85 lines
2.8 KiB
Plaintext
85 lines
2.8 KiB
Plaintext
def label = "jenkins-${UUID.randomUUID().toString()}"
|
|
|
|
def repository = "registry.c.test-chamber-13.lan"
|
|
def kanikoImage = "${repository}/library/kaniko:latest"
|
|
def repositoryCreds = "harbor-repository-creds"
|
|
|
|
// Notes:
|
|
// Don't bother trying to sign images with kaniko. It's not supported.
|
|
//
|
|
// Cosign is an option but won't be recgonized by harbor and other
|
|
// docker registries.
|
|
//
|
|
// You can sign images with docker, but that requires Docker-in-docker,
|
|
// and Docker-in docker requires the --priviledged flag to run.
|
|
|
|
podTemplate(
|
|
label: label,
|
|
name: "pipeline-worker",
|
|
yaml: """---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: pipeline-worker
|
|
spec:
|
|
containers:
|
|
- name: kaniko
|
|
imagePullPolicy: Always
|
|
image: ${kanikoImage}
|
|
tty: true
|
|
command:
|
|
- /busybox/cat
|
|
""",
|
|
) {
|
|
node (label) {
|
|
def workspace = pwd()
|
|
|
|
stage ("Prepare Kaniko") {
|
|
container ("kaniko") {
|
|
withCredentials([usernameColonPassword(
|
|
credentialsId: repositoryCreds,
|
|
variable: "dCreds",
|
|
)]) {
|
|
def dockerJSON = """{
|
|
"auths": {
|
|
"${repository}": {
|
|
"auth": "${dcreds.bytes.encodeBase64().toString()}"
|
|
}
|
|
}
|
|
}"""
|
|
sh """
|
|
set +x
|
|
echo '${dockerJSON}' > /kaniko/.docker/config.json
|
|
"""
|
|
}
|
|
}
|
|
}
|
|
|
|
stage("Build Latest Alpine with CA") {
|
|
container("kaniko") {
|
|
def DF = """FROM ${repository}/dockerhub/library/alpine:latest
|
|
|
|
RUN apk add --no-cache --virtual=.packagecache ca-certificates && \\
|
|
printf '%s\\n' "-----BEGIN CERTIFICATE-----" \\
|
|
"MIICLTCCAbOgAwIBAgIDAYagMAoGCCqGSM49BAMEME0xCzAJBgNVBAYTAlVTMScw" \\
|
|
"JQYDVQQKDB5UZXN0IENoYW1iZXIgMTMgVHJ1c3QgU2VydmljZXMxFTATBgNVBAMM" \\
|
|
"DFRDMTMgUm9vdCBSMTAgFw0xOTAxMDEwMDAwMDBaGA8yMDUwMDEwMTAwMDAwMFow" \\
|
|
"TTELMAkGA1UEBhMCVVMxJzAlBgNVBAoMHlRlc3QgQ2hhbWJlciAxMyBUcnVzdCBT" \\
|
|
"ZXJ2aWNlczEVMBMGA1UEAwwMVEMxMyBSb290IFIxMHYwEAYHKoZIzj0CAQYFK4EE" \\
|
|
"ACIDYgAE8+/J1ECc0VHxTtGXFLnHJ3NGZ2SW38pp9wI58L5EQbHRLiezYuvkUbI/" \\
|
|
"XGJjLnFdpgjo7W1FFlyhx5ITlCstUX5Sn9bLZiA0+mE0n6b8VwhXwkHlnIeRo7od" \\
|
|
"Zu/OfSFjo2MwYTAdBgNVHQ4EFgQUrGqUJhyRp93wXF645VNtYatRk/AwHwYDVR0j" \\
|
|
"BBgwFoAUrGqUJhyRp93wXF645VNtYatRk/AwDwYDVR0TAQH/BAUwAwEB/zAOBgNV" \\
|
|
"HQ8BAf8EBAMCAYYwCgYIKoZIzj0EAwQDaAAwZQIxAJdgskimDJkf/MGVRrKotmNC" \\
|
|
"xdH/UVQfQppjIR9FAiGeFDr47thclYrzIL6yCkV7nwIwYjf3MbOm/yWblzqe3Uyw" \\
|
|
"UOemMEg3PjcKNsN65W2WVon5HIZx2XVfGRPjf5ZTVWzZ" \\
|
|
"-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt && \\
|
|
update-ca-certificates --fresh && \\
|
|
apk del .packagecache
|
|
"""
|
|
writeFile(file: workspace + "/Dockerfile", text: DF)
|
|
sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${repository}/library/alpine:latest\" --single-snapshot"
|
|
}
|
|
}
|
|
}
|
|
} |