From 910efe258eb61f2733f056fecb06712c3889da8e Mon Sep 17 00:00:00 2001 From: nhyatt Date: Fri, 24 Mar 2023 21:42:19 -0500 Subject: [PATCH] Auto-build --- Dockerfile | 31 ++++++ Jenkinsfile | 160 ++++++++++++++++++++++++++++ internal/operations/podsMutation.go | 4 +- 3 files changed, 192 insertions(+), 3 deletions(-) create mode 100644 Dockerfile create mode 100644 Jenkinsfile diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..f0c02da --- /dev/null +++ b/Dockerfile @@ -0,0 +1,31 @@ +# Step 1 - Certificate Container +#### +FROM registry.c.test-chamber-13.lan/library/alpine:latest as certHost +RUN addgroup -S -g 1000 app && \ + adduser --disabled-password -G app --gecos "application account" --home "/home/app" --shell "/sbin/nologin" --no-create-home --uid 1000 app + +# Step 2 - Build Container +#### +FROM registry.c.test-chamber-13.lan/dockerhub/library/golang:alpine as builder + +COPY . /go/src/app + +WORKDIR /go/src/app + +RUN apk add --no-cache git && \ + git config --global --add safe.directory /go/src/app && \ + GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -v -ldflags="-s -w" -tags timetzdata -o webhook ./cmd/webhook + +# Step 3 - Running Container +#### +FROM scratch + +COPY --from=certHost /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ +COPY --from=certHost /etc/passwd /etc/group /etc/ +COPY --from=builder --chown=app:app /go/src/app/webhook /app/webhook +COPY html/ /app/html/ + +USER app:app +WORKDIR /app/ + +ENTRYPOINT ["/app/webhook"] diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..cf2fe03 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,160 @@ +#!groovy + +def repository = "registry.c.test-chamber-13.lan" +def repositoryCreds = "harbor-repository-creds" + +def shortCommit +def workspace + +def label = "kubernetes-${UUID.randomUUID().toString()}" +def templateName = "pipeline-worker" +pipeline { + agent { + kubernetes { + yaml functions.podYaml( + repo: repository, + templateName: templateName, + kaniko: true, + alpine: true, + [ + [ + name: "sonar", + path: "${repository}/library/sonarscanner:latest", + command: "/bin/sh" + ], + [ + name: "golang", + path: "${repository}/dockerhub/library/golang:alpine", + command: "/bin/sh" + ] + ] + ) + } + } + + stages { + stage('Clone Repository') { + steps { + script { + checkout ([$class: "GitSCM", + branches: scm.branches, + extensions: scm.extensions + [$class: 'CloneOption', shallow: true], + userRemoteConfigs: scm.userRemoteConfigs, + ]) + shortCommit = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim() + } + } + } + + stage ('Initalize Jenkins') { + parallel { + stage ('Set Workspace') { + steps { + script { + workspace = pwd() + } + } + } + + stage ('Prepare SonarScanner') { + steps { + script { + def sonarScannerConfig = """ +sonar.projectKey=${env.JOB_BASE_NAME.replace(" ", "-")} +sonar.projectVersion=${shortCommit} + +sonar.sources=. +sonar.exclusions=**/*_test.go,**/vendor/**,**/testdata/*,html/** + +sonar.tests=. +sonar.test.inclusions=**/*_test.go +sonar.test.exclusions=**/vendor/** +sonar.go.coverage.reportPaths=cover.out +""" + writeFile file: 'sonar-project.properties', text: sonarScannerConfig + } + } + } + } + } + + stage ('Run Tests') { + steps { + container ('golang') { + script { + writeFile(file: workspace + "/test-chamber-13.lan.root.crt", text: functions.getCurrentRootCA()) + writeFile(file: workspace + "/test-chamber-13.lan.ret.root.crt", text: functions.getRetiredRootCA()) + sh """ + ls -lah "${workspace}" + if [ ! "/usr/bin/curl" ] || [ ! -x "/usr/bin/curl" ]; then + apk add --no-cache curl + fi + if [ ! "/usr/bin/git" ] || [ ! -x "/usr/bin/git" ]; then + apk add --no-cache git + git config --global --add safe.directory '${workspace}' + fi + apk add --no-cache gcc musl-dev + curl \ + --silent \ + --location \ + --cacert <( printf '%s\\n' "\$(cat "${workspace}/test-chamber-13.lan.root.crt")" "\$(cat "${workspace}/test-chamber-13.lan.ret.root.crt")" ) \ + https://nexus.c.test-chamber-13.lan/repository/github-releases/jstemmer/go-junit-report/releases/download/v1.0.0/go-junit-report-v1.0.0-linux-amd64.tar.gz \ + | tar -z -x -f - -C /usr/local/bin + ln -s "${workspace}" "/go/src/${env.JOB_BASE_NAME}" + cd "/go/src/${env.JOB_BASE_NAME}" + go test -short -coverprofile=cover.out `go list ./... | grep -v vendor/` + go test -v ./... 2>&1 | go-junit-report > report.xml + """ + } + } + } + } + + stage ('SonarQube Analysis') { + steps { + container ('sonar') { + script { + try { + withSonarQubeEnv('SonarQube') { + sh "sonar-scanner --define sonar.host.url=https://sonar.c.test-chamber-13.lan" + } + } catch(ex) { + unstable('Unable to communicate with Sonarqube or Sonarqube sumission failed.') + } + } + } + } + } + + stage ('Build & Push') { + steps { + container ('kaniko') { + script { + declarativeFunctions.buildContainerMultipleDestinations( + dockerFile: readFile(file: "${workspace}/Dockerfile"), + repositoryAccess: [ + [ + repository: repository, + credentials: repositoryCreds + ], + ], + destination: [ + "${repository}/library/webhook:latest", + ] + ) + } + } + } + } + + stage('Submit Testing Report to Jenkins') { + steps { + script { + catchError{ + junit 'report.xml' + } + } + } + } + } +} diff --git a/internal/operations/podsMutation.go b/internal/operations/podsMutation.go index 7f28368..fe36e58 100644 --- a/internal/operations/podsMutation.go +++ b/internal/operations/podsMutation.go @@ -15,13 +15,11 @@ import ( func PodsMutation() Hook { return Hook{ Create: podMutationCreate(), + Update: podMutationCreate(), // default allow Delete: func(r *admission.AdmissionRequest, cfg *config.Config) (*Result, error) { return &Result{Allowed: true}, nil }, - Update: func(r *admission.AdmissionRequest, cfg *config.Config) (*Result, error) { - return &Result{Allowed: true}, nil - }, Connect: func(r *admission.AdmissionRequest, cfg *config.Config) (*Result, error) { return &Result{Allowed: true}, nil },