-
Notifications
You must be signed in to change notification settings - Fork 18
/
Jenkinsfile_k8s
271 lines (262 loc) · 11.6 KB
/
Jenkinsfile_k8s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
// The node to be used depends on the build type: this function executes the pipeline code block provided as "body"
// into the correct node type based on the provided arguments
def withPackerNode(String packer_template, String compute_type, String cpu_architecture, Closure body) {
// Build ARM64 CPU Docker images on a native machine (faster than using the local qemu)
if (cpu_architecture == 'amd64' && compute_type == 'docker') {
node('linux-amd64-docker') {
// New agent workspace specified as scripted requires an explicit checkout (compared to declarative)
checkout scm
// New agent means new packer project to initialize (plugins)
packerInitPlugins()
return body.call()
}
} else {
// No node allocation: keep the same default agent node (e.g. declarative top-level)
return body.call()
}
}
// Initialize the packer project by installing the plugins in $PACKER_HOME_DIR/ - ref. https://www.packer.io/docs/configure
// This function must be called for each distinct agent but only one time (as plugins are OS and CPU specifics)
def packerInitPlugins() {
// Authenticating to the GitHub API with an API token (auto-generated IAT, valid for 1 hour) provided to the environment variable PACKER_GITHUB_API_TOKEN
// to avoid hitting the rate limit. Ref. https://www.packer.io/docs/commands/init.
withCredentials([usernamePassword(credentialsId: 'github-app-infra',usernameVariable: 'UNUSED',passwordVariable: 'PACKER_GITHUB_API_TOKEN')]) {
// Cleanup any remnant of packer plugins on this agent
sh 'rm -rf /home/jenkins/.config /home/jenkins/.packer*'
sh 'packer init ./'
}
}
if (env.BRANCH_IS_PRIMARY) {
properties([
buildDiscarder(logRotator(numToKeepStr: '10')),
// Daily build is enough: only the tagged build would generate downstream PRs on jenkins-infra
pipelineTriggers([cron('@daily')]),
// Do not build concurently on the principal branch (to avoid Azure ARM issues with shared resources)
disableConcurrentBuilds(),
])
}
if (env.CHANGE_ID) {
properties([
// Do not build concurently on pull requests (to avoid Azure ARM issues with shared resources), and abort previous running build
disableConcurrentBuilds(abortPrevious: true)
])
}
pipeline {
agent {
// Default agent for all the packer steps: needs Docker on amd64 Linux
// Only a few matrix cells requires another kind of agent other than this default
label "linux-arm64-docker"
}
options {
timeout(time: 120, unit: 'MINUTES')
}
environment {
// To allow using ASDF shims
PATH = "${env.PATH}:/home/jenkins/.asdf/shims:/home/jenkins/.asdf/bin"
}
stages {
stage('Side Tasks') {
environment {
DRYRUN = "${env.BRANCH_IS_PRIMARY ? 'false' : 'true'}"
}
parallel {
stage('Packer Init') {
steps {
// Call the initializing function once for the default agent
script {
packerInitPlugins()
}
}
}
stage('GC on Azure') {
environment {
PACKER_AZURE = credentials('packer-azure-serviceprincipal-sponsorship')
}
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh 'az login --service-principal -u "$PACKER_AZURE_CLIENT_ID" -p "$PACKER_AZURE_CLIENT_SECRET" -t "$PACKER_AZURE_TENANT_ID"'
sh 'az account set -s "$PACKER_AZURE_SUBSCRIPTION_ID"'
sh './cleanup/azure_gallery_images.sh 1 dev'
sh './cleanup/azure_gallery_images.sh 7 staging'
sh './cleanup/azure.sh 1 dev'
sh './cleanup/azure.sh 1 staging'
sh './cleanup/azure.sh 1 prod'
}
}
}
}
}
stage('Packer Images') {
matrix {
axes {
axis {
name 'cpu_architecture'
values 'amd64', 'arm64'
}
axis {
name 'agent_type'
// make sure to port any addition to the list of agent types to the Build Docker Manifest stage if it's docker related
values 'ubuntu-22.04', 'windows-2019', 'windows-2022'
}
axis {
name 'compute_type'
// "azure-arm" stands for "Azure Resource Manager", unrelated to arm64 CPU
values 'amazon-ebs', 'azure-arm', 'docker'
}
}
excludes {
// Only build Ubuntu images for arm64 CPU in AWS (notValues)
exclude {
axis {
name 'cpu_architecture'
values 'arm64'
}
axis {
name 'agent_type'
notValues 'ubuntu-22.04'
}
axis {
name 'compute_type'
values 'amazon-ebs'
}
}
// Exclude 'amazon-ebs' Windows builds while testing for Linux AMI
exclude {
axis {
name 'agent_type'
values 'windows-2019', 'windows-2022'
}
axis {
name 'compute_type'
values 'amazon-ebs'
}
}
// Only build Ubuntu images for arm64 CPU in Azure (notValues)
exclude {
axis {
name 'cpu_architecture'
values 'arm64'
}
axis {
name 'agent_type'
notValues 'ubuntu-22.04'
}
axis {
name 'compute_type'
values 'azure-arm'
}
}
// No build on Windows or Docker, not yet implemented
exclude {
axis {
name 'agent_type'
values 'windows-2019'
}
axis {
name 'compute_type'
values 'docker'
}
}
exclude {
axis {
name 'agent_type'
values 'windows-2022'
}
axis {
name 'compute_type'
values 'docker'
}
}
}
environment {
// Defines the following environment variables: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_DEFAULT_REGION
AWS_ACCESS_KEY_ID = credentials('packer-aws-access-key-id')
AWS_SECRET_ACCESS_KEY = credentials('packer-aws-secret-access-key')
AWS_DEFAULT_REGION = 'us-east-2'
// Defines the following environment variables: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID
// Ref. https://plugins.jenkins.io/azure-credentials/#plugin-content-declarative-pipeline
AZURE = credentials('packer-azure-serviceprincipal-sponsorship')
// // Split packer plugins/configuration for each matrix cell - ref. https://www.packer.io/docs/configure
// PACKER_PLUGIN_PATH = "${env.WORKSPACE}/plugins"
// Define Packer Input variables through environment variables prefixed with 'PKR_VAR_'
// Ref. https://www.packer.io/docs/templates/hcl_templates/variables#assigning-values-to-build-variables
PKR_VAR_build_type = "${env.TAG_NAME ? 'prod' : (env.BRANCH_IS_PRIMARY ? 'staging' : 'dev') }"
PKR_VAR_image_version = "${env.TAG_NAME ?: ((env.BRANCH_IS_PRIMARY ? 1 : 0) + '.' + (env.CHANGE_ID ?: 0) + '.' + env.BUILD_ID)}"
PKR_VAR_scm_ref = "${env.GIT_COMMIT}"
PKR_VAR_agent_os_type = "${env.agent_type.split('-')[0]}"
PKR_VAR_agent_os_version = "${env.agent_type.split('-')[1]}"
PKR_VAR_architecture = "${env.cpu_architecture}"
PKR_VAR_image_type = "${env.compute_type}"
PATH = "${WORKSPACE}/.bin:${env.PATH}" // Required if packer needs to be installed
}
stages {
stage('Build Template') {
steps {
script {
// Groovy quirk: create a local copy of these variables in the current loop context, as it matters for the closure scope below
// Otherwise the environment variables will be mixed between all the parallel stages, creating weird combinations
// - https://stackoverflow.com/questions/22145763/iterate-and-print-content-of-groovy-closures
// - http://archive.comsystoreply.de/blog-post/parallel-builds-with-jenkins-pipeline
final String pkr_var_agent_os_type = agent_type.split('-')[0]
final String pkr_var_agent_os_version = agent_type.split('-')[1]
final String pkr_var_architecture = cpu_architecture
final String pkr_var_image_type = compute_type
final String pkr_var_tag_name = env.TAG_NAME
withPackerNode(pkr_var_agent_os_type + '-' + pkr_var_agent_os_version , pkr_var_image_type, pkr_var_architecture) {
// Validate template (for all elements)
sh 'PACKER_LOG=1 packer validate ./'
// Execute build only for this matrix cell's setup
retry(count: 2, conditions: [kubernetesAgent(handleNonKubernetes: true), nonresumable()]) {
sh 'packer build -timestamp-ui -force -only="${PKR_VAR_image_type}.${PKR_VAR_agent_os_type}" ./'
// adding manually a cpu architecture tag to the docker image
if (pkr_var_image_type == 'docker') {
sh 'docker tag "jenkinsciinfra/jenkins-agent-${PKR_VAR_agent_os_type}-${PKR_VAR_agent_os_version}:latest" "jenkinsciinfra/jenkins-agent-${PKR_VAR_agent_os_type}-${PKR_VAR_agent_os_version}:${PKR_VAR_architecture}"'
}
}
// if docker and building a tag, push to dockerhub from inside the node
// else we would loose the docker image
if (pkr_var_image_type == 'docker' && pkr_var_tag_name != null) {
stage('Publish all tags for Docker image') {
echo "Pushing jenkinsciinfra/jenkins-agent-${pkr_var_agent_os_type}:${pkr_var_tag_name} & jenkinsciinfra/jenkins-agent-${pkr_var_agent_os_type}:latest for ${pkr_var_architecture}"
infra.withDockerPushCredentials {
sh 'docker push --all-tags jenkinsciinfra/jenkins-agent-${agent_type}'
}
}
}
}
}
}
}
}
}
}
stage('Build Docker Manifest') {
when {
expression {
return env.TAG_NAME != null
}
}
environment {
// Static variable definition as this stage is outside the matrix scope
// Improvement: pass dynamically the list of images from the matrix (e.g. use full scripted pipeline) to support other Docker agent types (such as windows-2019 or windows-2022)
agent_type = 'ubuntu-22.04'
}
steps {
script {
infra.withDockerPushCredentials {
sh 'docker manifest create \
jenkinsciinfra/jenkins-agent-${agent_type}:latest \
--amend jenkinsciinfra/jenkins-agent-${agent_type}:arm64 \
--amend jenkinsciinfra/jenkins-agent-${agent_type}:amd64'
sh 'docker manifest push jenkinsciinfra/jenkins-agent-"${agent_type}":latest'
sh 'docker manifest create \
jenkinsciinfra/jenkins-agent-${agent_type}:${TAG_NAME} \
--amend jenkinsciinfra/jenkins-agent-${agent_type}:arm64 \
--amend jenkinsciinfra/jenkins-agent-${agent_type}:amd64'
sh 'docker manifest push jenkinsciinfra/jenkins-agent-"${agent_type}":"${TAG_NAME}"'
}
}
}
}
}
}