Skip to content

Commit 195254b

Browse files
jlebonjlebon
committed
jobs/build-node-image: minor tweaks and fixes
- Prepare yum repos file upfront and feed it to both the node image build and the extensions build for consistency. This also avoids the subtle `\$(pwd)` usage in the secret argument. - Tweak the stage names a bit to make them more consistent. - Fix authfile handling. Don't use `None`; I don't think that's a valid Groovy value.
1 parent 513425e commit 195254b

File tree

2 files changed

+27
-20
lines changed

2 files changed

+27
-20
lines changed

jobs/build-node-image.Jenkinsfile

Lines changed: 15 additions & 12 deletions
Original file line numberDiff line numberDiff line change
@@ -73,14 +73,21 @@ lock(resource: "build-node-image") {
7373
// add any additional root CA cert before we do anything that fetches
7474
pipeutils.addOptionalRootCA()
7575

76+
def yumrepos_file
7677
stage('Init') {
77-
shwrap("""git clone ${stream_info.yumrepo.url} yumrepos""")
78+
shwrap("git clone ${stream_info.yumrepo.url} yumrepos")
79+
for (repo in stream_info.yumrepo.files) {
80+
shwrap("cat yumrepos/${repo} >> all.repo")
81+
}
82+
yumrepos_file = shwrapCapture("realpath all.repo")
83+
// let's archive it also so it's easy to see what the final repo file looked like
84+
archiveArtifacts 'all.repo'
7885
}
7986

8087
if (params.PIPECFG_HOTFIX_REPO || params.PIPECFG_HOTFIX_REF) {
8188
container_registry_staging_image_tag += "-hotfix-${pipecfg.hotfix.name}"
8289
}
83-
stage('Build Layered Image') {
90+
stage('Build Node Image') {
8491
withCredentials([file(credentialsId: 'oscontainer-push-registry-secret', variable: 'REGISTRY_AUTH_FILE')]) {
8592
def build_from = params.FROM ?: stream_info.from
8693
pipeutils.build_and_push_image(arches: arches,
@@ -89,36 +96,32 @@ lock(resource: "build-node-image") {
8996
staging_repository: container_registry_staging_repo,
9097
image_tag_staging: container_registry_staging_image_tag,
9198
manifest_tag_staging: container_registry_staging_manifest_tag,
92-
secret: "id=yumrepos,src=\$(pwd)/yumrepos/${stream_info.yumrepo.files[0]}",
99+
secret: "id=yumrepos,src=${yumrepos_file}",
93100
from: build_from,
94101
extra_build_args: ["--security-opt label=disable", "--mount-host-ca-certs", "--force"])
95102
}
96103
}
97-
stage('Build Extensions Container') {
104+
stage('Build Extensions Image') {
98105
withCredentials([file(credentialsId: 'oscontainer-push-registry-secret', variable: 'REGISTRY_AUTH_FILE')]) {
99106
// Use the node image as from
100107
def build_from = container_registry_staging_manifest
101-
def repos = stream_info.yumrepo.files
102-
for (repo in repos) {
103-
shwrap(""" cat yumrepos/${repo} >> /tmp/final_repo """)
104-
}
105108
pipeutils.build_and_push_image(arches: arches,
106109
src_commit: commit,
107110
src_url: src_config_url,
108111
staging_repository: container_registry_staging_repo,
109112
image_tag_staging: "${container_registry_staging_image_tag}-extensions",
110113
manifest_tag_staging: "${container_registry_staging_manifest_tag}-extensions",
111-
secret: "id=yumrepos,src=/tmp/final_repo",
114+
secret: "id=yumrepos,src=${yumrepos_file}",
112115
from: build_from,
113116
extra_build_args: ["--security-opt label=disable", "--mount-host-ca-certs",
114-
"--git-containerfile", "extensions/Dockerfile", "--force"])
117+
"--git-containerfile", "extensions/Dockerfile", "--force"])
115118
}
116119
}
117120
stage("Release Manifests") {
118121
withCredentials([file(credentialsId: 'oscontainer-push-registry-secret', variable: 'REGISTRY_AUTH_FILE')]) {
119-
pipeutils.copy_image(container_registry_staging_manifest, container_registry_repo_and_tag, REGISTRY_AUTH_FILE)
122+
pipeutils.copy_image(container_registry_staging_manifest, container_registry_repo_and_tag)
120123
pipeutils.copy_image("${container_registry_staging_manifest}-extensions",
121-
"${container_registry_repo_and_tag}-extensions", REGISTRY_AUTH_FILE)
124+
"${container_registry_repo_and_tag}-extensions")
122125
}
123126
}
124127
currentBuild.result = 'SUCCESS'

utils.groovy

Lines changed: 12 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -835,7 +835,7 @@ def matrixSend(message) {
835835
}
836836

837837
def build_remote_image(arches, commit, url, repo, tag, secret=None, from=None,
838-
extra_build_args=None) {
838+
extra_build_args = []) {
839839
def build_args = ["--git-ref", commit, "--git-url", url, "--repo", repo,
840840
"--push-to-registry"]
841841
if (secret) {
@@ -876,25 +876,29 @@ def push_manifest(digests, repo, manifest_tag) {
876876
}
877877
}
878878

879-
def copy_image(src_image, dest_image, registry_secret_path=None) {
879+
def copy_image(src_image, dest_image, authfile = "") {
880+
if (authfile != "") {
881+
authfile = "--authfile=${authfile}"
882+
}
880883
shwrap("""
881-
skopeo copy --all --authfile=${registry_secret_path} \
884+
skopeo copy --all ${authfile} \
882885
docker://${src_image} \
883886
docker://${dest_image}
884887
""")
885888
}
886889

887-
def delete_tags(digests, repo, manifest_tag, registry_secret_path=None) {
890+
def delete_tags(digests, repo, manifest_tag, authfile = "") {
891+
if (authfile != "") {
892+
authfile = "--authfile=${authfile}"
893+
}
888894
shwrap("""
889895
export STORAGE_DRIVER=vfs # https://github.com/coreos/fedora-coreos-pipeline/issues/723#issuecomment-1297668507
890-
skopeo delete --authfile=${registry_secret_path} \
891-
docker://${repo}:${manifest_tag}
896+
skopeo delete ${authfile} docker://${repo}:${manifest_tag}
892897
""")
893898
parallel digests.keySet().collectEntries{arch -> [digest, {
894899
shwrap("""
895900
export STORAGE_DRIVER=vfs # https://github.com/coreos/fedora-coreos-pipeline/issues/723#issuecomment-1297668507
896-
skopeo delete --authfile=${registry_secret_path} \
897-
docker://${repo}:${digest}
901+
skopeo delete ${authfile} docker://${repo}:${digest}
898902
""")
899903
}]}
900904
}

0 commit comments

Comments
 (0)