Begin Jenkins CI pipeline

ci/Jenkinsfile

@@ -0,0 +1,71 @@
+// vim: set ft=groovy sw=4 ts=4 sts=4 et :
+
+pipeline {
+    agent {
+        kubernetes {
+            yamlFile 'ci/podTemplate.yaml'
+            defaultContainer 'buildroot'
+            workspaceVolume persistentVolumeClaimWorkspaceVolume(
+                claimName: 'jenkins-ws-pythonctnr'
+            )
+        }
+    }
+
+    options {
+        buildDiscarder logRotator(numToKeepStr: '5')
+        disableConcurrentBuilds()
+    }
+
+    parameters {
+        booleanParam \
+            name: 'Clean',
+            description: 'Clean the workspace and perform a full rebuild'
+    }
+
+    stages {
+        stage('Prepare') {
+            steps {
+                script {
+                    if (params.Clean) {
+                        sh 'rm -rf _build'
+                    }
+                }
+                checkout poll: false, scm: [
+                    $class: 'GitSCM',
+                    branches: [[name: '2022.05.x']],
+                    doGenerateSubmoduleConfigurations: false,
+                    userRemoteConfigs: [[url: 'git://git.buildroot.net/buildroot']],
+                    extensions: [
+                        [
+                            $class: 'RelativeTargetDirectory',
+                            relativeTargetDir: 'buildroot',
+                        ],
+                    ],
+                ]
+            }
+        }
+
+        stage('Build') {
+            steps {
+                sh '. ci/build.sh'
+            }
+        }
+
+        stage('Build Container') {
+            steps {
+                container('buildah') {
+                    sh '. ci/build-container.sh'
+                }
+            }
+        }
+
+        stage('Publish Container') {
+            steps {
+                container('buildah') {
+                    sh '. ci/publish-container.sh'
+                }
+            }
+        }
+
+    }
+}

ci/build-container.sh

@@ -0,0 +1,8 @@
+#!/bin/sh
+
+. ci/container-common.sh
+
+ctnr=$(buildah from scratch)
+buildah add ${ctnr} _build/images/rootfs.tar /
+buildah config --cmd python ${ctnr}
+buildah commit ${ctnr} pythonctnr:$(tag_name ${BUILD_TAG})

ci/build.sh

@@ -0,0 +1,5 @@
+#!/bin/sh
+# vim: set sw=4 ts=4 sts=4 et :
+
+make -C buildroot O="${PWD}"/_build BR2_EXTERNAL="${PWD}" pythonctnr_defconfig
+make -C _build

ci/container-common.sh

@@ -0,0 +1,5 @@
+# shellcheck: shell=sh
+
+tag_name() {
+    echo "$1" | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/'
+}

ci/podTemplate.yaml

@@ -0,0 +1,27 @@
+spec:
+  securityContext:
+    fsGroup: 1000
+  containers:
+  - name: buildroot
+    image: registry.pyrocufflink.blue/buildroot
+    command:
+    - sleep
+    - infinity
+    volumeMounts:
+    - name: tmp
+      mountPath: /tmp
+    securityContext:
+      readOnlyRootFilesystem: true
+      runAsUser: 1000
+  - name: buildah
+    image: quay.io/containers/buildah:v1
+    command:
+    - sleep
+    - infinity
+    securityContext:
+      privileged: true
+  volumes:
+  - name: tmp
+    emptyDir:
+      medium: Memory
+      sizeLimit: 100Mi

ci/publish-container.sh

@@ -0,0 +1,14 @@
+#!/bin/sh -ex
+
+. ci/container-common.sh
+
+push() {
+    tag=$(tag_name "$1")
+    buildah push pythonctnr:$(tag_name ${BUILD_TAG}) registry.pyrocufflink.blue/pythonctnr:${tag}
+}
+
+push ${BUILD_TAG}
+push ${BRANCH_NAME}
+if [ "${BRANCH_NAME}" = master ]; then
+    push latest
+fi

ci/pvc.yaml

@@ -0,0 +1,14 @@
+# This persistent volume claim must be created before the job can run:
+#
+#     kubectl apply -n jenkins -f ci/pvc.yaml
+
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: jenkins-ws-pythonctnr
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 10Gi