This repository has been archived on 2025-03-20. You can view files and clone it, but cannot push or open issues or pull requests.
build-containers/build-cosign.jenkins
2021-05-30 09:53:57 -05:00

68 lines
1.6 KiB
Plaintext

def label = "jenkins-${UUID.randomUUID().toString()}"
def localRegistry = "registry.cluster.test-chamber-13.lan"
def gcrRegistry = "gcr.io"
def kanikoRepository = "${localRegistry}/library/kaniko"
def kanikoTag = "latest"
def cosignRepository = "${gcrRegistry}/projectsigstore/cosign"
def cosignTag = "v0.4.0"
def repositoryCreds = "harbor-repository-creds"
podTemplate(
label: label,
name: "pipeline-worker",
yaml: """---
apiVersion: v1
kind: Pod
metadata:
name: pipeline-worker
spec:
containers:
- name: kaniko
imagePullPolicy: Always
image: "${kanikoRepository}:${kanikoTag}"
tty: true
command:
- /busybox/cat
""",
) {
node (label) {
def workspace = pwd()
stage ("Prepare Kaniko") {
container ("kaniko") {
withCredentials([usernameColonPassword(
credentialsId: repositoryCreds,
variable: "dCreds",
)]) {
def dockerJSON = """{
"auths": {
"${localRegistry}": {
"auth": "${dcreds.bytes.encodeBase64().toString()}"
}
}
}"""
sh """
set +x
echo '${dockerJSON}' > /kaniko/.docker/config.json
"""
}
}
}
stage("Build Latest Alpine with CA") {
container("kaniko") {
def DF = """FROM ${localRegistry}/library/alpine:latest as CERT_STORE
FROM ${cosignRepository}:${cosignTag}
COPY --from=CERT_STORE /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ca-certificates.crt
"""
writeFile(file: workspace + "/Dockerfile", text: DF)
sh "/kaniko/executor --cleanup --context \"${workspace}\" -f \"${workspace}/Dockerfile\" --destination \"${localRegistry}/library/cosign:latest\""
}
}
}
}