ci: Add Jenkins pipeline
Some checks failed
dustin/sshca/pipeline/head There was a failure building this commit
Some checks failed
dustin/sshca/pipeline/head There was a failure building this commit
The CI pipeline builds both the SSHCA server and client CLI. The server is published as an OCI image, while the latter uses RPMs. Since multiple RPMs with the same version cannot exist in the same repository, and since RPM versions cannot be arbitrarily set after they have been built, the RPMs are only published when building the *master* branch. Server container images are published from every branch, as each image is tagged with the branch name and build number.
This commit is contained in:
109
ci/Jenkinsfile
vendored
Normal file
109
ci/Jenkinsfile
vendored
Normal file
@@ -0,0 +1,109 @@
|
||||
pipeline {
|
||||
agent none
|
||||
|
||||
stages {
|
||||
stage('SSHCA') {
|
||||
parallel {
|
||||
stage('Server') {
|
||||
agent {
|
||||
kubernetes {
|
||||
yamlFile 'ci/serverPodTemplate.yaml'
|
||||
yamlMergeStrategy merge()
|
||||
defaultContainer 'buildah'
|
||||
}
|
||||
}
|
||||
stages {
|
||||
stage('Build - Server') {
|
||||
steps {
|
||||
sh '. ci/build-server.sh'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Publish - Server') {
|
||||
steps {
|
||||
withEnv([
|
||||
"REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json"
|
||||
]) {
|
||||
withCredentials([usernamePassword(
|
||||
credentialsId: 'jenkins-packages',
|
||||
usernameVariable: 'BUILDAH_USERNAME',
|
||||
passwordVariable: 'BUILDAH_PASSWORD',
|
||||
)]) {
|
||||
sh """
|
||||
buildah login \
|
||||
--username \${BUILDAH_USERNAME} \
|
||||
--password \${BUILDAH_PASSWORD} \
|
||||
git.pyrocufflink.net
|
||||
"""
|
||||
}
|
||||
sh '. ci/publish-server.sh'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('CLI') {
|
||||
agent {
|
||||
kubernetes {
|
||||
yamlFile 'ci/clientPodTemplate.yaml'
|
||||
yamlMergeStrategy merge()
|
||||
defaultContainer 'fedora'
|
||||
}
|
||||
}
|
||||
environment {
|
||||
GNUPGHOME = "${env.WORKSPACE_TMP}/gnupg"
|
||||
}
|
||||
stages {
|
||||
stage('Prepare - CLI') {
|
||||
steps {
|
||||
sh '. ci/prepare-client.sh'
|
||||
}
|
||||
}
|
||||
|
||||
stage('Build - CLI') {
|
||||
steps {
|
||||
sh '. ci/build-client.sh'
|
||||
script {
|
||||
if (env.BRANCH_NAME == 'master') {
|
||||
withCredentials([
|
||||
file(
|
||||
credentialsId: 'rpm-gpg-key',
|
||||
variable: 'RPM_GPG_PRIVATE_KEY',
|
||||
),
|
||||
file(
|
||||
credentialsId: 'rpm-gpg-key-passphrase',
|
||||
variable: 'RPM_GPG_KEY_PASSPHRASE',
|
||||
),
|
||||
]) {
|
||||
sh '. ci/sign-rpms.sh'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
success {
|
||||
dir('cli') {
|
||||
archiveArtifacts '*.rpm'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage('Publish - CLI') {
|
||||
when {
|
||||
branch 'master'
|
||||
}
|
||||
steps {
|
||||
sshagent(['jenkins-repohost']) {
|
||||
sh '. ci/publish-client.sh'
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user