diff --git a/Jenkinsfile b/Jenkinsfile index a3e4760..55954a8 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -10,6 +10,9 @@ pipeline { apiVersion: v1 kind: Pod spec: + nodeSelector: + kubernetes.io/arch: arm64 + hardware: rpi5 containers: - name: dind image: docker:27-dind @@ -35,17 +38,19 @@ spec: volumeMounts: - name: workspace-volume mountPath: /home/jenkins/agent - - name: dind-storage - mountPath: /var/lib/docker - - name: docker-config + - name: docker-config-writable mountPath: /root/.docker + - name: docker-config-secret + mountPath: /docker-config volumes: - - name: docker-config + - name: docker-config-secret secret: secretName: harbor-robot-pipeline items: - key: .dockerconfigjson path: config.json + - name: docker-config-writable + emptyDir: {} - name: workspace-volume emptyDir: {} - name: dind-storage @@ -74,7 +79,7 @@ spec: container('builder') { sh ''' set -euo pipefail - apk add --no-cache bash curl make tar gzip git coreutils + apk add --no-cache bash curl make tar gzip git coreutils go ncurses ''' } } @@ -101,11 +106,18 @@ spec: container('builder') { sh ''' set -euo pipefail + mkdir -p /root/.docker + cp /docker-config/config.json /root/.docker/config.json + + # Harbor's build uses git metadata; Jenkins workspace ownership can trigger + # Git's safe.directory protection in containerized builds. + git config --global --add safe.directory '*' # `harbor-src/` itself matches `harbor-*`, so exclude it. SRC_DIR=$(find harbor-src -mindepth 1 -maxdepth 1 -type d -name "harbor-*" | head -n1) cd "${SRC_DIR}" + export DOCKER_BUILDKIT=1 export VERSIONTAG="${VERSIONTAG}" export BASEIMAGETAG="${VERSIONTAG}" export IMAGENAMESPACE="${REGISTRY}" @@ -139,8 +151,6 @@ spec: } } post { - always { - deleteDir() - } + always { echo 'done' } } }