From c3fed4b91a38b572e2c5f74e039de1a4311af29f Mon Sep 17 00:00:00 2001
From: Brad Stein <Brad.Stein@gmail.com>
Date: Sat, 31 Jan 2026 05:18:53 -0300
Subject: [PATCH] add jenkins pipeline

---
 Jenkinsfile | 133 ++++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 133 insertions(+)
 create mode 100644 Jenkinsfile

diff --git a/Jenkinsfile b/Jenkinsfile
new file mode 100644
index 0000000..fd24d7a
--- /dev/null
+++ b/Jenkinsfile
@@ -0,0 +1,133 @@
+pipeline {
+  agent {
+    kubernetes {
+      defaultContainer 'builder'
+      yaml """
+apiVersion: v1
+kind: Pod
+spec:
+  nodeSelector:
+    kubernetes.io/arch: arm64
+    node-role.kubernetes.io/worker: "true"
+  containers:
+    - name: dind
+      image: docker:27-dind
+      securityContext:
+        privileged: true
+      env:
+        - name: DOCKER_TLS_CERTDIR
+          value: ""
+      args:
+        - "--mtu=1400"
+        - "--host=unix:///var/run/docker.sock"
+        - "--host=tcp://0.0.0.0:2375"
+      volumeMounts:
+        - name: dind-storage
+          mountPath: /var/lib/docker
+        - name: workspace-volume
+          mountPath: /home/jenkins/agent
+    - name: builder
+      image: docker:27
+      command:
+        - cat
+      tty: true
+      env:
+        - name: DOCKER_HOST
+          value: tcp://localhost:2375
+        - name: DOCKER_TLS_CERTDIR
+          value: ""
+      volumeMounts:
+        - name: workspace-volume
+          mountPath: /home/jenkins/agent
+        - name: docker-config-writable
+          mountPath: /root/.docker
+        - name: harbor-config
+          mountPath: /docker-config
+  volumes:
+    - name: docker-config-writable
+      emptyDir: {}
+    - name: dind-storage
+      emptyDir: {}
+    - name: harbor-config
+      secret:
+        secretName: harbor-regcred
+        items:
+          - key: .dockerconfigjson
+            path: config.json
+    - name: workspace-volume
+      emptyDir: {}
+"""
+    }
+  }
+  stages {
+    stage('Checkout') {
+      steps {
+        checkout scm
+      }
+    }
+    stage('Prep toolchain') {
+      steps {
+        container('builder') {
+          sh '''
+            set -euo pipefail
+            apk add --no-cache bash git jq
+            mkdir -p /root/.docker
+            cp /docker-config/config.json /root/.docker/config.json
+          '''
+        }
+      }
+    }
+    stage('Compute version') {
+      steps {
+        container('builder') {
+          script {
+            def semver = sh(returnStdout: true, script: 'git describe --tags --exact-match || true').trim()
+            if (!semver) {
+              semver = sh(returnStdout: true, script: 'git rev-list --count HEAD').trim()
+              semver = "0.1.0-${semver}"
+            }
+            sh "echo SEMVER=${semver} > build.env"
+          }
+        }
+      }
+    }
+    stage('Buildx setup') {
+      steps {
+        container('builder') {
+          sh '''
+            set -euo pipefail
+            seq 1 10 | while read _; do
+              docker info && break || sleep 2
+            done
+            docker buildx create --name bstein-builder --driver docker-container --bootstrap --use
+          '''
+        }
+      }
+    }
+    stage('Build & push image') {
+      steps {
+        container('builder') {
+          sh '''
+            set -euo pipefail
+            VERSION_TAG=$(cut -d= -f2 build.env)
+            docker buildx build --platform linux/arm64 \
+              --tag registry.bstein.dev/infra/soteria:${VERSION_TAG} \
+              --tag registry.bstein.dev/infra/soteria:latest \
+              --push .
+          '''
+        }
+      }
+    }
+  }
+  post {
+    always {
+      script {
+        if (fileExists('build.env')) {
+          def env = readProperties file: 'build.env'
+          echo "Build complete for ${env.SEMVER}"
+        }
+      }
+      archiveArtifacts artifacts: 'build/*', allowEmptyArchive: true
+    }
+  }
+}