diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile new file mode 100644 index 0000000..7948b3e --- /dev/null +++ b/ci/Jenkinsfile @@ -0,0 +1,109 @@ +pipeline { + agent none + + stages { + stage('SSHCA') { + parallel { + stage('Server') { + agent { + kubernetes { + yamlFile 'ci/serverPodTemplate.yaml' + yamlMergeStrategy merge() + defaultContainer 'buildah' + } + } + stages { + stage('Build - Server') { + steps { + sh '. ci/build-server.sh' + } + } + + stage('Publish - Server') { + steps { + withEnv([ + "REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json" + ]) { + withCredentials([usernamePassword( + credentialsId: 'jenkins-packages', + usernameVariable: 'BUILDAH_USERNAME', + passwordVariable: 'BUILDAH_PASSWORD', + )]) { + sh """ + buildah login \ + --username \${BUILDAH_USERNAME} \ + --password \${BUILDAH_PASSWORD} \ + git.pyrocufflink.net + """ + } + sh '. ci/publish-server.sh' + } + } + } + } + } + + stage('CLI') { + agent { + kubernetes { + yamlFile 'ci/clientPodTemplate.yaml' + yamlMergeStrategy merge() + defaultContainer 'fedora' + } + } + environment { + GNUPGHOME = "${env.WORKSPACE_TMP}/gnupg" + } + stages { + stage('Prepare - CLI') { + steps { + sh '. ci/prepare-client.sh' + } + } + + stage('Build - CLI') { + steps { + sh '. ci/build-client.sh' + script { + if (env.BRANCH_NAME == 'master') { + withCredentials([ + file( + credentialsId: 'rpm-gpg-key', + variable: 'RPM_GPG_PRIVATE_KEY', + ), + file( + credentialsId: 'rpm-gpg-key-passphrase', + variable: 'RPM_GPG_KEY_PASSPHRASE', + ), + ]) { + sh '. ci/sign-rpms.sh' + } + } + } + } + post { + success { + dir('cli') { + archiveArtifacts '*.rpm' + } + } + } + } + + stage('Publish - CLI') { + when { + branch 'master' + } + steps { + sshagent(['jenkins-repohost']) { + sh '. ci/publish-client.sh' + } + } + } + } + + } + } + } + } +} diff --git a/ci/build-client.sh b/ci/build-client.sh new file mode 100644 index 0000000..ce7a005 --- /dev/null +++ b/ci/build-client.sh @@ -0,0 +1,4 @@ +#!/bin/sh + +cd cli +make rpm diff --git a/ci/build-server.sh b/ci/build-server.sh new file mode 100644 index 0000000..1788b5a --- /dev/null +++ b/ci/build-server.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +. ci/common.sh + +buildah build -t "${IMAGE_NAME}:${TAG}" server diff --git a/ci/clientPodTemplate.yaml b/ci/clientPodTemplate.yaml new file mode 100644 index 0000000..d591414 --- /dev/null +++ b/ci/clientPodTemplate.yaml @@ -0,0 +1,9 @@ +spec: + containers: + - name: fedora + image: registry.fedoraproject.org/fedora:38 + command: + - cat + stdin: true + tty: true + hostUsers: false diff --git a/ci/common.sh b/ci/common.sh new file mode 100644 index 0000000..060e8cb --- /dev/null +++ b/ci/common.sh @@ -0,0 +1,13 @@ +escape_name() { + echo "$1" \ + | tr A-Z a-z \ + | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/' +} + +REGISTRY_URL=git.pyrocufflink.net +NAMESPACE=containerimages +NAME="${JOB_NAME#*/}" +NAME=$(escape_name "${NAME%/*}") +TAG=$(escape_name "${BRANCH_NAME}") + +IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}" diff --git a/ci/prepare-client.sh b/ci/prepare-client.sh new file mode 100644 index 0000000..ca80d7e --- /dev/null +++ b/ci/prepare-client.sh @@ -0,0 +1,21 @@ +#!/bin/sh + +dnf install -y \ + --setopt install_weak_deps=0 \ + cargo \ + cargo-rpm-macros \ + make \ + openssh-clients \ + openssl-devel \ + rpm-build \ + rpm-sign \ + rsync \ + rust \ + systemd-rpm-macros \ + tar \ + -- + +install -m u=rwx,go= -d "${GNUPGHOME}" +cat > "${GNUPGHOME}"/gpg-agent.conf <