def label = "jenkins-${UUID.randomUUID().toString()}" def repository = "registry.c.test-chamber-13.lan" def kanikoImage = "${repository}/library/kaniko:latest" def repositoryCreds = "harbor-repository-creds" def ubiOS = ["8"] def ubiImages = ["ubi-minimal", "ubi"] podTemplate( label: label, name: "pipeline-worker", yaml: """--- apiVersion: v1 kind: Pod metadata: name: pipeline-worker spec: containers: - name: kaniko imagePullPolicy: Always image: ${kanikoImage} tty: true command: - /busybox/cat """) { node (label) { def workspace = pwd() stage ("Prepare Kaniko") { container ("kaniko") { withCredentials([usernameColonPassword( credentialsId: repositoryCreds, variable: "dCreds", )]) { def dockerJSON = """{ "auths": { "${repository}": { "auth": "${dcreds.bytes.encodeBase64().toString()}" } } }""" sh """ set +x echo '${dockerJSON}' > /kaniko/.docker/config.json """ } } } for (rhOS in ubiOS) { for (image in ubiImages) { container("kaniko") { stage ("Build " + image + ":" + rhOS) { def updateCmd if (image == "ubi-minimal") { updateCmd = "microdnf" } else { updateCmd = "dnf" } def DF = """FROM registry.access.redhat.com/ubi${rhOS}/${image}:latest RUN printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\ "MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\ "JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\ "DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\ "TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\ "ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\ "ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\ "XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\ "Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\ "BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\ "HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\ "xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\ "UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\ "-----END CERTIFICATE-----" > /etc/pki/ca-trust/source/anchors/test-chamber-13.lan.root.crt && \\ update-ca-trust extract && \\ ${updateCmd} update -y && \\ ${updateCmd} clean all && \\ printf '%s\\n' "W3ViaS04LWJhc2Vvc10KbmFtZSA9IFJlZCBIYXQgVW5pdmVyc2FsIEJhc2UgSW1hZ2UgOCAoUlBN" \\ "cykgLSBCYXNlT1MKYmFzZXVybCA9IGh0dHBzOi8vcmhlbDpwYXNzd29yZEByaGVsLnNtb290aG5l" \\ "dC5vcmcvcmhlbC91YmktOC1iYXNlb3MKZW5hYmxlZCA9IDEKZ3Bna2V5ID0gZmlsZTovLy9ldGMv" \\ "cGtpL3JwbS1ncGcvUlBNLUdQRy1LRVktcmVkaGF0LXJlbGVhc2UKZ3BnY2hlY2sgPSAxCgpbdWJp" \\ "LTgtYXBwc3RyZWFtXQpuYW1lID0gUmVkIEhhdCBVbml2ZXJzYWwgQmFzZSBJbWFnZSA4IChSUE1z" \\ "KSAtIEFwcFN0cmVhbQpiYXNldXJsID0gaHR0cHM6Ly9yaGVsOnBhc3N3b3JkQHJoZWwuc21vb3Ro" \\ "bmV0Lm9yZy9yaGVsL3ViaS04LWFwcHN0cmVhbSAKZW5hYmxlZCA9IDEKZ3Bna2V5ID0gZmlsZTov" \\ "Ly9ldGMvcGtpL3JwbS1ncGcvUlBNLUdQRy1LRVktcmVkaGF0LXJlbGVhc2UKZ3BnY2hlY2sgPSAx" \\ "CgpbdWJpLTgtY29kZXJlYWR5LWJ1aWxkZXJdCm5hbWUgPSBSZWQgSGF0IFVuaXZlcnNhbCBCYXNl" \\ "IEltYWdlIDggKFJQTXMpIC0gQ29kZVJlYWR5IEJ1aWxkZXIKYmFzZXVybCA9IGh0dHBzOi8vcmhl" \\ "bDpwYXNzd29yZEByaGVsLnNtb290aG5ldC5vcmcvcmhlbC91YmktOC1jb2RlcmVhZHktYnVpbGRl" \\ "cgplbmFibGVkID0gMQpncGdrZXkgPSBmaWxlOi8vL2V0Yy9wa2kvcnBtLWdwZy9SUE0tR1BHLUtF" \\ "WS1yZWRoYXQtcmVsZWFzZQpncGdjaGVjayA9IDEK" | base64 -d > /etc/yum.repos.d/ubi.repo """ writeFile(file: workspace + '/Dockerfile', text: DF) sh "/kaniko/executor --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/${image}:${rhOS}\" --single-snapshot" } } } } } }