Le paramètre doit être de type string

gpg pour tous
change user pulp api
2022-07-06 14:31:04 +02:00 · 2022-07-05 14:28:28 +02:00 · 2022-06-15 14:33:06 +02:00 · 2022-06-07 11:22:21 +02:00 · 2022-06-07 10:50:23 +02:00 · 2022-06-07 10:43:42 +02:00
25 changed files with 573 additions and 1185 deletions
--- a/231
+++ b/231
@ -0,0 +1,231 @@
@Library("cadoles@pipeline/packaging_pulp") _
 pipeline {
    agent {
        label 'docker'
    }
    environment {
        projectDir = "${env.project_name}_${env.BUILD_ID}" 
    }
    triggers {
        // Execute pipeline every day at 7h30 to prepare docker images
        cron('30 7 * * 1-5')
    }
    stages {
        stage("Prepare build environment") {
            when {
                anyOf {
                    triggeredBy cause: "UserIdCause", detail: "wpetit"
                    triggeredBy 'TimerTrigger'
                }   
            }
            steps {
                script {
                    tamarin.prepareEnvironment()
                }
            }
        }
        stage("Package project") {
            when {
                not {
                    triggeredBy 'TimerTrigger'
                }
            }
            steps {
                script {
                    stage("Clone repository") {
                        checkout scm: 
                            [
                                $class: 'GitSCM', 
                                userRemoteConfigs: [[url: env.repository_url, credentialsId: 'jenkins-forge-ssh']], 
                                branches: [[name: env.ref]],
                                extensions: [
                                    [$class: 'RelativeTargetDirectory', relativeTargetDir: env.projectDir ],
                                    [$class: 'CloneOption', noTags: false, shallow: false, depth: 0, reference: ''],
                                    [$class: 'WipeWorkspace' ]
                                ]
                            ], 
                            changelog: false, 
                            poll: false
                    }
                    stage("Ensure packaging branch") {
                        dir(env.projectDir) {
                            sh 'git checkout "${packageBranch}"'
                            def commitOrRef = env.commit ? env.commit : env.ref
                            def branchesWithCommitOrRef = sh(script: "git branch --contains '${commitOrRef}'", returnStdout: true).split(' ')
                            if (branchesWithCommitOrRef.findAll{env.packageBranch.contains(it)}.any{true}) {
                                currentBuild.result = 'ABORTED'
                                error("La référence `${env.ref}` ne fait pas partie de la branche `${env.packageBranch}` !")
                            }
                        }
                    }
                    stage("Check [ci skip] in tag message") {
                        dir(env.projectDir) {
                            sh 'git checkout "${packageBranch}"'
                            def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
                            for (tag in commitTags) {
                                tag = tag.trim()
                                def tagMessage = sh(script: "git tag --format='%(subject)' -l '${tag}'", returnStdout: true).trim()
                                println("Tag '${tag}' message is: '${tagMessage}'")
                                if (tagMessage.contains('[ci skip]')) {
                                    currentBuild.result = 'ABORTED'
                                    error("Le message du tag '${tag}' contient le marqueur '[ci-skip]' !")
                                }
                            }
                        }
                    }
                    stage("Checkout ref") {
                        dir(env.projectDir) {
                            sh """
                            git checkout ${env.ref}
                            """
                        }
                    }
                    stage("Build package") {
                        dir(env.projectDir) {  
                            // On construit les paquets à partir des informations
                            // de contexte provenant de CPKG et du webhook
                            def result = tamarin.buildPackageWithCPKG(
                                env.packageProfile ? env.packageProfile : "debian",
                                env.packageArch ? env.packageArch : "",
                                env.packageBranch ? env.packageBranch : "",
                                env.baseImage ? env.baseImage : ""
                            )
                            // On publie chacun des paquets construits
 			    def splittedTag = env.ref.split('/')
 			    def repositoryName = "${splittedTag[2]} ${splittedTag[1]}"
 			    def distributionName = repositoryName
 			    def basePath = repositoryName.replace(' ', '-')
 			    def product = splittedTag[2].split('-')[0]
 			    def contentGuardMapping = ['mse': 'mse_contentguard']
 			    def signingServiceMapping = ['mse': 'sign_deb_release']
                            def credentials = 'jenkins-pulp-api-client'
                            def repositoryHREF = pulp.getRepositoryHREF(credentials, repositoryName)
                            def exportTasks = pulp.exportPackages(credentials, result.packages)
                            def pulpPackages = []
                            exportTasks.each {
                            def created_resources = pulp.waitForTaskCompletion(credentials, it)
                            for (created_resource in created_resources) {
                                pulpPackages << created_resource
                            }
                            }
                            pulp.addToRepository(credentials, pulpPackages, repositoryHREF)
                           // def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, signingServiceMapping.get(product))
                            def publicationHREF = pulp.publishRepository(credentials, repositoryHREF, 'sign_deb_release')
                            def distributionHREF = pulp.distributePublication(credentials, publicationHREF[0], distributionName, basePath, contentGuardMapping.get(product))
                            def distributionURL = pulp.getDistributionURL(credentials, distributionHREF[0])
                            // On liste l'ensemble des paquets construits
                            def publishedPackages = result.packages.collect { p ->
                                    def file = new File(p)
                                    return "- Paquet `${file.getName()}`, Dépôt `${result.env}`, Distribution `${result.distrib}`, URL `${distributionURL}`"
                            }
                            // On notifie le canal Rocket.Chat de la publication des paquets
                            rocketSend (
                                avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
                                message: """
                                Les paquets suivants ont été publiés pour le projet ${env.project_name}:
                                ${publishedPackages.join('\n')}
                                [Visualiser le job](${env.RUN_DISPLAY_URL})
                                @${env.sender_login}
                                """.stripIndent(),
                                rawMessage: true,
                                attachments: lolops.getRandomDeliveryAttachment()
                            )
                            if (env.testPackageInstall != 'yes') {
                                println "Test d'intallation des paquets désactivé."
                                return
                            }
                            // On essaye de trouver un template de VM compatible
                            // avec la distribution cible de la construction
                            def vmTemplate = findMatchingVMTemplate(result.distrib)
                            if (vmTemplate == null) {
                                println "Aucun template de VM n'a été trouvé correspondant à la distribution `${result.distrib}`."
                                return
                            }
                            // Pour chaque paquets construits...
                            result.packages.each { p ->
                                def packageFullName = new File(p).getName()
                                def packageRepository = result.distrib.split('-')[1] + '-' + result.env
                                def packageNameParts = packageFullName.split('_')
                                def packageName = packageNameParts[0]
                                def packageVersion = packageNameParts[1]
                                stage("Test package '${packageName}' installation") {
                                build job: 'Test de paquet Debian', wait: false, parameters: [
                                    [$class: 'StringParameterValue', name: 'packageName', value: packageName], 
                                    [$class: 'StringParameterValue', name: 'packageVersion', value: packageVersion],
                                    [$class: 'StringParameterValue', name: 'packageRepository', value: packageRepository],
                                    [$class: 'StringParameterValue', name: 'vmTemplate', value: vmTemplate]
                                ]
                                }
                            }
                        }
                    }
                }
            }
            post {
                always {
                    sh "rm -rf '${env.projectDir}'"
                }
            }
        }
    }
 }
 // Cette fonction fait un simple "mapping"
 // entre les distributions cibles des paquets et
 // les templates de VM disponibles sur l'OpenNebula
 def findMatchingVMTemplate(String distrib) {
    def vmTemplatesMap = [
        'eole-2.7.0': 'eolebase-2.7.0-cadoles',
        'eole-2.6.2': 'eolebase-2.6.2-cadoles'
    ]
    return vmTemplatesMap.get(distrib, null)
 }
 def waitForPackages(String tagRef, buildResults) {
    def packageVersion = tagRef.split('/')[3];
    def packageDistrib = env.packageBranch.split('/')[2];
    buildResults.each { r ->
        def distrib = "${packageDistrib}-${r.env}"
        r.packages.each { p ->
            def file = new File(p)
            def fileNameParts = file.getName().take(file.getName().lastIndexOf('.')).split('_')
            def packageName = fileNameParts[0]
            def packageArch = fileNameParts[2]
            debian.waitForRepoPackage(packageName, [
                baseURL: 'https://vulcain.cadoles.com',
                distrib: distrib,
                component: 'main',
                type: 'binary',
                arch: packageArch,
                expectedVersion: packageVersion
            ])
        }
    }
 }
--- a/pipelines/mse-rgaa.jenkinsfile
+++ b/pipelines/mse-rgaa.jenkinsfile
@ -1,10 +1,13 @@
 import hudson.tasks.test.AbstractTestResultAction
-@Library('cadoles') _
+@Library("cadoles") _
 pipeline {
-  parameters {
+    
  parameters { 
    text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
    string(name: 'USERNAME', defaultValue: '', description: "Nom d'utilisateur pour l'authentification Basic Auth, si nécessaire")
    password(name: 'PASSWORD', defaultValue: '', description: "Mot de passe pour l'authentification Basic Auth, si nécessaire")
    booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
    booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
  }
@ -15,77 +18,65 @@ pipeline {
  agent {
    node {
-      label 'docker'
+      label "mse"
    }
  }
  stages {
-    stage('Run RGAA audit') {
+    stage("Run RGAA audit") {
        steps {
            script {
-          def urls = params.URLS.split('\n')
+                def urls = params.URLS.split('\n')
-
+                
-          def count = 0
+                def count = 0
-          urls.each { u ->
+                urls.each { u ->
-            stage("Audit page '${u}'") {
+                    stage("Audit page '${u}'") {
-              withCredentials([
+                        def report = pa11y.audit(u.trim(), [
-                  usernamePassword(
+                            reporter: 'junit',
-                    credentialsId: 'msedev-basic-auth',
+                            username: params.USERNAME,
-                    usernameVariable: 'MSEDEV_USERNAME',
+                            password: params.PASSWORD,
-                    passwordVariable: 'MSEDEV_PASSWORD'
+                            standard: 'WCAG2AA',
-                  )
+                            includeNotices: params.INCLUDE_NOTICES,
-              ]) {
+                            includeWarnings: params.INCLUDE_WARNINGS,
-                def report = pa11y.audit(u.trim(), [
+                        ]);
-                  reporter: 'junit',
+        
-                  username: env.MSEDEV_USERNAME,
+                        writeFile file:"./report_${count}.xml", text:report
-                  password: env.MSEDEV_PASSWORD,
+                        count++
-                  standard: 'WCAG2AA',
+                    }
-                  includeNotices: params.INCLUDE_NOTICES,
+                }
-                  includeWarnings: params.INCLUDE_WARNINGS,
+                
-                ])
+                junit "*.xml"
-
+                
-                writeFile file:"./report_${count}.xml", text:report
+                rocketSend (
-                count++
+                    channel: "#cnous-mse-dev",
              }
            }
          }
          junit testResults: '*.xml', skipPublishingChecks: true
          rocketSend(
                    channel: '#cnous-mse',
                    avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
                    message: """
                    Audit RGAA | ${testStatuses()}
-
+        
                    - [Voir les tests](${env.RUN_DISPLAY_URL})
                    @here
                    """.stripIndent(),
                    rawMessage: true,
                )
            }
        }
    }
  }
  post {
    always {
      cleanWs()
    }
  }
 }
@NonCPS
 def testStatuses() {
-  def testStatus = ''
+    def testStatus = ""
-  AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
+    AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
-  if (testResultAction != null) {
+    if (testResultAction != null) {
-    def total = testResultAction.totalCount
+        def total = testResultAction.totalCount
-    def failed = testResultAction.failCount
+        def failed = testResultAction.failCount
-    def skipped = testResultAction.skipCount
+        def skipped = testResultAction.skipCount
-    def passed = total - failed - skipped
+        def passed = total - failed - skipped
-    testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
+        testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
-  }
+    }
-  return testStatus
+    return testStatus
 }
--- a/resources/com/cadoles/gitea/gitea-release.sh
+++ b/resources/com/cadoles/gitea/gitea-release.sh
@ -1,175 +0,0 @@
 #!/bin/bash
 set -eo pipefail
 GITEA_RELEASE_PROJECT=${GITEA_RELEASE_PROJECT}
 GITEA_RELEASE_ORG=${GITEA_RELEASE_ORG}
 GITEA_RELEASE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
 GITEA_RELEASE_USERNAME=${GITEA_RELEASE_USERNAME}
 GITEA_RELEASE_PASSWORD=${GITEA_RELEASE_PASSWORD}
 GITEA_RELEASE_NAME=${GITEA_RELEASE_NAME}
 GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
 GITEA_RELEASE_COMMITISH_TARGET=${GITEA_RELEASE_COMMITISH_TARGET}
 GITEA_RELEASE_IS_DRAFT=${GITEA_RELEASE_IS_DRAFT:-false}
 GITEA_RELEASE_IS_PRERELEASE=${GITEA_RELEASE_IS_PRERELEASE:-true}
 GITEA_RELEASE_BODY=${GITEA_RELEASE_BODY}
 GITEA_RELEASE_ATTACHMENTS=${GITEA_RELEASE_ATTACHMENTS}
 function check_dependencies {
    assert_command_available 'curl'
    assert_command_available 'jq'
 }
 function assert_command_available {
    local command=$1
    local command_path=$(which $command)
    if [ -z "$command_path" ]; then
        echo "The '$command' command could not be found. Please install it before using this script." 1>&2
        exit 1
    fi
 }
 function check_environment {
    assert_environment GITEA_RELEASE_PROJECT
    assert_environment GITEA_RELEASE_ORG
    assert_environment GITEA_RELEASE_BASE_URL
 }
 function source_env_file {
    if [ ! -f '.env' ]; then
        return 0
    fi
    set -o allexport
    source .env
    set +o allexport
 }
 function assert_environment {
    local name=$1
    local value=${!name}
    if [ -z "$value" ]; then
        echo "The $"$name" environment variable is empty." 1>&2
        exit 1
    fi
 }
 function ask_credentials {
    if [ -z "$GITEA_RELEASE_USERNAME" ]; then
        echo -n "Username: "
        read GITEA_RELEASE_USERNAME
    fi
    if [ -z "$GITEA_RELEASE_PASSWORD" ]; then
        echo -n "Password: "
        stty -echo
        read GITEA_RELEASE_PASSWORD
        stty echo 
        echo
    fi
 }
 function retrieve_version {
    if [ ! -z "$GITEA_RELEASE_VERSION" ]; then
        return
    fi
    set +e
    GITEA_RELEASE_VERSION=$(git describe --abbrev=0 --tags 2>/dev/null)
    GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
    set -e
 }
 function retrieve_commitish_target {
    if [ ! -z "$GITEA_RELEASE_COMMITISH_TARGET" ]; then
        return
    fi
    GITEA_RELEASE_COMMITISH_TARGET=$(git log -n 1 --pretty="format:%h")
 }
 function create_release {
    local payload={}
    payload=$(json_set "$payload" body "$GITEA_RELEASE_BODY" true)
    payload=$(json_set "$payload" draft $GITEA_RELEASE_IS_DRAFT)
    payload=$(json_set "$payload" name "\"${GITEA_RELEASE_NAME:-$GITEA_RELEASE_VERSION}\"")
    payload=$(json_set "$payload" prerelease $GITEA_RELEASE_IS_PRERELEASE)
    payload=$(json_set "$payload" tag_name "\"${GITEA_RELEASE_VERSION:-$GITEA_RELEASE_COMMITISH_TARGET}\"")
    payload=$(json_set "$payload" target_commitish "\"$GITEA_RELEASE_COMMITISH_TARGET\"")
    local existing_release=$(gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" -XGET | jq -e ".[] | select(.tag_name == \"${GITEA_RELEASE_VERSION}\") | .id")
    if [ ! -z "${existing_release}" ]; then
        gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/${existing_release}" -XDELETE
    fi
    local tmpfile=$(mktemp)
    echo "$payload" > "$tmpfile"
    gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" \
        -H "Content-Type:application/json" \
        -d "@$tmpfile"
    rm -f "$tmpfile"
 }
 function json_set {
    local data=$1
    local key=$2
    local value=$3
    local use_raw_file=$4
    if [ "$use_raw_file" != "true" ]; then
        echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
    else
        local tmpfile=$(mktemp)
        echo "$value" > "$tmpfile"
        echo $data | jq -cr --rawfile v "$tmpfile" --arg k "$key" '.[$k] = $v'
        rm -f "$tmpfile"
    fi
 }
 function upload_release_attachments {
    local release="$1"
    local release_id=$(echo "$release" | jq -r .id)
    if [ -z "$GITEA_RELEASE_ATTACHMENTS" ]; then
        set +e
        GITEA_RELEASE_ATTACHMENTS="$(ls release/*.{tar.gz,zip} 2>/dev/null)"
        set -e
    fi
    for file in $GITEA_RELEASE_ATTACHMENTS; do
        local filename=$(basename "$file")
        gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/$release_id/assets?name=$filename" \
            -H "Content-Type:multipart/form-data" \
            -F "attachment=@$file"
    done
 }
 function gitea_api {
    local path=$1
    local args=${@:2}
    curl -L \
        --fail \
        -u "$GITEA_RELEASE_USERNAME:$GITEA_RELEASE_PASSWORD" \
        ${args} \
        "$GITEA_RELEASE_BASE_URL/api/v1$path"
 }
 function main {
    check_dependencies
    source_env_file
    check_environment
    ask_credentials
    retrieve_commitish_target
    retrieve_version
    local release=$(create_release)
    upload_release_attachments "$release"
 }
 main
--- a/resources/com/cadoles/pa11y/Dockerfile
+++ b/resources/com/cadoles/pa11y/Dockerfile
@ -35,7 +35,7 @@ RUN apk add --no-cache \
    chromium \
    bash
-RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y@^5.0.0 pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
+RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
 RUN adduser -D pa11y   
--- a/resources/com/cadoles/pa11y/run-audit.sh
+++ b/resources/com/cadoles/pa11y/run-audit.sh
@ -9,7 +9,6 @@ cd reports
 export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser)
 export PA11Y_REPORTER="${PA11Y_REPORTER:-html}"
 export PA11Y_STANDARD=${PA11Y_STANDARD:-WCAG2AA}
 PA11Y_ARGS=""
--- a/resources/com/cadoles/podman/nfpm.yaml.gotmpl
+++ b/resources/com/cadoles/podman/nfpm.yaml.gotmpl
@ -1,25 +0,0 @@
 {{ $serviceName := index ( .Env.IMAGE_NAME | strings.Split "/" | coll.Reverse ) 0 }}
 name: "cadoles-pod-{{ $serviceName }}"
 arch: amd64
 platform: linux
 version: "{{ strings.TrimPrefix "v" ( getenv "IMAGE_TAG" "latest" ) }}"
 version_schema: none
 version_metadata: git
 section: "{{ getenv "PACKAGE_SECTION" "default" }}"
 priority: "{{ getenv "PACKAGE_PRIORITY" "optional" }}"
 maintainer: "{{ getenv "PACKAGE_MAINTAINER" "contact@cadoles.com" }}"
 description: "{{ getenv "PACKAGE_DESCRIPTION" "" }}"
 homepage: "{{ getenv "PACKAGE_HOMEPAGE" "https://forge.cadoles.com" }}"
 license: "{{ getenv "PACKAGE_LICENCE" "GPL-3.0" }}"
 depends:
  - podman
 scripts:
    postinstall: post-install.sh
 contents:
  - packager: deb
    src: pod.service
    dst: "/usr/lib/systemd/system/cadoles-pod-{{ $serviceName }}.service"
  - packager: deb
    src: pod.conf
    dst: /etc/cadoles-pod-{{ $serviceName }}.conf
    type: config|noreplace
--- a/resources/com/cadoles/podman/pod.conf.gotmpl
+++ b/resources/com/cadoles/podman/pod.conf.gotmpl
@ -1 +0,0 @@
 PODMAN_ARGS="{{ getenv "PODMAN_ARGS" "" }}"
--- a/resources/com/cadoles/podman/pod.service.gotmpl
+++ b/resources/com/cadoles/podman/pod.service.gotmpl
@ -1,24 +0,0 @@
 [Unit]
 Description={{ .Env.IMAGE_NAME }} pod service
 Wants=network-online.target
 After=network-online.target
 RequiresMountsFor=/run/containers/storage
 [Service]
 Type=simple
 Environment=PODMAN_SYSTEMD_UNIT=%n
 EnvironmentFile=-/etc/cadoles-pod-{{ .Env.IMAGE_NAME }}.conf
 Environment=IMAGE_NAME={{ .Env.IMAGE_NAME }} IMAGE_TAG={{ .Env.IMAGE_TAG }}
 PassEnvironment=PODMAN_ARGS IMAGE_NAME IMAGE_TAG
 Restart=on-failure
 TimeoutStopSec=70
 {{ if getenv "SYSTEMD_EXEC_STARTPRE" "" }}
 ExecStartPre={{ .Env.SYSTEMD_EXEC_STARTPRE }}
 {{ end }}
 ExecStart=/bin/sh -c "podman run ${PODMAN_ARGS} '${IMAGE_NAME}:${IMAGE_TAG}'"
 {{ if getenv "SYSTEMD_EXEC_STARTPOST" "" }}
 ExecStartPost={{ .Env.SYSTEMD_EXEC_STARTPOST }}
 {{ end }}
 [Install]
 WantedBy=default.target
--- a/resources/com/cadoles/podman/post-install.sh.gotmpl
+++ b/resources/com/cadoles/podman/post-install.sh.gotmpl
@ -1,79 +0,0 @@
 #!/bin/sh
 # Adapted from https://nfpm.goreleaser.com/tips/
 use_systemctl="True"
 systemd_version=0
 if ! command -V systemctl >/dev/null 2>&1; then
  use_systemctl="False"
 else
  systemd_version=$( systemctl --version | head -1 | sed 's/systemd //g' | cut -d' ' -f1 )
 fi
 SERVICE_NAME="cadoles-pod-{{ .Env.IMAGE_NAME }}"
 cleanup() {
  if [ "${use_systemctl}" = "False" ]; then
    rm -f /usr/lib/systemd/system/$SERVICE_NAME.service
  else
    rm -f /etc/chkconfig/$SERVICE_NAME
    rm -f /etc/init.d/$SERVICE_NAME
  fi
 }
 cleanInstall() {
  if [ "${use_systemctl}" = "False" ]; then
    if command -V chkconfig >/dev/null 2>&1; then
      chkconfig --add $SERVICE_NAME
    fi
    service $SERVICE_NAME restart ||:
  else
    if [ "${systemd_version}" -lt 231 ]; then
      printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
      sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
    fi
    systemctl daemon-reload ||:
    systemctl unmask $SERVICE_NAME ||:
    systemctl preset $SERVICE_NAME ||:
    systemctl enable $SERVICE_NAME ||:
    systemctl restart $SERVICE_NAME ||:
  fi
 }
 upgrade() {
  if [ "${use_systemctl}" = "False" ]; then
    service $SERVICE_NAME restart ||:
  else
    if [ "${systemd_version}" -lt 231 ]; then
      printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
      sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
    fi
    systemctl daemon-reload ||:
    systemctl restart $SERVICE_NAME ||:
  fi
  echo 'Cleaning up unused images...'
  podman image prune -f --filter "reference={{ .Env.IMAGE_NAME }}"
 }
 action="$1"
 if  [ "$1" = "configure" ] && [ -z "$2" ]; then
  action="install"
 elif [ "$1" = "configure" ] && [ -n "$2" ]; then
  action="upgrade"
 fi
 case "$action" in
  "1" | "install")
    cleanInstall
    ;;
  "2" | "upgrade")
    upgrade
    ;;
  *)
    cleanInstall
    ;;
 esac
 cleanup
--- a/resources/com/cadoles/symfony/.php-cs-fixer.dist.php
+++ b/resources/com/cadoles/symfony/.php-cs-fixer.dist.php
@ -1,41 +0,0 @@
 <?php
 $finder = PhpCsFixer\Finder::create()
    ->in(__DIR__.'/src')
    ->name('*.php')
 ;
 return (new PhpCsFixer\Config())
    ->setRules([
        '@Symfony' => true,
        'concat_space' => ['spacing' => 'none'],
        'array_syntax' => ['syntax' => 'short'],
        'combine_consecutive_issets' => true,
        'explicit_indirect_variable' => true,
        'no_useless_return' => true,
        'ordered_imports' => true,
        'no_unused_imports' => true,
        'no_spaces_after_function_name' => true,
        'no_spaces_inside_parenthesis' => true,
        'ternary_operator_spaces' => true,
        'class_definition' => ['single_line' => true],
        'whitespace_after_comma_in_array' => true,
        'phpdoc_add_missing_param_annotation' => ['only_untyped' => true],
        'phpdoc_order' => true,
        'phpdoc_types_order' => [
            'null_adjustment' => 'always_last',
            'sort_algorithm' => 'alpha',
        ],
        'phpdoc_no_empty_return' => false,
        'phpdoc_summary' => false,
        'general_phpdoc_annotation_remove' => [
            'annotations' => [
                'expectedExceptionMessageRegExp',
                'expectedException',
                'expectedExceptionMessage',
                'author',
            ],
        ],
    ])
    ->setFinder($finder)
 ;
--- a/resources/com/cadoles/symfony/Dockerfile
+++ b/resources/com/cadoles/symfony/Dockerfile
@ -1,47 +0,0 @@
 ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
 ARG JQ_VERSION=1.6
 RUN apt-get update && \
    DEBIAN_FRONTEND=noninteractive apt-get install -y \
        wget tar curl ca-certificates \
        openssl bash git unzip \
        php-cli php-dom php-mbstring php-ctype php-xml php-iconv
 COPY add-letsencrypt-ca.sh /root/add-letsencrypt-ca.sh
 RUN bash /root/add-letsencrypt-ca.sh \
    && rm -f /root/add-letsencrypt-ca.sh
 RUN wget -O /usr/local/bin/jq https://github.com/stedolan/jq/releases/download/jq-${JQ_VERSION}/jq-linux64 \
    && chmod +x /usr/local/bin/jq
 # Install local-php-security-checker
 RUN wget -O /usr/local/bin/local-php-security-checker https://github.com/fabpot/local-php-security-checker/releases/download/v${PHP_SECURITY_CHECKER_VERSION}/local-php-security-checker_${PHP_SECURITY_CHECKER_VERSION}_linux_amd64 \
    && chmod +x /usr/local/bin/local-php-security-checker
 # Install junit2md
 RUN junit2md_download_url=$(curl "https://forge.cadoles.com/api/v1/repos/Cadoles/junit2md/releases" -H "accept:application/json" | jq -r 'sort_by(.published_at) | reverse | .[0] | .assets[] | select(.name == "junit2md-linux-amd64.tar.gz") | .browser_download_url') \
    && wget -O junit2md-linux-amd64.tar.gz "$junit2md_download_url" \
    && tar -xzf junit2md-linux-amd64.tar.gz \
    && cp junit2md-linux-amd64/junit2md /usr/local/bin/junit2md
 # Install composer
 RUN wget https://raw.githubusercontent.com/composer/getcomposer.org/76a7060ccb93902cd7576b67264ad91c8a2700e2/web/installer -O - -q | php -- --force --install-dir /usr/local/bin --filename composer \
    && chmod +x /usr/local/bin/composer
 # Install php-cs-fixer
 RUN mkdir --parents /tools/php-cs-fixer \
    && composer require --working-dir=/tools/php-cs-fixer friendsofphp/php-cs-fixer \
    && ln -s /tools/php-cs-fixer/vendor/bin/php-cs-fixer /usr/local/bin/php-cs-fixer
 # Install php-stan 
 RUN mkdir --parents /tools/phpstan \
    && composer require --working-dir=/tools/phpstan phpstan/phpstan \
    && ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
    && composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
    && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
 # Install Symfony
 RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.deb.sh' | bash \
    && apt update \
    && DEBIAN_FRONTEND=noninteractive apt-get install -y symfony-cli
--- a/resources/com/cadoles/symfony/phpstan.neon
+++ b/resources/com/cadoles/symfony/phpstan.neon
@ -1,4 +0,0 @@
 includes:
    - /tools/phpstan/vendor/phpstan/phpstan-symfony/extension.neon
    - /tools/phpstan/vendor/phpstan/phpstan-doctrine/extension.neon
    - /tools/phpstan/vendor/phpstan/phpstan-doctrine/rules.neon
--- a/vars/container.groovy
+++ b/vars/container.groovy
@ -1,219 +0,0 @@
 /**
 * Construit, valide et publie (optionnellement) une image Docker sur le registre Cadoles (par défaut)
 *
 * Options disponibles:
 *
 * - dockerfile - String - Chemin vers le fichier Dockerfile à utiliser pour construire l'image, par défaut "./Dockerfile"
 * - contextDir - String - Répertoire servant de "contexte" pour la construction de l'image, par défault "./"
 * - imageName - String - Nom de l'image à construire, par défaut ""
 * - imageTag - String - Tag apposé sur l'image après construction, par défaut résultat de la commande `git describe --always`
 * - gitCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour cloner le dépôt Git, par défaut "forge-jenkins"
 * - dockerRepository - String - Nom d'hôte du registre Docker sur lequel publier l'image, par défaut "reg.cadoles.com"
 * - dockerRepositoryCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour déployer l'image sur le registre Docker, par défault "reg.cadoles.com-jenkins"
 * - dryRun - Boolean - Désactiver/activer la publication de l'image sur le registre Docker, par défaut "true"
 * - skipVerifications - Boolean - Désactiver/activer les étapes de vérifications de qualité/sécurité de l'image Docker, par défaut "false"
 */
 String buildAndPublishImage(Map options = [:]) {
    String dockerfile = options.get('dockerfile', './Dockerfile')
    String contextDir = options.get('contextDir', '.')
    String imageName = options.get('imageName', '')
    String gitRef = sh(returnStdout: true, script: 'git describe --always').trim()
    String imageTag = options.get('imageTag', gitRef)
    String gitCredentialsId = options.get('gitCredentialsId', 'forge-jenkins')
    String dockerRepository = options.get('dockerRepository', 'reg.cadoles.com')
    String dockerRepositoryCredentialsId = options.get('dockerRepositoryCredentialsId', 'reg.cadoles.com-jenkins')
    Boolean dryRun = options.get('dryRun', true)
    Boolean skipVerifications = options.get('skipVerification', false)
    String projectRepository = env.JOB_NAME
    if (env.BRANCH_NAME ==~ /^PR-.*$/) {
        projectRepository = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
    }
    projectRepository = options.get('projectRepository', projectRepository)
    withCredentials([
        usernamePassword([
            credentialsId: dockerRepositoryCredentialsId,
            usernameVariable: 'HUB_USERNAME',
            passwordVariable: 'HUB_PASSWORD'
        ]),
    ]) {
        stage('Validate Dockerfile with Hadolint') {
            utils.when(!skipVerifications) {
                runHadolintCheck(dockerfile, projectRepository)
            }
        }
        stage("Build image '${imageName}:${imageTag}'") {
            git.withHTTPCredentials(gitCredentialsId) {
                sh """
                docker build \
                    --build-arg="GIT_USERNAME=${env.GIT_USERNAME}" \
                    --build-arg="GIT_PASSWORD=${env.GIT_PASSWORD}" \
                    -t '${imageName}:${imageTag}' \
                    -f '${dockerfile}' \
                    '${contextDir}'
                """
            }
        }
        stage('Validate image with Trivy') {
            utils.when(!skipVerifications) {
                runTrivyCheck("${imageName}:${imageTag}", projectRepository)
            }
        }
        stage("Publish image '${imageName}:${imageTag}'") {
            utils.when(!dryRun) {
                retry(2) {
                    sh """
                        echo ${env.HUB_PASSWORD} | docker login -u '${env.HUB_USERNAME}' --password-stdin '${dockerRepository}'
                        docker push '${imageName}:${imageTag}'
                    """
                }
            }
        }
    }
 }
 void runHadolintCheck(String dockerfile, String projectRepository) {
    String reportFile = ".hadolint-report-${currentBuild.startTimeInMillis}.txt"
    try {
        validateDockerfileWithHadolint(dockerfile, ['reportFile': reportFile])
    } catch (err) {
        unstable("Dockerfile '${dockerfile}' failed linting !")
    } finally {
        String lintReport = ''
        if (fileExists(reportFile)) {
            lintReport = """${lintReport}
            |
            |```
            |${readFile(reportFile)}
            |```"""
        } else {
            lintReport = """${lintReport}
            |
            |_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
        }
        String defaultReport = '_Rien à signaler !_ :thumbsup:'
        String report = """## Validation du Dockerfile `${dockerfile}`
        |
        |${lintReport ?: defaultReport}
        """.stripMargin()
        print report
        if (env.CHANGE_ID) {
            gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
        }
    }
 }
 String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
    String hadolintBin = getOrInstallHadolint(options)
    String hadolintArgs = options.get('hadolintArgs', '--no-color')
    String reportFile = options.get('reportFile', ".hadolint-report-${currentBuild.startTimeInMillis}.txt")
    sh("""#!/bin/bash
    set -eo pipefail
    '${hadolintBin}' '${dockerfile}' ${hadolintArgs} | tee '${reportFile}'
    """)
    return reportFile
 }
 void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
    String reportFile = ".trivy-report-${currentBuild.startTimeInMillis}.txt"
    try {
        validateImageWithTrivy(imageName, ['reportFile': reportFile])
    } catch (err) {
        unstable("Image '${imageName}' failed validation !")
    } finally {
        String lintReport = ''
        if (fileExists(reportFile)) {
            lintReport = """${lintReport}
            |
            |```
            |${readFile(reportFile)}
            |```"""
        } else {
            lintReport = """${lintReport}
            |
            |_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
        }
        String defaultReport = '_Rien à signaler !_ :thumbsup:'
        String report = """## Validation de l'image `${imageName}`
        |
        |${lintReport ?: defaultReport}
        """.stripMargin()
        print report
        if (env.CHANGE_ID) {
            gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
        }
    }
 }
 String validateImageWithTrivy(String imageName, Map options = [:]) {
    String trivyBin = getOrInstallTrivy(options)
    String trivyArgs = options.get('trivyArgs', '--exit-code 1')
    String cacheDirectory = options.get('cacheDirectory', '.trivy/.cache')
    String cacheDefaultBranch = options.get('cacheDefaultBranch', 'develop')
    Integer cacheMaxSize = options.get('cacheMaxSize', 250)
    String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
    cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
        [$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
    ]) {
        sh("'${trivyBin}' --cache-dir '${cacheDirectory}' image -o '${reportFile}' ${trivyArgs} '${imageName}'")
    }
    return reportFile
 }
 String getOrInstallHadolint(Map options = [:]) {
    String installDir = options.get('installDir', '/usr/local/bin')
    String version = options.get('version', '2.10.0')
    String forceDownload = options.get('forceDownload', false)
    String downloadUrl = options.get('downloadUrl', "https://github.com/hadolint/hadolint/releases/download/v${version}/hadolint-Linux-x86_64")
    String hadolintBin = sh(returnStdout: true, script: 'which hadolint || exit 0').trim()
    if (hadolintBin == '' || forceDownload) {
        sh("""
        mkdir -p '${installDir}'
        curl -o '${installDir}/hadolint' -sSL '${downloadUrl}'
        chmod +x '${installDir}/hadolint'
        """)
        hadolintBin = "${installDir}/hadolint"
    }
    return hadolintBin
 }
 String getOrInstallTrivy(Map options = [:]) {
    String installDir = options.get('installDir', '/usr/local/bin')
    String version = options.get('version', '0.27.1')
    String forceDownload = options.get('forceDownload', false)
    String installScriptDownloadUrl = options.get('downloadUrl', 'https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh')
    String trivyBin = sh(returnStdout: true, script: 'which trivy || exit 0').trim()
    if (trivyBin == '' || forceDownload) {
        sh("""
        mkdir -p '${installDir}'
        curl -sfL '${installScriptDownloadUrl}'  | sh -s -- -b '${installDir}' v${version}
        chmod +x '${installDir}/trivy'
        """)
        trivyBin = "${installDir}/trivy"
    }
    return trivyBin
 }
--- a/vars/cpkg.groovy
+++ b/vars/cpkg.groovy
@ -1,8 +1,8 @@
 import java.util.regex.Matcher
 // Basic port of https://forge.cadoles.com/Cadoles/cpkg
 def call(Map params = [:]) {
    def currentRef = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
    def baseRef = params.baseRef ? params.baseRef : currentRef
    def distRepo = params.distRepo ? params.distRepo : 'dev'
    def dist = params.dist ? params.dist : 'eole'
    def distVersion = params.distVersion ? params.distVersion : '2.7.0'
@ -12,7 +12,7 @@ def call(Map params = [:]) {
    def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
    def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
    def skipCi = params.containsKey('skipCi') ? params.skipCi : false
-    def skipPush = params.containsKey('skipPush') ? params.skipPush : true
+    def skipPush = params.containsKey('skipPush') ? params.skipPush: true
    // Define dist branch based on provided informations and base branch name
    def distBranch = "dist/${dist}/${distVersion}/${distBranchName}"
@ -28,7 +28,7 @@ def call(Map params = [:]) {
        sh("git config --add remote.origin.fetch +refs/heads/${distBranch}:refs/remotes/origin/${distBranch}")
        // Update branches
-        sh('git fetch --all')
+        sh("git fetch --all")
        // Merge currentRef into distBranch and push
        sh("git checkout -b '${distBranch}' 'origin/${distBranch}'")
@ -40,11 +40,11 @@ def call(Map params = [:]) {
        sh("git merge ${currentRef}")
        if (!skipPush) {
-            sh('git push')
+            sh("git push")
        } else {
            println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
        }
-
+        
        // Retrieve last tag matching pattern pkg/${distRepo}/${dist}-${distVersion}/*
        def lastTag = sh(
            script: "git tag -l 'pkg/${distRepo}/${dist}-${distVersion}/*' --sort=v:refname | tail -n 1",
@ -61,25 +61,7 @@ def call(Map params = [:]) {
        println("Last version number is '${lastVersionNumber}'")
-        String versionRoot = extractVersionRoot(lastVersionNumber)
+        def versionNumber = incrementVersionNumber(lastVersionNumber)
        String versionNumber = ''
        if (versionRoot) {
            versionNumber = versionRoot
        } else {
            versionNumber = sh(
                script: "git describe --always ${currentRef}",
                returnStdout: true,
            ).split('/').last().trim()
            Boolean isCommitRef = !versionNumber.matches(/^[0-9]+\.[0-9]+\.[0-9]+.*$/)
            if (isCommitRef) {
                versionNumber = "0.0.0-${versionNumber}"
            }
        }
        versionNumber = "${versionNumber}-b${env.BUILD_NUMBER}"
        println("New version number will be '${versionNumber}'")
        result['newVersionNumber'] = versionNumber
@ -89,16 +71,16 @@ def call(Map params = [:]) {
        result['newTag'] = tag
-        def tagComment = "Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
+        def tagComment="Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
        if (skipCi) {
            tagComment += ' [ci skip]'
        }
-        sh("git tag -f -a '${tag}' -m '${tagComment}'")
+        sh("git tag -a '${tag}' -m '${tagComment}'")
        // Push tag
        if (!skipPush) {
-            sh('git push --tags -f')
+            sh("git push --tags")
        } else {
            println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
        }
@ -126,13 +108,20 @@ def call(Map params = [:]) {
    return result
 }
-@NonCPS
+def incrementVersionNumber(String versionNumber) {
-String extractVersionRoot(String fullVersion) {
+    // Split versionNumber (typical pattern: <major>.<minor>.<patch>)
-    Matcher fullVersionMatcher = fullVersion =~ /^([0-9]+\.[0-9]+\.[0-9]+).*$/
+    def versionNumberParts = versionNumber.split(/\./)
    if (!fullVersionMatcher.matches()) {
        return ""
    }
-    return fullVersionMatcher.group(1)
+    // Extract path number
-}
+    def patchNumber = versionNumberParts.last()
    // Split patch number (typical pattern: <patch>-<build>)
    def patchNumberParts = patchNumber.split('-')
    // If version number matches pattern <major>.<minor>.<patch>-<build>
    if (patchNumberParts.size() > 1) {
        return versionNumberParts[0..-2].join('.') + '.' + patchNumberParts[0..-2].join('-') + '-' + (patchNumberParts.last().toInteger() + 1)
    } else { // Else version number matches pattern <major>.<minor>.<patch>
        return versionNumberParts[0..-2].join('.') + '.' + (patchNumber.toInteger() + 1)
    }
 }
--- a/vars/debian.groovy
+++ b/vars/debian.groovy
@ -2,7 +2,6 @@ def waitForRepoPackage(String packageName, Map params = [:]) {
  def expectedVersion = params.expectedVersion ? params.expectedVersion : null
  def delay = params.delay ? params.delay : 30
  def waitTimeout = params.timeout ? params.timeout : 2400
  def asPattern = params.containsKey("asPattern") ? params.asPattern : true
  def message = "Waiting for package '${packageName}'"
  if (expectedVersion != null) {
@ -27,11 +26,9 @@ def waitForRepoPackage(String packageName, Map params = [:]) {
        println("Package found !")
        break
      }
-
+      
      def versionFound = packages.find {
-        def matches = asPattern ? it['version'] =~ expectedVersion : it['version'] == expectedVersion
+        return it['version'] =~ expectedVersion
        println("Comparing expected version '${expectedVersion}' to '${it['version']}': ${matches}")
        return matches
      }
      if (versionFound) {
@ -79,10 +76,5 @@ def listRepoPackages(Map params = [:]) {
    }
  }
  println "Found packages:"
  packages.each{
    println " - Package: ${it.key}, Version: ${it.value['version']}"
  }
  return packages
 }
--- a/vars/gitea.groovy
+++ b/vars/gitea.groovy
@ -1,104 +0,0 @@
 def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = -1) {
  comment = comment.replaceAll('"', '\\"')
  withCredentials([
    string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
  ]) {
    writeFile(file: '.prComment', text: comment)
    sh """#!/bin/bash
    set -xeo pipefail
    previous_comment_id=null
    if [ "${commentIndex}" != "-1" ]; then
      # Récupération si il existe du commentaire existant
      previous_comment_id=\$(curl -v --fail \
        -H "Authorization: token ${GITEA_TOKEN}" \
        -H "Content-Type: application/json" \
        https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
        | jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
      )
    fi
    # Génération du payload pour l'API Gitea
    echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json
    if [[ "\$previous_comment_id" == "null" ]]; then
      # Création du commentaire via l'API Gitea
      curl -v --fail \
        -XPOST \
        -H "Authorization: token ${GITEA_TOKEN}" \
        -H "Content-Type: application/json" \
        -d @payload.json \
        https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments
    else
      # Modification du commentaire existant
      curl -v --fail \
        -XPATCH \
        -H "Authorization: token ${GITEA_TOKEN}" \
        -H "Content-Type: application/json" \
        -d @payload.json \
        https://forge.cadoles.com/api/v1/repos/${repo}/issues/comments/\$previous_comment_id
    fi
    """
  }
 }
 // Effectue une "release" sur Gitea pour le <ORG>/<PROJET> donné.
 def release(String credentialsId, String org, String project, Map options = [:]) {
  def isDraft = options.get('isDraft', false)
  def baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
  def defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
  def releaseVersion = options.get('releaseVersion', defaultVersion)
  def releaseName = options.get('releaseName', releaseVersion)
  def commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)
  def defaultIsPrerelease = true
  try {
    sh(script: "git describe --exact-match ${GIT_COMMIT}")
    defaultIsPrerelease = false
  } catch (err) {
    println "Could not find tag associated with commit '${GIT_COMMIT}' ! Using 'prerelease' as default."
  }
  def isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
  def body = options.get('body', '')
  def attachments = options.get('attachments', [])
  def scriptTempDir =  ".gitea-release-script-${System.currentTimeMillis()}"
  sh("mkdir -p '${scriptTempDir}'")
  def giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"
  def giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
  writeFile file: giteaReleaseScript, text:giteaReleaseScriptContent
  sh("chmod +x '${giteaReleaseScript}'")
  try {
    withCredentials([
      usernamePassword(
        credentialsId: credentialsId,
        usernameVariable: 'GITEA_RELEASE_USERNAME',
        passwordVariable: 'GITEA_RELEASE_PASSWORD'
      )
    ]) {
      sh """
      export GITEA_RELEASE_PROJECT="${project}"
      export GITEA_RELEASE_ORG="${org}"
      export GITEA_RELEASE_BASE_URL="${baseUrl}"
      export GITEA_RELEASE_VERSION="${releaseVersion}"
      export GITEA_RELEASE_NAME="${releaseName}"
      export GITEA_RELEASE_COMMITISH_TARGET="${commitishTarget}"
      export GITEA_RELEASE_IS_DRAFT="${isDraft}"
      export GITEA_RELEASE_IS_PRERELEASE="${isPrerelease}"
      export GITEA_RELEASE_BODY="${body}"
      export GITEA_RELEASE_ATTACHMENTS="${attachments.join(' ')}"
      ${giteaReleaseScript}
      """
    }
  } finally {
    dir(scriptTempDir) {
      deleteDir()
    }
  }
 }
--- a/vars/gomplate.groovy
+++ b/vars/gomplate.groovy
@ -1,46 +0,0 @@
 void call(String sourceTemplate, String destFile, Map env = [:], Map options = [:]) {
    String gomplateBin = getOrInstallGomplate(options)
    sh """
    ${exportEnvMap(env)}
    ${gomplateBin} -f '${sourceTemplate}' > '${destFile}'
    """
 }
 String exportEnvMap(Map env) {
    String exports = ''
    env.each { item ->
        exports = """
        ${exports}
        export ${item.key}="${item.value}"
        """
    }
    return exports
 }
 String getOrInstallGomplate(Map options = [:]) {
    String installDir = options.get('installDir', '/usr/local/bin')
    String version = options.get('version', '3.10.0')
    Boolean forceDownload = options.get('forceDownload', false)
    String downloadUrl = options.get('downloadUrl', "https://github.com/hairyhenderson/gomplate/releases/download/v${version}/gomplate_linux-amd64")
    String gomplateBin = ''
    lock("${env.NODE_NAME}:gomplate-install") {
        gomplateBin = sh(returnStdout: true, script: 'which gomplate || exit 0').trim()
        if (gomplateBin == '' || forceDownload) {
            sh("""
            mkdir -p '${installDir}'
            curl -o '${installDir}/gomplate' -sSL '${downloadUrl}'
            chmod +x '${installDir}/gomplate'
            """)
            gomplateBin = "${installDir}/gomplate"
        }
    }
    return gomplateBin
 }
--- a/vars/hook.groovy
+++ b/vars/hook.groovy
@ -1,19 +1,15 @@
 def call(String name) {
-    def filepath = "${env.WORKSPACE}/.jenkins/${name}.groovy"
+    def rootDir = pwd()
    def filepath = "${rootDir}/.jenkins/${name}.groovy"
    def exists = fileExists(filepath)
    if (!exists) {
        println("No hook '${filepath}' script. Skipping.")
        return
    }
    def hook = load(filepath)
-
+    if(hook.metaClass.respondsTo(hook, 'exec')) {
    if (hook == null) {
        error("Hook '${filepath}' seems to be null. Did you forget to add 'return this' at the end of the script ?")
    }
    if (hook.metaClass.respondsTo(hook, 'exec')) {
        hook.exec()
    } else {
        error("Hook script '${filepath}' exists but does not expose an exec() function.")
    }
-}
+}
--- a/vars/nfpm.groovy
+++ b/vars/nfpm.groovy
@ -1,37 +0,0 @@
 /**
 * Générer des paquets Debian, RPM, Alpine (ipk) via nfpm
 * Voir See https://nfpm.goreleaser.com/
 *
 * Options:
 * - installDir - Répertoire d'installation du binaire nfpm, par défaut /usr/local/bin
 * - version - Version de nfpm à installer, par défaut 2.15.1
 * - forceDownload - Forcer l'installation de nfpm, par défaut false
 * - config - Fichier de configuration nfpm à utiliser, par défaut nfpm.yaml
 * - target - Répertoire cible pour nfpm, par défaut ./dist
 * - packager - Limiter l'exécution de nfpm à un packager spécifique, par défaut "deb" (i.e. pas de limitation)
 */
 void call(Map options = [:]) {
    String installDir = options.get('installDir', '/usr/local/bin')
    String version = options.get('version', '2.20.0')
    Boolean forceDownload = options.get('forceDownload', false)
    String downloadUrl = options.get('downloadUrl', "https://github.com/goreleaser/nfpm/releases/download/v${version}/nfpm_${version}_Linux_x86_64.tar.gz")
    String config = options.get('config', 'nfpm.yaml')
    String target = options.get('target', env.WORKSPACE + '/dist')
    String packager = options.get('packager', 'deb')
    String nfpmBin = sh(returnStdout: true, script: 'which nfpm || exit 0').trim()
    if (nfpmBin == '' || forceDownload) {
        sh("""
        mkdir -p '${installDir}'
        curl -L '${downloadUrl}' > /tmp/nfpm.tar.gz
        tar -C /usr/local/bin -xzf /tmp/nfpm.tar.gz
        """)
        nfpmBin = "${installDir}/nfpm"
    }
    sh("""
    mkdir -p '${target}'
    ${nfpmBin} package --config '${config}' ${packager ? '--packager ' + packager : ''} --target '${target}'
    """)
 }
--- a/vars/podman.groovy
+++ b/vars/podman.groovy
@ -1,44 +0,0 @@
 void buildCadolesPodPackage(String imageName, String imageTag, Map options = [:]) {
  String destDir = options.get('destDir', env.WORKSPACE + '/dist')
  Map nfpmOptions = options.get('nfpmOptions', [:])
  nfpmOptions['target'] = destDir
  Map env = options.get('env', [:])
  env['IMAGE_NAME'] = imageName
  env['IMAGE_TAG'] = imageTag
  withPodmanPackagingTempDir {
    gomplate('post-install.sh.gotmpl', 'post-install.sh', env)
    gomplate('pod.service.gotmpl', 'pod.service', env)
    gomplate('pod.conf.gotmpl', 'pod.conf', env)
    gomplate('nfpm.yaml.gotmpl', 'nfpm.yaml', env)
    nfpm(nfpmOptions)
  }
 }
 void withPodmanPackagingTempDir(Closure fn) {
  File tempDir = File.createTempDir()
  tempDir.deleteOnExit()
  tempDir.mkdirs()
  dir(tempDir.getAbsolutePath()) {
    List<String> resources = [
      'com/cadoles/podman/nfpm.yaml.gotmpl',
      'com/cadoles/podman/pod.conf.gotmpl',
      'com/cadoles/podman/pod.service.gotmpl',
      'com/cadoles/podman/post-install.sh.gotmpl',
    ]
    for (res in resources) {
      String fileContent = libraryResource res
      String fileName = res.substring(res.lastIndexOf('/') + 1)
      writeFile file:fileName, text:fileContent
    }
    fn()
  }
 }
--- a/vars/pulp.groovy
+++ b/vars/pulp.groovy
@ -1,43 +1,88 @@
 import groovy.json.JsonOutput
 def getResourceHREF(
    String credentials,
    String resourceEndpoint,
    String resourceName,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
    def jsonResponse = readJSON text: response.content
    def resource = jsonResponse.results.find { it -> it.name == resourceName}
    if (resource) {
        return resource.pulp_href
    }
    return null
 }
 def waitForTaskCompletion(
    String credentials,
    String taskHREF,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def status = ''
    def created_resources = []
    while (status != 'completed') {
        def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
        def jsonResponse = readJSON text: response.content
        status = jsonResponse.state
        if (status == 'completed') {
            return jsonResponse.created_resources
        } else if (!(status in ['running','waiting'])) {
            break
        }
        sleep(10)
    }
    throw new Exception("Task failed:" + jsonResponse.error.description)
 }
 def exportPackages(
    String credentials,
    List packages = [],
-    String pulpHost = 'pulp.bbohard.lan'
+    String pulpHost = 'pulp.cadoles.com'
 ) {
    def exportTasks = []
-    packages.each {
+   packages.each {
-        def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, responseHandle: 'NONE', uploadFile: "${it}"
+        def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
-        jsonResponse = readJSON text: response.content
+        def jsonResponse = readJSON text: response.content
        println(jsonResponse)
        exportTasks << jsonResponse['task']
    }
    return exportTasks
 }
 def createRepository(
 	String credentials,
    String name,
    String pulpHost = 'pulp.cadoles.com'
    ) {
    def repositoryName = ["name": name]
    def postBody = JsonOutput.toJson(repositoryName)
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
    def jsonResponse = readJSON text: response.content
    return jsonResponse.pulp_href
 }
 def getRepositoryHREF(
    String credentials,
-    String repositoryLevel = 'dev',
+    String repository = 'Cadoles4MSE unstable'
    String pulpHost = 'pulp.bbohard.lan'
    ) {
-    def repositoriesMapping = ['dev': 'Cadoles4MSE']
+    def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
-    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'GET', ignoreSslErrors: true
+    if (repositoryHREF) {
-    def jsonResponse = readJSON text: response.content
+        return repositoryHREF
-    println(jsonResponse)
+    } else {
-    def repositories = jsonResponse.results
+        return createRepository(credentials, repository)
-    def repositoryHREF = repositories.find { it -> it['name'] == repositoriesMapping[repositoryLevel] }
+    }
    return repositoryHREF.pulp_href
 }
 def addToRepository(
    String credentials,
    List packagesHREF,
    String repositoryHREF,
-    String pulpHost = 'pulp.bbohard.lan'
+    String pulpHost = 'pulp.cadoles.com'
 ) {
    def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
    def postBody = JsonOutput.toJson(packagesHREFURL)
-    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "100:599"
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
    def jsonResponse = readJSON text: response.content
    return waitForTaskCompletion(credentials, jsonResponse.task)
 }
@ -45,12 +90,19 @@ def addToRepository(
 def publishRepository(
    String credentials,
    String repositoryHREF,
-    String pulpHost = 'pulp.bbohard.lan'
+    String signing_service = null,
    String pulpHost = 'pulp.cadoles.com'
 ) {
-    def postBody = JsonOutput.toJson(["repository": repositoryHREF, "simple": true])
+    def postContent = ["repository": repositoryHREF, "simple": true]
-    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true
+    if (signing_service) {
        def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
        if (signingServiceHREF) {
            postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
        }
    }
    def postBody = JsonOutput.toJson(postContent)
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
    def jsonResponse = readJSON text: response.content
    println(jsonResponse)
    return waitForTaskCompletion(credentials, jsonResponse.task)
 }
@ -59,26 +111,30 @@ def distributePublication(
    String publicationHREF,
    String distributionName,
    String basePath,
-    String pulpHost = 'pulp.bbohard.lan',
+    String contentGuard = null,
-    String contentGuard = null
+    String pulpHost = 'pulp.cadoles.com'
 ) {
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/distributions/deb/apt/", httpMode: 'GET', ignoreSslErrors: true
    def jsonResponse = readJSON text: response.content
    def httpMode = ''
    def url = ''
-    def distribution = jsonResponse.results.find { it -> it.name == distributionName}
+    def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
-    if (distribution) {
+    if (distributionHREF) {
        httpMode = 'PUT'
-        url = distribution.pulp_href
+        url = distributionHREF
    } else {
        httpMode = 'POST'
        url = '/pulp/api/v3/distributions/deb/apt/'
    }
-    def postBody = JsonOutput.toJson(["publication": publicationHREF, "name": distributionName, "base_path": basePath, "content_guard": contentGuard])
+    def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
-    response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "100:599"
+    if (contentGuard) {
        def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
        if (contentGuardHREF) {
            bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
        }
    }
    def postBody = JsonOutput.toJson(bodyContent)
    response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
    jsonResponse = readJSON text: response.content
-    if (distribution) {
+    if (distributionHREF) {
        waitForTaskCompletion(credentials, jsonResponse.task)
        return [url]
    } else {
@ -86,31 +142,12 @@ def distributePublication(
    }
 }
 def waitForTaskCompletion(
    String credentials,
    String taskHREF,
    String pulpHost = 'pulp.bbohard.lan'
 ) {
    def status = ''
    def created_resources = []
    while (status != 'completed') {
        def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true
        def jsonResponse = readJSON text: response.content
        status = jsonResponse.state
        if (status == 'completed') {
            created_resources = jsonResponse.created_resources
        }
        sleep(10)
    }
    return created_resources
 }
 def getDistributionURL(
    String credentials,
    String resourceHREF,
-    String pulpHost = 'pulp.bbohard.lan'
+    String pulpHost = 'pulp.cadoles.com'
 ) {
-    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true
+    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
    def jsonResponse = readJSON text: response.content
    println(jsonResponse)
    return jsonResponse.base_url
--- a/vars/pulp.groovy.bak
+++ b/vars/pulp.groovy.bak
@ -0,0 +1,154 @@
 import groovy.json.JsonOutput
 def getResourceHREF(
    String credentials,
    String resourceEndpoint,
    String resourceName,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/${resourceEndpoint}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
    def jsonResponse = readJSON text: response.content
    def resource = jsonResponse.results.find { it -> it.name == resourceName}
    if (resource) {
        return resource.pulp_href
    }
    return null
 }
 def waitForTaskCompletion(
    String credentials,
    String taskHREF,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def status = ''
    def created_resources = []
    while (status != 'completed') {
        def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
        def jsonResponse = readJSON text: response.content
        status = jsonResponse.state
        if (status == 'completed') {
            return jsonResponse.created_resources
        } else if (!(status in ['running','waiting'])) {
            break
        }
        sleep(10)
    }
    throw new Exception("Task failed:" + jsonResponse.error.description)
 }
 def exportPackages(
    String credentials,
    List packages = [],
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def exportTasks = []
   packages.each {
        def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, uploadFile: "${it}", validResponseCodes: "202"
        def jsonResponse = readJSON text: response.content
        exportTasks << jsonResponse['task']
    }
    return exportTasks
 }
 def createRepository(
 	String credentials,
    String name,
    String pulpHost = 'pulp.cadoles.com'
    ) {
    def repositoryName = ["name": name]
    def postBody = JsonOutput.toJson(repositoryName)
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "201"
    def jsonResponse = readJSON text: response.content
    return jsonResponse.pulp_href
 }
 def getRepositoryHREF(
    String credentials,
    String repository = 'Cadoles4MSE unstable'
    ) {
    def repositoryHREF = getResourceHREF(credentials, 'repositories/deb/apt/', repository)
    if (repositoryHREF) {
        return repositoryHREF
    } else {
        return createRepository(credentials, repository)
    }
 }
 def addToRepository(
    String credentials,
    List packagesHREF,
    String repositoryHREF,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
    def postBody = JsonOutput.toJson(packagesHREFURL)
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
    def jsonResponse = readJSON text: response.content
    return waitForTaskCompletion(credentials, jsonResponse.task)
 }
 def publishRepository(
    String credentials,
    String repositoryHREF,
    String signing_service = null,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def postContent = ["repository": repositoryHREF, "simple": true]
    if (signing_service) {
        def signingServiceHREF = getResourceHREF(credentials, 'signing-services/', signing_service)
        if (signingServiceHREF) {
            postContent.put("signing_service", "https://${pulpHost}${signingServiceHREF}")
        }
    }
    def postBody = JsonOutput.toJson(postContent)
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
    def jsonResponse = readJSON text: response.content
    return waitForTaskCompletion(credentials, jsonResponse.task)
 }
 def distributePublication(
    String credentials,
    String publicationHREF,
    String distributionName,
    String basePath,
    String contentGuard = null,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def httpMode = ''
    def url = ''
    def distributionHREF = getResourceHREF(credentials, 'distributions/deb/apt/', distributionName)
    if (distributionHREF) {
        httpMode = 'PUT'
        url = distributionHREF
    } else {
        httpMode = 'POST'
        url = '/pulp/api/v3/distributions/deb/apt/'
    }
    def bodyContent = ["publication": publicationHREF, "name": distributionName, "base_path": basePath]
    if (contentGuard) {
        def contentGuardHREF = getResourceHREF(credentials, 'contentguards/core/rbac/', contentGuard)
        if (contentGuardHREF) {
            bodyContent.put('content_guard', "https://${pulpHost}${contentGuardHREF}")
        }
    }
    def postBody = JsonOutput.toJson(bodyContent)
    response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "202"
    jsonResponse = readJSON text: response.content
    if (distributionHREF) {
        waitForTaskCompletion(credentials, jsonResponse.task)
        return [url]
    } else {
        return waitForTaskCompletion(credentials, jsonResponse.task)
    }
 }
 def getDistributionURL(
    String credentials,
    String resourceHREF,
    String pulpHost = 'pulp.cadoles.com'
 ) {
    def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true, validResponseCodes: "200"
    def jsonResponse = readJSON text: response.content
    println(jsonResponse)
    return jsonResponse.base_url
 }
--- a/vars/symfonyAppPipeline.groovy
+++ b/vars/symfonyAppPipeline.groovy
@ -1,134 +0,0 @@
 import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
 def call(String baseImage = 'ubuntu:22.04', Map options = [:]) {
  Map hooks = options.get('hooks', [:])
  String jobHistory = options.get('jobHistory', '10')
  node {
    properties([
      buildDiscarder(logRotator(daysToKeepStr: jobHistory, numToKeepStr: jobHistory)),
    ])
    stage('Cancel older jobs') {
      def buildNumber = env.BUILD_NUMBER as int
      if (buildNumber > 1) milestone(buildNumber - 1)
      milestone(buildNumber)
    }
    stage('Checkout project') {
      checkout(scm)
    }
    stage('Run pre hooks') {
      runHook(hooks, 'preSymfonyAppPipeline')
    }
    stage('Run in Symfony image') {
      def symfonyImage = buildDockerImage(baseImage, hooks)
      symfonyImage.inside() {
        def repo = env.JOB_NAME
        if (env.BRANCH_NAME ==~ /^PR-.*$/) {
          repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
        }
        stage('Install composer dependencies') {
          sh '''
          symfony composer install
          '''
        }
        parallel([
          'php-security-check': {
            stage('Check PHP security issues') {
              catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
                def auditReport = sh(script: 'local-php-security-checker --format=markdown || true', returnStdout: true)
                if (auditReport.trim() != '') {
                  if (env.CHANGE_ID) {
                    gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport)
                  } else {
                    print auditReport
                  }
                }
                if (!auditReport.contains('No packages have known vulnerabilities.')) {
                  throw new Exception('Dependencies check failed !')
                }
              }
            }
          },
          'php-cs-fixer': {
            stage('Run PHP-CS-Fixer on modified code') {
              catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
                if ( !fileExists('.php-cs-fixer.dist.php') ) {
                  def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php'
                  writeFile file:'.php-cs-fixer.dist.php', text:phpCsFixerConfig
                }
                sh '''
                  CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
                  if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
                  symfony php $(which php-cs-fixer) fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit  ${EXTRA_ARGS} > php-cs-fixer.xml || true
                '''
                def report = sh(script: 'junit2md php-cs-fixer.xml', returnStdout: true)
                if (env.CHANGE_ID) {
                  gitea.commentPullRequest(repo, env.CHANGE_ID, report)
                } else {
                  print report
                }
              }
            }
          },
          'phpstan': {
            stage('Run phpstan') {
              catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
                if ( !fileExists('phpstan.neon') ) {
                  def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon'
                  writeFile file:'phpstan.neon', text:phpStanConfig
                }
                sh '''
                  symfony php $(which phpstan) analyze -l 1 --error-format=table src > phpstan.txt || true
                '''
                def report = sh(script: 'cat phpstan.txt', returnStdout: true)
                report = '## Rapport PHPStan\n\n```\n' + report
                report = report + '\n```\n'
                if (env.CHANGE_ID) {
                  gitea.commentPullRequest(repo, env.CHANGE_ID, report)
                } else {
                  print report
                }
              }
            }
          }
        ])
      }
    }
    stage('Run post hooks') {
      runHook(hooks, 'postSymfonyAppPipeline')
    }
  }
 }
 void buildDockerImage(String baseImage, Map hooks) {
  def imageName = 'cadoles-symfony-ci'
  dir(".${imageName}") {
    def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile'
    writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile
    def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
    writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
    runHook(hooks, 'buildSymfonyImage')
    def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
    def imageTag = "${safeJobName}-${env.BUILD_ID}"
    return docker.build("${imageName}:${imageTag}", '.')
  }
 }
 void runHook(Map hooks, String name) {
  if (!hooks[name]) {
    println("No hook '${name}' defined. Skipping.")
    return
  }
  if (hooks[name] instanceof Closure) {
    hooks[name]()
  } else {
    error("Hook '${name}' seems to be defined but is not a closure !")
  }
 }
--- a/vars/tamarin.groovy
+++ b/vars/tamarin.groovy
@ -7,46 +7,38 @@ def buildPackageWithCPKG(
    Boolean forceRebuild = false
 ) {
-    def builds = []
+    def result = [:]
    // Retrieve commit tags
-    def commitTags = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true).split(' ')
+    def commitTag = sh(script: 'git describe --exact-match --abbrev=0', returnStdout: true)
-    if (commitTags.length == 0) {
+    if (commitTag == '') {
        error 'No build build tags on last commit'
    }
-    // For each tags
+    // Split tag to retrieve context informations
-    for (tag in commitTags) {
+    def tagParts = commitTag.split('/')
    def packageEnv = tagParts[1]
    def packageDistrib = tagParts[2]
    def packageVersion = tagParts[3]
-        // Split tag to retrieve context informations
+    // Create .tamarinrc file
-        def tagParts = tag.split('/')
+    def tamarinrc = """
-        def packageEnv = tagParts[1]
+    project_version=${packageVersion}
-        def packageDistrib = tagParts[2]
+    no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
-        def packageVersion = tagParts[3]
+    """.stripIndent()
    writeFile file: '.tamarinrc', text: tamarinrc
-        // Create .tamarinrc file
+    sh "rm -rf ${destDir}/*"
        def tamarinrc = """
        project_version=${packageVersion}
        no_version_suffix=${ packageEnv == 'stable' || packageEnv == 'staging' ? 'yes' : 'no' }
        """.stripIndent()
        writeFile file: '.tamarinrc', text: tamarinrc
        sh "rm -rf ${destDir}/*"
-        stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
+    stage("Build ${packageEnv} package (version ${packageVersion}) for ${packageDistrib}") {
-            def result = [:]
+        result.put('tag', commitTag)
-            result.put('tag', tag)
+        result.put('env', packageEnv)
-            result.put('env', packageEnv)
+        result.put('version', packageVersion)
-            result.put('version', packageVersion)
+        result.put('distrib', packageDistrib)
-            result.put('distrib', packageDistrib)
+        def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
-            def packages = buildPackage(packageProfile, packageArch, baseImage, destDir, forceRebuild)
+        result.put('packages', packages)
            result.put('packages', packages)
            builds << result
        }
    }
-
+    return result
    return builds
 }
@ -129,4 +121,4 @@ def buildDockerImage() {
        def imageTag = "${safeJobName}-${env.BUILD_ID}"
        return docker.build("tamarin:${imageTag}", ".")
    }
-}
+}
--- a/vars/utils.groovy
+++ b/vars/utils.groovy
@ -1,13 +0,0 @@
 import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
 void when(Boolean condition, body) {
    Map config = [:]
    body.resolveStrategy = Closure.OWNER_FIRST
    body.delegate = config
    if (condition) {
        body()
    } else {
        Utils.markStageSkippedForConditional(STAGE_NAME)
    }
 }
Author	SHA1	Message	Date
Benjamin Bohard	6fa3cdf8c1	Le paramètre doit être de type string Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-07-06 14:31:04 +02:00
vfebvre	ac4c65d930	gpg pour tous All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-07-05 14:28:28 +02:00
vfebvre	69884d7384	change user pulp api All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-06-15 14:33:06 +02:00
vfebvre	63af3c7121	retour en arrière All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-06-07 11:22:21 +02:00
vfebvre	a31b64b5b6	test déclaration des paramètres de manière globale Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-06-07 10:50:23 +02:00
vfebvre	5112fc5d88	test déclaration des paramètres de manière globale Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-06-07 10:43:42 +02:00
vfebvre	c0bc85f860	correction variable All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-06-03 15:18:47 +02:00
vfebvre	60769e3c68	ajout variable globale Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-06-03 15:05:29 +02:00
vfebvre	7d61382247	ajout variable globale Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-06-03 14:24:18 +02:00
vfebvre	d1757bc028	configuration nouvelle branche All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-06-01 16:51:16 +02:00
vfebvre	0314146633	ajout groovy pour pulp.cadoles.com Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-06-01 16:29:02 +02:00
Benjamin Bohard	71f5fbfe78	Correction du code de retour d’une requête POST Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-29 09:54:05 +02:00
Benjamin Bohard	97abfb0ade	Restreindre les codes retours valides All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-03-28 15:03:32 +02:00
Benjamin Bohard	44764866a8	Sortir de la boucle lorsqu’une tâche est en erreur Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-28 12:15:38 +02:00
Benjamin Bohard	1f6a71e0a9	Revert "Essai de chunk pour l’envoi des paquets" All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details This reverts commit `fad3f5fdcc`.	2022-03-10 15:28:12 +01:00
Benjamin Bohard	a819b3d9a1	Revert "Erreur de syntaxe" This reverts commit `4153859453`.	2022-03-10 15:28:04 +01:00
Benjamin Bohard	4153859453	Erreur de syntaxe Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-10 15:03:20 +01:00
Benjamin Bohard	fad3f5fdcc	Essai de chunk pour l’envoi des paquets Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-10 14:47:33 +01:00
Benjamin Bohard	8268ac2a0d	Suppression des modifications pour debug All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-03-01 16:50:06 +01:00
Benjamin Bohard	b4bb6dd7d6	Erreur de nom de paramètre pour la requête Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-01 16:39:06 +01:00
Benjamin Bohard	3897b60ef7	Debug erreur 400 Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-01 16:30:14 +01:00
Benjamin Bohard	61b88898d8	Debug publication error Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-03-01 16:21:31 +01:00
Benjamin Bohard	493e9afd64	Mauvaise variable suite à réécriture All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-02-10 15:05:22 +01:00
Benjamin Bohard	fe3c728823	mélange de dromadaire et de serpent Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-10 14:49:35 +01:00
Benjamin Bohard	5db4a47b13	paramètre manquant Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-10 14:27:49 +01:00
Benjamin Bohard	8b6228fe4a	Typo Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-10 12:01:22 +01:00
Benjamin Bohard	672531fc36	Typo Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-10 11:18:39 +01:00
Benjamin Bohard	7be6603e81	Typo Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-10 10:51:09 +01:00
Benjamin Bohard	c1cffc4d6f	Automatiser la création des ressources en fonction du tag Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-10 10:26:05 +01:00
Benjamin Bohard	ad49ba869f	Typo All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-02-09 22:53:00 +01:00
Benjamin Bohard	e16ccf8bf8	Erreur de syntaxe Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 21:48:40 +01:00
Benjamin Bohard	4dfdb53bad	Distribution inconditionnelle Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 21:47:04 +01:00
Benjamin Bohard	331ba5fd6b	Nettoyage Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 21:21:10 +01:00
Benjamin Bohard	b7c0f4e2ab	debug response Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 21:03:53 +01:00
Benjamin Bohard	2969fb2a7c	debug return content Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 20:43:21 +01:00
Benjamin Bohard	ab34e49bc1	Pas de tâche pour la création de dépôt Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 19:39:15 +01:00
Benjamin Bohard	5de4dfd4f8	Créer le dépôt si il n’existe pas Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 19:05:31 +01:00
Benjamin Bohard	1efbd7f5ee	Erreur de syntaxe Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-09 10:02:00 +01:00
Benjamin Bohard	63c7b0b3a5	Changement de serveur pulp Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-08 09:28:59 +01:00
Benjamin Bohard	f16e377911	Suppression de la boucle et du découpage de la sortie standard Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-08 09:18:19 +01:00
Benjamin Bohard	4ce857ef7c	Ajustements Some checks failed Cadoles/Jenkins/pipeline/head There was a failure building this commit Details	2022-02-08 08:33:09 +01:00
Benjamin Bohard	471b11740e	Modèle de jenkinsfile pour envoi de paquet vers pulp All checks were successful Cadoles/Jenkins/pipeline/head This commit looks good Details	2022-01-25 15:30:39 +01:00