Skip to content

Commit 100f766

Browse files
sxasxa
authored
Add support for the GHCR build image pushes currently running from sxa's fork (#4137)
* Initial commit of ghcr build image test Signed-off-by: Stewart X Addison <[email protected]> --------- Signed-off-by: Stewart X Addison <[email protected]> Signed-off-by: Stewart X Addison <[email protected]> Co-authored-by: Stewart X Addison <[email protected]>
1 parent 571e142 commit 100f766

File tree

1 file changed

+167
-0
lines changed

1 file changed

+167
-0
lines changed

ansible/docker/Jenkinsfile

Lines changed: 167 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,167 @@
1+
pipeline {
2+
agent none
3+
stages {
4+
stage('Docker Build') {
5+
parallel {
6+
stage('CentOS6 x64') {
7+
agent {
8+
label "dockerBuild&&linux&&x64"
9+
}
10+
steps {
11+
dockerBuild('amd64', 'centos6', 'Dockerfile.CentOS6')
12+
}
13+
}
14+
stage('CentOS7 x64') {
15+
agent {
16+
label "dockerBuild&&linux&&x64"
17+
}
18+
steps {
19+
dockerBuild('amd64', 'centos7', 'Dockerfile.CentOS7')
20+
}
21+
}
22+
stage('CentOS7 aarch64') {
23+
agent {
24+
label "dockerBuild&&linux&&aarch64"
25+
}
26+
steps {
27+
dockerBuild('arm64', 'centos7', 'Dockerfile.CentOS7')
28+
}
29+
}
30+
stage('CentOS7 ppc64le') {
31+
agent {
32+
label "dockerBuild&&linux&&ppc64le"
33+
}
34+
steps {
35+
dockerBuild('ppc64le', 'centos7', 'Dockerfile.CentOS7')
36+
}
37+
}
38+
stage('Ubuntu16.04 armv7l') {
39+
agent {
40+
label "docker&&linux&&armv7l"
41+
}
42+
steps {
43+
dockerBuild('armv7l', 'ubuntu1604', 'Dockerfile.Ubuntu1604')
44+
}
45+
}
46+
stage('Ubuntu20.04 riscv64') {
47+
agent {
48+
label "docker&&linux&&riscv64"
49+
}
50+
steps {
51+
dockerBuild('riscv64', 'ubuntu2004', 'Dockerfile.Ubuntu2004-riscv64')
52+
}
53+
}
54+
stage('Alpine3 x64') {
55+
agent {
56+
label "dockerBuild&&linux&&x64"
57+
}
58+
steps {
59+
dockerBuild('amd64', 'alpine3', 'Dockerfile.Alpine3')
60+
}
61+
}
62+
stage('Alpine3 aarch64') {
63+
agent {
64+
label "dockerBuild&&linux&&aarch64"
65+
}
66+
steps {
67+
dockerBuild('arm64', 'alpine3', 'Dockerfile.Alpine3')
68+
}
69+
}
70+
}
71+
}
72+
stage('Docker Manifest') {
73+
agent {
74+
label "dockerBuild&&linux&&x64"
75+
}
76+
environment {
77+
DOCKER_CLI_EXPERIMENTAL = "enabled"
78+
}
79+
steps {
80+
dockerManifest()
81+
}
82+
}
83+
stage('cosign') {
84+
agent {
85+
label "cosign"
86+
}
87+
environment {
88+
DOCKER_CLI_EXPERIMENTAL = "enabled"
89+
}
90+
steps {
91+
sh "rm -vf *.sha256"
92+
copyArtifacts( projectName: '${JOB_NAME}', selector: specific("${BUILD_ID}"), flatten: true )
93+
sh "ls -ld *.sha256"
94+
cosign()
95+
}
96+
}
97+
}
98+
}
99+
100+
def dockerBuild(architecture, distro, dockerfile) {
101+
sh "rm -vf *.sha256"
102+
git poll: false, url: 'https://github.com/adoptium/infrastructure.git'
103+
def git_sha = "${env.GIT_COMMIT.trim()}"
104+
dockerImage = docker.build("ghcr.io/adoptium/adoptium_build_image:${distro}_linux-$architecture",
105+
"--build-arg git_sha=$git_sha -f ansible/docker/$dockerfile .")
106+
// dockerhub is the ID of the credentials stored in Jenkins
107+
docker.withRegistry('https://ghcr.io', 'ghcr-adoptium') {
108+
dockerImage.push()
109+
sh "docker inspect --format='{{index .RepoDigests 0}}' ghcr.io/adoptium/adoptium_build_image:${distro}_linux-${architecture} > ${distro}_linux-${architecture}.sha256"
110+
archiveArtifacts artifacts: '*linux*.sha256', fingerprint: true
111+
}
112+
}
113+
114+
def dockerManifest() {
115+
// dockerhub is the ID of the credentials stored in Jenkins
116+
docker.withRegistry('https://ghcr.io', 'ghcr-adoptium') {
117+
git poll: false, url: 'https://github.com/sxa/infrastructure.git'
118+
sh '''
119+
# Centos6
120+
export TARGET="ghcr.io/adoptium/adoptium_build_image:centos6"
121+
AMD64=${TARGET}_linux-amd64
122+
docker manifest create $TARGET $AMD64
123+
docker manifest annotate $TARGET $AMD64 --arch amd64 --os linux
124+
docker manifest push $TARGET
125+
# Centos7
126+
export TARGET="ghcr.io/adoptium/adoptium_build_image:centos7"
127+
AMD64=${TARGET}_linux-amd64
128+
ARM64=${TARGET}_linux-arm64
129+
PPC64LE=${TARGET}_linux-ppc64le
130+
docker manifest create $TARGET $AMD64 $ARM64 $PPC64LE
131+
docker manifest annotate $TARGET $AMD64 --arch amd64 --os linux
132+
docker manifest annotate $TARGET $ARM64 --arch arm64 --os linux
133+
docker manifest annotate $TARGET $PPC64LE --arch ppc64le --os linux
134+
docker manifest push $TARGET
135+
# Ubuntu1604
136+
export TARGET="ghcr.io/adoptium/adoptium_build_image:ubuntu1604"
137+
ARMV7L=${TARGET}_linux-armv7l
138+
docker manifest create $TARGET $ARMV7L
139+
docker manifest annotate $TARGET $ARMV7L --arch arm --os linux
140+
docker manifest push $TARGET
141+
# Alpine3
142+
export TARGET="ghcr.io/adoptium/adoptium_build_image:alpine3"
143+
AMD64=${TARGET}_linux-amd64
144+
ARM64=${TARGET}_linux-arm64
145+
docker manifest create $TARGET $AMD64 $ARM64
146+
docker manifest annotate $TARGET $AMD64 --arch amd64 --os linux
147+
docker manifest annotate $TARGET $ARM64 --arch arm64 --os linux
148+
docker manifest push $TARGET
149+
'''
150+
}
151+
}
152+
def cosign() {
153+
// dockerhub is the ID of the credentials stored in Jenkins
154+
docker.withRegistry('https://ghcr.io', 'ghcr-adoptium') {
155+
git poll: false, url: 'https://github.com/sxa/infrastructure.git'
156+
sh '''
157+
curl -sSL -X POST --url https://auth.eclipse.org/auth/realms/sigstore/protocol/openid-connect/token --header "Content-Type: application/x-www-form-urlencoded" --data @/home/jenkins/idp.txt | jq -r ".access_token" | head -c -1 > token.txt
158+
for IMAGE_SHA in *.sha256; do
159+
IMAGE="$(cat $IMAGE_SHA)"
160+
echo "Running cosign against image $IMAGE"
161+
cosign sign "$IMAGE" --oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore --identity-token=token.txt -y
162+
cosign verify "${IMAGE}" --certificate-oidc-issuer=https://auth.eclipse.org/auth/realms/sigstore [email protected]
163+
done
164+
rm -vf token.txt
165+
'''
166+
}
167+
}

0 commit comments

Comments
 (0)