tty: true - command: - - /busybox/cat -""") { + name: templateName, + yaml: functions.podYaml( + repo: repository, + templateName: templateName, + kaniko: true + ) +){ node (label) { def workspace = pwd() - stage ("Prepare Kaniko") { - container ("kaniko") { - withCredentials([usernameColonPassword( - credentialsId: repositoryCreds, - variable: "dCreds", - )]) { - def dockerJSON = """{ - "auths": { - "${repository}": { - "auth": "${dcreds.bytes.encodeBase64().toString()}" - } - } - }""" - - sh """ - set +x - echo '${dockerJSON}' > /kaniko/.docker/config.json - """ - } - } - } + writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getLocalRootCA()) for (rhOS in ubiOS) { for (image in ubiImages) { - container("kaniko") { - stage ("Build " + image + ":" + rhOS) { - def updateCmd - if (image == "ubi-minimal") { - updateCmd = "microdnf" - } else { - updateCmd = "dnf" - } - - def DF = """FROM registry.access.redhat.com/ubi${rhOS}/${image}:latest - -RUN printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\ - "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\ - "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\ - "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\ - "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\ - "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\ - "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\ - "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\ - "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\ - "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\ - "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\ - "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\ - "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\ - "-----END CERTIFICATE-----" > /etc/pki/ca-trust/source/anchors/test-chamber-13.lan.root.crt && \\ - update-ca-trust extract && \\ - ${updateCmd} update -y && \\ - ${updateCmd} clean all && \\ - printf '%s\\n' "W3ViaS04LWJhc2Vvc10KbmFtZSA9IFJlZCBIYXQgVW5pdmVyc2FsIEJhc2UgSW1hZ2UgOCAoUlBN" \\ - "cykgLSBCYXNlT1MKYmFzZXVybCA9IGh0dHBzOi8vcmhlbDpwYXNzd29yZEByaGVsLnNtb290aG5l" \\ - "dC5vcmcvcmhlbC91YmktOC1iYXNlb3MKZW5hYmxlZCA9IDEKZ3Bna2V5ID0gZmlsZTovLy9ldGMv" \\ - "cGtpL3JwbS1ncGcvUlBNLUdQRy1LRVktcmVkaGF0LXJlbGVhc2UKZ3BnY2hlY2sgPSAxCgpbdWJp" \\ - "LTgtYXBwc3RyZWFtXQpuYW1lID0gUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSA4IChSUE1z" \\ - "KSAtIEFwcFN0cmVhbQpiYXNldXJsID0gaHR0cHM6Ly9yaGVsOnBhc3N3b3JkQHJoZWwuc21vb3Ro" \\ - "bmV0Lm9yZy9yaGVsL3ViaS04LWFwcHN0cmVhbSAKZW5hYmxlZCA9IDEKZ3Bna2V5ID0gZmlsZTov" \\ - "Ly9ldGMvcGtpL3JwbS1ncGcvUlBNLUdQRy1LRVktcmVkaGF0LXJlbGVhc2UKZ3BnY2hlY2sgPSAx" \\ - "CgpbdWJpLTgtY29kZXJlYWR5LWJ1aWxkZXJdCm5hbWUgPSBSZWQgSGF0IFVuaXZlcnNhbCBCYXNl" \\ - "IEltYWdlIDggKFJQTXMpIC0gQ29kZVJlYWR5IEJ1aWxkZXIKYmFzZXVybCA9IGh0dHBzOi8vcmhl" \\ - "bDpwYXNzd29yZEByaGVsLnNtb290aG5ldC5vcmcvcmhlbC91YmktOC1jb2RlcmVhZHktYnVpbGRl" \\ - "cgplbmFibGVkID0gMQpncGdrZXkgPSBmaWxlOi8vL2V0Yy9wa2kvcnBtLWdwZy9SUE0tR1BHLUtF" \\ - "WS1yZWRoYXQtcmVsZWFzZQpncGdjaGVjayA9IDEK" | base64 -d > /etc/yum.repos.d/ubi.repo -""" - writeFile(file: workspace + '/Dockerfile', text: DF) - - sh "/kaniko/executor --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/${image}:${rhOS}\" --single-snapshot" - } + def updateCmd + if (image == "ubi-minimal") { + updateCmd = "microdnf" + } else { + updateCmd = "dnf" } + def dockerFile = """FROM registry.access.redhat.com/ubi${rhOS}/${image}:latest + +COPY test-chamber-13.lan.root.crt /etc/pki/ca-trust/source/anchors/test-chamber-13.lan.root.crt + +RUN update-ca-trust extract && \\ + ${updateCmd} update -y && \\ + ${updateCmd} clean all +""" + + functions.buildContainer( + repository: repository, + imageDest: "${repository}/library/rhubi/${image}:${rhOS}", + dockerFile: dockerFile, + repoCreds: repositoryCreds, + ) } } } -} \ No newline at end of file +}