Jenkins Pipeline Library
This repository is here to help for understanding and leveraging the capabilities of the Jenkins Pipeline Library (jenkins-pipeline-library).
This library is designed to streamline and standardize Jenkins pipeline configurations across projects according to eclipse foundation infrastructure specificities.
-
ContainerBuild: Build docker images in eclipse foundation infrastructure (based on buildkit) and publish to any container registry such a docker.io, ... -
Jamstack: Build and publish eclipse foundation static website based on hugo framework.
- Jenkins Pipeline Library
Configuring Jenkins Shared Library
Jenkins Shared Libraries provide a way to centralize and reuse code across multiple pipelines.
If you want to use this shared library named jenkins-pipeline-library follow these steps to configure it in Jenkins.
- Jenkins Configuration:
- Log in to your Jenkins instance
- Navigate to "Manage Jenkins" > "Configure System" or to your multibranch pipeline project configuration
- Configure Global Pipeline Libraries:
- "Pipeline Libraries" section.
- Click on "Add" to add a new library.
- Library Configuration:
- Enter a name for the library :
releng-pipeline - Specify the default version (e.g.,
mainor a specificbranch/tag). - Set the retrieval method:
Modern SCM for Git - Enter the library source: `https://gitlab.eclipse.org/eclipsefdn/it/releng/jenkins-pipeline-service/jenkins-pipeline-library``
Now, you can use the shared library in your Jenkinsfile by referencing functions or steps defined in jenkins-pipeline-library. For example:
@Library('releng-pipeline') _
pipeline {
agent any
stages {
stage('Build') {
steps {
relengPipeline.buildStep()
}
}
}
}By following these steps, you've configured and imported the jenkins-pipeline-library with the import name releng-pipeline into your Jenkins environment.
NOTE: shared library can also be configure at multibranch pipeline configuration level.
ContainerBuild
Build docker images in eclipse foundation infrastructure (based on buildkit) and publish to any container registry such a docker.io, ...
Using containerBuild in a stage
@Library('releng-pipeline') _
pipeline {
agent any
environment {
HOME = "${env.WORKSPACE}"
}
stages {
stage('build') {
agent {
kubernetes {
yaml loadOverridableResource(
libraryResource: 'org/eclipsefdn/container/agent.yml'
)
}
}
steps {
container('containertools') {
containerBuild(
credentialsId: '<jenkins-credential-id>',
name: 'docker.io/<namespace-name>/<container-name>',
version: 'latest'
)
}
}
}
}
}IMPORTANT: Don't forget to configure the HOME env!
containerBuild as a Pipeline
Define a full pipeline to build and deploy container image to a registry from a project.
@Library('releng-pipeline') _
containerBuildPipeline(
credentialsId: '<jenkins-credential-id>',
name: 'docker.io/<namespace-name>/<container-name>',
version: 'latest'
)NOTE: No need to define the agent here. Can be overrided with kubeAgentYmlFile param.
Advanced Configuration
| Parameter | Default Value | Description | Required |
|---|---|---|---|
| credentialsId | null | Registry credentials | Yes |
| registry | docker.io | Default Docker registry | No |
| name | null | Image name (default docker.io) | Yes |
| version | latest | Default image version | No |
| extraVersions | [] | Allows to tag image with different versions | No |
| aliases | null | Adding extra aliases to container image | No |
| dockerfile | Dockerfile | Path to the Dockerfile | No |
| context | . | Build context | No |
| push | true | Enable push by default | No |
| buildArg | '' | Additional build arguments | No |
| annotation | true | Enable image annotations by default | No |
| latest | false | Tag container image with latest version | No |
| debug | false | Default debug mode | No |
| kubeAgentYmlFile | null | Kubernetes agent configuration YAML file (only available in containerBuildPipeline) | No |
More use case
More examples are available in the sample project: jenkins-pipeline-library-sample
More use cases in the test suite: jenkins-pipeline-library-sample test suite
Common errors
- Error: mkdir /.docker: permission denied
Define HOME env var
environment {
HOME = "${env.WORKSPACE}"
}- WorkflowScript: 25: Expected a step @ line xx, column xx.
Adding script tag arround your specific code
steps {
String name = env.REPO_NAME + '/alpine'
String versions = ['edge', '3.16', '3.17', '3.18']
versions.each { version ->
container('containertools') {
containerBuild(
...
)
}
}
}to
steps {
script {
String name = env.REPO_NAME + '/alpine'
String versions = ['edge', '3.16', '3.17', '3.18']
versions.each { version ->
container('containertools') {
...
)
}
}
}
}Jamstack: hugo website
Build and publish eclipse foundation static website based on hugo framework.
Configuration
@Library('releng-pipeline') _
hugo (
appName: 'site-name.org',
productionDomain: 'site-name.org'
)- The hugo pipeline has several options that you can customize.
- Remove unnecessary
Dockerfile,docker-compose.yml, Kubernetes resource files (e.g. the folderk8s/orsrc/main/k8s)
Jenkins job changes
- If site is on GitLab, ensure that the job configuration uses
GitLab username/tokenas Checkout Credentials rather thanGitLab username/passwordin the Branch Sources section of the job configuration.- Until done, you may experience build failures with
curl: (22) The requested URL returned error: 401in the build logs.
- Until done, you may experience build failures with
Nginx front LB changes
- Once the change above leaded to a proper preview being deployed, it's time to deploy to production.
- Merge the change
- Change the front load balancer configuration, e.g. change
proxy_pass http://www-http/;toproxy_pass https://okd-ingress-tls$request_uri;if the previous site was deployed onwww-httpVMs. - If the site was already served from the cluster, you will need to do 2 things, and it will create a short downtime (otherwise, you're done)
- Remove all kubernetes resources associated with the current production and staging app/site (ask a releng or a sysadmin to do so)
- Restart a build for the production branch of the site.
How to deploy a jamstack pipeline in a new namespace?
-
Create a new namespace in the target cluster [webmaster]
oc create ns ${NAMESPACE} -
Grant edit role to the CI user (e.g.
ci-bot) to the namespaceoc adm policy add-role-to-user edit "system:serviceaccount:<jenkins-agents-namespace>:ci-bot" -n ${NAMESAPCE}
How to activate authBasic
hugo(
appName: ...,
...
deployment: [
domain: ...,
authBasic: true
]
)Create and set up the secret in kubernetes:
sudo apt-get install apache2-utils
sudo htpasswd -bc /tmp/.htpasswd my_user my_passwd
oc create secret generic <appName>-authbasic-secret --from-file=htpasswd=/tmp/.htpasswd -n ${NAMESPACE}Manage dockerhub private registry
Create a secret based on project bot and in the project kubernetes namespace.
oc create secret docker-registry --namespace ${NAMESPACE} dockerconfigjson-jamstack \
--docker-server=docker.io \
--docker-username=<bot_name> \
--docker-password=<bot_token> \
--docker-email=<bot_name>@eclipse.org \ Link the secret to the default service account.
oc secrets link --namespace ${NAMESPACE} default dockerconfigjson-jamstack --for=pullHow to develop this preview library
This library depends on the kube-deploy Jsonnet library hosted at https://gitlab.eclipse.org/eclipsefdn/it/releng/kube-deploy. Dependencies are managed by https://github.com/jsonnet-bundler/jsonnet-bundler. If you need to use a newer version of kube-deploy, you will have to update the jsonnetfile.json file, e.g. resources/org/eclipsefdn/jamstack/deployment/jsonnetfile.json. During pipeline execution, only jb install is called, not jb update
How to develop
The version used by default in pipeline should be fixed at a given version (preferably via a tag) in the Jenkins configuration. You can test changes in the library by specifying a specific version when loading the library in the Jenkinsfile, e.g. library "shared-library@main". See https://www.jenkins.io/doc/book/pipeline/shared-libraries/#library-versions for details.