infra
/
dch-selinux
1
0
Fork 0
Code Packages

wip: build for multiple os versions
infra/dch-selinux/pipeline/head This commit looks good Details

Dustin 2024-06-03 08:31:18 -05:00
parent ed07fe930e
commit 47a26a29e2
5 changed files with 137 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

90
ci/Jenkinsfile vendored
View File

@ -1,40 +1,86 @@
// vim: set sw=4 ts=4 sts=4 et :
pipeline { pipeline {
agent { agent none
kubernetes {
yamlFile 'ci/podTemplate.yaml' stages {
defaultContainer 'build' stage('RPM') {
matrix {
axes {
axis {
name 'ARCH'
values 'amd64', 'arm64'
}
axis {
name 'FEDORA'
values '39', '40'
} }
} }
stages { stages {
stage('Build RPM') {
agent {
kubernetes {
yamlFile 'ci/podTemplate.yaml'
yamlMergeStrategy merge()
defaultContainer 'fedora'
nodeSelector "kubernetes.io/arch=${ARCH}"
containerTemplate {
name 'fedora'
image "registry.fedoraproject.org/fedora:${FEDORA}"
}
}
}
environment {
GNUPGHOME = "${env.WORKSPACE_TMP}/gnupg"
}
stages {
stage('Prepare') {
steps {
sh '. ci/prepare.sh'
}
}
stage('Build') { stage('Build') {
steps { steps {
sh 'make rpm' sh '. ci/build.sh'
} script {
} if (env.BRANCH_NAME == 'master') {
withCredentials([
stage('Publish') { file(
when { credentialsId: 'rpm-gpg-key',
branch 'main' variable: 'RPM_GPG_PRIVATE_KEY',
} ),
steps { file(
withCredentials([usernamePassword( credentialsId: 'rpm-gpg-key-passphrase',
credentialsId: 'jenkins-packages', variable: 'RPM_GPG_KEY_PASSPHRASE',
usernameVariable: 'GITEA_USERNAME', ),
passwordVariable: 'GITEA_PASSWORD', ]) {
)]) { sh '. ci/sign-rpms.sh'
sh 'make publish'
} }
} }
} }
} }
post { post {
success { success {
archiveArtifacts '*.rpm' archiveArtifacts '*.rpm'
} }
} }
}
stage('Publish') {
when {
branch 'master'
}
steps {
sshagent(['jenkins-repohost']) {
sh '. ci/publish.sh'
}
}
}
}
}
}
}
}
} }
}

3
ci/build.sh Normal file
View File

@ -0,0 +1,3 @@
#!/bin/sh
make rpm

19
ci/podTemplate.yaml
View File

@ -1,7 +1,16 @@
spec: spec:
containers: containers:
- name: build - name: fedora
image: git.pyrocufflink.net/containerimages/build/selinux:main command:
imagePullPolicy: Always - cat
securityPolicy: stdin: true
runAsNonRoot: true tty: true
volumeMounts:
- mountPath: /etc/ssh/ssh_known_hosts
name: ssh-known-hosts
subPath: ssh_known_hosts
hostUsers: false
volumes:
- name: ssh-known-hosts
configMap:
name: ssh-known-hosts

19
ci/prepare.sh Normal file
View File

@ -0,0 +1,19 @@
#!/bin/sh
dnf install -y \
--setopt install_weak_deps=0 \
make \
openssh-clients \
openssl-devel \
rpm-build \
rpm-sign \
rsync \
selinux-policy-devel \
tar \
xz \
--
install -m u=rwx,go= -d "${GNUPGHOME}"
cat > "${GNUPGHOME}"/gpg-agent.conf <<EOF
allow-loopback-pinentry
EOF

25
ci/publish.sh Normal file
View File

@ -0,0 +1,25 @@
#!/bin/sh
ARCH="$(uname -m)"
REPO_HOST=jenkins@files.pyrocufflink.blue
REPO_PATH=/srv/www/repohost/repos/dch/fedora/$(rpm --eval %fedora)
ssh-add -l
ssh-add -L
case "${ARCH}" in
x86_64)
# only include the SRPM once
include='*.rpm'
;;
*)
include="*.${ARCH}.rpm"
;;
esac
rsync -rtiO \
--chmod=ugo=rwX \
--include "${include}" \
--exclude '*' \
./ \
"${REPO_HOST}:${REPO_PATH}/"