Cadoles/Jenkins
22
0
Fork 0
Code Issues 3 Pull Requests Releases Wiki Activity

Compare commits

base: Cadoles:podman
Branches Tags
Cadoles:master Cadoles:gitea-package Cadoles:podman Cadoles:pipeline/compile_doc_formation Cadoles:cpkg-auto-version Cadoles:gitea-release Cadoles:pipeline/packaging_pulp Cadoles:symfony-pipeline Cadoles:pipeline/empaquetage_pulp Cadoles:build_pipeline_bbohard Cadoles:pa11y-audit Cadoles:hooks Cadoles:nebula Cadoles:redesign-tamarin
..
compare: Cadoles:symfony-pipeline
Branches Tags
Cadoles:master Cadoles:gitea-package Cadoles:podman Cadoles:pipeline/compile_doc_formation Cadoles:cpkg-auto-version Cadoles:gitea-release Cadoles:pipeline/packaging_pulp Cadoles:symfony-pipeline Cadoles:pipeline/empaquetage_pulp Cadoles:build_pipeline_bbohard Cadoles:pa11y-audit Cadoles:hooks Cadoles:nebula Cadoles:redesign-tamarin

1 Commits
podman ... symfony-pi

Author SHA1 Message Date
William Petit
ef76e3340e pipeline: add symfony app generic integration pipeline 2022-05-18 16:45:07 +02:00
20 changed files with 125 additions and 1026 deletions
Expand all files Collapse all files

93
pipelines/mse-rgaa.jenkinsfile
View File

@ -1,10 +1,13 @@
import hudson.tasks.test.AbstractTestResultAction import hudson.tasks.test.AbstractTestResultAction
@Library('cadoles') _ @Library("cadoles") _
pipeline { pipeline {
parameters {
parameters {
text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne') text(name: 'URLS', defaultValue: 'https://msedev.crous-toulouse.fr\nhttps://msedev.crous-toulouse.fr/envole/enregistrement\nhttps://msedev.crous-toulouse.fr/envole/page/faq\nhttps://msedev.crous-toulouse.fr/envole/page/?t=liens_utiles\nhttps://msedev.crous-toulouse.fr/envole/page/?t=mentions_legales\nhttps://msedev.crous-toulouse.fr/envole/message/new\nhttps://msedev.crous-toulouse.fr/envole/recuperation/email\nhttps://msedev.crous-toulouse.fr/envole/courriel/raz', description: 'Liste des URLs à tester, une par ligne')
string(name: 'USERNAME', defaultValue: '', description: "Nom d'utilisateur pour l'authentification Basic Auth, si nécessaire")
password(name: 'PASSWORD', defaultValue: '', description: "Mot de passe pour l'authentification Basic Auth, si nécessaire")
booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements') booleanParam(name: 'INCLUDE_WARNINGS', defaultValue: false, description: 'Inclure les avertissements')
booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications') booleanParam(name: 'INCLUDE_NOTICES', defaultValue: false, description: 'Inclure les notifications')
} }
@ -15,77 +18,65 @@ pipeline {
agent { agent {
node { node {
label 'docker' label "mse"
} }
} }
stages { stages {
stage('Run RGAA audit') { stage("Run RGAA audit") {
steps { steps {
script { script {
def urls = params.URLS.split('\n') def urls = params.URLS.split('\n')
def count = 0 def count = 0
urls.each { u -> urls.each { u ->
stage("Audit page '${u}'") { stage("Audit page '${u}'") {
withCredentials([ def report = pa11y.audit(u.trim(), [
usernamePassword( reporter: 'junit',
credentialsId: 'msedev-basic-auth', username: params.USERNAME,
usernameVariable: 'MSEDEV_USERNAME', password: params.PASSWORD,
passwordVariable: 'MSEDEV_PASSWORD' standard: 'WCAG2AA',
) includeNotices: params.INCLUDE_NOTICES,
]) { includeWarnings: params.INCLUDE_WARNINGS,
def report = pa11y.audit(u.trim(), [ ]);
reporter: 'junit',
username: env.MSEDEV_USERNAME, writeFile file:"./report_${count}.xml", text:report
password: env.MSEDEV_PASSWORD, count++
standard: 'WCAG2AA', }
includeNotices: params.INCLUDE_NOTICES, }
includeWarnings: params.INCLUDE_WARNINGS,
]) junit "*.xml"
writeFile file:"./report_${count}.xml", text:report rocketSend (
count++ channel: "#cnous-mse-dev",
}
}
}
junit testResults: '*.xml', skipPublishingChecks: true
rocketSend(
channel: '#cnous-mse',
avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png', avatar: 'https://jenkins.cadol.es/static/b5f67753/images/headshot.png',
message: """ message: """
Audit RGAA | ${testStatuses()} Audit RGAA | ${testStatuses()}
- [Voir les tests](${env.RUN_DISPLAY_URL}) - [Voir les tests](${env.RUN_DISPLAY_URL})
@here @here
""".stripIndent(), """.stripIndent(),
rawMessage: true, rawMessage: true,
) )
} }
} }
} }
} }
post {
always {
cleanWs()
}
}
} }
@NonCPS @NonCPS
def testStatuses() { def testStatuses() {
def testStatus = '' def testStatus = ""
AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class) AbstractTestResultAction testResultAction = currentBuild.rawBuild.getAction(AbstractTestResultAction.class)
if (testResultAction != null) { if (testResultAction != null) {
def total = testResultAction.totalCount def total = testResultAction.totalCount
def failed = testResultAction.failCount def failed = testResultAction.failCount
def skipped = testResultAction.skipCount def skipped = testResultAction.skipCount
def passed = total - failed - skipped def passed = total - failed - skipped
testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}" testStatus = "Passant(s): ${passed}, Échoué(s): ${failed} ${testResultAction.failureDiffString}, Désactivé(s): ${skipped}"
} }
return testStatus return testStatus
} }

175
resources/com/cadoles/gitea/gitea-release.sh
View File

@ -1,175 +0,0 @@
#!/bin/bash
set -eo pipefail
GITEA_RELEASE_PROJECT=${GITEA_RELEASE_PROJECT}
GITEA_RELEASE_ORG=${GITEA_RELEASE_ORG}
GITEA_RELEASE_BASE_URL=${GITEA_BASE_URL:-https://forge.cadoles.com}
GITEA_RELEASE_USERNAME=${GITEA_RELEASE_USERNAME}
GITEA_RELEASE_PASSWORD=${GITEA_RELEASE_PASSWORD}
GITEA_RELEASE_NAME=${GITEA_RELEASE_NAME}
GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
GITEA_RELEASE_COMMITISH_TARGET=${GITEA_RELEASE_COMMITISH_TARGET}
GITEA_RELEASE_IS_DRAFT=${GITEA_RELEASE_IS_DRAFT:-false}
GITEA_RELEASE_IS_PRERELEASE=${GITEA_RELEASE_IS_PRERELEASE:-true}
GITEA_RELEASE_BODY=${GITEA_RELEASE_BODY}
GITEA_RELEASE_ATTACHMENTS=${GITEA_RELEASE_ATTACHMENTS}
function check_dependencies {
assert_command_available 'curl'
assert_command_available 'jq'
}
function assert_command_available {
local command=$1
local command_path=$(which $command)
if [ -z "$command_path" ]; then
echo "The '$command' command could not be found. Please install it before using this script." 1>&2
exit 1
fi
}
function check_environment {
assert_environment GITEA_RELEASE_PROJECT
assert_environment GITEA_RELEASE_ORG
assert_environment GITEA_RELEASE_BASE_URL
}
function source_env_file {
if [ ! -f '.env' ]; then
return 0
fi
set -o allexport
source .env
set +o allexport
}
function assert_environment {
local name=$1
local value=${!name}
if [ -z "$value" ]; then
echo "The $"$name" environment variable is empty." 1>&2
exit 1
fi
}
function ask_credentials {
if [ -z "$GITEA_RELEASE_USERNAME" ]; then
echo -n "Username: "
read GITEA_RELEASE_USERNAME
fi
if [ -z "$GITEA_RELEASE_PASSWORD" ]; then
echo -n "Password: "
stty -echo
read GITEA_RELEASE_PASSWORD
stty echo
echo
fi
}
function retrieve_version {
if [ ! -z "$GITEA_RELEASE_VERSION" ]; then
return
fi
set +e
GITEA_RELEASE_VERSION=$(git describe --abbrev=0 --tags 2>/dev/null)
GITEA_RELEASE_VERSION=${GITEA_RELEASE_VERSION}
set -e
}
function retrieve_commitish_target {
if [ ! -z "$GITEA_RELEASE_COMMITISH_TARGET" ]; then
return
fi
GITEA_RELEASE_COMMITISH_TARGET=$(git log -n 1 --pretty="format:%h")
}
function create_release {
local payload={}
payload=$(json_set "$payload" body "$GITEA_RELEASE_BODY" true)
payload=$(json_set "$payload" draft $GITEA_RELEASE_IS_DRAFT)
payload=$(json_set "$payload" name "\"${GITEA_RELEASE_NAME:-$GITEA_RELEASE_VERSION}\"")
payload=$(json_set "$payload" prerelease $GITEA_RELEASE_IS_PRERELEASE)
payload=$(json_set "$payload" tag_name "\"${GITEA_RELEASE_VERSION:-$GITEA_RELEASE_COMMITISH_TARGET}\"")
payload=$(json_set "$payload" target_commitish "\"$GITEA_RELEASE_COMMITISH_TARGET\"")
local existing_release=$(gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" -XGET | jq -e ".[] | select(.tag_name == \"${GITEA_RELEASE_VERSION}\") | .id")
if [ ! -z "${existing_release}" ]; then
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/${existing_release}" -XDELETE
fi
local tmpfile=$(mktemp)
echo "$payload" > "$tmpfile"
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases" \
-H "Content-Type:application/json" \
-d "@$tmpfile"
rm -f "$tmpfile"
}
function json_set {
local data=$1
local key=$2
local value=$3
local use_raw_file=$4
if [ "$use_raw_file" != "true" ]; then
echo $data | jq -cr --argjson v "$value" --arg k "$key" '.[$k] = $v'
else
local tmpfile=$(mktemp)
echo "$value" > "$tmpfile"
echo $data | jq -cr --rawfile v "$tmpfile" --arg k "$key" '.[$k] = $v'
rm -f "$tmpfile"
fi
}
function upload_release_attachments {
local release="$1"
local release_id=$(echo "$release" | jq -r .id)
if [ -z "$GITEA_RELEASE_ATTACHMENTS" ]; then
set +e
GITEA_RELEASE_ATTACHMENTS="$(ls release/*.{tar.gz,zip} 2>/dev/null)"
set -e
fi
for file in $GITEA_RELEASE_ATTACHMENTS; do
local filename=$(basename "$file")
gitea_api "/repos/$GITEA_RELEASE_ORG/$GITEA_RELEASE_PROJECT/releases/$release_id/assets?name=$filename" \
-H "Content-Type:multipart/form-data" \
-F "attachment=@$file"
done
}
function gitea_api {
local path=$1
local args=${@:2}
curl -L \
--fail \
-u "$GITEA_RELEASE_USERNAME:$GITEA_RELEASE_PASSWORD" \
${args} \
"$GITEA_RELEASE_BASE_URL/api/v1$path"
}
function main {
check_dependencies
source_env_file
check_environment
ask_credentials
retrieve_commitish_target
retrieve_version
local release=$(create_release)
upload_release_attachments "$release"
}
main

2
resources/com/cadoles/pa11y/Dockerfile
View File

@ -35,7 +35,7 @@ RUN apk add --no-cache \
chromium \ chromium \
bash bash
RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y@^5.0.0 pa11y-reporter-html@^1.0.0 pa11y-reporter-junit RUN PUPPETEER_SKIP_CHROMIUM_DOWNLOAD=1 npm install -g pa11y pa11y-reporter-html@^1.0.0 pa11y-reporter-junit
RUN adduser -D pa11y RUN adduser -D pa11y

1
resources/com/cadoles/pa11y/run-audit.sh
View File

@ -9,7 +9,6 @@ cd reports
export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser) export PUPPETEER_EXECUTABLE_PATH=$(which chromium-browser)
export PA11Y_REPORTER="${PA11Y_REPORTER:-html}" export PA11Y_REPORTER="${PA11Y_REPORTER:-html}"
export PA11Y_STANDARD=${PA11Y_STANDARD:-WCAG2AA}
PA11Y_ARGS="" PA11Y_ARGS=""

25
resources/com/cadoles/podman/nfpm.yaml.gotmpl
View File

@ -1,25 +0,0 @@
{{ $serviceName := index ( .Env.IMAGE_NAME | strings.Split "/" | coll.Reverse ) 0 }}
name: "cadoles-pod-{{ $serviceName }}"
arch: amd64
platform: linux
version: "{{ strings.TrimPrefix "v" ( getenv "IMAGE_TAG" "latest" ) }}"
version_schema: none
version_metadata: git
section: "{{ getenv "PACKAGE_SECTION" "default" }}"
priority: "{{ getenv "PACKAGE_PRIORITY" "optional" }}"
maintainer: "{{ getenv "PACKAGE_MAINTAINER" "contact@cadoles.com" }}"
description: "{{ getenv "PACKAGE_DESCRIPTION" "" }}"
homepage: "{{ getenv "PACKAGE_HOMEPAGE" "https://forge.cadoles.com" }}"
license: "{{ getenv "PACKAGE_LICENCE" "GPL-3.0" }}"
depends:
- podman
scripts:
postinstall: post-install.sh
contents:
- packager: deb
src: pod.service
dst: "/usr/lib/systemd/system/cadoles-pod-{{ $serviceName }}.service"
- packager: deb
src: pod.conf
dst: /etc/cadoles-pod-{{ $serviceName }}.conf
type: config|noreplace

1
resources/com/cadoles/podman/pod.conf.gotmpl
View File

@ -1 +0,0 @@
PODMAN_ARGS="{{ getenv "PODMAN_ARGS" "" }}"

24
resources/com/cadoles/podman/pod.service.gotmpl
View File

@ -1,24 +0,0 @@
[Unit]
Description={{ .Env.IMAGE_NAME }} pod service
Wants=network-online.target
After=network-online.target
RequiresMountsFor=/run/containers/storage
[Service]
Type=simple
Environment=PODMAN_SYSTEMD_UNIT=%n
EnvironmentFile=-/etc/cadoles-pod-{{ .Env.IMAGE_NAME }}.conf
Environment=IMAGE_NAME={{ .Env.IMAGE_NAME }} IMAGE_TAG={{ .Env.IMAGE_TAG }}
PassEnvironment=PODMAN_ARGS IMAGE_NAME IMAGE_TAG
Restart=on-failure
TimeoutStopSec=70
{{ if getenv "SYSTEMD_EXEC_STARTPRE" "" }}
ExecStartPre={{ .Env.SYSTEMD_EXEC_STARTPRE }}
{{ end }}
ExecStart=/bin/sh -c "podman run ${PODMAN_ARGS} '${IMAGE_NAME}:${IMAGE_TAG}'"
{{ if getenv "SYSTEMD_EXEC_STARTPOST" "" }}
ExecStartPost={{ .Env.SYSTEMD_EXEC_STARTPOST }}
{{ end }}
[Install]
WantedBy=default.target

79
resources/com/cadoles/podman/post-install.sh.gotmpl
View File

@ -1,79 +0,0 @@
#!/bin/sh
# Adapted from https://nfpm.goreleaser.com/tips/
use_systemctl="True"
systemd_version=0
if ! command -V systemctl >/dev/null 2>&1; then
use_systemctl="False"
else
systemd_version=$( systemctl --version | head -1 | sed 's/systemd //g' | cut -d' ' -f1 )
fi
SERVICE_NAME="cadoles-pod-{{ .Env.IMAGE_NAME }}"
cleanup() {
if [ "${use_systemctl}" = "False" ]; then
rm -f /usr/lib/systemd/system/$SERVICE_NAME.service
else
rm -f /etc/chkconfig/$SERVICE_NAME
rm -f /etc/init.d/$SERVICE_NAME
fi
}
cleanInstall() {
if [ "${use_systemctl}" = "False" ]; then
if command -V chkconfig >/dev/null 2>&1; then
chkconfig --add $SERVICE_NAME
fi
service $SERVICE_NAME restart ||:
else
if [ "${systemd_version}" -lt 231 ]; then
printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
fi
systemctl daemon-reload ||:
systemctl unmask $SERVICE_NAME ||:
systemctl preset $SERVICE_NAME ||:
systemctl enable $SERVICE_NAME ||:
systemctl restart $SERVICE_NAME ||:
fi
}
upgrade() {
if [ "${use_systemctl}" = "False" ]; then
service $SERVICE_NAME restart ||:
else
if [ "${systemd_version}" -lt 231 ]; then
printf "\033[31m systemd version %s is less then 231, fixing the service file \033[0m\n" "${systemd_version}"
sed -i "s/=+/=/g" /usr/lib/systemd/system/$SERVICE_NAME.service
fi
systemctl daemon-reload ||:
systemctl restart $SERVICE_NAME ||:
fi
echo 'Cleaning up unused images...'
podman image prune -f --filter "reference={{ .Env.IMAGE_NAME }}"
}
action="$1"
if [ "$1" = "configure" ] && [ -z "$2" ]; then
action="install"
elif [ "$1" = "configure" ] && [ -n "$2" ]; then
action="upgrade"
fi
case "$action" in
"1" | "install")
cleanInstall
;;
"2" | "upgrade")
upgrade
;;
*)
cleanInstall
;;
esac
cleanup

9
resources/com/cadoles/symfony/Dockerfile
View File

@ -1,7 +1,7 @@
ARG PHP_SECURITY_CHECKER_VERSION=1.0.0 ARG PHP_SECURITY_CHECKER_VERSION=1.0.0
ARG JQ_VERSION=1.6 ARG JQ_VERSION=1.6
RUN apt-get update && \ RUN apt update && \
DEBIAN_FRONTEND=noninteractive apt-get install -y \ DEBIAN_FRONTEND=noninteractive apt-get install -y \
wget tar curl ca-certificates \ wget tar curl ca-certificates \
openssl bash git unzip \ openssl bash git unzip \
@ -39,9 +39,4 @@ RUN mkdir --parents /tools/phpstan \
&& composer require --working-dir=/tools/phpstan phpstan/phpstan \ && composer require --working-dir=/tools/phpstan phpstan/phpstan \
&& ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \ && ln -s /tools/phpstan/vendor/bin/phpstan /usr/local/bin/phpstan \
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \ && composer require --working-dir=/tools/phpstan phpstan/phpstan-symfony \
&& composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine && composer require --working-dir=/tools/phpstan phpstan/phpstan-doctrine
# Install Symfony
RUN curl -1sLf 'https://dl.cloudsmith.io/public/symfony/stable/setup.deb.sh' | bash \
&& apt update \
&& DEBIAN_FRONTEND=noninteractive apt-get install -y symfony-cli

219
vars/container.groovy
View File

@ -1,219 +0,0 @@
/**
* Construit, valide et publie (optionnellement) une image Docker sur le registre Cadoles (par défaut)
*
* Options disponibles:
*
* - dockerfile - String - Chemin vers le fichier Dockerfile à utiliser pour construire l'image, par défaut "./Dockerfile"
* - contextDir - String - Répertoire servant de "contexte" pour la construction de l'image, par défault "./"
* - imageName - String - Nom de l'image à construire, par défaut ""
* - imageTag - String - Tag apposé sur l'image après construction, par défaut résultat de la commande `git describe --always`
* - gitCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour cloner le dépôt Git, par défaut "forge-jenkins"
* - dockerRepository - String - Nom d'hôte du registre Docker sur lequel publier l'image, par défaut "reg.cadoles.com"
* - dockerRepositoryCredentialsId - String - Identifiant des "credentials" Jenkins utilisés pour déployer l'image sur le registre Docker, par défault "reg.cadoles.com-jenkins"
* - dryRun - Boolean - Désactiver/activer la publication de l'image sur le registre Docker, par défaut "true"
* - skipVerifications - Boolean - Désactiver/activer les étapes de vérifications de qualité/sécurité de l'image Docker, par défaut "false"
*/
String buildAndPublishImage(Map options = [:]) {
String dockerfile = options.get('dockerfile', './Dockerfile')
String contextDir = options.get('contextDir', '.')
String imageName = options.get('imageName', '')
String gitRef = sh(returnStdout: true, script: 'git describe --always').trim()
String imageTag = options.get('imageTag', gitRef)
String gitCredentialsId = options.get('gitCredentialsId', 'forge-jenkins')
String dockerRepository = options.get('dockerRepository', 'reg.cadoles.com')
String dockerRepositoryCredentialsId = options.get('dockerRepositoryCredentialsId', 'reg.cadoles.com-jenkins')
Boolean dryRun = options.get('dryRun', true)
Boolean skipVerifications = options.get('skipVerification', false)
String projectRepository = env.JOB_NAME
if (env.BRANCH_NAME ==~ /^PR-.*$/) {
projectRepository = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
}
projectRepository = options.get('projectRepository', projectRepository)
withCredentials([
usernamePassword([
credentialsId: dockerRepositoryCredentialsId,
usernameVariable: 'HUB_USERNAME',
passwordVariable: 'HUB_PASSWORD'
]),
]) {
stage('Validate Dockerfile with Hadolint') {
utils.when(!skipVerifications) {
runHadolintCheck(dockerfile, projectRepository)
}
}
stage("Build image '${imageName}:${imageTag}'") {
git.withHTTPCredentials(gitCredentialsId) {
sh """
docker build \
--build-arg="GIT_USERNAME=${env.GIT_USERNAME}" \
--build-arg="GIT_PASSWORD=${env.GIT_PASSWORD}" \
-t '${imageName}:${imageTag}' \
-f '${dockerfile}' \
'${contextDir}'
"""
}
}
stage('Validate image with Trivy') {
utils.when(!skipVerifications) {
runTrivyCheck("${imageName}:${imageTag}", projectRepository)
}
}
stage("Publish image '${imageName}:${imageTag}'") {
utils.when(!dryRun) {
retry(2) {
sh """
echo ${env.HUB_PASSWORD} | docker login -u '${env.HUB_USERNAME}' --password-stdin '${dockerRepository}'
docker push '${imageName}:${imageTag}'
"""
}
}
}
}
}
void runHadolintCheck(String dockerfile, String projectRepository) {
String reportFile = ".hadolint-report-${currentBuild.startTimeInMillis}.txt"
try {
validateDockerfileWithHadolint(dockerfile, ['reportFile': reportFile])
} catch (err) {
unstable("Dockerfile '${dockerfile}' failed linting !")
} finally {
String lintReport = ''
if (fileExists(reportFile)) {
lintReport = """${lintReport}
|
|```
|${readFile(reportFile)}
|```"""
} else {
lintReport = """${lintReport}
|
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
}
String defaultReport = '_Rien à signaler !_ :thumbsup:'
String report = """## Validation du Dockerfile `${dockerfile}`
|
|${lintReport ?: defaultReport}
""".stripMargin()
print report
if (env.CHANGE_ID) {
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
}
}
}
String validateDockerfileWithHadolint(String dockerfile, Map options = [:]) {
String hadolintBin = getOrInstallHadolint(options)
String hadolintArgs = options.get('hadolintArgs', '--no-color')
String reportFile = options.get('reportFile', ".hadolint-report-${currentBuild.startTimeInMillis}.txt")
sh("""#!/bin/bash
set -eo pipefail
'${hadolintBin}' '${dockerfile}' ${hadolintArgs} | tee '${reportFile}'
""")
return reportFile
}
void runTrivyCheck(String imageName, String projectRepository, Map options = [:]) {
String reportFile = ".trivy-report-${currentBuild.startTimeInMillis}.txt"
try {
validateImageWithTrivy(imageName, ['reportFile': reportFile])
} catch (err) {
unstable("Image '${imageName}' failed validation !")
} finally {
String lintReport = ''
if (fileExists(reportFile)) {
lintReport = """${lintReport}
|
|```
|${readFile(reportFile)}
|```"""
} else {
lintReport = """${lintReport}
|
|_Vérification échouée mais aucun rapport trouvé !?_ :thinking:"""
}
String defaultReport = '_Rien à signaler !_ :thumbsup:'
String report = """## Validation de l'image `${imageName}`
|
|${lintReport ?: defaultReport}
""".stripMargin()
print report
if (env.CHANGE_ID) {
gitea.commentPullRequest(projectRepository, env.CHANGE_ID, report)
}
}
}
String validateImageWithTrivy(String imageName, Map options = [:]) {
String trivyBin = getOrInstallTrivy(options)
String trivyArgs = options.get('trivyArgs', '--exit-code 1')
String cacheDirectory = options.get('cacheDirectory', '.trivy/.cache')
String cacheDefaultBranch = options.get('cacheDefaultBranch', 'develop')
Integer cacheMaxSize = options.get('cacheMaxSize', 250)
String reportFile = options.get('reportFile', ".trivy-report-${currentBuild.startTimeInMillis}.txt")
cache(maxCacheSize: cacheMaxSize, defaultBranch: cacheDefaultBranch, caches: [
[$class: 'ArbitraryFileCache', path: cacheDirectory, compressionMethod: 'TARGZ']
]) {
sh("'${trivyBin}' --cache-dir '${cacheDirectory}' image -o '${reportFile}' ${trivyArgs} '${imageName}'")
}
return reportFile
}
String getOrInstallHadolint(Map options = [:]) {
String installDir = options.get('installDir', '/usr/local/bin')
String version = options.get('version', '2.10.0')
String forceDownload = options.get('forceDownload', false)
String downloadUrl = options.get('downloadUrl', "https://github.com/hadolint/hadolint/releases/download/v${version}/hadolint-Linux-x86_64")
String hadolintBin = sh(returnStdout: true, script: 'which hadolint || exit 0').trim()
if (hadolintBin == '' || forceDownload) {
sh("""
mkdir -p '${installDir}'
curl -o '${installDir}/hadolint' -sSL '${downloadUrl}'
chmod +x '${installDir}/hadolint'
""")
hadolintBin = "${installDir}/hadolint"
}
return hadolintBin
}
String getOrInstallTrivy(Map options = [:]) {
String installDir = options.get('installDir', '/usr/local/bin')
String version = options.get('version', '0.27.1')
String forceDownload = options.get('forceDownload', false)
String installScriptDownloadUrl = options.get('downloadUrl', 'https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh')
String trivyBin = sh(returnStdout: true, script: 'which trivy || exit 0').trim()
if (trivyBin == '' || forceDownload) {
sh("""
mkdir -p '${installDir}'
curl -sfL '${installScriptDownloadUrl}' | sh -s -- -b '${installDir}' v${version}
chmod +x '${installDir}/trivy'
""")
trivyBin = "${installDir}/trivy"
}
return trivyBin
}

63
vars/cpkg.groovy
View File

@ -1,8 +1,8 @@
import java.util.regex.Matcher
// Basic port of https://forge.cadoles.com/Cadoles/cpkg // Basic port of https://forge.cadoles.com/Cadoles/cpkg
def call(Map params = [:]) { def call(Map params = [:]) {
def currentRef = sh(script: 'git rev-parse HEAD', returnStdout: true).trim() def currentRef = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
def baseRef = params.baseRef ? params.baseRef : currentRef
def distRepo = params.distRepo ? params.distRepo : 'dev' def distRepo = params.distRepo ? params.distRepo : 'dev'
def dist = params.dist ? params.dist : 'eole' def dist = params.dist ? params.dist : 'eole'
def distVersion = params.distVersion ? params.distVersion : '2.7.0' def distVersion = params.distVersion ? params.distVersion : '2.7.0'
@ -12,7 +12,7 @@ def call(Map params = [:]) {
def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com' def gitEmail = params.gitEmail ? params.gitEmail : 'jenkins@cadoles.com'
def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins' def gitUsername = params.gitUsername ? params.gitUsername : 'Jenkins'
def skipCi = params.containsKey('skipCi') ? params.skipCi : false def skipCi = params.containsKey('skipCi') ? params.skipCi : false
def skipPush = params.containsKey('skipPush') ? params.skipPush : true def skipPush = params.containsKey('skipPush') ? params.skipPush: true
// Define dist branch based on provided informations and base branch name // Define dist branch based on provided informations and base branch name
def distBranch = "dist/${dist}/${distVersion}/${distBranchName}" def distBranch = "dist/${dist}/${distVersion}/${distBranchName}"
@ -28,7 +28,7 @@ def call(Map params = [:]) {
sh("git config --add remote.origin.fetch +refs/heads/${distBranch}:refs/remotes/origin/${distBranch}") sh("git config --add remote.origin.fetch +refs/heads/${distBranch}:refs/remotes/origin/${distBranch}")
// Update branches // Update branches
sh('git fetch --all') sh("git fetch --all")
// Merge currentRef into distBranch and push // Merge currentRef into distBranch and push
sh("git checkout -b '${distBranch}' 'origin/${distBranch}'") sh("git checkout -b '${distBranch}' 'origin/${distBranch}'")
@ -40,11 +40,11 @@ def call(Map params = [:]) {
sh("git merge ${currentRef}") sh("git merge ${currentRef}")
if (!skipPush) { if (!skipPush) {
sh('git push') sh("git push")
} else { } else {
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.") println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
} }
// Retrieve last tag matching pattern pkg/${distRepo}/${dist}-${distVersion}/* // Retrieve last tag matching pattern pkg/${distRepo}/${dist}-${distVersion}/*
def lastTag = sh( def lastTag = sh(
script: "git tag -l 'pkg/${distRepo}/${dist}-${distVersion}/*' --sort=v:refname | tail -n 1", script: "git tag -l 'pkg/${distRepo}/${dist}-${distVersion}/*' --sort=v:refname | tail -n 1",
@ -61,25 +61,7 @@ def call(Map params = [:]) {
println("Last version number is '${lastVersionNumber}'") println("Last version number is '${lastVersionNumber}'")
String versionRoot = extractVersionRoot(lastVersionNumber) def versionNumber = incrementVersionNumber(lastVersionNumber)
String versionNumber = ''
if (versionRoot) {
versionNumber = versionRoot
} else {
versionNumber = sh(
script: "git describe --always ${currentRef}",
returnStdout: true,
).split('/').last().trim()
Boolean isCommitRef = !versionNumber.matches(/^[0-9]+\.[0-9]+\.[0-9]+.*$/)
if (isCommitRef) {
versionNumber = "0.0.0-${versionNumber}"
}
}
versionNumber = "${versionNumber}-b${env.BUILD_NUMBER}"
println("New version number will be '${versionNumber}'") println("New version number will be '${versionNumber}'")
result['newVersionNumber'] = versionNumber result['newVersionNumber'] = versionNumber
@ -89,16 +71,16 @@ def call(Map params = [:]) {
result['newTag'] = tag result['newTag'] = tag
def tagComment = "Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}." def tagComment="Build ${versionNumber} ${distRepo} package for ${dist}-${distVersion}."
if (skipCi) { if (skipCi) {
tagComment += ' [ci skip]' tagComment += ' [ci skip]'
} }
sh("git tag -f -a '${tag}' -m '${tagComment}'") sh("git tag -a '${tag}' -m '${tagComment}'")
// Push tag // Push tag
if (!skipPush) { if (!skipPush) {
sh('git push --tags -f') sh("git push --tags")
} else { } else {
println("Skipping push. Set skipPush param to 'true' to enable remote repository update.") println("Skipping push. Set skipPush param to 'true' to enable remote repository update.")
} }
@ -126,13 +108,20 @@ def call(Map params = [:]) {
return result return result
} }
@NonCPS def incrementVersionNumber(String versionNumber) {
String extractVersionRoot(String fullVersion) { // Split versionNumber (typical pattern: <major>.<minor>.<patch>)
Matcher fullVersionMatcher = fullVersion =~ /^([0-9]+\.[0-9]+\.[0-9]+).*$/ def versionNumberParts = versionNumber.split(/\./)
if (!fullVersionMatcher.matches()) {
return ""
}
return fullVersionMatcher.group(1) // Extract path number
} def patchNumber = versionNumberParts.last()
// Split patch number (typical pattern: <patch>-<build>)
def patchNumberParts = patchNumber.split('-')
// If version number matches pattern <major>.<minor>.<patch>-<build>
if (patchNumberParts.size() > 1) {
return versionNumberParts[0..-2].join('.') + '.' + patchNumberParts[0..-2].join('-') + '-' + (patchNumberParts.last().toInteger() + 1)
} else { // Else version number matches pattern <major>.<minor>.<patch>
return versionNumberParts[0..-2].join('.') + '.' + (patchNumber.toInteger() + 1)
}
}

12
vars/debian.groovy
View File

@ -2,7 +2,6 @@ def waitForRepoPackage(String packageName, Map params = [:]) {
def expectedVersion = params.expectedVersion ? params.expectedVersion : null def expectedVersion = params.expectedVersion ? params.expectedVersion : null
def delay = params.delay ? params.delay : 30 def delay = params.delay ? params.delay : 30
def waitTimeout = params.timeout ? params.timeout : 2400 def waitTimeout = params.timeout ? params.timeout : 2400
def asPattern = params.containsKey("asPattern") ? params.asPattern : true
def message = "Waiting for package '${packageName}'" def message = "Waiting for package '${packageName}'"
if (expectedVersion != null) { if (expectedVersion != null) {
@ -27,11 +26,9 @@ def waitForRepoPackage(String packageName, Map params = [:]) {
println("Package found !") println("Package found !")
break break
} }
def versionFound = packages.find { def versionFound = packages.find {
def matches = asPattern ? it['version'] =~ expectedVersion : it['version'] == expectedVersion return it['version'] =~ expectedVersion
println("Comparing expected version '${expectedVersion}' to '${it['version']}': ${matches}")
return matches
} }
if (versionFound) { if (versionFound) {
@ -79,10 +76,5 @@ def listRepoPackages(Map params = [:]) {
} }
} }
println "Found packages:"
packages.each{
println " - Package: ${it.key}, Version: ${it.value['version']}"
}
return packages return packages
} }

84
vars/gitea.groovy
View File

@ -1,23 +1,19 @@
def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = -1) { def commentPullRequest(String repo, String issueId, String comment, Integer commentIndex = 0) {
comment = comment.replaceAll('"', '\\"') comment = comment.replaceAll('"', '\\"')
withCredentials([ withCredentials([
string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'), string(credentialsId: 'GITEA_JENKINS_PERSONAL_TOKEN', variable: 'GITEA_TOKEN'),
]) { ]) {
writeFile(file: '.prComment', text: comment) writeFile(file: ".prComment", text: comment)
sh """#!/bin/bash sh """#!/bin/bash
set -xeo pipefail set -xeo pipefail
previous_comment_id=null # Récupération si il existe du commentaire existant
previous_comment_id=\$(curl -v --fail \
if [ "${commentIndex}" != "-1" ]; then -H "Authorization: token ${GITEA_TOKEN}" \
# Récupération si il existe du commentaire existant -H "Content-Type: application/json" \
previous_comment_id=\$(curl -v --fail \ https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
-H "Authorization: token ${GITEA_TOKEN}" \ | jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
-H "Content-Type: application/json" \ )
https://forge.cadoles.com/api/v1/repos/${repo}/issues/${issueId}/comments \
| jq -c '[ .[] | select(.user.login=="jenkins") ] | .[${commentIndex}] | .id' \
)
fi
# Génération du payload pour l'API Gitea # Génération du payload pour l'API Gitea
echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json echo '{}' | jq -c --rawfile body .prComment '.body = \$body' > payload.json
@ -41,64 +37,4 @@ def commentPullRequest(String repo, String issueId, String comment, Integer comm
fi fi
""" """
} }
} }
// Effectue une "release" sur Gitea pour le <ORG>/<PROJET> donné.
def release(String credentialsId, String org, String project, Map options = [:]) {
def isDraft = options.get('isDraft', false)
def baseUrl = options.get('baseUrl', 'https://forge.cadoles.com')
def defaultVersion = sh(returnStdout: true, script: 'git describe --always').trim()
def releaseVersion = options.get('releaseVersion', defaultVersion)
def releaseName = options.get('releaseName', releaseVersion)
def commitishTarget = options.get('commitishTarget', env.GIT_COMMIT)
def defaultIsPrerelease = true
try {
sh(script: "git describe --exact-match ${GIT_COMMIT}")
defaultIsPrerelease = false
} catch (err) {
println "Could not find tag associated with commit '${GIT_COMMIT}' ! Using 'prerelease' as default."
}
def isPrerelease = options.get('isPrerelease', defaultIsPrerelease)
def body = options.get('body', '')
def attachments = options.get('attachments', [])
def scriptTempDir = ".gitea-release-script-${System.currentTimeMillis()}"
sh("mkdir -p '${scriptTempDir}'")
def giteaReleaseScript = "${scriptTempDir}/gitea-release.sh"
def giteaReleaseScriptContent = libraryResource 'com/cadoles/gitea/gitea-release.sh'
writeFile file: giteaReleaseScript, text:giteaReleaseScriptContent
sh("chmod +x '${giteaReleaseScript}'")
try {
withCredentials([
usernamePassword(
credentialsId: credentialsId,
usernameVariable: 'GITEA_RELEASE_USERNAME',
passwordVariable: 'GITEA_RELEASE_PASSWORD'
)
]) {
sh """
export GITEA_RELEASE_PROJECT="${project}"
export GITEA_RELEASE_ORG="${org}"
export GITEA_RELEASE_BASE_URL="${baseUrl}"
export GITEA_RELEASE_VERSION="${releaseVersion}"
export GITEA_RELEASE_NAME="${releaseName}"
export GITEA_RELEASE_COMMITISH_TARGET="${commitishTarget}"
export GITEA_RELEASE_IS_DRAFT="${isDraft}"
export GITEA_RELEASE_IS_PRERELEASE="${isPrerelease}"
export GITEA_RELEASE_BODY="${body}"
export GITEA_RELEASE_ATTACHMENTS="${attachments.join(' ')}"
${giteaReleaseScript}
"""
}
} finally {
dir(scriptTempDir) {
deleteDir()
}
}
}

46
vars/gomplate.groovy
View File

@ -1,46 +0,0 @@
void call(String sourceTemplate, String destFile, Map env = [:], Map options = [:]) {
String gomplateBin = getOrInstallGomplate(options)
sh """
${exportEnvMap(env)}
${gomplateBin} -f '${sourceTemplate}' > '${destFile}'
"""
}
String exportEnvMap(Map env) {
String exports = ''
env.each { item ->
exports = """
${exports}
export ${item.key}="${item.value}"
"""
}
return exports
}
String getOrInstallGomplate(Map options = [:]) {
String installDir = options.get('installDir', '/usr/local/bin')
String version = options.get('version', '3.10.0')
Boolean forceDownload = options.get('forceDownload', false)
String downloadUrl = options.get('downloadUrl', "https://github.com/hairyhenderson/gomplate/releases/download/v${version}/gomplate_linux-amd64")
String gomplateBin = ''
lock("${env.NODE_NAME}:gomplate-install") {
gomplateBin = sh(returnStdout: true, script: 'which gomplate || exit 0').trim()
if (gomplateBin == '' || forceDownload) {
sh("""
mkdir -p '${installDir}'
curl -o '${installDir}/gomplate' -sSL '${downloadUrl}'
chmod +x '${installDir}/gomplate'
""")
gomplateBin = "${installDir}/gomplate"
}
}
return gomplateBin
}

12
vars/hook.groovy
View File

@ -1,19 +1,15 @@
def call(String name) { def call(String name) {
def filepath = "${env.WORKSPACE}/.jenkins/${name}.groovy" def rootDir = pwd()
def filepath = "${rootDir}/.jenkins/${name}.groovy"
def exists = fileExists(filepath) def exists = fileExists(filepath)
if (!exists) { if (!exists) {
println("No hook '${filepath}' script. Skipping.") println("No hook '${filepath}' script. Skipping.")
return return
} }
def hook = load(filepath) def hook = load(filepath)
if(hook.metaClass.respondsTo(hook, 'exec')) {
if (hook == null) {
error("Hook '${filepath}' seems to be null. Did you forget to add 'return this' at the end of the script ?")
}
if (hook.metaClass.respondsTo(hook, 'exec')) {
hook.exec() hook.exec()
} else { } else {
error("Hook script '${filepath}' exists but does not expose an exec() function.") error("Hook script '${filepath}' exists but does not expose an exec() function.")
} }
} }

37
vars/nfpm.groovy
View File

@ -1,37 +0,0 @@
/**
* Générer des paquets Debian, RPM, Alpine (ipk) via nfpm
* Voir See https://nfpm.goreleaser.com/
*
* Options:
* - installDir - Répertoire d'installation du binaire nfpm, par défaut /usr/local/bin
* - version - Version de nfpm à installer, par défaut 2.15.1
* - forceDownload - Forcer l'installation de nfpm, par défaut false
* - config - Fichier de configuration nfpm à utiliser, par défaut nfpm.yaml
* - target - Répertoire cible pour nfpm, par défaut ./dist
* - packager - Limiter l'exécution de nfpm à un packager spécifique, par défaut "deb" (i.e. pas de limitation)
*/
void call(Map options = [:]) {
String installDir = options.get('installDir', '/usr/local/bin')
String version = options.get('version', '2.20.0')
Boolean forceDownload = options.get('forceDownload', false)
String downloadUrl = options.get('downloadUrl', "https://github.com/goreleaser/nfpm/releases/download/v${version}/nfpm_${version}_Linux_x86_64.tar.gz")
String config = options.get('config', 'nfpm.yaml')
String target = options.get('target', env.WORKSPACE + '/dist')
String packager = options.get('packager', 'deb')
String nfpmBin = sh(returnStdout: true, script: 'which nfpm || exit 0').trim()
if (nfpmBin == '' || forceDownload) {
sh("""
mkdir -p '${installDir}'
curl -L '${downloadUrl}' > /tmp/nfpm.tar.gz
tar -C /usr/local/bin -xzf /tmp/nfpm.tar.gz
""")
nfpmBin = "${installDir}/nfpm"
}
sh("""
mkdir -p '${target}'
${nfpmBin} package --config '${config}' ${packager ? '--packager ' + packager : ''} --target '${target}'
""")
}

44
vars/podman.groovy
View File

@ -1,44 +0,0 @@
void buildCadolesPodPackage(String imageName, String imageTag, Map options = [:]) {
String destDir = options.get('destDir', env.WORKSPACE + '/dist')
Map nfpmOptions = options.get('nfpmOptions', [:])
nfpmOptions['target'] = destDir
Map env = options.get('env', [:])
env['IMAGE_NAME'] = imageName
env['IMAGE_TAG'] = imageTag
withPodmanPackagingTempDir {
gomplate('post-install.sh.gotmpl', 'post-install.sh', env)
gomplate('pod.service.gotmpl', 'pod.service', env)
gomplate('pod.conf.gotmpl', 'pod.conf', env)
gomplate('nfpm.yaml.gotmpl', 'nfpm.yaml', env)
nfpm(nfpmOptions)
}
}
void withPodmanPackagingTempDir(Closure fn) {
File tempDir = File.createTempDir()
tempDir.deleteOnExit()
tempDir.mkdirs()
dir(tempDir.getAbsolutePath()) {
List<String> resources = [
'com/cadoles/podman/nfpm.yaml.gotmpl',
'com/cadoles/podman/pod.conf.gotmpl',
'com/cadoles/podman/pod.service.gotmpl',
'com/cadoles/podman/post-install.sh.gotmpl',
]
for (res in resources) {
String fileContent = libraryResource res
String fileName = res.substring(res.lastIndexOf('/') + 1)
writeFile file:fileName, text:fileContent
}
fn()
}
}

117
vars/pulp.groovy
View File

@ -1,117 +0,0 @@
import groovy.json.JsonOutput
def exportPackages(
String credentials,
List packages = [],
String pulpHost = 'pulp.bbohard.lan'
) {
def exportTasks = []
packages.each {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/content/deb/packages/", httpMode: 'POST', ignoreSslErrors: true, multipartName: "file", timeout: 900, responseHandle: 'NONE', uploadFile: "${it}"
jsonResponse = readJSON text: response.content
println(jsonResponse)
exportTasks << jsonResponse['task']
}
return exportTasks
}
def getRepositoryHREF(
String credentials,
String repositoryLevel = 'dev',
String pulpHost = 'pulp.bbohard.lan'
) {
def repositoriesMapping = ['dev': 'Cadoles4MSE']
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/repositories/deb/apt/", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
println(jsonResponse)
def repositories = jsonResponse.results
def repositoryHREF = repositories.find { it -> it['name'] == repositoriesMapping[repositoryLevel] }
return repositoryHREF.pulp_href
}
def addToRepository(
String credentials,
List packagesHREF,
String repositoryHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def packagesHREFURL = ["add_content_units": packagesHREF.collect { "https://$pulpHost$it" }]
def postBody = JsonOutput.toJson(packagesHREFURL)
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${repositoryHREF}modify/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "100:599"
def jsonResponse = readJSON text: response.content
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def publishRepository(
String credentials,
String repositoryHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def postBody = JsonOutput.toJson(["repository": repositoryHREF, "simple": true])
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/publications/deb/apt/", httpMode: 'POST', requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
println(jsonResponse)
return waitForTaskCompletion(credentials, jsonResponse.task)
}
def distributePublication(
String credentials,
String publicationHREF,
String distributionName,
String basePath,
String pulpHost = 'pulp.bbohard.lan',
String contentGuard = null
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}/pulp/api/v3/distributions/deb/apt/", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
def httpMode = ''
def url = ''
def distribution = jsonResponse.results.find { it -> it.name == distributionName}
if (distribution) {
httpMode = 'PUT'
url = distribution.pulp_href
} else {
httpMode = 'POST'
url = '/pulp/api/v3/distributions/deb/apt/'
}
def postBody = JsonOutput.toJson(["publication": publicationHREF, "name": distributionName, "base_path": basePath, "content_guard": contentGuard])
response = httpRequest authentication: credentials, url: "https://${pulpHost}${url}", httpMode: httpMode, requestBody: postBody, contentType: 'APPLICATION_JSON', ignoreSslErrors: true, validResponseCodes: "100:599"
jsonResponse = readJSON text: response.content
if (distribution) {
waitForTaskCompletion(credentials, jsonResponse.task)
return [url]
} else {
return waitForTaskCompletion(credentials, jsonResponse.task)
}
}
def waitForTaskCompletion(
String credentials,
String taskHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def status = ''
def created_resources = []
while (status != 'completed') {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${taskHREF}", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
status = jsonResponse.state
if (status == 'completed') {
created_resources = jsonResponse.created_resources
}
sleep(10)
}
return created_resources
}
def getDistributionURL(
String credentials,
String resourceHREF,
String pulpHost = 'pulp.bbohard.lan'
) {
def response = httpRequest authentication: credentials, url: "https://${pulpHost}${resourceHREF}", httpMode: 'GET', ignoreSslErrors: true
def jsonResponse = readJSON text: response.content
println(jsonResponse)
return jsonResponse.base_url
}

95
vars/symfonyAppPipeline.groovy
View File

@ -1,58 +1,45 @@
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
def call(String baseImage = 'ubuntu:22.04', Map options = [:]) { def call(String baseImage = "ubuntu:22.04") {
Map hooks = options.get('hooks', [:])
String jobHistory = options.get('jobHistory', '10')
node { node {
properties([ stage("Checkout project") {
buildDiscarder(logRotator(daysToKeepStr: jobHistory, numToKeepStr: jobHistory)),
])
stage('Cancel older jobs') {
def buildNumber = env.BUILD_NUMBER as int
if (buildNumber > 1) milestone(buildNumber - 1)
milestone(buildNumber)
}
stage('Checkout project') {
checkout(scm) checkout(scm)
} }
stage('Run pre hooks') {
runHook(hooks, 'preSymfonyAppPipeline')
}
stage('Run in Symfony image') { stage('Run in Symfony image') {
def symfonyImage = buildDockerImage(baseImage, hooks) def symfonyImage = buildDockerImage(baseImage)
symfonyImage.inside() { symfonyImage.inside() {
def repo = env.JOB_NAME def repo = env.JOB_NAME
if (env.BRANCH_NAME ==~ /^PR-.*$/) { if (env.BRANCH_NAME ==~ /^PR-.*$/) {
repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}" repo = env.JOB_NAME - "/${env.JOB_BASE_NAME}"
} }
stage('Install composer dependencies') { stage("Install composer dependencies") {
sh ''' sh '''
symfony composer install composer install
''' '''
} }
parallel([ parallel([
'php-security-check': { 'php-security-check': {
stage('Check PHP security issues') { stage("Check PHP security issues") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') { catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
def auditReport = sh(script: 'local-php-security-checker --format=markdown || true', returnStdout: true) def auditReport = sh(script: "local-php-security-checker --format=markdown || true", returnStdout: true)
if (auditReport.trim() != '') { if (auditReport.trim() != "") {
if (env.CHANGE_ID) { if (env.CHANGE_ID) {
gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport) gitea.commentPullRequest(repo, env.CHANGE_ID, auditReport, 0)
} else { } else {
print auditReport print auditReport
} }
} }
if (!auditReport.contains('No packages have known vulnerabilities.')) { if (!auditReport.contains("No packages have known vulnerabilities.")) {
throw new Exception('Dependencies check failed !') throw new Exception("Dependencies check failed !")
} }
} }
} }
}, },
'php-cs-fixer': { 'php-cs-fixer': {
stage('Run PHP-CS-Fixer on modified code') { stage("Run PHP-CS-Fixer on modified code") {
catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') { catchError(buildResult: 'FAILURE', stageResult: 'FAILURE') {
if ( !fileExists('.php-cs-fixer.dist.php') ) { if ( !fileExists('.php-cs-fixer.dist.php') ) {
def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php' def phpCsFixerConfig = libraryResource 'com/cadoles/symfony/.php-cs-fixer.dist.php'
@ -62,11 +49,11 @@ def call(String baseImage = 'ubuntu:22.04', Map options = [:]) {
sh ''' sh '''
CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ") CHANGED_FILES=$(git diff --name-only --diff-filter=ACMRTUXB "HEAD~..HEAD" | fgrep ".php" | tr "\n" " ")
if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi if ! echo "${CHANGED_FILES}" | grep -qE "^(\\.php-cs-fixer(\\.dist)\\.php?|composer\\.lock)$"; then EXTRA_ARGS=$(printf -- '--path-mode=intersection -- %s' "${CHANGED_FILES}"); else EXTRA_ARGS=''; fi
symfony php $(which php-cs-fixer) fix --config=.php-cs-fixer.dist.php -v --dry-run --using-cache=no --format junit ${EXTRA_ARGS} > php-cs-fixer.xml || true php-cs-fixer fix -v --dry-run --using-cache=no --format junit > php-cs-fixer.xml ${EXTRA_ARGS}
''' '''
def report = sh(script: 'junit2md php-cs-fixer.xml', returnStdout: true) def report = sh(script: "junit2md php-cs-fixer.xml", returnStdout: true)
if (env.CHANGE_ID) { if (env.CHANGE_ID) {
gitea.commentPullRequest(repo, env.CHANGE_ID, report) gitea.commentPullRequest(repo, env.CHANGE_ID, report, 1)
} else { } else {
print report print report
} }
@ -74,20 +61,20 @@ def call(String baseImage = 'ubuntu:22.04', Map options = [:]) {
} }
}, },
'phpstan': { 'phpstan': {
stage('Run phpstan') { stage("Run phpstan") {
catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') { catchError(buildResult: 'UNSTABLE', stageResult: 'FAILURE') {
if ( !fileExists('phpstan.neon') ) { if ( !fileExists('phpstan.neon') ) {
def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon' def phpStanConfig = libraryResource 'com/cadoles/symfony/phpstan.neon'
writeFile file:'phpstan.neon', text:phpStanConfig writeFile file:'phpstan.neon', text:phpStanConfig
} }
sh ''' sh '''
symfony php $(which phpstan) analyze -l 1 --error-format=table src > phpstan.txt || true phpstan analyze -l 1 --error-format=table src > phpstan.txt || true
''' '''
def report = sh(script: 'cat phpstan.txt', returnStdout: true) def report = sh(script: "cat phpstan.txt", returnStdout: true)
report = '## Rapport PHPStan\n\n```\n' + report report = "## Rapport PHPStan\n\n```\n" + report
report = report + '\n```\n' report = report + "\n```\n"
if (env.CHANGE_ID) { if (env.CHANGE_ID) {
gitea.commentPullRequest(repo, env.CHANGE_ID, report) gitea.commentPullRequest(repo, env.CHANGE_ID, report, 2)
} else { } else {
print report print report
} }
@ -97,38 +84,32 @@ def call(String baseImage = 'ubuntu:22.04', Map options = [:]) {
]) ])
} }
} }
stage('Run post hooks') {
runHook(hooks, 'postSymfonyAppPipeline')
}
} }
} }
void buildDockerImage(String baseImage, Map hooks) { def buildDockerImage(String baseImage) {
def imageName = 'cadoles-symfony-ci' def imageName = "cadoles-symfony-ci"
dir(".${imageName}") { dir (".${imageName}") {
def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile' def dockerfile = libraryResource 'com/cadoles/symfony/Dockerfile'
writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile writeFile file:'Dockerfile', text: "FROM ${baseImage}\n\n" + dockerfile
def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh' def addLetsEncryptCA = libraryResource 'com/cadoles/common/add-letsencrypt-ca.sh'
writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA writeFile file:'add-letsencrypt-ca.sh', text:addLetsEncryptCA
runHook(hooks, 'buildSymfonyImage')
def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-') def safeJobName = URLDecoder.decode(env.JOB_NAME).toLowerCase().replace('/', '-').replace(' ', '-')
def imageTag = "${safeJobName}-${env.BUILD_ID}" def imageTag = "${safeJobName}-${env.BUILD_ID}"
return docker.build("${imageName}:${imageTag}", '.') return docker.build("${imageName}:${imageTag}", ".")
} }
} }
void runHook(Map hooks, String name) { def when(boolean condition, body) {
if (!hooks[name]) { def config = [:]
println("No hook '${name}' defined. Skipping.") body.resolveStrategy = Closure.OWNER_FIRST
return body.delegate = config
}
if (hooks[name] instanceof Closure) { if (condition) {
hooks[name]() body()
} else { } else {
error("Hook '${name}' seems to be defined but is not a closure !") Utils.markStageSkippedForConditional(STAGE_NAME)
} }
} }

13
vars/utils.groovy
View File

@ -1,13 +0,0 @@
import org.jenkinsci.plugins.pipeline.modeldefinition.Utils
void when(Boolean condition, body) {
Map config = [:]
body.resolveStrategy = Closure.OWNER_FIRST
body.delegate = config
if (condition) {
body()
} else {
Utils.markStageSkippedForConditional(STAGE_NAME)
}
}