Split publish from update
Change-Id: Id58b057fc195d4120481a095ce955308926a9c57
diff --git a/cicd/jobs/task_update_unstable.jenkins b/cicd/jobs/task_update_unstable.jenkins
new file mode 100644
index 0000000..062aaa3
--- /dev/null
+++ b/cicd/jobs/task_update_unstable.jenkins
@@ -0,0 +1,19 @@
+#!/usr/bin/env groovy
+
+pipelineJob("task.publish.unstable") {
+ description("Update apt packages repository for unstable \"release\"")
+
+ definition {
+ cpsScm {
+ scm {
+ git {
+ remote {
+ url('https://coral.googlesource.com/gke-jenkins')
+ }
+ branches('*/master')
+ }
+ }
+ scriptPath("cicd/pipelines/tasks/task_update_unstable.jenkins")
+ }
+ }
+}
diff --git a/cicd/pipelines/tasks/task_publish_unstable.jenkins b/cicd/pipelines/tasks/task_publish_unstable.jenkins
index faaad05..7d7ea6d 100644
--- a/cicd/pipelines/tasks/task_publish_unstable.jenkins
+++ b/cicd/pipelines/tasks/task_publish_unstable.jenkins
@@ -53,10 +53,8 @@
sh """
aptly snapshot merge core-full-unstable-${stamp} ${debianMirrorSnapshotName} ${coreSnapshotName}
- aptly publish snapshot --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --distribution=unstable --component=main core-full-unstable-${stamp} filesystem:public:unstable \
- || aptly publish switch --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --component=main unstable filesystem:public:unstable core-full-unstable-${stamp}
- aptly publish snapshot --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --distribution=unstable --component=bsp-enterprise ${bspSnapshotName} filesystem:public:unstable-bsp-enterprise \
- || aptly publish switch --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --component=bsp-enterprise unstable filesystem:public:unstable-bsp-enterprise ${bspSnapshotName}
+ aptly publish snapshot --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --distribution=unstable core-full-unstable-${stamp} filesystem:public:unstable
+ aptly publish snapshot --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt --distribution=unstable ${bspSnapshotName} filesystem:public:unstable-bsp-enterprise
"""
}
}
diff --git a/cicd/pipelines/tasks/task_update_unstable.jenkins b/cicd/pipelines/tasks/task_update_unstable.jenkins
new file mode 100644
index 0000000..c954d4f
--- /dev/null
+++ b/cicd/pipelines/tasks/task_update_unstable.jenkins
@@ -0,0 +1,63 @@
+#!/usr/bin/env groovy
+
+String getLatestSnapshot(repository_stem) {
+ def script = """
+ aptly snapshot list --sort=time --raw \
+ | grep -E '^${repository_stem}-' \
+ | head -n1
+ """
+
+ return sh(returnStdout: true, script: script)
+}
+
+def installGpgKeyring() {
+ sh """
+ install -d -m 700 -o root -g root /var/lib/aptly/.gnupg
+ tar -C /var/lib/aptly/.gnupg -zxf /var/lib/aptly/keyring/release-keyring.tar.gz
+ chown -R root:root /var/lib/aptly/.gnupg
+ find /var/lib/aptly/.gnupg -type d -exec chmod 700 '{}' ';'
+ find /var/lib/aptly/.gnupg -type f -exec chmod 600 '{}' ';'
+ """
+}
+
+def workspacePath = "/home/jenkins/workspace"
+def buildLabel = "task.publish.unstable-${UUID.randomUUID().toString()}"
+def sourcePath = "${workspacePath}/src"
+
+// FIXME(jtgans): Get rid of privileged! This is a security risk!
+def jnlpContainer = containerTemplate(name: 'jnlp',
+ image: 'jenkins/jnlp-slave:alpine')
+def debianContainer = containerTemplate(name: 'debian',
+ image: 'gcr.io/mendel-linux-cloud-infra/mendel-builder:latest',
+ command: 'cat',
+ args: '',
+ ttyEnabled: true,
+ privileged: true,
+ alwaysPullImage: true)
+def aptlyVolume = persistentVolumeClaim(claimName: 'aptly-state', mountPath: '/var/lib/aptly')
+def gpgVolume = secretVolume(secretName: 'mendel-release-credentials', mountPath: '/var/lib/aptly/keyring')
+
+podTemplate(label: buildLabel, containers: [jnlpContainer, debianContainer], volumes: [aptlyVolume, gpgVolume], envVars: []) {
+ node(buildLabel) {
+ dir(sourcePath) {
+ container('debian') {
+ sh "cp /etc/aptly.conf ~/.aptly.conf"
+ withEnv(['GNUPGHOME=/var/lib/aptly/.gnupg']) {
+ def debianMirrorSnapshotName = getLatestSnapshot('debian-buster')
+ def coreSnapshotName = getLatestSnapshot('core-unstable')
+ def bspSnapshotName = getLatestSnapshot('unstable-bsp-enterprise')
+ def date = new Date()
+ String stamp = date.format("yyyyMMdd-HHmmss")
+
+ installGpgKeyring()
+
+ sh """
+ aptly snapshot merge core-full-unstable-${stamp} ${debianMirrorSnapshotName} ${coreSnapshotName}
+ aptly publish switch --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt unstable filesystem:public:unstable core-full-unstable-${stamp}
+ aptly publish switch --batch --passphrase-file=/var/lib/aptly/keyring/passphrase.txt unstable-bsp-enterprise filesystem:public:unstable-bsp-enterprise ${bspSnapshotName}
+ """
+ }
+ }
+ }
+ }
+}
