Test scripted pipeline mounting ~/.m2 (#136)

.vscode/settings.json

@@ -22,5 +22,8 @@
   "[markdown]": {
     "editor.defaultFormatter": "esbenp.prettier-vscode",
     "editor.formatOnSave": true
+  },
+  "files.associations": {
+    "*.yaml.gotmpl": "helm-template"
   }
 }

devcontainer/README.md

@@ -69,10 +69,10 @@ To use it as a **Docker on Docker** devcontainer:
     "dockerfile": "Dockerfile"
   },
   "overrideCommand": false,
-  "runArgs": [
-    "--volume=/var/run/docker.sock:target=/var/run/docker.sock",
-    "--network=host"
-  ]
+  "mounts": [
+    "source=/var/run/docker.sock,target=/var/run/docker.sock,type=bind"
+  ],
+  "runArgs": ["--network=host"]
 }
 ```
 

jenkins-agent-dind/README.md

@@ -136,7 +136,7 @@ pipeline {
     docker {
       image 'ghcr.io/felipecrs/jenkins-agent-dind'
       alwaysPull true
-      args '--volume=/var/run/docker.sock:/var/run/docker.sock --network=host --group-add=docker'
+      args '--volume=/var/run/docker.sock:/var/run/docker.sock --group-add=docker --network=host'
     }
   }
   stages {
@@ -266,7 +266,7 @@ pipeline {
     docker {
       image 'ghcr.io/felipecrs/jenkins-agent-dind'
       alwaysPull true
-      args '--volume=/ssh-command:/ssh-command --volume=/var/run/docker.sock:/var/run/docker.sock --network=host --group-add=docker'
+      args '--volume=/ssh-command:/ssh-command --volume=/var/run/docker.sock:/var/run/docker.sock --group-add=docker --network=host'
     }
   }
   options {

jenkins-agent-dind/test-fixtures/helmfile.yaml

@@ -7,91 +7,6 @@ helmBinary: ./werf_as_helm.sh
 releases:
   - name: jenkins
     # https://github.com/jenkinsci/helm-charts/releases
-    chart: https://github.com/jenkinsci/helm-charts/releases/download/jenkins-5.0.17/jenkins-5.0.17.tgz
+    chart: https://github.com/jenkinsci/helm-charts/releases/download/jenkins-5.1.5/jenkins-5.1.5.tgz
     values:
-      - persistence:
-          enabled: true
-        agent:
-          image:
-            repository: jenkins-agent-dind-test-registry:5000/jenkins-agent-dind
-            tag: latest
-          alwaysPullImage: false
-          args: ""
-          resources:
-            requests:
-              cpu: "3"
-              memory: "6Gi"
-            limits:
-              cpu: "3"
-              memory: "6Gi"
-          yamlTemplate: |
-            apiVersion: v1
-            kind: Pod
-            metadata:
-              labels:
-                dynamic-hostports: "22"
-            spec:
-              hostNetwork: false
-              automountServiceAccountToken: false
-              enableServiceLinks: false
-              # the agent will connect to jenkins using the k8s svc name
-              # dnsPolicy: Default
-              restartPolicy: Never
-              terminationGracePeriodSeconds: 30
-              containers:
-                - name: jnlp
-                  env:
-                    - name: SSHD_ENABLED
-                      value: "true"
-                  ports:
-                    - containerPort: 22
-                  securityContext:
-                    privileged: true
-                  workingDir: /home/jenkins/agent
-                  terminationMessagePolicy: FallbackToLogsOnError
-                  volumeMounts:
-                    - mountPath: /home/jenkins/agent
-                      name: workspace-volume
-                    - name: podinfo
-                      mountPath: /ssh-command/podinfo
-                      readonly: true
-              volumes:
-                - name: workspace-volume
-                  emptyDir: {}
-                - name: podinfo
-                  downwardAPI:
-                    items:
-                      - path: "sshd-port"
-                        fieldRef:
-                          fieldPath: metadata.annotations['dynamic-hostports.k8s/22']
-                      - path: "node-fqdn"
-                        fieldRef:
-                          fieldPath: metadata.annotations['dynamic-hostports.k8s/node-fqdn']
-        controller:
-          image:
-            registry: jenkins-agent-dind-test-registry:5000
-            repository: jenkins
-            tag: latest
-          installPlugins: false
-          sidecars:
-            configAutoReload:
-              enabled: false
-          JCasC:
-            authorizationStrategy: unsecured
-            securityRealm: |
-              local:
-                allowsSignup: false
-            configScripts:
-              jobs: |
-                jobs:
-                  - script: >
-                      pipelineJob('test-agent') {
-                        definition {
-                          cps {
-                            sandbox()
-                            script('''\
-                              {{- readFile "jobs/test-agent/Jenkinsfile" | nindent 30 }}
-                              '''.stripIndent())
-                          }
-                        }
-                      }
+      - values.yaml.gotmpl

jenkins-agent-dind/test-fixtures/jobs/test-agent/Jenkinsfile → jenkins-agent-dind/test-fixtures/jobs/test-agent-declarative/Jenkinsfile

@@ -35,7 +35,7 @@ pipeline {
                         docker {
                             reuseNode true
                             image 'localhost:15432/jenkins-agent-dind:latest'
-                            args '--volume=/ssh-command:/ssh-command --volume=/var/run/docker.sock:/var/run/docker.sock --group-add=docker'
+                            args '--volume=/ssh-command:/ssh-command --volume=/var/run/docker.sock:/var/run/docker.sock --group-add=docker --network=host'
                         }
                     }
                     steps {

jenkins-agent-dind/test-fixtures/jobs/test-agent-scripted/Jenkinsfile

@@ -0,0 +1,20 @@
+node {
+    // docker can only pull from insecure registries at localhost by default
+    sh 'docker run --name socat -d --network=host alpine/socat tcp-listen:15432,reuseaddr,fork tcp:jenkins-agent-dind-test-registry:5000'
+
+    sh 'pkgx +java@17 mvn@3 -ntp archetype:generate -DarchetypeGroupId=org.apache.maven.archetypes -DarchetypeArtifactId=maven-archetype-simple -DarchetypeVersion=1.4 -DgroupId=test -DartifactId=test -Dversion=1.0-SNAPSHOT -DinteractiveMode=false'
+
+    dir('test') {
+        sh 'pkgx +java@17 mvn@3 -ntp clean package'
+
+        docker.image('localhost:15432/jenkins-agent-dind:latest')
+            .inside('--volume=/var/run/docker.sock:/var/run/docker.sock --group-add=docker --network=host') {
+            sh 'docker version'
+        }
+
+        docker.image('localhost:15432/jenkins-agent-dind:latest')
+            .inside('--volume=/home/jenkins/.pkgx:/home/jenkins/.pkgx --volume=/home/jenkins/.m2:/home/jenkins/.m2 --volume=/var/run/docker.sock:/var/run/docker.sock --group-add=docker --network=host') {
+            sh 'pkgx +java@17 mvn@3 -o clean package'
+        }
+    }
+}

jenkins-agent-dind/test-fixtures/values.yaml.gotmpl

@@ -0,0 +1,94 @@
+persistence:
+  enabled: true
+agent:
+  image:
+    repository: jenkins-agent-dind-test-registry:5000/jenkins-agent-dind
+    tag: latest
+  alwaysPullImage: false
+  args: ""
+  resources:
+    requests:
+      cpu: "2"
+      memory: "4G"
+    limits:
+      cpu: "2"
+      memory: "4G"
+  yamlTemplate: |
+    apiVersion: v1
+    kind: Pod
+    metadata:
+      labels:
+        dynamic-hostports: "22"
+    spec:
+      hostNetwork: false
+      automountServiceAccountToken: false
+      enableServiceLinks: false
+      # the agent will connect to jenkins using the k8s svc name
+      # dnsPolicy: Default
+      restartPolicy: Never
+      terminationGracePeriodSeconds: 30
+      containers:
+        - name: jnlp
+          env:
+            - name: SSHD_ENABLED
+              value: "true"
+          ports:
+            - containerPort: 22
+          securityContext:
+            privileged: true
+          workingDir: /home/jenkins/agent
+          terminationMessagePolicy: FallbackToLogsOnError
+          volumeMounts:
+            - mountPath: /home/jenkins/agent
+              name: workspace-volume
+            - name: podinfo
+              mountPath: /ssh-command/podinfo
+              readonly: true
+      volumes:
+        - name: workspace-volume
+          emptyDir: {}
+        - name: podinfo
+          downwardAPI:
+            items:
+              - path: "sshd-port"
+                fieldRef:
+                  fieldPath: metadata.annotations['dynamic-hostports.k8s/22']
+              - path: "node-fqdn"
+                fieldRef:
+                  fieldPath: metadata.annotations['dynamic-hostports.k8s/node-fqdn']
+controller:
+  image:
+    registry: jenkins-agent-dind-test-registry:5000
+    repository: jenkins
+    tag: latest
+  installPlugins: false
+  sidecars:
+    configAutoReload:
+      enabled: false
+  JCasC:
+    authorizationStrategy: unsecured
+    configScripts:
+      jobs: |
+        jobs:
+          - script: >
+              pipelineJob('test-agent-declarative') {
+                definition {
+                  cps {
+                    sandbox()
+                    script('''\
+                      {{- readFile "jobs/test-agent-declarative/Jenkinsfile" | nindent 30 }}
+                      '''.stripIndent())
+                  }
+                }
+              }
+          - script: >
+              pipelineJob('test-agent-scripted') {
+                definition {
+                  cps {
+                    sandbox()
+                    script('''\
+                      {{- readFile "jobs/test-agent-scripted/Jenkinsfile" | nindent 30 }}
+                      '''.stripIndent())
+                  }
+                }
+              }

jenkins-agent-dind/test.sh

@@ -2,7 +2,8 @@
 
 set -euo pipefail
 
-script_dir="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+SCRIPT_DIR="$(cd -- "$(dirname -- "${BASH_SOURCE[0]}")" &>/dev/null && pwd)"
+export SCRIPT_DIR
 
 set -x
 
@@ -22,26 +23,50 @@ function cleanup() {
 
 trap cleanup EXIT
 
-cd "${script_dir}/.."
+function prepare_agent() {
+    set -eux
 
-docker buildx bake jenkins-agent-dind --push \
-    --set jenkins-agent-dind.tags=localhost:15432/jenkins-agent-dind:latest
+    cd "${SCRIPT_DIR}/.."
 
-retry --verbose --tries=3 --sleep=3 -- kubectl run --rm -i --privileged --image jenkins-agent-dind-test-registry:5000/jenkins-agent-dind:latest test -- docker version
+    docker buildx bake jenkins-agent-dind --push \
+        --set jenkins-agent-dind.tags=localhost:15432/jenkins-agent-dind:latest
 
-cd "${script_dir}/test-fixtures"
+    retry --tries=3 --sleep=3 -- \
+        kubectl run --attach --restart=Never --rm --privileged --image jenkins-agent-dind-test-registry:5000/jenkins-agent-dind:latest test -- \
+        docker version
 
-docker buildx build . --tag localhost:15432/jenkins:latest --push
+    kubectl apply -f https://raw.githubusercontent.com/felipecrs/dynamic-hostports-k8s/master/deploy.yaml
+}
+
+function prepare_jenkins() {
+    set -eux
+
+    cd "${SCRIPT_DIR}/test-fixtures"
+
+    docker buildx build . --tag localhost:15432/jenkins:latest --push
+
+    # retry because of https://github.com/werf/werf/issues/6048
+    retry --tries=2 --sleep=0 -- \
+        helmfile sync --enable-live-output
 
-kubectl apply -f https://raw.githubusercontent.com/felipecrs/dynamic-hostports-k8s/master/deploy.yaml
+    kubectl exec jenkins-0 --container=jenkins -- \
+        curl -fsSL http://127.0.0.1:8080/jnlpJars/jenkins-cli.jar --output /tmp/jenkins-cli.jar
+}
+
+function build_jenkins_job() {
+    set -eux
+
+    kubectl exec jenkins-0 --container=jenkins -- \
+        java -jar /tmp/jenkins-cli.jar -s http://127.0.0.1:8080 \
+        build "${1}" -s -v -f
+}
 
-helmfile sync --enable-live-output
+export -f prepare_agent prepare_jenkins build_jenkins_job
 
-kubectl exec -it jenkins-0 -- bash <<EOF
-set -euxo pipefail
+parallel_cmd=(parallel --line-buffer --tag --halt 'now,fail=1')
 
-curl -fsSL http://127.0.0.1:8080/jnlpJars/jenkins-cli.jar -o /tmp/jenkins-cli.jar
+"${parallel_cmd[@]}" ::: \
+    prepare_agent prepare_jenkins
 
-exec java -jar /tmp/jenkins-cli.jar -s http://127.0.0.1:8080 \
-    build test-agent -s -v -f
-EOF
+"${parallel_cmd[@]}" -- \
+    build_jenkins_job ::: test-agent-declarative test-agent-scripted