pipeline {
agent none
environment {
AWS_REGION = "us-east-2"
}
options {
ansiColor('xterm')
timestamps()
}
stages {
stage("Prepare") {
agent { label "schutzbot" }
options {
// Don't checkout the git repository here. It just clogs
// up the Jenkins disk space and does nothing for us.
skipDefaultCheckout()
}
steps {
sh (
label: "Get environment variables",
script: "env | sort"
)
}
}
stage("Mock") {
// Halt the entire pipeline if a single RPM build fails. That
// could indicate a code problem that needs to be investigated.
failFast true
parallel {
stage('Fedora 32') {
agent { label "f32cloudbase && x86_64" }
environment {
AWS_CREDS = credentials('aws-credentials-osbuildci')
}
steps {
sh "schutzbot/ci_details.sh"
sh "schutzbot/mockbuild.sh"
stash (
includes: 'osbuild-mock.repo',
name: 'fedora32'
)
}
}
stage('Fedora 33') {
agent { label "f33cloudbase && x86_64" }
environment {
AWS_CREDS = credentials('aws-credentials-osbuildci')
}
steps {
sh "schutzbot/ci_details.sh"
sh "schutzbot/mockbuild.sh"
stash (
includes: 'osbuild-mock.repo',
name: 'fedora33'
)
}
}
stage('RHEL 8 CDN') {
agent { label "rhel8cloudbase && x86_64" }
environment {
AWS_CREDS = credentials('aws-credentials-osbuildci')
RHN_REGISTRATION_SCRIPT = credentials('rhn-register-script-production')
}
steps {
sh "schutzbot/ci_details.sh"
sh "schutzbot/mockbuild.sh"
stash (
includes: 'osbuild-mock.repo',
name: 'rhel8cdn'
)
}
}
stage('RHEL 8.3 Nightly') {
agent { label "rhel83cloudbase && x86_64" }
environment {
AWS_CREDS = credentials('aws-credentials-osbuildci')
RHN_REGISTRATION_SCRIPT = credentials('rhn-register-script-production-beta')
}
steps {
sh "schutzbot/ci_details.sh"
retry(3) {
sh "schutzbot/mockbuild.sh"
}
stash (
includes: 'osbuild-mock.repo',
name: 'rhel83'
)
}
}
}
}
stage("Functional Testing") {
// Allow the other stages to finish if a single stage fails.
failFast false
parallel {
stage('Fedora 32') {
agent { label "f32cloudbase && x86_64 && psi" }
environment {
TEST_TYPE = "image"
AWS_CREDS = credentials('aws-credentials-osbuildci')
DISTRO_CODE = "fedora32"
}
steps {
unstash 'fedora32'
run_tests()
}
post {
always {
preserve_logs('fedora32-image')
}
}
}
stage('Fedora 33') {
agent { label "f33cloudbase && x86_64 && psi" }
environment {
TEST_TYPE = "image"
AWS_CREDS = credentials('aws-credentials-osbuildci')
DISTRO_CODE = "fedora33"
}
steps {
unstash 'fedora33'
run_tests()
}
post {
always {
preserve_logs('fedora33-image')
}
}
}
stage('RHEL 8 CDN') {
agent { label "rhel8cloudbase && x86_64 && psi" }
environment {
TEST_TYPE = "image"
RHN_REGISTRATION_SCRIPT = credentials('rhn-register-script-production')
AWS_CREDS = credentials('aws-credentials-osbuildci')
DISTRO_CODE = "rhel8"
}
steps {
unstash 'rhel8cdn'
run_tests()
}
post {
always {
preserve_logs('rhel8-image')
}
}
}
stage('RHEL 8.3 Image') {
agent { label "rhel83cloudbase && x86_64 && psi" }
environment {
TEST_TYPE = "image"
RHN_REGISTRATION_SCRIPT = credentials('rhn-register-script-production-beta')
AWS_CREDS = credentials('aws-credentials-osbuildci')
DISTRO_CODE = "rhel83"
}
steps {
unstash 'rhel83'
run_tests()
}
post {
always {
preserve_logs('rhel83-image')
}
}
}
}
}
}
post {
success {
node('schutzbot') {
script {
if (env.BRANCH_NAME == 'master') {
telegramSend "💚 CI passed for osbuild master branch ${env.BUILD_URL}"
}
}
}
}
unsuccessful {
node('schutzbot') {
script {
if (env.BRANCH_NAME == 'master') {
telegramSend "💣 CI failed for osbuild master branch ${env.BUILD_URL}"
}
}
}
}
}
}
// Set up a function to hold the steps needed to run the tests so we don't
// need to copy/paste the same lines over and over above.
void run_tests() {
// Get CI machine details.
sh (
label: "Get CI machine details",
script: "schutzbot/ci_details.sh"
)
// Deploy the Image Builder packages and services.
sh (
label: "Deploy",
script: "schutzbot/deploy.sh"
)
// Run the image tests.
sh (
label: "Image tests",
script: "schutzbot/run_image_tests.sh"
)
}
// Move logs to a unique location and tell Jenkins to capture them on success
// or failure.
void preserve_logs(test_slug) {
// Save the systemd journal.
sh "sudo journalctl --boot > systemd-journald.log"
// Find any AVCs in the audit log and save those.
sh "sudo grep AVC /var/log/audit/audit.log > selinux-avc.log"
// Make a directory for the log files and move the logs there.
sh "mkdir ${test_slug} && mv *.log *.jpg ${test_slug}/ || true"
// Artifact the logs.
archiveArtifacts (
allowEmptyArchive: true,
artifacts: "${test_slug}/*.log,${test_slug}/*.jpg"
)
}