77 lines
2.3 KiB
Groovy
77 lines
2.3 KiB
Groovy
#!groovy
|
|
|
|
// Notes:
|
|
// Don't bother trying to sign images with kaniko. It's not supported.
|
|
//
|
|
// Cosign is an option but won't be recgonized by harbor and other
|
|
// docker registries.
|
|
//
|
|
// You can sign images with docker, but that requires Docker-in-docker,
|
|
// and Docker-in docker requires the --priviledged flag to run.
|
|
|
|
def repository = "registry.c.test-chamber-13.lan"
|
|
def repositoryCreds = "harbor-repository-creds"
|
|
|
|
def workspace
|
|
def dockerFile
|
|
|
|
def label = "kubernetes-${UUID.randomUUID().toString()}"
|
|
def templateName = "pipeline-worker"
|
|
pipeline {
|
|
agent {
|
|
kubernetes {
|
|
yaml functions.podYaml(
|
|
repo: repository,
|
|
templateName: templateName,
|
|
kaniko: true
|
|
)
|
|
}
|
|
}
|
|
|
|
stages {
|
|
stage ('Initalize Jenkins') {
|
|
steps {
|
|
script {
|
|
workspace = pwd()
|
|
dockerFile = """FROM ${repository}/dockerhub/library/alpine:3.20
|
|
|
|
LABEL org.opencontainers.image.authors="The_Spider <spider@smoothnet.org>"
|
|
LABEL org.opencontainers.image.title="alpine"
|
|
|
|
COPY test-chamber-13.lan.root.crt /usr/local/share/ca-certificates/
|
|
|
|
RUN set -eux && \\
|
|
apk add --no-cache --virtual=.packagecache ca-certificates && \\
|
|
update-ca-certificates --fresh && \\
|
|
apk del .packagecache && \\
|
|
sed -i 's/dl-cdn.alpinelinux.org/nexus.c.test-chamber-13.lan\\/repository/g' /etc/apk/repositories && \\
|
|
apk --no-cache upgrade
|
|
"""
|
|
writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getCurrentRootCA())
|
|
}
|
|
}
|
|
}
|
|
|
|
stage ('Build & Push') {
|
|
steps {
|
|
container ('kaniko') {
|
|
script {
|
|
declarativeFunctions.buildContainerMultipleDestinations(
|
|
dockerFile: dockerFile,
|
|
repositoryAccess: [
|
|
[
|
|
repository: repository,
|
|
credentials: repositoryCreds
|
|
],
|
|
],
|
|
destination: [
|
|
"${repository}/library/alpine:latest",
|
|
]
|
|
)
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|