From f6b2c237b6ba3e47dd47b6fb3e347194acee8564 Mon Sep 17 00:00:00 2001
From: Webb Scales <wscales@redhat.com>
Date: Fri, 13 Jan 2023 16:19:12 -0500
Subject: [PATCH] Add CI support for building Agent containers

PBENCH-332
---
 agent/containers/images/Makefile | 12 +++++-
 jenkins/Pipeline.gy              | 74 +++++++++++++++++++++++---------
 2 files changed, 64 insertions(+), 22 deletions(-)

diff --git a/agent/containers/images/Makefile b/agent/containers/images/Makefile
index bac8a850e8..72fad1de1a 100644
--- a/agent/containers/images/Makefile
+++ b/agent/containers/images/Makefile
@@ -51,7 +51,8 @@ _PBENCH_REPO_NAME = pbench-${_LOCAL_MAJORMINOR}${_TEST_SUFFIX}
 # By default we use the pbench Quay.io organization for the image
 # repository.  You can override this default using an environment
 # variable as appropriate.
-IMAGE_REPO = docker://quay.io/pbench
+IMAGE_REPO ?= docker://quay.io/pbench
+IMAGE_TAG ?= latest
 
 # Convenience reference to the repo template in the pbench tree.
 # Not intended to be overridden with an environment variable.
@@ -293,6 +294,15 @@ centos-7-base.Dockerfile: _PKGMGR = yum
 # Push local images for the given tag and distribution.
 #-
 
+# Special push target for the CI which pushes a full set of the various container
+# images for the distribution to the specified registry with the specified tag.
+$(_DEFAULT_DISTROS:%=%-push-ci): %-push-ci:
+	for image in base tools tool-meister tool-data-sink workloads all; do \
+	  buildah push \
+	    localhost/pbench-agent-$${image}-${*}:${_LOCAL_GIT_HASH} \
+	    ${IMAGE_REPO}/pbench-agent-$${image}-${*}:${IMAGE_TAG} ; \
+	done
+
 define _PUSH_RULE
 %-push-$(1): %-tags.lis
 	./push ${IMAGE_REPO} $$* $(1)
diff --git a/jenkins/Pipeline.gy b/jenkins/Pipeline.gy
index 91531b3c72..8937abd8c1 100644
--- a/jenkins/Pipeline.gy
+++ b/jenkins/Pipeline.gy
@@ -10,26 +10,18 @@ pipeline {
         PY_COLORS=0
         TERM='dumb'
 
-        // The remaining variables are for `jenkins/run-server-func-tests`.
-
+        // Configuration for remote container registries
         PODMAN_INTERNAL=credentials('12b404ca-3036-4960-9929-979148b9e49a')
-        KEYCLOAK_CLIENT_SECRET=credentials('5cf0304d-8a00-48a4-ade5-9f59cb37ba68')
-        PB_CONTAINER_REG=credentials('c3e2d737-0e56-4c1e-a945-d86bc644384c')
-
+        PODMAN_EXTERNAL=credentials('87ad2797-02eb-464f-989f-8ab78d63cdf3')
+        PB_INTERNAL_CONTAINER_REG=credentials('c3e2d737-0e56-4c1e-a945-d86bc644384c')
+        PB_EXTERNAL_CONTAINER_REG=credentials('24a93506-ecd6-403a-b4f0-386f9cc943e9')
         PB_ORG_NAME="pbench"
-
         PB_SERVER_IMAGE_NAME="pbench-server-ci"
-        // Set the tag to the PR number (i.e., the Jenkins CHANGE_ID) if run for
-        // a PR; otherwise set it to the branch name (e.g., `main`).  Set a
-        // shorthand for the Pbench Server image path, and set a variable for
-        // the Server Pod name, based on the image tag, so that we don't
-        // interfere with other pods on this executor.
-        PB_SERVER_IMAGE_TAG="""${sh(
-            returnStdout: true,
-            script: 'echo ${CHANGE_ID:-${BRANCH_NAME}}'
-            )}""".trim()
-
-        PB_DASHBOARD_DIR="${WORKSPACE}/dashboard/build/"
+        // If we are executing for a PR, as opposed to executing for a branch
+        // like `main`, the CHANGE_ID will be defined to the PR number.  If it
+        // is defined we'll use its value for the container image tag;
+        // otherwise we set it to the branch name (e.g., `main`).
+        PB_IMAGE_TAG="${env.CHANGE_ID ?: env.BRANCH_NAME}"
     }
     stages {
         stage('Agent Python3.6 Check') {
@@ -50,14 +42,54 @@ pipeline {
             }
         }
         stage('Build the Pbench Server Container') {
+            environment {
+                KEYCLOAK_CLIENT_SECRET=credentials('5cf0304d-8a00-48a4-ade5-9f59cb37ba68')
+                PB_SERVER_IMAGE_TAG="${PB_IMAGE_TAG}"
+                RPM_PATH="${WORKSPACE_TMP}/rpmbuild/RPMS/noarch/pbench-server-*.rpm"
+            }
             steps {
-                sh 'buildah login -u="${PODMAN_INTERNAL_USR}" -p="${PODMAN_INTERNAL_PSW}" ${PB_CONTAINER_REG}'
-                sh 'RPM_PATH=${WORKSPACE_TMP}/rpmbuild/RPMS/noarch/pbench-server-*.rpm bash -ex ./server/pbenchinacan/container-build-ci.sh'
-                sh 'buildah push localhost/pbench-server:${PB_SERVER_IMAGE_TAG} ${PB_CONTAINER_REG}/${PB_ORG_NAME}/pbench-server:${PB_SERVER_IMAGE_TAG}'
-                sh 'buildah push localhost/${PB_SERVER_IMAGE_NAME}:${PB_SERVER_IMAGE_TAG} ${PB_CONTAINER_REG}/${PB_ORG_NAME}/${PB_SERVER_IMAGE_NAME}:${PB_SERVER_IMAGE_TAG}'
+                sh 'buildah login -u="${PODMAN_INTERNAL_USR}" -p="${PODMAN_INTERNAL_PSW}" ${PB_INTERNAL_CONTAINER_REG}'
+                sh 'bash -ex ./server/pbenchinacan/container-build-ci.sh'
+                sh 'buildah push localhost/pbench-server:${PB_IMAGE_TAG} ${PB_INTERNAL_CONTAINER_REG}/${PB_ORG_NAME}/pbench-server:${PB_IMAGE_TAG}'
+                sh 'buildah push localhost/${PB_SERVER_IMAGE_NAME}:${PB_IMAGE_TAG} ${PB_INTERNAL_CONTAINER_REG}/${PB_ORG_NAME}/${PB_SERVER_IMAGE_NAME}:${PB_IMAGE_TAG}'
+            }
+        }
+        stage('Build the Pbench Agent Containers') {
+            environment {
+                // If CHANGE_ID is defined, then we are building a PR, so use
+                // the internal container registry; otherwise, we are building
+                // a branch (like `main`), so use the external registry.
+                PB_AGENT_CONTAINER_REG="${env.CHANGE_ID ? env.PB_INTERNAL_CONTAINER_REG : env.PB_EXTERNAL_CONTAINER_REG}"
+                PB_AGENT_DISTRO="fedora-36"
+            }
+            stages {
+                stage('Login to external container registry') {
+                    when { equals expected: env.PB_EXTERNAL_CONTAINER_REG, actual: env.PB_AGENT_CONTAINER_REG }
+                    steps {
+                        sh 'buildah login -u="${PODMAN_EXTERNAL_USR}" -p="${PODMAN_EXTERNAL_PSW}" ${PB_EXTERNAL_CONTAINER_REG}'
+                    }
+                }
+                stage('Login to internal container registry') {
+                    when { equals expected: env.PB_INTERNAL_CONTAINER_REG, actual: env.PB_AGENT_CONTAINER_REG }
+                    steps {
+                        sh 'buildah login -u="${PODMAN_INTERNAL_USR}" -p="${PODMAN_INTERNAL_PSW}" ${PB_INTERNAL_CONTAINER_REG}'
+                    }
+                }
+                stage('Do the build') {
+                    steps {
+                        sh '/usr/bin/python3 -m pip install --user jinja2-cli'
+                        sh 'make -C agent/containers/images CI_RPM_ROOT=${WORKSPACE_TMP} clean ${PB_AGENT_DISTRO}-everything'
+                        sh 'make -C agent/containers/images IMAGE_REPO=${PB_AGENT_CONTAINER_REG}/${PB_ORG_NAME} IMAGE_TAG=${PB_IMAGE_TAG} ${PB_AGENT_DISTRO}-push-ci'
+                    }
+                }
             }
         }
         stage('Deploy server and run functional tests') {
+            environment {
+                PB_CONTAINER_REG="${PB_INTERNAL_CONTAINER_REG}"
+                PB_DASHBOARD_DIR="${WORKSPACE}/dashboard/build/"
+                PB_SERVER_IMAGE_TAG="${PB_IMAGE_TAG}"
+            }
             steps {
                 sh 'jenkins/run-server-func-tests --cleanup'
             }