ci: push to harbor via dockerconfig secret
This commit is contained in:
parent
def986a218
commit
ba9e754868
29
Jenkinsfile
vendored
29
Jenkinsfile
vendored
@ -7,8 +7,6 @@ pipeline {
|
|||||||
apiVersion: v1
|
apiVersion: v1
|
||||||
kind: Pod
|
kind: Pod
|
||||||
spec:
|
spec:
|
||||||
securityContext:
|
|
||||||
runAsUser: 0
|
|
||||||
containers:
|
containers:
|
||||||
- name: dind
|
- name: dind
|
||||||
image: docker:27-dind
|
image: docker:27-dind
|
||||||
@ -19,7 +17,6 @@ spec:
|
|||||||
value: ""
|
value: ""
|
||||||
args:
|
args:
|
||||||
- --mtu=1400
|
- --mtu=1400
|
||||||
- --insecure-registry=registry.bstein.dev
|
|
||||||
volumeMounts:
|
volumeMounts:
|
||||||
- name: dind-storage
|
- name: dind-storage
|
||||||
mountPath: /var/lib/docker
|
mountPath: /var/lib/docker
|
||||||
@ -37,7 +34,15 @@ spec:
|
|||||||
mountPath: /home/jenkins/agent
|
mountPath: /home/jenkins/agent
|
||||||
- name: dind-storage
|
- name: dind-storage
|
||||||
mountPath: /var/lib/docker
|
mountPath: /var/lib/docker
|
||||||
|
- name: docker-config
|
||||||
|
mountPath: /root/.docker
|
||||||
volumes:
|
volumes:
|
||||||
|
- name: docker-config
|
||||||
|
secret:
|
||||||
|
secretName: harbor-robot-pipeline
|
||||||
|
items:
|
||||||
|
- key: .dockerconfigjson
|
||||||
|
path: config.json
|
||||||
- name: workspace-volume
|
- name: workspace-volume
|
||||||
emptyDir: {}
|
emptyDir: {}
|
||||||
- name: dind-storage
|
- name: dind-storage
|
||||||
@ -91,35 +96,37 @@ spec:
|
|||||||
}
|
}
|
||||||
steps {
|
steps {
|
||||||
container('builder') {
|
container('builder') {
|
||||||
withCredentials([usernamePassword(credentialsId: 'harbor-robot', passwordVariable: 'HPASS', usernameVariable: 'HUSER')]) {
|
|
||||||
sh '''
|
sh '''
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
SRC_DIR=$(find harbor-src -maxdepth 1 -type d -name "harbor-*" | head -n1)
|
SRC_DIR=$(find harbor-src -maxdepth 1 -type d -name "harbor-*" | head -n1)
|
||||||
cd "${SRC_DIR}"
|
cd "${SRC_DIR}"
|
||||||
|
|
||||||
docker login -u "${HUSER}" -p "${HPASS}" "$(echo "${REGISTRY}" | cut -d/ -f1)"
|
|
||||||
|
|
||||||
export VERSIONTAG="${VERSIONTAG}"
|
export VERSIONTAG="${VERSIONTAG}"
|
||||||
export BASEIMAGETAG="${VERSIONTAG}"
|
export BASEIMAGETAG="${VERSIONTAG}"
|
||||||
export IMAGENAMESPACE="${REGISTRY}"
|
export IMAGENAMESPACE="${REGISTRY}"
|
||||||
export BASEIMAGENAMESPACE="${REGISTRY}"
|
export BASEIMAGENAMESPACE="${REGISTRY}"
|
||||||
export PULL_BASE_FROM_DOCKERHUB=false
|
export PULL_BASE_FROM_DOCKERHUB=false
|
||||||
export BUILD_BASE=true
|
export BUILD_BASE=true
|
||||||
export PUSHBASEIMAGE=true
|
|
||||||
export BUILDTRIVYADP=false
|
export BUILDTRIVYADP=false
|
||||||
export BUILD_INSTALLER=false
|
export BUILD_INSTALLER=false
|
||||||
export REGISTRYUSER="${HUSER}"
|
|
||||||
export REGISTRYPASSWORD="${HPASS}"
|
|
||||||
|
|
||||||
make compile
|
make compile
|
||||||
make build
|
make build
|
||||||
make pushimage
|
|
||||||
|
# Push every image we just built for this tag under our namespace.
|
||||||
|
docker images --format '{{.Repository}}:{{.Tag}}' \
|
||||||
|
| awk -v ns="${REGISTRY}/" -v tag="${VERSIONTAG}" 'index($0, ns)==1 && $0 ~ ":"tag"$"' \
|
||||||
|
| sort -u \
|
||||||
|
| while read -r img; do
|
||||||
|
echo "Pushing ${img}"
|
||||||
|
docker push "${img}"
|
||||||
|
done
|
||||||
'''
|
'''
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
|
||||||
post {
|
post {
|
||||||
always {
|
always {
|
||||||
cleanWs()
|
cleanWs()
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user