forked from coreos/fedora-coreos-pipeline
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add a new Jenkins job to build containers for kola
Some kola tests require external images. This job will build and publish the images present under the test/containers path of coreos-assembler. Inital PR for coreos-assembler: coreos/coreos-assembler#3727 x-ref coreos/fedora-coreos-tracker#1639
- Loading branch information
1 parent
f375e26
commit b343c89
Showing
1 changed file
with
209 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,209 @@ | ||
def gitref, commit, shortcommit, contexts, changes | ||
node { | ||
checkout scm | ||
// these are script global vars | ||
pipeutils = load("utils.groovy") | ||
} | ||
|
||
properties([ | ||
pipelineTriggers([ | ||
[$class: 'GenericTrigger', | ||
genericVariables: [ | ||
[ | ||
key: 'COREOS_ASSEMBLER_GIT_REF', | ||
value: '$.ref', | ||
expressionType: 'JSONPath', | ||
regexpFilter: 'refs/heads/', //Optional, defaults to empty string | ||
defaultValue: '' //Optional, defaults to empty string | ||
] | ||
], | ||
causeString: 'Triggered on $ref', | ||
token: 'build-kola-test-containers', | ||
tokenCredentialId: '', | ||
printContributedVariables: true, | ||
printPostContent: true, | ||
silentResponse: false, | ||
regexpFilterText: '$COREOS_ASSEMBLER_GIT_REF', | ||
regexpFilterExpression: 'main' | ||
] | ||
]), | ||
parameters([ | ||
string(name: 'ARCHES', | ||
description: 'Space-separated list of target architectures', | ||
defaultValue: "x86_64" + " " + pipeutils.get_supported_additional_arches().join(" "), | ||
trim: true), | ||
string(name: 'COREOS_ASSEMBLER_GIT_URL', | ||
description: 'Override the coreos-assembler git repo to use', | ||
defaultValue: "https://github.com/coreos/coreos-assembler.git", | ||
trim: true), | ||
string(name: 'COREOS_ASSEMBLER_GIT_REF', | ||
description: 'Override the coreos-assembler git ref to use', | ||
defaultValue: "main", | ||
trim: true), | ||
string(name: 'CONTAINER_REGISTRY_ORG', | ||
description: 'Override the registry org to push the containers to', | ||
defaultValue: "quay.io/coreos-assembler", | ||
trim: true), | ||
string(name: 'CONTAINER_REGISTRY_STAGING_REPO', | ||
description: 'Override the staging registry where intermediate images go', | ||
defaultValue: "quay.io/coreos-assembler/staging", | ||
trim: true), | ||
string(name: 'PATH_TO_CONTEXTS', | ||
description: """Override the path to the contexts directories to use as build contexts. | ||
Each directory should contain a Containerfile. | ||
The image will be named after the directory name.""", | ||
defaultValue: "tests/containers/", | ||
trim: true), | ||
booleanParam(name: 'FORCE', | ||
defaultValue: false, | ||
description: 'Whether to force a rebuild'), | ||
]), | ||
buildDiscarder(logRotator( | ||
numToKeepStr: '100', | ||
artifactNumToKeepStr: '100' | ||
)), | ||
durabilityHint('PERFORMANCE_OPTIMIZED') | ||
]) | ||
|
||
node { | ||
change = checkout( | ||
changelog: true, | ||
poll: false, | ||
scm: [ | ||
$class: 'GitSCM', | ||
branches: [[name: "origin/${params.COREOS_ASSEMBLER_GIT_REF}"]], | ||
userRemoteConfigs: [[url: params.COREOS_ASSEMBLER_GIT_URL]], | ||
extensions: [[$class: 'CloneOption', | ||
noTags: true, | ||
reference: '', | ||
shallow: true]] | ||
] | ||
) | ||
|
||
gitref = params.COREOS_ASSEMBLER_GIT_REF | ||
def output = shwrapCapture("git rev-parse HEAD") | ||
commit = output.substring(0,40) | ||
shortcommit = commit.substring(0,7) | ||
|
||
def path=params.PATH_TO_CONTEXTS | ||
// Check for changes in tests/containers/* | ||
// If not, no need to run this | ||
// not using shWrapCapture here because i don't want -euxo pipefail to be set, as grep returns 1 on non-match | ||
def changeset = sh(returnStatus: true, script:"git diff-tree -r --name-only HEAD | grep ${path}") | ||
if ( changeset == 1 && ! params.FORCE ) { | ||
changes = false | ||
} | ||
|
||
// gather the context folders list | ||
contexts = shwrapCapture(""" | ||
cd ${path} | ||
find . -maxdepth 1 -mindepth 1 -type d -exec basename {} \\; | ||
""").trim().split("\n") | ||
} | ||
|
||
if ( !changes ) { | ||
currentBuild.result = 'SUCCESS' | ||
currentBuild.description = "[${gitref}@${shortcommit}] No changes in ${path}. Skiped the build." | ||
return | ||
} | ||
|
||
currentBuild.description = "[${gitref}@${shortcommit}] Waiting" | ||
|
||
// Get the list of requested architectures to build for | ||
def basearches = params.ARCHES.split() as Set | ||
// and the list of images to build | ||
def imageNames = contexts as Set | ||
|
||
lock(resource: "build-containers") { | ||
cosaPod(image: "quay.io/coreos-assembler/coreos-assembler", | ||
memory: "512Mi", kvm: false, | ||
serviceAccount: "jenkins") { | ||
timeout(time: 60, unit: 'MINUTES') { | ||
try { | ||
|
||
currentBuild.description = "[${gitref}@${shortcommit}] Running" | ||
|
||
// By default we will allow re-using cache layers for one day. | ||
// This is mostly so we can prevent re-downloading the RPMS | ||
// and repo metadata and over again in a given day for successive | ||
// builds. | ||
def cacheTTL = "24h" | ||
def force = "" | ||
if (params.FORCE) { | ||
force = '--force' | ||
// Also set cacheTTL to 0.1s to allow users an escape hatch | ||
// to force no cache layer usage. | ||
cacheTTL = "0.1s" | ||
} | ||
|
||
withCredentials([file(credentialsId: 'cosa-push-registry-secret', variable: 'REGISTRY_SECRET')]) { | ||
stage('Build Containers') { | ||
parallel basearches.collectEntries{arch -> [arch, { | ||
for (imageName in imageNames) { | ||
def dirname = params.PATH_TO_CONTEXTS + imageName | ||
pipeutils.withPodmanRemoteArchBuilder(arch: arch) { | ||
shwrap(""" | ||
cosa remote-build-container \ | ||
--git-sub-dir $dirname\ | ||
--arch $arch --cache-ttl ${cacheTTL} \ | ||
--git-ref $commit ${force} \ | ||
--git-url ${params.COREOS_ASSEMBLER_GIT_URL} \ | ||
// Force the tag to inclue the image name to avoid racing between aarches | ||
// and overwrite the images | ||
--tag $imageName-$arch-$commit \ | ||
--repo ${params.CONTAINER_REGISTRY_STAGING_REPO} \ | ||
--push-to-registry --auth=\$REGISTRY_SECRET | ||
""") | ||
} | ||
} | ||
}]} | ||
} | ||
|
||
stage('Push Manifests') { | ||
for (arch in basearches) { | ||
for (imageName in imageNames) { | ||
images += " --image=docker://${params.CONTAINER_REGISTRY_STAGING_REPO}:${imageName}-${arch}-${shortcommit}" | ||
} | ||
} | ||
|
||
for (imageName in imageNames) { | ||
shwrap(""" | ||
export STORAGE_DRIVER=vfs # https://github.com/coreos/fedora-coreos-pipeline/issues/723#issuecomment-1297668507 | ||
skopeo copy --all --authfile \$REGISTRY_SECRET \ | ||
docker://${params.CONTAINER_REGISTRY_ORG}/$imageName:main \ | ||
docker://${params.CONTAINER_REGISTRY_ORG}/$imageName:latest | ||
""") | ||
} | ||
} | ||
|
||
|
||
stage('Delete Intermediate Tags') { | ||
for (imageName in imageNames) { | ||
def dir = directory | ||
shwrap(""" | ||
export STORAGE_DRIVER=vfs # https://github.com/coreos/fedora-coreos-pipeline/issues/723#issuecomment-1297668507 | ||
skopeo delete --authfile=\$REGISTRY_SECRET \ | ||
docker://${params.CONTAINER_REGISTRY_STAGING_REPO}:$imageName-${arch}-${shortcommit} | ||
""") | ||
} | ||
} | ||
} | ||
|
||
currentBuild.result = 'SUCCESS' | ||
|
||
} catch (e) { | ||
currentBuild.result = 'FAILURE' | ||
throw e | ||
} finally { | ||
if (currentBuild.result == 'SUCCESS') { | ||
currentBuild.description = "[${gitref}@${shortcommit}] ⚡" | ||
} else { | ||
currentBuild.description = "[${gitref}@${shortcommit}] ❌" | ||
} | ||
if (currentBuild.result != 'SUCCESS') { | ||
message = "build-kola-test-containers #${env.BUILD_NUMBER} <${env.BUILD_URL}|:jenkins:> <${env.RUN_DISPLAY_URL}|:ocean:> [${gitref}@${shortcommit}]" | ||
pipeutils.trySlackSend(message: message) | ||
} | ||
} | ||
}}} // cosaPod, timeout, and lock finish here | ||
|