github.com/verrazzano/verrazzano@v1.7.1/release/builds/JenkinsfilePostPRT (about) 1 // Copyright (c) 2021, 2023, Oracle and/or its affiliates. 2 // Licensed under the Universal Permissive License v 1.0 as shown at https://oss.oracle.com/licenses/upl. 3 4 pipeline { 5 options { 6 skipDefaultCheckout true 7 timestamps () 8 } 9 10 agent { 11 docker { 12 image "${RELEASE_RUNNER_IMAGE}" 13 args "${RELEASE_RUNNER_DOCKER_ARGS}" 14 registryUrl "${RUNNER_DOCKER_REGISTRY_URL}" 15 registryCredentialsId 'ocir-pull-and-push-account' 16 label "internal" 17 } 18 } 19 20 parameters { 21 string (description: 'The release branch', name: 'RELEASE_BRANCH', defaultValue: 'NONE', trim: true) 22 string (description: 'The release version (major.minor.patch format, e.g. 1.0.1)', name: 'RELEASE_VERSION', defaultValue: 'NONE', trim: true) 23 string (description: 'The source commit for the release (required for full release)', name: 'RELEASE_COMMIT', defaultValue: 'NONE', trim: true ) 24 string (description: 'The full git commit hash from the source build', name: 'GIT_COMMIT_TO_USE', defaultValue: 'NONE', trim: true ) 25 booleanParam (description: 'Indicate whether this is a test run', name: 'TEST_RUN', defaultValue: true) 26 } 27 28 environment { 29 OCR_CREDS = credentials('ocr-pull-and-push-account') 30 NETRC_FILE = credentials('netrc') 31 DOCKER_CREDS = credentials('github-packages-credentials-rw') 32 DOCKER_REPO = 'ghcr.io' 33 IS_PATCH_RELEASE = 'false' 34 35 OBJECT_STORAGE_NS = credentials('oci-os-namespace') 36 OCI_REGION="us-phoenix-1" 37 OCI_CLI_AUTH="api_key" 38 OCI_CLI_TENANCY = credentials('oci-tenancy') 39 OCI_CLI_USER = credentials('oci-user-ocid') 40 OCI_CLI_FINGERPRINT = credentials('oci-api-key-fingerprint') 41 OCI_CLI_KEY_FILE = credentials('oci-api-key') 42 43 RELEASE_BINARIES_DIR = "${WORKSPACE}/release/scripts/release_work" 44 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 45 46 RELEASE_VERSION = "${params.RELEASE_VERSION}" 47 VERRAZZANO_RELEASE_PREFIX = "verrazzano-${RELEASE_VERSION}" 48 VERRAZZANO_LITE_BUNDLE = "${VERRAZZANO_RELEASE_PREFIX}-lite.zip" 49 VERRAZZANO_FULL_BUNDLE = "${VERRAZZANO_RELEASE_PREFIX}.zip" 50 51 VZ_LITE = "vz-lite" 52 VZ_FULL = "vz-full" 53 54 SCANNER_HOME = "${WORKSPACE}/scanner_home" 55 SCAN_REPORT_BASE_DIR = "${WORKSPACE}/scan_report_dir" 56 } 57 58 stages { 59 // Validate parameters, for example, RELEASE_BRANCH must start with release* 60 stage('Clean workspace and checkout') { 61 steps { 62 sh """ 63 echo "${NODE_LABELS}" 64 """ 65 script { 66 if (params.GIT_COMMIT_TO_USE == "NONE") { 67 echo "Specific GIT commit was not specified, use current head" 68 def scmInfo = checkout scm 69 env.GIT_COMMIT = scmInfo.GIT_COMMIT 70 env.GIT_BRANCH = scmInfo.GIT_BRANCH 71 } else { 72 echo "SCM checkout of ${params.GIT_COMMIT_TO_USE}" 73 def scmInfo = checkout([ 74 $class: 'GitSCM', 75 branches: [[name: params.GIT_COMMIT_TO_USE]], 76 doGenerateSubmoduleConfigurations: false, 77 extensions: [], 78 submoduleCfg: [], 79 userRemoteConfigs: [[url: env.SCM_VERRAZZANO_GIT_URL]]]) 80 env.GIT_COMMIT = scmInfo.GIT_COMMIT 81 env.GIT_BRANCH = scmInfo.GIT_BRANCH 82 // If the commit we were handed is not what the SCM says we are using, fail 83 if (!env.GIT_COMMIT.equals(params.GIT_COMMIT_TO_USE)) { 84 echo "SCM didn't checkout the commit we expected. Expected: ${params.GIT_COMMIT_TO_USE}, Found: ${scmInfo.GIT_COMMIT}" 85 exit 1 86 } 87 } 88 echo "SCM checkout of ${env.GIT_BRANCH} at ${env.GIT_COMMIT}" 89 } 90 sh """ 91 cp -f "${NETRC_FILE}" $HOME/.netrc 92 chmod 600 $HOME/.netrc 93 """ 94 95 script { 96 def props = readProperties file: '.verrazzano-development-version' 97 VERRAZZANO_DEV_VERSION = props['verrazzano-development-version'] 98 TIMESTAMP = sh(returnStdout: true, script: "date +%Y%m%d%H%M%S").trim() 99 SHORT_COMMIT_HASH = sh(returnStdout: true, script: "git rev-parse --short=8 ${params.RELEASE_COMMIT}").trim() 100 } 101 } 102 } 103 104 stage('Download Release Binaries') { 105 steps { 106 script { 107 sh """ 108 mkdir -p ${RELEASE_BINARIES_DIR} 109 cd ${WORKSPACE}/release/scripts 110 ./get_release_artifacts.sh ${params.RELEASE_BRANCH} ${SHORT_COMMIT_HASH} ${VERRAZZANO_LITE_BUNDLE} ${RELEASE_BINARIES_DIR}/${VZ_LITE} 111 ./get_release_artifacts.sh ${params.RELEASE_BRANCH} ${SHORT_COMMIT_HASH} ${VERRAZZANO_FULL_BUNDLE} ${RELEASE_BINARIES_DIR}/${VZ_FULL} 112 """ 113 } 114 } 115 } 116 117 stage('Create Github Release') { 118 environment { 119 SCANNER_ARCHIVE_LOCATION = credentials('scanner-archive-location') 120 SCANNER_ARCHIVE_FILE = credentials('scanner-archive-file') 121 122 // The minimum required scopes for the token are: "repo", "read:org". 123 GITHUB_ACCESS_TOKEN = credentials('github-api-token-release-process') 124 NO_PROXY_SUFFIX = credentials('cdn-no-proxy') 125 } 126 steps { 127 script { 128 sh """ 129 echo "${env.GITHUB_ACCESS_TOKEN}" | gh auth login --with-token 130 131 cd ${WORKSPACE}/release/scripts 132 ./create_github_release.sh ${params.RELEASE_COMMIT} ${RELEASE_BINARIES_DIR}/${VZ_LITE} ${TEST_RUN} 133 """ 134 } 135 } 136 } 137 138 // REVIEW: If it doesn't add too much complexity, verify that the scan job has completed here, was OK, and then copy the scan results from the 139 // ephemeral release-commit location to the release location here. The scan results are only stored in the ephemeral per-commit bucket as they 140 // are updated asynchronously (avoids complexity and race conditions). 141 } 142 post { 143 always { 144 archiveArtifacts artifacts: "**/scan_report.out,**/scan_summary.out,**/scan_report_debug.out", allowEmptyArchive: true 145 } 146 cleanup { 147 deleteDir() 148 } 149 } 150 }