2019-05-02 17:29:11 +02:00
|
|
|
import groovy.text.GStringTemplateEngine
|
|
|
|
|
|
|
|
import static com.sap.piper.Prerequisites.checkScript
|
|
|
|
|
|
|
|
import com.sap.piper.GenerateDocumentation
|
|
|
|
import com.sap.piper.ConfigurationHelper
|
|
|
|
import com.sap.piper.Utils
|
|
|
|
|
|
|
|
import groovy.transform.Field
|
|
|
|
|
|
|
|
@Field def STEP_NAME = getClass().getName()
|
|
|
|
|
|
|
|
@Field Set GENERAL_CONFIG_KEYS = []
|
|
|
|
@Field Set STEP_CONFIG_KEYS = [
|
|
|
|
/**
|
|
|
|
* Defines the build options for the [kaniko](https://github.com/GoogleContainerTools/kaniko) build.
|
|
|
|
*/
|
|
|
|
'containerBuildOptions',
|
|
|
|
/** @see dockerExecute */
|
|
|
|
'containerCommand',
|
|
|
|
/** Defines the full name of the Docker image to be created including registry, image name and tag like `my.docker.registry/path/myImageName:myTag`.*/
|
|
|
|
'containerImageNameAndTag',
|
|
|
|
/** @see dockerExecute */
|
|
|
|
'containerShell',
|
|
|
|
/**
|
|
|
|
* Defines the command to prepare the Kaniko container.
|
|
|
|
* By default the contained credentials are removed in order to allow anonymous access to container registries.
|
|
|
|
*/
|
|
|
|
'containerPreparationCommand',
|
|
|
|
/**
|
|
|
|
* List containing download links of custom TLS certificates. This is required to ensure trusted connections to registries with custom certificates.
|
|
|
|
*/
|
|
|
|
'customTlsCertificateLinks',
|
|
|
|
/**
|
|
|
|
* Defines the location of the Dockerfile relative to the Jenkins workspace.
|
|
|
|
*/
|
|
|
|
'dockerfile',
|
|
|
|
/**
|
|
|
|
* Defines the id of the file credentials in your Jenkins credentials store which contain the file `.docker/config.json`.
|
|
|
|
* You can find more details about the Docker credentials in the [Docker documentation](https://docs.docker.com/engine/reference/commandline/login/).
|
|
|
|
*/
|
|
|
|
'dockerConfigJsonCredentialsId',
|
|
|
|
/** @see dockerExecute */
|
|
|
|
'dockerEnvVars',
|
|
|
|
/** @see dockerExecute */
|
|
|
|
'dockerOptions',
|
|
|
|
/** @see dockerExecute */
|
|
|
|
'dockerImage'
|
|
|
|
]
|
|
|
|
@Field Set PARAMETER_KEYS = STEP_CONFIG_KEYS
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Executes a [Kaniko](https://github.com/GoogleContainerTools/kaniko) build for creating a Docker container.
|
|
|
|
*/
|
|
|
|
@GenerateDocumentation
|
|
|
|
void call(Map parameters = [:]) {
|
|
|
|
handlePipelineStepErrors(stepName: STEP_NAME, stepParameters: parameters) {
|
|
|
|
|
|
|
|
final script = checkScript(this, parameters) ?: this
|
|
|
|
|
|
|
|
// load default & individual configuration
|
|
|
|
Map config = ConfigurationHelper.newInstance(this)
|
|
|
|
.loadStepDefaults()
|
|
|
|
.mixinGeneralConfig(script.commonPipelineEnvironment, GENERAL_CONFIG_KEYS)
|
|
|
|
.mixinStepConfig(script.commonPipelineEnvironment, STEP_CONFIG_KEYS)
|
|
|
|
.mixinStageConfig(script.commonPipelineEnvironment, parameters.stageName?:env.STAGE_NAME, STEP_CONFIG_KEYS)
|
|
|
|
.mixin(parameters, PARAMETER_KEYS)
|
|
|
|
.use()
|
|
|
|
|
2019-07-02 13:00:36 +02:00
|
|
|
// telemetry reporting
|
2019-05-02 17:29:11 +02:00
|
|
|
new Utils().pushToSWA([
|
|
|
|
step: STEP_NAME
|
|
|
|
], config)
|
|
|
|
|
|
|
|
def buildOptions = new GStringTemplateEngine().createTemplate(config.containerBuildOptions).make([config: config, env: env]).toString()
|
|
|
|
|
|
|
|
if (!buildOptions.contains('--destination')) {
|
|
|
|
if (config.containerImageNameAndTag) {
|
|
|
|
buildOptions += " --destination ${config.containerImageNameAndTag}"
|
|
|
|
} else {
|
|
|
|
buildOptions += " --no-push"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
dockerExecute(
|
|
|
|
script: script,
|
|
|
|
containerCommand: config.containerCommand,
|
|
|
|
containerShell: config.containerShell,
|
|
|
|
dockerEnvVars: config.dockerEnvVars,
|
|
|
|
dockerImage: config.dockerImage,
|
|
|
|
dockerOptions: config.dockerOptions
|
|
|
|
) {
|
|
|
|
// prepare kaniko container for running with proper Docker config.json and custom certificates
|
|
|
|
// custom certificates will be downloaded and appended to ca-certificates.crt file used in container
|
|
|
|
sh """#!${config.containerShell}
|
|
|
|
${config.containerPreparationCommand}
|
|
|
|
${getCertificateUpdate(config.customTlsCertificateLinks)}
|
|
|
|
"""
|
|
|
|
|
|
|
|
def uuid = UUID.randomUUID().toString()
|
|
|
|
if (config.dockerConfigJsonCredentialsId) {
|
|
|
|
// write proper config.json with credentials
|
|
|
|
withCredentials([file(credentialsId: config.dockerConfigJsonCredentialsId, variable: 'dockerConfigJson')]) {
|
|
|
|
writeFile file: "${uuid}-config.json", text: readFile(dockerConfigJson)
|
|
|
|
}
|
|
|
|
} else {
|
|
|
|
// empty config.json to allow anonymous authentication
|
|
|
|
writeFile file: "${uuid}-config.json", text: '{"auths":{}}'
|
|
|
|
}
|
|
|
|
|
|
|
|
// execute Kaniko
|
|
|
|
sh """#!${config.containerShell}
|
|
|
|
mv ${uuid}-config.json /kaniko/.docker/config.json
|
|
|
|
/kaniko/executor --dockerfile ${env.WORKSPACE}/${config.dockerfile} --context ${env.WORKSPACE} ${buildOptions}"""
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
private String getCertificateUpdate(List certLinks) {
|
|
|
|
String certUpdate = ''
|
|
|
|
|
|
|
|
if (!certLinks) return certUpdate
|
|
|
|
|
|
|
|
certLinks.each {link ->
|
|
|
|
certUpdate += "wget ${link} -O - >> /kaniko/ssl/certs/ca-certificates.crt\n"
|
|
|
|
}
|
|
|
|
return certUpdate
|
|
|
|
}
|