导语:在凭证中创建好harbor推送用户之后,通过jenkins推送镜像。无需在对应服务器上登录对应账号,提升安全性。
#!groovy
pipeline {
agent {
label 'ssd'
}
//定义构建参数
parameters {
gitParameter branchFilter: 'origin/(.*)', defaultValue: 'ge-edison-211111-cta210930', description: '代码的分支', name: 'RELEASE_VERSION', type: 'PT_BRANCH', listSize: '12', quickFilterEnabled: true
choice(name: 'NameSpace', choices: getNamespaceChoices(), description: '请选择需要发布的环境----namespace')
choice(name: 'Ip', choices: getIpChoices(), description: '请选择需要部署的ip地址,默认选项为不发布到服务器仅构建镜像,测试集群请选择cluster----namespace')
string(name: 'build_cmd', defaultValue: 'npm set registry https://registry.npmjs.org/;npm install;npm run generate', description: '构建命令')
}
// environment {
// // 项目名称
// Unzip_Path = "/data1/TestPackage/${JOB_NAME}/"
// }
options {
timestamps()
//保持构建的最大个数
buildDiscarder(logRotator(numToKeepStr: '10'))
}
//执行任务模块
stages {
//拉取安装包
stage('下代码') {
steps {
script {
sh """rm -rf ${WORKSPACE}/Dockerfile && rm -rf ${WORKSPACE}/svrshell.yaml """ // 在Git代码更新之前执行Shell命令
}
git branch: "${params.RELEASE_VERSION}", credentialsId: 'c67c4b89-804c-4e58-8e4f-1e15eb14502b', url: 'http://gitlab.abc.com/ai_server/ai_server_console_ui'
script {
wrap([$class: 'BuildUser']) {
def deploylog = "${BUILD_USER} use pipeline '${JOB_NAME}(${BUILD_NUMBER})' "
println deploylog
buildName "#${BUILD_NUMBER}^-${params.RELEASE_VERSION}^-${BUILD_USER}^-${NameSpace}^-${Ip}"
HTTPD_LOCATION = sh(returnStdout: true, script: 'git show -s |grep -vE "commit|Date" |grep -v "^$"')
//echo "HTTPD_LOCATION =${HTTPD_LOCATION}"
buildDescription "${HTTPD_LOCATION}"
GIT_COMMITID = sh(returnStdout: true, script: 'echo -n `git rev-parse --short HEAD`')
RELEASE_VERSION = sh(returnStdout: true, script: "echo -n `echo ${RELEASE_VERSION} |sed -r 's/.*\\///'`")
Tag = "${RELEASE_VERSION}_${GIT_COMMITID}_${BUILD_NUMBER}"
}
}
}
}
stage('npm build') {
steps {
script {
docker.image('harbor.abc.com/base/node:12.22.12').inside('-u 0:0 -v ${WORKSPACE}/.npm:/root/.npm') {
sh """
cd ${WORKSPACE}
#cat Dockerfile
rm -rf svrshell console
sed -i "s!^var baseURL.*'!var baseURL = '\\/aiconsole'!g" ./api/baseApi.js
#npm set registry https://registry.npmjs.org/;npm install;npm run generate
${build_cmd}
mv dist console
ls
"""
}
}
}
}
stage('编译构建镜像') {
steps {
ansiColor('xterm') {
script {
withCredentials([usernamePassword(credentialsId: '0106ed4a-45c4-44e8-9391-d50394c84936', usernameVariable: 'HARBOR_USERNAME', passwordVariable: 'HARBOR_PASSWORD')]) {
sh """
set +x
if [ -f "${WORKSPACE}/Dockerfile" ]; then
cd ${WORKSPACE}
sed -i "s#FROM med-harbor.abc-inc.com.*#FROM harbor.abc.com/base/nginx:1.24.0#g" Dockerfile
else
echo "\033[33m分支中没有Dockerfile,将使用默认Dockerfile\033[0m"
cd ${WORKSPACE}
ls -l ${WORKSPACE}/
wget -c http://gitlab.abc.com/xujiamin/jenkins_deploy/-/raw/master/proj_default_dockerfile/svrshell/Dockerfile?inline=false -O Dockerfile
fi
echo '.git' >> .dockerignore
chmod +x run_nginx.sh
pwd
echo "\u001B[32m 输出Dockerfile内容 \u001B[0m"
cat Dockerfile
docker login -u $HARBOR_USERNAME -p $HARBOR_PASSWORD harbor.abc.com
docker build --pull -q -t harbor.abc.com/dev/${JOB_NAME}:${Tag} --no-cache .
docker push harbor.abc.com/dev/${JOB_NAME}:${Tag}
echo "\u001B[32m 镜像名: harbor.abc.com/dev/${JOB_NAME}:${Tag} \u001B[0m"
#if [[ "${Ip}" == *"cluster"* ]]; then
# echo "echo1"
#else
# echo "echo2"
#fi
"""
}
}
}
}
}
stage('部署镜像') {
when {
expression { params.Ip != '-------------' }
// expression { return env.CAUSE != 'Started by timer' }
}
steps {
script {
ansiColor('xterm') {
script {
sh """
set +x
cd ${WORKSPACE}
if ls ${WORKSPACE}/svrshell.yaml; then
# export KUBECONFIG=
echo "\u001B[32m通过分支自带yaml部署${Ip} \u001B[0m"
else
ls ${WORKSPACE}/
wget -c http://gitlab.abc.com/xujiamin/jenkins_deploy/-/raw/master/proj_default_yaml/svrshell.yaml?inline=false -O svrshell.yaml
echo "\033[33m通过运维gitlab默认yaml部署\033[0m"
fi
wget -c http://gitlab.abc.com/xujiamin/jenkins_deploy/-/raw/master/scripts/deploy_sed.sh -O deploy_sed.sh
sh deploy_sed.sh svrshell.yaml
sed -i "s#image: {{.*#image: harbor.abc.com/dev/${JOB_NAME}:${Tag}#g" svrshell.yaml
#if [ "${Ip}" = "abc-cluster" ]; then
sed -i 's#value: "81"#value: "80"#g' svrshell.yaml
sed -i 's#ort: 81#ort: 80#g' svrshell.yaml
#fi
cat svrshell.yaml | ssh root@${Ip} "kubectl -n ${NameSpace} apply -f -"
"""
}
}
}
}
}
// stage('images-scan') {
// agent {
// label "10.10.3.239"
// }
// steps {
// script {
// Boolean bool = fileExists "/report/${JOB_NAME}"
// if (bool) {
// println "目录已经存在"
// } else {
// sh "mkdir /report/${JOB_NAME}"
// }
// }
// script {
// sh """
// docker run --rm -v /report:/report -v /var/run/docker.sock:/var/run/docker.sock aquasec/trivy:0.32.0 \
// --security-checks vuln --severity HIGH,CRITICAL --vuln-type os,library \
// --exit-code 0 --format template --template "@contrib/html.tpl" -o /report/${JOB_NAME}/${BUILD_NUMBER}.html \
// image --server http://10.10.3.239:8080 --token abc@2022 harbor.abc.com/dev/${JOB_NAME}:${Tag}
// """
// println "http://10.10.3.239:88/${JOB_NAME}/${BUILD_NUMBER}.html"
// }
// }
// }
}
}
def getIpChoices() {
def choices = []
node {
// git url: 'http://gitlab.abc.com/xujiamin/jenkins_deploy.git', credentialsId: 'git-credentials'
// sh 'cat ip_list.txt > ip.txt'
sh 'curl -o ip.txt http://gitlab.abc.com/xujiamin/jenkins_deploy/-/raw/master/ip_list.txt?inline=false'
def fileContent = readFile('ip.txt').trim()
if (fileContent) {
choices = fileContent.split('\n').collect { it.trim() }
} else {
echo 'File not found or empty: ip_list.txt'
}
}
return choices
}
def getNamespaceChoices() {
def choices = []
node {
// git url: 'http://gitlab.abc.com/xujiamin/jenkins_deploy.git', credentialsId: 'git-credentials'
// sh 'cat ns_list.txt > ns.txt'
sh 'curl -o ns.txt http://gitlab.abc.com/xujiamin/jenkins_deploy/-/raw/master/ns_list.txt?inline=false'
def fileContent = readFile('ns.txt').trim()
if (fileContent) {
choices = fileContent.split('\n').collect { it.trim() }
} else {
echo 'File not found or empty: ns_list.txt'
}
}
return choices
}