ci: Add Jenkins build pipeline

We'll build and publish `tmpl` with a container image, to make it easier for other container images to include it.
checksum: Fix EOF handling
2024-01-14 11:20:03 -06:00 · 2024-01-12 09:42:31 -06:00
8 changed files with 156 additions and 7 deletions
--- a/.containerignore
+++ b/.containerignore
@ -0,0 +1,4 @@
 *
 !src
 !Cargo.toml
 !Cargo.lock
--- a/25
+++ b/25
@ -0,0 +1,25 @@
 FROM registry.fedoraproject.org/fedora-minimal:39 AS build
 RUN --mount=type=cache,target=/var/cache \
    microdnf install -y \
        --setopt install_weak_deps=0 \
        cargo\
    && :
 COPY . /src
 WORKDIR /src
 RUN cargo build --release --locked
 FROM registry.fedoraproject.org/fedora-minimal:39
 COPY --from=build /src/target/release/tmpl /usr/local/bin
 ENTRYPOINT ["/usr/local/bin/tmpl"]
 LABEL name='tmpl' \
    vendor='Dustin C. Hatch' \
    license='MIT OR APACHE-2.0' \
    version='0.1.0'
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@ -0,0 +1,70 @@
 pipeline {
    agent none
    stages {
        stage('Build') {
            matrix {
                axes {
                    axis {
                        name 'ARCH'
                        values 'amd64', 'arm64'
                    }
                }
                stages {
                    stage('Build') {
                        agent {
                            kubernetes {
                                yamlFile 'ci/podTemplate.yaml'
                                yamlMergeStrategy merge()
                                defaultContainer 'buildah'
                                nodeSelector "kubernetes.io/arch=${ARCH}"
                            }
                        }
                        stages {
                            stage("Build") {
                                steps {
                                    sh '. ci/build.sh'
                                    stash name: env.ARCH, includes: "*.oci.tar"
                                }
                            }
                        }
                    }
                }
            }
        }
        stage('Publish') {
            agent {
                kubernetes {
                    yamlFile 'ci/podTemplate.yaml'
                    yamlMergeStrategy merge()
                    defaultContainer 'buildah'
                }
            }
            environment {
                REGISTRY_AUTH_FILE = "${env.WORKSPACE_TMP}/auth.json"
            }
            steps {
                unstash 'amd64'
                unstash 'arm64'
                withCredentials([usernamePassword(
                    credentialsId: 'jenkins-packages',
                    usernameVariable: 'BUILDAH_USERNAME',
                    passwordVariable: 'BUILDAH_PASSWORD',
                )]) {
                    sh """
                        buildah login \
                        --username \${BUILDAH_USERNAME} \
                        --password \${BUILDAH_PASSWORD} \
                        git.pyrocufflink.net
                    """
                }
                sh '. ci/publish.sh'
            }
        }
    }
 }
--- a/ci/build.sh
+++ b/ci/build.sh
@ -0,0 +1,6 @@
 . ci/common.sh
 buildah build -t "${IMAGE_NAME}:${TAG}" .
 buildah push \
    "${IMAGE_NAME}:${TAG}" \
    oci-archive:"${PWD}/${NAME}-${ARCH}.oci.tar:${IMAGE_NAME}:${TAG}"
--- a/ci/common.sh
+++ b/ci/common.sh
@ -0,0 +1,13 @@
 escape_name() {
    echo "$1" \
        | tr A-Z a-z \
        | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/'
 }
 REGISTRY_URL=git.pyrocufflink.net
 NAMESPACE=containerimages
 NAME="${JOB_NAME#*/}"
 NAME=$(escape_name "${NAME%/*}")
 TAG=$(escape_name "${BRANCH_NAME}")
 IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}"
--- a/ci/podTemplate.yaml
+++ b/ci/podTemplate.yaml
@ -0,0 +1,19 @@
 spec:
  containers:
  - name: buildah
    image: quay.io/containers/buildah:v1
    command:
    - cat
    stdin: true
    tty: true
    securityContext:
      capabilities:
        add:
        - SYS_ADMIN
        - MKNOD
        - SYS_CHROOT
        - SETFCAP
    resources:
      limits:
        github.com/fuse: 1
  hostUsers: false
--- a/ci/publish.sh
+++ b/ci/publish.sh
@ -0,0 +1,15 @@
 . ci/common.sh
 buildah manifest create "${IMAGE_NAME}:${TAG}"
 for arch in amd64 arm64; do
    buildah manifest add "${IMAGE_NAME}:${TAG}" \
        oci-archive:"${PWD}/${NAME}-${arch}.oci.tar:${IMAGE_NAME}:${TAG}"
 done
 buildah manifest push --all "${IMAGE_NAME}:${TAG}" \
    "docker://${IMAGE_NAME}:${TAG}-${BUILD_NUMBER}"
 buildah manifest push "${IMAGE_NAME}:${TAG}" "docker://${IMAGE_NAME}:${TAG}"
 if [ ${BRANCH_NAME} = master ]; then
    buildah manifest push "${IMAGE_NAME}:${TAG}" \
        "docker://${IMAGE_NAME}:latest"
 fi
--- a/src/main.rs
+++ b/src/main.rs
@ -303,14 +303,11 @@ fn checksum(path: impl AsRef<Path>) -> std::io::Result<Vec<u8>> {
    let mut blake = Blake2b512::new();
    loop {
        let mut buf = vec![0u8; 16384];
-        match f.read_exact(&mut buf) {
+        let sz = f.read(&mut buf)?;
-            Ok(_) => blake.update(buf),
+        if sz == 0 {
-            Err(e) if e.kind() == std::io::ErrorKind::UnexpectedEof => {
+            break;
                blake.update(buf);
                break;
            }
            Err(e) => return Err(e),
        }
        blake.update(&buf[..sz]);
    }
    Ok(blake.finalize().to_vec())
 }