packer-images/Jenkinsfile_k8s at main · jenkins-infra/packer-images · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
// Scripted version
if (env.BRANCH_IS_PRIMARY) {
  // dedicated properties for master branch
  properties([
    buildDiscarder(logRotator(numToKeepStr: '10')),
    // Daily build is enough: only the tagged build would generate downstream PRs on jenkins-infra
    pipelineTriggers([cron('@daily')]),
    // Do not build concurently on the principal branch (to avoid Azure ARM issues with shared resources)
    disableConcurrentBuilds(),
  ])
}

if (env.CHANGE_ID) {
  properties([
    // Do not build concurently on pull requests (to avoid Azure ARM issues with shared resources), and abort previous running build
    disableConcurrentBuilds(abortPrevious: true)
  ])
}

// Initialize the packer project by installing the plugins in $PACKER_HOME_DIR/ - ref. https://www.packer.io/docs/configure
// This function must be called for each distinct agent but only one time (as plugins are OS and CPU specifics)
def packerInitPlugins() {
  // Authenticating to the GitHub API with an API token (auto-generated IAT, valid for 1 hour) provided to the environment variable PACKER_GITHUB_API_TOKEN
  // to avoid hitting the rate limit. Ref. https://www.packer.io/docs/commands/init.
  withCredentials([usernamePassword(credentialsId: 'github-app-infra',usernameVariable: 'UNUSED',passwordVariable: 'PACKER_GITHUB_API_TOKEN')]) {
    // Cleanup any remnant of packer plugins on this agent
    sh 'rm -rf /home/jenkins/.config /home/jenkins/.packer*'
    sh 'packer init ./'
  }
}

// The node to be used depends on the build type: this function executes the pipeline code block provided as "body"
// into the correct node type based on the provided arguments
def withPackerNode(String packer_template, String compute_type, String cpu_architecture, Closure body) {
  // Build ARM64 CPU Docker images on a native machine (faster than using the local qemu)
  if (cpu_architecture == 'amd64' && compute_type == 'docker') {
    node('linux-amd64-docker') {
      // New agent workspace specified as scripted requires an explicit checkout (compared to declarative)
      def GIT_COMMIT = checkout(scm).GIT_COMMIT

      // New agent means new packer project to initialize (plugins)
      packerInitPlugins()

      return body.call()
    }
  } else {
    // No node allocation: keep the same default agent node (e.g. declarative top-level)
    return body.call()
  }
}


node('linux-arm64-docker') {
  withEnv(["PATH=${env.PATH}:/home/jenkins/.asdf/shims:/home/jenkins/.asdf/bin"]) {
    timeout(time: 150, unit: 'MINUTES') {
      // New agent workspace specified as scripted requires an explicit checkout (compared to declarative)
      def GIT_COMMIT = checkout(scm).GIT_COMMIT

      // Side Tasks stage
      withEnv(["DRYRUN=${env.BRANCH_IS_PRIMARY ? 'false' : 'true'}"]) {
        stage('Packer Init') {
          // Call the initializing function once for the default agent
          packerInitPlugins()
        }
      }

      // Packer Images stage - Matrix implementation
      def matrixAxes = [
        cpu_architecture: ['amd64', 'arm64'],
        agent_type: ['ubuntu-22.04', 'windows-2019', 'windows-2022', 'windows-2025'],
        compute_type: ['amazon-ebs', 'azure-arm', 'docker']
      ]

      def matrixBranches = [:]

      matrixAxes.cpu_architecture.each { cpu_architecture ->
        matrixAxes.agent_type.each { agent_type ->
          matrixAxes.compute_type.each { compute_type ->

            // Apply excludes logic
            // Only build arm64 VMs when OS is Ubuntu (notValues) as Windows Server arm64 does not exist anywhere
            if (cpu_architecture == 'arm64' && agent_type != 'ubuntu-22.04') {
              return
            }

            // No build on Windows and Docker, not yet implemented
            if (compute_type == 'docker' && agent_type.split('-')[0] == 'windows') {
              return
            }

            def matrixKey = "${agent_type}-${compute_type}-${cpu_architecture}"

            matrixBranches[matrixKey] = {
              stage("Build Template - ${matrixKey}") {
                // Groovy quirk: create a local copy of these variables in the current loop context
                final String pkr_var_agent_os_type = agent_type.split('-')[0]
                final String pkr_var_agent_os_version = agent_type.split('-')[1]
                final String pkr_var_architecture = cpu_architecture
                final String pkr_var_image_type = compute_type
                final String pkr_var_tag_name = env.TAG_NAME

                echo 'DEBUG - Actual work'
                withEnv([
                  // AWS
                  "AWS_DEFAULT_REGION=us-east-2",
                  // Packer variables
                  // // Split packer plugins/configuration for each matrix cell - ref. https://www.packer.io/docs/configure
                  // PACKER_PLUGIN_PATH            = "${env.WORKSPACE}/plugins"
                  // Define Packer Input variables through environment variables prefixed with 'PKR_VAR_'
                  // Ref. https://www.packer.io/docs/templates/hcl_templates/variables#assigning-values-to-build-variables
                  "PKR_VAR_build_type=${env.TAG_NAME ? 'prod' : (env.BRANCH_IS_PRIMARY ? 'staging' : 'dev')}",
                  "PKR_VAR_image_version=${env.TAG_NAME ?: ((env.BRANCH_IS_PRIMARY ? 1 : 0) + '.' + (env.CHANGE_ID ?: 0) + '.' + env.BUILD_ID)}",
                  "PKR_VAR_scm_ref=${GIT_COMMIT}",
                  "PKR_VAR_agent_os_type=${pkr_var_agent_os_type}",
                  "PKR_VAR_agent_os_version=${pkr_var_agent_os_version}",
                  "PKR_VAR_architecture=${pkr_var_architecture}",
                  "PKR_VAR_image_type=${pkr_var_image_type}",
                  "PKR_VAR_azure_gallery_subscription_id=1e7d5219-acbc-4495-8629-bdbb22e9b3ed",
                  "PATH=${WORKSPACE}/.bin:${env.PATH}"
                ]) {
                  withCredentials([
                    string(credentialsId: 'packer-aws-access-key-id', variable: 'AWS_ACCESS_KEY_ID'),
                    string(credentialsId: 'packer-aws-secret-access-key', variable: 'AWS_SECRET_ACCESS_KEY'),
                    // https://plugins.jenkins.io/azure-credentials/#plugin-content-scripted-pipeline
                    azureServicePrincipal(credentialsId: 'packer-azure-serviceprincipal')
                  ]) {
                    withPackerNode(pkr_var_agent_os_type + '-' + pkr_var_agent_os_version, pkr_var_image_type, pkr_var_architecture) {
                      // Validate template (for all elements)
                      sh 'PACKER_LOG=1 packer validate ./'

                      // Execute build only for this matrix cell's setup
                      retry(count: 2, conditions: [kubernetesAgent(handleNonKubernetes: true), nonresumable()]) {
                        sh 'packer build -timestamp-ui -force -only="${PKR_VAR_image_type}.${PKR_VAR_agent_os_type}" ./'
                        // adding manually a cpu architecture tag to the docker image
                        if (pkr_var_image_type == 'docker') {
                          sh 'docker tag "jenkinsciinfra/jenkins-agent-${PKR_VAR_agent_os_type}-${PKR_VAR_agent_os_version}:latest" "jenkinsciinfra/jenkins-agent-${PKR_VAR_agent_os_type}-${PKR_VAR_agent_os_version}:${PKR_VAR_architecture}"'
                        }
                      }

                      // if docker and building a tag, push to dockerhub from inside the node
                      // else we would loose the docker image
                      if (pkr_var_image_type == 'docker' && pkr_var_tag_name != null) {
                        stage('Publish all tags for Docker image') {
                          echo "Pushing jenkinsciinfra/jenkins-agent-${pkr_var_agent_os_type}:${pkr_var_tag_name} & jenkinsciinfra/jenkins-agent-${pkr_var_agent_os_type}:latest for ${pkr_var_architecture}"
                          infra.withDockerPushCredentials {
                            sh 'docker push --all-tags jenkinsciinfra/jenkins-agent-${PKR_VAR_agent_os_type}-${PKR_VAR_agent_os_version}'
                          }
                        }
                      }
                    }
                  }
                }
              }
            }
          }
        }
      }

      parallel matrixBranches

      // Build Docker Manifest stage for ubuntu-22.04 only
      if (env.TAG_NAME != null) {
        stage('Build Docker Manifest') {
          withEnv(['agent_type=ubuntu-22.04']) {
            infra.withDockerPushCredentials {
              sh 'docker manifest create \
                  jenkinsciinfra/jenkins-agent-${agent_type}:latest \
                  --amend jenkinsciinfra/jenkins-agent-${agent_type}:arm64 \
                  --amend jenkinsciinfra/jenkins-agent-${agent_type}:amd64'
              sh 'docker manifest push jenkinsciinfra/jenkins-agent-"${agent_type}":latest'

              sh 'docker manifest create \
                  jenkinsciinfra/jenkins-agent-${agent_type}:${TAG_NAME} \
                  --amend jenkinsciinfra/jenkins-agent-${agent_type}:arm64 \
                  --amend jenkinsciinfra/jenkins-agent-${agent_type}:amd64'
              sh 'docker manifest push jenkinsciinfra/jenkins-agent-"${agent_type}":"${TAG_NAME}"'
            }
          }
        }
        stage('Publish Build Status Report') {
          publishBuildStatusReport()
        }
      }
    }
  }
}