forked from GoogleCloudPlatform/gke-security-scenarios-demo
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathJenkinsfile
125 lines (112 loc) · 2.97 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
/*
Copyright 2018 Google LLC
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
https://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
*/
// The declarative agent is defined in yaml. It was previously possible to
// define containerTemplate but that has been deprecated in favor of the yaml
// format
// Reference: https://github.com/jenkinsci/kubernetes-plugin
pipeline {
agent {
kubernetes {
label 'k8s-infra'
defaultContainer 'jnlp'
yaml """
apiVersion: v1
kind: Pod
metadata:
labels:
jenkins: build-node
spec:
containers:
- name: k8s-node
image: gcr.io/pso-helmsman-cicd/jenkins-k8s-node:1.1.0
imagePullPolicy: Always
command:
- cat
tty: true
volumeMounts:
# Mount the docker.sock file so we can communicate with the local docker
# daemon
- name: docker-sock-volume
mountPath: /var/run/docker.sock
# Mount the local docker binary
- name: docker-bin-volume
mountPath: /usr/bin/docker
# Mount the dev service account key
- name: dev-key
mountPath: /home/jenkins/dev
volumes:
- name: docker-sock-volume
hostPath:
path: /var/run/docker.sock
- name: docker-bin-volume
hostPath:
path: /usr/bin/docker
# Create a volume that contains the dev json key that was saved as a secret
- name: dev-key
secret:
secretName: jenkins-deploy-dev-infra
"""
}
}
environment {
GOOGLE_APPLICATION_CREDENTIALS = '/home/jenkins/dev/jenkins-deploy-dev-infra.json'
}
stages {
stage('Lint') {
steps {
container('k8s-node') {
sh "make all"
}
}
}
stage('Setup') {
steps {
container('k8s-node') {
script {
env.ZONE = "${ZONE}"
env.PROJECT_ID = "${PROJECT_ID}"
env.REGION = "${REGION}"
env.KEYFILE = GOOGLE_APPLICATION_CREDENTIALS
}
// Setup gcloud service account access
sh "gcloud auth activate-service-account --key-file=${env.KEYFILE}"
sh "gcloud config set compute/zone ${env.ZONE}"
sh "gcloud config set core/project ${env.PROJECT_ID}"
sh "gcloud config set compute/region ${env.REGION}"
}
}
}
stage('Create') {
steps {
container('k8s-node') {
sh "make create"
}
}
}
stage('Validate') {
steps {
container('k8s-node') {
sh "make validate"
}
}
}
}
post {
always {
container('k8s-node') {
sh "make teardown"
sh "gcloud auth revoke"
}
}
}
}