harbor-arm-build/Jenkinsfile

pipeline {
  parameters {
    string(
      name: 'HARBOR_VERSION',
      defaultValue: '',
      description: 'Harbor tag to build (e.g. v2.14.1). Leave empty to build the latest release.'
    )
  }
  agent {
    kubernetes {
      label 'harbor-arm-build'
      defaultContainer 'builder'
      yaml """
apiVersion: v1
kind: Pod
spec:
  nodeSelector:
    kubernetes.io/arch: arm64
  containers:
  - name: builder
    image: quay.io/podman/stable:v5.2
    tty: true
    command: ["cat"]
    securityContext:
      privileged: true
    env:
    - name: DOCKER_CONFIG
      value: /root/.docker
    - name: REGISTRY_AUTH_FILE
      value: /root/.docker/config.json
    - name: XDG_RUNTIME_DIR
      value: /var/run/containers
    volumeMounts:
    - name: workspace-volume
      mountPath: /home/jenkins/agent
    - name: docker-config-secret
      mountPath: /docker-config
    - name: containers-storage
      mountPath: /var/lib/containers
    - name: podman-runtime
      mountPath: /var/run/containers
  volumes:
  - name: docker-config-secret
    secret:
      secretName: harbor-robot-pipeline
      items:
      - key: .dockerconfigjson
        path: config.json
  - name: workspace-volume
    emptyDir: {}
  - name: containers-storage
    emptyDir: {}
  - name: podman-runtime
    emptyDir: {}
"""
    }
  }
  environment {
    IMAGE_NAMESPACE = 'registry.bstein.dev/infra'
    TAG_SUFFIX      = '-arm64'
    REGISTRY_URL    = 'registry.bstein.dev'
  }
  options {
    disableConcurrentBuilds()
    timestamps()
  }
  stages {
    stage('Checkout pipeline repo') {
      steps {
        git credentialsId: 'gitea-pat', url: 'https://scm.bstein.dev/bstein/harbor-arm-build.git'
      }
    }

    stage('Setup tooling') {
      steps {
        container('builder') {
          sh '''
            set -euo pipefail
            microdnf -y install git make curl tar gzip jq golang podman-docker python3
            mkdir -p "${DOCKER_CONFIG}"
            cp /docker-config/config.json "${DOCKER_CONFIG}/config.json"
            # Make the Docker CLI invoke podman (buildah backend).
            ln -sf /usr/bin/podman /usr/local/bin/docker
            mkdir -p "${XDG_RUNTIME_DIR}"
          '''
        }
      }
    }

    stage('Resolve version') {
      steps {
        container('builder') {
          script {
            def resolved = sh(
              label: 'pick version',
              returnStdout: true,
              script: '''
                set -euo pipefail
                if [ -n "${HARBOR_VERSION:-}" ]; then
                  echo "${HARBOR_VERSION}"
                  exit 0
                fi
                curl -sSL https://api.github.com/repos/goharbor/harbor/releases/latest | python3 - <<'PY'
import json, sys
data = json.load(sys.stdin)
print(data.get("tag_name", "").strip())
PY
              '''
            ).trim()
            env.HARBOR_VERSION_RESOLVED = resolved
            env.HARBOR_SRC_DIR = "harbor-src/harbor-${resolved.startsWith('v') ? resolved.substring(1) : resolved}"
          }
        }
      }
    }

    stage('Fetch source') {
      steps {
        container('builder') {
          sh """
            set -euo pipefail
            rm -rf harbor-src
            mkdir -p harbor-src
            curl -sSL "https://github.com/goharbor/harbor/archive/refs/tags/${env.HARBOR_VERSION_RESOLVED}.tar.gz" | tar xz -C harbor-src
            ls -la harbor-src
          """
        }
      }
    }

    stage('Build & push (podman/buildah)') {
      steps {
        container('builder') {
          sh """
            set -euo pipefail
            export VERSIONTAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"
            export BASEIMAGETAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"
            export IMAGENAMESPACE=\"${IMAGE_NAMESPACE}\"
            export BASEIMAGENAMESPACE=\"${IMAGE_NAMESPACE}\"
            export DOCKERNETWORK=host
            export PULL_BASE_FROM_DOCKERHUB=false
            export BUILD_BASE=true
            export BUILDTRIVYADP=false
            export BUILD_INSTALLER=true
            export BUILDAH_ISOLATION=chroot
            export REGISTRY_AUTH_FILE=\"${DOCKER_CONFIG}/config.json\"
            git config --global --add safe.directory '*'
            cd \"${env.HARBOR_SRC_DIR}\"

            make compile
            make \\
              VERSIONTAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\" \\
              BASEIMAGETAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\" \\
              IMAGENAMESPACE=\"${IMAGE_NAMESPACE}\" \\
              BASEIMAGENAMESPACE=\"${IMAGE_NAMESPACE}\" \\
              DOCKERNETWORK=host \\
              PULL_BASE_FROM_DOCKERHUB=false \\
              BUILD_BASE=true \\
              BUILDTRIVYADP=false \\
              BUILD_INSTALLER=true \\
              build

            for pair in \\
              \"prepare:harbor-prepare\" \\
              \"redis-photon:harbor-redis\" \\
              \"nginx-photon:harbor-nginx\" \\
              \"registry-photon:harbor-registry\"; do
              src=\"${IMAGE_NAMESPACE}/$(echo "$pair" | cut -d: -f1):${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"
              dst=\"${IMAGE_NAMESPACE}/$(echo "$pair" | cut -d: -f2):${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"
              if podman image exists \"$src\"; then
                podman tag \"$src\" \"$dst\" || true
              fi
            done

            podman images --format '{{.Repository}}:{{.Tag}}' \\
              | awk -v ns=\"${IMAGE_NAMESPACE}/\" -v tag=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\" 'index($0, ns)==1 && $0 ~ ":"tag"$"' \\
              | sort -u \\
              | while read -r img; do
                  echo \"Pushing ${img}\"
                  podman push \"${img}\"
                done
          """
        }
      }
    }
  }
  post {
    always {
      echo "done"
    }
  }
}
chore: add pipeline 2025-12-16 19:23:46 -03:00			`pipeline {`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`parameters {`
			`string(`
			`name: 'HARBOR_VERSION',`
			`defaultValue: '',`
			`description: 'Harbor tag to build (e.g. v2.14.1). Leave empty to build the latest release.'`
			`)`
ci: poll for jenkinsfile changes 2025-12-17 02:05:53 -03:00			`}`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`agent {`
			`kubernetes {`
			`label 'harbor-arm-build'`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`defaultContainer 'builder'`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`yaml """`
			`apiVersion: v1`
			`kind: Pod`
			`spec:`
ci: fix dind toolchain and docker config 2025-12-17 02:51:34 -03:00			`nodeSelector:`
			`kubernetes.io/arch: arm64`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`containers:`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`- name: builder`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`image: quay.io/podman/stable:v5.2`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`tty: true`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`command: ["cat"]`
			`securityContext:`
			`privileged: true`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`env:`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`- name: DOCKER_CONFIG`
			`value: /root/.docker`
			`- name: REGISTRY_AUTH_FILE`
			`value: /root/.docker/config.json`
			`- name: XDG_RUNTIME_DIR`
			`value: /var/run/containers`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`volumeMounts:`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`- name: workspace-volume`
			`mountPath: /home/jenkins/agent`
ci: fix dind toolchain and docker config 2025-12-17 02:51:34 -03:00			`- name: docker-config-secret`
			`mountPath: /docker-config`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`- name: containers-storage`
			`mountPath: /var/lib/containers`
			`- name: podman-runtime`
			`mountPath: /var/run/containers`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`volumes:`
ci: fix dind toolchain and docker config 2025-12-17 02:51:34 -03:00			`- name: docker-config-secret`
ci: push to harbor via dockerconfig secret 2025-12-17 01:52:53 -03:00			`secret:`
			`secretName: harbor-robot-pipeline`
			`items:`
			`- key: .dockerconfigjson`
			`path: config.json`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`- name: workspace-volume`
			`emptyDir: {}`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`- name: containers-storage`
			`emptyDir: {}`
			`- name: podman-runtime`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`emptyDir: {}`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`"""`
			`}`
			`}`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`environment {`
ci: fix harbor make REGISTRY var clash 2025-12-17 12:24:07 -03:00			`IMAGE_NAMESPACE = 'registry.bstein.dev/infra'`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`TAG_SUFFIX = '-arm64'`
			`REGISTRY_URL = 'registry.bstein.dev'`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`}`
			`options {`
			`disableConcurrentBuilds()`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`timestamps()`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`}`
			`stages {`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`stage('Checkout pipeline repo') {`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`steps {`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`git credentialsId: 'gitea-pat', url: 'https://scm.bstein.dev/bstein/harbor-arm-build.git'`
			`}`
			`}`

ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`stage('Setup tooling') {`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`steps {`
			`container('builder') {`
			`sh '''`
			`set -euo pipefail`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`microdnf -y install git make curl tar gzip jq golang podman-docker python3`
			`mkdir -p "${DOCKER_CONFIG}"`
			`cp /docker-config/config.json "${DOCKER_CONFIG}/config.json"`
			`# Make the Docker CLI invoke podman (buildah backend).`
			`ln -sf /usr/bin/podman /usr/local/bin/docker`
			`mkdir -p "${XDG_RUNTIME_DIR}"`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`'''`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00			`}`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`}`
			`}`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`stage('Resolve version') {`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`steps {`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`container('builder') {`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`script {`
			`def resolved = sh(`
			`label: 'pick version',`
			`returnStdout: true,`
			`script: '''`
			`set -euo pipefail`
			`if [ -n "${HARBOR_VERSION:-}" ]; then`
			`echo "${HARBOR_VERSION}"`
			`exit 0`
			`fi`
			`curl -sSL https://api.github.com/repos/goharbor/harbor/releases/latest \| python3 - <<'PY'`
			`import json, sys`
			`data = json.load(sys.stdin)`
			`print(data.get("tag_name", "").strip())`
			`PY`
			`'''`
			`).trim()`
			`env.HARBOR_VERSION_RESOLVED = resolved`
			`env.HARBOR_SRC_DIR = "harbor-src/harbor-${resolved.startsWith('v') ? resolved.substring(1) : resolved}"`
			`}`
			`}`
			`}`
			`}`

			`stage('Fetch source') {`
			`steps {`
			`container('builder') {`
			`sh """`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`set -euo pipefail`
			`rm -rf harbor-src`
			`mkdir -p harbor-src`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`curl -sSL "https://github.com/goharbor/harbor/archive/refs/tags/${env.HARBOR_VERSION_RESOLVED}.tar.gz" \| tar xz -C harbor-src`
			`ls -la harbor-src`
			`"""`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`}`
			`}`
			`}`

ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`stage('Build & push (podman/buildah)') {`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`steps {`
			`container('builder') {`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`sh """`
ci: push to harbor via dockerconfig secret 2025-12-17 01:52:53 -03:00			`set -euo pipefail`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`export VERSIONTAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"`
			`export BASEIMAGETAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"`
			`export IMAGENAMESPACE=\"${IMAGE_NAMESPACE}\"`
			`export BASEIMAGENAMESPACE=\"${IMAGE_NAMESPACE}\"`
			`export DOCKERNETWORK=host`
			`export PULL_BASE_FROM_DOCKERHUB=false`
			`export BUILD_BASE=true`
			`export BUILDTRIVYADP=false`
			`export BUILD_INSTALLER=true`
			`export BUILDAH_ISOLATION=chroot`
			`export REGISTRY_AUTH_FILE=\"${DOCKER_CONFIG}/config.json\"`
ci: fix dind toolchain and docker config 2025-12-17 02:51:34 -03:00			`git config --global --add safe.directory '*'`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`cd \"${env.HARBOR_SRC_DIR}\"`
ci: use kaniko agent 2025-12-16 22:41:23 -03:00
ci: push to harbor via dockerconfig secret 2025-12-17 01:52:53 -03:00			`make compile`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`make \\`
			`VERSIONTAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\" \\`
			`BASEIMAGETAG=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\" \\`
			`IMAGENAMESPACE=\"${IMAGE_NAMESPACE}\" \\`
			`BASEIMAGENAMESPACE=\"${IMAGE_NAMESPACE}\" \\`
			`DOCKERNETWORK=host \\`
			`PULL_BASE_FROM_DOCKERHUB=false \\`
			`BUILD_BASE=true \\`
			`BUILDTRIVYADP=false \\`
			`BUILD_INSTALLER=true \\`
ci: force make vars for arm build 2025-12-17 11:11:43 -03:00			`build`
ci: push to harbor via dockerconfig secret 2025-12-17 01:52:53 -03:00
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`for pair in \\`
			`\"prepare:harbor-prepare\" \\`
			`\"redis-photon:harbor-redis\" \\`
			`\"nginx-photon:harbor-nginx\" \\`
			`\"registry-photon:harbor-registry\"; do`
			`src=\"${IMAGE_NAMESPACE}/$(echo "$pair" \| cut -d: -f1):${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"`
			`dst=\"${IMAGE_NAMESPACE}/$(echo "$pair" \| cut -d: -f2):${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\"`
			`if podman image exists \"$src\"; then`
			`podman tag \"$src\" \"$dst\" \|\| true`
			`fi`
			`done`
ci: retag harbor photon images for helm 2025-12-17 01:57:27 -03:00
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`podman images --format '{{.Repository}}:{{.Tag}}' \\`
			`\| awk -v ns=\"${IMAGE_NAMESPACE}/\" -v tag=\"${env.HARBOR_VERSION_RESOLVED}${TAG_SUFFIX}.${BUILD_NUMBER}\" 'index($0, ns)==1 && $0 ~ ":"tag"$"' \\`
			`\| sort -u \\`
ci: push to harbor via dockerconfig secret 2025-12-17 01:52:53 -03:00			`\| while read -r img; do`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`echo \"Pushing ${img}\"`
			`podman push \"${img}\"`
ci: push to harbor via dockerconfig secret 2025-12-17 01:52:53 -03:00			`done`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`"""`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`}`
			`}`
			`}`
			`}`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`post {`
ci: refactor harbor arm build pipeline 2025-12-18 01:26:53 -03:00			`always {`
			`echo "done"`
			`}`
ci: build harbor images with dind 2025-12-16 23:12:01 -03:00			`}`
chore: add pipeline 2025-12-16 19:23:46 -03:00			`}`