mirror of
https://github.com/ceph/ceph-csi.git
synced 2024-11-09 16:00:22 +00:00
aca3745e24
Jenkins warns in the output of CI jobs about the following:
Warning: A secret was passed to "sh" using Groovy String interpolation, which is insecure.
Affected argument(s) used the following variable(s): [CREDS_PASSWD, CREDS_USER]
See https://jenkins.io/redirect/groovy-string-interpolation for details.
Variable with 'single quotes' and without the {curly brackets} are
expecred to not be affected. There is some indirection in the strings
passed to the `sh` function, so this approach might not fix it?
Signed-off-by: Niels de Vos <ndevos@redhat.com>
120 lines
3.9 KiB
Groovy
120 lines
3.9 KiB
Groovy
def cico_retries = 16
|
|
def cico_retry_interval = 60
|
|
def ci_git_repo = 'https://github.com/ceph/ceph-csi'
|
|
def ci_git_branch = 'ci/centos'
|
|
def git_repo = 'https://github.com/ceph/ceph-csi'
|
|
def ref = 'ci/centos'
|
|
def git_since = 'ci/centos'
|
|
def base = ''
|
|
def doc_change = 0
|
|
// private, internal container image repository
|
|
def ci_registry = 'registry-ceph-csi.apps.ocp.ci.centos.org'
|
|
def cached_image = 'ceph-csi'
|
|
def use_pulled_image = 'USE_PULLED_IMAGE=yes'
|
|
|
|
def ssh(cmd) {
|
|
sh "ssh -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no root@${CICO_NODE} '${cmd}'"
|
|
}
|
|
|
|
def podman_login(registry, username, passwd) {
|
|
ssh "podman login --authfile=~/.podman-auth.json --username=${username} --password='${passwd}' ${registry}"
|
|
}
|
|
|
|
// podman_pull pulls image from the source (CI internal) registry, and tags it
|
|
// as unqualified image name and into the destination registry. This prevents
|
|
// pulling from the destination registry.
|
|
//
|
|
// Images need to be pre-pushed into the source registry, though.
|
|
def podman_pull(source, destination, image) {
|
|
ssh "podman pull --authfile=~/.podman-auth.json ${source}/${image} && podman tag ${source}/${image} ${image} ${destination}/${image}"
|
|
}
|
|
|
|
node('cico-workspace') {
|
|
stage('checkout ci repository') {
|
|
if (params.ghprbPullId != null) {
|
|
ref = "pull/${ghprbPullId}/merge"
|
|
}
|
|
checkout([$class: 'GitSCM', branches: [[name: 'FETCH_HEAD']],
|
|
userRemoteConfigs: [[url: "${ci_git_repo}", refspec: "${ref}"]]])
|
|
}
|
|
|
|
stage('checkout PR') {
|
|
if (params.ghprbPullId != null) {
|
|
ref = "pull/${ghprbPullId}/merge"
|
|
}
|
|
if (params.ghprbTargetBranch != null) {
|
|
git_since = "${ghprbTargetBranch}"
|
|
}
|
|
|
|
sh "git clone --depth=1 --branch='${git_since}' '${git_repo}' ~/build/ceph-csi"
|
|
if (ref != git_since) {
|
|
sh "cd ~/build/ceph-csi && git fetch origin ${ref} && git checkout -b ${ref} FETCH_HEAD"
|
|
}
|
|
}
|
|
|
|
stage('check doc-only change') {
|
|
doc_change = sh(
|
|
script: "cd ~/build/ceph-csi && \${OLDPWD}/scripts/skip-doc-change.sh origin/${git_since}",
|
|
returnStatus: true)
|
|
}
|
|
// if doc_change (return value of skip-doc-change.sh is 1, do not run the other stages
|
|
if (doc_change == 1 && ref != git_since) {
|
|
currentBuild.result = 'SUCCESS'
|
|
return
|
|
}
|
|
|
|
stage('reserve bare-metal machine') {
|
|
def firstAttempt = true
|
|
retry(30) {
|
|
if (!firstAttempt) {
|
|
sleep(time: 5, unit: "MINUTES")
|
|
}
|
|
firstAttempt = false
|
|
cico = sh(
|
|
script: "cico node get -f value -c hostname -c comment --release=8 --retry-count=${cico_retries} --retry-interval=${cico_retry_interval}",
|
|
returnStdout: true
|
|
).trim().tokenize(' ')
|
|
env.CICO_NODE = "${cico[0]}.ci.centos.org"
|
|
env.CICO_SSID = "${cico[1]}"
|
|
}
|
|
}
|
|
|
|
try {
|
|
stage('prepare bare-metal machine') {
|
|
if (params.ghprbTargetBranch != null) {
|
|
base = "--base=${ghprbTargetBranch}"
|
|
}
|
|
sh 'scp -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no ./prepare.sh root@${CICO_NODE}:'
|
|
ssh "./prepare.sh --workdir=/opt/build/go/src/github.com/ceph/ceph-csi --gitrepo=${ci_git_repo} --ref=${ref} ${base}"
|
|
}
|
|
|
|
// - check if the PR modifies the container image files
|
|
// - pull the container image from the repository of no
|
|
// modifications are detected
|
|
stage('pull container image') {
|
|
def rebuild_container = sh(
|
|
script: "cd ~/build/ceph-csi && \${OLDPWD}/scripts/container-needs-rebuild.sh test origin/${git_since}",
|
|
returnStatus: true)
|
|
if (rebuild_container == 10) {
|
|
// container needs rebuild, don't pull
|
|
use_pulled_image = 'USE_PULLED_IMAGE=no'
|
|
return
|
|
}
|
|
|
|
withCredentials([usernamePassword(credentialsId: 'container-registry-auth', usernameVariable: 'CREDS_USER', passwordVariable: 'CREDS_PASSWD')]) {
|
|
podman_login(ci_registry, '$CREDS_USER', '$CREDS_PASSWD')
|
|
}
|
|
podman_pull(ci_registry, ci_registry, "${cached_image}:test")
|
|
}
|
|
stage('test') {
|
|
ssh "cd /opt/build/go/src/github.com/ceph/ceph-csi && make ENV_CSI_IMAGE_NAME=${cached_image} ${use_pulled_image}"
|
|
}
|
|
}
|
|
|
|
finally {
|
|
stage('return bare-metal machine') {
|
|
sh 'cico node done ${CICO_SSID}'
|
|
}
|
|
}
|
|
}
|