Merge pull request #91 from jduimovich/ci-updates-jenkins

update to ci-test

ci-test.sh

@@ -3,6 +3,15 @@ source setup-local-dev-repos.sh
 source init-tas-vars.sh
 eval "$(hack/get-trustification-env.sh)"
 
+# setting secrets for the dev repos is slow
+# after the first setting, you can skip this step
+# warning, if your secrets are stale, do not skip this step
+SKIP_SECRETS=${SKIP_SECRETS:-false}
+
+if [ $SKIP_SECRETS == "true" ]; then
+    echo "WARNING SKIP_SECRETS set to true, skipping configuration of secrets"
+fi
+
 if [ $TEST_REPO_ORG == "redhat-appstudio" ]; then
     echo "Cannot do CI testing using the redhat-appstudio org"
     echo "You must create forks in your own org and set up MY_TEST_REPO_ORG (github) and MY_TEST_REPO_GITLAB_ORG"
@@ -13,6 +22,7 @@ function updateGitAndQuayRefs() {
     if [ -f $1 ]; then
         sed -i "s!quay.io/redhat-appstudio/rhtap-task-runner.*!quay.io/$MY_QUAY_USER/rhtap-task-runner:dev!g" $1
         sed -i "s!https://github.com/redhat-appstudio!https://github.com/$MY_GITHUB_USER!g" $1
+        sed -i "s!RHTAP_Jenkins@main!RHTAP_Jenkins@dev!g" $1
     fi
 }
 
@@ -39,6 +49,12 @@ function updateBuild() {
     updateGitAndQuayRefs $SETUP_ENV
     cat $SETUP_ENV
 }
+
+# create latest images for dev github and gitlab
+make build-push-image
+# update the jenkins library in the dev branch
+bash hack/update-jenkins-library
+
 # Repos on github and gitlab, github and jenkins
 # source repos are updated with the name of the corresponding GITOPS REPO for update-deployment
 updateBuild $BUILD $TEST_GITOPS_REPO
@@ -89,22 +105,30 @@ function updateRepos() {
 # set secrets and then push to repos to ensure pipeline runs are
 # with correct values
 # github
-bash hack/ghub-set-vars $TEST_BUILD_REPO
-bash hack/ghub-set-vars $TEST_GITOPS_REPO
+if [ $SKIP_SECRETS == "false" ]; then
+    bash hack/ghub-set-vars $TEST_BUILD_REPO
+    bash hack/ghub-set-vars $TEST_GITOPS_REPO
+fi
+
 updateRepos $BUILD
 updateRepos $GITOPS
 
 # gitlab
-bash hack/glab-set-vars $(basename $TEST_BUILD_GITLAB_REPO)
-bash hack/glab-set-vars $(basename $TEST_GITOPS_GITLAB_REPO)
+if [ $SKIP_SECRETS == "false" ]; then
+    bash hack/glab-set-vars $(basename $TEST_BUILD_GITLAB_REPO)
+    bash hack/glab-set-vars $(basename $TEST_GITOPS_GITLAB_REPO)
+fi
 updateRepos $GITLAB_BUILD
 updateRepos $GITLAB_GITOPS
 
 # Jenkins
 # note, jenkins secrets are global so set once"
-bash hack/jenkins-set-secrets
+if [ $SKIP_SECRETS == "false" ]; then
+    bash hack/jenkins-set-secrets
+fi
 updateRepos $JENKINS_BUILD
 updateRepos $JENKINS_GITOPS
+bash hack/jenkins-run-pipeline $(basename $TEST_BUILD_JENKINS_REPO)
 
 echo
 echo "Github Build and Gitops Repos"

generated/gitops-template/githubactions/.github/workflows/gitops-promotion.yml

@@ -43,11 +43,12 @@ jobs:
     runs-on: ubuntu-24.04
     container:
       image: quay.io/redhat-appstudio/rhtap-task-runner:latest
+      options: --privileged
     environment: production
 
     steps:
     - name: Check for required secrets
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           const secrets = {
@@ -83,7 +84,7 @@ jobs:
             core.info(`✅ All the required secrets are set`);
           }
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: '2'
     - name: Pre-init

generated/source-repo/githubactions/.github/workflows/build-and-update-gitops.yml

@@ -51,7 +51,7 @@ jobs:
 
     steps:
     - name: Check for required secrets
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           const secrets = {
@@ -88,7 +88,7 @@ jobs:
             core.info(`✅ All the required secrets are set`);
           }
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: '2'
     - name: Pre-init

hack/jenkins-run-pipeline

@@ -1,16 +1,16 @@
 #!/bin/bash
 SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
 
-ENV="MY_JENKINS_SERVER MY_JENKINS_USER MY_JENKINS_BUILD_TOKEN MY_JENKINS_TOKEN COSIGN_SECRET_PASSWORD COSIGN_SECRET_KEY COSIGN_PUBLIC_KEY "
-
-ENV+=" ACS__API_TOKEN ACS__CENTRAL_ENDPOINT GITOPS_AUTH_PASSWORD "
-source $SCRIPTDIR/../rhtap/verify-deps-exist "$ENV" "java "
+ENV="MY_JENKINS_SERVER MY_JENKINS_USER MY_JENKINS_BUILD_TOKEN MY_JENKINS_TOKEN"
+source $SCRIPTDIR/../rhtap/verify-deps-exist "$ENV" "curl "
 
 PNAME=$1
 if [ -z $PNAME ]; then
     echo $0 pipelinename
     exit 0
 fi
 
-curl -X POST -u $MY_JENKINS_USER:$MY_JENKINS_TOKEN \
-    $MY_JENKINS_SERVER/job/$PNAME/build?token=$MY_JENKINS_BUILD_TOKEN
+http_code=$(curl -s -w "%{http_code}" -u $MY_JENKINS_USER:$MY_JENKINS_TOKEN \
+    ${MY_JENKINS_SERVER}job/$PNAME/build?token=$MY_JENKINS_BUILD_TOKEN)
+
+echo "Started pipeline $PNAME http_code = $http_code"

hack/update-jenkins-library

@@ -0,0 +1,53 @@
+#!/bin/bash
+SCRIPTDIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" > /dev/null 2>&1 && pwd)"
+
+# Copy the jenkins file contents the shared library
+# Can be used to update the release by setting
+# JENKIN_SHARED_LIB_USER=redhat-appstudio
+# JENKIN_SHARED_LIB_BRANCH=main
+# For dev the  default is MY_GITHUB_USER and dev branch
+# see ci-test for branch munging in scripts
+# JENKIN_SHARED_LIB_USER=$MY_GITHUB_USER
+# JENKIN_SHARED_LIB_BRANCH=dev
+
+JENKIN_SHARED_LIB_USER=${JENKIN_SHARED_LIB_USER:-$MY_GITHUB_USER}
+JENKIN_SHARED_LIB_BRANCH=${JENKIN_SHARED_LIB_BRANCH:-dev}
+
+echo "Updating Jenkins shared lib for $JENKIN_SHARED_LIB_USER in branch $JENKIN_SHARED_LIB_BRANCH"
+
+WORKDIR=$(mktemp -d)
+JENKINS_SHARED_LIB=$WORKDIR/jenkins-library
+REPO=https://github.com/$JENKIN_SHARED_LIB_USER/tssc-sample-jenkins
+
+MULTI_CI=$(pwd)
+GEN_SRC=$MULTI_CI/generated/source-repo
+GEN_GITOPS=$MULTI_CI/generated/gitops-template
+
+git clone --quiet $REPO $JENKINS_SHARED_LIB
+cd $JENKINS_SHARED_LIB
+if [ $(git rev-parse --verify $JENKIN_SHARED_LIB_BRANCH 2> /dev/null) ]; then
+    echo "$JENKIN_SHARED_LIB_BRANCH exists"
+    git checkout $JENKIN_SHARED_LIB_BRANCH
+    git pull
+else
+    echo "$JENKIN_SHARED_LIB_BRANCH branch created"
+    git checkout -b $JENKIN_SHARED_LIB_BRANCH
+    git branch --set-upstream-to=origin/$JENKIN_SHARED_LIB_BRANCH
+fi
+
+# copy scripts and groovy files in to proper locations
+# delete extra files - We should move these outside of ./rhtap
+# so we don't copy extra files by mistake
+cp $MULTI_CI/rhtap/* $JENKINS_SHARED_LIB/resources
+cp $MULTI_CI/rhtap.groovy $JENKINS_SHARED_LIB/vars
+# skip the env.template.sh files, they are not for the library
+# we should consider copying the Jenkins files for gitops and src into a jenkinsfile-samples
+# so the latest Jenkinsfile is up to date in the library
+rm -rf $JENKINS_SHARED_LIB/resources/env.template.sh
+rm -rf $JENKINS_SHARED_LIB/resources/signing-secret-env.sh
+git add .
+git commit -m "Jenkins library update from tssc-dev-multi-ci"
+git status
+pwd
+git pull
+git push --set-upstream origin $JENKIN_SHARED_LIB_BRANCH

hack/wait-for-gitops-update.sh

@@ -31,9 +31,14 @@ function promoteIfUpdated() {
     echo "P: ${!PREV_IMAGE_ENV_NAME}"
     echo "C: $CURRENT_IMAGE"
 
+    DEFAULT_INIT_IMAGE="quay.io/redhat-appstudio/dance-bootstrap-app:latest"
     if [[ "${!PREV_IMAGE_ENV_NAME}" != "$CURRENT_IMAGE" ]]; then
-        echo "$REPO being updated from ${!PREV_IMAGE_ENV_NAME} to $CURRENT_IMAGE"
-        bash $SCRIPTDIR/rhtap-promote --repo $REPO
+        echo "$REPO dev changes, from ${!PREV_IMAGE_ENV_NAME} to $CURRENT_IMAGE"
+        if [[ "$CURRENT_IMAGE" == "$DEFAULT_INIT_IMAGE" ]]; then
+            echo "Image changed back to default, skipping using PR to promote image"
+        else
+            bash $SCRIPTDIR/rhtap-promote --repo $REPO
+        fi
         eval "$PREV_IMAGE_ENV_NAME"="$CURRENT_IMAGE"
     fi
 }
@@ -47,8 +52,16 @@ function pushIfUpdated() {
     echo "C: $CURRENT_IMAGE"
 
     if [[ "${!PREV_IMAGE_ENV_NAME}" != "$CURRENT_IMAGE" ]]; then
-        echo "$REPO  being updated from ${!PREV_IMAGE_ENV_NAME} to $CURRENT_IMAGE"
-        bash $SCRIPTDIR/rhtap-push-dev --repo $REPO
+        echo "$REPO dev changes, from ${!PREV_IMAGE_ENV_NAME} to $CURRENT_IMAGE"
+        if [[ "$CURRENT_IMAGE" == "$DEFAULT_INIT_IMAGE" ]]; then
+            echo "Image changed, skipping reset for default base image"
+        else
+            # jenkins update the gitops repo with a push and then run the job
+            bash $SCRIPTDIR/rhtap-push-dev --repo $REPO
+            JOB=$(basename $REPO)
+            echo "Running Jenkins Job"
+            bash $SCRIPTDIR/jenkins-run-pipeline $JOB
+        fi
         eval "$PREV_IMAGE_ENV_NAME"="$CURRENT_IMAGE"
     fi
 }

templates/gitops-template/gitops-promotion.yml.njk

@@ -39,11 +39,12 @@ jobs:
     runs-on: ubuntu-24.04
     container:
       image: quay.io/redhat-appstudio/rhtap-task-runner:latest
+      options: --privileged
     environment: production
 
     steps:
     - name: Check for required secrets
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           {#-
@@ -78,7 +79,7 @@ jobs:
             core.info(`✅ All the required secrets are set`);
           }
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: '2'
     - name: Pre-init

templates/source-repo/build-and-update-gitops.yml.njk

@@ -50,7 +50,7 @@ jobs:
 
     steps:
     - name: Check for required secrets
-      uses: actions/github-script@v6
+      uses: actions/github-script@v7
       with:
         script: |
           {#-
@@ -89,7 +89,7 @@ jobs:
             core.info(`✅ All the required secrets are set`);
           }
     - name: Check out repository
-      uses: actions/checkout@v3
+      uses: actions/checkout@v4
       with:
         fetch-depth: '2'
     - name: Pre-init