From dd31bd8e59cea86c007338a52e785ed9d851ca07 Mon Sep 17 00:00:00 2001 From: The_Spider Date: Tue, 19 Oct 2021 11:33:40 -0500 Subject: [PATCH] Adds certificate to gitea container --- build-gitea.jenkins | 78 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 build-gitea.jenkins diff --git a/build-gitea.jenkins b/build-gitea.jenkins new file mode 100644 index 0000000..e2af64d --- /dev/null +++ b/build-gitea.jenkins @@ -0,0 +1,78 @@ +def label = "jenkins-${UUID.randomUUID().toString()}" + +def repository = "registry.c.test-chamber-13.lan" +def kanikoImage = "${repository}/library/kaniko:latest" +def repositoryCreds = "harbor-repository-creds" + +podTemplate( + label: label, + name: "pipeline-worker", + yaml: """--- +apiVersion: v1 +kind: Pod +metadata: + name: pipeline-worker +spec: + containers: + - name: kaniko + imagePullPolicy: Always + image: ${kanikoImage} + tty: true + command: + - /busybox/cat +""", +) { + node (label) { + def workspace = pwd() + + stage ("Prepare Kaniko") { + container ("kaniko") { + withCredentials([usernameColonPassword( + credentialsId: repositoryCreds, + variable: "dCreds", + )]) { + def dockerJSON = """{ + "auths": { + "${repository}": { + "auth": "${dcreds.bytes.encodeBase64().toString()}" + } + } + }""" + sh """ + set +x + echo '${dockerJSON}' > /kaniko/.docker/config.json + """ + } + } + } + + stage("Build Latest Alpine with CA") { + container("kaniko") { + def DF = """FROM ${repository}/dockerhub/gitea/gitea:latest-rootless + +USER root + +RUN printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\ + "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\ + "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\ + "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\ + "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\ + "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\ + "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\ + "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\ + "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\ + "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\ + "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\ + "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\ + "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\ + "-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt && \\ + update-ca-certificates --verbose + +USER git +""" + writeFile(file: workspace + "/Dockerfile", text: DF) + sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/gitea:latest-rootless\" --single-snapshot" + } + } + } +} \ No newline at end of file