def label = "jenkins-${UUID.randomUUID().toString()}" def repository = "registry.c.test-chamber-13.lan" def repositoryCreds = "harbor-repository-creds" podTemplate( label: label, name: "pipeline-worker", yaml: """--- apiVersion: v1 kind: Pod metadata: name: pipeline-worker spec: containers: - name: kaniko imagePullPolicy: Always image: ${repository}/library/kaniko:latest tty: true command: - /busybox/sh - name: compile imagePullPolicy: Always image: ${repository}/dockerhub/library/golang:latest tty: true command: - /bin/cat """) { node (label) { def workspace = pwd() stage ("Pull Local Repo") { checkout([ $class: "GitSCM", branches: [ [ name: "refs/remotes/origin/main", ], ], userRemoteConfigs: [ [ url: "ssh://git@gitea.smoothnet.org:31822/nhyatt/tplinkcmd.git", credentialsId: "Gitea-Read-Only-Token", ], ], extensions: [ [ $class: "CloneOption", shallow: true, ], [ $class: "CheckoutOption", timeout: 2, ], ], ]) } stage("Build tplinkcmd") { container("compile") { sh """ apt update apt install upx -y go install -v ./... GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -v -ldflags="-s -w" -tags timetzdata -o tplink ./cmd/tpstate upx --lzma tplink """ } } stage ("Store Artifacts") { archiveArtifacts (artifacts: "tplink", fingerprint: true, allowEmptyArchive: false, onlyIfSuccessful: true, ) } container ("kaniko") { stage ("Prepare Kaniko") { withCredentials([usernameColonPassword( credentialsId: repositoryCreds, variable: "dCreds", )]) { def dockerJSON = """{ "auths": { "${repository}": { "auth": "${dcreds.bytes.encodeBase64().toString()}" } } }""" sh """ set +x echo '${dockerJSON}' > /kaniko/.docker/config.json """ } } stage ("Build Container") { def DF = """ FROM ${repository}/library/alpine:latest as certHost FROM ${repository}/dockerhub/library/golang:alpine as builder COPY . /go/src/app WORKDIR /go/src/app RUN apk add --no-cache git upx && \\ addgroup -S -g 1000 app && \\ adduser --disabled-password -G app --gecos "application account" --home "/home/app" --shell "/sbin/nologin" --no-create-home --uid 1000 app && \\ go get -d -v ./... && \\ go install -v ./... && \\ GOOG=linux GOARCH=amd64 CGO_ENABLED=0 go build -v -ldflags="-s -w" -tags timetzdata -o app ./cmd/tpapi && \\ upx --lzma --ultra-brute app FROM scratch COPY --from=certHost /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/ COPY --from=builder /etc/passwd /etc/group /etc/ COPY --from=builder --chown=app:app /go/src/app/app /app/app USER app:app WORKDIR /app/ ENTRYPOINT ["/app/app"] """ writeFile(file: workspace + "/Dockerfile", text: DF) sh """ /kaniko/executor \\ --cleanup \\ --context "${workspace}" \\ -f "${workspace}/Dockerfile" \\ --destination "${repository}/library/the-spider:latest" """ } } stage ("Update Deployment") { container ("alpine") { sh """ apk add --no-cache curl curl -L --silent https://storage.googleapis.com/kubernetes-release/release/\$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl chmod +x /usr/local/bin/kubectl """ withKubeConfig([ credentialsId: "rancher-admin-token", serverUrl: "https://rancher.test-chamber-13.lan/k8s/clusters/c-mc9cq", namespace: "webservers" ]) { sh "for i in \$(kubectl get pods --selector app=\"tplink-api\" -o name); do kubectl delete \${i}; done" } } } } }