duynguyen
1e5093536f
Replace harbor.fireflylab.local (external DNS, not resolvable from pods) with harbor-core.harbor.svc.cluster.local (internal ClusterIP, always resolvable). DinD insecure-registry flag allows HTTP to the internal service. values.yaml image.repository stays as harbor.fireflylab.local so kubelet pulls via the external hostname (same image, different access path).
118 lines
3.7 KiB
Groovy
118 lines
3.7 KiB
Groovy
pipeline {
|
|
agent {
|
|
kubernetes {
|
|
yaml """
|
|
apiVersion: v1
|
|
kind: Pod
|
|
spec:
|
|
containers:
|
|
- name: node
|
|
image: node:18-slim
|
|
command:
|
|
- sleep
|
|
args:
|
|
- infinity
|
|
- name: docker
|
|
image: docker:dind
|
|
securityContext:
|
|
privileged: true
|
|
env:
|
|
- name: DOCKER_TLS_CERTDIR
|
|
value: ""
|
|
args:
|
|
- --insecure-registry=harbor-core.harbor.svc.cluster.local
|
|
- name: tools
|
|
image: alpine/git
|
|
command:
|
|
- sleep
|
|
args:
|
|
- infinity
|
|
"""
|
|
}
|
|
}
|
|
|
|
environment {
|
|
APP_NAME = 'tictactoe'
|
|
HARBOR_REGISTRY = 'harbor-core.harbor.svc.cluster.local'
|
|
HARBOR_PROJECT = 'library'
|
|
IMAGE = "${HARBOR_REGISTRY}/${HARBOR_PROJECT}/${APP_NAME}"
|
|
DOCKER_HOST = 'tcp://localhost:2375'
|
|
CHART_FILE = 'manifest/helm/Chart.yaml'
|
|
VALUES_FILE = 'manifest/helm/values.yaml'
|
|
}
|
|
|
|
stages {
|
|
stage('Checkout') {
|
|
steps {
|
|
checkout scm
|
|
}
|
|
}
|
|
|
|
stage('Install & Test') {
|
|
steps {
|
|
container('node') {
|
|
sh 'npm install'
|
|
sh 'npm test'
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Build & Push Image') {
|
|
steps {
|
|
container('docker') {
|
|
withCredentials([usernamePassword(
|
|
credentialsId: 'harbor-credentials',
|
|
usernameVariable: 'HARBOR_USER',
|
|
passwordVariable: 'HARBOR_PASS'
|
|
)]) {
|
|
sh """
|
|
docker login ${HARBOR_REGISTRY} -u \${HARBOR_USER} -p \${HARBOR_PASS}
|
|
docker build -t ${IMAGE}:${BUILD_NUMBER} .
|
|
docker push ${IMAGE}:${BUILD_NUMBER}
|
|
"""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Bump Helm Chart') {
|
|
steps {
|
|
container('tools') {
|
|
script {
|
|
def content = readFile(CHART_FILE)
|
|
def matcher = content =~ /version:\s+(\d+)\.(\d+)\.(\d+)/
|
|
def newVersion = "${matcher[0][1]}.${matcher[0][2]}.${matcher[0][3].toInteger() + 1}"
|
|
sh "sed -i 's/^version: .*/version: ${newVersion}/' ${CHART_FILE}"
|
|
sh "sed -i 's/^appVersion: .*/appVersion: \"${BUILD_NUMBER}\"/' ${CHART_FILE}"
|
|
sh "sed -i 's/^ tag: .*/ tag: ${BUILD_NUMBER}/' ${VALUES_FILE}"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
stage('Commit & Push') {
|
|
steps {
|
|
container('tools') {
|
|
withCredentials([usernamePassword(
|
|
credentialsId: 'gitea-credentials',
|
|
usernameVariable: 'GIT_USER',
|
|
passwordVariable: 'GIT_PASS'
|
|
)]) {
|
|
sh """
|
|
git config user.email "jenkins@fireflylab.local"
|
|
git config user.name "Jenkins"
|
|
git add ${CHART_FILE} ${VALUES_FILE}
|
|
git commit -m "ci: bump tictactoe chart to build ${BUILD_NUMBER}"
|
|
REMOTE_URL=\$(git remote get-url origin)
|
|
AUTH_URL=\$(echo \$REMOTE_URL | sed "s|https://|https://\${GIT_USER}:\${GIT_PASS}@|")
|
|
BRANCH=\$(git rev-parse --abbrev-ref HEAD)
|
|
git push \$AUTH_URL HEAD:\$BRANCH
|
|
"""
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|