/
Jenkinsfile
115 lines (103 loc) · 4.31 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/env groovy
List p = [buildDiscarder(logRotator(numToKeepStr: '5'))]
/* When we're running inside our trusted infrastructure, we want to
* re-generate the tools meta-data every four hours
*/
if (infra.isTrusted()) {
p.add(pipelineTriggers([cron('H */4 * * *')]))
p.add(disableConcurrentBuilds())
}
properties(p)
node('linux') {
stage ('Prepare') {
deleteDir()
checkout scm
}
withEnv([
"PATH+GROOVY=${tool 'groovy'}/bin",
"PATH+MVN=${tool 'mvn'}/bin",
"JAVA_HOME=${tool 'jdk17'}",
"PATH+JAVA=${tool 'jdk17'}/bin"
]) {
stage('Build') {
sh 'mvn -e clean install'
}
stage('Generate') {
String command = '''
for f in *.groovy
do
echo "= Crawler '$f':"
groovy -Dgrape.config=./grapeConfig.xml ./lib/runner.groovy $f || true
done
'''
timestamps {
if (infra.isTrusted()) {
withCredentials([[$class: 'ZipFileBinding', credentialsId: 'update-center-signing', variable: 'SECRET']]) {
sh """
export JENKINS_SIGNER="-key \"$SECRET/update-center.key\" -certificate \"$SECRET/update-center.cert\" -root-certificate \"$SECRET/jenkins-update-center-root-ca.crt\"";
${command}
"""
}
}
else {
sh command
}
}
}
}
stage('Archive') {
dir ('target') {
archiveArtifacts '**'
}
}
if (infra.isTrusted()) {
stage('Publish') {
sh '''
mkdir -p updates
cp target/*.json target/*.html updates
'''
sshagent(['updates-rsync-key']) {
sh 'rsync -rlptDvz -e \'ssh -o StrictHostKeyChecking=no\' --exclude=.svn --chown=mirrorbrain:www-data updates/ mirrorbrain@updates.jenkins.io:/var/www/updates.jenkins.io/updates/'
}
withCredentials([
azureServicePrincipal(
credentialsId: 'trusted_ci_jenkins_io_fileshare_serviceprincipal_writer',
clientIdVariable : 'JENKINS_INFRA_FILESHARE_CLIENT_ID',
clientSecretVariable : 'JENKINS_INFRA_FILESHARE_CLIENT_SECRET',
tenantIdVariable : 'JENKINS_INFRA_FILESHARE_TENANT_ID'
),
string(credentialsId: 'aws-access-key-id-updatesjenkinsio', variable: 'AWS_ACCESS_KEY_ID'),
string(credentialsId: 'aws-secret-access-key-updatesjenkinsio', variable: 'AWS_SECRET_ACCESS_KEY')
]) {
withEnv([
'AWS_DEFAULT_REGION=auto',
'UPDATES_R2_BUCKETS=westeurope-updates-jenkins-io',
'UPDATES_R2_ENDPOINT=https://8d1838a43923148c5cee18ccc356a594.r2.cloudflarestorage.com',
'STORAGE_FILESHARE=updates-jenkins-io',
'STORAGE_NAME=updatesjenkinsio',
'STORAGE_DURATION_IN_MINUTE=5',
'STORAGE_PERMISSIONS=dlrw'
]) {
sh '''
# Don't print any command
set +x
# Source of this script: https://github.com/jenkins-infra/pipeline-library/tree/master/resources/get-fileshare-signed-url.sh
fileShareSignedUrl=$(get-fileshare-signed-url.sh)
azcopy sync \
--skip-version-check \
--exclude-path '.svn' \
--recursive=true \
./updates/ "${fileShareSignedUrl}"
## Note: AWS CLI are configured through environment variables (from Jenkins credentials) - https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-envvars.html
aws s3 sync ./updates/ s3://"${UPDATES_R2_BUCKETS}"/updates/ \
--no-progress \
--no-follow-symlinks \
--size-only \
--exclude '.svn' \
--endpoint-url "${UPDATES_R2_ENDPOINT}"
'''
}
}
}
}
}