RHINENG-22499: jeniknsfile for gh-pr-and-build job#2055
Draft
MichaelMraka wants to merge 1 commit intoRedHatInsights:masterfrom
Draft
RHINENG-22499: jeniknsfile for gh-pr-and-build job#2055MichaelMraka wants to merge 1 commit intoRedHatInsights:masterfrom
MichaelMraka wants to merge 1 commit intoRedHatInsights:masterfrom
Conversation
Reviewer's GuideIntroduces a new Jenkins declarative pipeline (Jenkinsfile) that replaces existing gh-build-master and gh-pr-check jobs with a PR-only validation stage and a main-branch-only build/deploy stage that uses Vault-managed Quay credentials, plus workspace cleanup after each run. Sequence diagram for PR-only validation stage in Jenkins pipelinesequenceDiagram
actor Developer
participant GitHub
participant Jenkins
participant ScriptPR as pr_check_sh
Developer->>GitHub: Open_or_update_pull_request
GitHub-->>Jenkins: Webhook_push_with_CHANGE_ID
Jenkins->>Jenkins: Evaluate_changeRequest_condition
alt Is_pull_request
Jenkins->>ScriptPR: Execute_pr_check_sh
ScriptPR-->>Jenkins: Validation_results
Jenkins-->>GitHub: Report_PR_check_status
else Not_pull_request
Jenkins-->>GitHub: Skip_PR_Check_stage
end
Sequence diagram for main branch build and deploy with Vault-managed credentialssequenceDiagram
actor Developer
participant GitHub
participant Jenkins
participant Vault as VaultBuildWrapper
participant ScriptBuild as build_deploy_sh
participant Quay
Developer->>GitHub: Merge_to_main
GitHub-->>Jenkins: Webhook_push_to_main
Jenkins->>Jenkins: Evaluate_branch_main_condition
alt Is_main_branch
Jenkins->>Vault: Wrap_Build_stage
Vault-->>Jenkins: Inject_QUAY_USER_and_QUAY_TOKEN_env
Jenkins->>ScriptBuild: Execute_build_deploy_sh
ScriptBuild->>Quay: Push_image_with_QUAY_credentials
Quay-->>ScriptBuild: Push_result
ScriptBuild-->>Jenkins: Build_deploy_status
else Not_main_branch
Jenkins-->>GitHub: Skip_Build_stage
end
Jenkins->>Jenkins: Clean_workspace
Flow diagram for Jenkinsfile stages and branch conditionsflowchart TD
Start[[Pipeline start]]
PRCheck{Is_changeRequest}
RunPR[Run pr_check.sh]
BuildCheck{Is_branch_main}
WrapVault[Wrap Build stage with VaultBuildWrapper
and inject QUAY_USER and QUAY_TOKEN]
RunBuild[Run build_deploy.sh]
Clean[Clean workspace with cleanWs]
End[[Pipeline end]]
Start --> PRCheck
PRCheck -->|Yes| RunPR
PRCheck -->|No| BuildCheck
RunPR --> BuildCheck
BuildCheck -->|Yes| WrapVault
BuildCheck -->|No| Clean
WrapVault --> RunBuild --> Clean --> End
File-Level Changes
Tips and commandsInteracting with Sourcery
Customizing Your ExperienceAccess your dashboard to:
Getting Help
|
SC Environment Impact AssessmentOverall Impact: 🟢 LOW View full reportSummary
Detailed Findings🟢 LOW ImpactEnvironment configuration change detected
Required Actions
This assessment was automatically generated. Please review carefully and consult with the ROSA Core team for critical/high impact changes. |
a3748dd to
1a200a6
Compare
replacement of gh-build-master and gh-pr-check
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
replacement of gh-build-master and gh-pr-check
Secure Coding Practices Checklist GitHub Link
Secure Coding Checklist
Summary by Sourcery
Introduce a Jenkins pipeline to run PR checks and main-branch builds with secure secret handling and workspace cleanup.
Build:
CI: