From d4637b26bc17d8b324ff05f6afc0d6bf08137628 Mon Sep 17 00:00:00 2001 From: William Petit Date: Wed, 6 Dec 2023 15:45:25 +0100 Subject: [PATCH] feat: generate and publish artefacts via jenkins --- .gitignore | 2 + Jenkinsfile | 29 +++++++++++++ Makefile | 67 +++++++++++++++++++------------ misc/{dokku => docker}/Dockerfile | 2 +- 4 files changed, 74 insertions(+), 26 deletions(-) create mode 100644 Jenkinsfile rename misc/{dokku => docker}/Dockerfile (91%) diff --git a/.gitignore b/.gitignore index d9bfdf8..b36affe 100644 --- a/.gitignore +++ b/.gitignore @@ -4,3 +4,5 @@ /.vscode /tools /.mktools +.mktools/ +/release diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..455e1d2 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,29 @@ +@Library('cadoles') _ + +// Utilisation du pipeline "standard" +// Voir https://forge.cadoles.com/Cadoles/Jenkins/src/branch/master/doc/tutorials/standard-make-pipeline.md +standardMakePipeline([ + 'dockerfileExtension': ''' + RUN apt-get update \ + && apt-get install -y zip jq + + RUN wget https://go.dev/dl/go1.21.5.linux-amd64.tar.gz \ + && rm -rf /usr/local/go \ + && tar -C /usr/local -xzf go1.21.5.linux-amd64.tar.gz + + ENV PATH="${PATH}:/usr/local/go/bin" + ''', + 'hooks': [ + 'pre-release': { + // Login into docker registry + sh ''' + make .mktools + echo "$MKT_GITEA_RELEASE_PASSWORD" | docker login --username "$MKT_GITEA_RELEASE_USERNAME" --password-stdin reg.cadoles.com + ''' + } + ], + // Use credentials to push images to registry and pubish gitea release + 'credentials': [ + usernamePassword(credentialsId: 'kipp-credentials', usernameVariable: 'MKT_GITEA_RELEASE_USERNAME', passwordVariable: 'MKT_GITEA_RELEASE_PASSWORD') + ] +]) \ No newline at end of file diff --git a/Makefile b/Makefile index 47c78e6..e7ab84b 100644 --- a/Makefile +++ b/Makefile @@ -1,7 +1,19 @@ -DOKKU_HOST := dokku@dev.lookingfora.name SHELL := /bin/bash -DOCKER_IMAGE_NAME ?= reg.cadoles.com/cadoles/oidc-test -DOCKER_IMAGE_TAG ?= $(MKT_PROJECT_VERSION) + +IMAGE_NAME ?= reg.cadoles.com/cadoles/oidc-test + +MKT_GITEA_RELEASE_ORG ?= Cadoles +MKT_GITEA_RELEASE_PROJECT ?= goweb-oidc +MKT_GITEA_RELEASE_VERSION ?= $(MKT_PROJECT_VERSION) + +define MKT_GITEA_RELEASE_BODY +## Docker usage + +``` +docker pull $(IMAGE_NAME):$(MKT_PROJECT_VERSION) +``` +endef +export MKT_GITEA_RELEASE_BODY build: CGO_ENABLED=0 go build -v -o ./bin/server ./cmd/server @@ -9,9 +21,6 @@ build: test: go test -v -race ./... -release: - @$(SHELL) ./misc/script/release.sh - tidy: go mod tidy @@ -26,32 +35,40 @@ clean: rm -rf data rm -rf bin -dokku-build: +build-image: docker build \ - -f ./misc/dokku/Dockerfile \ - -t goweb-oidc-dokku:latest \ + -t "${IMAGE_NAME}:latest" \ + -f ./misc/docker/Dockerfile \ . -dokku-run: - docker run -it --rm -p 3002:3002 goweb-oidc-dokku:latest +scan: build-image tools/trivy/bin/trivy + mkdir -p .trivy + tools/trivy/bin/trivy --cache-dir .trivy/.cache image --ignorefile .trivyignore.yaml $(TRIVY_ARGS) $(IMAGE_NAME):latest + +tools/trivy/bin/trivy: + mkdir -p tools/trivy/bin + curl -sfL https://raw.githubusercontent.com/aquasecurity/trivy/main/contrib/install.sh | sh -s -- -b ./tools/trivy/bin v0.47.0 -dokku-deploy: - $(if $(shell git config remote.dokku-oidc-test.url),, git remote add dokku-oidc-test $(DOKKU_HOST):oidc-test) - git push -f dokku-oidc-test $(shell git rev-parse HEAD):refs/heads/master +release: release-image release-gitea -docker-build: .mktools - docker build \ - -f ./misc/dokku/Dockerfile \ - -t $(DOCKER_IMAGE_NAME):latest \ - . +release-archive: + @$(SHELL) ./misc/script/release.sh -docker-release: .mktools docker-build - docker image tag $(DOCKER_IMAGE_NAME):latest $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) - docker login - docker push $(DOCKER_IMAGE_NAME):$(DOCKER_IMAGE_TAG) - docker push $(DOCKER_IMAGE_NAME):latest +release-gitea: .mktools release-archive + @[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 ) + $(MAKE) MKT_GITEA_RELEASE_ATTACHMENTS="$$(find release/* -maxdepth 0 -type f -printf '%p ')" mkt-gitea-release -.PHONY: lint watch build vendor tidy release +release-image: .mktools build-image + @[ ! -z "$(MKT_PROJECT_VERSION)" ] || ( echo "Just downloaded mktools. Please re-run command."; exit 1 ) + docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_VERSION)" + docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_SHORT_VERSION)" + docker tag "${IMAGE_NAME}:latest" "${IMAGE_NAME}:$(MKT_PROJECT_VERSION_CHANNEL)-latest" + + docker push "${IMAGE_NAME}:$(MKT_PROJECT_VERSION)" + docker push "${IMAGE_NAME}:$(MKT_PROJECT_SHORT_VERSION)" + docker push "${IMAGE_NAME}:$(MKT_PROJECT_VERSION_CHANNEL)-latest" + +.PHONY: lint watch build tidy release .PHONY: mktools mktools: diff --git a/misc/dokku/Dockerfile b/misc/docker/Dockerfile similarity index 91% rename from misc/dokku/Dockerfile rename to misc/docker/Dockerfile index 47a31b8..7eabaed 100644 --- a/misc/dokku/Dockerfile +++ b/misc/docker/Dockerfile @@ -11,7 +11,7 @@ COPY . /src WORKDIR /src -RUN make ARCH_TARGETS=amd64 release +RUN make ARCH_TARGETS=amd64 release-archive FROM alpine as certs