159 lines
4.9 KiB
Groovy
159 lines
4.9 KiB
Groovy
def label = "jenkins-${UUID.randomUUID().toString()}"
|
|
|
|
def repository = "registry.c.test-chamber-13.lan"
|
|
def repositoryCreds = "harbor-repository-creds"
|
|
|
|
podTemplate(
|
|
label: label,
|
|
name: "pipeline-worker",
|
|
yaml: """---
|
|
apiVersion: v1
|
|
kind: Pod
|
|
metadata:
|
|
name: pipeline-worker
|
|
spec:
|
|
containers:
|
|
- name: kaniko
|
|
imagePullPolicy: Always
|
|
image: ${repository}/library/kaniko:latest
|
|
tty: true
|
|
command:
|
|
- /busybox/sh
|
|
- name: compile
|
|
imagePullPolicy: Always
|
|
image: ${repository}/dockerhub/library/golang:latest
|
|
tty: true
|
|
command:
|
|
- /bin/cat
|
|
""") {
|
|
node (label) {
|
|
def workspace = pwd()
|
|
|
|
stage ("Pull Local Repo") {
|
|
checkout([
|
|
$class: "GitSCM",
|
|
branches: [
|
|
[
|
|
name: "refs/remotes/origin/main",
|
|
],
|
|
],
|
|
userRemoteConfigs: [
|
|
[
|
|
url: "ssh://git@gitea.smoothnet.org:31822/nhyatt/tplinkcmd.git",
|
|
credentialsId: "Gitea-Read-Only-Token",
|
|
],
|
|
],
|
|
extensions: [
|
|
[
|
|
$class: "CloneOption",
|
|
shallow: true,
|
|
],
|
|
[
|
|
$class: "CheckoutOption",
|
|
timeout: 2,
|
|
],
|
|
],
|
|
])
|
|
}
|
|
|
|
stage("Build tplinkcmd") {
|
|
container("compile") {
|
|
sh """
|
|
apt update
|
|
apt install upx -y
|
|
go install -v ./...
|
|
GOOS=linux GOARCH=amd64 CGO_ENABLED=0 go build -v -ldflags="-s -w" -tags timetzdata -o tplink ./cmd/tpstate
|
|
upx --lzma tplink
|
|
"""
|
|
}
|
|
}
|
|
|
|
stage ("Store Artifacts") {
|
|
archiveArtifacts (artifacts: "tplink",
|
|
fingerprint: true,
|
|
allowEmptyArchive: false,
|
|
onlyIfSuccessful: true,
|
|
)
|
|
}
|
|
|
|
container ("kaniko") {
|
|
stage ("Prepare Kaniko") {
|
|
withCredentials([usernameColonPassword(
|
|
credentialsId: repositoryCreds,
|
|
variable: "dCreds",
|
|
)]) {
|
|
def dockerJSON = """{
|
|
"auths": {
|
|
"${repository}": {
|
|
"auth": "${dcreds.bytes.encodeBase64().toString()}"
|
|
}
|
|
}
|
|
}"""
|
|
sh """
|
|
set +x
|
|
echo '${dockerJSON}' > /kaniko/.docker/config.json
|
|
"""
|
|
}
|
|
}
|
|
|
|
stage ("Build Container") {
|
|
def DF = """
|
|
FROM ${repository}/library/alpine:latest as certHost
|
|
|
|
FROM ${repository}/dockerhub/library/golang:alpine as builder
|
|
|
|
COPY . /go/src/app
|
|
|
|
WORKDIR /go/src/app
|
|
|
|
RUN apk add --no-cache git upx && \\
|
|
addgroup -S -g 1000 app && \\
|
|
adduser --disabled-password -G app --gecos "application account" --home "/home/app" --shell "/sbin/nologin" --no-create-home --uid 1000 app && \\
|
|
go get -d -v ./... && \\
|
|
go install -v ./... && \\
|
|
GOOG=linux GOARCH=amd64 CGO_ENABLED=0 go build -v -ldflags="-s -w" -tags timetzdata -o app ./cmd/tpapi && \\
|
|
upx --lzma --ultra-brute app
|
|
|
|
FROM scratch
|
|
|
|
COPY --from=certHost /etc/ssl/certs/ca-certificates.crt /etc/ssl/certs/
|
|
COPY --from=builder /etc/passwd /etc/group /etc/
|
|
COPY --from=builder --chown=app:app /go/src/app/app /app/app
|
|
|
|
USER app:app
|
|
WORKDIR /app/
|
|
|
|
ENTRYPOINT ["/app/app"]
|
|
"""
|
|
writeFile(file: workspace + "/Dockerfile", text: DF)
|
|
sh """
|
|
/kaniko/executor \\
|
|
--cleanup \\
|
|
--context "${workspace}" \\
|
|
-f "${workspace}/Dockerfile" \\
|
|
--destination "${repository}/library/the-spider:latest"
|
|
"""
|
|
}
|
|
}
|
|
|
|
stage ("Update Deployment") {
|
|
container ("alpine") {
|
|
sh """
|
|
apk add --no-cache curl
|
|
curl -L --silent https://storage.googleapis.com/kubernetes-release/release/\$(curl -s https://storage.googleapis.com/kubernetes-release/release/stable.txt)/bin/linux/amd64/kubectl -o /usr/local/bin/kubectl
|
|
chmod +x /usr/local/bin/kubectl
|
|
"""
|
|
|
|
withKubeConfig([
|
|
credentialsId: "rancher-admin-token",
|
|
serverUrl: "https://rancher.test-chamber-13.lan/k8s/clusters/c-mc9cq",
|
|
namespace: "webservers"
|
|
]) {
|
|
sh "for i in \$(kubectl get pods --selector app=\"tplink-api\" -o name); do kubectl delete \${i}; done"
|
|
}
|
|
}
|
|
}
|
|
|
|
|
|
}
|
|
} |