#!/usr/bin/env groovy // Copyright (C) 2019-2021 VyOS maintainers and contributors // // This program is free software; you can redistribute it and/or modify // in order to easy exprort images built to "external" world // it under the terms of the GNU General Public License version 2 or later as // published by the Free Software Foundation. // // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. // // You should have received a copy of the GNU General Public License // along with this program. If not, see . @NonCPS // Using a version specifier library, use 'current' branch. The underscore (_) // is not a typo! You need this underscore if the line immediately after the // @Library annotation is not an import statement! @Library('vyos-build@current')_ setDescription() node('Docker') { stage('Setup Container') { script { // create container name on demand def branchName = getGitBranchName() // Adjust PR target branch name so we can re-map it to the proper Docker image. if (isPullRequest()) branchName = env.CHANGE_TARGET.toLowerCase() if (branchName.equals('master')) branchName = 'current' env.DOCKER_IMAGE = 'vyos/vyos-build:' + branchName // Get the current UID and GID from the jenkins agent to allow use of the same UID inside Docker env.USR_ID = sh(returnStdout: true, script: 'id -u').toString().trim() env.GRP_ID = sh(returnStdout: true, script: 'id -g').toString().trim() env.DOCKER_ARGS = '--privileged --sysctl net.ipv6.conf.lo.disable_ipv6=0 -e GOSU_UID=' + env.USR_ID + ' -e GOSU_GID=' + env.GRP_ID env.BASE_VERSION = '1.5-rolling-' } } } pipeline { agent { docker { label "Docker" args "${env.DOCKER_ARGS}" image "${env.DOCKER_IMAGE}" alwaysPull true reuseNode true } } parameters { string(name: 'BUILD_BY', defaultValue: 'autobuild@vyos.net', description: 'Builder identifier (e.g. jrandomhacker@example.net)') string(name: 'BUILD_VERSION', defaultValue: env.BASE_VERSION + 'ISO8601-TIMESTAMP', description: 'Version number (release builds only)') booleanParam(name: 'BUILD_PUBLISH', defaultValue: false, description: 'Publish this build AWS S3') booleanParam(name: 'BUILD_SNAPSHOT', defaultValue: false, description: 'Upload image to AWS S3 snapshot bucket') booleanParam(name: 'TEST_SMOKETESTS', defaultValue: true, description: 'Run Smoketests after ISO build') booleanParam(name: 'TEST_RAID1', defaultValue: true, description: 'Perform RAID1 installation tests') } options { disableConcurrentBuilds() timeout(time: 240, unit: 'MINUTES') timestamps() buildDiscarder(logRotator(numToKeepStr: '20')) } stages { stage('Build ISO') { when { beforeOptions true beforeAgent true // Only run ISO image build process of explicit user request or // once a night triggered by the timer. anyOf { triggeredBy 'TimerTrigger' triggeredBy cause: "UserIdCause" } } environment { PYTHONDONTWRITEBYTECODE = 1 } steps { script { // Display Git commit Id used with the Jenkinsfile on the Job "Build History" pane def commitId = sh(returnStdout: true, script: 'git rev-parse --short=11 HEAD').trim() currentBuild.description = sprintf('Git SHA1: %s', commitId[-11..-1]) def CUSTOM_PACKAGES = '' if (params.TEST_SMOKETESTS) CUSTOM_PACKAGES = '--custom-package vyos-1x-smoketest' def VYOS_VERSION = params.BUILD_VERSION if (params.BUILD_VERSION == env.BASE_VERSION + 'ISO8601-TIMESTAMP') VYOS_VERSION = env.BASE_VERSION + sh(returnStdout: true, script: 'date -u +%Y%m%d%H%M').toString().trim() sh """ sudo --preserve-env ./build-vyos-image \ --build-by "${params.BUILD_BY}" \ --debian-mirror http://deb.debian.org/debian/ \ --build-type release \ --version "${VYOS_VERSION}" ${CUSTOM_PACKAGES} iso """ if (fileExists('build/live-image-amd64.hybrid.iso') == false) { error('ISO build error') } } } } stage('Smoketests for RAID-1 system installation') { when { expression { fileExists 'build/live-image-amd64.hybrid.iso' } expression { return params.TEST_RAID1 } } steps { sh "sudo make testraid" } } stage('Smoketests for TPM config encryption') { when { expression { fileExists 'build/live-image-amd64.hybrid.iso' } } steps { sh "sudo make testtpm" } } stage('Smoketests') { when { expression { return params.TEST_SMOKETESTS } } parallel { stage('CLI validation') { when { expression { fileExists 'build/live-image-amd64.hybrid.iso' } } steps { sh "sudo make test" } } stage('vyos-configd and arbitrary config loader') { when { expression { fileExists 'build/live-image-amd64.hybrid.iso' } } steps { sh "sudo make testc" } } } } } post { success { script { // only deploy ISO if build from official repository if (isCustomBuild()) return // always store local artifacts archiveArtifacts artifacts: '**/build/vyos-*.iso, **/build/vyos-*.qcow2', allowEmptyArchive: true // only deploy ISO if requested via parameter if (!params.BUILD_PUBLISH) return files = findFiles(glob: 'build/vyos*.iso') // Publish ISO image to daily builds bucket if (files) { // Publish ISO image to snapshot bucket if (files && params.BUILD_SNAPSHOT) { withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { s3Upload(bucket: 's3-us.vyos.io', path: 'snapshot/' + params.BUILD_VERSION + '/', workingDir: 'build', includePathPattern: 'vyos*.iso', cacheControl: "public, max-age=2592000") } } else { // Publish build result to AWS S3 rolling bucket withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { s3Upload(bucket: 's3-us.vyos.io', path: 'rolling/' + getGitBranchName() + '/', workingDir: 'build', includePathPattern: 'vyos*.iso') s3Copy(fromBucket: 's3-us.vyos.io', fromPath: 'rolling/' + getGitBranchName() + '/' + files[0].name, toBucket: 's3-us.vyos.io', toPath: 'rolling/' + getGitBranchName() + '/vyos-rolling-latest.iso') } } // Trigger GitHub action which will re-build the static community website which // also holds the AWS download links to the generated ISO images withCredentials([string(credentialsId: 'vyos.net-build-trigger-token', variable: 'TOKEN')]) { sh ''' curl -X POST --header "Accept: application/vnd.github.v3+json" \ --header "authorization: Bearer $TOKEN" --data '{"ref": "production"}' \ https://api.github.com/repos/vyos/community.vyos.net/actions/workflows/main.yml/dispatches ''' } } // Publish ISO image to snapshot bucket if (files && params.BUILD_SNAPSHOT) { withAWS(region: 'us-east-1', credentials: 's3-vyos-downloads-rolling-rw') { s3Upload(bucket: 's3-us.vyos.io', path: 'snapshot/', workingDir: 'build', includePathPattern: 'vyos*.iso') } } } } failure { archiveArtifacts artifacts: '**/build/vyos-*.iso, **/build/vyos-*.qcow2', allowEmptyArchive: true } cleanup { echo 'One way or another, I have finished' // the 'build' directory got elevated permissions during the build // cdjust permissions so it can be cleaned up by the regular user sh 'sudo make purge' deleteDir() /* cleanup our workspace */ } } }