Skip to content

Commit

Permalink
Re-add release automation and include promotion
Browse files Browse the repository at this point in the history
  • Loading branch information
@ismarc
ismarc committed Aug 29, 2023
1 parent 38e61ad commit dc7ad52
Show file tree
Hide file tree
Showing 12 changed files with 171 additions and 302 deletions.
69 changes: 0 additions & 69 deletions .github/workflows/release-dev.yml
View file

This file was deleted.

43 changes: 0 additions & 43 deletions .github/workflows/release.yml
View file

This file was deleted.

4 changes: 3 additions & 1 deletion .gitignore
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,6 @@
# System directories files
.DS_Store
.vscode/
.authn-jwt-gitlab
.authn-jwt-gitlab
VERSION
bin/authn-jwt-gitlab
2 changes: 2 additions & 0 deletions CHANGELOG.md
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,8 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).

## [Unreleased]
## [1.0.2] - 2023-08-29
- Add automated release support

## [1.0.0] - 2023-05-31
- Gitlab plugin to support integration with Conjur.
6 changes: 4 additions & 2 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,8 +33,10 @@ RUN apk add --no-cache ca-certificates && \

CMD ["/authn-jwt-gitlab"]

FROM redhat/ubi8:8.8 as ubi
FROM redhat/ubi8 as ubi

RUN yum upgrade -y dnf-plugin-subscription-manager platform-python python3-cloud-what python3-subscription-manager-rhsm python3-syspurpose subscription-manager-rhsm-certificates subscription-manager

COPY --from=builder /go/bin/authn-jwt-gitlab /authn-jwt-gitlab

CMD ["/authn-jwt-gitlab"]
CMD ["/authn-jwt-gitlab"]
201 changes: 106 additions & 95 deletions Jenkinsfile
View file
Original file line number Diff line number Diff line change
@@ -1,12 +1,30 @@
#!/usr/bin/env groovy

// This is a template Jenkinsfile for builds and the automated release project

// Automated release, promotion and dependencies
properties([
// Include the automated release parameters for the build
release.addParams(),
// Dependencies of the project that should trigger builds
dependencies([])
])

// Performs release promotion. No other stages will be run
if (params.MODE == "PROMOTE") {
release.promote(params.VERSION_TO_PROMOTE) { sourceVersion, targetVersion, assetDirectory ->
// Any assets from sourceVersion Github release are available in assetDirectory
// Any version number updates from sourceVersion to targetVersion occur here
// Any publishing of targetVersion artifacts occur here
// Anything added to assetDirectory will be attached to the Github Release
sh """docker pull registry.tld/authn-jwt-gitlab:ubuntu-${sourceVersion}
docker pull registry.tld/authn-jwt-gitlab:alpine-${sourceVersion}
docker pull registry.tld/authn-jwt-gitlab:ubi-${sourceVersion}
docker tag registry.tld/authn-jwt-gitlab:ubuntu-${sourceVersion} authn-jwt-gitlab:ubuntu-${targetVersion}
docker tag registry.tld/authn-jwt-gitlab:alpine-${sourceVersion} authn-jwt-gitlab:alpine-${targetVersion}
docker tag registry.tld/authn-jwt-gitlab:ubi-${sourceVersion} authn-jwt-gitlab:ubi-${targetVersion}
"""
sh "./publish-images --promote --version=${targetVersion}"
}
return
}
Expand All @@ -19,130 +37,123 @@ pipeline {
buildDiscarder(logRotator(numToKeepStr: '30'))
}

triggers {
cron(getDailyCronString())
}

environment {
// Sets the MODE to the specified or autocalculated value as appropriate
MODE = release.canonicalizeMode()
}

stages {
// Aborts any builds triggered by another project that wouldn't include any changes
stage ("Skip build if triggering job didn't create a release") {
when {
expression {
MODE == "SKIP"
}
}
steps {
script {
currentBuild.result = 'ABORTED'
error("Aborting build because this build was triggered from upstream, but no release was built")
}
}
}
// Generates a VERSION file based on the current build number and latest version in CHANGELOG.md
// stage('Validate Changelog and set version') {
// steps {
// updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
// }
// }
stage('Validate Changelog and set version') {
steps {
updateVersion("CHANGELOG.md", "${BUILD_NUMBER}")
}
}

stage('Get latest upstream dependencies') {
steps {
updateGoDependencies("${WORKSPACE}/go.mod")
}
}

stage('Build while unit testit testing') {
parallel {
stage('Golang 1.19') {
steps {
sh './bin/test.sh'
}
}
stage('Unit Tests') {
environment {
GO_VERSION = "1.19"
}
steps {
sh './bin/test.sh'
}
}

stage('Build release artifacts') {
steps {
stage('Build Images') {
steps {
sh "./bin/build_container_images"
}
}

stage('Scan Images') {
environment {
TAG = sh(returnStdout: true, script: "./bin/version_with_commit.sh")
}
parallel {
stage("Scan Ubuntu Docker Image for fixable issues") {
steps {
scanAndReport("authn-jwt-gitlab:ubuntu-${env.TAG}", "HIGH", false)
}
}
stage("Scan Ubuntu Docker image for total issues") {
steps {
scanAndReport("authn-jwt-gitlab:ubuntu-${env.TAG}", "NONE", true)
}
}
stage("Scan UBI Docker Image for fixable issues") {
steps {
scanAndReport("authn-jwt-gitlab:ubi-${env.TAG}", "HIGH", false)
}
}
stage("Scan UBI Docker image for total issues") {
steps {
scanAndReport("authn-jwt-gitlab:ubi-${env.TAG}", "NONE", true)
}
}
stage("Scan Alpine Docker Image for fixable issues") {
steps {
scanAndReport("authn-jwt-gitlab:alpine-${env.TAG}", "HIGH", false)
}
}
stage("Scan Alpine Docker image for total issues") {
steps {
scanAndReport("authn-jwt-gitlab:alpine-${env.TAG}", "NONE", true)
}
}
}
}

// Push images to internal registry with associated commit hash
stage('Push images to internal registry') {
steps {
// Push images to the internal registry so that they can be used
// by tests, even if the tests run on a different executor.
sh './bin/publish-images internal'
sh './bin/publish-images --internal'
}
}
stage('Scan Docker Image') {
parallel {
stage("Scan Ubuntu Docker Image for fixable issues") {
steps {
scanAndReport(containerImageWithTag_ubuntu(), "HIGH", false)
}
}
stage("Scan Ubuntu Docker image for total issues") {
steps {
scanAndReport(containerImageWithTag_ubuntu(), "NONE", true)
}
}

stage("Scan UBI Docker Image for fixable issues") {
steps {
scanAndReport(containerImageWithTag_ubi(), "HIGH", false)
}
}
stage("Scan UBI Docker image for total issues") {
steps {
scanAndReport(containerImageWithTag_ubi(), "NONE", true)
}
}
stage('Release') {
when {
expression {
MODE == "RELEASE"
}
}

stage("Scan Alpine Docker Image for fixable issues") {
steps {
scanAndReport(containerImageWithTag_apline(), "HIGH", false)
}
}
stage("Scan Alpine Docker image for total issues") {
steps {
scanAndReport(containerImageWithTag_apline(), "NONE", true)
}
}
steps {
release { billOfMaterialsDirectory, assetDirectory ->
// Publish release artifacts to all the appropriate locations
// Copy any artifacts to assetDirectory to attach them to the Github release
sh './bin/publish-images --edge'
}
}
}

}

post {
always {
cleanupAndNotify(currentBuild.currentResult)
}
}
}


def containerImageWithTag_ubuntu() {
sh(
returnStdout: true,
script: 'source ./bin/build_utils && echo "authn-jwt-gitlab:$(project_version_with_commit_alpine)"'
)
}

def containerImageWithTag_ubi() {
sh(
returnStdout: true,
script: 'source ./bin/build_utils && echo "authn-jwt-gitlab:$(project_version_with_commit_ubuntu)"'
)
}

def containerImageWithTag_apline() {
sh(
returnStdout: true,
script: 'source ./bin/build_utils && echo "authn-jwt-gitlab:$(project_version_with_commit_ubi)"'
)
}

def containerImageWithTag() {
var1 = $1
sh 'echo Cyberark testing ${var1}'
sh(
returnStdout: true,
script: 'source ./bin/build_utils && echo "authn-jwt-gitlab:${var1}$(project_version_with_commit)"'
)
}

def tagWithSHA() {
sh(
returnStdout: true,
script: 'echo $(git rev-parse --short=8 HEAD)'
)
}

def versioning() {
sh(
returnStdout: true,
script: 'echo 1.0.0'
)
}
Loading

0 comments on commit dc7ad52

Please sign in to comment.