From 38d3bb716ddfb47726e754784b4c79e3890ebad0 Mon Sep 17 00:00:00 2001 From: Nemric <56299157+Nemric@users.noreply.github.com> Date: Thu, 23 Nov 2023 18:43:38 +0100 Subject: [PATCH] Initial commit --- Jenkinsfile | 158 ++++++++++++++++++++++++++++++++++++++++++++++++++++ Update.sh | 89 +++++++++++++++++++++++++++++ coreos.json | 1 + 3 files changed, 248 insertions(+) create mode 100644 Jenkinsfile create mode 100755 Update.sh create mode 100644 coreos.json diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..daf24ce --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,158 @@ +def updated = false; + +pipeline { + triggers { + cron(env.BRANCH_NAME == 'main' ? 'H H * * 4' : '') + } + + agent { + label 'Linux' + } + + environment { + ARTEFACTS_SERVER = credentials ('deployment-server') + ARTEFACTS_PATH="/media/img/coreos" + ARTEFACTS_VERSIONS = "coreos.json" + } + + stages { + stage('Initialize') { + parallel { + stage('Advertise start of build') { + steps { + slackSend color: "#4675b1", message: "${env.JOB_NAME} build #${env.BUILD_NUMBER} started :fire: (<${env.RUN_DISPLAY_URL}|Open>)" + } + } + + stage('Print environments variables') { + steps { + sh 'printenv | sort' + } + } + } + } + + stage('Set up prerequisites') { + parallel { + stage('Get ssh host key') { + steps { + sh ''' + [ -d ~/.ssh ] || mkdir ~/.ssh && chmod 0700 ~/.ssh && touch ~/.ssh/known_hosts + if !(ssh-keygen -F $ARTEFACTS_SERVER) + then + ssh-keyscan -t ed25519 $ARTEFACTS_SERVER >> ~/.ssh/known_hosts + fi + ''' + } + } + + stage('Get fedora pgp keys') { + steps { + sh 'curl --no-progress-meter https://fedoraproject.org/fedora.gpg | gpg --import' + } + } + + stage('Get last version') { + steps { + sshagent(credentials: ['Jenkins-Key']) { + sh ''' + if ssh jenkins@$ARTEFACTS_SERVER ls $ARTEFACTS_PATH/$ARTEFACTS_VERSIONS + then + scp jenkins@$ARTEFACTS_SERVER:/$ARTEFACTS_PATH/$ARTEFACTS_VERSIONS ./$ARTEFACTS_VERSIONS + fi + ''' + } + } + } + } + } + + stage("Download ... Upload") { + matrix { + axes { + axis { + name 'STREAM' + values 'stable', 'next', 'testing' + } + axis { + name 'ARCH' + values 'x86_64', 'aarch64' + } + axis { + name 'ARTIFACT' + values 'metal' + } + axis { + name 'FORMAT' + values 'pxe' + } + } + + excludes { + exclude { + axis { + name 'STREAM' + values 'testing' + } + } + + exclude { + axis { + name 'ARCH' + values 'aarch64' + } + } + } + + stages { + stage("Getting CoreOS artefacts") { + steps { + sh ''' + ./Update.sh --stream $STREAM --arch $ARCH --artifact $ARTIFACT --format $FORMAT --verbose true + ''' + } + } + + stage("Upload Files") { + when { expression { return findFiles(glob: "*.${STREAM}").length > 0 } } + steps { + sshagent(credentials: ['Jenkins-Key']) { + sh ''' + echo uploading *.$STREAM files + scp *.$STREAM jenkins@$ARTEFACTS_SERVER:/media/img/coreos/ + ''' + script { updated = true } + } + } + } + } + } + } + + stage("Upload versions update") { + when { expression { updated == true } } + steps { + sshagent(credentials: ['Jenkins-Key']) { + sh ''' + scp ./$ARTEFACTS_VERSIONS jenkins@$ARTEFACTS_SERVER:/$ARTEFACTS_PATH/$ARTEFACTS_VERSIONS + ''' + archiveArtifacts ARTEFACTS_VERSIONS + } + } + } + } + + post { + success { + slackSend color: "#4675b1", message: "${env.JOB_NAME} successfully built :blue_heart: !" + } + + failure { + slackSend color: "danger", message: "${env.JOB_NAME} build failed :poop: !" + } + + cleanup { + cleanWs() + } + } +} diff --git a/Update.sh b/Update.sh new file mode 100755 index 0000000..7d4bcea --- /dev/null +++ b/Update.sh @@ -0,0 +1,89 @@ +#!/bin/bash + +jqverbose() { + if $verbose; then echo $1 | jq; fi; +} + +stream="stable" +arch="x86_64" +artifact="metal" +format="pxe" +versions='coreos.json' +streampath='https://builds.coreos.fedoraproject.org/streams' +verbose=false + +while [ $# -gt 0 ]; do + case "$1" in + -s|--stream) + stream="$2" + ;; + -a|--arch) + arch="$2" + ;; + -t|--artifact) + artifact="$2" + ;; + -f|--format) + format="$2" + ;; + -v|--verbose) + verbose="$2" + ;; + *) + printf "***************************\n" + printf "* Error: Invalid argument.*\n" + printf "***************************\n" + exit 1 + esac + shift + shift +done + +data="$streampath/$stream.json" +echo "Checking updates from $stream stream at : $data" + +echo "Looking for $artifact $arch release" +data=$(curl --no-progress-meter $data | jq .architectures.$arch.artifacts.$artifact) +jqverbose "${data}" + +FCOSrelease=$(jq -n "$data" | jq --raw-output .release) +FCOSversion=$(jq --raw-output .$stream.$arch.$artifact.$format $versions) + +if [ "${FCOSversion}" = "null" ] +then + FCOSversion=0 +fi + +echo FCOSrelease: $FCOSrelease / FCOSversion: $FCOSversion + +if $(jq -n "$data" | jq --raw-output --arg version $FCOSversion '.release > $version') +then + echo "Looking for $format files" + files=$(jq -n "$data" | jq .formats.$format) #filtering $format files version + jqverbose "${files}" + for file in $(jq -n "$files" | jq --raw-output 'keys[]') #downloading all files + do + + echo "Looking for $file" + filename="$file.$format.$artifact.$arch.$stream" + fileinfo=$(jq -n "$files" | jq .$file) #filtering each file informations + jqverbose "${fileinfo}" + + for try in {1..2} #let's try 2 times downloading with correct checksum + do + echo "Downloading $(jq -n "$fileinfo" | jq --raw-output .location) to $filename" + # curl -C - --no-progress-meter --parallel \ + # -o $filename $(jq -n "$fileinfo" | jq --raw-output .location) \ + # -o $filename.sig $(jq -n "$fileinfo" | jq --raw-output .signature) #Downloading fileinfo.location and .signature + if echo "$(jq -n "$fileinfo" | jq --raw-output .sha256) $filename" | sha256sum --check && gpg --verify $filename.sig + then + break + else + rm $filename $filename.sig + fi + done + done + # cat <<< $(jq --arg release $FCOSrelease '.'$stream'.'$arch'.'$artifact'.'$format' = $release' $versions) > $versions +else + echo "Up to date, nothing to do" +fi \ No newline at end of file diff --git a/coreos.json b/coreos.json new file mode 100644 index 0000000..9e26dfe --- /dev/null +++ b/coreos.json @@ -0,0 +1 @@ +{} \ No newline at end of file