From ed2545113acd73d71597fbe1bad1f40c039c9401 Mon Sep 17 00:00:00 2001 From: "Dustin C. Hatch" Date: Sat, 13 Jan 2024 10:44:44 -0600 Subject: [PATCH] ci: Add Jenkins build pipeline We'll build and publish `tmpl` with a container image, to make it easier for other container images to include it. --- .containerignore | 4 +++ Containerfile | 25 ++++++++++++++++++ ci/Jenkinsfile | 63 +++++++++++++++++++++++++++++++++++++++++++++ ci/build.sh | 7 +++++ ci/common.sh | 13 ++++++++++ ci/podTemplate.yaml | 19 ++++++++++++++ ci/publish.sh | 3 +++ 7 files changed, 134 insertions(+) create mode 100644 .containerignore create mode 100644 Containerfile create mode 100644 ci/Jenkinsfile create mode 100644 ci/build.sh create mode 100644 ci/common.sh create mode 100644 ci/podTemplate.yaml create mode 100644 ci/publish.sh diff --git a/.containerignore b/.containerignore new file mode 100644 index 0000000..bc0e1f0 --- /dev/null +++ b/.containerignore @@ -0,0 +1,4 @@ +* +!src +!Cargo.toml +!Cargo.lock diff --git a/Containerfile b/Containerfile new file mode 100644 index 0000000..a561900 --- /dev/null +++ b/Containerfile @@ -0,0 +1,25 @@ +FROM registry.fedoraproject.org/fedora-minimal:39 AS build + +RUN --mount=type=cache,target=/var/cache \ + microdnf install -y \ + --setopt install_weak_deps=0 \ + cargo\ + && : + +COPY . /src + +WORKDIR /src + +RUN cargo build --release --locked + + +FROM registry.fedoraproject.org/fedora-minimal:39 + +COPY --from=build /src/target/release/tmpl /usr/local/bin + +ENTRYPOINT ["/usr/local/bin/tmpl"] + +LABEL name='tmpl' \ + vendor='Dustin C. Hatch' \ + license='MIT OR APACHE-2.0' \ + version='0.1.0' diff --git a/ci/Jenkinsfile b/ci/Jenkinsfile new file mode 100644 index 0000000..452cfd9 --- /dev/null +++ b/ci/Jenkinsfile @@ -0,0 +1,63 @@ +pipeline { + agent none + + stages { + stage('tmpl') { + matrix { + axes { + axis { + name 'ARCH' + values 'amd64', 'arm64' + } + } + + stages { + stage('tmpl') { + agent { + kubernetes { + yamlFile 'ci/podTemplate.yaml' + yamlMergeStrategy merge() + defaultContainer 'buildah' + nodeSelector "kubernetes.io/arch=${ARCH}" + } + } + + stages { + stage('Build') { + steps { + sh '. ci/build.sh' + } + post { + success { + archiveArtifacts "${ARCH}/*" + } + } + } + + stage('Publish') { + environment { + REGISTRY_AUTH_FILE = "${env.WORKSPACE_TMP}/auth.json" + } + steps { + withCredentials([usernamePassword( + credentialsId: 'jenkins-packages', + usernameVariable: 'BUILDAH_USERNAME', + passwordVariable: 'BUILDAH_PASSWORD', + )]) { + sh """ + buildah login \ + --username \${BUILDAH_USERNAME} \ + --password \${BUILDAH_PASSWORD} \ + git.pyrocufflink.net + """ + } + sh '. ci/publish.sh' + } + } + } + } + } + } + } + } +} diff --git a/ci/build.sh b/ci/build.sh new file mode 100644 index 0000000..db774c9 --- /dev/null +++ b/ci/build.sh @@ -0,0 +1,7 @@ +. ci/common.sh + +buildah push "${IMAGE_NAME}:${TAG}" +buildah push "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:${TAG}-${BUILD_NUMBER}" +if [ ${BRANCH_NAME} = master ]; then + buildah push "${IMAGE_NAME}:${TAG}" "${IMAGE_NAME}:latest" +fi diff --git a/ci/common.sh b/ci/common.sh new file mode 100644 index 0000000..060e8cb --- /dev/null +++ b/ci/common.sh @@ -0,0 +1,13 @@ +escape_name() { + echo "$1" \ + | tr A-Z a-z \ + | sed -e 's/[^a-zA-Z0-9._-]/-/g' -e 's/^[.-]/_/' +} + +REGISTRY_URL=git.pyrocufflink.net +NAMESPACE=containerimages +NAME="${JOB_NAME#*/}" +NAME=$(escape_name "${NAME%/*}") +TAG=$(escape_name "${BRANCH_NAME}") + +IMAGE_NAME="${REGISTRY_URL}/${NAMESPACE}/${NAME}" diff --git a/ci/podTemplate.yaml b/ci/podTemplate.yaml new file mode 100644 index 0000000..5da469f --- /dev/null +++ b/ci/podTemplate.yaml @@ -0,0 +1,19 @@ +spec: + containers: + - name: buildah + image: quay.io/containers/buildah:v1 + command: + - cat + stdin: true + tty: true + securityContext: + capabilities: + add: + - SYS_ADMIN + - MKNOD + - SYS_CHROOT + - SETFCAP + resources: + limits: + github.com/fuse: 1 + hostUsers: false diff --git a/ci/publish.sh b/ci/publish.sh new file mode 100644 index 0000000..3d79218 --- /dev/null +++ b/ci/publish.sh @@ -0,0 +1,3 @@ +. ci/common.sh + +buildah build -t "${IMAGE_NAME}:${TAG}" .