ci(soteria): remove dind from quality runs and harden post

2026-04-20 01:14:54 -03:00 · 2026-04-20 01:14:54 -03:00 · 7859457c8b
commit 7859457c8b
parent ed91af0ce5
1 changed files with 18 additions and 27 deletions
--- a/45
+++ b/45
@ -1,7 +1,7 @@
 pipeline {
  agent {
    kubernetes {
-      defaultContainer 'builder'
+      defaultContainer 'tester'
      yaml """
 apiVersion: v1
 kind: Pod
@ -10,22 +10,6 @@ spec:
    kubernetes.io/arch: arm64
    node-role.kubernetes.io/worker: "true"
  containers:
-    - name: dind
-      image: docker:27-dind
-      securityContext:
-        privileged: true
-      env:
-        - name: DOCKER_TLS_CERTDIR
-          value: ""
-      args:
-        - "--mtu=1400"
-        - "--host=unix:///var/run/docker.sock"
-        - "--host=tcp://0.0.0.0:2375"
-      volumeMounts:
-        - name: dind-storage
-          mountPath: /var/lib/docker
-        - name: workspace-volume
-          mountPath: /home/jenkins/agent
    - name: builder
      image: docker:27
      command:
@ -54,8 +38,6 @@ spec:
  volumes:
    - name: docker-config-writable
      emptyDir: {}
-    - name: dind-storage
-      emptyDir: {}
    - name: harbor-config
      secret:
        secretName: harbor-robot-pipeline
@ -99,12 +81,11 @@ spec:
    }
    stage('Prep toolchain') {
      steps {
-        container('builder') {
+        container('tester') {
          sh '''
            set -eu
-            apk add --no-cache bash git jq curl
-            mkdir -p /root/.docker
-            cp /docker-config/config.json /root/.docker/config.json
+            apt-get update >/dev/null
+            apt-get install -y --no-install-recommends bash git jq curl python3 ripgrep >/dev/null
          '''
        }
      }
@ -462,12 +443,22 @@ PY
  post {
    always {
      script {
-        if (fileExists('build.env')) {
-          def env = readProperties file: 'build.env'
-          echo "Build complete for ${env.SEMVER}"
+        try {
+          if (fileExists('build.env')) {
+            def env = readProperties file: 'build.env'
+            echo "Build complete for ${env.SEMVER}"
+          }
+        } catch (Throwable err) {
+          echo "post workspace unavailable for build.env: ${err.class.simpleName}"
+        }
+      }
+      script {
+        try {
+          archiveArtifacts artifacts: 'build/*', allowEmptyArchive: true
+        } catch (Throwable err) {
+          echo "archive skipped: ${err.class.simpleName}"
        }
      }
-      archiveArtifacts artifacts: 'build/*', allowEmptyArchive: true
    }
  }
 }