bstein/typhon
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
typhon/Jenkinsfile

543 lines
16 KiB
Groovy
Raw Blame History

def isTimerBuild() {
return !currentBuild.getBuildCauses('hudson.triggers.TimerTrigger$TimerTriggerCause').isEmpty()
}
def isScmBuild() {
return !currentBuild.getBuildCauses('hudson.triggers.SCMTrigger$SCMTriggerCause').isEmpty()
}
def shouldPublishImage() {
return params.PUBLISH_IMAGE || (!isTimerBuild() && isScmBuild())
}
pipeline {
agent none
options {
disableConcurrentBuilds()
}
parameters {
booleanParam(
name: 'PUBLISH_IMAGE',
defaultValue: false,
description: 'Build and push typhon image to Harbor; main branch SCM builds also publish automatically.'
)
}
environment {
SUITE_NAME = 'typhon'
PUSHGATEWAY_URL = 'http://platform-quality-gateway.monitoring.svc.cluster.local:9091'
IMAGE_REPO = 'registry.bstein.dev/bstein/typhon'
}
stages {
stage('Quality and metrics') {
agent {
kubernetes {
defaultContainer 'node'
yaml """
apiVersion: v1
kind: Pod
spec:
nodeSelector:
hardware: rpi5
kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
containers:
- name: node
image: node:22-bookworm-slim
command: ['cat']
tty: true
volumeMounts:
- name: workspace-volume
mountPath: /home/jenkins/agent
volumes:
- name: workspace-volume
emptyDir: {}
"""
}
}
stages {
stage('Checkout') {
steps {
checkout scm
}
}
stage('Run quality gate') {
steps {
container('node') {
sh '''
set -eu
set +e
bash <<'GATE'
set -u
npm ci
lint_rc=0
test_rc=0
build_rc=0
npm run lint || lint_rc=$?
npm run test:ci || test_rc=$?
npm run build || build_rc=$?
mkdir -p build
APP_VERSION="$(node -p "require('./package.json').version")"
echo "APP_VERSION=${APP_VERSION}" > build/version.env
export lint_rc test_rc build_rc
node <<'NODE'
const fs = require('fs');
const path = require('path');
const junitPath = 'build/junit-typhon.xml';
const coveragePath = 'coverage/coverage-summary.json';
const sourceRoots = ['src', 'tests', 'scripts'];
const sourceExts = new Set(['.ts', '.js', '.cjs', '.mjs', '.sh']);
function unescapeXml(value) {
return String(value || '')
.split('&quot;').join('"')
.split('&apos;').join("'")
.split('&lt;').join('<')
.split('&gt;').join('>')
.split('&amp;').join('&');
}
function attr(attrs, name) {
const match = attrs.match(new RegExp(`(?:^|\\s)${name}="([^"]*)"`));
return match ? unescapeXml(match[1]) : '';
}
function collectSourceFiles(rootDir) {
const files = [];
const stack = [rootDir];
while (stack.length > 0) {
const current = stack.pop();
if (!fs.existsSync(current)) {
continue;
}
for (const entry of fs.readdirSync(current, { withFileTypes: true })) {
const fullPath = path.join(current, entry.name);
if (entry.isDirectory()) {
stack.push(fullPath);
continue;
}
if (sourceExts.has(path.extname(entry.name))) {
files.push(fullPath);
}
}
}
return files.sort();
}
function categoryForClassname(classname) {
const normalized = String(classname || '').split('\\').join('/');
const relative = normalized.includes('/tests/')
? normalized.slice(normalized.indexOf('/tests/') + '/tests/'.length)
: (normalized.startsWith('tests/') ? normalized.slice('tests/'.length) : normalized);
const parts = relative.split('/').filter(Boolean);
if (parts.length <= 1 || parts[0].endsWith('.test.ts')) {
return 'unit';
}
return parts[0];
}
function parseTestCases(junit) {
const cases = [];
const re = new RegExp('<testcase\\b([^>]*)>([\\s\\S]*?)</testcase>|<testcase\\b([^>]*)/>', 'g');
let match;
while ((match = re.exec(junit)) !== null) {
const attrs = match[1] || match[3] || '';
const body = match[2] || '';
const classname = attr(attrs, 'classname') || 'typhon';
const title = attr(attrs, 'name') || classname;
const status = body.includes('<failure') || body.includes('<error')
? 'failed'
: body.includes('<skipped')
? 'skipped'
: 'passed';
cases.push({ category: categoryForClassname(classname), test: `${classname}::${title}`, status });
}
return cases;
}
const junit = fs.existsSync(junitPath) ? fs.readFileSync(junitPath, 'utf8') : '';
const tests = Number((junit.match(new RegExp('tests="([0-9]+)"')) || [])[1] || 0);
const failures = Number((junit.match(new RegExp('failures="([0-9]+)"')) || [])[1] || 0);
const errors = Number((junit.match(new RegExp('errors="([0-9]+)"')) || [])[1] || (junit ? 0 : 1));
const skipped = Number((junit.match(new RegExp('skipped="([0-9]+)"')) || [])[1] || 0);
const cov = fs.existsSync(coveragePath) ? JSON.parse(fs.readFileSync(coveragePath, 'utf8')) : { total: {} };
const total = cov.total || {};
const sourceFiles = sourceRoots.flatMap((root) => collectSourceFiles(root));
const overLimitFiles = sourceFiles
.map((file) => ({ file, lines: fs.readFileSync(file, 'utf8').split(new RegExp('\\r?\\n')).length }))
.filter((item) => item.lines > 500);
const report = {
suite: 'typhon',
tests: { tests, failures, errors, skipped },
coverage: {
lines: total.lines?.pct ?? 0,
statements: total.statements?.pct ?? 0,
functions: total.functions?.pct ?? 0,
branches: total.branches?.pct ?? 0
},
thresholds: {
lines: 95,
statements: 95,
functions: 95,
branches: 75
},
hygiene: {
sourceFilesTotal: sourceFiles.length,
sourceLinesOver500: overLimitFiles.length
},
checks: {
tests: failures > 0 || errors > 0 || Number(process.env.test_rc || 0) !== 0 ? 'failed' : 'ok',
coverage: 'ok',
loc: overLimitFiles.length === 0 ? 'ok' : 'failed',
style: Number(process.env.lint_rc || 0) === 0 ? 'ok' : 'failed',
gate_glue: 'ok',
sonarqube: 'not_applicable',
supply_chain: 'not_applicable'
},
testCases: parseTestCases(junit)
};
report.checks.coverage = (
report.coverage.lines >= report.thresholds.lines &&
report.coverage.statements >= report.thresholds.statements &&
report.coverage.functions >= report.thresholds.functions &&
report.coverage.branches >= report.thresholds.branches
) ? 'ok' : 'failed';
if (report.testCases.length === 0) {
report.testCases.push({ category: 'unit', test: '__no_test_cases__', status: junit ? 'skipped' : 'failed' });
}
fs.writeFileSync('build/quality-gate.json', JSON.stringify(report, null, 2));
if (
Number(process.env.lint_rc || 0) !== 0 ||
Number(process.env.test_rc || 0) !== 0 ||
Number(process.env.build_rc || 0) !== 0 ||
Object.values(report.checks).includes('failed')
) {
process.exit(1);
}
NODE
GATE
gate_rc=$?
set -e
printf '%s\n' "${gate_rc}" > build/quality-gate.rc
if [ ! -f build/quality-gate.json ]; then
mkdir -p build
cat > build/quality-gate.json <<'JSON'
{
"suite": "typhon",
"tests": {
"tests": 0,
"failures": 1,
"errors": 0,
"skipped": 0
},
"coverage": {
"lines": 0,
"statements": 0,
"functions": 0,
"branches": 0
},
"thresholds": {
"lines": 95,
"statements": 95,
"functions": 95,
"branches": 75
},
"hygiene": {
"sourceFilesTotal": 0,
"sourceLinesOver500": 0
},
"checks": {
"tests": "failed",
"coverage": "failed",
"loc": "ok",
"style": "failed",
"gate_glue": "failed",
"sonarqube": "not_applicable",
"supply_chain": "not_applicable"
},
"testCases": [
{
"category": "unit",
"test": "__no_test_cases__",
"status": "failed"
}
]
}
JSON
fi
'''
}
}
}
stage('Publish test metrics') {
steps {
container('node') {
sh '''
set -eu
node <<'NODE'
const fs = require('fs');
const { execSync } = require('child_process');
const gateway = process.env.PUSHGATEWAY_URL;
const suite = process.env.SUITE_NAME || 'typhon';
const qualityPath = 'build/quality-gate.json';
if (!fs.existsSync(qualityPath)) {
throw new Error('quality report missing');
}
const quality = JSON.parse(fs.readFileSync(qualityPath, 'utf8'));
const status = quality.tests.failures > 0 || quality.tests.errors > 0 || Object.values(quality.checks || {}).includes('failed') ? 'failed' : 'ok';
const branch = process.env.BRANCH_NAME || process.env.GIT_BRANCH || 'unknown';
const buildNumber = process.env.BUILD_NUMBER || 'unknown';
const jenkinsJob = process.env.JOB_NAME || suite;
const sourceFilesTotal = Number(quality.hygiene?.sourceFilesTotal ?? 0);
const sourceLinesOver500 = Number(quality.hygiene?.sourceLinesOver500 ?? 0);
function esc(value) {
return String(value ?? '')
.split('\\').join('\\\\')
.split('"').join('\\"')
.split('\n').join('\\n');
}
function labelString(labels) {
return `{${Object.entries(labels).map(([key, value]) => `${key}="${esc(value)}"`).join(',')}}`;
}
function fetchCounter(targetStatus) {
try {
const metrics = execSync(`curl -fsS ${gateway}/metrics`, { encoding: 'utf8' });
const re = new RegExp(`platform_quality_gate_runs_total\\{[^}]*suite=\\"${suite}\\"[^}]*status=\\"${targetStatus}\\"[^}]*\\}\\s+(\\d+(?:\\.\\d+)?)`);
const match = metrics.match(re);
if (!match) return 0;
return Number(match[1]);
} catch {
return 0;
}
}
let ok = fetchCounter('ok');
let failed = fetchCounter('failed');
if (status === 'ok') ok += 1;
if (status === 'failed') failed += 1;
const passed = Math.max(quality.tests.tests - quality.tests.failures - quality.tests.errors - quality.tests.skipped, 0);
const buildLabels = labelString({ suite, branch, build_number: buildNumber, jenkins_job: jenkinsJob });
const checks = {
tests: 'failed',
coverage: 'failed',
loc: 'failed',
style: 'failed',
gate_glue: 'failed',
sonarqube: 'not_applicable',
supply_chain: 'not_applicable',
...(quality.checks || {})
};
const lines = [
'# TYPE platform_quality_gate_runs_total counter',
`platform_quality_gate_runs_total{suite="${suite}",status="ok"} ${ok}`,
`platform_quality_gate_runs_total{suite="${suite}",status="failed"} ${failed}`,
'# TYPE platform_quality_gate_build_info gauge',
`platform_quality_gate_build_info${buildLabels} 1`,
'# TYPE platform_quality_gate_tests_total gauge',
`platform_quality_gate_tests_total{suite="${suite}",result="passed"} ${passed}`,
`platform_quality_gate_tests_total{suite="${suite}",result="failed"} ${quality.tests.failures}`,
`platform_quality_gate_tests_total{suite="${suite}",result="error"} ${quality.tests.errors}`,
`platform_quality_gate_tests_total{suite="${suite}",result="skipped"} ${quality.tests.skipped}`,
'# TYPE typhon_quality_gate_tests_total gauge',
`typhon_quality_gate_tests_total{suite="${suite}",result="passed"} ${passed}`,
`typhon_quality_gate_tests_total{suite="${suite}",result="failed"} ${quality.tests.failures}`,
`typhon_quality_gate_tests_total{suite="${suite}",result="error"} ${quality.tests.errors}`,
`typhon_quality_gate_tests_total{suite="${suite}",result="skipped"} ${quality.tests.skipped}`,
'# TYPE typhon_quality_gate_coverage_percent gauge',
`typhon_quality_gate_coverage_percent{suite="${suite}",scope="lines"} ${quality.coverage.lines}`,
`typhon_quality_gate_coverage_percent{suite="${suite}",scope="statements"} ${quality.coverage.statements}`,
`typhon_quality_gate_coverage_percent{suite="${suite}",scope="functions"} ${quality.coverage.functions}`,
`typhon_quality_gate_coverage_percent{suite="${suite}",scope="branches"} ${quality.coverage.branches}`,
'# TYPE platform_quality_gate_workspace_line_coverage_percent gauge',
`platform_quality_gate_workspace_line_coverage_percent{suite="${suite}"} ${quality.coverage.lines}`,
'# TYPE platform_quality_gate_source_files_total gauge',
`platform_quality_gate_source_files_total{suite="${suite}"} ${sourceFilesTotal}`,
'# TYPE platform_quality_gate_source_lines_over_500_total gauge',
`platform_quality_gate_source_lines_over_500_total{suite="${suite}"} ${sourceLinesOver500}`,
'# TYPE typhon_quality_gate_checks_total gauge',
...Object.entries(checks).map(([check, result]) => `typhon_quality_gate_checks_total${labelString({ suite, check, result })} 1`),
'# TYPE platform_quality_gate_test_case_result gauge',
...(quality.testCases || []).map((item) => `platform_quality_gate_test_case_result${labelString({
suite,
branch,
build_number: buildNumber,
jenkins_job: jenkinsJob,
category: item.category || 'unit',
test: item.test || '__no_test_cases__',
status: item.status || 'skipped'
})} 1`),
''
];
try {
execSync(`curl -fsS --data-binary @- ${gateway}/metrics/job/platform-quality-ci/suite/${suite}`, {
input: lines.join('\\n'),
stdio: ['pipe', 'inherit', 'inherit']
});
} catch (error) {
console.error(`metrics publish failed for suite=${suite}:`, error.message);
}
NODE
'''
}
}
}
stage('Enforce quality gate') {
steps {
container('node') {
sh '''
set -eu
test "$(cat build/quality-gate.rc 2>/dev/null || echo 1)" -eq 0
'''
}
}
}
}
post {
always {
archiveArtifacts artifacts: 'build/**,dist/**,coverage/**', allowEmptyArchive: true, fingerprint: true
}
}
}
stage('Build & push image') {
when {
expression { return shouldPublishImage() }
}
agent {
kubernetes {
defaultContainer 'docker'
yaml """
apiVersion: v1
kind: Pod
spec:
nodeSelector:
hardware: rpi5
kubernetes.io/arch: arm64
node-role.kubernetes.io/worker: "true"
containers:
- name: dind
image: docker:27-dind
securityContext:
privileged: true
env:
- name: DOCKER_TLS_CERTDIR
value: ""
command:
- /bin/sh
- -c
args:
- |
set -eu
exec dockerd-entrypoint.sh --mtu=1400 --host=unix:///var/run/docker.sock --host=tcp://0.0.0.0:2375
volumeMounts:
- name: dind-storage
mountPath: /var/lib/docker
- name: workspace-volume
mountPath: /home/jenkins/agent
- name: docker
image: docker:27
command: ['cat']
tty: true
env:
- name: DOCKER_HOST
value: tcp://localhost:2375
- name: DOCKER_TLS_CERTDIR
value: ""
volumeMounts:
- name: docker-config-writable
mountPath: /root/.docker
- name: docker-config-secret
mountPath: /docker-config
- name: workspace-volume
mountPath: /home/jenkins/agent
volumes:
- name: docker-config-secret
secret:
secretName: harbor-robot-pipeline
items:
- key: .dockerconfigjson
path: config.json
- name: docker-config-writable
emptyDir: {}
- name: dind-storage
emptyDir: {}
- name: workspace-volume
emptyDir: {}
"""
}
}
steps {
checkout scm
container('docker') {
sh '''
set -eu
mkdir -p /root/.docker
cp /docker-config/config.json /root/.docker/config.json
seq 1 20 | while read _; do
docker info >/dev/null 2>&1 && break || sleep 2
done
BUILDER_NAME="typhon-${BUILD_NUMBER}"
docker buildx rm "${BUILDER_NAME}" >/dev/null 2>&1 || true
docker buildx create --name "${BUILDER_NAME}" --driver docker-container --bootstrap --use
APP_VERSION="$(sed -n 's/.*"version"[[:space:]]*:[[:space:]]*"\\([^"]*\\)".*/\\1/p' package.json | head -n 1)"
SHORT_SHA="$(printf '%s' "${GIT_COMMIT:-nohash}" | cut -c1-8)"
IMAGE_TAG="${APP_VERSION}-${BUILD_NUMBER}-${SHORT_SHA}"
{
echo "IMAGE_REPO=${IMAGE_REPO}"
echo "IMAGE_TAG=${IMAGE_TAG}"
echo "IMAGE_CHANNEL_TAG=main"
} > build/image.env
'''
withCredentials([
usernamePassword(
credentialsId: 'harbor-robot',
usernameVariable: 'HARBOR_USERNAME',
passwordVariable: 'HARBOR_PASSWORD'
)
]) {
sh '''
set -eu
. build/image.env
printf '%s' "${HARBOR_PASSWORD}" | docker login registry.bstein.dev -u "${HARBOR_USERNAME}" --password-stdin
docker buildx build --platform linux/arm64 \
--provenance=false \
--tag "${IMAGE_REPO}:${IMAGE_TAG}" \
--tag "${IMAGE_REPO}:main" \
--push .
'''
}
}
}
}
}
}
Reference in New Issue View Git Blame Copy Permalink