From 12023a8044a096f794a38d59ebc543c0390851c5 Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Fri, 27 Apr 2018 01:45:28 -0400 Subject: [PATCH 1/6] Initial Jenkinfile --- Jenkinsfile | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 77 insertions(+) create mode 100644 Jenkinsfile diff --git a/Jenkinsfile b/Jenkinsfile new file mode 100644 index 0000000..8bfd461 --- /dev/null +++ b/Jenkinsfile @@ -0,0 +1,77 @@ +pipeline { + + agent { + docker { + image 'cfpb/jenkinsfile:base' + args '--user jenkins -v /run/docker.sock:/run/docker.sock' + } + } + + environment { + KEYCLOAK_IMAGE_NAME = 'hmda/keycloak' + AUTH_PROXY_IMAGE_NAME_AUTH_PROXY = 'hmda/auth-proxy' + + DOCKER_REGISTRY_CREDENTIALS_ID = 'hmda-platform-jenkins-service' + } + + options { + ansiColor('xterm') + timestamps() + } + + stages { + + stage('init') { + environment { + DOCKER_REGISTRY_CREDENTIALS = credentials("${env.DOCKER_REGISTRY_CREDENTIALS_ID}") + } + steps { + script { + // Add additional global envvars here since pipelines do not allow you to reference one another in `environment` section + env.DOCKER_REGISTRY = env.DOCKER_REGISTRY_URL - 'https://' + + env.KEYCLOAK_IMAGE_NAME_WITH_TAG = "${env.DOCKER_REGISTRY}/${env.KEYCLOAK_IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_ID}" + env.AUTH_PROXY_IMAGE_NAME_WITH_TAG = "${env.DOCKER_REGISTRY}/${env.AUTH_PROXY_IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_ID}" + + currentBuild.changeSets.each { changeSets -> + changeSets.items.each { + csItem + } + } + } + + // This `docker login` seems to be required with each run of the job when running inside a container. + // It seems this is necessary because `docker.withRegistry()` credentials only perform a `docker login` + // correctly for some versions of Docker. This may go away upon future Docker versions. + sh 'docker login --username $DOCKER_REGISTRY_CREDENTIALS_USR --password $DOCKER_REGISTRY_CREDENTIALS_PSW $DOCKER_REGISTRY_URL' + } + } + + stage('select app build') { + steps { + script { + env.BUILD_KEYCLOAK = false + env.BUILD_AUTH_PROXY = false + + currentBuild.changeSets.each { changeLogSet -> + changeLogSet.items.each { entry -> + echo "${entry.commitId} by ${entry.author} on ${new Date(entry.timestamp)}: ${entry.msg}\n" + entry.affectedFiles.each { file -> + echo " ${file.editType.name} ${file.path}" + if (file.path.startsWith('keycloak/')) env.BUILD_KEYCLOAK = true + if (file.path.startsWith('auth-proxy/')) env.BUILD_KEYCLOAK = true + } + } + } + + if (!env.BUILD_KEYCLOAK && !env.BUILD_AUTH_PROXY) { + echo "Could not determine which app to build, so building both" + env.BUILD_KEYCLOAK = true + env.BUILD_AUTH_PROXY = true + } + } + sh 'env | sort' + } + } + +} \ No newline at end of file From d3dee1ded593943afdb1ea4846b394014200f38e Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Fri, 27 Apr 2018 01:58:35 -0400 Subject: [PATCH 2/6] Simple build-both approach in Jenkinsfile --- Jenkinsfile | 58 +++++++++++++++++++++++++++-------------------------- 1 file changed, 30 insertions(+), 28 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 8bfd461..ad9f861 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -2,15 +2,14 @@ pipeline { agent { docker { - image 'cfpb/jenkinsfile:base' + image 'cfpb/jenkinsfile:nodejs' args '--user jenkins -v /run/docker.sock:/run/docker.sock' } } environment { + AUTH_PROXY_IMAGE_NAME = 'hmda/auth-proxy' KEYCLOAK_IMAGE_NAME = 'hmda/keycloak' - AUTH_PROXY_IMAGE_NAME_AUTH_PROXY = 'hmda/auth-proxy' - DOCKER_REGISTRY_CREDENTIALS_ID = 'hmda-platform-jenkins-service' } @@ -30,48 +29,51 @@ pipeline { // Add additional global envvars here since pipelines do not allow you to reference one another in `environment` section env.DOCKER_REGISTRY = env.DOCKER_REGISTRY_URL - 'https://' - env.KEYCLOAK_IMAGE_NAME_WITH_TAG = "${env.DOCKER_REGISTRY}/${env.KEYCLOAK_IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_ID}" env.AUTH_PROXY_IMAGE_NAME_WITH_TAG = "${env.DOCKER_REGISTRY}/${env.AUTH_PROXY_IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_ID}" + env.AUTH_PROXY_IMAGE_REPO = "${env.DOCKER_REGISTRY_URL}/repositories/${env.AUTH_PROXY_IMAGE_NAME}" - currentBuild.changeSets.each { changeSets -> - changeSets.items.each { - csItem - } - } + env.KEYCLOAK_IMAGE_NAME_WITH_TAG = "${env.DOCKER_REGISTRY}/${env.KEYCLOAK_IMAGE_NAME}:${env.BRANCH_NAME}-${env.BUILD_ID}" + env.KEYCLOAK_IMAGE_REPO = "${env.DOCKER_REGISTRY_URL}/repositories/${env.KEYCLOAK_IMAGE_NAME}" } // This `docker login` seems to be required with each run of the job when running inside a container. // It seems this is necessary because `docker.withRegistry()` credentials only perform a `docker login` // correctly for some versions of Docker. This may go away upon future Docker versions. sh 'docker login --username $DOCKER_REGISTRY_CREDENTIALS_USR --password $DOCKER_REGISTRY_CREDENTIALS_PSW $DOCKER_REGISTRY_URL' + + sh 'env | sort' } } - stage('select app build') { + stage('build images') { steps { script { - env.BUILD_KEYCLOAK = false - env.BUILD_AUTH_PROXY = false - - currentBuild.changeSets.each { changeLogSet -> - changeLogSet.items.each { entry -> - echo "${entry.commitId} by ${entry.author} on ${new Date(entry.timestamp)}: ${entry.msg}\n" - entry.affectedFiles.each { file -> - echo " ${file.editType.name} ${file.path}" - if (file.path.startsWith('keycloak/')) env.BUILD_KEYCLOAK = true - if (file.path.startsWith('auth-proxy/')) env.BUILD_KEYCLOAK = true - } - } - } + docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG) + docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG) + } + } + } - if (!env.BUILD_KEYCLOAK && !env.BUILD_AUTH_PROXY) { - echo "Could not determine which app to build, so building both" - env.BUILD_KEYCLOAK = true - env.BUILD_AUTH_PROXY = true + stage('publish images') { + steps { + script { + docker.withRegistry(env.DOCKER_REGISTRY_URL, env.DOCKER_REGISTRY_CREDENTIALS_ID) { + docker.image(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG).push() + docker.image(env.KEYCLOAK_IMAGE_NAME_WITH_TAG).push() } } - sh 'env | sort' } } + } + + post { + success { + echo """Docker images successfully pushed to ${env.DOCKER_REGISTRY_URL}: + * ${env.AUTH_PROXY_IMAGE_NAME_WITH_TAG} + * ${env.KEYCLOAK_IMAGE_NAME_WITH_TAG} + """ + } + } + } \ No newline at end of file From 881a2552e5bc227405fe73dc13f47d79ed6893bd Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Fri, 27 Apr 2018 02:10:41 -0400 Subject: [PATCH 3/6] Specify Dockerfile dirs --- Jenkinsfile | 12 +++++++++--- 1 file changed, 9 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index ad9f861..c91ff59 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -47,9 +47,15 @@ pipeline { stage('build images') { steps { - script { - docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG) - docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG) + dir('auth-proxy') { + script { + docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG) + } + } + dir('keycloak') { + script { + docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG) + } } } } From e61733c7a67d0d98567e07c87e05f9afbb3ec71f Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Fri, 27 Apr 2018 02:17:10 -0400 Subject: [PATCH 4/6] User base jenkinsfile image; --no-cache on `docker build` --- Jenkinsfile | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index c91ff59..047377b 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -2,7 +2,7 @@ pipeline { agent { docker { - image 'cfpb/jenkinsfile:nodejs' + image 'cfpb/jenkinsfile:base' args '--user jenkins -v /run/docker.sock:/run/docker.sock' } } @@ -47,14 +47,15 @@ pipeline { stage('build images') { steps { + sh 'ls -la' dir('auth-proxy') { script { - docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG) + docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG, '--no-cache .') } } dir('keycloak') { script { - docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG) + docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG, '--no-cache .') } } } From 0011aad4adac7f0045de139fe267079043dca7cb Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Fri, 27 Apr 2018 02:20:48 -0400 Subject: [PATCH 5/6] Set Dockerfile in docker.build() instead of dir() wrapper step --- Jenkinsfile | 13 ++++--------- 1 file changed, 4 insertions(+), 9 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 047377b..0f8d6b9 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -47,16 +47,11 @@ pipeline { stage('build images') { steps { - sh 'ls -la' - dir('auth-proxy') { - script { - docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG, '--no-cache .') - } + script { + docker.build(env.AUTH_PROXY_IMAGE_NAME_WITH_TAG, '--no-cache auth-proxy') } - dir('keycloak') { - script { - docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG, '--no-cache .') - } + script { + docker.build(env.KEYCLOAK_IMAGE_NAME_WITH_TAG, '--no-cache keycloak') } } } From 4a1f235d213732be630ed30b144a33f780786a02 Mon Sep 17 00:00:00 2001 From: Hans Keeler Date: Fri, 27 Apr 2018 02:21:50 -0400 Subject: [PATCH 6/6] Make sure latest jenkinsfile image is used in pipeline. --- Jenkinsfile | 1 + 1 file changed, 1 insertion(+) diff --git a/Jenkinsfile b/Jenkinsfile index 0f8d6b9..cd72d56 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -4,6 +4,7 @@ pipeline { docker { image 'cfpb/jenkinsfile:base' args '--user jenkins -v /run/docker.sock:/run/docker.sock' + alwaysPull true } }