jobs/build-node-image: Add Brew stage

 - Add Brew stage in order to upload metadata to Brew.
 - It will upload meta.json and extensions.json for the node layer
   image.

Signed-off-by: Renata Ravanelli <rravanel@redhat.com>

Author: ravanelli

jobs/build-node-image.Jenkinsfile

@@ -51,7 +51,10 @@ def src_config_url = stream_info.source_config.url
 lock(resource: "build-node-image") {
     cosaPod(image: params.COREOS_ASSEMBLER_IMAGE,
             memory: "512Mi", kvm: false,
-            serviceAccount: "jenkins") {
+            serviceAccount: "jenkins",
+            secrets: ["brew-keytab", "brew-ca:ca.crt:/etc/pki/ca.crt",
+                      "koji-conf:koji.conf:/etc/koji.conf",
+                      "krb5-conf:krb5.conf:/etc/krb5.conf"]) {
     timeout(time: 45, unit: 'MINUTES') {
     try {
 
@@ -142,6 +145,11 @@ lock(resource: "build-node-image") {
                                                                   "--git-containerfile", "extensions/Dockerfile", "--force"] + label_args)
             }
         }
+        stage("Brew Upload") {
+            // Use the staging since we already have the disgests
+            pipeutils.brew_upload(arches, params.RELEASE, registry_staging_repo, node_image_manifest_digest,
+                                  extensions_image_manifest_digest, timestamp, pipecfg)
+        }
         stage("Release Manifests") {
             withCredentials([file(credentialsId: 'oscontainer-push-registry-secret', variable: 'REGISTRY_AUTH_FILE')]) {
                 // copy the extensions first as the node image existing is a signal

utils.groovy

@@ -965,4 +965,45 @@ def build_and_push_image(params = [:]) {
     return manifest_digest
 }
 
+def get_arch_image_digest(from) {
+    return readJSON(text: shwrapCapture("""
+        skopeo inspect --raw docker://${from} | \
+            jq -r '.manifests | map({(.platform.architecture): .digest}) | add'
+    """))
+}
+
+def brew_upload(arches, release, repo, manifest_digest, extensions_manifest_digest, version, pipecfg) {
+    def node_digest_arch_map = get_arch_image_digest("${repo}@${manifest_digest}")
+    def extensions_node_digest_arch_map  = get_arch_image_digest("${repo}@${extensions_manifest_digest}")
+    def archAliasMap = [
+        "x86_64"  : "amd64",
+        "aarch64" : "arm64",
+        "s390x"   : "s390x",
+        "ppc64le" : "ppc64le"
+    ]
+    for (arch in arches) {
+        def inspect_arch = archAliasMap[arch]
+        def node_image = "${repo}@${node_digest_arch_map[inspect_arch]}"
+        def extensions_node_image = "${repo}@${extensions_node_digest_arch_map[inspect_arch]}"
+
+        // Get metadata files with package information
+        shwrap("""oc image extract $node_image[-1] --file /usr/share/openshift/base/meta.json
+                  oc image extract $extensions_node_image[-1] --file usr/share/rpm-ostree/extensions.json
+        """)
+        shwrap("""
+            coreos-assembler koji-upload \
+                upload --reserve-id \
+                --keytab "/run/kubernetes/secrets/brew-keytab/brew.keytab" \
+                --build $release-${version} \
+                --retry-attempts 6 \
+                --buildroot . \
+                --owner ${pipecfg.brew.principal} \
+                --profile ${pipecfg.brew.profile} \
+                --tag ${pipecfg.streams[release].brew_tag} \
+                --arch ${arch} \
+                --node-image
+        """)
+    }
+}
+
 return this