48 lines
1.4 KiB
Groovy
48 lines
1.4 KiB
Groovy
#!groovy
|
|
|
|
// Notes:
|
|
// Don't bother trying to sign images with kaniko. It's not supported.
|
|
//
|
|
// Cosign is an option but won't be recgonized by harbor and other
|
|
// docker registries.
|
|
//
|
|
// You can sign images with docker, but that requires Docker-in-docker,
|
|
// and Docker-in docker requires the --priviledged flag to run.
|
|
|
|
def repository = "registry.c.test-chamber-13.lan"
|
|
def repositoryCreds = "harbor-repository-creds"
|
|
|
|
def dockerFile = """FROM ${repository}/dockerhub/library/alpine:latest
|
|
|
|
COPY test-chamber-13.lan.root.crt /usr/local/share/ca-certificates/test-chamber-13.lan.root.crt
|
|
|
|
RUN apk add --no-cache --virtual=.packagecache ca-certificates && \\
|
|
update-ca-certificates --fresh && \\
|
|
apk del .packagecache
|
|
"""
|
|
|
|
def label = "kubernetes-${UUID.randomUUID().toString()}"
|
|
def templateName = "pipeline-worker"
|
|
podTemplate(
|
|
label: label,
|
|
name: templateName,
|
|
yaml: functions.podYaml(
|
|
repo: repository,
|
|
templateName: templateName,
|
|
alpine: true,
|
|
fedora: true
|
|
)
|
|
) {
|
|
node (label) {
|
|
def workspace = pwd()
|
|
|
|
writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getLocalRootCA())
|
|
|
|
functions.buildContainer(
|
|
repository: repository,
|
|
imageDest: "${repository}/library/alpine:latest",
|
|
dockerFile: dockerFile,
|
|
repoCreds: repositoryCreds,
|
|
)
|
|
}
|
|
} |