bstein/typhon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ci: split typhon telemetry from image publishing

Browse Source
This commit is contained in:
Brad Stein 2026-05-16 16:06:34 -03:00
parent d0143bfc71
commit 053d7a35e1
1 changed files with 148 additions and 130 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

226
Jenkinsfile vendored
View File

@ -1,4 +1,38 @@
def isTimerBuild() {
return !currentBuild.getBuildCauses('hudson.triggers.TimerTrigger$TimerTriggerCause').isEmpty()
}
def isScmBuild() {
return !currentBuild.getBuildCauses('hudson.triggers.SCMTrigger$SCMTriggerCause').isEmpty()
}
def shouldPublishImage() {
return params.PUBLISH_IMAGE || (!isTimerBuild() && isScmBuild())
}
pipeline { pipeline {
agent none
options {
disableConcurrentBuilds()
}
parameters {
booleanParam(
name: 'PUBLISH_IMAGE',
defaultValue: false,
description: 'Build and push typhon image to Harbor; main branch SCM builds also publish automatically.'
)
}
environment {
SUITE_NAME = 'typhon'
PUSHGATEWAY_URL = 'http://platform-quality-gateway.monitoring.svc.cluster.local:9091'
IMAGE_REPO = 'registry.bstein.dev/bstein/typhon'
}
stages {
stage('Quality and metrics') {
agent { agent {
kubernetes { kubernetes {
defaultContainer 'node' defaultContainer 'node'
@ -10,83 +44,20 @@ spec:
kubernetes.io/arch: arm64 kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true" node-role.kubernetes.io/worker: "true"
containers: containers:
- name: dind
image: docker:27-dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
command:
- /bin/sh
- -c
args:
- |
set -eu
exec dockerd-entrypoint.sh --mtu=1400 --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
- name: workspace-volume
mountPath: /home/jenkins/agent
- name: docker
image: docker:27
command: ['cat']
tty: true
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: DOCKER_TLS_CERTDIR
value: ""
volumeMounts:
- name: docker-config-writable
mountPath: /root/.docker
- name: docker-config-secret
mountPath: /docker-config
- name: workspace-volume
mountPath: /home/jenkins/agent
- name: node - name: node
image: node:22-bookworm image: node:22-bookworm-slim
command: ['cat'] command: ['cat']
tty: true tty: true
volumeMounts: volumeMounts:
- name: workspace-volume - name: workspace-volume
mountPath: /home/jenkins/agent mountPath: /home/jenkins/agent
volumes: volumes:
- name: docker-config-secret
secret:
secretName: harbor-robot-pipeline
items:
- key: .dockerconfigjson
path: config.json
- name: docker-config-writable
emptyDir: {}
- name: dind-storage
emptyDir: {}
- name: workspace-volume - name: workspace-volume
emptyDir: {} emptyDir: {}
""" """
} }
} }
options {
disableConcurrentBuilds()
}
parameters {
booleanParam(
name: 'PUBLISH_IMAGE',
defaultValue: true,
description: 'Build and push typhon image to Harbor on successful quality gate.'
)
}
environment {
SUITE_NAME = 'typhon'
PUSHGATEWAY_URL = 'http://platform-quality-gateway.monitoring.svc.cluster.local:9091'
IMAGE_REPO = 'registry.bstein.dev/bstein/typhon'
}
stages { stages {
stage('Checkout') { stage('Checkout') {
steps { steps {
@ -94,18 +65,6 @@ spec:
} }
} }
stage('Prep Docker Auth') {
steps {
container('docker') {
sh '''
set -eu
mkdir -p /root/.docker
cp /docker-config/config.json /root/.docker/config.json
'''
}
}
}
stage('Run quality gate') { stage('Run quality gate') {
steps { steps {
container('node') { container('node') {
@ -454,15 +413,89 @@ NODE
} }
} }
} }
}
stage('Buildx setup') { post {
always {
archiveArtifacts artifacts: 'build/**,dist/**,coverage/**', allowEmptyArchive: true, fingerprint: true
}
}
}
stage('Build & push image') {
when { when {
expression { return params.PUBLISH_IMAGE } expression { return shouldPublishImage() }
}
agent {
kubernetes {
defaultContainer 'docker'
yaml """
apiVersion: v1
kind: Pod
spec:
nodeSelector:
kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
containers:
- name: dind
image: docker:27-dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
command:
- /bin/sh
- -c
args:
- |
set -eu
exec dockerd-entrypoint.sh --mtu=1400 --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
- name: workspace-volume
mountPath: /home/jenkins/agent
- name: docker
image: docker:27
command: ['cat']
tty: true
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: DOCKER_TLS_CERTDIR
value: ""
volumeMounts:
- name: docker-config-writable
mountPath: /root/.docker
- name: docker-config-secret
mountPath: /docker-config
- name: workspace-volume
mountPath: /home/jenkins/agent
volumes:
- name: docker-config-secret
secret:
secretName: harbor-robot-pipeline
items:
- key: .dockerconfigjson
path: config.json
- name: docker-config-writable
emptyDir: {}
- name: dind-storage
emptyDir: {}
- name: workspace-volume
emptyDir: {}
"""
}
} }
steps { steps {
checkout scm
container('docker') { container('docker') {
sh ''' sh '''
set -eu set -eu
mkdir -p /root/.docker
cp /docker-config/config.json /root/.docker/config.json
seq 1 20 | while read _; do seq 1 20 | while read _; do
docker info >/dev/null 2>&1 && break || sleep 2 docker info >/dev/null 2>&1 && break || sleep 2
done done
@ -470,17 +503,17 @@ NODE
BUILDER_NAME="typhon-${BUILD_NUMBER}" BUILDER_NAME="typhon-${BUILD_NUMBER}"
docker buildx rm "${BUILDER_NAME}" >/dev/null 2>&1 || true docker buildx rm "${BUILDER_NAME}" >/dev/null 2>&1 || true
docker buildx create --name "${BUILDER_NAME}" --driver docker-container --bootstrap --use docker buildx create --name "${BUILDER_NAME}" --driver docker-container --bootstrap --use
'''
}
}
}
stage('Build & push image') { APP_VERSION="$(sed -n 's/.*"version"[[:space:]]*:[[:space:]]*"\\([^"]*\\)".*/\\1/p' package.json | head -n 1)"
when { SHORT_SHA="$(printf '%s' "${GIT_COMMIT:-nohash}" | cut -c1-8)"
expression { return params.PUBLISH_IMAGE } IMAGE_TAG="${APP_VERSION}-${BUILD_NUMBER}-${SHORT_SHA}"
}
steps { {
container('docker') { echo "IMAGE_REPO=${IMAGE_REPO}"
echo "IMAGE_TAG=${IMAGE_TAG}"
echo "IMAGE_CHANNEL_TAG=main"
} > build/image.env
'''
withCredentials([ withCredentials([
usernamePassword( usernamePassword(
credentialsId: 'harbor-robot', credentialsId: 'harbor-robot',
@ -490,10 +523,7 @@ NODE
]) { ]) {
sh ''' sh '''
set -eu set -eu
. build/version.env . build/image.env
SHORT_SHA="$(printf '%s' "${GIT_COMMIT:-nohash}" | cut -c1-8)"
IMAGE_TAG="${APP_VERSION}-${BUILD_NUMBER}-${SHORT_SHA}"
printf '%s' "${HARBOR_PASSWORD}" | docker login registry.bstein.dev -u "${HARBOR_USERNAME}" --password-stdin printf '%s' "${HARBOR_PASSWORD}" | docker login registry.bstein.dev -u "${HARBOR_USERNAME}" --password-stdin
docker buildx build --platform linux/arm64 \ docker buildx build --platform linux/arm64 \
@ -501,22 +531,10 @@ NODE
--tag "${IMAGE_REPO}:${IMAGE_TAG}" \ --tag "${IMAGE_REPO}:${IMAGE_TAG}" \
--tag "${IMAGE_REPO}:main" \ --tag "${IMAGE_REPO}:main" \
--push . --push .
{
echo "IMAGE_REPO=${IMAGE_REPO}"
echo "IMAGE_TAG=${IMAGE_TAG}"
echo "IMAGE_CHANNEL_TAG=main"
} > build/image.env
''' '''
} }
} }
} }
} }
} }
post {
always {
archiveArtifacts artifacts: 'build/**,dist/**,coverage/**', allowEmptyArchive: true, fingerprint: true
}
}
} }