This is an automated email from the ASF dual-hosted git repository.
tiagobento pushed a commit to branch main
in repository
https://gitbox.apache.org/repos/asf/incubator-kie-kogito-pipelines.git
The following commit(s) were added to refs/heads/main by this push:
new dcf1dbde kie-issues#1250: prepare for branch,add gpg and svn
configuration (#1206)
dcf1dbde is described below
commit dcf1dbde0dea57903cce244d017b8c9e47c59f63
Author: Jan Stastny <[email protected]>
AuthorDate: Fri May 24 18:42:06 2024 +0200
kie-issues#1250: prepare for branch,add gpg and svn configuration (#1206)
* kie-issues#1250: prepare for branch,add gpg and svn configuration
* switch credentials type
* adjust weekly cloud
* Implement SVN method
Co-authored-by: Rodrigo Antunes <[email protected]>
---------
Co-authored-by: jstastny-cz <[email protected]>
Co-authored-by: Rodrigo Antunes <[email protected]>
---
.ci/jenkins/Jenkinsfile.nightly.cloud | 8 +-
.ci/jenkins/Jenkinsfile.release.cloud | 119 +++++++++------------
.ci/jenkins/Jenkinsfile.weekly.cloud | 3 -
.ci/jenkins/config/branch.yaml | 10 ++
.../groovy/org/kie/jenkins/jobdsl/Utils.groovy | 17 +++
.../vars/release.groovy | 39 +++++++
6 files changed, 120 insertions(+), 76 deletions(-)
diff --git a/.ci/jenkins/Jenkinsfile.nightly.cloud
b/.ci/jenkins/Jenkinsfile.nightly.cloud
index aa0c2120..f84d7e3a 100644
--- a/.ci/jenkins/Jenkinsfile.nightly.cloud
+++ b/.ci/jenkins/Jenkinsfile.nightly.cloud
@@ -35,13 +35,10 @@ pipeline {
KOGITO_CI_EMAIL_TO = credentials("${JENKINS_EMAIL_CREDS_ID}")
- IMAGE_NAME_NIGHTLY_SUFFIX = 'nightly'
+ IMAGE_NAME_NIGHTLY_SUFFIX = ''
// Use branch name in nightly tag as we may have parallel main and
release branch builds
- NIGHTLY_TAG = """${getBuildBranch()}-${sh(
- returnStdout: true,
- script: 'date -u "+%Y-%m-%d"'
- ).trim()}"""
+ NIGHTLY_TAG = getBuildBranch()
}
stages {
@@ -206,7 +203,6 @@ void addImageBuildParams(List buildParams, String tag,
String paramsPrefix = def
addStringParam(buildParams, constructKey(paramsPrefix,
'REGISTRY_CREDENTIALS'), env.IMAGE_REGISTRY_CREDENTIALS)
addStringParam(buildParams, constructKey(paramsPrefix, 'REGISTRY'),
env.IMAGE_REGISTRY)
addStringParam(buildParams, constructKey(paramsPrefix, 'NAMESPACE'),
env.IMAGE_NAMESPACE)
- addStringParam(buildParams, constructKey(paramsPrefix, 'NAME_SUFFIX'),
(extraSuffix ? "${extraSuffix}-" : '') + env.IMAGE_NAME_NIGHTLY_SUFFIX)
addStringParam(buildParams, constructKey(paramsPrefix, 'TAG'), tag)
}
diff --git a/.ci/jenkins/Jenkinsfile.release.cloud
b/.ci/jenkins/Jenkinsfile.release.cloud
index 4b3c46d4..78edcb0a 100644
--- a/.ci/jenkins/Jenkinsfile.release.cloud
+++ b/.ci/jenkins/Jenkinsfile.release.cloud
@@ -33,8 +33,6 @@ pipeline {
// Some generated env is also defined into ./dsl/jobs.groovy file
KOGITO_CI_EMAIL_TO = credentials("${JENKINS_EMAIL_CREDS_ID}")
-
- IMAGE_NAME_NIGHTLY_SUFFIX = 'nightly'
}
stages {
@@ -97,68 +95,58 @@ pipeline {
}
}
- stage('Build & Deploy Kogito Serverless Operator') {
- when {
- expression { return isServerlessOperatorRelease() }
- }
- steps {
- script {
- def buildParams =
getDefaultBuildParams(getKogitoServerlessOperatorVersion())
- addSkipTestsParam(buildParams)
- addImageBuildParams(buildParams,
getKogitoServerlessOperatorTempTag())
-
- buildJob(getDeployJobName(kogitoServerlessOperatorRepo),
buildParams)
- }
- }
- }
-
- stage('Promote Kogito Images') {
- when {
- expression { return isImagesRelease() &&
isJobConsideredOk(getDeployJobName(kogitoImagesRepo)) }
- }
- steps {
- script {
- def buildParams =
getDefaultBuildParams(getKogitoImagesVersion())
- addDeployBuildUrlParamOrClosure(buildParams,
getDeployJobName(kogitoImagesRepo)) {
- addImageBuildParams(buildParams,
getKogitoImagesTempTag(), false, baseImageParamsPrefix)
- }
- addImageBuildParams(buildParams,
getKogitoImagesFinalTag(), true, promoteImageParamsPrefix)
- addBooleanParam(buildParams, 'DEPLOY_WITH_LATEST_TAG',
isDeployAsLatest())
-
- buildJob(getPromoteJobName(kogitoImagesRepo), buildParams)
- }
- }
- }
-
- stage('Promote Kogito Serverless Operator') {
- when {
- expression { return isServerlessOperatorRelease() &&
isJobConsideredOk(getDeployJobName(kogitoServerlessOperatorRepo)) }
- }
- steps {
- script {
- def buildParams =
getDefaultBuildParams(getKogitoServerlessOperatorVersion())
- addDeployBuildUrlParamOrClosure(buildParams,
getDeployJobName(kogitoServerlessOperatorRepo)) {
- addImageBuildParams(buildParams,
getKogitoServerlessOperatorTempTag(), false, baseImageParamsPrefix)
- }
-
- // Base image information is given by the deploy URL
- addImageBuildParams(buildParams,
getKogitoServerlessOperatorFinalTag(), true, promoteImageParamsPrefix)
- addBooleanParam(buildParams, 'DEPLOY_WITH_LATEST_TAG',
isDeployAsLatest())
-
- buildJob(getPromoteJobName(kogitoServerlessOperatorRepo),
buildParams)
- }
- }
- }
-
- stage('Setup next snapshot version') {
- steps {
- script {
- def buildParams = []
- addStringParam(buildParams, 'KOGITO_VERSION',
util.getNextVersion(getKogitoVersion(), 'micro'))
- build(job: '../setup-branch/0-setup-branch-cloud', wait:
false, parameters: buildParams, propagate: false)
- }
- }
- }
+ // stage('Build & Deploy Kogito Serverless Operator') {
+ // when {
+ // expression { return isServerlessOperatorRelease() }
+ // }
+ // steps {
+ // script {
+ // def buildParams =
getDefaultBuildParams(getKogitoServerlessOperatorVersion())
+ // addSkipTestsParam(buildParams)
+ // addImageBuildParams(buildParams,
getKogitoServerlessOperatorTempTag())
+
+ //
buildJob(getDeployJobName(kogitoServerlessOperatorRepo), buildParams)
+ // }
+ // }
+ // }
+
+ // stage('Promote Kogito Images') {
+ // when {
+ // expression { return isImagesRelease() &&
isJobConsideredOk(getDeployJobName(kogitoImagesRepo)) }
+ // }
+ // steps {
+ // script {
+ // def buildParams =
getDefaultBuildParams(getKogitoImagesVersion())
+ // addDeployBuildUrlParamOrClosure(buildParams,
getDeployJobName(kogitoImagesRepo)) {
+ // addImageBuildParams(buildParams,
getKogitoImagesTempTag(), false, baseImageParamsPrefix)
+ // }
+ // addImageBuildParams(buildParams,
getKogitoImagesFinalTag(), true, promoteImageParamsPrefix)
+ // addBooleanParam(buildParams, 'DEPLOY_WITH_LATEST_TAG',
isDeployAsLatest())
+
+ // buildJob(getPromoteJobName(kogitoImagesRepo),
buildParams)
+ // }
+ // }
+ // }
+
+ // stage('Promote Kogito Serverless Operator') {
+ // when {
+ // expression { return isServerlessOperatorRelease() &&
isJobConsideredOk(getDeployJobName(kogitoServerlessOperatorRepo)) }
+ // }
+ // steps {
+ // script {
+ // def buildParams =
getDefaultBuildParams(getKogitoServerlessOperatorVersion())
+ // addDeployBuildUrlParamOrClosure(buildParams,
getDeployJobName(kogitoServerlessOperatorRepo)) {
+ // addImageBuildParams(buildParams,
getKogitoServerlessOperatorTempTag(), false, baseImageParamsPrefix)
+ // }
+
+ // // Base image information is given by the deploy URL
+ // addImageBuildParams(buildParams,
getKogitoServerlessOperatorFinalTag(), true, promoteImageParamsPrefix)
+ // addBooleanParam(buildParams, 'DEPLOY_WITH_LATEST_TAG',
isDeployAsLatest())
+
+ //
buildJob(getPromoteJobName(kogitoServerlessOperatorRepo), buildParams)
+ // }
+ // }
+ // }
}
post {
always {
@@ -365,9 +353,6 @@ void addImageBuildParams(List buildParams, String tag,
boolean isFinalImage = fa
addStringParam(buildParams, constructKey(paramsPrefix,
'REGISTRY_CREDENTIALS'), env.IMAGE_REGISTRY_CREDENTIALS)
addStringParam(buildParams, constructKey(paramsPrefix, 'REGISTRY'),
env.IMAGE_REGISTRY)
addStringParam(buildParams, constructKey(paramsPrefix, 'NAMESPACE'),
env.IMAGE_NAMESPACE)
- if (!isFinalImage) {
- addStringParam(buildParams, constructKey(paramsPrefix, 'NAME_SUFFIX'),
env.IMAGE_NAME_NIGHTLY_SUFFIX)
- }
addStringParam(buildParams, constructKey(paramsPrefix, 'TAG'), tag)
}
diff --git a/.ci/jenkins/Jenkinsfile.weekly.cloud
b/.ci/jenkins/Jenkinsfile.weekly.cloud
index 876f01bd..58dcd581 100644
--- a/.ci/jenkins/Jenkinsfile.weekly.cloud
+++ b/.ci/jenkins/Jenkinsfile.weekly.cloud
@@ -35,8 +35,6 @@ pipeline {
KOGITO_CI_EMAIL_TO = credentials("${JENKINS_EMAIL_CREDS_ID}")
- IMAGE_NAME_WEEKLY_SUFFIX = 'nightly'
-
// Use branch name in weekly tag as we may have parallel main and
release branch builds
WEEKLY_TAG = """${getBuildBranch()}-${getCurrentDate()}"""
}
@@ -207,7 +205,6 @@ void addImageBuildParams(List buildParams, String tag,
String paramsPrefix = def
addStringParam(buildParams, constructKey(paramsPrefix,
'REGISTRY_CREDENTIALS'), env.IMAGE_REGISTRY_CREDENTIALS)
addStringParam(buildParams, constructKey(paramsPrefix, 'REGISTRY'),
env.IMAGE_REGISTRY)
addStringParam(buildParams, constructKey(paramsPrefix, 'NAMESPACE'),
env.IMAGE_NAMESPACE)
- addStringParam(buildParams, constructKey(paramsPrefix, 'NAME_SUFFIX'),
(extraSuffix ? "${extraSuffix}-" : '') + env.IMAGE_NAME_WEEKLY_SUFFIX)
addStringParam(buildParams, constructKey(paramsPrefix, 'TAG'), tag)
}
diff --git a/.ci/jenkins/config/branch.yaml b/.ci/jenkins/config/branch.yaml
index 78326a0b..145ebe9e 100644
--- a/.ci/jenkins/config/branch.yaml
+++ b/.ci/jenkins/config/branch.yaml
@@ -19,6 +19,8 @@ environments:
auto_generation: false
ids:
- ecosystem
+disable:
+ images-deploy: false
repositories:
- name: incubator-kie-kogito-pipelines
job_display_name: kogito-pipelines
@@ -84,6 +86,14 @@ cloud:
registry: quay.io
namespace: kiegroup
latest_git_branch: main
+release:
+ gpg:
+ sign:
+ key-credentials-id: 'asf-release-gpg-signing-key'
+ passphrase-credentials-id: 'asf-release-gpg-signing-key-passphrase'
+ svn:
+ staging-repository: <TO-BE-DEFINED>
+ credentials-id: <TO-BE-DEFINED>
jenkins:
email_creds_id: KOGITO_CI_NOTIFICATION_EMAILS
agent:
diff --git a/dsl/seed/src/main/groovy/org/kie/jenkins/jobdsl/Utils.groovy
b/dsl/seed/src/main/groovy/org/kie/jenkins/jobdsl/Utils.groovy
index 90212bf6..85afb3a9 100644
--- a/dsl/seed/src/main/groovy/org/kie/jenkins/jobdsl/Utils.groovy
+++ b/dsl/seed/src/main/groovy/org/kie/jenkins/jobdsl/Utils.groovy
@@ -326,8 +326,25 @@ class Utils {
return getBindingValue(script, 'DISABLE_DEPLOY').toBoolean() ||
isTestEnvironment(script)
}
+ static boolean isImagesDeployDisabled(def script) {
+ return getBindingValue(script, 'DISABLE_IMAGES_DEPLOY').toBoolean() ||
isTestEnvironment(script)
+ }
+
static boolean isPrCheckDisabled(def script) {
return getBindingValue(script, 'DISABLE_PR_CHECK').toBoolean() ||
isTestEnvironment(script)
}
+ static String getReleaseGpgSignKeyCredentialsId(def script) {
+ return getBindingValue(script, 'RELEASE_GPG_SIGN_KEY_CREDENTIALS_ID')
+ }
+ static String getReleaseGpgSignPassphraseCredentialsId(def script) {
+ return getBindingValue(script,
'RELEASE_GPG_SIGN_PASSPHRASE_CREDENTIALS_ID')
+ }
+ static String getReleaseSvnCredentialsId(def script) {
+ return getBindingValue(script, 'RELEASE_SVN_CREDENTIALS_ID')
+ }
+ static String getReleaseSvnStagingRepository(def script) {
+ return getBindingValue(script, 'RELEASE_SVN_STAGING_REPOSITORY')
+ }
+
}
diff --git a/jenkins-pipeline-shared-libraries/vars/release.groovy
b/jenkins-pipeline-shared-libraries/vars/release.groovy
new file mode 100644
index 00000000..1af2d4c6
--- /dev/null
+++ b/jenkins-pipeline-shared-libraries/vars/release.groovy
@@ -0,0 +1,39 @@
+def gpgImportKeyFromFileWithPassword(String gpgKeyCredentialsId, String
gpgKeyPasswordCredentialsId) {
+ withCredentials([file(credentialsId: gpgKeyCredentialsId, variable:
'SIGNING_KEY')]) {
+ withCredentials([string(credentialsId: gpgKeyPasswordCredentialsId,
variable: 'SIGNING_KEY_PASSWORD')]) {
+ // copy the key to singkey.gpg file in *plain text* so we can
import it
+ sh """
+ cat $SIGNING_KEY > $WORKSPACE/signkey.gpg
+ # Please do not remove list keys command. When gpg is run for
the first time, it may initialize some internals.
+ gpg --list-keys
+ gpg --batch --pinentry-mode=loopback --passphrase
\"${SIGNING_KEY_PASSWORD}\" --import signkey.gpg
+ rm $WORKSPACE/signkey.gpg
+ """
+ }
+ }
+}
+
+def gpgSignFileDetachedSignatureWithPassword(String file, String
signatureTarget, String gpgKeyPasswordCredentialsId) {
+ withCredentials([string(credentialsId: gpgKeyPasswordCredentialsId,
variable: 'SIGNING_KEY_PASSWORD')]) {
+ sh "gpg --batch --sign --pinentry-mode=loopback --passphrase
\"${SIGNING_KEY_PASSWORD}\" --output ${signatureTarget} --detach-sig ${file}"
+ }
+}
+
+boolean gpgIsValidDetachedSignature(String file, String signature) {
+ return sh(returnStatus: true, script: "gpg --batch --verify ${signature}
${file}") == 0
+}
+
+def svnUploadFileToRepository(String svnRepository, String svnCredentialsId,
String releaseVersion, String... files) {
+ withCredentials([usernamePassword(credentialsId: svnCredentialsId,
usernameVariable: 'ASF_USERNAME', passwordVariable: 'ASF_PASSWORD')]) {
+ sh "svn co --depth=empty ${svnRepository} svn-kie"
+ for (file in files) {
+ sh "cp ${file} svn-kie/${releaseVersion}/"
+ }
+ sh """
+ svn add "svn-kie/${releaseVersion}"
+ cd svn-kie
+ svn ci --non-interactive --no-auth-cache --username ${ASF_USERNAME}
--password '${ASF_PASSWORD}' -m "Apache KIE ${releaseVersion} artifacts"
+ rm -rf svn-kie
+ """
+ }
+}
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
