Cadoles/Jenkins
22
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Compare commits

base: Cadoles:pipeline/packaging_pulp
Branches Tags
Cadoles:master Cadoles:gitea-package Cadoles:podman Cadoles:pipeline/compile_doc_formation Cadoles:cpkg-auto-version Cadoles:gitea-release Cadoles:pipeline/packaging_pulp Cadoles:symfony-pipeline Cadoles:pipeline/empaquetage_pulp Cadoles:build_pipeline_bbohard Cadoles:pa11y-audit Cadoles:hooks Cadoles:nebula Cadoles:redesign-tamarin
..
compare: Cadoles:build_pipeline_bbohard
Branches Tags
Cadoles:master Cadoles:gitea-package Cadoles:podman Cadoles:pipeline/compile_doc_formation Cadoles:cpkg-auto-version Cadoles:gitea-release Cadoles:pipeline/packaging_pulp Cadoles:symfony-pipeline Cadoles:pipeline/empaquetage_pulp Cadoles:build_pipeline_bbohard Cadoles:pa11y-audit Cadoles:hooks Cadoles:nebula Cadoles:redesign-tamarin

2 Commits
pipeline/p ... build_pipe

Author SHA1 Message Date
Benjamin Bohard
b458d075fe Force checkout on commit to invalidate tamarin cache 2020-09-03 08:48:14 +02:00
Benjamin Bohard
fba9a12cb4 Force checkout on commit to invalidate tamarin cache 2020-08-12 09:23:40 +02:00
15 changed files with 89 additions and 796 deletions
Expand all files Collapse all files

231
Jenkinsfile vendored
View File

@ -1,231 +0,0 @@
@Library("cadoles@pipeline/packaging_pulp") _
pipeline {
agent {
label 'docker'
}
environment {
projectDir = "${env.project_name}_${env.BUILD_ID}"
}
triggers {
// Execute pipeline every day at 7h30 to prepare docker images
cron('30 7 * * 1-5')
}
stages {
stage("Prepare build environment") {
when {
anyOf {
triggeredBy cause: "UserIdCause", detail: "wpetit"
triggeredBy 'TimerTrigger'
}
}
steps {
script {
tamarin.prepareEnvironment()
}
}
}
stage("Package project") {
when {
not {
triggeredBy 'TimerTrigger'
}
}
steps {
script {
stage("Clone repository") {
checkout scm:
[
$class: 'GitSCM',
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
branches: [[name: env.ref]],
extensions: [
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
[$class: 'WipeWorkspace' ]
]
],
changelog: false,
poll: false
}
stage("Ensure packaging branch") {
dir(env.projectDir) {
sh 'git checkout "${packageBranch}"'
def commitOrRef = env.commit ? env.commit : env.ref
def branchesWithCommitOrRef = sh(script: "git branch --contains '${commitOrRef}'", returnStdout: true).split(' ')
if (branchesWithCommitOrRef.findAll{env.packageBranch.contains(it)}.any{true}) {
currentBuild.result = 'ABORTED'
error("La référence `${env.ref}` ne fait pas partie de la branche `${env.packageBranch}` !")
}
}
}
stage("Check [ci skip] in tag message") {
dir(env.projectDir) {
sh 'git checkout "${packageBranch}"'
def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
for (tag in commitTags) {
tag = tag.trim()
def tagMessage = sh(script: "git tag --format='%(subject)' -l '${tag}'", returnStdout: true).trim()
println("Tag '${tag}' message is: '${tagMessage}'")
if (tagMessage.contains('[ci skip]')) {
currentBuild.result = 'ABORTED'
error("Le message du tag '${tag}' contient le marqueur '[ci-skip]' !")
}
}
}
}
stage("Checkout ref") {
dir(env.projectDir) {
sh """
git checkout ${env.ref}
"""
}
}
stage("Build package") {
dir(env.projectDir) {
// On construit les paquets à partir des informations
// de contexte provenant de CPKG et du webhook
def result = tamarin.buildPackageWithCPKG(
env.packageProfile ? env.packageProfile : "debian",
env.packageArch ? env.packageArch : "",
env.packageBranch ? env.packageBranch : "",
env.baseImage ? env.baseImage : ""
)
// On publie chacun des paquets construits
def splittedTag = env.ref.split('/')
def repositoryName = "${splittedTag[2]} ${splittedTag[1]}"
def distributionName = repositoryName
def basePath = repositoryName.replace(' ', '-')
def product = splittedTag[2].split('-')[0]
def contentGuardMapping = ['mse': 'mse_contentguard']
def signingServiceMapping = ['mse': 'sign_deb_release']
def credentials = 'jenkins-pulp-api-client'
def repositoryHREF = pulp.getRepositoryHREF(credentials, repositoryName)
def exportTasks = pulp.exportPackages(credentials, result.packages)
def pulpPackages = []
exportTasks.each {
def created_resources = pulp.waitForTaskCompletion(credentials, it)
for (created_resource in created_resources) {
pulpPackages << created_resource
}
}
pulp.addToRepository(credentials, pulpPackages, repositoryHREF)
// def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, signingServiceMapping.get(product))
def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, 'sign_deb_release')
def distributionHREF = pulp.distributePublication(credentials, publicationHREF[0], distributionName, basePath, contentGuardMapping.get(product))
def distributionURL = pulp.getDistributionURL(credentials, distributionHREF[0])
// On liste l'ensemble des paquets construits
def publishedPackages = result.packages.collect { p ->
def file = new File(p)
return "- Paquet `${file.getName()}`, Dépôt `${result.env}`, Distribution `${result.distrib}`, URL `${distributionURL}`"
}
// On notifie le canal Rocket.Chat de la publication des paquets
rocketSend (
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
message: """
Les paquets suivants ont été publiés pour le projet ${env.project_name}:
${publishedPackages.join('\n')}
[Visualiser le job](${env.RUN_DISPLAY_URL})
@${env.sender_login}
""".stripIndent(),
rawMessage: true,
attachments: lolops.getRandomDeliveryAttachment()
)
if (env.testPackageInstall != 'yes') {
println "Test d'intallation des paquets désactivé."
return
}
// On essaye de trouver un template de VM compatible
// avec la distribution cible de la construction
def vmTemplate = findMatchingVMTemplate(result.distrib)
if (vmTemplate == null) {
println "Aucun template de VM n'a été trouvé correspondant à la distribution `${result.distrib}`."
return
}
// Pour chaque paquets construits...
result.packages.each { p ->
def packageFullName = new File(p).getName()
def packageRepository = result.distrib.split('-')[1] + '-' + result.env
def packageNameParts = packageFullName.split('_')
def packageName = packageNameParts[0]
def packageVersion = packageNameParts[1]
stage("Test package '${packageName}' installation") {
build job: 'Test de paquet Debian', wait: false, parameters: [
[$class: 'StringParameterValue', name: 'packageName', value: packageName],
[$class: 'StringParameterValue', name: 'packageVersion', value: packageVersion],
[$class: 'StringParameterValue', name: 'packageRepository', value: packageRepository],
[$class: 'StringParameterValue', name: 'vmTemplate', value: vmTemplate]
]
}
}
}
}
}
}
post {
always {
sh "rm -rf '${env.projectDir}'"
}
}
}
}
}
// Cette fonction fait un simple "mapping"
// entre les distributions cibles des paquets et
// les templates de VM disponibles sur l'OpenNebula
def findMatchingVMTemplate(String distrib) {
def vmTemplatesMap = [
'eole-2.7.0': 'eolebase-2.7.0-cadoles',
'eole-2.6.2': 'eolebase-2.6.2-cadoles'
]
return vmTemplatesMap.get(distrib, null)
}
def waitForPackages(String tagRef, buildResults) {
def packageVersion = tagRef.split('/')[3];
def packageDistrib = env.packageBranch.split('/')[2];
buildResults.each { r ->
def distrib = "${packageDistrib}-${r.env}"
r.packages.each { p ->
def file = new File(p)
def fileNameParts = file.getName().take(file.getName().lastIndexOf('.')).split('_')
def packageName = fileNameParts[0]
def packageArch = fileNameParts[2]
debian.waitForRepoPackage(packageName, [
baseURL: 'https://vulcain.cadoles.com',
distrib: distrib,
component: 'main',
type: 'binary',
arch: packageArch,
expectedVersion: packageVersion
])
}
}
}

76
pipelines/sentry.jenkinsfile
View File

@ -1,76 +0,0 @@
pipeline {
agent {
docker {
image "getsentry/sentry-cli"
args "--entrypoint="
}
}
environment {
projectDir = "${env.project_name}_${env.BUILD_ID}"
}
stages {
stage("Clone repository") {
steps {
checkout scm:
[
$class: 'GitSCM',
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
branches: [[name: env.ref]],
extensions: [
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
[$class: 'WipeWorkspace' ]
]
],
changelog: false,
poll: false
}
}
stage('Create sentry release') {
steps {
dir(env.projectDir) {
withCredentials([
string(credentialsId: 'sentry-url', variable: 'SENTRY_URL'),
string(credentialsId: 'sentry-release-auth-token', variable: 'SENTRY_AUTH_TOKEN')
]) {
sh '''
SENTRY_CMD="sentry-cli --auth-token \"${SENTRY_AUTH_TOKEN}\" --url \"${SENTRY_URL}\""
PROJECT_VERSION=$(sentry-cli releases propose-version)
$SENTRY_CMD \
releases \
--org "${sentry_org}" \
new \
-p "${sentry_project}" ${PROJECT_VERSION}
(
$SENTRY_CMD \
releases \
--org "${sentry_org}" \
set-commits --local \
${PROJECT_VERSION} || exit 0
)
$SENTRY_CMD \
releases \
--org "${sentry_org}" \
finalize \
${PROJECT_VERSION}
'''
}
}
}
}
}
post {
always {
cleanWs()
}
}
}

26
resources/com/cadoles/common/add-letsencrypt-ca.sh
View File

@ -1,26 +0,0 @@
#!/bin/sh
set -eo pipefail
DESTDIR=/usr/local/share/ca-certificates
UPDATE_CERTS_CMD=update-ca-certificates
CERTS="$(cat <<EOF
https://letsencrypt.org/certs/isrgrootx1.pem
https://letsencrypt.org/certs/isrg-root-x2.pem
https://letsencrypt.org/certs/lets-encrypt-r3.pem
https://letsencrypt.org/certs/lets-encrypt-e1.pem
https://letsencrypt.org/certs/lets-encrypt-r4.pem
https://letsencrypt.org/certs/lets-encrypt-e2.pem
EOF
)"
cd "$DESTDIR"
for cert in $CERTS; do
echo "Downloading '$cert'..."
filename=$(basename "$cert")
wget --tries=10 --timeout=30 -O "$filename" "$cert"
openssl x509 -in "$filename" -inform PEM -out "$filename.crt"
done
$UPDATE_CERTS_CMD

4
resources/com/cadoles/lighthouse/Dockerfile
View File

@ -1,4 +1,4 @@
FROM golang:1.15 as envtpl FROM golang:1.13 as envtpl
ARG HTTP_PROXY= ARG HTTP_PROXY=
ARG HTTPS_PROXY= ARG HTTPS_PROXY=
@ -14,7 +14,7 @@ RUN git clone https://github.com/subfuzion/envtpl /src \
-ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \ -ldflags "-X main.AppVersionMetadata=$(date -u +%s)" \
-a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/. -a -installsuffix cgo -o ./bin/envtpl ./cmd/envtpl/.
FROM alpine:3.13 FROM alpine:3.10
ARG HTTP_PROXY= ARG HTTP_PROXY=
ARG HTTPS_PROXY= ARG HTTPS_PROXY=

5
resources/com/cadoles/lighthouse/run-audit.sh
View File

@ -10,9 +10,10 @@ rm -f reports/*
cd reports cd reports
lighthouse \ lighthouse \
"$LIGHTHOUSE_URL" \
--no-enable-error-reporting \ --no-enable-error-reporting \
--chrome-flags="--headless --disable-dev-shm-usage --no-sandbox --disable-gpu" \ --chrome-flags="--headless --disable-dev-shm-usage --no-sandbox --disable-gpu" \
--config=../config.js \ --config=../config.js \
--output json --output html \ --output json --output html \
--output-path=lighthouse --output-path=lighthouse \
-- \
"$LIGHTHOUSE_URL"

8
resources/com/cadoles/tamarin/Dockerfile
View File

@ -1,15 +1,13 @@
FROM alpine:3.12 FROM alpine:3.8
ARG HTTP_PROXY= ARG HTTP_PROXY=
ARG HTTPS_PROXY= ARG HTTPS_PROXY=
ARG http_proxy= ARG http_proxy=
ARG https_proxy= ARG https_proxy=
ARG TAMARIN_VERSION=develop ARG TAMARIN_VERSION=253c774
RUN apk add --no-cache git docker python3 bash openssl curl RUN apk add --no-cache git docker python3 bash
RUN curl -k https://forge.cadoles.com/Cadoles/Jenkins/raw/branch/master/resources/com/cadoles/common/add-letsencrypt-ca.sh | bash
RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\ RUN git clone http://forge.cadoles.com/Cadoles/Tamarin /tamarin\
&& cd /tamarin\ && cd /tamarin\

50
resources/com/cadoles/w3af/Dockerfile
View File

@ -37,10 +37,55 @@ RUN apk --no-cache add \
python-dev \ python-dev \
sqlite-dev \ sqlite-dev \
yaml-dev \ yaml-dev \
sudo \
nodejs \ nodejs \
npm npm
RUN pip install --upgrade pip \
&& pip install \
pyClamd==0.4.0 \
GitPython==2.1.3 \
chardet==3.0.4 \
futures==3.2.0 \
pyOpenSSL==18.0.0 \
ndg-httpsclient==0.4.0 \
pyasn1==0.4.2 \
scapy==2.4.0 \
msgpack==0.5.6 \
Jinja2==2.10 \
vulndb==0.1.1 \
psutil==5.4.8 \
ds-store==1.1.2 \
pebble==4.3.8 \
acora==2.1 \
diff-match-patch==20121119 \
lz4==1.1.0 \
vulners==1.3.0 \
ipaddresses==0.0.2 \
PyGithub==1.21.0 \
pybloomfiltermmap==0.3.14 \
phply==0.9.1 nltk==3.0.1 \
tblib==0.2.0 \
pdfminer==20140328 \
lxml==3.4.4 \
guess-language==0.2 \
cluster==1.1.1b3 \
python-ntlm==1.0.1 \
halberd==0.2.4 \
darts.util.lru==0.5 \
markdown==2.6.1 \
termcolor==1.1.0 \
mitmproxy==0.13 \
ruamel.ordereddict==0.4.8 \
Flask==0.10.1 \
PyYAML==3.12 \
tldextract==1.7.2 \
esmre==0.3.1 \
bravado-core==5.12.1 \
subprocess32==3.5.4 \
&& npm install -g retire \
&& rm -rf /root/.cache/pip \
&& apk del build-base linux-headers
RUN adduser -D w3af RUN adduser -D w3af
RUN git clone --depth=1 \ RUN git clone --depth=1 \
@ -49,9 +94,6 @@ RUN git clone --depth=1 \
&& rm -rf /home/w3af/w3af/.git \ && rm -rf /home/w3af/w3af/.git \
&& chown -R w3af /home/w3af/w3af && chown -R w3af /home/w3af/w3af
RUN cd /home/w3af/w3af \
&& ( ./w3af_console || . /tmp/w3af_dependency_install.sh )
COPY run-audit.sh /usr/local/bin/run-audit COPY run-audit.sh /usr/local/bin/run-audit
RUN chmod +x /usr/local/bin/run-audit RUN chmod +x /usr/local/bin/run-audit

13
vars/cpkg.groovy
View File

@ -8,7 +8,6 @@ def call(Map params = [:]) {
def distVersion = params.distVersion ? params.distVersion : '2.7.0' def distVersion = params.distVersion ? params.distVersion : '2.7.0'
def distBranchName = params.distBranchName ? params.distBranchName : env.GIT_BRANCH def distBranchName = params.distBranchName ? params.distBranchName : env.GIT_BRANCH
def gitCredentials = params.gitCredentials ? params.gitCredentials : null def gitCredentials = params.gitCredentials ? params.gitCredentials : null
def gitCredentialsType = params.gitCredentialsType ? params.gitCredentialsType : 'http'
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com' def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins' def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
def skipCi = params.containsKey('skipCi') ? params.skipCi : false def skipCi = params.containsKey('skipCi') ? params.skipCi : false
@ -90,16 +89,8 @@ def call(Map params = [:]) {
} }
if (gitCredentials != null) { if (gitCredentials != null) {
if (gitCredentialsType == 'http') { git.withHTTPCredentials(gitCredentials) {
git.withHTTPCredentials(gitCredentials) { proc.call()
proc.call()
}
} else if (gitCredentialsType == 'ssh') {
git.withSSHCredentials(gitCredentials) {
proc.call()
}
} else {
throw new Exception("Unknown git credentials type '${gitCredentialsType}' ! Expected 'ssh' or 'http' (default).")
} }
} else { } else {
proc.call() proc.call()

2
vars/debian.groovy
View File

@ -1,7 +1,7 @@
def waitForRepoPackage(String packageName, Map params = [:]) { def waitForRepoPackage(String packageName, Map params = [:]) {
def expectedVersion = params.expectedVersion ? params.expectedVersion : null def expectedVersion = params.expectedVersion ? params.expectedVersion : null
def delay = params.delay ? params.delay : 30 def delay = params.delay ? params.delay : 30
def waitTimeout = params.timeout ? params.timeout : 2400 def waitTimeout = params.timeout ? params.timeout : 1200
def message = "Waiting for package '${packageName}'" def message = "Waiting for package '${packageName}'"
if (expectedVersion != null) { if (expectedVersion != null) {

14
vars/git.groovy
View File

@ -28,17 +28,3 @@ def withHTTPCredentials(String credentialsId, Closure fn) {
} }
} }
} }
def withSSHCredentials(String credentialsId, Closure fn) {
def randomUUID = UUID.randomUUID().toString()
withCredentials([
sshUserPrivateKey(
credentialsId: credentialsId,
keyFileVariable: 'GIT_SSH_IDENTITY_FILE',
)
]) {
withEnv(['GIT_SSH_VARIANT=ssh', 'GIT_SSH_COMMAND=ssh -i $GIT_SSH_IDENTITY_FILE -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null']) {
fn.call()
}
}
}

9
vars/lolops.groovy
View File

@ -13,15 +13,6 @@ def getRandomDeliveryAttachment(Integer probability = 25) {
'https://media.giphy.com/media/QBRlXHKV5mpbLJ4prc/giphy.gif', 'https://media.giphy.com/media/QBRlXHKV5mpbLJ4prc/giphy.gif',
'https://media.giphy.com/media/NOsfNQGivMFry/giphy.gif', 'https://media.giphy.com/media/NOsfNQGivMFry/giphy.gif',
'https://media.giphy.com/media/M1vu1FJnW6gms/giphy.gif', 'https://media.giphy.com/media/M1vu1FJnW6gms/giphy.gif',
'https://media.giphy.com/media/555x0gFF89OhVWPkvb/giphy.gif',
'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
'https://media.giphy.com/media/9RZu6ahd8LIYHQlGUD/giphy.gif',
'https://media.giphy.com/media/W1fFHj6LvyTgfBNdiz/giphy.gif',
'https://media.giphy.com/media/1g2JyW7p6mtZc6bOEY/giphy.gif',
'https://media.giphy.com/media/ORiFE3ijpNaIWDoOqP/giphy.gif',
'https://media.giphy.com/media/r16Zmuvt1hSTK/giphy.gif',
'https://media.giphy.com/media/bF8Tvy2Ta0mqxXgaPV/giphy.gif',
'https://media.giphy.com/media/C0XT6BmLC3nGg/giphy.gif'
] ]
Random rnd = new Random() Random rnd = new Random()
if (rnd.nextInt(100) > probability) { if (rnd.nextInt(100) > probability) {

154
vars/pulp.groovy
View File

@ -1,154 +0,0 @@
import groovy.json.JsonOutput
def getResourceHREF(
String credentials,
String resourceEndpoint,
String resourceName,
String pulpHost = 'pulp.cadoles.com'
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
def jsonResponse = readJSON text: response.content
def resource = jsonResponse.results.find { it -> it.name == resourceName}
if (resource) {
return resource.pulp_href
}
return null
}
def waitForTaskCompletion(
String credentials,
String taskHREF,
String pulpHost = 'pulp.cadoles.com'
) {
def status = ''
def created_resources = []
while (status != 'completed') {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
def jsonResponse = readJSON text: response.content
status = jsonResponse.state
if (status == 'completed') {
return jsonResponse.created_resources
} else if (!(status in ['running','waiting'])) {
break
}
sleep(10)
}
throw new Exception("Task failed:" + jsonResponse.error.description)
}
def exportPackages(
String credentials,
List packages = [],
String pulpHost = 'pulp.cadoles.com'
) {
def exportTasks = []
packages.each {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
def jsonResponse = readJSON text: response.content
exportTasks << jsonResponse['task']
}
return exportTasks
}
def createRepository(
String credentials,
String name,
String pulpHost = 'pulp.cadoles.com'
) {
def repositoryName = ["name": name]
def postBody = JsonOutput.toJson(repositoryName)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
def jsonResponse = readJSON text: response.content
return jsonResponse.pulp_href
}
def getRepositoryHREF(
String credentials,
String repository = 'Cadoles4MSE unstable'
) {
def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
if (repositoryHREF) {
return repositoryHREF
} else {
return createRepository(credentials, repository)
}
}
def addToRepository(
String credentials,
List packagesHREF,
String repositoryHREF,
String pulpHost = 'pulp.cadoles.com'
) {
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
def postBody = JsonOutput.toJson(packagesHREFURL)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
def jsonResponse = readJSON text: response.content
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def publishRepository(
String credentials,
String repositoryHREF,
String signing_service = null,
String pulpHost = 'pulp.cadoles.com'
) {
def postContent = ["repository": repositoryHREF, "simple": true]
if (signing_service) {
def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
if (signingServiceHREF) {
postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
}
}
def postBody = JsonOutput.toJson(postContent)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
def jsonResponse = readJSON text: response.content
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def distributePublication(
String credentials,
String publicationHREF,
String distributionName,
String basePath,
String contentGuard = null,
String pulpHost = 'pulp.cadoles.com'
) {
def httpMode = ''
def url = ''
def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
if (distributionHREF) {
httpMode = 'PUT'
url = distributionHREF
} else {
httpMode = 'POST'
url = '/pulp/api/v3/distributions/deb/apt/'
}
def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
if (contentGuard) {
def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
if (contentGuardHREF) {
bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
}
}
def postBody = JsonOutput.toJson(bodyContent)
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
jsonResponse = readJSON text: response.content
if (distributionHREF) {
waitForTaskCompletion(credentials, jsonResponse.task)
return [url]
} else {
return waitForTaskCompletion(credentials, jsonResponse.task)
}
}
def getDistributionURL(
String credentials,
String resourceHREF,
String pulpHost = 'pulp.cadoles.com'
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
def jsonResponse = readJSON text: response.content
println(jsonResponse)
return jsonResponse.base_url
}

154
vars/pulp.groovy.bak
View File

@ -1,154 +0,0 @@
import groovy.json.JsonOutput
def getResourceHREF(
String credentials,
String resourceEndpoint,
String resourceName,
String pulpHost = 'pulp.cadoles.com'
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
def jsonResponse = readJSON text: response.content
def resource = jsonResponse.results.find { it -> it.name == resourceName}
if (resource) {
return resource.pulp_href
}
return null
}
def waitForTaskCompletion(
String credentials,
String taskHREF,
String pulpHost = 'pulp.cadoles.com'
) {
def status = ''
def created_resources = []
while (status != 'completed') {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
def jsonResponse = readJSON text: response.content
status = jsonResponse.state
if (status == 'completed') {
return jsonResponse.created_resources
} else if (!(status in ['running','waiting'])) {
break
}
sleep(10)
}
throw new Exception("Task failed:" + jsonResponse.error.description)
}
def exportPackages(
String credentials,
List packages = [],
String pulpHost = 'pulp.cadoles.com'
) {
def exportTasks = []
packages.each {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
def jsonResponse = readJSON text: response.content
exportTasks << jsonResponse['task']
}
return exportTasks
}
def createRepository(
String credentials,
String name,
String pulpHost = 'pulp.cadoles.com'
) {
def repositoryName = ["name": name]
def postBody = JsonOutput.toJson(repositoryName)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
def jsonResponse = readJSON text: response.content
return jsonResponse.pulp_href
}
def getRepositoryHREF(
String credentials,
String repository = 'Cadoles4MSE unstable'
) {
def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
if (repositoryHREF) {
return repositoryHREF
} else {
return createRepository(credentials, repository)
}
}
def addToRepository(
String credentials,
List packagesHREF,
String repositoryHREF,
String pulpHost = 'pulp.cadoles.com'
) {
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
def postBody = JsonOutput.toJson(packagesHREFURL)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
def jsonResponse = readJSON text: response.content
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def publishRepository(
String credentials,
String repositoryHREF,
String signing_service = null,
String pulpHost = 'pulp.cadoles.com'
) {
def postContent = ["repository": repositoryHREF, "simple": true]
if (signing_service) {
def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
if (signingServiceHREF) {
postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
}
}
def postBody = JsonOutput.toJson(postContent)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
def jsonResponse = readJSON text: response.content
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def distributePublication(
String credentials,
String publicationHREF,
String distributionName,
String basePath,
String contentGuard = null,
String pulpHost = 'pulp.cadoles.com'
) {
def httpMode = ''
def url = ''
def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
if (distributionHREF) {
httpMode = 'PUT'
url = distributionHREF
} else {
httpMode = 'POST'
url = '/pulp/api/v3/distributions/deb/apt/'
}
def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
if (contentGuard) {
def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
if (contentGuardHREF) {
bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
}
}
def postBody = JsonOutput.toJson(bodyContent)
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
jsonResponse = readJSON text: response.content
if (distributionHREF) {
waitForTaskCompletion(credentials, jsonResponse.task)
return [url]
} else {
return waitForTaskCompletion(credentials, jsonResponse.task)
}
}
def getDistributionURL(
String credentials,
String resourceHREF,
String pulpHost = 'pulp.cadoles.com'
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
def jsonResponse = readJSON text: response.content
println(jsonResponse)
return jsonResponse.base_url
}

80
vars/sonarqube.groovy
View File

@ -1,80 +0,0 @@
// Pipeline de scan de projet avec SonarQube
def call() {
pipeline {
agent {
label 'docker'
}
environment {
projectDir = "${env.project_name}_${env.BUILD_ID}"
}
stages {
stage("Package project") {
when {
not {
triggeredBy 'TimerTrigger'
}
}
steps {
script {
stage("Clone repository") {
checkout scm:
[
$class: 'GitSCM',
userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']],
branches: [[name: env.ref]],
extensions: [
[$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
[$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
[$class: 'WipeWorkspace' ]
]
],
changelog: false,
poll: false
}
stage("Scan project") {
dir(env.projectDir) {
withCredentials([
string(credentialsId: 'SONARQUBE_URL', variable: 'SONARQUBE_URL'),
string(credentialsId: 'SONARQUBE_TOKEN', variable: 'SONARQUBE_TOKEN'),
]) {
sh """
docker run \
--rm \
-e SONAR_HOST_URL="${env.SONARQUBE_URL}" \
-e SONAR_LOGIN="${env.SONARQUBE_TOKEN}" \
-v "${env.WORKSPACE}/${env.projectDir}/:/usr/src" \
sonarsource/sonar-scanner-cli \
-Dsonar.projectKey=${env.sonarqubeProjectKey} \
-Dsonar.projectVersion=${env.ref}
"""
}
// On notifie le canal Rocket.Chat du scan
// rocketSend (
// avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
// message: """
// Le projet ${env.project_name} a été scanné par SonarQube.
// - [Voir les résultats](${env.SONARQUBE_URL}/dashboard?id=${env.sonarqubeProjectKey})
// - [Visualiser le job](${env.RUN_DISPLAY_URL})
// @${env.sender_login}
// """.stripIndent(),
// rawMessage: true,
// )
}
}
}
}
post {
always {
sh "rm -rf '${env.projectDir}'"
}
}
}
}
}
}

57
vars/tamarin.groovy
View File

@ -7,38 +7,46 @@ def buildPackageWithCPKG(
Boolean forceRebuild = false Boolean forceRebuild = false
) { ) {
def result = [:] def builds = []
// Retrieve commit tags // Retrieve commit tags
def commitTag = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true) def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
if (commitTag == '') { if (commitTags.length == 0) {
error 'No build build tags on last commit' error 'No build build tags on last commit'
} }
// Split tag to retrieve context informations // For each tags
def tagParts = commitTag.split('/') for (tag in commitTags) {
def packageEnv = tagParts[1]
def packageDistrib = tagParts[2]
def packageVersion = tagParts[3]
// Create .tamarinrc file // Split tag to retrieve context informations
def tamarinrc = """ def tagParts = tag.split('/')
project_version=${packageVersion} def packageEnv = tagParts[1]
no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' } def packageDistrib = tagParts[2]
""".stripIndent() def packageVersion = tagParts[3]
writeFile file: '.tamarinrc', text: tamarinrc
sh "rm -rf ${destDir}/*" // Create .tamarinrc file
def tamarinrc = """
project_version=${packageVersion}
no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
""".stripIndent()
writeFile file: '.tamarinrc', text: tamarinrc
sh "rm -rf ${destDir}/*"
stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
def result = [:]
result.put('tag', tag)
result.put('env', packageEnv)
result.put('version', packageVersion)
result.put('distrib', packageDistrib)
def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
result.put('packages', packages)
builds << result
}
stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
result.put('tag', commitTag)
result.put('env', packageEnv)
result.put('version', packageVersion)
result.put('distrib', packageDistrib)
def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
result.put('packages', packages)
} }
return result
return builds
} }
@ -114,9 +122,6 @@ def buildDockerImage() {
def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh' def runTamarinScript = libraryResource 'com/cadoles/tamarin/run-tamarin.sh'
writeFile file:'run-tamarin.sh', text:runTamarinScript writeFile file:'run-tamarin.sh', text:runTamarinScript
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-') def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
def imageTag = "${safeJobName}-${env.BUILD_ID}" def imageTag = "${safeJobName}-${env.BUILD_ID}"
return docker.build("tamarin:${imageTag}", ".") return docker.build("tamarin:${imageTag}", ".")