From 56442123d43d4a7b80497a0ef9ad2b016ff150dc Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Fri, 10 Nov 2023 15:59:07 -0600
Subject: [PATCH] ci: Build CLI RPMs for aarch64

In order to automate certificate issuance and renewal for Raspberry Pi
devices, we need aarch64 builds of the `sshca` tool.  Using the `matrix`
feature of Jenkins pipelines lets us reuse the same stage definition for
building the client on both platforms.  Unfortunately, the `matrix`
block has to encompass the server stage as well, as `matrix` cannot be
nested below `parallel`, and we don't want to build the server and
clients sequentially.  This makes the code a bit less clear, as the
server and client stages are now conditional based on the matrix
intersection, but it is cleaner than duplicating the entire client
stage.
---
 ci/Jenkinsfile            | 37 +++++++++++++++++++++++++++++++++++--
 ci/clientPodTemplate.yaml |  3 +++
 ci/publish-client.sh      | 12 +++++++++++-
 3 files changed, 49 insertions(+), 3 deletions(-)

diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile
index 7948b3e..f603fd2 100644
--- a/ci/Jenkinsfile
+++ b/ci/Jenkinsfile
@@ -3,8 +3,35 @@ pipeline {
 
     stages {
         stage('SSHCA') {
-            parallel {
+            matrix {
+                axes {
+                    axis {
+                        name 'COMPONENT'
+                        values 'client', 'server'
+                    }
+                    axis {
+                        name 'ARCH'
+                        values 'amd64', 'arm64'
+                    }
+                }
+
+                excludes {
+                    axis {
+                        name 'COMPONENT'
+                        values 'server'
+                    }
+                    axis {
+                        name 'ARCH'
+                        values 'arm64'
+                    }
+                }
+
                 stage('Server') {
+                    when {
+                        expression {
+                            env.COMPONENT == 'server'
+                        }
+                    }
                     agent {
                         kubernetes {
                             yamlFile 'ci/serverPodTemplate.yaml'
@@ -44,11 +71,17 @@ pipeline {
                 }
 
                 stage('CLI') {
+                    when {
+                        expression {
+                            env.COMPONENT = 'client'
+                        }
+                    }
                     agent {
                         kubernetes {
                             yamlFile 'ci/clientPodTemplate.yaml'
                             yamlMergeStrategy merge()
                             defaultContainer 'fedora'
+                            nodeSelector "kubernetes.io/arch=${ARCH}"
                         }
                     }
                     environment {
@@ -101,8 +134,8 @@ pipeline {
                             }
                         }
                     }
-
                 }
+
             }
         }
     }
diff --git a/ci/clientPodTemplate.yaml b/ci/clientPodTemplate.yaml
index 1c4502e..1fe52c1 100644
--- a/ci/clientPodTemplate.yaml
+++ b/ci/clientPodTemplate.yaml
@@ -11,6 +11,9 @@ spec:
       name: ssh-known-hosts
       subPath: ssh_known_hosts
   hostUsers: false
+  tolerations:
+  - key: du5t1n.me/machine
+    value: raspberrypi
   volumes:
   - name: ssh-known-hosts
     configMap:
diff --git a/ci/publish-client.sh b/ci/publish-client.sh
index efbd0f5..1d22c8a 100644
--- a/ci/publish-client.sh
+++ b/ci/publish-client.sh
@@ -6,9 +6,19 @@ REPO_PATH=/srv/www/repohost/repos/dch/fedora/$(rpm --eval %fedora)
 ssh-add -l
 ssh-add -L
 
+case "$(uname -m)" in
+x86_64)
+    # only include the SRPM once
+    include='*.rpm'
+    ;;
+*)
+    include="*.${ARCH}.rpm"
+    ;;
+esac
+
 rsync -rtiO \
     --chmod=ugo=rwX \
-    --include '*.rpm' \
+    --include "${include}" \
     --exclude '*' \
     cli/ \
     "${REPO_HOST}:${REPO_PATH}/"