-
Notifications
You must be signed in to change notification settings - Fork 11
/
Jenkinsfile.meta
108 lines (100 loc) · 3.42 KB
/
Jenkinsfile.meta
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
properties([
disableConcurrentBuilds(),
disableResume(),
durabilityHint('PERFORMANCE_OPTIMIZED'),
pipelineTriggers([
cron('@hourly'),
]),
])
node {
stage('Checkout') {
checkout(scmGit(
userRemoteConfigs: [[
url: '[email protected]:docker-library/meta.git',
credentialsId: 'docker-library-bot',
name: 'origin',
]],
branches: [[name: '*/main']],
extensions: [
submodule(
recursiveSubmodules: true,
parentCredentials: true,
),
cleanBeforeCheckout(),
cleanAfterCheckout(),
[$class: 'RelativeTargetDirectory', relativeTargetDir: 'meta'],
],
))
sh '''
git -C meta config user.name 'Docker Library Bot'
git -C meta config user.email '[email protected]'
'''
}
env.BASHBREW_LIBRARY = workspace + '/meta/.doi/library'
dir('meta') {
// we *should* update .scripts (since that's where Jenkinsfile.* comes from, so it doesn't really make sense to update our Jenkinsfile and not have it use updated scripts), but it probably should update explicitly to the commit that the Jenkinsfile itself is coming from, if that's possible? ("latest" is probably fine)
stage('Update DOI') {
sh '''
git submodule update --remote --merge .doi
git submodule update --remote --merge .scripts
# TODO once "repos_anti_subset" in "doi.jq" is empty, we can remove this (and all associated usages of "subset.txt" can just be "--all" or go away completely)
# in all the places we need to interact with our "subset" it's a lot easier to have an explicit list of what's included, so we'll continue to generate "subset.txt" until it contains the full set
bashbrew list --all --repos | jq -L.scripts -rsR '
include "doi";
rtrimstr("\n")
| split("\n")
| . - repos_anti_subset
| join("\n")
' > subset.txt
git add subset.txt
'''
}
withCredentials([
// thanks to rate limits, we either have to "docker login" or look things up via our proxy
string(credentialsId: 'dockerhub-public-proxy', variable: 'DOCKERHUB_PUBLIC_PROXY'),
string(credentialsId: 'dockerhub-public-proxy-host', variable: 'DOCKERHUB_PUBLIC_PROXY_HOST'),
]) {
stage('Fetch') {
sh 'bashbrew --library .doi/library fetch $(cat subset.txt)' // TODO --all
}
stage('Sources') {
sh '''
# we only need to regenerate "sources.json" if ".doi", ".scripts", or "subset.txt" have changed since we last generated it
needsBuild=
if [ ! -s commits.json ] || [ ! -s sources.json ]; then
needsBuild=1
fi
doi="$(git -C .doi log -1 --format='format:%H')"
scripts="$(git -C .scripts log -1 --format='format:%H')"
subset="$(sha256sum subset.txt | cut -d' ' -f1)"
export doi scripts subset
jq -n '{ doi: env.doi, scripts: env.scripts, subset: env.subset }' | tee commits.json
if [ -z "$needsBuild" ] && ! git diff --exit-code commits.json; then
needsBuild=1
fi
if [ -n "$needsBuild" ]; then
images="$(cat subset.txt)"
[ -n "$images" ]
.scripts/sources.sh $images > sources.json
fi
'''
}
stage('Builds') {
sh '.scripts/builds.sh --cache cache-builds.json sources.json > builds.json'
}
}
stage('Commit') {
sh '''
git add -A .
if ! git diff --staged --exit-code; then # commit fails if there's nothing to commit
git commit -m 'Update and regenerate'
fi
'''
}
sshagent(['docker-library-bot']) {
stage('Push') {
sh 'git push origin HEAD:main'
}
}
}
}