Compare commits
2 Commits
pipeline/e
...
build_pipe
| Author | SHA1 | Date | |
|---|---|---|---|
| b458d075fe | |||
| fba9a12cb4 |
230
Jenkinsfile
vendored
230
Jenkinsfile
vendored
@ -1,230 +0,0 @@
|
||||
@Library("cadoles@pipeline/empaquetage_pulp") _
|
||||
|
||||
pipeline {
|
||||
|
||||
agent {
|
||||
label 'docker'
|
||||
}
|
||||
|
||||
environment {
|
||||
projectDir = "${env.project_name}_${env.BUILD_ID}"
|
||||
}
|
||||
|
||||
triggers {
|
||||
// Execute pipeline every day at 7h30 to prepare docker images
|
||||
cron('30 7 * * 1-5')
|
||||
}
|
||||
|
||||
stages {
|
||||
|
||||
stage("Prepare build environment") {
|
||||
when {
|
||||
anyOf {
|
||||
triggeredBy cause: "UserIdCause", detail: "wpetit"
|
||||
triggeredBy 'TimerTrigger'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
tamarin.prepareEnvironment()
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage("Package project") {
|
||||
when {
|
||||
not {
|
||||
triggeredBy 'TimerTrigger'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
stage("Clone repository") {
|
||||
checkout scm:
|
||||
[
|
||||
$class: 'GitSCM',
|
||||
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
||||
branches: [[name: env.ref]],
|
||||
extensions: [
|
||||
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
|
||||
[$class: 'WipeWorkspace' ]
|
||||
]
|
||||
],
|
||||
changelog: false,
|
||||
poll: false
|
||||
}
|
||||
|
||||
stage("Ensure packaging branch") {
|
||||
dir(env.projectDir) {
|
||||
sh 'git checkout "${packageBranch}"'
|
||||
def commitOrRef = env.commit ? env.commit : env.ref
|
||||
def branchesWithCommitOrRef = sh(script: "git branch --contains '${commitOrRef}'", returnStdout: true).split(' ')
|
||||
if (branchesWithCommitOrRef.findAll{env.packageBranch.contains(it)}.any{true}) {
|
||||
currentBuild.result = 'ABORTED'
|
||||
error("La référence `${env.ref}` ne fait pas partie de la branche `${env.packageBranch}` !")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage("Check [ci skip] in tag message") {
|
||||
dir(env.projectDir) {
|
||||
sh 'git checkout "${packageBranch}"'
|
||||
def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
|
||||
for (tag in commitTags) {
|
||||
tag = tag.trim()
|
||||
def tagMessage = sh(script: "git tag --format='%(subject)' -l '${tag}'", returnStdout: true).trim()
|
||||
println("Tag '${tag}' message is: '${tagMessage}'")
|
||||
if (tagMessage.contains('[ci skip]')) {
|
||||
currentBuild.result = 'ABORTED'
|
||||
error("Le message du tag '${tag}' contient le marqueur '[ci-skip]' !")
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
stage("Checkout ref") {
|
||||
dir(env.projectDir) {
|
||||
sh """
|
||||
git checkout ${env.ref}
|
||||
"""
|
||||
}
|
||||
}
|
||||
|
||||
stage("Build package") {
|
||||
dir(env.projectDir) {
|
||||
// On construit les paquets à partir des informations
|
||||
// de contexte provenant de CPKG et du webhook
|
||||
def result = tamarin.buildPackageWithCPKG(
|
||||
env.packageProfile ? env.packageProfile : "debian",
|
||||
env.packageArch ? env.packageArch : "",
|
||||
env.packageBranch ? env.packageBranch : "",
|
||||
env.baseImage ? env.baseImage : ""
|
||||
)
|
||||
|
||||
// On publie chacun des paquets construits
|
||||
def splittedTag = env.ref.split('/')
|
||||
def repositoryName = "${splittedTag[2]} ${splittedTag[1]}"
|
||||
def distributionName = repositoryName
|
||||
def basePath = repositoryName.replace(' ', '-')
|
||||
def product = splittedTag[2].split('-')[0]
|
||||
def contentGuardMapping = ['mse': 'mse_contentguard']
|
||||
def signingServiceMapping = ['mse': 'sign_deb_release']
|
||||
def credentials = '212d6dc7-f9a2-4d27-94d8-de7fc6cae0a1'
|
||||
def repositoryHREF = pulp.getRepositoryHREF(credentials, repositoryName)
|
||||
def exportTasks = pulp.exportPackages(credentials, result.packages)
|
||||
def pulpPackages = []
|
||||
exportTasks.each {
|
||||
def created_resources = pulp.waitForTaskCompletion(credentials, it)
|
||||
for (created_resource in created_resources) {
|
||||
pulpPackages << created_resource
|
||||
}
|
||||
}
|
||||
pulp.addToRepository(credentials, pulpPackages, repositoryHREF)
|
||||
def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, signingServiceMapping.get(product))
|
||||
def distributionHREF = pulp.distributePublication(credentials, publicationHREF[0], distributionName, basePath, contentGuardMapping.get(product))
|
||||
def distributionURL = pulp.getDistributionURL(credentials, distributionHREF[0])
|
||||
|
||||
// On liste l'ensemble des paquets construits
|
||||
def publishedPackages = result.packages.collect { p ->
|
||||
def file = new File(p)
|
||||
return "- Paquet `${file.getName()}`, Dépôt `${result.env}`, Distribution `${result.distrib}`, URL `${distributionURL}`"
|
||||
}
|
||||
|
||||
// On notifie le canal Rocket.Chat de la publication des paquets
|
||||
rocketSend (
|
||||
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||
message: """
|
||||
Les paquets suivants ont été publiés pour le projet ${env.project_name}:
|
||||
|
||||
${publishedPackages.join('\n')}
|
||||
|
||||
[Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||
|
||||
@${env.sender_login}
|
||||
""".stripIndent(),
|
||||
rawMessage: true,
|
||||
attachments: lolops.getRandomDeliveryAttachment()
|
||||
)
|
||||
|
||||
if (env.testPackageInstall != 'yes') {
|
||||
println "Test d'intallation des paquets désactivé."
|
||||
return
|
||||
}
|
||||
|
||||
// On essaye de trouver un template de VM compatible
|
||||
// avec la distribution cible de la construction
|
||||
def vmTemplate = findMatchingVMTemplate(result.distrib)
|
||||
if (vmTemplate == null) {
|
||||
println "Aucun template de VM n'a été trouvé correspondant à la distribution `${result.distrib}`."
|
||||
return
|
||||
}
|
||||
|
||||
// Pour chaque paquets construits...
|
||||
result.packages.each { p ->
|
||||
def packageFullName = new File(p).getName()
|
||||
def packageRepository = result.distrib.split('-')[1] + '-' + result.env
|
||||
def packageNameParts = packageFullName.split('_')
|
||||
def packageName = packageNameParts[0]
|
||||
def packageVersion = packageNameParts[1]
|
||||
|
||||
stage("Test package '${packageName}' installation") {
|
||||
build job: 'Test de paquet Debian', wait: false, parameters: [
|
||||
[$class: 'StringParameterValue', name: 'packageName', value: packageName],
|
||||
[$class: 'StringParameterValue', name: 'packageVersion', value: packageVersion],
|
||||
[$class: 'StringParameterValue', name: 'packageRepository', value: packageRepository],
|
||||
[$class: 'StringParameterValue', name: 'vmTemplate', value: vmTemplate]
|
||||
]
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
always {
|
||||
sh "rm -rf '${env.projectDir}'"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
// Cette fonction fait un simple "mapping"
|
||||
// entre les distributions cibles des paquets et
|
||||
// les templates de VM disponibles sur l'OpenNebula
|
||||
def findMatchingVMTemplate(String distrib) {
|
||||
def vmTemplatesMap = [
|
||||
'eole-2.7.0': 'eolebase-2.7.0-cadoles',
|
||||
'eole-2.6.2': 'eolebase-2.6.2-cadoles'
|
||||
]
|
||||
return vmTemplatesMap.get(distrib, null)
|
||||
}
|
||||
|
||||
def waitForPackages(String tagRef, buildResults) {
|
||||
def packageVersion = tagRef.split('/')[3];
|
||||
def packageDistrib = env.packageBranch.split('/')[2];
|
||||
|
||||
buildResults.each { r ->
|
||||
def distrib = "${packageDistrib}-${r.env}"
|
||||
|
||||
r.packages.each { p ->
|
||||
def file = new File(p)
|
||||
def fileNameParts = file.getName().take(file.getName().lastIndexOf('.')).split('_')
|
||||
def packageName = fileNameParts[0]
|
||||
def packageArch = fileNameParts[2]
|
||||
|
||||
debian.waitForRepoPackage(packageName, [
|
||||
baseURL: 'https://vulcain.cadoles.com',
|
||||
distrib: distrib,
|
||||
component: 'main',
|
||||
type: 'binary',
|
||||
arch: packageArch,
|
||||
expectedVersion: packageVersion
|
||||
])
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,76 +0,0 @@
|
||||
pipeline {
|
||||
agent {
|
||||
docker {
|
||||
image "getsentry/sentry-cli"
|
||||
args "--entrypoint="
|
||||
}
|
||||
}
|
||||
|
||||
environment {
|
||||
projectDir = "${env.project_name}_${env.BUILD_ID}"
|
||||
}
|
||||
|
||||
stages {
|
||||
|
||||
stage("Clone repository") {
|
||||
steps {
|
||||
checkout scm:
|
||||
[
|
||||
$class: 'GitSCM',
|
||||
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
||||
branches: [[name: env.ref]],
|
||||
extensions: [
|
||||
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
|
||||
[$class: 'WipeWorkspace' ]
|
||||
]
|
||||
],
|
||||
changelog: false,
|
||||
poll: false
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
stage('Create sentry release') {
|
||||
steps {
|
||||
dir(env.projectDir) {
|
||||
withCredentials([
|
||||
string(credentialsId: 'sentry-url', variable: 'SENTRY_URL'),
|
||||
string(credentialsId: 'sentry-release-auth-token', variable: 'SENTRY_AUTH_TOKEN')
|
||||
]) {
|
||||
sh '''
|
||||
SENTRY_CMD="sentry-cli --auth-token \"${SENTRY_AUTH_TOKEN}\" --url \"${SENTRY_URL}\""
|
||||
PROJECT_VERSION=$(sentry-cli releases propose-version)
|
||||
|
||||
$SENTRY_CMD \
|
||||
releases \
|
||||
--org "${sentry_org}" \
|
||||
new \
|
||||
-p "${sentry_project}" ${PROJECT_VERSION}
|
||||
|
||||
(
|
||||
$SENTRY_CMD \
|
||||
releases \
|
||||
--org "${sentry_org}" \
|
||||
set-commits --local \
|
||||
${PROJECT_VERSION} || exit 0
|
||||
)
|
||||
|
||||
$SENTRY_CMD \
|
||||
releases \
|
||||
--org "${sentry_org}" \
|
||||
finalize \
|
||||
${PROJECT_VERSION}
|
||||
'''
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
post {
|
||||
always {
|
||||
cleanWs()
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -1,26 +0,0 @@
|
||||
#!/bin/sh
|
||||
|
||||
set -eo pipefail
|
||||
|
||||
DESTDIR=/usr/local/share/ca-certificates
|
||||
UPDATE_CERTS_CMD=update-ca-certificates
|
||||
CERTS="$(cat <<EOF
|
||||
https://letsencrypt.org/certs/isrgrootx1.pem
|
||||
https://letsencrypt.org/certs/isrg-root-x2.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-r3.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-e1.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-r4.pem
|
||||
https://letsencrypt.org/certs/lets-encrypt-e2.pem
|
||||
EOF
|
||||
)"
|
||||
|
||||
cd "$DESTDIR"
|
||||
|
||||
for cert in $CERTS; do
|
||||
echo "Downloading '$cert'..."
|
||||
filename=$(basename "$cert")
|
||||
wget --tries=10 --timeout=30 -O "$filename" "$cert"
|
||||
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
|
||||
done
|
||||
|
||||
$UPDATE_CERTS_CMD
|
||||
@ -1,4 +1,4 @@
|
||||
FROM golang:1.15 as envtpl
|
||||
FROM golang:1.13 as envtpl
|
||||
|
||||
ARG HTTP_PROXY=
|
||||
ARG HTTPS_PROXY=
|
||||
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
|
||||
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
|
||||
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
|
||||
|
||||
FROM alpine:3.13
|
||||
FROM alpine:3.10
|
||||
|
||||
ARG HTTP_PROXY=
|
||||
ARG HTTPS_PROXY=
|
||||
|
||||
@ -10,9 +10,10 @@ rm -f reports/*
|
||||
cd reports
|
||||
|
||||
lighthouse \
|
||||
"$LIGHTHOUSE_URL" \
|
||||
--no-enable-error-reporting \
|
||||
--chrome-flags="--headless --disable-dev-shm-usage --no-sandbox --disable-gpu" \
|
||||
--config=../config.js \
|
||||
--output json --output html \
|
||||
--output-path=lighthouse
|
||||
--output-path=lighthouse \
|
||||
-- \
|
||||
"$LIGHTHOUSE_URL"
|
||||
|
||||
@ -1,15 +1,13 @@
|
||||
FROM alpine:3.12
|
||||
FROM alpine:3.8
|
||||
|
||||
ARG HTTP_PROXY=
|
||||
ARG HTTPS_PROXY=
|
||||
ARG http_proxy=
|
||||
ARG https_proxy=
|
||||
|
||||
ARG TAMARIN_VERSION=develop
|
||||
ARG TAMARIN_VERSION=253c774
|
||||
|
||||
RUN apk add --no-cache git docker python3 bash openssl curl
|
||||
|
||||
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
|
||||
RUN apk add --no-cache git docker python3 bash
|
||||
|
||||
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
|
||||
&& cd /tamarin\
|
||||
|
||||
@ -37,10 +37,55 @@ RUN apk --no-cache add \
|
||||
python-dev \
|
||||
sqlite-dev \
|
||||
yaml-dev \
|
||||
sudo \
|
||||
nodejs \
|
||||
npm
|
||||
|
||||
RUN pip install --upgrade pip \
|
||||
&& pip install \
|
||||
pyClamd==0.4.0 \
|
||||
GitPython==2.1.3 \
|
||||
chardet==3.0.4 \
|
||||
futures==3.2.0 \
|
||||
pyOpenSSL==18.0.0 \
|
||||
ndg-httpsclient==0.4.0 \
|
||||
pyasn1==0.4.2 \
|
||||
scapy==2.4.0 \
|
||||
msgpack==0.5.6 \
|
||||
Jinja2==2.10 \
|
||||
vulndb==0.1.1 \
|
||||
psutil==5.4.8 \
|
||||
ds-store==1.1.2 \
|
||||
pebble==4.3.8 \
|
||||
acora==2.1 \
|
||||
diff-match-patch==20121119 \
|
||||
lz4==1.1.0 \
|
||||
vulners==1.3.0 \
|
||||
ipaddresses==0.0.2 \
|
||||
PyGithub==1.21.0 \
|
||||
pybloomfiltermmap==0.3.14 \
|
||||
phply==0.9.1 nltk==3.0.1 \
|
||||
tblib==0.2.0 \
|
||||
pdfminer==20140328 \
|
||||
lxml==3.4.4 \
|
||||
guess-language==0.2 \
|
||||
cluster==1.1.1b3 \
|
||||
python-ntlm==1.0.1 \
|
||||
halberd==0.2.4 \
|
||||
darts.util.lru==0.5 \
|
||||
markdown==2.6.1 \
|
||||
termcolor==1.1.0 \
|
||||
mitmproxy==0.13 \
|
||||
ruamel.ordereddict==0.4.8 \
|
||||
Flask==0.10.1 \
|
||||
PyYAML==3.12 \
|
||||
tldextract==1.7.2 \
|
||||
esmre==0.3.1 \
|
||||
bravado-core==5.12.1 \
|
||||
subprocess32==3.5.4 \
|
||||
&& npm install -g retire \
|
||||
&& rm -rf /root/.cache/pip \
|
||||
&& apk del build-base linux-headers
|
||||
|
||||
RUN adduser -D w3af
|
||||
|
||||
RUN git clone --depth=1 \
|
||||
@ -49,9 +94,6 @@ RUN git clone --depth=1 \
|
||||
&& rm -rf /home/w3af/w3af/.git \
|
||||
&& chown -R w3af /home/w3af/w3af
|
||||
|
||||
RUN cd /home/w3af/w3af \
|
||||
&& ( ./w3af_console || . /tmp/w3af_dependency_install.sh )
|
||||
|
||||
COPY run-audit.sh /usr/local/bin/run-audit
|
||||
RUN chmod +x /usr/local/bin/run-audit
|
||||
|
||||
|
||||
@ -8,7 +8,6 @@ def call(Map params = [:]) {
|
||||
def distVersion = params.distVersion ? params.distVersion : '2.7.0'
|
||||
def distBranchName = params.distBranchName ? params.distBranchName : env.GIT_BRANCH
|
||||
def gitCredentials = params.gitCredentials ? params.gitCredentials : null
|
||||
def gitCredentialsType = params.gitCredentialsType ? params.gitCredentialsType : 'http'
|
||||
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
|
||||
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
|
||||
def skipCi = params.containsKey('skipCi') ? params.skipCi : false
|
||||
@ -90,16 +89,8 @@ def call(Map params = [:]) {
|
||||
}
|
||||
|
||||
if (gitCredentials != null) {
|
||||
if (gitCredentialsType == 'http') {
|
||||
git.withHTTPCredentials(gitCredentials) {
|
||||
proc.call()
|
||||
}
|
||||
} else if (gitCredentialsType == 'ssh') {
|
||||
git.withSSHCredentials(gitCredentials) {
|
||||
proc.call()
|
||||
}
|
||||
} else {
|
||||
throw new Exception("Unknown git credentials type '${gitCredentialsType}' ! Expected 'ssh' or 'http' (default).")
|
||||
git.withHTTPCredentials(gitCredentials) {
|
||||
proc.call()
|
||||
}
|
||||
} else {
|
||||
proc.call()
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
def waitForRepoPackage(String packageName, Map params = [:]) {
|
||||
def expectedVersion = params.expectedVersion ? params.expectedVersion : null
|
||||
def delay = params.delay ? params.delay : 30
|
||||
def waitTimeout = params.timeout ? params.timeout : 2400
|
||||
def waitTimeout = params.timeout ? params.timeout : 1200
|
||||
|
||||
def message = "Waiting for package '${packageName}'"
|
||||
if (expectedVersion != null) {
|
||||
|
||||
@ -27,18 +27,4 @@ def withHTTPCredentials(String credentialsId, Closure fn) {
|
||||
sh(script: "rm -f '${tmpAskPassScript}'")
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
def withSSHCredentials(String credentialsId, Closure fn) {
|
||||
def randomUUID = UUID.randomUUID().toString()
|
||||
withCredentials([
|
||||
sshUserPrivateKey(
|
||||
credentialsId: credentialsId,
|
||||
keyFileVariable: 'GIT_SSH_IDENTITY_FILE',
|
||||
)
|
||||
]) {
|
||||
withEnv(['GIT_SSH_VARIANT=ssh', 'GIT_SSH_COMMAND=ssh -i $GIT_SSH_IDENTITY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null']) {
|
||||
fn.call()
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -13,15 +13,6 @@ def getRandomDeliveryAttachment(Integer probability = 25) {
|
||||
'https://media.giphy.com/media/QBRlXHKV5mpbLJ4prc/giphy.gif',
|
||||
'https://media.giphy.com/media/NOsfNQGivMFry/giphy.gif',
|
||||
'https://media.giphy.com/media/M1vu1FJnW6gms/giphy.gif',
|
||||
'https://media.giphy.com/media/555x0gFF89OhVWPkvb/giphy.gif',
|
||||
'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
|
||||
'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
|
||||
'https://media.giphy.com/media/W1fFHj6LvyTgfBNdiz/giphy.gif',
|
||||
'https://media.giphy.com/media/1g2JyW7p6mtZc6bOEY/giphy.gif',
|
||||
'https://media.giphy.com/media/ORiFE3ijpNaIWDoOqP/giphy.gif',
|
||||
'https://media.giphy.com/media/r16Zmuvt1hSTK/giphy.gif',
|
||||
'https://media.giphy.com/media/bF8Tvy2Ta0mqxXgaPV/giphy.gif',
|
||||
'https://media.giphy.com/media/C0XT6BmLC3nGg/giphy.gif'
|
||||
]
|
||||
Random rnd = new Random()
|
||||
if (rnd.nextInt(100) > probability) {
|
||||
|
||||
154
vars/pulp.groovy
154
vars/pulp.groovy
@ -1,154 +0,0 @@
|
||||
import groovy.json.JsonOutput
|
||||
|
||||
def getResourceHREF(
|
||||
String credentials,
|
||||
String resourceEndpoint,
|
||||
String resourceName,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
def resource = jsonResponse.results.find { it -> it.name == resourceName}
|
||||
if (resource) {
|
||||
return resource.pulp_href
|
||||
}
|
||||
return null
|
||||
}
|
||||
|
||||
def waitForTaskCompletion(
|
||||
String credentials,
|
||||
String taskHREF,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def status = ''
|
||||
def created_resources = []
|
||||
while (status != 'completed') {
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
status = jsonResponse.state
|
||||
if (status == 'completed') {
|
||||
return jsonResponse.created_resources
|
||||
} else if (!(status in ['running','waiting'])) {
|
||||
break
|
||||
}
|
||||
sleep(10)
|
||||
}
|
||||
throw new Exception("Task failed:" + jsonResponse.error.description)
|
||||
}
|
||||
|
||||
def exportPackages(
|
||||
String credentials,
|
||||
List packages = [],
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def exportTasks = []
|
||||
packages.each {
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
exportTasks << jsonResponse['task']
|
||||
}
|
||||
return exportTasks
|
||||
}
|
||||
|
||||
def createRepository(
|
||||
String credentials,
|
||||
String name,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def repositoryName = ["name": name]
|
||||
def postBody = JsonOutput.toJson(repositoryName)
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
return jsonResponse.pulp_href
|
||||
|
||||
}
|
||||
def getRepositoryHREF(
|
||||
String credentials,
|
||||
String repository = 'Cadoles4MSE unstable'
|
||||
) {
|
||||
def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
|
||||
if (repositoryHREF) {
|
||||
return repositoryHREF
|
||||
} else {
|
||||
return createRepository(credentials, repository)
|
||||
}
|
||||
}
|
||||
|
||||
def addToRepository(
|
||||
String credentials,
|
||||
List packagesHREF,
|
||||
String repositoryHREF,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
|
||||
def postBody = JsonOutput.toJson(packagesHREFURL)
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||
}
|
||||
|
||||
def publishRepository(
|
||||
String credentials,
|
||||
String repositoryHREF,
|
||||
String signing_service = null,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def postContent = ["repository": repositoryHREF, "simple": true]
|
||||
if (signing_service) {
|
||||
def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
|
||||
if (signingServiceHREF) {
|
||||
postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
|
||||
}
|
||||
}
|
||||
def postBody = JsonOutput.toJson(postContent)
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||
}
|
||||
|
||||
def distributePublication(
|
||||
String credentials,
|
||||
String publicationHREF,
|
||||
String distributionName,
|
||||
String basePath,
|
||||
String contentGuard = null,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def httpMode = ''
|
||||
def url = ''
|
||||
def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
|
||||
if (distributionHREF) {
|
||||
httpMode = 'PUT'
|
||||
url = distributionHREF
|
||||
} else {
|
||||
httpMode = 'POST'
|
||||
url = '/pulp/api/v3/distributions/deb/apt/'
|
||||
}
|
||||
def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
|
||||
if (contentGuard) {
|
||||
def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
|
||||
if (contentGuardHREF) {
|
||||
bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
|
||||
}
|
||||
}
|
||||
def postBody = JsonOutput.toJson(bodyContent)
|
||||
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
|
||||
jsonResponse = readJSON text: response.content
|
||||
if (distributionHREF) {
|
||||
waitForTaskCompletion(credentials, jsonResponse.task)
|
||||
return [url]
|
||||
} else {
|
||||
return waitForTaskCompletion(credentials, jsonResponse.task)
|
||||
}
|
||||
}
|
||||
|
||||
def getDistributionURL(
|
||||
String credentials,
|
||||
String resourceHREF,
|
||||
String pulpHost = '192.168.30.3'
|
||||
) {
|
||||
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
|
||||
def jsonResponse = readJSON text: response.content
|
||||
println(jsonResponse)
|
||||
return jsonResponse.base_url
|
||||
}
|
||||
@ -1,80 +0,0 @@
|
||||
// Pipeline de scan de projet avec SonarQube
|
||||
def call() {
|
||||
pipeline {
|
||||
agent {
|
||||
label 'docker'
|
||||
}
|
||||
|
||||
environment {
|
||||
projectDir = "${env.project_name}_${env.BUILD_ID}"
|
||||
}
|
||||
|
||||
stages {
|
||||
stage("Package project") {
|
||||
when {
|
||||
not {
|
||||
triggeredBy 'TimerTrigger'
|
||||
}
|
||||
}
|
||||
steps {
|
||||
script {
|
||||
stage("Clone repository") {
|
||||
checkout scm:
|
||||
[
|
||||
$class: 'GitSCM',
|
||||
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
|
||||
branches: [[name: env.ref]],
|
||||
extensions: [
|
||||
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
|
||||
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
|
||||
[$class: 'WipeWorkspace' ]
|
||||
]
|
||||
],
|
||||
changelog: false,
|
||||
poll: false
|
||||
}
|
||||
|
||||
stage("Scan project") {
|
||||
dir(env.projectDir) {
|
||||
withCredentials([
|
||||
string(credentialsId: 'SONARQUBE_URL', variable: 'SONARQUBE_URL'),
|
||||
string(credentialsId: 'SONARQUBE_TOKEN', variable: 'SONARQUBE_TOKEN'),
|
||||
]) {
|
||||
sh """
|
||||
docker run \
|
||||
--rm \
|
||||
-e SONAR_HOST_URL="${env.SONARQUBE_URL}" \
|
||||
-e SONAR_LOGIN="${env.SONARQUBE_TOKEN}" \
|
||||
-v "${env.WORKSPACE}/${env.projectDir}/:/usr/src" \
|
||||
sonarsource/sonar-scanner-cli \
|
||||
-Dsonar.projectKey=${env.sonarqubeProjectKey} \
|
||||
-Dsonar.projectVersion=${env.ref}
|
||||
"""
|
||||
}
|
||||
|
||||
// On notifie le canal Rocket.Chat du scan
|
||||
// rocketSend (
|
||||
// avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
|
||||
// message: """
|
||||
// Le projet ${env.project_name} a été scanné par SonarQube.
|
||||
|
||||
// - [Voir les résultats](${env.SONARQUBE_URL}/dashboard?id=${env.sonarqubeProjectKey})
|
||||
// - [Visualiser le job](${env.RUN_DISPLAY_URL})
|
||||
|
||||
// @${env.sender_login}
|
||||
// """.stripIndent(),
|
||||
// rawMessage: true,
|
||||
// )
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
post {
|
||||
always {
|
||||
sh "rm -rf '${env.projectDir}'"
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -7,38 +7,46 @@ def buildPackageWithCPKG(
|
||||
Boolean forceRebuild = false
|
||||
) {
|
||||
|
||||
def result = [:]
|
||||
def builds = []
|
||||
|
||||
// Retrieve commit tags
|
||||
def commitTag = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true)
|
||||
if (commitTag == '') {
|
||||
def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
|
||||
if (commitTags.length == 0) {
|
||||
error 'No build build tags on last commit'
|
||||
}
|
||||
|
||||
// Split tag to retrieve context informations
|
||||
def tagParts = commitTag.split('/')
|
||||
def packageEnv = tagParts[1]
|
||||
def packageDistrib = tagParts[2]
|
||||
def packageVersion = tagParts[3]
|
||||
// For each tags
|
||||
for (tag in commitTags) {
|
||||
|
||||
// Create .tamarinrc file
|
||||
def tamarinrc = """
|
||||
project_version=${packageVersion}
|
||||
no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
|
||||
""".stripIndent()
|
||||
writeFile file: '.tamarinrc', text: tamarinrc
|
||||
// Split tag to retrieve context informations
|
||||
def tagParts = tag.split('/')
|
||||
def packageEnv = tagParts[1]
|
||||
def packageDistrib = tagParts[2]
|
||||
def packageVersion = tagParts[3]
|
||||
|
||||
sh "rm -rf ${destDir}/*"
|
||||
// Create .tamarinrc file
|
||||
def tamarinrc = """
|
||||
project_version=${packageVersion}
|
||||
no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
|
||||
""".stripIndent()
|
||||
writeFile file: '.tamarinrc', text: tamarinrc
|
||||
|
||||
sh "rm -rf ${destDir}/*"
|
||||
|
||||
stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
|
||||
result.put('tag', commitTag)
|
||||
result.put('env', packageEnv)
|
||||
result.put('version', packageVersion)
|
||||
result.put('distrib', packageDistrib)
|
||||
def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
|
||||
result.put('packages', packages)
|
||||
stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
|
||||
def result = [:]
|
||||
result.put('tag', tag)
|
||||
result.put('env', packageEnv)
|
||||
result.put('version', packageVersion)
|
||||
result.put('distrib', packageDistrib)
|
||||
def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
|
||||
result.put('packages', packages)
|
||||
builds << result
|
||||
}
|
||||
|
||||
}
|
||||
return result
|
||||
|
||||
return builds
|
||||
|
||||
}
|
||||
|
||||
@ -113,12 +121,9 @@ def buildDockerImage() {
|
||||
|
||||
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
|
||||
writeFile file:'run-tamarin.sh', text:runTamarinScript
|
||||
|
||||
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
|
||||
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
|
||||
|
||||
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
|
||||
def imageTag = "${safeJobName}-${env.BUILD_ID}"
|
||||
return docker.build("tamarin:${imageTag}", ".")
|
||||
}
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user