install buildx

author: Christian Segundo 2024-04-07 10:45:05 +0200
committer: Christian Segundo 2024-04-07 18:19:48 +0200
commit: 8206fecdb86f05d353ef25c9596cebca5c1d28fb (patch)
tree: 169f50213c94e8a558bf1c235871c764045f4338
parent: 3891426ce8deba513c5bcf1594987bdcfc837304 (diff)
download: jenkins-agent-docker-cli-8206fecdb86f05d353ef25c9596cebca5c1d28fb.tar.gz
10 files changed, 189 insertions, 70 deletions
diff --git a/.scripts.d/10-check.sh b/.scripts.d/10-check.sh
new file mode 100644
index 0000000..e8ddf59
--- /dev/null
+++ b/.scripts.d/10-check.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+# vim: ai:ts=8:sw=8:noet
+set -EeufCo pipefail
+export SHELLOPTS # propagate set to children by default
+IFS=$'\t\n'
+
+# check required commands are in place
+command -v shellcheck >/dev/null 2>&1 || {
+	echo 'please install shellcheck'
+	exit 1
+}
+command -v hadolint >/dev/null 2>&1 || {
+	echo 'please install hadolint'
+	exit 1
+}
+command -v yamllint >/dev/null 2>&1 || {
+	echo 'please install yamllint'
+	exit 1
+}
+
+# check all the Dockerfiles with hadolint
+find . \
+	-type f \
+	-name 'Dockerfile' \
+	-print0 |
+	xargs -0 -r hadolint
+
+# check all the yaml files with yamllint
+find . -type f \
+	-regex '.*\.ya?ml\(lint\)?' \
+	-print0 |
+	xargs -0 -r yamllint -s
+
+# check all sh files with shellcheck
+find . \
+	-type f \
+	-name '*.sh' \
+	-print0 |
+	xargs -0 -r shellcheck
diff --git a/.scripts.d/20-build.sh b/.scripts.d/20-build.sh
new file mode 100644
index 0000000..a8b28b5
--- /dev/null
+++ b/.scripts.d/20-build.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+# vim: ai:ts=8:sw=8:noet
+set -EeufCo pipefail
+export SHELLOPTS # propagate set to children by default
+IFS=$'\t\n'
+
+# check required commands are in place
+command -v docker >/dev/null 2>&1 || {
+	echo 'please install docker-client'
+	exit 1
+}
+
+docker buildx build \
+	--no-cache \
+	--pull \
+	--load \
+	--tag "chn2guevara/jenkins-agent-docker-cli:${BUILD_ID}" \
+	.
+
+
diff --git a/.scripts.d/30-test.sh b/.scripts.d/30-test.sh
new file mode 100644
index 0000000..aacc15d
--- /dev/null
+++ b/.scripts.d/30-test.sh
@@ -0,0 +1,26 @@
+#!/bin/bash
+# vim: ai:ts=8:sw=8:noet
+set -EeufCo pipefail
+export SHELLOPTS # propagate set to children by default
+IFS=$'\t\n'
+
+# check required commands are in place
+command -v docker >/dev/null 2>&1 || {
+	echo 'please install docker-client'
+	exit 1
+}
+
+# install goss
+curl -fsSL https://goss.rocks/install | sh
+
+export GOSS_SLEEP=${GOSS_SLEEP:-5}
+export GOSS_VARS=${GOSS_VARS:-}
+export GOSS_OPTS="--format junit --no-color"
+export CONTAINER_LOG_OUTPUT=${CONTAINER_LOG_OUTPUT:-}
+export GOSS_FILES_STRATEGY=cp
+
+goss --gossfile goss.yaml render >goss-full.yaml
+mv goss-full.yaml goss.yaml
+
+mkdir -p build/reports/
+dgoss run "chn2guevara/jenkins-agent-docker-cli:${BUILD_ID}" "/usr/bin/sleep" "infinity" >build/reports/goss.xml
diff --git a/.scripts.d/40-publish.sh b/.scripts.d/40-publish.sh
new file mode 100644
index 0000000..cec483a
--- /dev/null
+++ b/.scripts.d/40-publish.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+# vim: ai:ts=8:sw=8:noet
+set -EeufCo pipefail
+export SHELLOPTS # propagate set to children by default
+IFS=$'\t\n'
+
+# check required commands are in place
+command -v docker >/dev/null 2>&1 || {
+	echo 'please install docker-client'
+	exit 1
+}
+
+docker login --username "chn2guevara" \
+	--password-stdin <<<"$DOCKERHUB_TOKEN"
+
+docker run --privileged --rm tonistiigi/binfmt --install arm64
+docker buildx create --use --name multi-arch-builder
+
+DOCKER_TAG="latest"
+if [ "$GIT_BRANCH" != "master" ]; then
+	DOCKER_TAG="${GIT_BRANCH//\//-}"
+fi
+
+if [ "$(git tag --contains)" = "" ]; then
+	docker buildx build \
+		--platform linux/amd64,linux/arm64 \
+		--no-cache \
+		--pull \
+		--push \
+		--tag "chn2guevara/jenkins-agent-docker-cli:${DOCKER_TAG}" \
+		.
+else
+	docker buildx build \
+		--platform linux/amd64,linux/arm64 \
+		--no-cache \
+		--pull \
+		--push \
+		--tag "chn2guevara/jenkins-agent-docker-cli:${DOCKER_TAG}" \
+		--tag "chn2guevara/jenkins-agent-docker-cli:$(git tag --contains | head -1)" \
+		.
+fi
diff --git a/Dockerfile b/Dockerfile
index 8dfdce5..b1ecf6c 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,6 +1,8 @@
+# hadolint ignore=DL3007
 FROM docker.io/jenkins/agent:latest
 USER root
 SHELL ["/bin/bash", "-o", "pipefail", "-c"]
+# hadolint ignore=DL3008,SC1091
 RUN apt-get update && \
     apt-get install -y --no-install-recommends ca-certificates curl gnupg && \
     install -m 0755 -d /etc/apt/keyrings && \
@@ -12,6 +14,7 @@ RUN apt-get update && \
       "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
       tee /etc/apt/sources.list.d/docker.list > /dev/null && \
       apt-get update && \
-      apt-get install -y --no-install-recommends docker-ce-cli && \
+      apt-get install -y --no-install-recommends docker-ce-cli docker-buildx-plugin && \
       rm -rf /var/lib/apt/lists/*
 USER jenkins
+CMD ["bash"]
diff --git a/Jenkinsfile b/Jenkinsfile
index 4426a26..ce6bb7f 100644
--- a/Jenkinsfile
+++ b/Jenkinsfile
@@ -1,74 +1,25 @@
-String cron_string = BRANCH_NAME == "master" ? "@daily" : ""
+String cron_string = BRANCH_NAME == "master" ? "@weekly" : ""
+
 pipeline {
-  agent {
-    docker {
-      image 'quay.io/buildah/stable'
-      args '--privileged=true'
-    }
-  }
-  options  { parallelsAlwaysFailFast() }
-  triggers { cron(cron_string) }
-  environment {
-    PROJECT        = 'jenkins-agent-docker-cli'
-    IMAGE_NAME     = "docker.io/chn2guevara/$PROJECT"
-  }
-  stages {
-    stage('Prepare') {
-      steps {
-        sh 'dnf install git -y'
-        script {
-          env.TAG_NAME = sh(
-            returnStdout: true,
-            script: 'git name-rev --name-only --tags HEAD | sed \'s/^undefined$//\'').trim()
-        }
-      }
-    }
-    stage('Manifest') {
-      steps { sh "buildah manifest create $PROJECT" }
-    }
-    stage('Build') {
-      parallel {
-        stage('arm64/v8') {
-          steps {
-            sh"""
-              buildah build --pull --platform linux/arm64/v8 --network host \
-                --tag $IMAGE_NAME:latest --manifest $PROJECT .
-            """
-          }
+    agent any
+    triggers { cron(cron_string) }
+    options { ansiColor('xterm') }
+    stages {
+        stage('Check') {
+            agent {
+                docker {
+                    image 'ghcr.io/super-linter/super-linter:latest'
+                    args '--entrypoint ""'
+                }
+            }
+            steps { sh 'bash .scripts.d/10-check.sh' }
         }
-        stage('amd64') {
-          steps {
-            sh"""
-              buildah build --pull --platform linux/amd64 --network host \
-                --tag $IMAGE_NAME:latest --manifest $PROJECT .
-            """
-          }
+        stage('Build') { steps { sh 'bash .scripts.d/20-build.sh' } }
+        stage('Test') { steps { sh 'bash .scripts.d/30-test.sh' } }
+        stage('Publish') {
+            environment { DOCKERHUB_TOKEN = credentials('DOCKERHUB_TOKEN') }
+            steps { sh 'bash .scripts.d/40-publish.sh' }
         }
-      }
-    }
-    stage('docker.io login') {
-      when  { branch 'master' }
-      steps {
-        withCredentials([string(
-          credentialsId: 'dockerhub-personal',
-          variable: 'CREDENTIALS')
-        ]) {
-          sh '''#!/bin/bash
-              IFS=" " read -r username password <<<"$CREDENTIALS"
-              buildah login \
-              --username "$username" \
-              --password-stdin <<< "$password" docker.io
-            '''
-        }
-      }
-    }
-    stage('Push latest') {
-      when  { branch 'master' }
-      steps { sh "buildah manifest push --all $PROJECT docker://$IMAGE_NAME:latest" }
-    }
-    stage('Push tag') {
-      when { allOf { branch 'master'; expression { return env.TAG_NAME == '' ? false : true } } }
-      steps { sh "buildah manifest push --all $PROJECT docker://$IMAGE_NAME:$TAG_NAME" }
     }
-  }
+    post { always { junit 'build/reports/*.xml' } }
 }
diff --git a/goss.yaml b/goss.yaml
new file mode 100644
index 0000000..398de7d
--- /dev/null
+++ b/goss.yaml
@@ -0,0 +1,3 @@
+---
+gossfile:
+  tests/*.yaml: {}
diff --git a/tests/command.yaml b/tests/command.yaml
new file mode 100644
index 0000000..5356c90
--- /dev/null
+++ b/tests/command.yaml
@@ -0,0 +1,20 @@
+---
+command:
+  'curl --version':
+    exit-status: 0
+    stderr: []
+    stdout:
+      - curl
+
+  'docker version':
+    # It's ok, the error is because there's no docker.sock mounted during tests
+    exit-status: 1
+    stderr: []
+    stdout:
+      - Docker
+
+  'docker buildx version':
+    exit-status: 0
+    stderr: []
+    stdout:
+      - buildx
diff --git a/tests/package.yaml b/tests/package.yaml
new file mode 100644
index 0000000..5ca2369
--- /dev/null
+++ b/tests/package.yaml
@@ -0,0 +1,8 @@
+---
+package:
+  curl:
+    installed: true
+  docker-ce-cli:
+    installed: true
+  docker-buildx-plugin:
+    installed: true
diff --git a/tests/user.yaml b/tests/user.yaml
new file mode 100644
index 0000000..4027cea
--- /dev/null
+++ b/tests/user.yaml
@@ -0,0 +1,8 @@
+---
+user:
+  jenkins:
+    exists: true
+    groups:
+      - jenkins
+    home: /home/jenkins
+    shell: /bin/sh
author	Christian Segundo	2024-04-07 10:45:05 +0200
committer	Christian Segundo	2024-04-07 18:19:48 +0200
commit	8206fecdb86f05d353ef25c9596cebca5c1d28fb (patch)
tree	169f50213c94e8a558bf1c235871c764045f4338
parent	3891426ce8deba513c5bcf1594987bdcfc837304 (diff)
download	jenkins-agent-docker-cli-8206fecdb86f05d353ef25c9596cebca5c1d28fb.tar.gz