infra
/
dch-autoprovision
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

wip: ci: Add Jenkins build pipeline
infra/dch-autoprovision/pipeline/head There was a failure building this commit Details

Dustin 2025-08-13 21:34:02 -05:00
parent fefcfd4b7c
commit 48431d3ac3
6 changed files with 168 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

87
ci/Jenkinsfile vendored Normal file
View File

@ -0,0 +1,87 @@
pipeline {
agent none
stages {
stage('RPM') {
matrix {
axes {
axis {
name 'ARCH'
values 'amd64', 'arm64'
}
axis {
name 'FEDORA'
values '41', '42'
}
}
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
yamlMergeStrategy merge()
defaultContainer 'build'
nodeSelector "kubernetes.io/arch=${ARCH}"
}
}
environment {
GNUPGHOME = "${env.WORKSPACE_TMP}/gnupg"
}
stages {
stage('Prepare') {
steps {
sh '. ci/prepare.sh'
}
post {
success {
archiveArtifacts '*.tar.gz'
}
}
}
stage('Build') {
steps {
sh '. ci/build.sh'
script {
if (env.BRANCH_NAME == 'master') {
withCredentials([
file(
credentialsId: 'rpm-gpg-key',
variable: 'RPM_GPG_PRIVATE_KEY',
),
file(
credentialsId: 'rpm-gpg-key-passphrase',
variable: 'RPM_GPG_KEY_PASSPHRASE',
),
]) {
sh '. ci/sign-rpms.sh'
}
}
}
}
post {
success {
archiveArtifacts '*.rpm,*.log'
}
}
}
stage('Publish') {
when {
branch 'master'
}
steps {
container('publish') {
sshagent(['jenkins-repohost']) {
sh '. ci/publish.sh'
}
}
}
}
}
}
}
}
}

10
ci/build.sh Normal file
View File

@ -0,0 +1,10 @@
#!/bin/sh
rm -rf BUILD BUILDROOT RPMS SOURCES SRPMS
rpmbuild -D "_topdir ${PWD}" -D '_specdir %_topdir' -bs dch-autoprovision.spec
target=fedora-${FEDORA}-$(uname -m)
mock -t ${target} SRPMS/dch-autoprovision-*.srpm
cp /var/lib/mock/result/* .

25
ci/podTemplate.yaml Normal file
View File

@ -0,0 +1,25 @@
spec:
containers:
- name: build
image: git.pyrocufflink.net/containerimages/build/rpm
command: &sleep
- /bin/sh
- -c
- |
trap 'kill $!' TERM
sleep infinity &
wait
securityContext:
privileged: true
- name: publish
image: git.pyrocufflink.net/containerimages/rsync
command: *sleep
volumeMounts:
- mountPath: /etc/ssh/ssh_known_hosts
name: ssh-known-hosts
subPath: ssh_known_hosts
hostUsers: false
volumes:
- name: ssh-known-hosts
configMap:
name: ssh-known-hosts

9
ci/prepare.sh Normal file
View File

@ -0,0 +1,9 @@
#!/bin/sh
NAME=dch-autoprovision
VERSION=$(rpmspec -q --qf '%{VERSION}' *.spec)
git config --global --add safe.directory "{PWD}"
git archive --format=tar.gz --prefix ${NAME}-${VERSION}/ HEAD \
> "${NAME}-${VERSION}.tar.gz"

25
ci/publish.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
ARCH="$(uname -m)"
REPO_HOST=jenkins@files.pyrocufflink.blue
REPO_PATH=/srv/www/repohost/repos/dch/fedora/$(rpm --eval %fedora)
ssh-add -l
ssh-add -L
case "${ARCH}" in
x86_64)
# only include the SRPM once
include='*.rpm'
;;
*)
include="*.${ARCH}.rpm"
;;
esac
rsync -rtiO \
--chmod=ugo=rwX \
--include "${include}" \
--exclude '*' \
./ \
"${REPO_HOST}:${REPO_PATH}/"

12
ci/sign-rpms.sh Normal file
View File

@ -0,0 +1,12 @@
#!/bin/sh
gpg2 --pinentry-mode loopback --passphrase-fd 0 \
--import "${RPM_GPG_PRIVATE_KEY}" \
< "${RPM_GPG_KEY_PASSPHRASE}"
rpmsign --addsign \
-D '_gpg_name jenkins@pyrocufflink.net' \
-D '_gpg_sign_cmd_extra_args --pinentry-mode loopback --passphrase-fd 3' \
*.rpm \
3< "${RPM_GPG_KEY_PASSPHRASE}"