docker-nexus3/Jenkinsfile-Release at main · sonatype/docker-nexus3 · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
/*
 * Copyright (c) 2016-present Sonatype, Inc. All rights reserved.
 * Includes the third-party code listed at http://links.sonatype.com/products/nexus/attributions.
 * "Sonatype" is a trademark of Sonatype, Inc.
 */
@Library(['private-pipeline-library', 'jenkins-shared']) _
import com.sonatype.jenkins.pipeline.GitHub
import com.sonatype.jenkins.pipeline.OsTools
import com.sonatype.jenkins.shared.Expectation

properties([
  parameters([
    string(defaultValue: '', description: 'New Nexus Repository Manager Version', name: 'nexus_repository_manager_version'),
    string(defaultValue: '', description: 'New Nexus Repository Manager Version Sha256', name: 'nexus_repository_manager_version_sha'),
    booleanParam(defaultValue: false, description: 'Update the latest tag', name: 'update_latest')
  ])
])

node('ubuntu-zion') {
  def version
  def organization = 'sonatype',
      credentialsId = 'jenkins-github',
      dockerHubRepository = 'nexus3'
  GitHub gitHub

  try {
    stage('Preparation') {
      deleteDir()
      OsTools.runSafe(this, "docker system prune -a -f")
      def checkoutDetails = checkout scm

      version = getShortVersion(params.nexus_repository_manager_version)
    }

    stage('Build, Tag, and Push Images to dockerhub') {
      def dockerfilePath = 'Dockerfile.java21'
      def baseImage = extractBaseImage(dockerfilePath)
      def baseImageRefFactory = load 'scripts/BaseImageReference.groovy'
      def baseImageReference = baseImageRefFactory.build(this, baseImage as String)
      def baseImageReferenceStr = baseImageReference.getReference()
      withCredentials([[$class: 'UsernamePasswordMultiBinding',
                                credentialsId: 'docker-hub-credentials',
                                usernameVariable: 'DOCKERHUB_API_USERNAME',
                                passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {
        OsTools.runSafe(this, "docker buildx create --driver-opt=\"image=moby/buildkit\" --use")
        OsTools.runSafe(this, """
            docker login --username ${env.DOCKERHUB_API_USERNAME} --password ${env.DOCKERHUB_API_PASSWORD}
         """)

        def buildUbiImage = """
            docker buildx build \
              --platform linux/amd64,linux/arm64 \
              --label base-image-ref='${baseImageReferenceStr}' \
              --push \
              --no-cache \
              --tag ${organization}/${dockerHubRepository}:${version} \
              --tag ${organization}/${dockerHubRepository}:${version}-ubi \
              """
        if(params.update_latest) {
          buildUbiImage += "--tag ${organization}/${dockerHubRepository}:latest "
        }
        buildUbiImage += "-f ${dockerfilePath} ."
        def hash = OsTools.runSafe(this, buildUbiImage)

        // Build Alpine Image
        def alpineDockerfilePath = 'Dockerfile.alpine.java21'
        def alpineHash = OsTools.runSafe(this, """
        docker buildx build \
          --platform linux/amd64,linux/arm64 \
          --push \
          --no-cache \
          --tag ${organization}/${dockerHubRepository}:${version}-alpine \
          -f ${alpineDockerfilePath} .""")
      }
    }

    if (currentBuild.result == 'FAILURE') {
          return
    }

    if (params.update_latest) {
      stage('Push README changes to dockerhub') {
        def dockerhubApiToken

        withCredentials([[$class: 'UsernamePasswordMultiBinding',
                          credentialsId: 'docker-hub-credentials',
                          usernameVariable: 'DOCKERHUB_API_USERNAME',
                          passwordVariable: 'DOCKERHUB_API_PASSWORD']]) {

          response = OsTools.runSafe(this, """
            curl -X POST https://hub.docker.com/v2/users/login/ \
              -H 'cache-control: no-cache' -H 'content-type: application/json' \
              -d '{ "username": "${env.DOCKERHUB_API_USERNAME}", "password": "${env.DOCKERHUB_API_PASSWORD}" }'
          """)
          token = readJSON text: response
          dockerhubApiToken = token.token

          def readme = readFile file: 'README.md', encoding: 'UTF-8'
          readme = readme.replaceAll("(?s)<!--.*?-->", "")
          readme = readme.replace("\"", "\\\"")
          readme = readme.replace("\n", "\\n")
          response = httpRequest customHeaders: [[name: 'authorization', value: "JWT ${dockerhubApiToken}"]],
              acceptType: 'APPLICATION_JSON', contentType: 'APPLICATION_JSON', httpMode: 'PATCH',
              requestBody: "{ \"full_description\": \"${readme}\" }",
              url: "https://hub.docker.com/v2/repositories/${organization}/${dockerHubRepository}/"
        }
      }

    }

  } finally {
    OsTools.runSafe(this, "docker logout")
    OsTools.runSafe(this, "docker system prune -a -f")
    OsTools.runSafe(this, 'git clean -f && git reset --hard origin/main')
  }
}

def getShortVersion(version) {
  return version.split('-')[0]
}

def extractBaseImage (dockerFileLocation) {
  def dockerFile = readFile(file: dockerFileLocation)
  def baseImageRegex = "FROM\\s+([^\\s]+)"
  def usedImages = dockerFile =~ baseImageRegex

  return usedImages[0][1]
}