#!groovy // Notes: // Don't bother trying to sign images with kaniko. It's not supported. // // Cosign is an option but won't be recgonized by harbor and other // docker registries. // // You can sign images with docker, but that requires Docker-in-docker, // and Docker-in docker requires the --priviledged flag to run. def repository = "registry.c.test-chamber-13.lan" def repositoryCreds = "harbor-repository-creds" def workspace def dockerFile def label = "kubernetes-${UUID.randomUUID().toString()}" def templateName = "pipeline-worker" pipeline { agent { kubernetes { yaml functions.podYaml( repo: repository, templateName: templateName, kaniko: true ) } } stages { stage ('Initalize Jenkins') { steps { script { workspace = pwd() dockerFile = """FROM ${repository}/dockerhub/library/alpine:3.20 LABEL org.opencontainers.image.authors="The_Spider " LABEL org.opencontainers.image.title="alpine" COPY test-chamber-13.lan.root.crt /usr/local/share/ca-certificates/ RUN set -eux && \\ apk add --no-cache --virtual=.packagecache ca-certificates && \\ update-ca-certificates --fresh && \\ apk del .packagecache && \\ sed -i 's/dl-cdn.alpinelinux.org/nexus.c.test-chamber-13.lan\\/repository/g' /etc/apk/repositories && \\ apk --no-cache upgrade """ writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getCurrentRootCA()) } } } stage ('Build & Push') { steps { container ('kaniko') { script { declarativeFunctions.buildContainerMultipleDestinations( dockerFile: dockerFile, repositoryAccess: [ [ repository: repository, credentials: repositoryCreds ], ], destination: [ "${repository}/library/alpine:latest", ] ) } } } } } }