From ed490eff2236e2dd88543f7d6dcdd718cb479740 Mon Sep 17 00:00:00 2001 From: Ally Smith Date: Wed, 3 Apr 2019 16:24:33 -0500 Subject: [PATCH] make jenkinsfile serve private and public docs After a couple of Jenkins-based mix-ups it became obvious we needed a Jenkinsfile that would serve both public and private projects, that we could move between repos without worry. This Jenkinsfile knows which images to build and push and which swarm services to update because of the use of git_url and branch conditions. --- Jenkinsfile | 129 ++++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 104 insertions(+), 25 deletions(-) diff --git a/Jenkinsfile b/Jenkinsfile index 34916fbce7..3b54bd3e61 100644 --- a/Jenkinsfile +++ b/Jenkinsfile @@ -1,6 +1,3 @@ -def dtrVpnAddress = "vpn.corp-us-east-1.aws.dckr.io" -def ucpBundle = [file(credentialsId: "ucp-bundle", variable: 'UCP')] -def slackString = [string(credentialsId: 'slack-docs-webhook', variable: 'slack')] def reg = [credentialsId: 'csebuildbot', url: 'https://index.docker.io/v1/'] pipeline { @@ -13,6 +10,15 @@ pipeline { agent { label 'ubuntu-1604-aufs-stable' } + environment { + DTR_VPN_ADDRESS = credentials('dtr-vpn-address') + DOCKER_HOST_STRING = credentials('docker-host') + UCP_BUNDLE = credentials('ucp-bundle') + SLACK = credentials('slack-docs-webhook') + } + when { + expression { env.GIT_URL == 'https://github.com/Docker/docker.github.io.git' } + } stages { stage( 'build and push stage image' ) { when { @@ -40,48 +46,121 @@ pipeline { } } } - stage( 'update docs-stage' ) { + stage( 'update docs stage' ) { when { branch 'master' } steps { - withVpn(dtrVpnAddress) { - withCredentials(ucpBundle) { - sh 'unzip -o $UCP' - } + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" withDockerRegistry(reg) { sh """ export DOCKER_TLS_VERIFY=1 export COMPOSE_TLS_VERSION=TLSv1_2 export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=tcp://ucp.corp-us-east-1.aws.dckr.io:443 + export DOCKER_HOST=$DOCKER_HOST_STRING docker service update --detach=false --force --image docs/docker.github.io:stage-${env.BUILD_NUMBER} docs-stage-docker-com_docs --with-registry-auth """ } } } } - stage( 'update docs-prod' ) { + stage( 'update docs prod' ) { when { branch 'published' } steps { - withVpn(dtrVpnAddress) { - withCredentials(ucpBundle) { - sh 'unzip -o $UCP' + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" + withDockerRegistry(reg) { + sh """ + cd ucp-bundle-success_bot + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image docs/docker.github.io:prod-${env.BUILD_NUMBER} docs-docker-com_docs --with-registry-auth + curl -X POST -H 'Content-type: application/json' --data '{"text":"Successfully published docs. https://docs.docker.com/"}' $SLACK + """ } - withCredentials(slackString) { - withDockerRegistry(reg) { - sh """ - cd ucp-bundle-success_bot - export DOCKER_TLS_VERIFY=1 - export COMPOSE_TLS_VERSION=TLSv1_2 - export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot - export DOCKER_HOST=tcp://ucp.corp-us-east-1.aws.dckr.io:443 - docker service update --detach=false --force --image docs/docker.github.io:prod-${env.BUILD_NUMBER} docs-docker-com_docs --with-registry-auth - curl -X POST -H 'Content-type: application/json' --data '{"text":"Successfully published docs. https://docs.docker.com/"}' $slack - """ - } + } + } + } + } + } + stage( 'docs-private' ) { + agent { + label 'ubuntu-1604-aufs-stable' + } + environment { + DTR_VPN_ADDRESS = credentials('dtr-vpn-address') + DOCKER_HOST_STRING = credentials('docker-host') + UCP_BUNDLE = credentials('ucp-bundle') + } + when { + expression { env.GIT_URL == "https://github.com/docker/docs-private.git" } + } + stages { + stage( 'build and push new beta stage image' ) { + when { + branch 'amberjack' + } + steps { + withDockerRegistry(reg) { + sh """ + docker image build --tag docs/docs-private:beta-stage-${env.BUILD_NUMBER} . && \ + docker image push docs/docs-private:beta-stage-${env.BUILD_NUMBER} + """ + } + } + } + stage( 'build and push new beta image' ) { + when { + branch 'published' + } + steps { + withDockerRegistry(reg) { + sh """ + docker image build --tag docs/docs-private:beta-${env.BUILD_NUMBER} . && \ + docker image push docs/docs-private:beta-${env.BUILD_NUMBER} + """ + } + } + } + stage( 'update beta stage service' ) { + when { + branch 'amberjack' + } + steps { + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" + withDockerRegistry(reg) { + sh """ + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image docs/docs-private:beta-stage-${env.BUILD_NUMBER} docs-beta-stage-docker-com_docs --with-registry-auth + """ + } + } + } + } + stage( 'update beta service' ) { + when { + branch 'published' + } + steps { + withVpn("$DTR_VPN_ADDRESS") { + sh "unzip -o $UCP_BUNDLE" + withDockerRegistry(reg) { + sh """ + export DOCKER_TLS_VERIFY=1 + export COMPOSE_TLS_VERSION=TLSv1_2 + export DOCKER_CERT_PATH=${WORKSPACE}/ucp-bundle-success_bot + export DOCKER_HOST=$DOCKER_HOST_STRING + docker service update --detach=false --force --image docs/docs-private:beta-${env.BUILD_NUMBER} docs-beta-docker-com_docs --with-registry-auth + """ } } }