From 818cfc94c210308c779f71698902e0cb63f9740d Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Mon, 13 Nov 2023 20:06:58 -0600 Subject: [PATCH] ci: Import ci pipeline from original repo When this repository was split from the original *dustin/sshca* repository, the CI pipeline was not imported. It wouldn't have mattered if it had been, since it wouldn't have worked, anyway, given the path changes. --- ci/Jenkinsfile | 48 +++++++++++++++++++++++++++++++++++++++++++++ ci/build.sh | 5 +++++ ci/common.sh | 13 ++++++++++++ ci/podTemplate.yaml | 19 ++++++++++++++++++ ci/publish.sh | 11 +++++++++++ 5 files changed, 96 insertions(+) create mode 100644 ci/Jenkinsfile create mode 100644 ci/build.sh create mode 100644 ci/common.sh create mode 100644 ci/podTemplate.yaml create mode 100644 ci/publish.sh diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile new file mode 100644 index 0000000..dadef3d --- /dev/null +++ b/ci/Jenkinsfile @@ -0,0 +1,48 @@ +pipeline { + agent none + + stages { + stage('SSHCA') { + stages { + stage('Server') { + agent { + kubernetes { + yamlFile 'ci/podTemplate.yaml' + yamlMergeStrategy merge() + defaultContainer 'buildah' + } + } + stages { + stage('Build') { + steps { + sh '. ci/build.sh' + } + } + + stage('Publish') { + steps { + withEnv([ + "REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json" + ]) { + withCredentials([usernamePassword( + credentialsId: 'jenkins-packages', + usernameVariable: 'BUILDAH_USERNAME', + passwordVariable: 'BUILDAH_PASSWORD', + )]) { + sh """ + buildah login \ + --username \${BUILDAH_USERNAME} \ + --password \${BUILDAH_PASSWORD} \ + git.pyrocufflink.net + """ + } + sh '. ci/publish.sh' + } + } + } + } + } + } + } + } +} diff --git a/ci/build.sh b/ci/build.sh new file mode 100644 index 0000000..26c2157 --- /dev/null +++ b/ci/build.sh @@ -0,0 +1,5 @@ +#!/bin/sh + +. ci/common.sh + +buildah build -t "${IMAGE_NAME}:${TAG}" . diff --git a/ci/common.sh b/ci/common.sh new file mode 100644 index 0000000..060e8cb --- /dev/null +++ b/ci/common.sh @@ -0,0 +1,13 @@ +escape_name() { + echo "$1" \ + | tr A-Z a-z \ + | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/' +} + +REGISTRY_URL=git.pyrocufflink.net +NAMESPACE=containerimages +NAME="${JOB_NAME#*/}" +NAME=$(escape_name "${NAME%/*}") +TAG=$(escape_name "${BRANCH_NAME}") + +IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}" diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml new file mode 100644 index 0000000..5da469f --- /dev/null +++ b/ci/podTemplate.yaml @@ -0,0 +1,19 @@ +spec: + containers: + - name: buildah + image: quay.io/containers/buildah:v1 + command: + - cat + stdin: true + tty: true + securityContext: + capabilities: + add: + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + - SETFCAP + resources: + limits: + github.com/fuse: 1 + hostUsers: false diff --git a/ci/publish.sh b/ci/publish.sh new file mode 100644 index 0000000..a54b0db --- /dev/null +++ b/ci/publish.sh @@ -0,0 +1,11 @@ +#!/bin/sh + +. ci/common.sh + +buildah push "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:${TAG}-${BUILD_NUMBER}" +buildah push "${IMAGE_NAME}:${TAG}" +case "${BRANCH_NAME}" in +master|main) + buildah push "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:latest" + ;; +esac