forked from jenkins-infra/packer-images
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Jenkinsfile_k8s
278 lines (270 loc) · 10.8 KB
/
Jenkinsfile_k8s
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
// The node to be used depends on the build type: this function executes the pipeline code block provided as "body"
// into the correct node type based on the provided arguments
def withPackerNode(String packer_template, String compute_type, String cpu_architecture, Closure body) {
// Build ARM64 CPU Docker images on a native machine (faster than using the local qemu)
if (cpu_architecture == 'arm64' && compute_type == 'docker') {
node('linux-arm64-docker') {
// New agent workspace specified as scripted requires an explicit checkout (compared to declarative)
checkout scm
// New agent means new packer project to initialize (plugins)
packerInitPlugins()
return body.call()
}
} else {
// No node allocation: keep the same default agent node (e.g. declarative top-level)
return body.call()
}
}
// Initialize the packer project by installing the plugins in $PACKER_HOME_DIR/ - ref. https://www.packer.io/docs/configure
// This function must be called for each distinct agent but only one time (as plugins are OS and CPU specifics)
def packerInitPlugins() {
// Authenticating to the GitHub API with an API token (auto-generated IAT, valid for 1 hour) provided to the environment variable PACKER_GITHUB_API_TOKEN
// to avoid hitting the rate limit. Ref. https://www.packer.io/docs/commands/init.
withCredentials([usernamePassword(credentialsId: 'github-app-infra',usernameVariable: 'UNUSED',passwordVariable: 'PACKER_GITHUB_API_TOKEN')]) {
// Cleanup any remnant of packer plugins on this agent
sh 'rm -rf /home/jenkins/.config /home/jenkins/.packer*'
sh 'packer init ./'
}
}
if (env.BRANCH_IS_PRIMARY) {
properties([
buildDiscarder(logRotator(numToKeepStr: '10')),
// Daily build is enough: only the tagged build would generate downstream PRs on jenkins-infra
pipelineTriggers([cron('@daily')]),
// Do not build concurently on the principal branch (to avoid Azure ARM issues with shared resources)
disableConcurrentBuilds(),
])
}
final String podAgentDefinition = '''
apiVersion: v1
kind: Pod
spec:
automountServiceAccountToken: false
containers:
- name: jnlp
image: jenkinsciinfra/hashicorp-tools:latest
'''
pipeline {
agent {
// Default agent for all the packer steps: needs Docker on amd64 Linux
// Only a few matrix cells requires another kind of agent other than this default
label "linux-amd64-docker"
}
options {
// Average build time is ~50 min but windows can takes 45min of updates on AWS
timeout(time: 120, unit: 'MINUTES')
}
environment {
// To allow using ASDF shims
PATH = "${env.PATH}:/home/jenkins/.asdf/shims:/home/jenkins/.asdf/bin"
}
stages {
stage('Side Tasks') {
environment {
DRYRUN = "${env.BRANCH_IS_PRIMARY ? 'false' : 'true'}"
}
parallel {
stage('Packer Init') {
steps {
// Call the initializing function once for the default agent
script {
packerInitPlugins()
}
}
}
stage('GC on AWS us-east-2') {
agent {
kubernetes {
yaml podAgentDefinition
}
}
environment {
AWS_ACCESS_KEY_ID = credentials('packer-aws-access-key-id')
AWS_SECRET_ACCESS_KEY = credentials('packer-aws-secret-access-key')
AWS_DEFAULT_REGION = 'us-east-2'
}
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh './cleanup/aws.sh'
sh './cleanup/aws_images.sh'
}
}
}
stage('GC on Azure') {
agent {
kubernetes {
yaml podAgentDefinition
}
}
environment {
PACKER_AZURE = credentials('packer-azure-serviceprincipal')
}
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
sh 'az login --service-principal -u "$PACKER_AZURE_CLIENT_ID" -p "$PACKER_AZURE_CLIENT_SECRET" -t "$PACKER_AZURE_TENANT_ID"'
sh 'az account set -s "$PACKER_AZURE_SUBSCRIPTION_ID"'
sh './cleanup/azure.sh'
}
}
}
stage('Updatecli') {
steps {
catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
script {
// TODO: Implement https://github.com/jenkins-infra/pipeline-library/issues/518 to allow using the updatecli() library function
withCredentials([
usernamePassword(
credentialsId: 'github-app-updatecli-on-jenkins-infra',
usernameVariable: 'USERNAME_VALUE', // Setting this variable is mandatory, even if of not used when the credentials is a githubApp one
passwordVariable: 'UPDATECLI_GITHUB_TOKEN'
)
]) {
sh 'updatecli diff --values ./updatecli/values.yaml --config ./updatecli/updatecli.d'
if (env.BRANCH_IS_PRIMARY) {
sh 'updatecli apply --values ./updatecli/values.yaml --config ./updatecli/updatecli.d'
}
}
}
}
}
}
}
}
stage('Packer Images') {
matrix {
axes {
axis {
name 'cpu_architecture'
values 'amd64', 'arm64'
}
axis {
name 'agent_type'
values 'ubuntu-20.04', 'windows-2019', 'windows-2022'
}
axis {
name 'compute_type'
// "azure-arm" stands for "Azure Resource Manager", unrelated to arm64 CPU
values 'amazon-ebs', 'azure-arm', 'docker'
}
}
excludes {
// Do NOT build ARM images in Azure
exclude {
axis {
name 'cpu_architecture'
values 'arm64'
}
axis {
name 'compute_type'
values 'azure-arm'
}
}
// Only build Ubuntu images for arm64 CPU in AWS
exclude {
axis {
name 'cpu_architecture'
values 'arm64'
}
axis {
name 'agent_type'
notValues 'ubuntu-20.04'
}
axis {
name 'compute_type'
values 'amazon-ebs'
}
}
// No build on Windows or Docker, not yet implemented
exclude {
axis {
name 'agent_type'
values 'windows-2019'
}
axis {
name 'compute_type'
values 'docker'
}
}
exclude {
axis {
name 'agent_type'
values 'windows-2022'
}
axis {
name 'compute_type'
values 'docker'
}
}
// Temp. exclusion until https://github.com/jenkins-infra/packer-images/issues/396 is fixed
exclude {
axis {
name 'agent_type'
values 'windows-2022'
}
axis {
name 'compute_type'
values 'amazon-ebs'
}
}
}
environment {
AWS_ACCESS_KEY_ID = credentials('packer-aws-access-key-id')
AWS_SECRET_ACCESS_KEY = credentials('packer-aws-secret-access-key')
// Defines the following environment variables: AZURE_CLIENT_ID, AZURE_CLIENT_SECRET, AZURE_TENANT_ID, AZURE_SUBSCRIPTION_ID
// Ref. https://plugins.jenkins.io/azure-credentials/#plugin-content-declarative-pipeline
AZURE = credentials('packer-azure-serviceprincipal')
// // Split packer plugins/configuration for each matrix cell - ref. https://www.packer.io/docs/configure
// PACKER_PLUGIN_PATH = "${env.WORKSPACE}/plugins"
// Define Packer Input variables through environment variables prefixed with 'PKR_VAR_'
// Ref. https://www.packer.io/docs/templates/hcl_templates/variables#assigning-values-to-build-variables
PKR_VAR_build_type = "${env.TAG_NAME ? 'prod' : (env.BRANCH_IS_PRIMARY ? 'staging' : 'dev') }"
PKR_VAR_image_version = "${env.TAG_NAME ?: ''}"
PKR_VAR_scm_ref = "${env.GIT_COMMIT}"
PKR_VAR_agent_os_type = "${env.agent_type.split('-')[0]}"
PKR_VAR_agent_os_version = "${env.agent_type.split('-')[1]}"
PKR_VAR_architecture = "${env.cpu_architecture}"
PKR_VAR_image_type = "${env.compute_type}"
PATH = "${WORKSPACE}/.bin:${env.PATH}" // Required if packer needs to be installed
}
stages {
stage('Build Template') {
steps {
script {
// Groovy quirk: create a local copy of these variables in the current loop context, as it matters for the closue scope below
// Otherwise the environment variables will be mixed between all the parallel stages, creating weird combinations
// - https://stackoverflow.com/questions/22145763/iterate-and-print-content-of-groovy-closures
// - http://archive.comsystoreply.de/blog-post/parallel-builds-with-jenkins-pipeline
final String pkr_var_agent_os_type = agent_type.split('-')[0]
final String pkr_var_agent_os_version = agent_type.split('-')[1]
final String pkr_var_architecture = cpu_architecture
final String pkr_var_image_type = compute_type
withPackerNode(pkr_var_agent_os_type + '-' + pkr_var_agent_os_version , pkr_var_image_type, pkr_var_architecture) {
// Validate template (for all elements)
sh 'PACKER_LOG=1 packer validate ./'
// Execute build only for this matrix cell's setup
retry(count: 2, conditions: [kubernetesAgent(handleNonKubernetes: true), nonresumable()]) {
sh 'packer build -timestamp-ui -force -only="${PKR_VAR_image_type}.${PKR_VAR_agent_os_type}" ./'
}
}
}
}
}
stage('Publish Docker image') {
when {
environment name: 'compute_type', value: 'docker'
buildingTag()
}
steps {
script {
echo "Pushing jenkinsciinfra/jenkins-agent-${agent_type}:${TAG_NAME} & jenkinsciinfra/jenkins-agent-${agent_type}:latest"
infra.withDockerPushCredentials {
sh 'docker push --all-tags jenkinsciinfra/jenkins-agent-${agent_type}'
}
}
}
}
}
}
}
}
}