github.com/verrazzano/verrazzano@v1.7.0/release/builds/JenkinsfilePostPRT (about) 1 // Copyright (c) 2021, 2023, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 pipeline { 5 options { 6 skipDefaultCheckout true 7 timestamps () 8 } 9 10 agent { 11 docker { 12 image "${RELEASE_RUNNER_IMAGE}" 13 args "${RELEASE_RUNNER_DOCKER_ARGS}" 14 registryUrl "${RUNNER_DOCKER_REGISTRY_URL}" 15 registryCredentialsId 'ocir-pull-and-push-account' 16 label "internal" 17 } 18 } 19 20 parameters { 21 string (description: 'The release branch', name: 'RELEASE_BRANCH', defaultValue: 'NONE', trim: true) 22 string (description: 'The release version (major.minor.patch format, e.g. 1.0.1)', name: 'RELEASE_VERSION', defaultValue: 'NONE', trim: true) 23 string (description: 'The source commit for the release (required for full release)', name: 'RELEASE_COMMIT', defaultValue: 'NONE', trim: true ) 24 string (description: 'The full git commit hash from the source build', name: 'GIT_COMMIT_TO_USE', defaultValue: 'NONE', trim: true ) 25 booleanParam (description: 'Indicate whether this is a test run', name: 'TEST_RUN', defaultValue: true) 26 } 27 28 environment { 29 OCR_CREDS = credentials('ocr-pull-and-push-account') 30 NETRC_FILE = credentials('netrc') 31 DOCKER_CREDS = credentials('github-packages-credentials-rw') 32 DOCKER_REPO = 'ghcr.io' 33 IS_PATCH_RELEASE = 'false' 34 35 OBJECT_STORAGE_NS = credentials('oci-os-namespace') 36 OBJECT_STORAGE_BUCKET="verrazzano-builds" 37 OCI_OS_COMMIT_BUCKET="verrazzano-builds-by-commit" 38 OCI_REGION="us-phoenix-1" 39 OCI_CLI_AUTH="api_key" 40 OCI_CLI_TENANCY = credentials('oci-tenancy') 41 OCI_CLI_USER = credentials('oci-user-ocid') 42 OCI_CLI_FINGERPRINT = credentials('oci-api-key-fingerprint') 43 OCI_CLI_KEY_FILE = credentials('oci-api-key') 44 45 RELEASE_BINARIES_DIR = "${WORKSPACE}/release/scripts/release_work" 46 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 47 48 RELEASE_VERSION = "${params.RELEASE_VERSION}" 49 VERRAZZANO_RELEASE_PREFIX = "verrazzano-${RELEASE_VERSION}" 50 VERRAZZANO_LITE_BUNDLE = "${VERRAZZANO_RELEASE_PREFIX}-lite.zip" 51 VERRAZZANO_FULL_BUNDLE = "${VERRAZZANO_RELEASE_PREFIX}.zip" 52 53 VZ_LITE = "vz-lite" 54 VZ_FULL = "vz-full" 55 56 SCANNER_HOME = "${WORKSPACE}/scanner_home" 57 SCAN_REPORT_BASE_DIR = "${WORKSPACE}/scan_report_dir" 58 } 59 60 stages { 61 // Validate parameters, for example, RELEASE_BRANCH must start with release* 62 stage('Clean workspace and checkout') { 63 steps { 64 sh """ 65 echo "${NODE_LABELS}" 66 """ 67 script { 68 if (params.GIT_COMMIT_TO_USE == "NONE") { 69 echo "Specific GIT commit was not specified, use current head" 70 def scmInfo = checkout scm 71 env.GIT_COMMIT = scmInfo.GIT_COMMIT 72 env.GIT_BRANCH = scmInfo.GIT_BRANCH 73 } else { 74 echo "SCM checkout of ${params.GIT_COMMIT_TO_USE}" 75 def scmInfo = checkout([ 76 $class: 'GitSCM', 77 branches: [[name: params.GIT_COMMIT_TO_USE]], 78 doGenerateSubmoduleConfigurations: false, 79 extensions: [], 80 submoduleCfg: [], 81 userRemoteConfigs: [[url: env.SCM_VERRAZZANO_GIT_URL]]]) 82 env.GIT_COMMIT = scmInfo.GIT_COMMIT 83 env.GIT_BRANCH = scmInfo.GIT_BRANCH 84 // If the commit we were handed is not what the SCM says we are using, fail 85 if (!env.GIT_COMMIT.equals(params.GIT_COMMIT_TO_USE)) { 86 echo "SCM didn't checkout the commit we expected. Expected: ${params.GIT_COMMIT_TO_USE}, Found: ${scmInfo.GIT_COMMIT}" 87 exit 1 88 } 89 } 90 echo "SCM checkout of ${env.GIT_BRANCH} at ${env.GIT_COMMIT}" 91 } 92 sh """ 93 cp -f "${NETRC_FILE}" $HOME/.netrc 94 chmod 600 $HOME/.netrc 95 """ 96 97 script { 98 def props = readProperties file: '.verrazzano-development-version' 99 VERRAZZANO_DEV_VERSION = props['verrazzano-development-version'] 100 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 101 SHORT_COMMIT_HASH = sh(returnStdout: true, script: "git rev-parse --short=8 ${params.RELEASE_COMMIT}").trim() 102 } 103 } 104 } 105 106 stage('Download Release Binaries') { 107 steps { 108 script { 109 sh """ 110 mkdir -p ${RELEASE_BINARIES_DIR} 111 cd ${WORKSPACE}/release/scripts 112 ./get_release_artifacts.sh ${params.RELEASE_BRANCH} ${SHORT_COMMIT_HASH} ${VERRAZZANO_LITE_BUNDLE} ${RELEASE_BINARIES_DIR}/${VZ_LITE} 113 ./get_release_artifacts.sh ${params.RELEASE_BRANCH} ${SHORT_COMMIT_HASH} ${VERRAZZANO_FULL_BUNDLE} ${RELEASE_BINARIES_DIR}/${VZ_FULL} 114 """ 115 } 116 } 117 } 118 119 stage('Create Github Release') { 120 environment { 121 SCANNER_ARCHIVE_LOCATION = credentials('scanner-archive-location') 122 SCANNER_ARCHIVE_FILE = credentials('scanner-archive-file') 123 124 // The minimum required scopes for the token are: "repo", "read:org". 125 GITHUB_ACCESS_TOKEN = credentials('github-api-token-release-process') 126 NO_PROXY_SUFFIX = credentials('cdn-no-proxy') 127 } 128 steps { 129 script { 130 sh """ 131 echo "${env.GITHUB_ACCESS_TOKEN}" | gh auth login --with-token 132 133 cd ${WORKSPACE}/release/scripts 134 ./create_github_release.sh ${params.RELEASE_COMMIT} ${RELEASE_BINARIES_DIR}/${VZ_LITE} ${TEST_RUN} 135 """ 136 } 137 } 138 } 139 140 // REVIEW: If it doesn't add too much complexity, verify that the scan job has completed here, was OK, and then copy the scan results from the 141 // ephemeral release-commit location to the release location here. The scan results are only stored in the ephemeral per-commit bucket as they 142 // are updated asynchronously (avoids complexity and race conditions). 143 } 144 post { 145 always { 146 archiveArtifacts artifacts: "**/scan_report.out,**/scan_summary.out,**/scan_report_debug.out", allowEmptyArchive: true 147 } 148 cleanup { 149 deleteDir() 150 } 151 } 152 }