Compare commits
73 Commits
cpkg-auto-
...
master
Author | SHA1 | Date |
---|---|---|
wpetit | 4c15ad01c5 | |
wpetit | e2960e37c2 | |
wpetit | fa94488da7 | |
wpetit | daa6987159 | |
wpetit | 90587b05a9 | |
wpetit | 170f143b00 | |
wpetit | fca4ac23d6 | |
wpetit | 0ac529eac7 | |
wpetit | b98e8ad73b | |
wpetit | f6d9255c5c | |
wpetit | 758f37e8e4 | |
wpetit | 2849a3d8d0 | |
wpetit | 2c182df6a6 | |
wpetit | 3bf8e64888 | |
wpetit | 7da0dd95b1 | |
wpetit | efbdad226c | |
wpetit | 1d956d60b1 | |
wpetit | cdaff5d8db | |
wpetit | 4d0070040a | |
Philippe Caseiro | 120d5d5fb5 | |
Philippe Caseiro | 92bec0f127 | |
Philippe Caseiro | d252924f22 | |
Philippe Caseiro | bad27aa934 | |
Philippe Caseiro | 418891082a | |
Philippe Caseiro | bdaef91251 | |
wpetit | 83867e3a98 | |
wpetit | 6ebceae3b9 | |
Matthieu Lamalle | abe8dd5f1b | |
Laurent Gourvenec | 7afabcedde | |
Matthieu Lamalle | 1d35892e87 | |
wpetit | 21c7fb0e61 | |
wpetit | 199b0bf5d1 | |
wpetit | 3f1b8bcda1 | |
wpetit | 6c5c580156 | |
Benjamin Gaudé | 2fbe2ab0b0 | |
Benjamin Gaudé | 85cb43b272 | |
wpetit | 13dc4cbd13 | |
wpetit | 50310eee17 | |
wpetit | c5fb279a11 | |
wpetit | 2c514cf61b | |
Rudy Masson | 67b6e21093 | |
Rudy Masson | 7ac1644563 | |
Rudy Masson | 11014fd443 | |
Rudy Masson | 4abd2c5fef | |
Rudy Masson | 6d48542bfc | |
Rudy Masson | 92fea37170 | |
wpetit | 1d8b6495b2 | |
wpetit | 9b58ab6971 | |
wpetit | 190b01fa6d | |
wpetit | 522deb3c6a | |
wpetit | 13c89a3cde | |
wpetit | 77de05e856 | |
wpetit | d093542dc2 | |
wpetit | 1ddb5691ca | |
wpetit | 77a7c46d3f | |
wpetit | 67f18d806d | |
wpetit | 14220ae4e3 | |
wpetit | 8e1b257144 | |
wpetit | e670fb8bf6 | |
wpetit | 57194c84eb | |
wpetit | 14bf4665f1 | |
wpetit | 37445a815e | |
wpetit | 9c79307ef9 | |
wpetit | b28d9f9e69 | |
wpetit | a6b8706753 | |
wpetit | ff382b25ba | |
wpetit | 12bed86b97 | |
wpetit | 3272427766 | |
wpetit | cff97b7e02 | |
wpetit | bc8b1ec7d3 | |
wpetit | 1d1a679d62 | |
wpetit | c77c020be0 | |
wpetit | 356dc6d16c |
9
Makefile
9
Makefile
|
@ -4,6 +4,10 @@ LIGHTHOUSE_COMMAND ?=
|
||||||
LIGHTHOUSE_URL ?=
|
LIGHTHOUSE_URL ?=
|
||||||
PA11Y_URL ?=
|
PA11Y_URL ?=
|
||||||
PA11Y_REPORTER ?=
|
PA11Y_REPORTER ?=
|
||||||
|
PA11Y_USERNAME ?=
|
||||||
|
PA11Y_PASSWORD ?=
|
||||||
|
PA11Y_STANDARD ?=
|
||||||
|
PA11Y_COOKIE ?=
|
||||||
|
|
||||||
image-w3af:
|
image-w3af:
|
||||||
docker build \
|
docker build \
|
||||||
|
@ -73,6 +77,11 @@ pa11y:
|
||||||
-e https_proxy=$(https_proxy) \
|
-e https_proxy=$(https_proxy) \
|
||||||
-e PA11Y_URL='$(PA11Y_URL)' \
|
-e PA11Y_URL='$(PA11Y_URL)' \
|
||||||
-e PA11Y_REPORTER='$(PA11Y_REPORTER)' \
|
-e PA11Y_REPORTER='$(PA11Y_REPORTER)' \
|
||||||
|
-e PA11Y_USERNAME='$(PA11Y_USERNAME)' \
|
||||||
|
-e PA11Y_PASSWORD='$(PA11Y_PASSWORD)' \
|
||||||
|
-e PA11Y_STANDARD='$(PA11Y_STANDARD)' \
|
||||||
|
-e PA11Y_COOKIE='$(PA11Y_COOKIE)' \
|
||||||
|
-e PA11Y_IGNORE='$(PA11Y_IGNORE)' \
|
||||||
-u $(shell id -u $(USER)):$(shell id -g $(USER)) \
|
-u $(shell id -u $(USER)):$(shell id -g $(USER)) \
|
||||||
-v "$(PWD)/data/pa11y/reports:/home/pa11y/reports" \
|
-v "$(PWD)/data/pa11y/reports:/home/pa11y/reports" \
|
||||||
$(DOCKER_ARGS) \
|
$(DOCKER_ARGS) \
|
||||||
|
|
24
README.md
24
README.md
|
@ -2,29 +2,9 @@
|
||||||
|
|
||||||
Utilitaires pour la création de pipeline Jenkins dans l'environnement Cadoles.
|
Utilitaires pour la création de pipeline Jenkins dans l'environnement Cadoles.
|
||||||
|
|
||||||
## Pipelines
|
## Documentation
|
||||||
|
|
||||||
- [Pipeline d'empaquetage Debian](./pipelines/debian-packaging.jenkinsfile)
|
Voir le répertoire [`./doc`](./doc)
|
||||||
|
|
||||||
## Librairie
|
|
||||||
|
|
||||||
### Méthodes exposées
|
|
||||||
|
|
||||||
#### Création de paquets
|
|
||||||
|
|
||||||
- [`tamarin.buildPackage()`](./vars/tamarin.groovy#L48)
|
|
||||||
- [`tamarin.buildPackageWithCPKG()`](./vars/tamarin.groovy#L1)
|
|
||||||
|
|
||||||
#### Publication de paquets
|
|
||||||
|
|
||||||
- [`vulcain.publish()`](./vars/vulcain.groovy#L1)
|
|
||||||
|
|
||||||
#### Pilotage d'OpenNebula
|
|
||||||
|
|
||||||
- [`nebula.initWithCredentials()`](./vars/nebula.groovy#L125)
|
|
||||||
- [`nebula.runInNewVM() { client -> ... }`](./vars/nebula.groovy#L135)
|
|
||||||
- [`client.findVMTemplate()`](./vars/nebula.groovy#L65)
|
|
||||||
- [`client.withNewVM()`](./vars/nebula.groovy#L79)
|
|
||||||
|
|
||||||
## Licence
|
## Licence
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,29 @@
|
||||||
|
# Documentation
|
||||||
|
|
||||||
|
## Tutoriels
|
||||||
|
|
||||||
|
- [Utilisation du pipeline `standardMakePipeline()`](./tutorials/standard-make-pipeline.md)
|
||||||
|
|
||||||
|
## Pipelines
|
||||||
|
|
||||||
|
- [Pipeline d'empaquetage Debian](../pipelines/debian-packaging.jenkinsfile)
|
||||||
|
|
||||||
|
## Librairie
|
||||||
|
|
||||||
|
### Méthodes exposées
|
||||||
|
|
||||||
|
#### Création de paquets
|
||||||
|
|
||||||
|
- [`tamarin.buildPackage()`](../vars/tamarin.groovy#L48)
|
||||||
|
- [`tamarin.buildPackageWithCPKG()`](../vars/tamarin.groovy#L1)
|
||||||
|
|
||||||
|
#### Publication de paquets
|
||||||
|
|
||||||
|
- [`vulcain.publish()`](../vars/vulcain.groovy#L1)
|
||||||
|
|
||||||
|
#### Pilotage d'OpenNebula
|
||||||
|
|
||||||
|
- [`nebula.initWithCredentials()`](../vars/nebula.groovy#L125)
|
||||||
|
- [`nebula.runInNewVM() { client -> ... }`](../vars/nebula.groovy#L135)
|
||||||
|
- [`client.findVMTemplate()`](../vars/nebula.groovy#L65)
|
||||||
|
- [`client.withNewVM()`](../vars/nebula.groovy#L79)
|
|
@ -0,0 +1,123 @@
|
||||||
|
# Utilisation du pipeline `standardMakePipeline()`
|
||||||
|
|
||||||
|
> **Note** Vous travaillez sur un projet Symfony ? Dans ce cas référez vous au tutoriel ["Utiliser le pipeline Symfony](https://forge.cadoles.com/Cadoles/Jenkins/wiki/Utiliser-le-pipeline-%22Symfony%22).
|
||||||
|
|
||||||
|
Le pipeline [`standardMakePipeline()`](../../vars/standardMakePipeline.groovy) a pour objectif de permettre d'obtenir simplement et rapidement un pipeline générique pour un projet de développement ou d'intégration en utilisant et respectant quelques conventions de nommage dans ses tâches `Make`.
|
||||||
|
|
||||||
|
Globalement, le pipeline exécute les opérations suivantes:
|
||||||
|
|
||||||
|
- Il exécute la commande `make build` sur votre projet;
|
||||||
|
- Il exécute la commande `make test` sur votre projet et si votre branche est une PR, il créait un commentaire sur celle ci avec la sortie de ces tests;
|
||||||
|
- Si votre branche est une branche de "release" (par défaut les branches `develop`, `testing` et `stable`) il exécute la commande `make release` puis diffuse une notification sur le canal `#cadoles-jenkins`.
|
||||||
|
|
||||||
|
Le pipeline ne présume pas des opérations réalisées par ces 3 tâches. Il ne fait que les exécuter en partant du principe que votre projet suit un cycle conventionnel de développement. Mais globalement ces tâches devraient:
|
||||||
|
|
||||||
|
- `make build`: Construire votre projet (installer les dépendances, générer les assets, compiler le code source le cas échéant, etc);
|
||||||
|
- `make test`: Exécuter les tests automatisés associés à votre projet (unitaire, intégration, etc);
|
||||||
|
- `make release`: Diffuser une nouvelle version de votre projet (construire et déployer des artefacts comme des paquets ou des images de conteneur, exécuter un déploiement Ansible, etc).
|
||||||
|
|
||||||
|
> **Note:** La gestion des dépendances des tâches est à la charge du développeur (voir "Comment installer les dépendances NPM avant une tâche ?" dans la FAQ pour un exemple).
|
||||||
|
|
||||||
|
## Utilisation
|
||||||
|
|
||||||
|
Afin d'utiliser le pipeline, vous devez effectuer les opérations suivantes à l'initialisation de votre projet:
|
||||||
|
|
||||||
|
1. Créer votre fichier `Jenkinsfile` à la racine de votre projet
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
@Library("cadoles") _
|
||||||
|
|
||||||
|
standardMakePipeline()
|
||||||
|
```
|
||||||
|
|
||||||
|
2. Créer votre fichier `Makefile` à la racine de votre projet
|
||||||
|
|
||||||
|
```makefile
|
||||||
|
test:
|
||||||
|
echo "Testing my project..."
|
||||||
|
|
||||||
|
build:
|
||||||
|
echo "Building my project..."
|
||||||
|
|
||||||
|
release:
|
||||||
|
echo "Releasing my project..."
|
||||||
|
```
|
||||||
|
|
||||||
|
3. Ajouter les deux fichiers à votre historique Git (`commit`) et pousser sur la branche de développement.
|
||||||
|
|
||||||
|
4. Accéder à [Jenkins](https://jenkins.cadol.es/) puis à l'organisation contenant votre projet. Dans la barre de gauche cliquer sur le bouton "Scan Gitea Organization Now"
|
||||||
|
|
||||||
|
> **Note:** Globalement un projet doit être partagé avec l'équipe "Bots" sur la forge afin que Jenkins puisse accéder aux sources de votre projet. Dans la majorité des organisations pré-existentes ce partage est déjà configuré.
|
||||||
|
|
||||||
|
5. Votre pipeline devrait s'exécuter sur Jenkins !
|
||||||
|
|
||||||
|
## Variables d'environnement pré-disponibles
|
||||||
|
|
||||||
|
Le pipeline injecte directement dans l'environnement d'exécution une série de variables d'environnement:
|
||||||
|
|
||||||
|
|Variable|Description|Valeurs possibles|
|
||||||
|
|--------|-----------|-----------------|
|
||||||
|
|`PROJECT_VERSION_TAG`|Tag conventionnel de la version du projet|Voir ["R14. Respecter le schéma d'identification des images publiées"](https://forge.cadoles.com/CadolesKube/KubeRules/wiki/Bonnes-pratiques-de-d%C3%A9veloppement-applicatif-en-vue-d%27un-d%C3%A9ploiement-sur-Kubernetes#r14-respecter-le-sch%C3%A9ma-d-identification-des-images-publi%C3%A9es)|
|
||||||
|
|`PROJECT_VERSION_SHORT_TAG`|Tag court conventionnel de la version du projet|Voir ["R14. Respecter le schéma d'identification des images publiées"](https://forge.cadoles.com/CadolesKube/KubeRules/wiki/Bonnes-pratiques-de-d%C3%A9veloppement-applicatif-en-vue-d%27un-d%C3%A9ploiement-sur-Kubernetes#r14-respecter-le-sch%C3%A9ma-d-identification-des-images-publi%C3%A9es)|
|
||||||
|
|`BRANCH_NAME`|Nom de la branche courante|Nom de la branche courante (préfixé par `PR-` le cas échéant)|
|
||||||
|
|`IS_PR`|Est ce que l'exécution courante s'effectue pour une PR ?|`true` ou `false`|
|
||||||
|
|`CI`|Est ce que l'exécution courante s'exécute sur le serveur d'intégration continue ?|`true`|
|
||||||
|
## FAQ
|
||||||
|
|
||||||
|
### Comment installer des dépendances supplémentaires dans l'environnement d'exécution ?
|
||||||
|
|
||||||
|
Par défaut l'environnement d'exécution du pipeline est un conteneur basé sur une image Ubuntu LTS (22.04 à ce jour). Dans cette image sont installées [des dépendances de base](../../resources/com/cadoles/standard-make/Dockerfile) généralement utilisées par les projets de développement.
|
||||||
|
|
||||||
|
Cependant si vous avez besoin d'autres dépendances systèmes il est possible d'étendre le fichier `Dockerfile` par défaut. Pour ce faire, éditer votre fichier `Jenkinsfile`:
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
@Library("cadoles") _
|
||||||
|
|
||||||
|
// Exemple: installation du paquet ansible-lint
|
||||||
|
// dans l'environnement d'exécution
|
||||||
|
standardMakePipeline([
|
||||||
|
'dockerfileExtension': '''
|
||||||
|
RUN apt-get update -y \
|
||||||
|
&& apt-get install -y ansible-lint
|
||||||
|
'''
|
||||||
|
])
|
||||||
|
```
|
||||||
|
|
||||||
|
### Comment injecter des secrets dans l'environnement d'exécution ?
|
||||||
|
|
||||||
|
Parfois vous aurez besoin d'utiliser des secrets afin d'accéder soit à des projets privés sur la forge, soit pour publier des paquets ou des images de conteneur. Jenkins intègre [une gestion des secrets](https://jenkins.cadol.es/manage/credentials/) et ceux ci peuvent être récupérés dans votre environnement d'exécution sous diverses formes (variable d'environnement, fichiers, etc).
|
||||||
|
|
||||||
|
Pour ce faire, éditer votre fichier `Jenkinsfile`:
|
||||||
|
|
||||||
|
```groovy
|
||||||
|
@Library("cadoles") _
|
||||||
|
|
||||||
|
// Exemple: récupération des identifiants du compte
|
||||||
|
// "jenkins" sur la forge sous la forme des variables
|
||||||
|
// d'environnement FORGE_USERNAME et FORGE_PASSWORD
|
||||||
|
standardMakePipeline([
|
||||||
|
'credentials': [
|
||||||
|
usernamePassword([
|
||||||
|
credentialsId: 'forge-jenkins',
|
||||||
|
usernameVariable: 'FORGE_USERNAME',
|
||||||
|
passwordVariable: 'FORGE_PASSWORD',
|
||||||
|
]),
|
||||||
|
]
|
||||||
|
])
|
||||||
|
```
|
||||||
|
|
||||||
|
Les différents types d'entrées possible pour le tableau `credentials` sont décris [sur cette page](https://www.jenkins.io/doc/pipeline/steps/credentials-binding/).
|
||||||
|
|
||||||
|
### Comment installer les dépendances NPM avant une tâche ?
|
||||||
|
|
||||||
|
Pour cela vous pouvez utiliser les mécanismes de gestion des dépendances intégrées à Make. Par exemple:
|
||||||
|
|
||||||
|
```makefile
|
||||||
|
test: node_modules
|
||||||
|
npm run test
|
||||||
|
|
||||||
|
node_modules:
|
||||||
|
npm ci
|
||||||
|
```
|
||||||
|
|
||||||
|
De cette manière Make exécutera la commande `npm ci` si et seulement si le répertoire `node_modules` n'existe pas déjà.
|
|
@ -0,0 +1,26 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
cleanup_docker() {
|
||||||
|
RUNNING_CONTAINERS=$(docker ps -q)
|
||||||
|
if [ ! -z "$RUNNING_CONTAINERS" ]; then
|
||||||
|
docker stop $RUNNING_CONTAINERS
|
||||||
|
fi
|
||||||
|
|
||||||
|
docker system prune -f -a --volumes
|
||||||
|
docker network prune -f
|
||||||
|
|
||||||
|
service docker restart
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanup_old_workspaces() {
|
||||||
|
# Suppression des workspaces dont la dernière date
|
||||||
|
# de modification est supérieure à 7 jours.
|
||||||
|
find /workspace -maxdepth 1 -type d -mtime +7 -exec rm -rf {} \;
|
||||||
|
}
|
||||||
|
|
||||||
|
main() {
|
||||||
|
cleanup_docker
|
||||||
|
cleanup_old_workspaces
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
|
@ -3,7 +3,7 @@
|
||||||
pipeline {
|
pipeline {
|
||||||
|
|
||||||
agent {
|
agent {
|
||||||
label 'common'
|
label 'docker'
|
||||||
}
|
}
|
||||||
|
|
||||||
environment {
|
environment {
|
||||||
|
@ -20,6 +20,7 @@ pipeline {
|
||||||
stage("Prepare build environment") {
|
stage("Prepare build environment") {
|
||||||
when {
|
when {
|
||||||
anyOf {
|
anyOf {
|
||||||
|
triggeredBy cause: "UserIdCause", detail: "wpetit"
|
||||||
triggeredBy 'TimerTrigger'
|
triggeredBy 'TimerTrigger'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -42,7 +43,7 @@ pipeline {
|
||||||
checkout scm:
|
checkout scm:
|
||||||
[
|
[
|
||||||
$class: 'GitSCM',
|
$class: 'GitSCM',
|
||||||
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-ssh-mse']],
|
||||||
branches: [[name: env.ref]],
|
branches: [[name: env.ref]],
|
||||||
extensions: [
|
extensions: [
|
||||||
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||||
|
@ -180,6 +181,7 @@ pipeline {
|
||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
sh "rm -rf '${env.projectDir}'"
|
sh "rm -rf '${env.projectDir}'"
|
||||||
|
cleanWs()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,15 +1,13 @@
|
||||||
import hudson.tasks.test.AbstractTestResultAction
|
import hudson.tasks.test.AbstractTestResultAction
|
||||||
|
|
||||||
@Library("cadoles") _
|
@Library('cadoles') _
|
||||||
|
|
||||||
pipeline {
|
pipeline {
|
||||||
|
|
||||||
parameters {
|
parameters {
|
||||||
text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
|
text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
|
||||||
string(name: 'USERNAME', defaultValue: '', description: "Nom d'utilisateur pour l'authentification Basic Auth, si nécessaire")
|
|
||||||
password(name: 'PASSWORD', defaultValue: '', description: "Mot de passe pour l'authentification Basic Auth, si nécessaire")
|
|
||||||
booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
|
booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
|
||||||
booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
|
booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
|
||||||
|
text(name: 'COOKIE_VALUE', defaultValue: 'mselang=fr_FR')
|
||||||
}
|
}
|
||||||
|
|
||||||
options {
|
options {
|
||||||
|
@ -18,37 +16,46 @@ pipeline {
|
||||||
|
|
||||||
agent {
|
agent {
|
||||||
node {
|
node {
|
||||||
label "docker"
|
label 'docker'
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
stages {
|
stages {
|
||||||
stage("Run RGAA audit") {
|
stage('Run RGAA audit') {
|
||||||
steps {
|
steps {
|
||||||
script {
|
script {
|
||||||
def urls = params.URLS.split('\n')
|
def urls = params.URLS.split('\n')
|
||||||
|
|
||||||
def count = 0
|
def count = 0
|
||||||
urls.each { u ->
|
urls.each { u ->
|
||||||
stage("Audit page '${u}'") {
|
stage("Audit page '${u}'") {
|
||||||
def report = pa11y.audit(u.trim(), [
|
withCredentials([
|
||||||
reporter: 'junit',
|
usernamePassword(
|
||||||
username: params.USERNAME,
|
credentialsId: 'msedev-basic-auth',
|
||||||
password: params.PASSWORD,
|
usernameVariable: 'MSEDEV_USERNAME',
|
||||||
standard: 'WCAG2AA',
|
passwordVariable: 'MSEDEV_PASSWORD'
|
||||||
includeNotices: params.INCLUDE_NOTICES,
|
)
|
||||||
includeWarnings: params.INCLUDE_WARNINGS,
|
]) {
|
||||||
]);
|
def report = pa11y.audit(u.trim(), [
|
||||||
|
reporter: 'junit',
|
||||||
|
username: env.MSEDEV_USERNAME,
|
||||||
|
password: env.MSEDEV_PASSWORD,
|
||||||
|
standard: 'WCAG2AA',
|
||||||
|
includeNotices: params.INCLUDE_NOTICES,
|
||||||
|
includeWarnings: params.INCLUDE_WARNINGS,
|
||||||
|
cookie_value: params.COOKIE_VALUE
|
||||||
|
])
|
||||||
|
|
||||||
writeFile file:"./report_${count}.xml", text:report
|
writeFile file:"./report_${count}.xml", text:report
|
||||||
count++
|
count++
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
junit testResults: '*.xml', skipPublishingChecks: true
|
junit testResults: '*.xml', skipPublishingChecks: true
|
||||||
|
|
||||||
rocketSend (
|
rocketSend(
|
||||||
channel: "#cnous-mse",
|
channel: '#cnous-mse',
|
||||||
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||||
message: """
|
message: """
|
||||||
Audit RGAA | ${testStatuses()}
|
Audit RGAA | ${testStatuses()}
|
||||||
|
@ -59,7 +66,6 @@ pipeline {
|
||||||
""".stripIndent(),
|
""".stripIndent(),
|
||||||
rawMessage: true,
|
rawMessage: true,
|
||||||
)
|
)
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -70,21 +76,18 @@ pipeline {
|
||||||
cleanWs()
|
cleanWs()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@NonCPS
|
@NonCPS
|
||||||
def testStatuses() {
|
def testStatuses() {
|
||||||
def testStatus = ""
|
def testStatus = ''
|
||||||
AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
|
AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
|
||||||
if (testResultAction != null) {
|
if (testResultAction != null) {
|
||||||
def total = testResultAction.totalCount
|
def total = testResultAction.totalCount
|
||||||
def failed = testResultAction.failCount
|
def failed = testResultAction.failCount
|
||||||
def skipped = testResultAction.skipCount
|
def skipped = testResultAction.skipCount
|
||||||
def passed = total - failed - skipped
|
def passed = total - failed - skipped
|
||||||
testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
|
testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
|
||||||
}
|
}
|
||||||
return testStatus
|
return testStatus
|
||||||
}
|
}
|
|
@ -2,8 +2,24 @@
|
||||||
|
|
||||||
set -eo pipefail
|
set -eo pipefail
|
||||||
|
|
||||||
DESTDIR=/usr/local/share/ca-certificates
|
declare -a DESTDIR_PATHS=(
|
||||||
|
"/usr/local/share/ca-certificates"
|
||||||
|
"/etc/ca-certificates/trust-source/anchors"
|
||||||
|
"/etc/pki/ca-trust/source/anchors"
|
||||||
|
)
|
||||||
|
|
||||||
|
for path in "${DESTDIR_PATHS[@]}"; do
|
||||||
|
if [ -d "$path" ]; then
|
||||||
|
DESTDIR=$path
|
||||||
|
break
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
UPDATE_CERTS_CMD=update-ca-certificates
|
UPDATE_CERTS_CMD=update-ca-certificates
|
||||||
|
if [ -z "$(which $UPDATE_CERTS_CMD)" ]; then
|
||||||
|
UPDATE_CERTS_CMD="update-ca-trust extract"
|
||||||
|
fi
|
||||||
|
|
||||||
CERTS="$(cat <<EOF
|
CERTS="$(cat <<EOF
|
||||||
https://letsencrypt.org/certs/isrgrootx1.pem
|
https://letsencrypt.org/certs/isrgrootx1.pem
|
||||||
https://letsencrypt.org/certs/isrg-root-x2.pem
|
https://letsencrypt.org/certs/isrg-root-x2.pem
|
||||||
|
@ -11,6 +27,8 @@ https://letsencrypt.org/certs/lets-encrypt-r3.pem
|
||||||
https://letsencrypt.org/certs/lets-encrypt-e1.pem
|
https://letsencrypt.org/certs/lets-encrypt-e1.pem
|
||||||
https://letsencrypt.org/certs/lets-encrypt-r4.pem
|
https://letsencrypt.org/certs/lets-encrypt-r4.pem
|
||||||
https://letsencrypt.org/certs/lets-encrypt-e2.pem
|
https://letsencrypt.org/certs/lets-encrypt-e2.pem
|
||||||
|
https://letsencrypt.org/certs/2024/r10.pem
|
||||||
|
https://letsencrypt.org/certs/2024/r11.pem
|
||||||
EOF
|
EOF
|
||||||
)"
|
)"
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,181 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eo pipefail
|
||||||
|
|
||||||
|
GITEA_DOWNLOAD_PROJECT=${GITEA_DOWNLOAD_PROJECT}
|
||||||
|
GITEA_DOWNLOAD_ORG=${GITEA_DOWNLOAD_ORG}
|
||||||
|
GITEA_DOWNLOAD_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
|
||||||
|
GITEA_DOWNLOAD_ANONYMOUS=${GITEA_DOWNLOAD_ANONYMOUS:-no}
|
||||||
|
GITEA_DOWNLOAD_USERNAME=${GITEA_DOWNLOAD_USERNAME}
|
||||||
|
GITEA_DOWNLOAD_PASSWORD=${GITEA_DOWNLOAD_PASSWORD}
|
||||||
|
GITEA_DOWNLOAD_RELEASE_NAME=${GITEA_DOWNLOAD_RELEASE_NAME:-latest}
|
||||||
|
GITEA_DOWNLOAD_TARGET_DIRECTORY=${GITEA_DOWNLOAD_TARGET_DIRECTORY:-gitea-dl}
|
||||||
|
GITEA_DOWNLOAD_ATTACHMENTS_FILTER="${GITEA_DOWNLOAD_ATTACHMENTS_FILTER:-.*}"
|
||||||
|
|
||||||
|
function check_dependencies {
|
||||||
|
assert_command_available 'curl'
|
||||||
|
assert_command_available 'jq'
|
||||||
|
}
|
||||||
|
|
||||||
|
function assert_command_available {
|
||||||
|
local command=$1
|
||||||
|
local command_path=$(which $command)
|
||||||
|
|
||||||
|
if [ -z "$command_path" ]; then
|
||||||
|
echo "The '$command' command could not be found. Please install it before using this script." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_environment {
|
||||||
|
assert_environment GITEA_DOWNLOAD_PROJECT
|
||||||
|
assert_environment GITEA_DOWNLOAD_ORG
|
||||||
|
assert_environment GITEA_DOWNLOAD_BASE_URL
|
||||||
|
}
|
||||||
|
|
||||||
|
function source_env_file {
|
||||||
|
if [ ! -f '.env' ]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
set -o allexport
|
||||||
|
source .env
|
||||||
|
set +o allexport
|
||||||
|
}
|
||||||
|
|
||||||
|
function assert_environment {
|
||||||
|
local name=$1
|
||||||
|
local value=${!name}
|
||||||
|
|
||||||
|
if [ -z "$value" ]; then
|
||||||
|
echo "The $"$name" environment variable is empty." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function ask_credentials {
|
||||||
|
if [ "${GITEA_DOWNLOAD_ANONYMOUS}" == "yes" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -z "$GITEA_DOWNLOAD_USERNAME" ]; then
|
||||||
|
echo -n "Username: "
|
||||||
|
read GITEA_DOWNLOAD_USERNAME
|
||||||
|
|
||||||
|
fi
|
||||||
|
if [ -z "$GITEA_DOWNLOAD_PASSWORD" ]; then
|
||||||
|
echo -n "Password: "
|
||||||
|
stty -echo
|
||||||
|
read GITEA_DOWNLOAD_PASSWORD
|
||||||
|
stty echo
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function retrieve_release_name {
|
||||||
|
if [ ! -z "$GITEA_DOWNLOAD_RELEASE_NAME" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n "Release name: "
|
||||||
|
read GITEA_DOWNLOAD_RELEASE_NAME
|
||||||
|
}
|
||||||
|
|
||||||
|
function retrieve_target_directory {
|
||||||
|
if [ ! -z "$GITEA_DOWNLOAD_TARGET_DIRECTORY" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo -n "Target directory: "
|
||||||
|
read GITEA_DOWNLOAD_TARGET_DIRECTORY
|
||||||
|
}
|
||||||
|
|
||||||
|
function json_set {
|
||||||
|
local data=$1
|
||||||
|
local key=$2
|
||||||
|
local value=$3
|
||||||
|
local use_raw_file=$4
|
||||||
|
|
||||||
|
if [ "$use_raw_file" != "true" ]; then
|
||||||
|
echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
|
||||||
|
else
|
||||||
|
local tmpfile=$(mktemp)
|
||||||
|
echo "$value" > "$tmpfile"
|
||||||
|
echo $data | jq -cr --rawfile v "$tmpfile" --arg k "$key" '.[$k] = $v'
|
||||||
|
rm -f "$tmpfile"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function gitea_api {
|
||||||
|
local path=$1
|
||||||
|
local args=${@:2}
|
||||||
|
|
||||||
|
if [ "${GITEA_DOWNLOAD_ANONYMOUS}" != 'yes' ]; then
|
||||||
|
args="-u "$GITEA_DOWNLOAD_USERNAME:$GITEA_DOWNLOAD_PASSWORD" ${args}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl -L \
|
||||||
|
--fail \
|
||||||
|
--ipv4 \
|
||||||
|
-k \
|
||||||
|
${args} \
|
||||||
|
"$GITEA_DOWNLOAD_BASE_URL/api/v1$path"
|
||||||
|
}
|
||||||
|
|
||||||
|
function gitea_download {
|
||||||
|
local attachment_id=$1
|
||||||
|
local output=$2
|
||||||
|
|
||||||
|
if [ "${GITEA_DOWNLOAD_ANONYMOUS}" != 'yes' ]; then
|
||||||
|
GITEA_DOWNLOAD_CURL_ARGS="-u "$GITEA_DOWNLOAD_USERNAME:$GITEA_DOWNLOAD_PASSWORD" ${GITEA_DOWNLOAD_CURL_ARGS}"
|
||||||
|
fi
|
||||||
|
|
||||||
|
curl -L \
|
||||||
|
--fail \
|
||||||
|
--ipv4 \
|
||||||
|
-k \
|
||||||
|
--output "$output" \
|
||||||
|
$GITEA_DOWNLOAD_CURL_ARGS \
|
||||||
|
"$GITEA_DOWNLOAD_BASE_URL/attachments/$attachment_id"
|
||||||
|
}
|
||||||
|
|
||||||
|
function download_release_files {
|
||||||
|
local releases=$(gitea_api "/repos/${GITEA_DOWNLOAD_ORG}/${GITEA_DOWNLOAD_PROJECT}/releases")
|
||||||
|
|
||||||
|
local assets
|
||||||
|
if [ "$GITEA_DOWNLOAD_RELEASE_NAME" == "latest" ]; then
|
||||||
|
assets=$(echo $releases | jq -r '. | sort_by(.id) | reverse | .[0].assets')
|
||||||
|
else
|
||||||
|
assets=$(echo $releases | jq -r --arg name "$GITEA_DOWNLOAD_RELEASE_NAME" '. | map(select( .name == $name)) | .[0].assets')
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$assets" == "null" ]; then
|
||||||
|
echo 1>&2 "No release found."
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p "$GITEA_DOWNLOAD_TARGET_DIRECTORY"
|
||||||
|
|
||||||
|
local attachment_uuids=$(echo $assets | jq -r '.[].uuid')
|
||||||
|
for uuid in $attachment_uuids; do
|
||||||
|
local filename=$(echo $assets | jq -r --arg uuid "$uuid" '. | map(select( .uuid == $uuid)) | .[0].name')
|
||||||
|
|
||||||
|
if [[ "$filename" =~ $GITEA_DOWNLOAD_ATTACHMENTS_FILTER ]]; then
|
||||||
|
echo "Downloading attachment '$filename'"
|
||||||
|
gitea_download "$uuid" "$GITEA_DOWNLOAD_TARGET_DIRECTORY/$filename"
|
||||||
|
else
|
||||||
|
echo "Ignoring attachment '$filename'"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function main {
|
||||||
|
check_dependencies
|
||||||
|
source_env_file
|
||||||
|
check_environment
|
||||||
|
ask_credentials
|
||||||
|
retrieve_release_name
|
||||||
|
retrieve_target_directory
|
||||||
|
download_release_files
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
|
@ -0,0 +1,161 @@
|
||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -eo pipefail
|
||||||
|
|
||||||
|
GITEA_PACKAGE_ORG=${GITEA_PACKAGE_ORG}
|
||||||
|
GITEA_PACKAGE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
|
||||||
|
GITEA_PACKAGE_USERNAME=${GITEA_PACKAGE_USERNAME}
|
||||||
|
GITEA_PACKAGE_PASSWORD=${GITEA_PACKAGE_PASSWORD}
|
||||||
|
GITEA_PACKAGE_FILE=${GITEA_PACKAGE_FILE}
|
||||||
|
GITEA_PACKAGE_CURL_MAX_RETRY=${GITEA_PACKAGE_CURL_MAX_RETRY:-3}
|
||||||
|
GITEA_PACKAGE_FORCE_OVERWRITE=${GITEA_PACKAGE_FORCE_UPLOAD:-yes}
|
||||||
|
|
||||||
|
GITEA_PACKAGE_DEBIAN_DISTRIBUTION=${GITEA_PACKAGE_DEBIAN_DISTRIBUTION:-latest}
|
||||||
|
GITEA_PACKAGE_DEBIAN_COMPONENT=${GITEA_PACKAGE_DEBIAN_COMPONENT:-main}
|
||||||
|
|
||||||
|
GITEA_PACKAGE_ALPINE_BRANCH=${GITEA_PACKAGE_ALPINE_BRANCH:-latest}
|
||||||
|
GITEA_PACKAGE_ALPINE_REPOSITORY=${GITEA_PACKAGE_ALPINE_REPOSITORY:-main}
|
||||||
|
|
||||||
|
function check_dependencies {
|
||||||
|
assert_command_available 'curl'
|
||||||
|
}
|
||||||
|
|
||||||
|
function assert_command_available {
|
||||||
|
local command=$1
|
||||||
|
local command_path=$(which $command)
|
||||||
|
|
||||||
|
if [ -z "$command_path" ]; then
|
||||||
|
echo "The '$command' command could not be found. Please install it before using this script." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function check_environment {
|
||||||
|
assert_environment GITEA_PACKAGE_ORG
|
||||||
|
assert_environment GITEA_PACKAGE_BASE_URL
|
||||||
|
}
|
||||||
|
|
||||||
|
function source_env_file {
|
||||||
|
if [ ! -f '.env' ]; then
|
||||||
|
return 0
|
||||||
|
fi
|
||||||
|
set -o allexport
|
||||||
|
source .env
|
||||||
|
set +o allexport
|
||||||
|
}
|
||||||
|
|
||||||
|
function assert_environment {
|
||||||
|
local name=$1
|
||||||
|
local value=${!name}
|
||||||
|
|
||||||
|
if [ -z "$value" ]; then
|
||||||
|
echo "The $"$name" environment variable is empty." 1>&2
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function ask_credentials {
|
||||||
|
if [ -z "$GITEA_PACKAGE_USERNAME" ]; then
|
||||||
|
echo -n "Username: "
|
||||||
|
read GITEA_PACKAGE_USERNAME
|
||||||
|
|
||||||
|
fi
|
||||||
|
if [ -z "$GITEA_PACKAGE_PASSWORD" ]; then
|
||||||
|
echo -n "Password: "
|
||||||
|
stty -echo
|
||||||
|
read GITEA_PACKAGE_PASSWORD
|
||||||
|
stty echo
|
||||||
|
echo
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function ask_package_type {
|
||||||
|
local available_types="debian alpine redhat"
|
||||||
|
local match=$( ( echo "$available_types" | grep -qw "$GITEA_PACKAGE_TYPE" ) && echo yes || echo no )
|
||||||
|
while [ "$match" == "no" ] || [ -z $GITEA_PACKAGE_TYPE ]; do
|
||||||
|
echo -n "Package type ($available_types): "
|
||||||
|
read GITEA_PACKAGE_TYPE
|
||||||
|
match=$( ( echo "$available_types" | grep -qw "$GITEA_PACKAGE_TYPE" ) && echo yes || echo no )
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
|
function ask_package_file {
|
||||||
|
while [ ! -f "$GITEA_PACKAGE_FILE" ]; do
|
||||||
|
echo -n "Package file (must be a valid path to a supported package file): "
|
||||||
|
read GITEA_PACKAGE_FILE
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ -z $GITEA_PACKAGE_TYPE ]; then
|
||||||
|
local filename=$(basename -- "$GITEA_PACKAGE_FILE")
|
||||||
|
local extension="${filename##*.}"
|
||||||
|
|
||||||
|
case $extension in
|
||||||
|
deb)
|
||||||
|
GITEA_PACKAGE_TYPE=debian
|
||||||
|
;;
|
||||||
|
apk)
|
||||||
|
GITEA_PACKAGE_TYPE=alpine
|
||||||
|
;;
|
||||||
|
rpm)
|
||||||
|
GITEA_PACKAGE_TYPE=redhat
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function upload_debian_package {
|
||||||
|
gitea_api "/api/packages/$GITEA_PACKAGE_ORG/debian/pool/$GITEA_PACKAGE_DEBIAN_DISTRIBUTION/$GITEA_PACKAGE_DEBIAN_COMPONENT/upload" \
|
||||||
|
--upload-file "$GITEA_PACKAGE_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
function upload_alpine_package {
|
||||||
|
gitea_api "/api/packages/$GITEA_PACKAGE_ORG/alpine/$GITEA_PACKAGE_ALPINE_BRANCH/$GITEA_PACKAGE_ALPINE_REPOSITORY" \
|
||||||
|
--upload-file "$GITEA_PACKAGE_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
function upload_redhat_package {
|
||||||
|
gitea_api "/api/packages/$GITEA_PACKAGE_ORG/rpm/upload" \
|
||||||
|
--upload-file "$GITEA_PACKAGE_FILE"
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
function gitea_api {
|
||||||
|
local path=$1
|
||||||
|
local args=${@:2}
|
||||||
|
|
||||||
|
curl -L \
|
||||||
|
--fail \
|
||||||
|
--ipv4 \
|
||||||
|
--progress-bar \
|
||||||
|
--retry "$GITEA_PACKAGE_CURL_MAX_RETRY" \
|
||||||
|
-u "$GITEA_PACKAGE_USERNAME:$GITEA_PACKAGE_PASSWORD" \
|
||||||
|
$GITEA_PACKAGE_CURL_ARGS \
|
||||||
|
${args} \
|
||||||
|
"$GITEA_PACKAGE_BASE_URL$path"
|
||||||
|
}
|
||||||
|
|
||||||
|
function main {
|
||||||
|
check_dependencies
|
||||||
|
source_env_file
|
||||||
|
check_environment
|
||||||
|
ask_credentials
|
||||||
|
ask_package_file
|
||||||
|
ask_package_type
|
||||||
|
case $GITEA_PACKAGE_TYPE in
|
||||||
|
debian)
|
||||||
|
upload_debian_package
|
||||||
|
;;
|
||||||
|
alpine)
|
||||||
|
upload_alpine_package
|
||||||
|
;;
|
||||||
|
redhat)
|
||||||
|
upload_redhat_package
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
echo "Package type '$GITEA_PACKAGE_TYPE' is not yet supported" 1>&2
|
||||||
|
exit 1
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
|
main
|
|
@ -7,12 +7,17 @@ GITEA_RELEASE_ORG=${GITEA_RELEASE_ORG}
|
||||||
GITEA_RELEASE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
|
GITEA_RELEASE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
|
||||||
GITEA_RELEASE_USERNAME=${GITEA_RELEASE_USERNAME}
|
GITEA_RELEASE_USERNAME=${GITEA_RELEASE_USERNAME}
|
||||||
GITEA_RELEASE_PASSWORD=${GITEA_RELEASE_PASSWORD}
|
GITEA_RELEASE_PASSWORD=${GITEA_RELEASE_PASSWORD}
|
||||||
|
GITEA_RELEASE_NAME=${GITEA_RELEASE_NAME}
|
||||||
GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
|
GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
|
||||||
GITEA_RELEASE_COMMITISH_TARGET=${GITEA_RELEASE_COMMITISH_TARGET}
|
GITEA_RELEASE_COMMITISH_TARGET=${GITEA_RELEASE_COMMITISH_TARGET}
|
||||||
GITEA_RELEASE_IS_DRAFT=${GITEA_RELEASE_IS_DRAFT:-false}
|
GITEA_RELEASE_IS_DRAFT=${GITEA_RELEASE_IS_DRAFT:-false}
|
||||||
GITEA_RELEASE_IS_PRERELEASE=${GITEA_RELEASE_IS_PRERELEASE:-true}
|
GITEA_RELEASE_IS_PRERELEASE=${GITEA_RELEASE_IS_PRERELEASE:-true}
|
||||||
GITEA_RELEASE_BODY=${GITEA_RELEASE_BODY}
|
GITEA_RELEASE_BODY=${GITEA_RELEASE_BODY}
|
||||||
GITEA_RELEASE_ATTACHMENTS=${GITEA_RELEASE_ATTACHMENTS}
|
GITEA_RELEASE_ATTACHMENTS=${GITEA_RELEASE_ATTACHMENTS}
|
||||||
|
GITEA_RELEASE_CURL_MAX_RETRY=${GITEA_RELEASE_CURL_MAX_RETRY:-3}
|
||||||
|
|
||||||
|
GITEA_RELEASE_CLEANUP_PRERELEASES=${GITEA_RELEASE_CLEANUP_PRERELEASES:-true}
|
||||||
|
GITEA_RELEASE_CLEANUP_KEPT_PRERELEASES=${GITEA_RELEASE_CLEANUP_KEPT_PRERELEASES:-3}
|
||||||
|
|
||||||
function check_dependencies {
|
function check_dependencies {
|
||||||
assert_command_available 'curl'
|
assert_command_available 'curl'
|
||||||
|
@ -91,28 +96,48 @@ function retrieve_commitish_target {
|
||||||
function create_release {
|
function create_release {
|
||||||
local payload={}
|
local payload={}
|
||||||
|
|
||||||
payload=$(json_set "$payload" body "\"$GITEA_RELEASE_BODY\"")
|
payload=$(json_set "$payload" body "$GITEA_RELEASE_BODY" true)
|
||||||
payload=$(json_set "$payload" draft $GITEA_RELEASE_IS_DRAFT)
|
payload=$(json_set "$payload" draft $GITEA_RELEASE_IS_DRAFT)
|
||||||
payload=$(json_set "$payload" name "\"$GITEA_RELEASE_VERSION\"")
|
payload=$(json_set "$payload" name "\"${GITEA_RELEASE_NAME:-$GITEA_RELEASE_VERSION}\"")
|
||||||
payload=$(json_set "$payload" prerelease $GITEA_RELEASE_IS_PRERELEASE)
|
payload=$(json_set "$payload" prerelease $GITEA_RELEASE_IS_PRERELEASE)
|
||||||
payload=$(json_set "$payload" tag_name "\"${GITEA_RELEASE_VERSION:-$GITEA_RELEASE_COMMITISH_TARGET}\"")
|
payload=$(json_set "$payload" tag_name "\"${GITEA_RELEASE_VERSION:-$GITEA_RELEASE_COMMITISH_TARGET}\"")
|
||||||
payload=$(json_set "$payload" target_commitish "\"$GITEA_RELEASE_COMMITISH_TARGET\"")
|
payload=$(json_set "$payload" target_commitish "\"$GITEA_RELEASE_COMMITISH_TARGET\"")
|
||||||
|
|
||||||
|
local existing_release=$(gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" -XGET | jq -e ".[] | select(.tag_name == \"${GITEA_RELEASE_VERSION}\") | .id")
|
||||||
|
|
||||||
|
if [ ! -z "${existing_release}" ]; then
|
||||||
|
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/${existing_release}" -XDELETE
|
||||||
|
fi
|
||||||
|
|
||||||
|
local tmpfile=$(mktemp)
|
||||||
|
|
||||||
|
echo "$payload" > "$tmpfile"
|
||||||
|
|
||||||
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" \
|
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" \
|
||||||
-H "Content-Type:application/json" \
|
-H "Content-Type:application/json" \
|
||||||
-d "$payload"
|
-d "@$tmpfile"
|
||||||
|
|
||||||
|
rm -f "$tmpfile"
|
||||||
}
|
}
|
||||||
|
|
||||||
function json_set {
|
function json_set {
|
||||||
local data=$1
|
local data=$1
|
||||||
local key=$2
|
local key=$2
|
||||||
local value=$3
|
local value=$3
|
||||||
echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
|
local use_raw_file=$4
|
||||||
|
|
||||||
|
if [ "$use_raw_file" != "true" ]; then
|
||||||
|
echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
|
||||||
|
else
|
||||||
|
local tmpfile=$(mktemp)
|
||||||
|
echo "$value" > "$tmpfile"
|
||||||
|
echo $data | jq -cr --rawfile v "$tmpfile" --arg k "$key" '.[$k] = $v'
|
||||||
|
rm -f "$tmpfile"
|
||||||
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
function upload_release_attachments {
|
function upload_release_attachments {
|
||||||
local release="$1"
|
local release_id="$1"
|
||||||
local release_id=$(echo "$release" | jq -r .id)
|
|
||||||
|
|
||||||
if [ -z "$GITEA_RELEASE_ATTACHMENTS" ]; then
|
if [ -z "$GITEA_RELEASE_ATTACHMENTS" ]; then
|
||||||
set +e
|
set +e
|
||||||
|
@ -134,11 +159,32 @@ function gitea_api {
|
||||||
|
|
||||||
curl -L \
|
curl -L \
|
||||||
--fail \
|
--fail \
|
||||||
|
--ipv4 \
|
||||||
|
--progress-bar \
|
||||||
|
--retry "$GITEA_RELEASE_CURL_MAX_RETRY" \
|
||||||
-u "$GITEA_RELEASE_USERNAME:$GITEA_RELEASE_PASSWORD" \
|
-u "$GITEA_RELEASE_USERNAME:$GITEA_RELEASE_PASSWORD" \
|
||||||
|
$GITEA_RELEASE_CURL_ARGS \
|
||||||
${args} \
|
${args} \
|
||||||
"$GITEA_RELEASE_BASE_URL/api/v1$path"
|
"$GITEA_RELEASE_BASE_URL/api/v1$path"
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function clean_prereleases {
|
||||||
|
if [ "$GITEA_RELEASE_CLEANUP_PRERELEASES" != "true" ]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
|
||||||
|
local releases=$(gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases")
|
||||||
|
local to_delete=$(echo "$releases" | jq -r --arg index "$GITEA_RELEASE_CLEANUP_KEPT_PRERELEASES" '[.[] | select(.prerelease == true)] | sort_by(.created_at, .id) | reverse | .[$index | tonumber:] | .[].id')
|
||||||
|
|
||||||
|
echo $to_delete
|
||||||
|
|
||||||
|
for release_id in $to_delete; do
|
||||||
|
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/$release_id" \
|
||||||
|
-X DELETE \
|
||||||
|
-H "Content-Type:application/json"
|
||||||
|
done
|
||||||
|
}
|
||||||
|
|
||||||
function main {
|
function main {
|
||||||
check_dependencies
|
check_dependencies
|
||||||
source_env_file
|
source_env_file
|
||||||
|
@ -147,7 +193,10 @@ function main {
|
||||||
retrieve_commitish_target
|
retrieve_commitish_target
|
||||||
retrieve_version
|
retrieve_version
|
||||||
local release=$(create_release)
|
local release=$(create_release)
|
||||||
upload_release_attachments "$release"
|
local release_id=$(echo "$release" | jq -r .id)
|
||||||
|
sleep 1 # Wait for release creation
|
||||||
|
upload_release_attachments "$release_id"
|
||||||
|
clean_prereleases
|
||||||
}
|
}
|
||||||
|
|
||||||
main
|
main
|
|
@ -1,4 +1,4 @@
|
||||||
FROM golang:1.15 as envtpl
|
FROM reg.cadoles.com/proxy_cache/library/golang:1.15 as envtpl
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
|
||||||
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
||||||
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
||||||
|
|
||||||
FROM alpine:3.13
|
FROM reg.cadoles.com/proxy_cache/library/alpine:3.13
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
FROM golang:1.13 as envtpl
|
FROM reg.cadoles.com/proxy_cache/library/golang:1.13 as envtpl
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
|
||||||
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
||||||
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
||||||
|
|
||||||
FROM alpine:3.10
|
FROM alpine:3.16
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
@ -33,9 +33,14 @@ RUN apk add --no-cache \
|
||||||
nodejs \
|
nodejs \
|
||||||
npm \
|
npm \
|
||||||
chromium \
|
chromium \
|
||||||
bash
|
bash \
|
||||||
|
curl \
|
||||||
|
openssl \
|
||||||
|
git
|
||||||
|
|
||||||
RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y@^5.0.0 pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
|
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
|
||||||
|
|
||||||
|
RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=true npm install -g pa11y git+https://forge.cadoles.com/rmasson/junit-reporter-fork.git
|
||||||
|
|
||||||
RUN adduser -D pa11y
|
RUN adduser -D pa11y
|
||||||
|
|
||||||
|
|
|
@ -6,7 +6,10 @@
|
||||||
"headers": {
|
"headers": {
|
||||||
{{if not (empty .PA11Y_USERNAME)}}
|
{{if not (empty .PA11Y_USERNAME)}}
|
||||||
{{ $credentials := print .PA11Y_USERNAME ":" .PA11Y_PASSWORD }}
|
{{ $credentials := print .PA11Y_USERNAME ":" .PA11Y_PASSWORD }}
|
||||||
"Authorization": "Basic {{b64enc $credentials}}"
|
"Authorization": "Basic {{b64enc $credentials}}" {{if not (empty .PA11Y_COOKIE)}},{{end}}
|
||||||
|
{{end}}
|
||||||
|
{{if not (empty .PA11Y_COOKIE)}}
|
||||||
|
"Cookie": "{{print .PA11Y_COOKIE}}"
|
||||||
{{end}}
|
{{end}}
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -9,7 +9,8 @@ cd reports
|
||||||
|
|
||||||
export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser)
|
export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser)
|
||||||
export PA11Y_REPORTER="${PA11Y_REPORTER:-html}"
|
export PA11Y_REPORTER="${PA11Y_REPORTER:-html}"
|
||||||
export PA11Y_STANDARD=${PA11Y_STANDARD:-WCAG2AA}
|
export PA11Y_STANDARD="${PA11Y_STANDARD:-WCAG2AA}"
|
||||||
|
export PA11Y_IGNORE="${PA11Y_IGNORE}"
|
||||||
|
|
||||||
PA11Y_ARGS=""
|
PA11Y_ARGS=""
|
||||||
|
|
||||||
|
@ -26,4 +27,5 @@ pa11y \
|
||||||
${PA11Y_ARGS} \
|
${PA11Y_ARGS} \
|
||||||
--reporter "${PA11Y_REPORTER}" \
|
--reporter "${PA11Y_REPORTER}" \
|
||||||
--standard "${PA11Y_STANDARD}" \
|
--standard "${PA11Y_STANDARD}" \
|
||||||
|
--ignore "${PA11Y_IGNORE}" \
|
||||||
"$PA11Y_URL" || exit 0
|
"$PA11Y_URL" || exit 0
|
||||||
|
|
|
@ -0,0 +1,25 @@
|
||||||
|
{{ $serviceName := index ( .Env.IMAGE_NAME | strings.Split "/" | coll.Reverse ) 0 }}
|
||||||
|
name: "cadoles-pod-{{ $serviceName }}"
|
||||||
|
arch: amd64
|
||||||
|
platform: linux
|
||||||
|
version: "{{ strings.TrimPrefix "v" ( getenv "IMAGE_TAG" "latest" ) }}"
|
||||||
|
version_schema: none
|
||||||
|
version_metadata: git
|
||||||
|
section: "{{ getenv "PACKAGE_SECTION" "default" }}"
|
||||||
|
priority: "{{ getenv "PACKAGE_PRIORITY" "optional" }}"
|
||||||
|
maintainer: "{{ getenv "PACKAGE_MAINTAINER" "contact@cadoles.com" }}"
|
||||||
|
description: "{{ getenv "PACKAGE_DESCRIPTION" "" }}"
|
||||||
|
homepage: "{{ getenv "PACKAGE_HOMEPAGE" "https://forge.cadoles.com" }}"
|
||||||
|
license: "{{ getenv "PACKAGE_LICENCE" "GPL-3.0" }}"
|
||||||
|
depends:
|
||||||
|
- podman
|
||||||
|
scripts:
|
||||||
|
postinstall: post-install.sh
|
||||||
|
contents:
|
||||||
|
- packager: deb
|
||||||
|
src: pod.service
|
||||||
|
dst: "/usr/lib/systemd/system/cadoles-pod-{{ $serviceName }}.service"
|
||||||
|
- packager: deb
|
||||||
|
src: pod.conf
|
||||||
|
dst: /etc/cadoles-pod-{{ $serviceName }}.conf
|
||||||
|
type: config|noreplace
|
|
@ -0,0 +1 @@
|
||||||
|
PODMAN_ARGS="{{ getenv "PODMAN_ARGS" "" }}"
|
|
@ -0,0 +1,24 @@
|
||||||
|
[Unit]
|
||||||
|
Description={{ .Env.IMAGE_NAME }} pod service
|
||||||
|
Wants=network-online.target
|
||||||
|
After=network-online.target
|
||||||
|
RequiresMountsFor=/run/containers/storage
|
||||||
|
|
||||||
|
[Service]
|
||||||
|
Type=simple
|
||||||
|
Environment=PODMAN_SYSTEMD_UNIT=%n
|
||||||
|
EnvironmentFile=-/etc/cadoles-pod-{{ .Env.IMAGE_NAME }}.conf
|
||||||
|
Environment=IMAGE_NAME={{ .Env.IMAGE_NAME }} IMAGE_TAG={{ .Env.IMAGE_TAG }}
|
||||||
|
PassEnvironment=PODMAN_ARGS IMAGE_NAME IMAGE_TAG
|
||||||
|
Restart=on-failure
|
||||||
|
TimeoutStopSec=70
|
||||||
|
{{ if getenv "SYSTEMD_EXEC_STARTPRE" "" }}
|
||||||
|
ExecStartPre={{ .Env.SYSTEMD_EXEC_STARTPRE }}
|
||||||
|
{{ end }}
|
||||||
|
ExecStart=/bin/sh -c "podman run ${PODMAN_ARGS} '${IMAGE_NAME}:${IMAGE_TAG}'"
|
||||||
|
{{ if getenv "SYSTEMD_EXEC_STARTPOST" "" }}
|
||||||
|
ExecStartPost={{ .Env.SYSTEMD_EXEC_STARTPOST }}
|
||||||
|
{{ end }}
|
||||||
|
|
||||||
|
[Install]
|
||||||
|
WantedBy=default.target
|
|
@ -0,0 +1,79 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
# Adapted from https://nfpm.goreleaser.com/tips/
|
||||||
|
|
||||||
|
use_systemctl="True"
|
||||||
|
systemd_version=0
|
||||||
|
if ! command -V systemctl >/dev/null 2>&1; then
|
||||||
|
use_systemctl="False"
|
||||||
|
else
|
||||||
|
systemd_version=$( systemctl --version | head -1 | sed 's/systemd //g' | cut -d' ' -f1 )
|
||||||
|
fi
|
||||||
|
|
||||||
|
SERVICE_NAME="cadoles-pod-{{ .Env.IMAGE_NAME }}"
|
||||||
|
|
||||||
|
cleanup() {
|
||||||
|
if [ "${use_systemctl}" = "False" ]; then
|
||||||
|
rm -f /usr/lib/systemd/system/$SERVICE_NAME.service
|
||||||
|
else
|
||||||
|
rm -f /etc/chkconfig/$SERVICE_NAME
|
||||||
|
rm -f /etc/init.d/$SERVICE_NAME
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
cleanInstall() {
|
||||||
|
if [ "${use_systemctl}" = "False" ]; then
|
||||||
|
if command -V chkconfig >/dev/null 2>&1; then
|
||||||
|
chkconfig --add $SERVICE_NAME
|
||||||
|
fi
|
||||||
|
|
||||||
|
service $SERVICE_NAME restart ||:
|
||||||
|
else
|
||||||
|
if [ "${systemd_version}" -lt 231 ]; then
|
||||||
|
printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
|
||||||
|
sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
|
||||||
|
fi
|
||||||
|
systemctl daemon-reload ||:
|
||||||
|
systemctl unmask $SERVICE_NAME ||:
|
||||||
|
systemctl preset $SERVICE_NAME ||:
|
||||||
|
systemctl enable $SERVICE_NAME ||:
|
||||||
|
systemctl restart $SERVICE_NAME ||:
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
upgrade() {
|
||||||
|
if [ "${use_systemctl}" = "False" ]; then
|
||||||
|
service $SERVICE_NAME restart ||:
|
||||||
|
else
|
||||||
|
if [ "${systemd_version}" -lt 231 ]; then
|
||||||
|
printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
|
||||||
|
sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
|
||||||
|
fi
|
||||||
|
systemctl daemon-reload ||:
|
||||||
|
systemctl restart $SERVICE_NAME ||:
|
||||||
|
fi
|
||||||
|
|
||||||
|
echo 'Cleaning up unused images...'
|
||||||
|
podman image prune -f --filter "reference={{ .Env.IMAGE_NAME }}"
|
||||||
|
}
|
||||||
|
|
||||||
|
action="$1"
|
||||||
|
if [ "$1" = "configure" ] && [ -z "$2" ]; then
|
||||||
|
action="install"
|
||||||
|
elif [ "$1" = "configure" ] && [ -n "$2" ]; then
|
||||||
|
action="upgrade"
|
||||||
|
fi
|
||||||
|
|
||||||
|
case "$action" in
|
||||||
|
"1" | "install")
|
||||||
|
cleanInstall
|
||||||
|
;;
|
||||||
|
"2" | "upgrade")
|
||||||
|
upgrade
|
||||||
|
;;
|
||||||
|
*)
|
||||||
|
cleanInstall
|
||||||
|
;;
|
||||||
|
esac
|
||||||
|
|
||||||
|
cleanup
|
|
@ -0,0 +1,26 @@
|
||||||
|
ARG JQ_VERSION=1.6
|
||||||
|
|
||||||
|
RUN apt-get update && \
|
||||||
|
DEBIAN_FRONTEND=noninteractive apt-get install -y \
|
||||||
|
wget tar curl ca-certificates \
|
||||||
|
openssl bash git unzip build-essential gnupg
|
||||||
|
|
||||||
|
COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh
|
||||||
|
|
||||||
|
RUN bash /root/add-letsencrypt-ca.sh \
|
||||||
|
&& rm -f /root/add-letsencrypt-ca.sh
|
||||||
|
|
||||||
|
# Install JQ
|
||||||
|
RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
|
||||||
|
&& chmod +x /usr/local/bin/jq
|
||||||
|
|
||||||
|
# Install Docker client
|
||||||
|
RUN install -m 0755 -d /etc/apt/keyrings \
|
||||||
|
&& curl -fsSL https://download.docker.com/linux/ubuntu/gpg | gpg --dearmor -o /etc/apt/keyrings/docker.gpg \
|
||||||
|
&& chmod a+r /etc/apt/keyrings/docker.gpg \
|
||||||
|
&& echo \
|
||||||
|
"deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
|
||||||
|
"$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
|
||||||
|
tee /etc/apt/sources.list.d/docker.list > /dev/null \
|
||||||
|
&& apt-get update \
|
||||||
|
&& apt-get install -y docker-ce-cli
|
|
@ -40,3 +40,8 @@ RUN mkdir --parents /tools/phpstan \
|
||||||
&& ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
|
&& ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
|
||||||
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
|
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
|
||||||
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
|
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
|
||||||
|
|
||||||
|
# Install Symfony
|
||||||
|
RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.deb.sh' | bash \
|
||||||
|
&& apt update \
|
||||||
|
&& DEBIAN_FRONTEND=noninteractive apt-get install -y symfony-cli
|
|
@ -1,4 +1,4 @@
|
||||||
FROM alpine:3.12
|
FROM reg.cadoles.com/proxy_cache/library/alpine:3.20
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
@ -11,7 +11,7 @@ RUN apk add --no-cache git docker python3 bash openssl curl
|
||||||
|
|
||||||
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
|
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
|
||||||
|
|
||||||
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
RUN git clone https://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
||||||
&& cd /tamarin\
|
&& cd /tamarin\
|
||||||
&& git checkout ${TAMARIN_VERSION}
|
&& git checkout ${TAMARIN_VERSION}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,56 @@
|
||||||
|
{{- if . }}
|
||||||
|
{{- range . }}
|
||||||
|
<h3>Target <code>{{ escapeXML .Target }}</code></h3>
|
||||||
|
{{- if (eq (len .Vulnerabilities) 0) }}
|
||||||
|
<h4>No Vulnerabilities found</h4>
|
||||||
|
{{- else }}
|
||||||
|
<h4>Vulnerabilities ({{ len .Vulnerabilities }})</h4>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Package</th>
|
||||||
|
<th>ID</th>
|
||||||
|
<th>Severity</th>
|
||||||
|
<th>Installed Version</th>
|
||||||
|
<th>Fixed Version</th>
|
||||||
|
</tr>
|
||||||
|
{{- range .Vulnerabilities }}
|
||||||
|
<tr>
|
||||||
|
<td><code>{{ escapeXML .PkgName }}</code></td>
|
||||||
|
<td>{{ escapeXML .VulnerabilityID }}</td>
|
||||||
|
<td>{{ escapeXML .Severity }}</td>
|
||||||
|
<td>{{ escapeXML .InstalledVersion }}</td>
|
||||||
|
<td>{{ escapeXML .FixedVersion }}</td>
|
||||||
|
</tr>
|
||||||
|
{{- end }}
|
||||||
|
</table>
|
||||||
|
{{- end }}
|
||||||
|
{{- if (eq (len .Misconfigurations ) 0) }}
|
||||||
|
<h4>No Misconfigurations found</h4>
|
||||||
|
{{- else }}
|
||||||
|
<h4>Misconfigurations</h4>
|
||||||
|
<table>
|
||||||
|
<tr>
|
||||||
|
<th>Type</th>
|
||||||
|
<th>ID</th>
|
||||||
|
<th>Check</th>
|
||||||
|
<th>Severity</th>
|
||||||
|
<th>Message</th>
|
||||||
|
</tr>
|
||||||
|
{{- range .Misconfigurations }}
|
||||||
|
<tr>
|
||||||
|
<td>{{ escapeXML .Type }}</td>
|
||||||
|
<td>{{ escapeXML .ID }}</td>
|
||||||
|
<td>{{ escapeXML .Title }}</td>
|
||||||
|
<td>{{ escapeXML .Severity }}</td>
|
||||||
|
<td>
|
||||||
|
{{ escapeXML .Message }}
|
||||||
|
<br><a href={{ escapeXML .PrimaryURL | printf "%q" }}>{{ escapeXML .PrimaryURL }}</a></br>
|
||||||
|
</td>
|
||||||
|
</tr>
|
||||||
|
{{- end }}
|
||||||
|
</table>
|
||||||
|
{{- end }}
|
||||||
|
{{- end }}
|
||||||
|
{{- else }}
|
||||||
|
<h3>Trivy Returned Empty Report</h3>
|
||||||
|
{{- end }}
|
|
@ -1,4 +1,4 @@
|
||||||
FROM golang:1.11.4 as envtpl
|
FROM reg.cadoles.com/proxy_cache/library/golang:1.11.4 as envtpl
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
|
||||||
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
||||||
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
||||||
|
|
||||||
FROM alpine:3.9
|
FROM reg.cadoles.com/proxy_cache/library/alpine:3.9
|
||||||
|
|
||||||
ARG HTTP_PROXY=
|
ARG HTTP_PROXY=
|
||||||
ARG HTTPS_PROXY=
|
ARG HTTPS_PROXY=
|
||||||
|
|
|
@ -0,0 +1,245 @@
|
||||||
|
/**
|
||||||
|
* Construit, valide et publie (optionnellement) une image Docker sur le registre Cadoles (par défaut)
|
||||||
|
*
|
||||||
|
* Options disponibles:
|
||||||
|
*
|
||||||
|
* - dockerfile - String - Chemin vers le fichier Dockerfile à utiliser pour construire l'image, par défaut "./Dockerfile"
|
||||||
|
* - contextDir - String - Répertoire servant de "contexte" pour la construction de l'image, par défault "./"
|
||||||
|
* - imageName - String - Nom de l'image à construire, par défaut ""
|
||||||
|
* - imageTags - String - Tag(s) apposé(s) sur l'image après construction, par défaut tags générés par la méthode utils.getProjectVersionTags()
|
||||||
|
* - gitCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour cloner le dépôt Git, par défaut "forge-jenkins"
|
||||||
|
* - dockerRepository - String - Nom d'hôte du registre Docker sur lequel publier l'image, par défaut "reg.cadoles.com"
|
||||||
|
* - dockerRepositoryCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour déployer l'image sur le registre Docker, par défault "reg.cadoles.com-jenkins"
|
||||||
|
* - dryRun - Boolean - Désactiver/activer la publication de l'image sur le registre Docker, par défaut "true"
|
||||||
|
* - skipVerifications - Boolean - Désactiver/activer les étapes de vérifications de qualité/sécurité de l'image Docker, par défaut "false"
|
||||||
|
*/
|
||||||
|
String buildAndPublishImage(Map options = [:]) {
|
||||||
|
String dockerfile = options.get('dockerfile', './Dockerfile')
|
||||||
|
String contextDir = options.get('contextDir', '.')
|
||||||
|
String imageName = options.get('imageName', '')
|
||||||
|
String gitRef = sh(returnStdout: true, script: 'git describe --always').trim()
|
||||||
|
|
||||||
|
List<String> defaultImageTags = utils.getProjectVersionTags() + [ "${utils.getProjectVersionDefaultChannel()}-latest" ]
|
||||||
|
List<String> imageTags = options.get('imageTags', defaultImageTags)
|
||||||
|
// Handle legacy imageTag parameter
|
||||||
|
if (options.containsKey('imageTag')) {
|
||||||
|
imageTags = [ options.get("imageTag", gitRef) ]
|
||||||
|
}
|
||||||
|
|
||||||
|
String gitCredentialsId = options.get('gitCredentialsId', 'forge-jenkins')
|
||||||
|
String dockerRepository = options.get('dockerRepository', 'reg.cadoles.com')
|
||||||
|
String dockerRepositoryCredentialsId = options.get('dockerRepositoryCredentialsId', 'reg.cadoles.com-jenkins')
|
||||||
|
Boolean dryRun = options.get('dryRun', true)
|
||||||
|
Boolean skipVerifications = options.get('skipVerification', false)
|
||||||
|
|
||||||
|
String projectRepository = env.JOB_NAME
|
||||||
|
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
|
||||||
|
projectRepository = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
|
||||||
|
}
|
||||||
|
projectRepository = options.get('projectRepository', projectRepository)
|
||||||
|
|
||||||
|
withCredentials([
|
||||||
|
usernamePassword([
|
||||||
|
credentialsId: dockerRepositoryCredentialsId,
|
||||||
|
usernameVariable: 'HUB_USERNAME',
|
||||||
|
passwordVariable: 'HUB_PASSWORD'
|
||||||
|
]),
|
||||||
|
]) {
|
||||||
|
stage('Validate Dockerfile with Hadolint') {
|
||||||
|
utils.when(!skipVerifications) {
|
||||||
|
runHadolintCheck(dockerfile, projectRepository)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String primaryImageTag = imageTags[0]
|
||||||
|
|
||||||
|
stage("Build image '${imageName}:${primaryImageTag}'") {
|
||||||
|
git.withHTTPCredentials(gitCredentialsId) {
|
||||||
|
sh """
|
||||||
|
docker build \
|
||||||
|
--build-arg="GIT_USERNAME=${env.GIT_USERNAME}" \
|
||||||
|
--build-arg="GIT_PASSWORD=${env.GIT_PASSWORD}" \
|
||||||
|
-t '${imageName}:${primaryImageTag}' \
|
||||||
|
-f '${dockerfile}' \
|
||||||
|
'${contextDir}'
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Validate image with Trivy') {
|
||||||
|
utils.when(!skipVerifications) {
|
||||||
|
runTrivyCheck("${imageName}:${primaryImageTag}", projectRepository)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Login with image repository") {
|
||||||
|
utils.when(!dryRun) {
|
||||||
|
sh """
|
||||||
|
echo ${env.HUB_PASSWORD} | docker login -u '${env.HUB_USERNAME}' --password-stdin '${dockerRepository}'
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
imageTags.each { imageTag ->
|
||||||
|
stage("Publish image '${imageName}:${imageTag}'") {
|
||||||
|
utils.when(!dryRun) {
|
||||||
|
sh """
|
||||||
|
docker tag "${imageName}:${primaryImageTag}" "${imageName}:${imageTag}"
|
||||||
|
"""
|
||||||
|
retry(2) {
|
||||||
|
sh """
|
||||||
|
docker push '${imageName}:${imageTag}'
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void runHadolintCheck(String dockerfile, String projectRepository) {
|
||||||
|
String reportFile = ".hadolint-report-${currentBuild.startTimeInMillis}.txt"
|
||||||
|
|
||||||
|
try {
|
||||||
|
validateDockerfileWithHadolint(dockerfile, ['reportFile': reportFile])
|
||||||
|
} catch (err) {
|
||||||
|
unstable("Dockerfile '${dockerfile}' failed linting !")
|
||||||
|
} finally {
|
||||||
|
String lintReport = ''
|
||||||
|
|
||||||
|
if (fileExists(reportFile)) {
|
||||||
|
String report = readFile(reportFile)
|
||||||
|
|
||||||
|
lintReport = """${lintReport}
|
||||||
|
|
|
||||||
|
|```
|
||||||
|
|${report.trim() ? report : "Rien à signaler."}
|
||||||
|
|```"""
|
||||||
|
} else {
|
||||||
|
lintReport = """${lintReport}
|
||||||
|
|
|
||||||
|
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
|
||||||
|
}
|
||||||
|
|
||||||
|
String defaultReport = '_Rien à signaler !_ :thumbsup:'
|
||||||
|
String report = """## Rapport d'analyse du fichier `${dockerfile}` avec [Hadolint](https://github.com/hadolint/hadolint)
|
||||||
|
|
|
||||||
|
|${lintReport ?: defaultReport}
|
||||||
|
""".stripMargin()
|
||||||
|
|
||||||
|
print report
|
||||||
|
|
||||||
|
if (env.CHANGE_ID) {
|
||||||
|
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
|
||||||
|
String hadolintBin = getOrInstallHadolint(options)
|
||||||
|
String hadolintArgs = options.get('hadolintArgs', '--no-color')
|
||||||
|
String reportFile = options.get('reportFile', ".hadolint-report-${currentBuild.startTimeInMillis}.txt")
|
||||||
|
|
||||||
|
sh("""#!/bin/bash
|
||||||
|
set -eo pipefail
|
||||||
|
'${hadolintBin}' '${dockerfile}' ${hadolintArgs} | tee '${reportFile}'
|
||||||
|
""")
|
||||||
|
|
||||||
|
return reportFile
|
||||||
|
}
|
||||||
|
|
||||||
|
void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
|
||||||
|
String reportFile = ".trivy-report-${currentBuild.startTimeInMillis}.txt"
|
||||||
|
|
||||||
|
try {
|
||||||
|
validateImageWithTrivy(imageName, ['reportFile': reportFile])
|
||||||
|
} catch (err) {
|
||||||
|
unstable("Image '${imageName}' failed validation !")
|
||||||
|
} finally {
|
||||||
|
String lintReport = ''
|
||||||
|
|
||||||
|
if (fileExists(reportFile)) {
|
||||||
|
lintReport = """${lintReport}
|
||||||
|
|
|
||||||
|
|${readFile(reportFile)}
|
||||||
|
|"""
|
||||||
|
} else {
|
||||||
|
lintReport = """${lintReport}
|
||||||
|
|
|
||||||
|
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
|
||||||
|
}
|
||||||
|
|
||||||
|
String defaultReport = '_Rien à signaler !_ :thumbsup:'
|
||||||
|
String report = """## Rapport d'analyse de l'image avec [Trivy](https://github.com/aquasecurity/trivy)
|
||||||
|
|
|
||||||
|
|${lintReport ?: defaultReport}
|
||||||
|
""".stripMargin()
|
||||||
|
|
||||||
|
print report
|
||||||
|
|
||||||
|
if (env.CHANGE_ID) {
|
||||||
|
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String validateImageWithTrivy(String imageName, Map options = [:]) {
|
||||||
|
String trivyBin = getOrInstallTrivy(options)
|
||||||
|
String trivyArgs = options.get('trivyArgs', '--exit-code 1')
|
||||||
|
String cacheDirectory = options.get('cacheDirectory', '.trivy/.cache')
|
||||||
|
String cacheDefaultBranch = options.get('cacheDefaultBranch', 'develop')
|
||||||
|
Integer cacheMaxSize = options.get('cacheMaxSize', 250)
|
||||||
|
String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
|
||||||
|
|
||||||
|
String markdownTemplate = libraryResource 'com/cadoles/trivy/templates/markdown.tpl'
|
||||||
|
writeFile file:'.trivy-markdown.tpl', text: markdownTemplate
|
||||||
|
|
||||||
|
cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
|
||||||
|
[$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
|
||||||
|
]) {
|
||||||
|
sh("'${trivyBin}' --cache-dir '${cacheDirectory}' image --ignorefile .trivyignore.yaml --format template --template '@.trivy-markdown.tpl' -o '${reportFile}' ${trivyArgs} '${imageName}'")
|
||||||
|
}
|
||||||
|
|
||||||
|
return reportFile
|
||||||
|
}
|
||||||
|
|
||||||
|
String getOrInstallHadolint(Map options = [:]) {
|
||||||
|
String installDir = options.get('installDir', '/usr/local/bin')
|
||||||
|
String version = options.get('version', '2.12.0')
|
||||||
|
String forceDownload = options.get('forceDownload', false)
|
||||||
|
String downloadUrl = options.get('downloadUrl', "https://github.com/hadolint/hadolint/releases/download/v${version}/hadolint-Linux-x86_64")
|
||||||
|
|
||||||
|
String hadolintBin = sh(returnStdout: true, script: 'which hadolint || exit 0').trim()
|
||||||
|
if (hadolintBin == '' || forceDownload) {
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${installDir}'
|
||||||
|
curl -o '${installDir}/hadolint' -sSL '${downloadUrl}'
|
||||||
|
chmod +x '${installDir}/hadolint'
|
||||||
|
""")
|
||||||
|
|
||||||
|
hadolintBin = "${installDir}/hadolint"
|
||||||
|
}
|
||||||
|
|
||||||
|
return hadolintBin
|
||||||
|
}
|
||||||
|
|
||||||
|
String getOrInstallTrivy(Map options = [:]) {
|
||||||
|
String installDir = options.get('installDir', '/usr/local/bin')
|
||||||
|
String version = options.get('version', '0.47.0')
|
||||||
|
String forceDownload = options.get('forceDownload', false)
|
||||||
|
String installScriptDownloadUrl = options.get('downloadUrl', 'https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh')
|
||||||
|
|
||||||
|
String trivyBin = sh(returnStdout: true, script: 'which trivy || exit 0').trim()
|
||||||
|
if (trivyBin == '' || forceDownload) {
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${installDir}'
|
||||||
|
curl -sfL '${installScriptDownloadUrl}' | sh -s -- -b '${installDir}' v${version}
|
||||||
|
chmod +x '${installDir}/trivy'
|
||||||
|
""")
|
||||||
|
|
||||||
|
trivyBin = "${installDir}/trivy"
|
||||||
|
}
|
||||||
|
|
||||||
|
return trivyBin
|
||||||
|
}
|
|
@ -1,8 +1,8 @@
|
||||||
|
import java.util.regex.Matcher
|
||||||
|
|
||||||
// Basic port of https://forge.cadoles.com/Cadoles/cpkg
|
// Basic port of https://forge.cadoles.com/Cadoles/cpkg
|
||||||
def call(Map params = [:]) {
|
def call(Map params = [:]) {
|
||||||
|
|
||||||
def currentRef = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
|
def currentRef = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
|
||||||
def baseRef = params.baseRef ? params.baseRef : currentRef
|
|
||||||
def distRepo = params.distRepo ? params.distRepo : 'dev'
|
def distRepo = params.distRepo ? params.distRepo : 'dev'
|
||||||
def dist = params.dist ? params.dist : 'eole'
|
def dist = params.dist ? params.dist : 'eole'
|
||||||
def distVersion = params.distVersion ? params.distVersion : '2.7.0'
|
def distVersion = params.distVersion ? params.distVersion : '2.7.0'
|
||||||
|
@ -12,7 +12,7 @@ def call(Map params = [:]) {
|
||||||
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
|
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
|
||||||
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
|
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
|
||||||
def skipCi = params.containsKey('skipCi') ? params.skipCi : false
|
def skipCi = params.containsKey('skipCi') ? params.skipCi : false
|
||||||
def skipPush = params.containsKey('skipPush') ? params.skipPush: true
|
def skipPush = params.containsKey('skipPush') ? params.skipPush : true
|
||||||
|
|
||||||
// Define dist branch based on provided informations and base branch name
|
// Define dist branch based on provided informations and base branch name
|
||||||
def distBranch = "dist/${dist}/${distVersion}/${distBranchName}"
|
def distBranch = "dist/${dist}/${distVersion}/${distBranchName}"
|
||||||
|
@ -28,7 +28,7 @@ def call(Map params = [:]) {
|
||||||
sh("git config --add remote.origin.fetch +refs/heads/${distBranch}:refs/remotes/origin/${distBranch}")
|
sh("git config --add remote.origin.fetch +refs/heads/${distBranch}:refs/remotes/origin/${distBranch}")
|
||||||
|
|
||||||
// Update branches
|
// Update branches
|
||||||
sh("git fetch --all")
|
sh('git fetch --all')
|
||||||
|
|
||||||
// Merge currentRef into distBranch and push
|
// Merge currentRef into distBranch and push
|
||||||
sh("git checkout -b '${distBranch}' 'origin/${distBranch}'")
|
sh("git checkout -b '${distBranch}' 'origin/${distBranch}'")
|
||||||
|
@ -40,7 +40,7 @@ def call(Map params = [:]) {
|
||||||
sh("git merge ${currentRef}")
|
sh("git merge ${currentRef}")
|
||||||
|
|
||||||
if (!skipPush) {
|
if (!skipPush) {
|
||||||
sh("git push")
|
sh('git push')
|
||||||
} else {
|
} else {
|
||||||
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
|
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
|
||||||
}
|
}
|
||||||
|
@ -61,17 +61,26 @@ def call(Map params = [:]) {
|
||||||
|
|
||||||
println("Last version number is '${lastVersionNumber}'")
|
println("Last version number is '${lastVersionNumber}'")
|
||||||
|
|
||||||
def versionNumber = sh(
|
String versionRoot = extractVersionRoot(lastVersionNumber)
|
||||||
script: "git describe --always ${currentRef}",
|
String versionNumber = ''
|
||||||
returnStdout: true,
|
|
||||||
).trim()
|
|
||||||
|
|
||||||
def isCommitRef = !versionNumber.matches(/^[0-9]+\.[0-9]+\.[0-9]+.*$/)
|
if (versionRoot) {
|
||||||
|
versionNumber = versionRoot
|
||||||
|
} else {
|
||||||
|
versionNumber = sh(
|
||||||
|
script: "git describe --always ${currentRef}",
|
||||||
|
returnStdout: true,
|
||||||
|
).split('/').last().trim()
|
||||||
|
|
||||||
if (isCommitRef) {
|
Boolean isCommitRef = !versionNumber.matches(/^[0-9]+\.[0-9]+\.[0-9]+.*$/)
|
||||||
versionNumber = "0.0.0-${versionNumber}"
|
|
||||||
|
if (isCommitRef) {
|
||||||
|
versionNumber = "0.0.0-${versionNumber}"
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
versionNumber = "${versionNumber}-${env.BUILD_NUMBER}"
|
||||||
|
|
||||||
println("New version number will be '${versionNumber}'")
|
println("New version number will be '${versionNumber}'")
|
||||||
result['newVersionNumber'] = versionNumber
|
result['newVersionNumber'] = versionNumber
|
||||||
|
|
||||||
|
@ -80,16 +89,16 @@ def call(Map params = [:]) {
|
||||||
|
|
||||||
result['newTag'] = tag
|
result['newTag'] = tag
|
||||||
|
|
||||||
def tagComment="Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
|
def tagComment = "Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
|
||||||
if (skipCi) {
|
if (skipCi) {
|
||||||
tagComment += ' [ci skip]'
|
tagComment += ' [ci skip]'
|
||||||
}
|
}
|
||||||
|
|
||||||
sh("git tag -a '${tag}' -m '${tagComment}'")
|
sh("git tag -f -a '${tag}' -m '${tagComment}'")
|
||||||
|
|
||||||
// Push tag
|
// Push tag
|
||||||
if (!skipPush) {
|
if (!skipPush) {
|
||||||
sh("git push --tags")
|
sh('git push --tags -f')
|
||||||
} else {
|
} else {
|
||||||
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
|
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
|
||||||
}
|
}
|
||||||
|
@ -116,3 +125,14 @@ def call(Map params = [:]) {
|
||||||
|
|
||||||
return result
|
return result
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@NonCPS
|
||||||
|
String extractVersionRoot(String fullVersion) {
|
||||||
|
Matcher fullVersionMatcher = fullVersion =~ /^([0-9]+\.[0-9]+\.[0-9]+).*$/
|
||||||
|
|
||||||
|
if (!fullVersionMatcher.matches()) {
|
||||||
|
return ""
|
||||||
|
}
|
||||||
|
|
||||||
|
return fullVersionMatcher.group(1)
|
||||||
|
}
|
||||||
|
|
|
@ -52,7 +52,7 @@ def listRepoPackages(Map params = [:]) {
|
||||||
def type = params.type ? params.type : 'binary'
|
def type = params.type ? params.type : 'binary'
|
||||||
def arch = params.arch ? params.arch : 'amd64'
|
def arch = params.arch ? params.arch : 'amd64'
|
||||||
|
|
||||||
def response = httpRequest(url: "${baseURL}/dists/${distrib}/${component}/${type}-${arch}/Packages")
|
def response = httpRequest(ignoreSslErrors: true, url: "${baseURL}/dists/${distrib}/${component}/${type}-${arch}/Packages")
|
||||||
|
|
||||||
def packages = [:]
|
def packages = [:]
|
||||||
def lines = response.content.split('\n')
|
def lines = response.content.split('\n')
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = 0) {
|
def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = -1) {
|
||||||
comment = comment.replaceAll('"', '\\"')
|
comment = comment.replaceAll('"', '\\"')
|
||||||
withCredentials([
|
withCredentials([
|
||||||
string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
|
string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
|
||||||
|
@ -7,13 +7,17 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
|
||||||
sh """#!/bin/bash
|
sh """#!/bin/bash
|
||||||
set -xeo pipefail
|
set -xeo pipefail
|
||||||
|
|
||||||
# Récupération si il existe du commentaire existant
|
previous_comment_id=null
|
||||||
previous_comment_id=\$(curl -v --fail \
|
|
||||||
-H "Authorization: token ${GITEA_TOKEN}" \
|
if [ "${commentIndex}" != "-1" ]; then
|
||||||
-H "Content-Type: application/json" \
|
# Récupération si il existe du commentaire existant
|
||||||
https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
|
previous_comment_id=\$(curl -v --fail \
|
||||||
| jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
|
-H "Authorization: token ${GITEA_TOKEN}" \
|
||||||
)
|
-H "Content-Type: application/json" \
|
||||||
|
https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
|
||||||
|
| jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
|
||||||
|
)
|
||||||
|
fi
|
||||||
|
|
||||||
# Génération du payload pour l'API Gitea
|
# Génération du payload pour l'API Gitea
|
||||||
echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json
|
echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json
|
||||||
|
@ -40,14 +44,15 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
|
||||||
}
|
}
|
||||||
|
|
||||||
// Effectue une "release" sur Gitea pour le <ORG>/<PROJET> donné.
|
// Effectue une "release" sur Gitea pour le <ORG>/<PROJET> donné.
|
||||||
def release(String credentialsId, String org, String project, Map options = [:]) {
|
void release(String credentialsId, String org, String project, Map options = [:]) {
|
||||||
def isDraft = options.get('isDraft', false)
|
Boolean isDraft = options.get('isDraft', false)
|
||||||
def baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
|
String baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
|
||||||
def defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
|
String defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
|
||||||
def releaseVersion = options.get('releaseVersion', defaultVersion)
|
String releaseVersion = options.get('releaseVersion', defaultVersion)
|
||||||
def commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)
|
String releaseName = options.get('releaseName', releaseVersion)
|
||||||
|
String commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)
|
||||||
|
|
||||||
def defaultIsPrerelease = true
|
Boolean defaultIsPrerelease = true
|
||||||
try {
|
try {
|
||||||
sh(script: "git describe --exact-match ${GIT_COMMIT}")
|
sh(script: "git describe --exact-match ${GIT_COMMIT}")
|
||||||
defaultIsPrerelease = false
|
defaultIsPrerelease = false
|
||||||
|
@ -55,16 +60,16 @@ def release(String credentialsId, String org, String project, Map options = [:])
|
||||||
println "Could not find tag associated with commit '${GIT_COMMIT}' ! Using 'prerelease' as default."
|
println "Could not find tag associated with commit '${GIT_COMMIT}' ! Using 'prerelease' as default."
|
||||||
}
|
}
|
||||||
|
|
||||||
def isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
|
Boolean isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
|
||||||
def body = options.get('body', '')
|
String body = options.get('body', '')
|
||||||
def attachments = options.get('attachments', [])
|
List<String> attachments = options.get('attachments', [])
|
||||||
|
|
||||||
def scriptTempDir = ".gitea-release-script-${System.currentTimeMillis()}"
|
String scriptTempDir = ".gitea-release-script-${System.currentTimeMillis()}"
|
||||||
sh("mkdir -p '${scriptTempDir}'")
|
sh("mkdir -p '${scriptTempDir}'")
|
||||||
|
|
||||||
def giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"
|
String giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"
|
||||||
|
|
||||||
def giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
|
String giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
|
||||||
writeFile file: giteaReleaseScript, text:giteaReleaseScriptContent
|
writeFile file: giteaReleaseScript, text:giteaReleaseScriptContent
|
||||||
sh("chmod +x '${giteaReleaseScript}'")
|
sh("chmod +x '${giteaReleaseScript}'")
|
||||||
|
|
||||||
|
@ -81,6 +86,7 @@ def release(String credentialsId, String org, String project, Map options = [:])
|
||||||
export GITEA_RELEASE_ORG="${org}"
|
export GITEA_RELEASE_ORG="${org}"
|
||||||
export GITEA_RELEASE_BASE_URL="${baseUrl}"
|
export GITEA_RELEASE_BASE_URL="${baseUrl}"
|
||||||
export GITEA_RELEASE_VERSION="${releaseVersion}"
|
export GITEA_RELEASE_VERSION="${releaseVersion}"
|
||||||
|
export GITEA_RELEASE_NAME="${releaseName}"
|
||||||
export GITEA_RELEASE_COMMITISH_TARGET="${commitishTarget}"
|
export GITEA_RELEASE_COMMITISH_TARGET="${commitishTarget}"
|
||||||
export GITEA_RELEASE_IS_DRAFT="${isDraft}"
|
export GITEA_RELEASE_IS_DRAFT="${isDraft}"
|
||||||
export GITEA_RELEASE_IS_PRERELEASE="${isPrerelease}"
|
export GITEA_RELEASE_IS_PRERELEASE="${isPrerelease}"
|
||||||
|
@ -95,4 +101,56 @@ def release(String credentialsId, String org, String project, Map options = [:])
|
||||||
deleteDir()
|
deleteDir()
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
rocketSend(
|
||||||
|
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||||
|
message: """
|
||||||
|
Nouvelle version publiée pour le projet `${org}/${project}`: [${releaseName}](${baseUrl}/${org}/${project}/releases/tag/${releaseVersion})
|
||||||
|
|
||||||
|
[Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||||
|
|
||||||
|
@${utils.getBuildUser()}
|
||||||
|
""".stripIndent(),
|
||||||
|
rawMessage: true
|
||||||
|
)
|
||||||
|
}
|
||||||
|
|
||||||
|
// Télécharge les fichiers associés à une "version" publiée sur un projet Gitea
|
||||||
|
void download(String credentialsId, String org, String project, Map options = [:]) {
|
||||||
|
String baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
|
||||||
|
String releaseName = options.get('releaseName', 'latest')
|
||||||
|
String outputDir = options.get('outputDir', 'gitea-dl')
|
||||||
|
|
||||||
|
String scriptTempDir = ".gitea-download-script-${System.currentTimeMillis()}"
|
||||||
|
sh("mkdir -p '${scriptTempDir}'")
|
||||||
|
|
||||||
|
String giteaDownloadScript = "${scriptTempDir}/gitea-download.sh"
|
||||||
|
|
||||||
|
String giteaDownloadScriptContent = libraryResource 'com/cadoles/gitea/gitea-download.sh'
|
||||||
|
writeFile file: giteaDownloadScript, text:giteaDownloadScriptContent
|
||||||
|
sh("chmod +x '${giteaDownloadScript}'")
|
||||||
|
|
||||||
|
try {
|
||||||
|
withCredentials([
|
||||||
|
usernamePassword(
|
||||||
|
credentialsId: credentialsId,
|
||||||
|
usernameVariable: 'GITEA_DOWNLOAD_USERNAME',
|
||||||
|
passwordVariable: 'GITEA_DOWNLOAD_PASSWORD'
|
||||||
|
)
|
||||||
|
]) {
|
||||||
|
sh """
|
||||||
|
export GITEA_DOWNLOAD_PROJECT="${project}"
|
||||||
|
export GITEA_DOWNLOAD_ORG="${org}"
|
||||||
|
export GITEA_DOWNLOAD_BASE_URL="${baseUrl}"
|
||||||
|
export GITEA_DOWNLOAD_RELEASE_NAME="${releaseName}"
|
||||||
|
export GITEA_DOWNLOAD_TARGET_DIRECTORY="${outputDir}"
|
||||||
|
|
||||||
|
${giteaDownloadScript}
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
} finally {
|
||||||
|
dir(scriptTempDir) {
|
||||||
|
deleteDir()
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,46 @@
|
||||||
|
void call(String sourceTemplate, String destFile, Map env = [:], Map options = [:]) {
|
||||||
|
String gomplateBin = getOrInstallGomplate(options)
|
||||||
|
|
||||||
|
sh """
|
||||||
|
${exportEnvMap(env)}
|
||||||
|
${gomplateBin} -f '${sourceTemplate}' > '${destFile}'
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
|
||||||
|
String exportEnvMap(Map env) {
|
||||||
|
String exports = ''
|
||||||
|
|
||||||
|
env.each { item ->
|
||||||
|
exports = """
|
||||||
|
${exports}
|
||||||
|
export ${item.key}="${item.value}"
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
|
||||||
|
return exports
|
||||||
|
}
|
||||||
|
|
||||||
|
String getOrInstallGomplate(Map options = [:]) {
|
||||||
|
String installDir = options.get('installDir', '/usr/local/bin')
|
||||||
|
String version = options.get('version', '3.10.0')
|
||||||
|
Boolean forceDownload = options.get('forceDownload', false)
|
||||||
|
String downloadUrl = options.get('downloadUrl', "https://github.com/hairyhenderson/gomplate/releases/download/v${version}/gomplate_linux-amd64")
|
||||||
|
|
||||||
|
String gomplateBin = ''
|
||||||
|
|
||||||
|
lock("${env.NODE_NAME}:gomplate-install") {
|
||||||
|
gomplateBin = sh(returnStdout: true, script: 'which gomplate || exit 0').trim()
|
||||||
|
|
||||||
|
if (gomplateBin == '' || forceDownload) {
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${installDir}'
|
||||||
|
curl -o '${installDir}/gomplate' -sSL '${downloadUrl}'
|
||||||
|
chmod +x '${installDir}/gomplate'
|
||||||
|
""")
|
||||||
|
|
||||||
|
gomplateBin = "${installDir}/gomplate"
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return gomplateBin
|
||||||
|
}
|
|
@ -1,13 +1,17 @@
|
||||||
def call(String name) {
|
def call(String name) {
|
||||||
def rootDir = pwd()
|
def filepath = "${env.WORKSPACE}/.jenkins/${name}.groovy"
|
||||||
def filepath = "${rootDir}/.jenkins/${name}.groovy"
|
|
||||||
def exists = fileExists(filepath)
|
def exists = fileExists(filepath)
|
||||||
if (!exists) {
|
if (!exists) {
|
||||||
println("No hook '${filepath}' script. Skipping.")
|
println("No hook '${filepath}' script. Skipping.")
|
||||||
return
|
return
|
||||||
}
|
}
|
||||||
def hook = load(filepath)
|
def hook = load(filepath)
|
||||||
if(hook.metaClass.respondsTo(hook, 'exec')) {
|
|
||||||
|
if (hook == null) {
|
||||||
|
error("Hook '${filepath}' seems to be null. Did you forget to add 'return this' at the end of the script ?")
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hook.metaClass.respondsTo(hook, 'exec')) {
|
||||||
hook.exec()
|
hook.exec()
|
||||||
} else {
|
} else {
|
||||||
error("Hook script '${filepath}' exists but does not expose an exec() function.")
|
error("Hook script '${filepath}' exists but does not expose an exec() function.")
|
||||||
|
|
|
@ -0,0 +1,195 @@
|
||||||
|
/**
|
||||||
|
* Construit, valide et publie (optionnellement) une image Docker sur le registre Cadoles (par défaut)
|
||||||
|
*
|
||||||
|
* Options disponibles:
|
||||||
|
*
|
||||||
|
* - dockerfile - String - Chemin vers le fichier Dockerfile à utiliser pour construire l'image, par défaut "./Dockerfile"
|
||||||
|
* - contextDir - String - Répertoire servant de "contexte" pour la construction de l'image, par défault "./"
|
||||||
|
* - imageName - String - Nom de l'image à construire, par défaut ""
|
||||||
|
* - imageTag - String - Tag apposé sur l'image après construction, par défaut résultat de la commande `git describe --always`
|
||||||
|
* - gitCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour cloner le dépôt Git, par défaut "forge-jenkins"
|
||||||
|
* - dockerRepository - String - Nom d'hôte du registre Docker sur lequel publier l'image, par défaut "reg.cadoles.com"
|
||||||
|
* - dockerRepositoryCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour déployer l'image sur le registre Docker, par défault "reg.cadoles.com-jenkins"
|
||||||
|
* - dryRun - Boolean - Désactiver/activer la publication de l'image sur le registre Docker, par défaut "true"
|
||||||
|
* - skipVerifications - Boolean - Désactiver/activer les étapes de vérifications de qualité/sécurité de l'image Docker, par défaut "false"
|
||||||
|
*/
|
||||||
|
String buildAndPublishImage(Map options = [:]) {
|
||||||
|
String dockerfile = options.get('dockerfile', './Dockerfile')
|
||||||
|
String contextDir = options.get('contextDir', '.')
|
||||||
|
String imageName = options.get('imageName', '')
|
||||||
|
String gitRef = sh(returnStdout: true, script: 'git describe --always').trim()
|
||||||
|
String imageTag = options.get('imageTag', gitRef)
|
||||||
|
String gitCredentialsId = options.get('gitCredentialsId', 'forge-jenkins')
|
||||||
|
String dockerRepository = options.get('dockerRepository', 'reg.cadoles.com')
|
||||||
|
String dockerRepositoryCredentialsId = options.get('dockerRepositoryCredentialsId', 'reg.cadoles.com-jenkins')
|
||||||
|
Boolean dryRun = options.get('dryRun', true)
|
||||||
|
Boolean skipVerifications = options.get('skipVerification', false)
|
||||||
|
String currentBranch = env.BRANCH_NAME.replaceAll("[^a-zA-Z]+","_")
|
||||||
|
|
||||||
|
String projectRepository = env.JOB_NAME
|
||||||
|
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
|
||||||
|
projectRepository = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
|
||||||
|
}
|
||||||
|
projectRepository = options.get('projectRepository', projectRepository)
|
||||||
|
|
||||||
|
withCredentials([
|
||||||
|
usernamePassword([
|
||||||
|
credentialsId: dockerRepositoryCredentialsId,
|
||||||
|
usernameVariable: 'HUB_USERNAME',
|
||||||
|
passwordVariable: 'HUB_PASSWORD'
|
||||||
|
]),
|
||||||
|
]) {
|
||||||
|
stage('Validate Dockerfile with Hadolint') {
|
||||||
|
utils.when(!skipVerifications) {
|
||||||
|
runHadolintCheck(dockerfile, projectRepository)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Build image '${imageName}:${imageTag}'") {
|
||||||
|
git.withHTTPCredentials(gitCredentialsId) {
|
||||||
|
sh """
|
||||||
|
CURRENT_BRANCH=${currentBranch} make
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Validate image with Trivy') {
|
||||||
|
utils.when(!skipVerifications) {
|
||||||
|
sh """
|
||||||
|
CURRENT_BRANCH=${currentBranch} make scan
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
stage("Publish image '${imageName}:${imageTag}'") {
|
||||||
|
utils.when(!dryRun) {
|
||||||
|
retry(2) {
|
||||||
|
sh """
|
||||||
|
CURRENT_BRANCH=${currentBranch} make release
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void runHadolintCheck(String dockerfile, String projectRepository) {
|
||||||
|
String reportFile = ".hadolint-report-${currentBuild.startTimeInMillis}.txt"
|
||||||
|
|
||||||
|
try {
|
||||||
|
validateDockerfileWithHadolint(dockerfile, ['reportFile': reportFile])
|
||||||
|
} catch (err) {
|
||||||
|
unstable("Dockerfile '${dockerfile}' failed linting !")
|
||||||
|
} finally {
|
||||||
|
String lintReport = ''
|
||||||
|
|
||||||
|
if (fileExists(reportFile)) {
|
||||||
|
lintReport = """${lintReport}
|
||||||
|
|
|
||||||
|
|```
|
||||||
|
|${readFile(reportFile)}
|
||||||
|
|```"""
|
||||||
|
} else {
|
||||||
|
lintReport = """${lintReport}
|
||||||
|
|
|
||||||
|
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
|
||||||
|
}
|
||||||
|
|
||||||
|
String defaultReport = '_Rien à signaler !_ :thumbsup:'
|
||||||
|
String report = """## Validation du Dockerfile `${dockerfile}`
|
||||||
|
|
|
||||||
|
|${lintReport ?: defaultReport}
|
||||||
|
""".stripMargin()
|
||||||
|
|
||||||
|
print report
|
||||||
|
|
||||||
|
if (env.CHANGE_ID) {
|
||||||
|
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
|
||||||
|
String hadolintBin = getOrInstallHadolint(options)
|
||||||
|
String hadolintArgs = options.get('hadolintArgs', '--no-color')
|
||||||
|
String reportFile = options.get('reportFile', ".hadolint-report-${currentBuild.startTimeInMillis}.txt")
|
||||||
|
|
||||||
|
sh("""#!/bin/bash
|
||||||
|
set -eo pipefail
|
||||||
|
'${hadolintBin}' '${dockerfile}' ${hadolintArgs} | tee '${reportFile}'
|
||||||
|
""")
|
||||||
|
|
||||||
|
return reportFile
|
||||||
|
}
|
||||||
|
|
||||||
|
void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
|
||||||
|
String currentBranch = env.BRANCH_NAME.replaceAll("[^a-zA-Z]+","_")
|
||||||
|
stage("Scan with trivy '${imageName}:${imageTag}'") {
|
||||||
|
utils.when(!dryRun) {
|
||||||
|
retry(2) {
|
||||||
|
sh """
|
||||||
|
CURRENT_BRANCH=${currentBranch} make scan
|
||||||
|
"""
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String validateImageWithTrivy(String imageName, Map options = [:]) {
|
||||||
|
String trivyBin = getOrInstallTrivy(options)
|
||||||
|
String trivyArgs = options.get('trivyArgs', '--exit-code 1')
|
||||||
|
String cacheDirectory = options.get('cacheDirectory', '.trivy/.cache')
|
||||||
|
String cacheDefaultBranch = options.get('cacheDefaultBranch', 'develop')
|
||||||
|
Integer cacheMaxSize = options.get('cacheMaxSize', 250)
|
||||||
|
String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
|
||||||
|
[$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
|
||||||
|
]) {
|
||||||
|
sh("'${trivyBin}' --cache-dir '${cacheDirectory}' image -o '${reportFile}' ${trivyArgs} '${imageName}'")
|
||||||
|
}
|
||||||
|
|
||||||
|
return reportFile
|
||||||
|
}
|
||||||
|
|
||||||
|
String getOrInstallHadolint(Map options = [:]) {
|
||||||
|
String installDir = options.get('installDir', '/usr/local/bin')
|
||||||
|
String version = options.get('version', '2.10.0')
|
||||||
|
String forceDownload = options.get('forceDownload', false)
|
||||||
|
String downloadUrl = options.get('downloadUrl', "https://github.com/hadolint/hadolint/releases/download/v${version}/hadolint-Linux-x86_64")
|
||||||
|
|
||||||
|
String hadolintBin = sh(returnStdout: true, script: 'which hadolint || exit 0').trim()
|
||||||
|
if (hadolintBin == '' || forceDownload) {
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${installDir}'
|
||||||
|
curl -o '${installDir}/hadolint' -sSL '${downloadUrl}'
|
||||||
|
chmod +x '${installDir}/hadolint'
|
||||||
|
""")
|
||||||
|
|
||||||
|
hadolintBin = "${installDir}/hadolint"
|
||||||
|
}
|
||||||
|
|
||||||
|
return hadolintBin
|
||||||
|
}
|
||||||
|
|
||||||
|
String getOrInstallTrivy(Map options = [:]) {
|
||||||
|
String installDir = options.get('installDir', '/usr/local/bin')
|
||||||
|
String version = options.get('version', '0.27.1')
|
||||||
|
String forceDownload = options.get('forceDownload', false)
|
||||||
|
String installScriptDownloadUrl = options.get('downloadUrl', 'https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh')
|
||||||
|
|
||||||
|
String trivyBin = sh(returnStdout: true, script: 'which trivy || exit 0').trim()
|
||||||
|
if (trivyBin == '' || forceDownload) {
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${installDir}'
|
||||||
|
curl -sfL '${installScriptDownloadUrl}' | sh -s -- -b '${installDir}' v${version}
|
||||||
|
chmod +x '${installDir}/trivy'
|
||||||
|
""")
|
||||||
|
|
||||||
|
trivyBin = "${installDir}/trivy"
|
||||||
|
}
|
||||||
|
|
||||||
|
return trivyBin
|
||||||
|
}
|
|
@ -0,0 +1,37 @@
|
||||||
|
/**
|
||||||
|
* Générer des paquets Debian, RPM, Alpine (ipk) via nfpm
|
||||||
|
* Voir See https://nfpm.goreleaser.com/
|
||||||
|
*
|
||||||
|
* Options:
|
||||||
|
* - installDir - Répertoire d'installation du binaire nfpm, par défaut /usr/local/bin
|
||||||
|
* - version - Version de nfpm à installer, par défaut 2.15.1
|
||||||
|
* - forceDownload - Forcer l'installation de nfpm, par défaut false
|
||||||
|
* - config - Fichier de configuration nfpm à utiliser, par défaut nfpm.yaml
|
||||||
|
* - target - Répertoire cible pour nfpm, par défaut ./dist
|
||||||
|
* - packager - Limiter l'exécution de nfpm à un packager spécifique, par défaut "deb" (i.e. pas de limitation)
|
||||||
|
*/
|
||||||
|
void call(Map options = [:]) {
|
||||||
|
String installDir = options.get('installDir', '/usr/local/bin')
|
||||||
|
String version = options.get('version', '2.20.0')
|
||||||
|
Boolean forceDownload = options.get('forceDownload', false)
|
||||||
|
String downloadUrl = options.get('downloadUrl', "https://github.com/goreleaser/nfpm/releases/download/v${version}/nfpm_${version}_Linux_x86_64.tar.gz")
|
||||||
|
String config = options.get('config', 'nfpm.yaml')
|
||||||
|
String target = options.get('target', env.WORKSPACE + '/dist')
|
||||||
|
String packager = options.get('packager', 'deb')
|
||||||
|
|
||||||
|
String nfpmBin = sh(returnStdout: true, script: 'which nfpm || exit 0').trim()
|
||||||
|
if (nfpmBin == '' || forceDownload) {
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${installDir}'
|
||||||
|
curl -L '${downloadUrl}' > /tmp/nfpm.tar.gz
|
||||||
|
tar -C /usr/local/bin -xzf /tmp/nfpm.tar.gz
|
||||||
|
""")
|
||||||
|
|
||||||
|
nfpmBin = "${installDir}/nfpm"
|
||||||
|
}
|
||||||
|
|
||||||
|
sh("""
|
||||||
|
mkdir -p '${target}'
|
||||||
|
${nfpmBin} package --config '${config}' ${packager ? '--packager ' + packager : ''} --target '${target}'
|
||||||
|
""")
|
||||||
|
}
|
|
@ -1,10 +1,12 @@
|
||||||
def audit(String url, Map params = [:]) {
|
def audit(String url, Map params = [:]) {
|
||||||
def reporter = params.reporter ? params.reporter : 'html'
|
def reporter = params.reporter ? params.reporter : 'html'
|
||||||
def username = params.username ? params.username : '';
|
def username = params.username ? params.username : ''
|
||||||
def password = params.password ? params.password : '';
|
def password = params.password ? params.password : ''
|
||||||
def standard = params.standard ? params.standard : 'WCAG2AA';
|
def standard = params.standard ? params.standard : 'WCAG2AA'
|
||||||
def includeWarnings = params.includeWarnings ? params.includeWarnings : false;
|
def includeWarnings = params.includeWarnings ? params.includeWarnings : false
|
||||||
def includeNotices = params.includeNotices ? params.includeNotices : false;
|
def includeNotices = params.includeNotices ? params.includeNotices : false
|
||||||
|
def cookie = params.cookie ? params.cookie : ''
|
||||||
|
def ignoredRules = params.ignoredRules ? params.ignoredRules : ''
|
||||||
|
|
||||||
def pa11yImage = buildDockerImage()
|
def pa11yImage = buildDockerImage()
|
||||||
|
|
||||||
|
@ -16,6 +18,8 @@ def audit(String url, Map params = [:]) {
|
||||||
-e PA11Y_STANDARD='${standard}'
|
-e PA11Y_STANDARD='${standard}'
|
||||||
-e PA11Y_INCLUDE_WARNINGS='${includeWarnings}'
|
-e PA11Y_INCLUDE_WARNINGS='${includeWarnings}'
|
||||||
-e PA11Y_INCLUDE_NOTICES='${includeNotices}'
|
-e PA11Y_INCLUDE_NOTICES='${includeNotices}'
|
||||||
|
-e PA11Y_COOKIE='${cookie}'
|
||||||
|
-e PA11Y_IGNORE='${ignoredRules}'
|
||||||
"""
|
"""
|
||||||
|
|
||||||
pa11yImage.inside(dockerArgs) {
|
pa11yImage.inside(dockerArgs) {
|
||||||
|
@ -29,24 +33,22 @@ def audit(String url, Map params = [:]) {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def buildDockerImage() {
|
def buildDockerImage() {
|
||||||
dir ('.pa11y') {
|
dir('.pa11y') {
|
||||||
def resourceFiles = [
|
def resourceFiles = [
|
||||||
'com/cadoles/pa11y/Dockerfile',
|
'com/cadoles/pa11y/Dockerfile',
|
||||||
'com/cadoles/pa11y/patty.json.tmpl',
|
'com/cadoles/pa11y/patty.json.tmpl',
|
||||||
'com/cadoles/pa11y/run-audit.sh'
|
'com/cadoles/pa11y/run-audit.sh'
|
||||||
];
|
]
|
||||||
|
|
||||||
for (res in resourceFiles) {
|
for (res in resourceFiles) {
|
||||||
def fileContent = libraryResource res
|
def fileContent = libraryResource res
|
||||||
def fileName = res.substring(res.lastIndexOf("/")+1)
|
def fileName = res.substring(res.lastIndexOf('/') + 1)
|
||||||
writeFile file:fileName, text:fileContent
|
writeFile file:fileName, text:fileContent
|
||||||
}
|
}
|
||||||
|
|
||||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||||
return docker.build("pa11y:${imageTag}", ".")
|
return docker.build("pa11y:${imageTag}", '.')
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -0,0 +1,40 @@
|
||||||
|
String buildCadolesPodPackage(String imageName, String imageTag, Map options = [:]) {
|
||||||
|
String destDir = options.get('destDir', env.WORKSPACE + '/dist')
|
||||||
|
Map nfpmOptions = options.get('nfpmOptions', [:])
|
||||||
|
|
||||||
|
nfpmOptions['target'] = destDir
|
||||||
|
|
||||||
|
Map env = options.get('env', [:])
|
||||||
|
env['IMAGE_NAME'] = imageName
|
||||||
|
env['IMAGE_TAG'] = imageTag
|
||||||
|
|
||||||
|
return withPodmanPackagingTempDir {
|
||||||
|
gomplate('post-install.sh.gotmpl', 'post-install.sh', env)
|
||||||
|
gomplate('pod.service.gotmpl', 'pod.service', env)
|
||||||
|
gomplate('pod.conf.gotmpl', 'pod.conf', env)
|
||||||
|
gomplate('nfpm.yaml.gotmpl', 'nfpm.yaml', env)
|
||||||
|
nfpm(nfpmOptions)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void withPodmanPackagingTempDir(Closure fn) {
|
||||||
|
File tempDir = File.createTempDir()
|
||||||
|
|
||||||
|
tempDir.deleteOnExit()
|
||||||
|
tempDir.mkdirs()
|
||||||
|
|
||||||
|
dir(tempDir.getAbsolutePath()) {
|
||||||
|
List<String> resources = [
|
||||||
|
'com/cadoles/podman/nfpm.yaml.gotmpl',
|
||||||
|
'com/cadoles/podman/pod.conf.gotmpl',
|
||||||
|
'com/cadoles/podman/pod.service.gotmpl',
|
||||||
|
'com/cadoles/podman/post-install.sh.gotmpl',
|
||||||
|
]
|
||||||
|
for (res in resources) {
|
||||||
|
String fileContent = libraryResource res
|
||||||
|
String fileName = res.substring(res.lastIndexOf('/') + 1)
|
||||||
|
writeFile file:fileName, text:fileContent
|
||||||
|
}
|
||||||
|
fn()
|
||||||
|
}
|
||||||
|
}
|
|
@ -22,7 +22,7 @@ def call() {
|
||||||
checkout scm:
|
checkout scm:
|
||||||
[
|
[
|
||||||
$class: 'GitSCM',
|
$class: 'GitSCM',
|
||||||
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-ssh-mse']],
|
||||||
branches: [[name: env.ref]],
|
branches: [[name: env.ref]],
|
||||||
extensions: [
|
extensions: [
|
||||||
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||||
|
|
|
@ -0,0 +1,258 @@
|
||||||
|
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
|
||||||
|
|
||||||
|
void call(Map options = [:]) {
|
||||||
|
Map hooks = options.get('hooks', [
|
||||||
|
'pre': null,
|
||||||
|
|
||||||
|
'pre-test': null,
|
||||||
|
'post-test': null,
|
||||||
|
|
||||||
|
'pre-build': null,
|
||||||
|
'post-build': null,
|
||||||
|
|
||||||
|
'pre-release': null,
|
||||||
|
'post-release': null,
|
||||||
|
|
||||||
|
'post-success': null,
|
||||||
|
'post-always': null,
|
||||||
|
'post-failure': null,
|
||||||
|
])
|
||||||
|
String testTask = options.get('testTask', 'test')
|
||||||
|
String buildTask = options.get('buildTask', 'build')
|
||||||
|
String releaseTask = options.get('releaseTask', 'release')
|
||||||
|
String jobHistory = options.get('jobHistory', '5')
|
||||||
|
|
||||||
|
String baseDockerfile = options.get('baseDockerfile', '')
|
||||||
|
String baseImage = options.get('baseImage', 'reg.cadoles.com/proxy_cache/library/ubuntu:22.04')
|
||||||
|
String dockerfileExtension = options.get('dockerfileExtension', '')
|
||||||
|
List credentials = options.get('credentials', [])
|
||||||
|
|
||||||
|
List<String> releaseBranches = options.get('releaseBranches', ['develop', 'testing', 'stable', 'staging', 'master'])
|
||||||
|
|
||||||
|
node {
|
||||||
|
properties([
|
||||||
|
buildDiscarder(logRotator(daysToKeepStr: jobHistory, numToKeepStr: jobHistory)),
|
||||||
|
])
|
||||||
|
|
||||||
|
environment {
|
||||||
|
// Set MKT_PROJECT_VERSION_BRANCH_NAME to Jenkins current branch name by default
|
||||||
|
// See https://forge.cadoles.com/Cadoles/mktools project
|
||||||
|
MKT_PROJECT_VERSION_BRANCH_NAME = env.BRANCH_NAME
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Cancel older jobs') {
|
||||||
|
int buildNumber = env.BUILD_NUMBER as int
|
||||||
|
if (buildNumber > 1) {
|
||||||
|
milestone(buildNumber - 1)
|
||||||
|
}
|
||||||
|
|
||||||
|
milestone(buildNumber)
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Checkout project') {
|
||||||
|
checkout(scm)
|
||||||
|
}
|
||||||
|
|
||||||
|
try {
|
||||||
|
def containerImage = buildContainerImage(baseImage, baseDockerfile, dockerfileExtension)
|
||||||
|
containerImage.inside('-v /var/run/docker.sock:/var/run/docker.sock --network host') {
|
||||||
|
String repo = env.JOB_NAME
|
||||||
|
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
|
||||||
|
repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
|
||||||
|
}
|
||||||
|
|
||||||
|
List<String> environment = prepareEnvironment()
|
||||||
|
|
||||||
|
withEnv(environment) {
|
||||||
|
withCredentials(credentials) {
|
||||||
|
runHook(hooks, 'pre')
|
||||||
|
|
||||||
|
stage('Build project') {
|
||||||
|
runHook(hooks, 'pre-build')
|
||||||
|
runTask('buildTask', buildTask)
|
||||||
|
runHook(hooks, 'post-build')
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Run tests') {
|
||||||
|
runHook(hooks, 'pre-test')
|
||||||
|
|
||||||
|
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
||||||
|
def ( status, output ) = runAndCaptureTask('testTask', testTask)
|
||||||
|
|
||||||
|
if (!!output.trim() && env.CHANGE_ID) {
|
||||||
|
String gitCommit = sh(script: 'git rev-parse --short HEAD', returnStdout: true)
|
||||||
|
String report = """
|
||||||
|
|# Test report for ${gitCommit}
|
||||||
|
|
|
||||||
|
|<details ${output.count('\n') <= 10 ? 'open' : ''}>
|
||||||
|
|
|
||||||
|
|<summary>Output</summary>
|
||||||
|
|
|
||||||
|
|```
|
||||||
|
|${output}
|
||||||
|
|```
|
||||||
|
|
|
||||||
|
|</details>
|
||||||
|
|""".trim().stripMargin()
|
||||||
|
|
||||||
|
gitea.commentPullRequest(repo, env.CHANGE_ID, report)
|
||||||
|
}
|
||||||
|
|
||||||
|
if (status != 0) {
|
||||||
|
throw new Exception("Task `${testTask}` failed !")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
runHook(hooks, 'post-test')
|
||||||
|
}
|
||||||
|
|
||||||
|
stage('Release project') {
|
||||||
|
if (releaseBranches.contains(env.BRANCH_NAME)) {
|
||||||
|
try {
|
||||||
|
runHook(hooks, 'pre-release')
|
||||||
|
runTask('releaseTask', releaseTask)
|
||||||
|
runHook(hooks, 'post-release')
|
||||||
|
} catch (Exception ex) {
|
||||||
|
rocketSend(
|
||||||
|
message: """
|
||||||
|
|:warning: Une erreur est survenue lors de la publication de [${repo}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}):
|
||||||
|
|
|
||||||
|
| - **Commit:** [${env.GIT_COMMIT}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}/commit/${env.GIT_COMMIT})
|
||||||
|
| - **Tags:** `${env.PROJECT_VERSION_TAG}` / `${env.PROJECT_VERSION_SHORT_TAG}`
|
||||||
|
|
|
||||||
|
| **Erreur**
|
||||||
|
|```
|
||||||
|
|${ex}
|
||||||
|
|```
|
||||||
|
|
|
||||||
|
|[Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||||
|
|
|
||||||
|
|@${utils.getBuildUser()}
|
||||||
|
""".stripMargin(),
|
||||||
|
rawMessage: true
|
||||||
|
)
|
||||||
|
|
||||||
|
throw ex
|
||||||
|
}
|
||||||
|
|
||||||
|
rocketSend(
|
||||||
|
message: """
|
||||||
|
|:white_check_mark: Nouvelle publication terminée pour [${repo}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}):
|
||||||
|
|
|
||||||
|
| - **Commit:** [${env.GIT_COMMIT}](https://forge.cadoles.com/${repo - env.JOB_BASE_NAME}/commit/${env.GIT_COMMIT})
|
||||||
|
| - **Tags:** `${env.PROJECT_VERSION_TAG}` / `${env.PROJECT_VERSION_SHORT_TAG}`
|
||||||
|
|
|
||||||
|
|[Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||||
|
|
|
||||||
|
|@${utils.getBuildUser()}
|
||||||
|
""".stripMargin(),
|
||||||
|
rawMessage: true
|
||||||
|
)
|
||||||
|
} else {
|
||||||
|
println("Current branch '${env.BRANCH_NAME}' not in releases branches (${releaseBranches}). Skipping.")
|
||||||
|
Utils.markStageSkippedForConditional('Release project')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
} catch (Exception ex) {
|
||||||
|
runHook(hooks, 'post-failure', [ex])
|
||||||
|
throw ex
|
||||||
|
} finally {
|
||||||
|
runHook(hooks, 'post-always')
|
||||||
|
cleanWs()
|
||||||
|
}
|
||||||
|
|
||||||
|
runHook(hooks, 'post-success')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void buildContainerImage(String baseImage, String baseDockerfile, String dockerfileExtension) {
|
||||||
|
String imageName = 'cadoles-standard-make-ci'
|
||||||
|
dir(".${imageName}") {
|
||||||
|
String dockerfile = ''
|
||||||
|
|
||||||
|
if (baseDockerfile) {
|
||||||
|
dockerfile = baseDockerfile
|
||||||
|
} else {
|
||||||
|
dockerfile = libraryResource 'com/cadoles/standard-make/Dockerfile'
|
||||||
|
dockerfile = "FROM ${baseImage}\n" + dockerfile
|
||||||
|
}
|
||||||
|
|
||||||
|
dockerfile = """
|
||||||
|
${dockerfile}
|
||||||
|
${dockerfileExtension}
|
||||||
|
"""
|
||||||
|
|
||||||
|
writeFile file:'Dockerfile', text: dockerfile
|
||||||
|
|
||||||
|
String addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||||
|
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||||
|
|
||||||
|
String safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||||
|
String imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||||
|
|
||||||
|
return docker.build("${imageName}:${imageTag}", '.')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void runHook(Map hooks, String name, List args = []) {
|
||||||
|
if (!hooks[name]) {
|
||||||
|
println("No hook '${name}' defined. Skipping.")
|
||||||
|
return
|
||||||
|
}
|
||||||
|
|
||||||
|
if (hooks[name] instanceof Closure) {
|
||||||
|
hooks[name](*args)
|
||||||
|
} else {
|
||||||
|
error("Hook '${name}' seems to be defined but is not a closure !")
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
void runTask(String name, task) {
|
||||||
|
if (!task) {
|
||||||
|
println("No task '${name}' defined. Skipping.")
|
||||||
|
return [ -1, '' ]
|
||||||
|
}
|
||||||
|
|
||||||
|
sh(script: """#!/bin/bash
|
||||||
|
make ${task}
|
||||||
|
""")
|
||||||
|
}
|
||||||
|
|
||||||
|
List runAndCaptureTask(String name, task) {
|
||||||
|
if (!task) {
|
||||||
|
println("No task '${name}' defined. Skipping.")
|
||||||
|
return [ -1, '' ]
|
||||||
|
}
|
||||||
|
|
||||||
|
String outputFile = ".${name}-output"
|
||||||
|
int status = sh(script: """#!/bin/bash
|
||||||
|
set -eo pipefail
|
||||||
|
make ${task} 2>&1 | tee '${outputFile}'
|
||||||
|
""", returnStatus: true)
|
||||||
|
|
||||||
|
String output = readFile(outputFile)
|
||||||
|
|
||||||
|
sh(script: "rm -f '${outputFile}'")
|
||||||
|
|
||||||
|
return [status, output]
|
||||||
|
}
|
||||||
|
|
||||||
|
List<String> prepareEnvironment() {
|
||||||
|
List<String> env = []
|
||||||
|
|
||||||
|
def ( longTag, shortTag ) = utils.getProjectVersionTags()
|
||||||
|
|
||||||
|
env += ["PROJECT_VERSION_TAG=${longTag}"]
|
||||||
|
env += ["PROJECT_VERSION_SHORT_TAG=${shortTag}"]
|
||||||
|
|
||||||
|
String gitCommit = sh(script:'git rev-parse --short HEAD', returnStdout: true).trim()
|
||||||
|
env += ["GIT_COMMIT=${gitCommit}"]
|
||||||
|
|
||||||
|
Boolean isPR = utils.isPR()
|
||||||
|
env += ["IS_PR=${isPR ? 'true' : 'false'}"]
|
||||||
|
|
||||||
|
return env
|
||||||
|
}
|
|
@ -1,45 +1,58 @@
|
||||||
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
|
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
|
||||||
|
|
||||||
def call(String baseImage = "ubuntu:22.04") {
|
def call(String baseImage = 'ubuntu:22.04', Map options = [:]) {
|
||||||
|
Map hooks = options.get('hooks', [:])
|
||||||
|
String jobHistory = options.get('jobHistory', '10')
|
||||||
|
|
||||||
node {
|
node {
|
||||||
stage("Checkout project") {
|
properties([
|
||||||
|
buildDiscarder(logRotator(daysToKeepStr: jobHistory, numToKeepStr: jobHistory)),
|
||||||
|
])
|
||||||
|
stage('Cancel older jobs') {
|
||||||
|
def buildNumber = env.BUILD_NUMBER as int
|
||||||
|
if (buildNumber > 1) milestone(buildNumber - 1)
|
||||||
|
milestone(buildNumber)
|
||||||
|
}
|
||||||
|
stage('Checkout project') {
|
||||||
checkout(scm)
|
checkout(scm)
|
||||||
}
|
}
|
||||||
|
stage('Run pre hooks') {
|
||||||
|
runHook(hooks, 'preSymfonyAppPipeline')
|
||||||
|
}
|
||||||
stage('Run in Symfony image') {
|
stage('Run in Symfony image') {
|
||||||
def symfonyImage = buildDockerImage(baseImage)
|
def symfonyImage = buildDockerImage(baseImage, hooks)
|
||||||
symfonyImage.inside() {
|
symfonyImage.inside() {
|
||||||
def repo = env.JOB_NAME
|
def repo = env.JOB_NAME
|
||||||
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
|
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
|
||||||
repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
|
repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
|
||||||
}
|
}
|
||||||
|
|
||||||
stage("Install composer dependencies") {
|
stage('Install composer dependencies') {
|
||||||
sh '''
|
sh '''
|
||||||
composer install
|
symfony composer install
|
||||||
'''
|
'''
|
||||||
}
|
}
|
||||||
|
|
||||||
parallel([
|
parallel([
|
||||||
'php-security-check': {
|
'php-security-check': {
|
||||||
stage("Check PHP security issues") {
|
stage('Check PHP security issues') {
|
||||||
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
||||||
def auditReport = sh(script: "local-php-security-checker --format=markdown || true", returnStdout: true)
|
def auditReport = sh(script: 'local-php-security-checker --format=markdown || true', returnStdout: true)
|
||||||
if (auditReport.trim() != "") {
|
if (auditReport.trim() != '') {
|
||||||
if (env.CHANGE_ID) {
|
if (env.CHANGE_ID) {
|
||||||
gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport, 0)
|
gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport)
|
||||||
} else {
|
} else {
|
||||||
print auditReport
|
print auditReport
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (!auditReport.contains("No packages have known vulnerabilities.")) {
|
if (!auditReport.contains('No packages have known vulnerabilities.')) {
|
||||||
throw new Exception("Dependencies check failed !")
|
throw new Exception('Dependencies check failed !')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
'php-cs-fixer': {
|
'php-cs-fixer': {
|
||||||
stage("Run PHP-CS-Fixer on modified code") {
|
stage('Run PHP-CS-Fixer on modified code') {
|
||||||
catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
|
catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
|
||||||
if ( !fileExists('.php-cs-fixer.dist.php') ) {
|
if ( !fileExists('.php-cs-fixer.dist.php') ) {
|
||||||
def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php'
|
def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php'
|
||||||
|
@ -49,11 +62,11 @@ def call(String baseImage = "ubuntu:22.04") {
|
||||||
sh '''
|
sh '''
|
||||||
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
|
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
|
||||||
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
|
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
|
||||||
php-cs-fixer fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit ${EXTRA_ARGS} > php-cs-fixer.xml || true
|
symfony php $(which php-cs-fixer) fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit ${EXTRA_ARGS} > php-cs-fixer.xml || true
|
||||||
'''
|
'''
|
||||||
def report = sh(script: "junit2md php-cs-fixer.xml", returnStdout: true)
|
def report = sh(script: 'junit2md php-cs-fixer.xml', returnStdout: true)
|
||||||
if (env.CHANGE_ID) {
|
if (env.CHANGE_ID) {
|
||||||
gitea.commentPullRequest(repo, env.CHANGE_ID, report, 1)
|
gitea.commentPullRequest(repo, env.CHANGE_ID, report)
|
||||||
} else {
|
} else {
|
||||||
print report
|
print report
|
||||||
}
|
}
|
||||||
|
@ -61,20 +74,20 @@ def call(String baseImage = "ubuntu:22.04") {
|
||||||
}
|
}
|
||||||
},
|
},
|
||||||
'phpstan': {
|
'phpstan': {
|
||||||
stage("Run phpstan") {
|
stage('Run phpstan') {
|
||||||
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
|
||||||
if ( !fileExists('phpstan.neon') ) {
|
if ( !fileExists('phpstan.neon') ) {
|
||||||
def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon'
|
def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon'
|
||||||
writeFile file:'phpstan.neon', text:phpStanConfig
|
writeFile file:'phpstan.neon', text:phpStanConfig
|
||||||
}
|
}
|
||||||
sh '''
|
sh '''
|
||||||
phpstan analyze -l 1 --error-format=table src > phpstan.txt || true
|
symfony php $(which phpstan) analyze -l 1 --error-format=table src > phpstan.txt || true
|
||||||
'''
|
'''
|
||||||
def report = sh(script: "cat phpstan.txt", returnStdout: true)
|
def report = sh(script: 'cat phpstan.txt', returnStdout: true)
|
||||||
report = "## Rapport PHPStan\n\n```\n" + report
|
report = '## Rapport PHPStan\n\n```\n' + report
|
||||||
report = report + "\n```\n"
|
report = report + '\n```\n'
|
||||||
if (env.CHANGE_ID) {
|
if (env.CHANGE_ID) {
|
||||||
gitea.commentPullRequest(repo, env.CHANGE_ID, report, 2)
|
gitea.commentPullRequest(repo, env.CHANGE_ID, report)
|
||||||
} else {
|
} else {
|
||||||
print report
|
print report
|
||||||
}
|
}
|
||||||
|
@ -84,32 +97,38 @@ def call(String baseImage = "ubuntu:22.04") {
|
||||||
])
|
])
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
stage('Run post hooks') {
|
||||||
|
runHook(hooks, 'postSymfonyAppPipeline')
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def buildDockerImage(String baseImage) {
|
void buildDockerImage(String baseImage, Map hooks) {
|
||||||
def imageName = "cadoles-symfony-ci"
|
def imageName = 'cadoles-symfony-ci'
|
||||||
dir (".${imageName}") {
|
dir(".${imageName}") {
|
||||||
def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile'
|
def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile'
|
||||||
writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile
|
writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile
|
||||||
|
|
||||||
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||||
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||||
|
|
||||||
|
runHook(hooks, 'buildSymfonyImage')
|
||||||
|
|
||||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||||
return docker.build("${imageName}:${imageTag}", ".")
|
return docker.build("${imageName}:${imageTag}", '.')
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
def when(boolean condition, body) {
|
void runHook(Map hooks, String name) {
|
||||||
def config = [:]
|
if (!hooks[name]) {
|
||||||
body.resolveStrategy = Closure.OWNER_FIRST
|
println("No hook '${name}' defined. Skipping.")
|
||||||
body.delegate = config
|
return
|
||||||
|
}
|
||||||
|
|
||||||
if (condition) {
|
if (hooks[name] instanceof Closure) {
|
||||||
body()
|
hooks[name]()
|
||||||
} else {
|
} else {
|
||||||
Utils.markStageSkippedForConditional(STAGE_NAME)
|
error("Hook '${name}' seems to be defined but is not a closure !")
|
||||||
}
|
}
|
||||||
}
|
}
|
|
@ -0,0 +1,117 @@
|
||||||
|
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
|
||||||
|
import org.jenkinsci.plugins.pipeline.modeldefinition.when.impl.ChangeSetConditional
|
||||||
|
|
||||||
|
void when(Boolean condition, body) {
|
||||||
|
Map config = [:]
|
||||||
|
body.resolveStrategy = Closure.OWNER_FIRST
|
||||||
|
body.delegate = config
|
||||||
|
|
||||||
|
if (condition) {
|
||||||
|
body()
|
||||||
|
} else {
|
||||||
|
Utils.markStageSkippedForConditional(STAGE_NAME)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
@NonCPS
|
||||||
|
String getBuildUser() {
|
||||||
|
def build = currentBuild.rawBuild
|
||||||
|
String buildUser = ''
|
||||||
|
|
||||||
|
// On essaie de récupérer l'utilisateur à l'origine de l'exécution du job
|
||||||
|
try {
|
||||||
|
def cause = build.getCause(hudson.model.Cause.UserIdCause.class)
|
||||||
|
buildUser = cause.getUserName()
|
||||||
|
} catch (Exception ex) {
|
||||||
|
// On ignore l'erreur
|
||||||
|
}
|
||||||
|
|
||||||
|
if (buildUser == '') {
|
||||||
|
// Si on a pas réussi à retrouver l'utilisateur, on récupère celui du commit courant
|
||||||
|
try {
|
||||||
|
def committerUsername = sh(script: 'git --no-pager show -s --format=\'%ae\' | cut -d\'@\' -f1', returnStdout: true).trim()
|
||||||
|
buildUser = committerUsername
|
||||||
|
} catch (Exception ex) {
|
||||||
|
// On ignore l'erreur
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if (buildUser == '') {
|
||||||
|
// Par défaut, on considère que jenkins est à l'origine du job
|
||||||
|
buildUser = 'jenkins'
|
||||||
|
}
|
||||||
|
|
||||||
|
return buildUser
|
||||||
|
}
|
||||||
|
|
||||||
|
String getProjectVersionDefaultChannel() {
|
||||||
|
switch (env.BRANCH_NAME) {
|
||||||
|
case 'develop':
|
||||||
|
return 'develop'
|
||||||
|
|
||||||
|
case 'testing':
|
||||||
|
case 'staging':
|
||||||
|
return 'testing'
|
||||||
|
|
||||||
|
case 'stable':
|
||||||
|
case 'master':
|
||||||
|
return 'stable'
|
||||||
|
|
||||||
|
default:
|
||||||
|
return env.BRANCH_NAME.toLowerCase().replaceAll('(_|-| )+', '')
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
String getProjectVersionShortChannel(String channel) {
|
||||||
|
switch (channel) {
|
||||||
|
case 'develop':
|
||||||
|
return 'dev'
|
||||||
|
|
||||||
|
case 'testing':
|
||||||
|
case 'staging':
|
||||||
|
return 'tst'
|
||||||
|
|
||||||
|
case 'stable':
|
||||||
|
case 'master':
|
||||||
|
return 'stb'
|
||||||
|
|
||||||
|
default:
|
||||||
|
return channel.toLowerCase().replaceAll('(a|e|i|o|u|y_|-| )+', '').take(3)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
List<String> getProjectVersionTags(String overrideChannel = '') {
|
||||||
|
String channel = overrideChannel ? overrideChannel : getProjectVersionDefaultChannel()
|
||||||
|
String shortChannel = getProjectVersionShortChannel(channel)
|
||||||
|
|
||||||
|
String currrentCommitDate = sh(script: 'git show -s --format=%ct', returnStdout: true).trim()
|
||||||
|
String dateVersion = sh(script: "TZ=Europe/Paris date -d '@${currrentCommitDate}' +%Y.%-m.%-d", returnStdout: true).trim()
|
||||||
|
String timestamp = sh(script: "TZ=Europe/Paris date -d '@${currrentCommitDate}' +%-H%M", returnStdout: true).trim()
|
||||||
|
String shortCommit = sh(script: 'git rev-parse --short HEAD', returnStdout: true).trim()
|
||||||
|
|
||||||
|
String longTag = "${dateVersion}-${channel}.${timestamp}.${shortCommit}"
|
||||||
|
String shortTag = "${dateVersion}-${shortChannel}.${timestamp}"
|
||||||
|
|
||||||
|
return [ longTag, shortTag ]
|
||||||
|
}
|
||||||
|
|
||||||
|
Boolean isPR() {
|
||||||
|
return env.BRANCH_NAME ==~ /^PR-.*$/
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
def hasChanges(String pattern) {
|
||||||
|
def changeLogSets = currentBuild.changeSets
|
||||||
|
def conditional = new ChangeSetConditional(pattern)
|
||||||
|
|
||||||
|
for (set in changeLogSets) {
|
||||||
|
def entries = set.items
|
||||||
|
for (entry in entries) {
|
||||||
|
if (conditional.changeSetMatches(entry, pattern, true)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
return false;
|
||||||
|
}
|
Loading…
Reference in New Issue