Dustin C. Hatch
5f85a5a4fe
In order to automate certificate issuance and renewal for Raspberry Pi devices, we need aarch64 builds of the `sshca` tool. Using the `matrix` feature of Jenkins pipelines lets us reuse the same stage definition for building the client on both platforms. Unfortunately, the `matrix` block has to encompass the server stage as well, as `matrix` cannot be nested below `parallel`, and we don't want to build the server and clients sequentially. This makes the code a bit less clear, as the server and client stages are now conditional based on the matrix intersection, but it is cleaner than duplicating the entire client stage.
147 lines
5.8 KiB
Groovy
147 lines
5.8 KiB
Groovy
pipeline {
|
|
agent none
|
|
|
|
stages {
|
|
stage('SSHCA') {
|
|
matrix {
|
|
axes {
|
|
axis {
|
|
name 'COMPONENT'
|
|
values 'client', 'server'
|
|
}
|
|
axis {
|
|
name 'ARCH'
|
|
values 'amd64', 'arm64'
|
|
}
|
|
}
|
|
|
|
excludes {
|
|
exclude {
|
|
axis {
|
|
name 'COMPONENT'
|
|
values 'server'
|
|
}
|
|
axis {
|
|
name 'ARCH'
|
|
values 'arm64'
|
|
}
|
|
}
|
|
}
|
|
|
|
stages {
|
|
stage('Server') {
|
|
when {
|
|
expression {
|
|
env.COMPONENT == 'server'
|
|
}
|
|
}
|
|
agent {
|
|
kubernetes {
|
|
yamlFile 'ci/serverPodTemplate.yaml'
|
|
yamlMergeStrategy merge()
|
|
defaultContainer 'buildah'
|
|
}
|
|
}
|
|
stages {
|
|
stage('Build - Server') {
|
|
steps {
|
|
sh '. ci/build-server.sh'
|
|
}
|
|
}
|
|
|
|
stage('Publish - Server') {
|
|
steps {
|
|
withEnv([
|
|
"REGISTRY_AUTH_FILE=${env.WORKSPACE_TMP}/auth.json"
|
|
]) {
|
|
withCredentials([usernamePassword(
|
|
credentialsId: 'jenkins-packages',
|
|
usernameVariable: 'BUILDAH_USERNAME',
|
|
passwordVariable: 'BUILDAH_PASSWORD',
|
|
)]) {
|
|
sh """
|
|
buildah login \
|
|
--username \${BUILDAH_USERNAME} \
|
|
--password \${BUILDAH_PASSWORD} \
|
|
git.pyrocufflink.net
|
|
"""
|
|
}
|
|
sh '. ci/publish-server.sh'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('CLI') {
|
|
when {
|
|
expression {
|
|
env.COMPONENT = 'client'
|
|
}
|
|
}
|
|
agent {
|
|
kubernetes {
|
|
yamlFile 'ci/clientPodTemplate.yaml'
|
|
yamlMergeStrategy merge()
|
|
defaultContainer 'fedora'
|
|
nodeSelector "kubernetes.io/arch=${ARCH}"
|
|
}
|
|
}
|
|
environment {
|
|
GNUPGHOME = "${env.WORKSPACE_TMP}/gnupg"
|
|
}
|
|
stages {
|
|
stage('Prepare - CLI') {
|
|
steps {
|
|
sh '. ci/prepare-client.sh'
|
|
}
|
|
}
|
|
|
|
stage('Build - CLI') {
|
|
steps {
|
|
sh '. ci/build-client.sh'
|
|
script {
|
|
if (env.BRANCH_NAME == 'master') {
|
|
withCredentials([
|
|
file(
|
|
credentialsId: 'rpm-gpg-key',
|
|
variable: 'RPM_GPG_PRIVATE_KEY',
|
|
),
|
|
file(
|
|
credentialsId: 'rpm-gpg-key-passphrase',
|
|
variable: 'RPM_GPG_KEY_PASSPHRASE',
|
|
),
|
|
]) {
|
|
sh '. ci/sign-rpms.sh'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
post {
|
|
success {
|
|
dir('cli') {
|
|
archiveArtifacts '*.rpm'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Publish - CLI') {
|
|
when {
|
|
branch 'master'
|
|
}
|
|
steps {
|
|
sshagent(['jenkins-repohost']) {
|
|
sh '. ci/publish-client.sh'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
}
|
|
}
|