From 5f0d0cade4646cc9ef4ee8380241b4484014751e Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sun, 7 Aug 2022 10:44:52 -0500
Subject: [PATCH] Begin Jenkins CI pipeline

---
 ci/Jenkinsfile          | 71 +++++++++++++++++++++++++++++++++++++++++
 ci/build-container.sh   |  8 +++++
 ci/build.sh             |  5 +++
 ci/container-common.sh  |  5 +++
 ci/podTemplate.yaml     | 27 ++++++++++++++++
 ci/publish-container.sh | 14 ++++++++
 ci/pvc.yaml             | 14 ++++++++
 7 files changed, 144 insertions(+)
 create mode 100644 ci/Jenkinsfile
 create mode 100644 ci/build-container.sh
 create mode 100644 ci/build.sh
 create mode 100644 ci/container-common.sh
 create mode 100644 ci/podTemplate.yaml
 create mode 100644 ci/publish-container.sh
 create mode 100644 ci/pvc.yaml

diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile
new file mode 100644
index 0000000..c32aed6
--- /dev/null
+++ b/ci/Jenkinsfile
@@ -0,0 +1,71 @@
+// vim: set ft=groovy sw=4 ts=4 sts=4 et :
+
+pipeline {
+    agent {
+        kubernetes {
+            yamlFile 'ci/podTemplate.yaml'
+            defaultContainer 'buildroot'
+            workspaceVolume persistentVolumeClaimWorkspaceVolume(
+                claimName: 'jenkins-ws-pythonctnr'
+            )
+        }
+    }
+
+    options {
+        buildDiscarder logRotator(numToKeepStr: '5')
+        disableConcurrentBuilds()
+    }
+
+    parameters {
+        booleanParam \
+            name: 'Clean',
+            description: 'Clean the workspace and perform a full rebuild'
+    }
+
+    stages {
+        stage('Prepare') {
+            steps {
+                script {
+                    if (params.Clean) {
+                        sh 'rm -rf _build'
+                    }
+                }
+                checkout poll: false, scm: [
+                    $class: 'GitSCM',
+                    branches: [[name: '2022.05.x']],
+                    doGenerateSubmoduleConfigurations: false,
+                    userRemoteConfigs: [[url: 'git://git.buildroot.net/buildroot']],
+                    extensions: [
+                        [
+                            $class: 'RelativeTargetDirectory',
+                            relativeTargetDir: 'buildroot',
+                        ],
+                    ],
+                ]
+            }
+        }
+
+        stage('Build') {
+            steps {
+                sh '. ci/build.sh'
+            }
+        }
+
+        stage('Build Container') {
+            steps {
+                container('buildah') {
+                    sh '. ci/build-container.sh'
+                }
+            }
+        }
+
+        stage('Publish Container') {
+            steps {
+                container('buildah') {
+                    sh '. ci/publish-container.sh'
+                }
+            }
+        }
+
+    }
+}
diff --git a/ci/build-container.sh b/ci/build-container.sh
new file mode 100644
index 0000000..fdb52f4
--- /dev/null
+++ b/ci/build-container.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+. ci/container-common.sh
+
+ctnr=$(buildah from scratch)
+buildah add ${ctnr} _build/images/rootfs.tar /
+buildah config --cmd python ${ctnr}
+buildah commit ${ctnr} pythonctnr:$(tag_name ${BUILD_TAG})
diff --git a/ci/build.sh b/ci/build.sh
new file mode 100644
index 0000000..6454316
--- /dev/null
+++ b/ci/build.sh
@@ -0,0 +1,5 @@
+#!/bin/sh
+# vim: set sw=4 ts=4 sts=4 et :
+
+make -C buildroot O="${PWD}"/_build BR2_EXTERNAL="${PWD}" pythonctnr_defconfig
+make -C _build
diff --git a/ci/container-common.sh b/ci/container-common.sh
new file mode 100644
index 0000000..f1dc6f2
--- /dev/null
+++ b/ci/container-common.sh
@@ -0,0 +1,5 @@
+# shellcheck: shell=sh
+
+tag_name() {
+    echo "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/'
+}
diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml
new file mode 100644
index 0000000..6c05c0e
--- /dev/null
+++ b/ci/podTemplate.yaml
@@ -0,0 +1,27 @@
+spec:
+  securityContext:
+    fsGroup: 1000
+  containers:
+  - name: buildroot
+    image: registry.pyrocufflink.blue/buildroot
+    command:
+    - sleep
+    - infinity
+    volumeMounts:
+    - name: tmp
+      mountPath: /tmp
+    securityContext:
+      readOnlyRootFilesystem: true
+      runAsUser: 1000
+  - name: buildah
+    image: quay.io/containers/buildah:v1
+    command:
+    - sleep
+    - infinity
+    securityContext:
+      privileged: true
+  volumes:
+  - name: tmp
+    emptyDir:
+      medium: Memory
+      sizeLimit: 100Mi
diff --git a/ci/publish-container.sh b/ci/publish-container.sh
new file mode 100644
index 0000000..03bfbcf
--- /dev/null
+++ b/ci/publish-container.sh
@@ -0,0 +1,14 @@
+#!/bin/sh -ex
+
+. ci/container-common.sh
+
+push() {
+    tag=$(tag_name "$1")
+    buildah push pythonctnr:$(tag_name ${BUILD_TAG}) registry.pyrocufflink.blue/pythonctnr:${tag}
+}
+
+push ${BUILD_TAG}
+push ${BRANCH_NAME}
+if [ "${BRANCH_NAME}" = master ]; then
+    push latest
+fi
diff --git a/ci/pvc.yaml b/ci/pvc.yaml
new file mode 100644
index 0000000..51c9dc0
--- /dev/null
+++ b/ci/pvc.yaml
@@ -0,0 +1,14 @@
+# This persistent volume claim must be created before the job can run:
+#
+#     kubectl apply -n jenkins -f ci/pvc.yaml
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jenkins-ws-pythonctnr
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi