Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Uses assemblies in docker images and enables arm64+amd64 platforms #163

Merged
merged 3 commits into from
Nov 25, 2024
+248 −99
Merged

Uses assemblies in docker images and enables arm64+amd64 platforms #163

Show file tree
Hide file tree
Changes from 2 commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
dfa47e9
Uses assemblies in docker images and enables arm64+amd64 platforms
mattjohnson Nov 18, 2024
d2169e9
Install notary
mattjohnson Nov 21, 2024
4a6e9a1
Make script more portable.
mattjohnson Nov 22, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
77 changes: 51 additions & 26 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -15,12 +15,46 @@
#

# hadolint ignore=DL3026
FROM registry.access.redhat.com/ubi9/openjdk-17:1.20-2

FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 AS builder
ARG TEMP="/tmp/work"
# Build parameters
ARG IQ_SERVER_VERSION=1.184.0-01
ARG IQ_SERVER_SHA256=92698a3b49378bd387b1bcff1ac64e1340c1f241a3eb918b5794a562185a68bd
ARG TEMP="/tmp/work"
ARG IQ_SERVER_SHA256_AARCH=8587685d51fa65a1c65a5341579bad8d5f21b2eb074b105d50c83703d37747a3
ARG IQ_SERVER_SHA256_X86_64=7f48a5637e4071cb5e6ebbb692d2bc693f8b6e8919c5577eee12e7043f8244ca
ARG SONATYPE_WORK="/sonatype-work"

# hadolint ignore=DL3041,DL3040
RUN mkdir -p ${TEMP} && \
microdnf update -y && \
microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y procps gzip unzip tar shadow-utils findutils util-linux less rsync git which crypto-policies crypto-policies-scripts

# Copy config.yml and set sonatypeWork to the correct value
COPY config.yml ${TEMP}

# hadolint ignore=DL4006,SC3060
RUN cat ${TEMP}/config.yml | sed -r "s/\s*sonatypeWork\s*:\s*\"?[-0-9a-zA-Z_/\\]+\"?/sonatypeWork: ${SONATYPE_WORK//\//\\/}/" > ${TEMP}/config-edited.yml

# Download the server bundle, verify its checksum, and extract the server jar to the install directory
WORKDIR ${TEMP}
# hadolint ignore=SC3010
RUN if [[ "$(uname -m)" == "x86_64" ]]; then \
echo "${IQ_SERVER_SHA256_X86_64} nexus-iq-server.tar.gz" > nexus-iq-server.tar.gz.sha256; \
curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-linux-x86_64.tgz --output nexus-iq-server.tar.gz; \
elif [[ "$(uname -m)" == "aarch64" ]]; then \
echo "${IQ_SERVER_SHA256_AARCH} nexus-iq-server.tar.gz" > nexus-iq-server.tar.gz.sha256; \
curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-linux-aarch_64.tgz --output nexus-iq-server.tar.gz; \
else \
echo "Unsupported architecture: $ARCH" && exit 1; \
fi

RUN sha256sum -c nexus-iq-server.tar.gz.sha256 \
&& tar -xvf nexus-iq-server.tar.gz \
&& mv nexus-iq-server-${IQ_SERVER_VERSION}-linux-* nexus-iq-server

# hadolint ignore=DL3026
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5

ARG IQ_SERVER_VERSION=1.184.0-01
ARG IQ_HOME="/opt/sonatype/nexus-iq-server"
ARG SONATYPE_WORK="/sonatype-work"
ARG CONFIG_HOME="/etc/nexus-iq-server"
Expand Down Expand Up @@ -54,45 +88,36 @@ USER root
# For testing
# hadolint ignore=DL3041
RUN microdnf update -y \
&& microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y procps gzip unzip tar shadow-utils findutils util-linux less rsync git which \
&& microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y procps gzip unzip tar shadow-utils findutils util-linux less rsync git which crypto-policies crypto-policies-scripts \
&& microdnf clean all

# Create folders & set permissions
RUN mkdir -p ${TEMP} \
&& mkdir -p ${IQ_HOME} \
RUN mkdir -p ${IQ_HOME} \
&& mkdir -p ${SONATYPE_WORK} \
&& mkdir -p ${CONFIG_HOME} \
&& mkdir -p ${LOGS_HOME} \
&& chmod 0755 ${TEMP} \
&& chmod 0755 "/opt/sonatype" ${IQ_HOME} \
&& chmod 0755 ${CONFIG_HOME} \
&& chmod 0755 ${LOGS_HOME}

# Copy config.yml and set sonatypeWork to the correct value
COPY config.yml ${TEMP}
# hadolint ignore=DL4006,SC3060
RUN cat ${TEMP}/config.yml | sed -r "s/\s*sonatypeWork\s*:\s*\"?[-0-9a-zA-Z_/\\]+\"?/sonatypeWork: ${SONATYPE_WORK//\//\\/}/" > ${CONFIG_HOME}/config.yml \
&& chmod 0644 ${CONFIG_HOME}/config.yml
# Copy config.yml
COPY --from=builder /tmp/work/config-edited.yml ${CONFIG_HOME}/config.yml
RUN chmod 0644 ${CONFIG_HOME}/config.yml

# Copy server assemblies
COPY --from=builder /tmp/work/nexus-iq-server ${IQ_HOME}

# Create start script
RUN echo "trap 'kill -TERM \`cut -f1 -d@ ${SONATYPE_WORK}/lock\`; timeout ${TIMEOUT} tail --pid=\`cut -f1 -d@ ${SONATYPE_WORK}/lock\` -f /dev/null' SIGTERM" > ${IQ_HOME}/start.sh \
&& echo "/usr/bin/java \${JAVA_OPTS} -jar nexus-iq-server-${IQ_SERVER_VERSION}.jar server ${CONFIG_HOME}/config.yml 2> ${LOGS_HOME}/stderr.log & " >> ${IQ_HOME}/start.sh \
&& echo "/opt/sonatype/nexus-iq-server/bin/nexus-iq-server server ${CONFIG_HOME}/config.yml 2> ${LOGS_HOME}/stderr.log & " >> ${IQ_HOME}/start.sh \
&& echo "wait" >> ${IQ_HOME}/start.sh \
&& chmod 0755 ${IQ_HOME}/start.sh

# Download the server bundle, verify its checksum, and extract the server jar to the install directory
WORKDIR ${TEMP}
RUN curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz --output nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz \
&& echo "${IQ_SERVER_SHA256} nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz" > nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz.sha256 \
&& sha256sum -c nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz.sha256 \
&& tar -xvf nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz \
&& mv nexus-iq-server-${IQ_SERVER_VERSION}.jar ${IQ_HOME}
WORKDIR ${IQ_HOME}
RUN rm -rf ${TEMP} \
WORKDIR ${IQ_HOME}

# Add group and user
&& groupadd -g ${GID} nexus \
RUN groupadd -g ${GID} nexus \
&& adduser -u ${UID} -d ${IQ_HOME} -c "Nexus IQ user" -g nexus -s /bin/false nexus \
\
# Change owner to nexus user
&& chown -R nexus:nexus ${IQ_HOME} \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
Expand All @@ -116,7 +141,7 @@ HEALTHCHECK CMD curl --fail --silent --show-error http://localhost:8071/healthch
# Change to nexus user
USER nexus

ENV JAVA_OPTS="--add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/sun.security.rsa=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED --add-opens=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xerces.internal.jaxp.datatype=ALL-UNNAMED -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs"
ENV JAVA_OPTS=" -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs "
ENV SONATYPE_INTERNAL_HOST_SYSTEM=Docker

WORKDIR ${IQ_HOME}
Expand Down
78 changes: 52 additions & 26 deletions Dockerfile.slim
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,14 +11,49 @@
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#

# hadolint ignore=DL3026
FROM registry.access.redhat.com/ubi9/openjdk-17:1.20-2

FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5 AS builder
ARG TEMP="/tmp/work"
# Build parameters
ARG IQ_SERVER_VERSION=1.184.0-01
ARG IQ_SERVER_SHA256=92698a3b49378bd387b1bcff1ac64e1340c1f241a3eb918b5794a562185a68bd
ARG TEMP="/tmp/work"
ARG IQ_SERVER_SHA256_AARCH=8587685d51fa65a1c65a5341579bad8d5f21b2eb074b105d50c83703d37747a3
ARG IQ_SERVER_SHA256_X86_64=7f48a5637e4071cb5e6ebbb692d2bc693f8b6e8919c5577eee12e7043f8244ca
ARG SONATYPE_WORK="/sonatype-work"

# hadolint ignore=DL3041,DL3040
RUN mkdir -p ${TEMP} && \
microdnf update -y && \
microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y procps gzip unzip tar shadow-utils findutils util-linux less rsync git which crypto-policies crypto-policies-scripts

# Copy config.yml and set sonatypeWork to the correct value
COPY config.yml ${TEMP}

# hadolint ignore=DL4006,SC3060
RUN cat ${TEMP}/config.yml | sed -r "s/\s*sonatypeWork\s*:\s*\"?[-0-9a-zA-Z_/\\]+\"?/sonatypeWork: ${SONATYPE_WORK//\//\\/}/" > ${TEMP}/config-edited.yml

# Download the server bundle, verify its checksum, and extract the server jar to the install directory
WORKDIR ${TEMP}
# hadolint ignore=SC3010
RUN if [[ "$(uname -m)" == "x86_64" ]]; then \
echo "${IQ_SERVER_SHA256_X86_64} nexus-iq-server.tar.gz" > nexus-iq-server.tar.gz.sha256; \
curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-linux-x86_64.tgz --output nexus-iq-server.tar.gz; \
elif [[ "$(uname -m)" == "aarch64" ]]; then \
echo "${IQ_SERVER_SHA256_AARCH} nexus-iq-server.tar.gz" > nexus-iq-server.tar.gz.sha256; \
curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-linux-aarch_64.tgz --output nexus-iq-server.tar.gz; \
else \
echo "Unsupported architecture: $ARCH" && exit 1; \
fi

RUN sha256sum -c nexus-iq-server.tar.gz.sha256 \
&& tar -xvf nexus-iq-server.tar.gz \
&& mv nexus-iq-server-${IQ_SERVER_VERSION}-linux-* nexus-iq-server

# hadolint ignore=DL3026
FROM registry.access.redhat.com/ubi9/ubi-minimal:9.5

ARG IQ_SERVER_VERSION=1.184.0-01
ARG IQ_HOME="/opt/sonatype/nexus-iq-server"
ARG SONATYPE_WORK="/sonatype-work"
ARG CONFIG_HOME="/etc/nexus-iq-server"
Expand Down Expand Up @@ -52,45 +87,36 @@ USER root
# For testing
# hadolint ignore=DL3041
RUN microdnf update -y \
&& microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y procps gzip unzip tar shadow-utils findutils util-linux less rsync which\
&& microdnf --setopt=install_weak_deps=0 --setopt=tsflags=nodocs install -y procps gzip unzip tar shadow-utils findutils util-linux less rsync which crypto-policies crypto-policies-scripts \
&& microdnf clean all

# Create folders & set permissions
RUN mkdir -p ${TEMP} \
&& mkdir -p ${IQ_HOME} \
RUN mkdir -p ${IQ_HOME} \
&& mkdir -p ${SONATYPE_WORK} \
&& mkdir -p ${CONFIG_HOME} \
&& mkdir -p ${LOGS_HOME} \
&& chmod 0755 ${TEMP} \
&& chmod 0755 "/opt/sonatype" ${IQ_HOME} \
&& chmod 0755 ${CONFIG_HOME} \
&& chmod 0755 ${LOGS_HOME}

# Copy config.yml and set sonatypeWork to the correct value
COPY config.yml ${TEMP}
# hadolint ignore=DL4006,SC3060
RUN cat ${TEMP}/config.yml | sed -r "s/\s*sonatypeWork\s*:\s*\"?[-0-9a-zA-Z_/\\]+\"?/sonatypeWork: ${SONATYPE_WORK//\//\\/}/" > ${CONFIG_HOME}/config.yml \
&& chmod 0644 ${CONFIG_HOME}/config.yml
# Copy config.yml
COPY --from=builder /tmp/work/config-edited.yml ${CONFIG_HOME}/config.yml
RUN chmod 0644 ${CONFIG_HOME}/config.yml

# Copy server assemblies
COPY --from=builder /tmp/work/nexus-iq-server ${IQ_HOME}

# Create start script
RUN echo "trap 'kill -TERM \`cut -f1 -d@ ${SONATYPE_WORK}/lock\`; timeout ${TIMEOUT} tail --pid=\`cut -f1 -d@ ${SONATYPE_WORK}/lock\` -f /dev/null' SIGTERM" > ${IQ_HOME}/start.sh \
&& echo "/usr/bin/java \${JAVA_OPTS} -jar nexus-iq-server-${IQ_SERVER_VERSION}.jar server ${CONFIG_HOME}/config.yml 2> ${LOGS_HOME}/stderr.log & " >> ${IQ_HOME}/start.sh \
&& echo "/opt/sonatype/nexus-iq-server/bin/nexus-iq-server server ${CONFIG_HOME}/config.yml 2> ${LOGS_HOME}/stderr.log & " >> ${IQ_HOME}/start.sh \
&& echo "wait" >> ${IQ_HOME}/start.sh \
&& chmod 0755 ${IQ_HOME}/start.sh

# Download the server bundle, verify its checksum, and extract the server jar to the install directory
WORKDIR ${TEMP}
RUN curl -L https://download.sonatype.com/clm/server/nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz --output nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz \
&& echo "${IQ_SERVER_SHA256} nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz" > nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz.sha256 \
&& sha256sum -c nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz.sha256 \
&& tar -xvf nexus-iq-server-${IQ_SERVER_VERSION}-bundle.tar.gz \
&& mv nexus-iq-server-${IQ_SERVER_VERSION}.jar ${IQ_HOME}
WORKDIR ${IQ_HOME}
RUN rm -rf ${TEMP} \
WORKDIR ${IQ_HOME}

# Add group and user
&& groupadd -g ${GID} nexus \
RUN groupadd -g ${GID} nexus \
&& adduser -u ${UID} -d ${IQ_HOME} -c "Nexus IQ user" -g nexus -s /bin/false nexus \
\
# Change owner to nexus user
&& chown -R nexus:nexus ${IQ_HOME} \
&& chown -R nexus:nexus ${SONATYPE_WORK} \
Expand All @@ -114,7 +140,7 @@ HEALTHCHECK CMD curl --fail --silent --show-error http://localhost:8071/healthch
# Change to nexus user
USER nexus

ENV JAVA_OPTS="--add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.util=ALL-UNNAMED --add-opens=java.base/java.security=ALL-UNNAMED --add-opens=java.base/sun.security.rsa=ALL-UNNAMED --add-opens=java.base/sun.security.x509=ALL-UNNAMED --add-opens=java.base/sun.security.util=ALL-UNNAMED --add-opens=java.xml/com.sun.org.apache.xerces.internal.jaxp.datatype=ALL-UNNAMED -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs"
ENV JAVA_OPTS=" -Djava.util.prefs.userRoot=${SONATYPE_WORK}/javaprefs "
ENV SONATYPE_INTERNAL_HOST_SYSTEM=Docker

WORKDIR ${IQ_HOME}
Expand Down
11 changes: 11 additions & 0 deletions Jenkinsfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,12 @@ void configureBranchJob() {
}

String deployBranch = 'main'
String imageName = 'sonatype/nexus-iq-server'

configureBranchJob()
dockerizedBuildPipeline(
deployBranch: deployBranch,
deployCondition: { return true }, // always run the deploy stage
prepare: {
githubStatusUpdate('pending')
},
Expand All @@ -43,6 +45,14 @@ dockerizedBuildPipeline(
def expectations = load 'expectations.groovy'
validateExpectations(expectations.containerExpectations())
},
deploy: {
// Hijacking deploy step to run the docker buildx build to make sure it is working
withSonatypeDockerRegistry() {
sh "docker buildx create --driver-opt=\"image=${sonatypeDockerRegistryId()}/moby/buildkit\" --use"
sh "docker buildx build --platform linux/amd64,linux/arm64 " +
"--tag ${sonatypeDockerRegistryId()}/${imageName}:${env.BUILD_NUMBER} ."
}
},
vulnerabilityScan: {
def theStage = env.BRANCH_NAME == deployBranch ? 'build' : 'develop'
nexusPolicyEvaluation(
Expand All @@ -61,3 +71,4 @@ dockerizedBuildPipeline(
}
}
)

41 changes: 19 additions & 22 deletions Jenkinsfile.release
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,15 +29,17 @@ properties([

String imageName = 'sonatype/nexus-iq-server'
String version = ''
String checksum = ''
String checksumX86_64 = ''
String checksumAarch = ''

dockerizedBuildPipeline(
deployBranch: 'main',
prepare: {
githubStatusUpdate('pending')
version = getVersionFromBuildName(env.releaseBuild_NAME)
checksum = readBuildArtifact('insight/insight-brain/release', env.releaseBuild_NUMBER, "artifacts/nexus-iq-server-${version}-bundle.tar.gz.sha256").trim()
updateIQServerVersionAndChecksum(version, checksum)
checksumX86_64 = readBuildArtifact('insight/insight-brain/release', env.releaseBuild_NUMBER, "artifacts/nexus-iq-server-${version}-linux-x86_64.tgz.sha256").trim()
checksumAarch = readBuildArtifact('insight/insight-brain/release', env.releaseBuild_NUMBER, "artifacts/nexus-iq-server-${version}-linux-aarch_64.tgz.sha256").trim()
updateIQServerVersionAndChecksum(version, checksumX86_64, checksumAarch)
commitAndPushChanges(version)
},
setVersion: {
Expand All @@ -46,12 +48,6 @@ dockerizedBuildPipeline(
lint: {
hadolint(['./Dockerfile'])
},
postPrepareImage: {
dir('build') {
runSafely "docker save ${imageName} | gzip > docker-nexus-iq-server-${env.VERSION}.tar.gz"
}
},
archiveArtifacts: 'build/*.tar.gz',
buildAndTest: {
currentBuild.displayName = "#${currentBuild.id} ${imageName}-${env.VERSION}"
def expectations = load 'expectations.groovy'
Expand Down Expand Up @@ -81,15 +77,17 @@ dockerizedBuildPipeline(
}
)

void updateIQServerVersionAndChecksum(String version, String checksum) {
void updateIQServerVersionAndChecksum(String version, String checksumX86_64, String checksumAarch) {
def dockerFile = readFile(file: 'Dockerfile')
def metaShortVersionRegex = /(release=")(\d\.\d{1,3}\.\d)(" \\)/
def versionRegex = /(ARG IQ_SERVER_VERSION=)(\d\.\d{1,3}\.\d\-\d{2})/
def shaRegex = /(ARG IQ_SERVER_SHA256=)([A-Fa-f0-9]{64})/
def shaRegexX64_64 = /(ARG IQ_SERVER_SHA256_AARCH=)([A-Fa-f0-9]{64})/
def shaRegexAarch = /(ARG IQ_SERVER_SHA256_X86_64=)([A-Fa-f0-9]{64})/
dockerFile = dockerFile.replaceAll(metaShortVersionRegex,
"\$1${version.substring(0, version.indexOf('-'))}\$3")
dockerFile = dockerFile.replaceAll(versionRegex, "\$1${version}")
dockerFile = dockerFile.replaceAll(shaRegex, "\$1${checksum}")
dockerFile = dockerFile.replaceAll(shaRegexX64_64, "\$1${checksumX86_64}")
dockerFile = dockerFile.replaceAll(shaRegexAarch, "\$1${checksumAarch}")

writeFile(file: 'Dockerfile', text: dockerFile)
}
Expand Down Expand Up @@ -123,17 +121,16 @@ void pushImage(String imageName) {
docker trust key load $NEXUS_IQ_SERVER_REPOSITORY_KEY
docker trust key load $SONATYPE_KEY"""

// add signer - for this you need signers public key and repository keys password
withCredentials([string(credentialsId: 'nexus-iq-server_dct_reg_pw', variable: 'DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE')]) {
runSafely "docker trust signer add sonatype ${imageName} --key $SONATYPE_PUB"
}

runSafely "docker tag ${env.DOCKER_IMAGE_ID} ${imageName}:${env.VERSION}"
runSafely "docker tag ${env.DOCKER_IMAGE_ID} ${imageName}:latest"

withCredentials([string(credentialsId: 'sonatype-password', variable: 'DOCKER_CONTENT_TRUST_REPOSITORY_PASSPHRASE')]) {
runSafely "docker image push ${imageName}:${env.VERSION}"
runSafely "docker image push ${imageName}:latest"
sh """
curl -L https://go.dev/dl/go1.23.3.linux-amd64.tar.gz | tar -xzf -
export PATH=${env.PATH}:${env.WORKSPACE}/go/bin:${env.WORKSPACE}/bin
export GOPATH=${env.WORKSPACE}
go install -tags pkcs11 github.com/theupdateframework/notary/cmd/notary@latest
notary --help
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

notary --help - Is this line needed here?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Not strictly needed. I liked it because it helped me debug locally to know it was installed and setup correctly.

docker buildx create --use --driver-opt image=${sonatypeDockerRegistryId()}/moby/buildkit
./build_and_push_images.sh ${env.VERSION} latest
"""
}

String response = runSafely("""curl -X POST https://hub.docker.com/v2/users/login/ \
Expand Down
11 changes: 11 additions & 0 deletions Jenkinsfile.slim
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -29,10 +29,12 @@ void configureBranchJob() {
}

String deployBranch = 'main'
String imageName = 'sonatype/nexus-iq-server'

configureBranchJob()
dockerizedBuildPipeline(
deployBranch: deployBranch,
deployCondition: { return true }, // always run the deploy stage
prepare: {
githubStatusUpdate('pending')
},
Expand All @@ -44,6 +46,15 @@ dockerizedBuildPipeline(
def expectations = load 'expectations.groovy'
validateExpectations(expectations.containerExpectations())
},
deploy: {
// Hijacking deploy step to run the docker buildx build to make sure it is working
withSonatypeDockerRegistry() {
sh "docker buildx create --driver-opt=\"image=${sonatypeDockerRegistryId()}/moby/buildkit\" --use"
sh "docker buildx build --platform linux/amd64,linux/arm64 " +
" -f Dockerfile.slim " +
"--tag ${sonatypeDockerRegistryId()}/${imageName}:${env.BUILD_NUMBER} ."
}
},
vulnerabilityScan: {
def theStage = env.BRANCH_NAME == deployBranch ? 'build' : 'develop'
nexusPolicyEvaluation(
Expand Down
Loading