diff --git a/ci/gitea.jenkinsfile b/ci/gitea.jenkinsfile new file mode 100644 index 0000000..5c34493 --- /dev/null +++ b/ci/gitea.jenkinsfile @@ -0,0 +1,92 @@ +// vim: set ft=groovy sw=4 ts=4 sts=4 et : + +pipeline { + agent { + dockerfile { + dir 'ci' + args '''\ + -v /etc/ssh/ssh_known_hosts:/etc/ssh/ssh_known_hosts:ro + ''' + } + } + + options { + lock 'cfgpol' + timeout(time: 1, unit: 'HOURS') + } + + triggers { + cron 'H H * * *' + } + + environment { + KRB5CCNAME = "${WORKSPACE}/.krb5cc" + } + + stages { + stage('kinit') { + steps { + withCredentials([file( + credentialsId: 'keytab-jenkins@pyrocufflink.blue', + variable: 'KEYTAB')]) { + sh 'kinit -kt "${KEYTAB}" jenkins@PYROCUFFLINK.BLUE' + } + withCredentials([file( + credentialsId: 'vault-jenkins@pyrocufflink.blue', + variable: 'SUDO_PASS_FILE' + )]) { + sh 'cp "${SUDO_PASS_FILE}" group_vars/pyrocufflink/sudo-pass' + } + } + } + + stage('Remount R/W') { + steps { + ansiblePlaybook \ + playbook: 'remount.yml', + limit: 'gitea', + become: true, + vaultCredentialsId: 'ansible-vault', + extraVars: [ + remount_state: 'rw', + ] + } + } + + stage('Gitea') { + steps { + ansiblePlaybook \ + playbook: 'gitea.yml', + become: true, + vaultCredentialsId: 'ansible-vault', + extras: '--diff' + } + } + + stage('Remount R/O') { + steps { + ansiblePlaybook \ + playbook: 'remount.yml', + limit: 'gitea', + become: true, + vaultCredentialsId: 'ansible-vault', + extras: '--diff' + } + } + + } + + post { + always { + sh 'kdestroy' + sh 'find . -name sudo-pass -delete' + } + failure { + emailext \ + to: 'gyrfalcon@ebonfire.com', + subject: '$DEFAULT_SUBJECT', + body: '$DEFAULT_CONTENT' + } + } +} +