├── .gitignore
├── Dockerfile
├── Dockerfile.rhel7
├── Jenkinsfile
├── README.md
├── apb
    └── .gitignore
├── docs
    ├── index.adoc
    └── index.html
├── examples
    ├── REAME.md
    └── containerzone
    │   ├── docker
    │       ├── .gitignore
    │       └── jobs
    │       │   └── buildPushScan.groovy
    │   ├── generic
    │       └── jobs
    │       │   └── CheckHealthGrade
    │       │       └── checkHealthGradePipeline.groovy
    │   ├── openshift
    │       ├── .gitignore
    │       ├── buildconfig-pipeline.yaml
    │       └── jobs
    │       │   └── buildPushScan.groovy
    │   └── playbooks
    │       ├── installseedjob.yml
    │       └── templates
    │           └── checkImageHealthSeed.xml
├── jenkins
    ├── README.md
    ├── configuration
    │   ├── jobs
    │   │   └── gitHubOrgSeed
    │   │   │   └── config.xml
    │   ├── org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml
    │   └── scriptApproval.xml
    ├── jobs
    │   ├── configureJenkinsOpenShift.groovy
    │   └── githubOrgJob.groovy
    ├── openshift
    │   ├── pipeline.yaml
    │   └── template.yaml
    └── plugins.txt
├── src
    └── com
    │   └── redhat
    │       ├── GitHubUtils.groovy
    │       ├── JenkinsUtils.groovy
    │       └── Utils.groovy
├── tests
    ├── README.md
    ├── jobs
    │   ├── __files
    │   │   ├── publish-200-error.json
    │   │   ├── publish-200-publish.json
    │   │   ├── publish-200-unable.json
    │   │   ├── publish-401-error.json
    │   │   ├── scanResults-200-error.json
    │   │   ├── scanResults-401-error.json
    │   │   ├── status-200-error.json
    │   │   ├── status-200-mand.json
    │   │   ├── status-200-none.json
    │   │   ├── status-200-recommend.json
    │   │   ├── status-401-error.json
    │   │   ├── test.py
    │   │   └── tests.yml
    │   ├── mockHealthCheck.groovy
    │   ├── mockPipeline.groovy
    │   ├── mockPublish.groovy
    │   ├── mockRebuild.groovy
    │   ├── mockScan.groovy
    │   └── postUrlJob.groovy
    ├── one
    │   └── Dockerfile
    └── two
    │   └── Dockerfile.rhel7
└── vars
    ├── README.md
    ├── containerZoneHealthCheck.groovy
    ├── containerZonePublish.groovy
    ├── containerZoneScan.groovy
    ├── createDockerCfgJenkinsCredential.groovy
    ├── dockerBuildPush.groovy
    ├── getImageStreamRepo.groovy
    ├── newBuildOpenShift.groovy
    └── runOpenShift.groovy


/.gitignore:
--------------------------------------------------------------------------------
1 | .idea
2 | *.iml
3 | out
4 | 


--------------------------------------------------------------------------------
/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM centos
2 | 
3 | # This is just a temp example...
4 | RUN yum install -y vim wget
5 | 
6 | CMD exit 0
7 | 


--------------------------------------------------------------------------------
/Dockerfile.rhel7:
--------------------------------------------------------------------------------
1 | FROM registry.access.redhat.com/rhel7 
2 | 
3 | # This is just a temp example...
4 | RUN yum install -y vim wget
5 | 
6 | CMD tail -f /dev/null
7 | 


--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | @Library('Utils')
 3 | import com.redhat.*
 4 | 
 5 | properties([disableConcurrentBuilds()])
 6 | 
 7 | node {
 8 |     def source = ""
 9 |     def dockerfiles = null
10 |     def gitHubUtils = new com.redhat.GitHubUtils()
11 |     String scmRef = scm.branches[0]
12 |     String scmUrl = scm.browser.url
13 | 
14 |     /* Checkout source and find all the Dockerfiles.
15 |      * This will not include Dockerfiles with extensions. Currently the issue
16 |      * with using a Dockerfile with an extension is the oc new-build command
17 |      * does not offer an option to provide the dockerfilePath.
18 |      */
19 |     stage('checkout') {
20 |         checkout scm
21 |         dockerfiles = findFiles(glob: '**/Dockerfile')
22 |     }
23 | 
24 | 
25 |     /* if CHANGE_URL is defined then this is a pull request
26 |      * additional steps are required to determine the git url
27 |      * and branch name to pass to new-build.
28 |      * Otherwise just use the scm.browser.url and scm.branches[0]
29 |      * for new-build.
30 |      */
31 |     if (env.CHANGE_URL) {
32 |         def pull = null
33 |         stage('Github Url and Ref') {
34 |             // Query the github repo api to return the clone_url and the ref (branch name)
35 |             withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "github", usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
36 |                 pull = gitHubUtils.getGitHubPR(env.USERNAME, env.PASSWORD, env.CHANGE_URL)
37 |                 scmUrl = pull.url
38 |                 scmRef = pull.ref
39 |                 deleteBuild = true
40 |             }
41 |         }
42 |     }
43 |     for (int i = 0; i < dockerfiles.size(); i++) {
44 | 
45 |         def resources = null
46 |         try {
47 |         /* Execute oc new-build on each dockerfile available
48 |          * in the repo.  The context-dir is the path removing the
49 |          * name (i.e. Dockerfile)
50 |          */
51 |             def is = ""
52 |             def dockerImageRepository = ""
53 |             String path = dockerfiles[i].path.replace(dockerfiles[i].name, "")
54 |             newBuild = newBuildOpenShift() {
55 |                 url = scmUrl
56 |                 branch = scmRef
57 |                 contextDir = path
58 |                 deleteBuild = false 
59 |                 randomName = true 
60 |             }
61 |             dockerImageRepository = getImageStreamRepo(newBuild.buildConfigName).dockerImageRepository
62 | 
63 |             runOpenShift {
64 |                 deletePod = true
65 |                 branch = scmRef
66 |                 image = dockerImageRepository
67 |                 env = ["foo=goo"]
68 |             }
69 | 
70 |             resources = newBuild.names
71 |             currentBuild.result = 'SUCCESS'
72 |         }
73 |         catch(all) {
74 |             currentBuild.result = 'FAILURE'
75 |             echo "Exception: ${all}"
76 |         }
77 |         finally {
78 |             stage('Clean Up Resources') {
79 |                openshift.withCluster() {
80 |                     openshift.withProject() {
81 |                         for (r in resources) {
82 |                             openshift.selector(r).delete()
83 |                         }
84 |                     }
85 |                 }
86 |             }
87 |         }
88 |     }
89 | }
90 | 
91 | // vim: ft=groovy
92 | 


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | ### OpenShift Pipeline Library 
 2 | 
 3 | Current Goal: Build and test container images on OpenShift with Jenkins and supporting
 4 | multibranches (pull requests).
 5 | 
 6 | 1. Uses ephermeral Jenkins and the configuration is stored in OpenShift project
 7 | 2. S2I to include jobs and additional plugins
 8 | 
 9 | #### Quickstart
10 | 
11 | 1. Add Jenkinsfile to your GitHub project (use the example in this project).
12 | 2. Create a new project `oc new-project <project-name>`
13 | 3. Add the template to OpenShift `oc create -f https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/master/jenkins/openshift/template.yaml`
14 | 4. Process template
15 |   ```
16 |   oc new-app --template docker-image-testing \
17 |   -p JENKINS_ORG_FOLDER_NAME=RHsyseng \
18 |   -p JENKINS_GITHUB_OWNER=RHsyseng-user \
19 |   -p JENKINS_GITHUB_REPO=openshift-client-library \
20 |   -p JENKINS_GITHUB_CRED_ID=github \
21 |   -p GITHUB_USERNAME=RHsyseng-user \
22 |   -p GITHUB_TOKEN=token
23 |   ```
24 | 5. Add Jenkins to the project `oc new-app --template jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p MEMORY_LIMIT=2Gi`
25 | 6. Add the pipeline `oc create -f https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/master/jenkins/openshift/pipeline.yaml`
26 | 7. And finally start the pipeline `oc start-build createcred-pipeline`
27 | 
28 | 


--------------------------------------------------------------------------------
/apb/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/6034ae602b4d6cc56bb66bcd0bdbc8f6b218932f/apb/.gitignore


--------------------------------------------------------------------------------
/docs/index.adoc:
--------------------------------------------------------------------------------
  1 | = OpenShift Pipeline Library 
  2 | :toc:
  3 | 
  4 | 
  5 | == Focus / Goals
  6 | 
  7 | * Show the benefits of using Jenkins and OpenShift together 
  8 | * The Jenkins master should be ephemeral:
  9 | ** Configuration stored in OpenShift
 10 | ** Pipeline, Jobs and libraries in source control
 11 | * GitHub Organizational level and project pull request testing
 12 | 
 13 | [[GettingStarted]]
 14 | == Getting Started
 15 | 
 16 | === Installation
 17 | 
 18 | 
 19 | .Create New Project
 20 | [source,bash]
 21 | ....
 22 | oc new-project <project-name>
 23 | ....
 24 | 
 25 | .Add Template to Project
 26 | [source,bash]
 27 | ....
 28 | oc create -f https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/master/jenkins/openshift/template.yaml
 29 | ....
 30 | 
 31 | At this point you will need to create a https://github.com/settings/tokens/new?scopes=repo,read:user,user:email[GitHub token] to include when processing the template.
 32 | 
 33 | .Process Template
 34 | [source,bash]
 35 | ....
 36 | oc new-app --template docker-image-testing \
 37 |   -p JENKINS_ORG_FOLDER_NAME=RHsyseng \
 38 |   -p JENKINS_GITHUB_OWNER=RHsyseng-user \
 39 |   -p JENKINS_GITHUB_REPO=openshift-client-library \
 40 |   -p JENKINS_GITHUB_CRED_ID=github \
 41 |   -p GITHUB_USERNAME=RHsyseng-user \
 42 |   -p GITHUB_TOKEN=token
 43 | ....
 44 | 
 45 | .Add Jenkins to the project
 46 | [source,bash]
 47 | ....
 48 | oc new-app --template jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p MEMORY_LIMIT=2Gi
 49 | ....
 50 | 
 51 | 
 52 | .Add the pipeline
 53 | [source,bash]
 54 | ....
 55 | oc create -f https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/master/jenkins/openshift/pipeline.yaml
 56 | ....
 57 | 
 58 | .Start the build (pipeline)
 59 | [source,bash]
 60 | ....
 61 | oc start-build createcred-pipeline
 62 | ....
 63 | 
 64 | 
 65 | === How does this work?
 66 | 
 67 | ==== Source to Image Jenkins
 68 | 
 69 | The Jenkins image is S2I enabled which is a huge benefit to this project because it requires additional items
 70 | to be successful.  This includes:
 71 | 
 72 | * Additional plugins:
 73 | ** OpenShift Jenkins client (master)
 74 | * Jobs:
 75 | ** Seed
 76 | ** Organizational Folder
 77 | * Configuration:
 78 | ** Global Libraries
 79 | ** Script approval
 80 | 
 81 | 
 82 | ==== OpenShift
 83 | 
 84 | ===== ConfigMap
 85 | The `orgfolder` ConfigMap stores the configuration parameters for the seed job. 
 86 | 
 87 | ===== Secret
 88 | The `github` secret stores the github username and the token.
 89 | 
 90 | ==== Jobs / Pipeline
 91 | 
 92 | ===== OpenShift Pipeline
 93 | ====== Files
 94 | * `jenkins/jobs/credPipelineJob.groovy`
 95 | * `jenkins/openshift/pipeline.yaml`
 96 | 
 97 | ====== Steps
 98 | 
 99 | 1. Configures the Jenkins URL (Manage Jenkins - Configure System - Jenkins Location).  This is required to provide the URL when adding the build status to GitHub.
100 | 2. Create a `List<hudson.model.ParameterValue>` from a OpenShift ConfigMap to be used for seed job.
101 | 3. Create Jenkins credentials from OpenShift secret.  This adds the GitHub username and token to Jenkins for use in GitHub related plugins.
102 | 4. Configure the anonymous user for embedded build status icon.
103 | 5. Finally run the seed job with the parameters is ran to build the Organizational Folder job. 
104 | 
105 | ===== Seed Job 
106 | ====== Files
107 | 
108 | * `jenkins/configuration/jobs/seed`
109 | 
110 | ====== Details
111 | This is the https://github.com/jenkinsci/job-dsl-plugin/wiki#getting-started[seed job] that will be executed to create the `orgFolderJob` using the Jenkins Job DSL.
112 | 
113 | ===== Organizational Folder Job DSL
114 | ====== Files
115 | 
116 | * `jenkins/jobs/orgFolderJob.groovy`
117 | 
118 | ====== Details
119 | This Job DSL will create a Organizational Folder job configured for:
120 | 
121 | * GitHub
122 | * Specific repository owner (or organization)
123 | * Repository pattern
124 | * Checkout credentials
125 | 
126 | ===== Jenkinsfile
127 | ====== Files
128 | * `Jenkinsfile`
129 | 
130 | ====== Details
131 | This is used for the openshift-pipeline-library project but it can also be used as an example for your own project.
132 | 
133 | == Library Methods
134 | 
135 | [[FunctionVariables]]
136 | === Function Variables
137 | 
138 | ==== newBuildOpenShift
139 | 
140 | Starts a `oc new-build` process and monitors while the related objects
141 | are executing.
142 | 
143 | .Returned HashMap
144 | [source,java]
145 | ----
146 | [names: newBuild.names(), buildConfigName: buildConfigName]
147 | ----
148 | 
149 | .Example
150 | [source,java]
151 | ....
152 | def newBuild = newBuildOpenShift() {
153 |     url = scmUrl                                    <1>
154 |     branch = scmRef                                 <2>
155 |     contextDir = path                               <3>
156 |     deleteBuild = false                             <4>
157 |     randomName = true                               <5>
158 |     image = "docker.io/aweiteka/playbook2image"     <6>
159 |     imageStream = "project/isname"                  <7>
160 | }
161 | ....
162 | <1> Create a build config from a remote repository.
163 | <2> Create a build config from a remote repository using a specific branch.
164 | <3> The directory in the repository to be used for the build
165 | <4> Delete build config and related objects after complete.
166 | <5> Generate a random name (UUID) for the build config objects.
167 | <6> External registry location for a container image.
168 | <7> Name of an image stream to be used as a builder.
169 | 
170 | [NOTE]
171 | ====
172 | Do not use `image` and `imageStream` options together.
173 | ====
174 | 
175 | 
176 | ==== runOpenShift
177 | Starts a `oc run` process and monitors the pod object while executing.  Current expectations for this function is that it will do some process and exit.  The exit code will determine success or failure.
178 | 
179 | .Example
180 | [source,java]
181 | ....
182 | runOpenShift {
183 |     deletePod = true                <1>
184 |     branch = scmRef                 <2>
185 |     image = dockerImageRepository   <3>
186 |     env = ["foo=goo"]               <4>
187 | }
188 | ....
189 | <1> Delete pod after execution
190 | <2> Name of the pod
191 | <3> Docker image URL
192 | <4> Environmental variables that the pod requires to run.
193 | 
194 | ==== getImageStreamRepo
195 | Both the newBuildOpenShift and runOpenShift require either the ImageStream or Docker image repoistory url. This function returns both as a HashMap for a given ImageStream name.
196 | 
197 | .Returned HashMap
198 | [source,java]
199 | ----
200 | [dockerImageRepository: is.status.dockerImageRepository,
201 |                  imageStream: imageStream]
202 | ----
203 | 
204 | .Example
205 | [source,java]
206 | ....
207 | isRepo = getImageStreamRepo(newBuild.buildConfigName)
208 | ....
209 | 
210 | 
211 | [[Utils]]
212 | === Utils
213 | 
214 | ==== createJobParameters(HashMap configMap)
215 | Converts an OpenShift ConfigMap to a List of ParameterValues which can be used in a parameterized Jenkins Job.
216 | 
217 | ==== getGitHubPR(String login, String oauthAccessToken, String changeUrl)
218 | Returns the originating repository and branch name of a pull request.
219 | 
220 | ==== configureRootUrl(String url)
221 | Sets the Jenkins Location Configuration URL in an ephemeral Jenkins instance.
222 | 
223 | ==== createCredentialsFromOpenShift(HashMap secret, String id)
224 | From an OpenShift secret creates Jenkins credentials to be used in a Jenkins Job or plugin.
225 | 
226 | 
227 | 


--------------------------------------------------------------------------------
/docs/index.html:
--------------------------------------------------------------------------------
  1 | <!DOCTYPE html>
  2 | <html lang="en">
  3 | <head>
  4 | <meta charset="UTF-8">
  5 | <!--[if IE]><meta http-equiv="X-UA-Compatible" content="IE=edge"><![endif]-->
  6 | <meta name="viewport" content="width=device-width, initial-scale=1.0">
  7 | <meta name="generator" content="Asciidoctor 1.5.5">
  8 | <title>OpenShift Pipeline Library</title>
  9 | <link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700">
 10 | <style>
 11 | /* Asciidoctor default stylesheet | MIT License | http://asciidoctor.org */
 12 | /* Remove comment around @import statement below when using as a custom stylesheet */
 13 | /*@import "https://fonts.googleapis.com/css?family=Open+Sans:300,300italic,400,400italic,600,600italic%7CNoto+Serif:400,400italic,700,700italic%7CDroid+Sans+Mono:400,700";*/
 14 | article,aside,details,figcaption,figure,footer,header,hgroup,main,nav,section,summary{display:block}
 15 | audio,canvas,video{display:inline-block}
 16 | audio:not([controls]){display:none;height:0}
 17 | [hidden],template{display:none}
 18 | script{display:none!important}
 19 | html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}
 20 | a{background:transparent}
 21 | a:focus{outline:thin dotted}
 22 | a:active,a:hover{outline:0}
 23 | h1{font-size:2em;margin:.67em 0}
 24 | abbr[title]{border-bottom:1px dotted}
 25 | b,strong{font-weight:bold}
 26 | dfn{font-style:italic}
 27 | hr{-moz-box-sizing:content-box;box-sizing:content-box;height:0}
 28 | mark{background:#ff0;color:#000}
 29 | code,kbd,pre,samp{font-family:monospace;font-size:1em}
 30 | pre{white-space:pre-wrap}
 31 | q{quotes:"\201C" "\201D" "\2018" "\2019"}
 32 | small{font-size:80%}
 33 | sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}
 34 | sup{top:-.5em}
 35 | sub{bottom:-.25em}
 36 | img{border:0}
 37 | svg:not(:root){overflow:hidden}
 38 | figure{margin:0}
 39 | fieldset{border:1px solid silver;margin:0 2px;padding:.35em .625em .75em}
 40 | legend{border:0;padding:0}
 41 | button,input,select,textarea{font-family:inherit;font-size:100%;margin:0}
 42 | button,input{line-height:normal}
 43 | button,select{text-transform:none}
 44 | button,html input[type="button"],input[type="reset"],input[type="submit"]{-webkit-appearance:button;cursor:pointer}
 45 | button[disabled],html input[disabled]{cursor:default}
 46 | input[type="checkbox"],input[type="radio"]{box-sizing:border-box;padding:0}
 47 | input[type="search"]{-webkit-appearance:textfield;-moz-box-sizing:content-box;-webkit-box-sizing:content-box;box-sizing:content-box}
 48 | input[type="search"]::-webkit-search-cancel-button,input[type="search"]::-webkit-search-decoration{-webkit-appearance:none}
 49 | button::-moz-focus-inner,input::-moz-focus-inner{border:0;padding:0}
 50 | textarea{overflow:auto;vertical-align:top}
 51 | table{border-collapse:collapse;border-spacing:0}
 52 | *,*:before,*:after{-moz-box-sizing:border-box;-webkit-box-sizing:border-box;box-sizing:border-box}
 53 | html,body{font-size:100%}
 54 | body{background:#fff;color:rgba(0,0,0,.8);padding:0;margin:0;font-family:"Noto Serif","DejaVu Serif",serif;font-weight:400;font-style:normal;line-height:1;position:relative;cursor:auto;tab-size:4;-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased}
 55 | a:hover{cursor:pointer}
 56 | img,object,embed{max-width:100%;height:auto}
 57 | object,embed{height:100%}
 58 | img{-ms-interpolation-mode:bicubic}
 59 | .left{float:left!important}
 60 | .right{float:right!important}
 61 | .text-left{text-align:left!important}
 62 | .text-right{text-align:right!important}
 63 | .text-center{text-align:center!important}
 64 | .text-justify{text-align:justify!important}
 65 | .hide{display:none}
 66 | img,object,svg{display:inline-block;vertical-align:middle}
 67 | textarea{height:auto;min-height:50px}
 68 | select{width:100%}
 69 | .center{margin-left:auto;margin-right:auto}
 70 | .spread{width:100%}
 71 | p.lead,.paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{font-size:1.21875em;line-height:1.6}
 72 | .subheader,.admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{line-height:1.45;color:#7a2518;font-weight:400;margin-top:0;margin-bottom:.25em}
 73 | div,dl,dt,dd,ul,ol,li,h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6,pre,form,p,blockquote,th,td{margin:0;padding:0;direction:ltr}
 74 | a{color:#2156a5;text-decoration:underline;line-height:inherit}
 75 | a:hover,a:focus{color:#1d4b8f}
 76 | a img{border:none}
 77 | p{font-family:inherit;font-weight:400;font-size:1em;line-height:1.6;margin-bottom:1.25em;text-rendering:optimizeLegibility}
 78 | p aside{font-size:.875em;line-height:1.35;font-style:italic}
 79 | h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{font-family:"Open Sans","DejaVu Sans",sans-serif;font-weight:300;font-style:normal;color:#ba3925;text-rendering:optimizeLegibility;margin-top:1em;margin-bottom:.5em;line-height:1.0125em}
 80 | h1 small,h2 small,h3 small,#toctitle small,.sidebarblock>.content>.title small,h4 small,h5 small,h6 small{font-size:60%;color:#e99b8f;line-height:0}
 81 | h1{font-size:2.125em}
 82 | h2{font-size:1.6875em}
 83 | h3,#toctitle,.sidebarblock>.content>.title{font-size:1.375em}
 84 | h4,h5{font-size:1.125em}
 85 | h6{font-size:1em}
 86 | hr{border:solid #ddddd8;border-width:1px 0 0;clear:both;margin:1.25em 0 1.1875em;height:0}
 87 | em,i{font-style:italic;line-height:inherit}
 88 | strong,b{font-weight:bold;line-height:inherit}
 89 | small{font-size:60%;line-height:inherit}
 90 | code{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;color:rgba(0,0,0,.9)}
 91 | ul,ol,dl{font-size:1em;line-height:1.6;margin-bottom:1.25em;list-style-position:outside;font-family:inherit}
 92 | ul,ol,ul.no-bullet,ol.no-bullet{margin-left:1.5em}
 93 | ul li ul,ul li ol{margin-left:1.25em;margin-bottom:0;font-size:1em}
 94 | ul.square li ul,ul.circle li ul,ul.disc li ul{list-style:inherit}
 95 | ul.square{list-style-type:square}
 96 | ul.circle{list-style-type:circle}
 97 | ul.disc{list-style-type:disc}
 98 | ul.no-bullet{list-style:none}
 99 | ol li ul,ol li ol{margin-left:1.25em;margin-bottom:0}
100 | dl dt{margin-bottom:.3125em;font-weight:bold}
101 | dl dd{margin-bottom:1.25em}
102 | abbr,acronym{text-transform:uppercase;font-size:90%;color:rgba(0,0,0,.8);border-bottom:1px dotted #ddd;cursor:help}
103 | abbr{text-transform:none}
104 | blockquote{margin:0 0 1.25em;padding:.5625em 1.25em 0 1.1875em;border-left:1px solid #ddd}
105 | blockquote cite{display:block;font-size:.9375em;color:rgba(0,0,0,.6)}
106 | blockquote cite:before{content:"\2014 \0020"}
107 | blockquote cite a,blockquote cite a:visited{color:rgba(0,0,0,.6)}
108 | blockquote,blockquote p{line-height:1.6;color:rgba(0,0,0,.85)}
109 | @media only screen and (min-width:768px){h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2}
110 | h1{font-size:2.75em}
111 | h2{font-size:2.3125em}
112 | h3,#toctitle,.sidebarblock>.content>.title{font-size:1.6875em}
113 | h4{font-size:1.4375em}}
114 | table{background:#fff;margin-bottom:1.25em;border:solid 1px #dedede}
115 | table thead,table tfoot{background:#f7f8f7;font-weight:bold}
116 | table thead tr th,table thead tr td,table tfoot tr th,table tfoot tr td{padding:.5em .625em .625em;font-size:inherit;color:rgba(0,0,0,.8);text-align:left}
117 | table tr th,table tr td{padding:.5625em .625em;font-size:inherit;color:rgba(0,0,0,.8)}
118 | table tr.even,table tr.alt,table tr:nth-of-type(even){background:#f8f8f7}
119 | table thead tr th,table tfoot tr th,table tbody tr td,table tr td,table tfoot tr td{display:table-cell;line-height:1.6}
120 | h1,h2,h3,#toctitle,.sidebarblock>.content>.title,h4,h5,h6{line-height:1.2;word-spacing:-.05em}
121 | h1 strong,h2 strong,h3 strong,#toctitle strong,.sidebarblock>.content>.title strong,h4 strong,h5 strong,h6 strong{font-weight:400}
122 | .clearfix:before,.clearfix:after,.float-group:before,.float-group:after{content:" ";display:table}
123 | .clearfix:after,.float-group:after{clear:both}
124 | *:not(pre)>code{font-size:.9375em;font-style:normal!important;letter-spacing:0;padding:.1em .5ex;word-spacing:-.15em;background-color:#f7f7f8;-webkit-border-radius:4px;border-radius:4px;line-height:1.45;text-rendering:optimizeSpeed;word-wrap:break-word}
125 | *:not(pre)>code.nobreak{word-wrap:normal}
126 | *:not(pre)>code.nowrap{white-space:nowrap}
127 | pre,pre>code{line-height:1.45;color:rgba(0,0,0,.9);font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;font-weight:400;text-rendering:optimizeSpeed}
128 | em em{font-style:normal}
129 | strong strong{font-weight:400}
130 | .keyseq{color:rgba(51,51,51,.8)}
131 | kbd{font-family:"Droid Sans Mono","DejaVu Sans Mono",monospace;display:inline-block;color:rgba(0,0,0,.8);font-size:.65em;line-height:1.45;background-color:#f7f7f7;border:1px solid #ccc;-webkit-border-radius:3px;border-radius:3px;-webkit-box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em white inset;box-shadow:0 1px 0 rgba(0,0,0,.2),0 0 0 .1em #fff inset;margin:0 .15em;padding:.2em .5em;vertical-align:middle;position:relative;top:-.1em;white-space:nowrap}
132 | .keyseq kbd:first-child{margin-left:0}
133 | .keyseq kbd:last-child{margin-right:0}
134 | .menuseq,.menu{color:rgba(0,0,0,.8)}
135 | b.button:before,b.button:after{position:relative;top:-1px;font-weight:400}
136 | b.button:before{content:"[";padding:0 3px 0 2px}
137 | b.button:after{content:"]";padding:0 2px 0 3px}
138 | p a>code:hover{color:rgba(0,0,0,.9)}
139 | #header,#content,#footnotes,#footer{width:100%;margin-left:auto;margin-right:auto;margin-top:0;margin-bottom:0;max-width:62.5em;*zoom:1;position:relative;padding-left:.9375em;padding-right:.9375em}
140 | #header:before,#header:after,#content:before,#content:after,#footnotes:before,#footnotes:after,#footer:before,#footer:after{content:" ";display:table}
141 | #header:after,#content:after,#footnotes:after,#footer:after{clear:both}
142 | #content{margin-top:1.25em}
143 | #content:before{content:none}
144 | #header>h1:first-child{color:rgba(0,0,0,.85);margin-top:2.25rem;margin-bottom:0}
145 | #header>h1:first-child+#toc{margin-top:8px;border-top:1px solid #ddddd8}
146 | #header>h1:only-child,body.toc2 #header>h1:nth-last-child(2){border-bottom:1px solid #ddddd8;padding-bottom:8px}
147 | #header .details{border-bottom:1px solid #ddddd8;line-height:1.45;padding-top:.25em;padding-bottom:.25em;padding-left:.25em;color:rgba(0,0,0,.6);display:-ms-flexbox;display:-webkit-flex;display:flex;-ms-flex-flow:row wrap;-webkit-flex-flow:row wrap;flex-flow:row wrap}
148 | #header .details span:first-child{margin-left:-.125em}
149 | #header .details span.email a{color:rgba(0,0,0,.85)}
150 | #header .details br{display:none}
151 | #header .details br+span:before{content:"\00a0\2013\00a0"}
152 | #header .details br+span.author:before{content:"\00a0\22c5\00a0";color:rgba(0,0,0,.85)}
153 | #header .details br+span#revremark:before{content:"\00a0|\00a0"}
154 | #header #revnumber{text-transform:capitalize}
155 | #header #revnumber:after{content:"\00a0"}
156 | #content>h1:first-child:not([class]){color:rgba(0,0,0,.85);border-bottom:1px solid #ddddd8;padding-bottom:8px;margin-top:0;padding-top:1rem;margin-bottom:1.25rem}
157 | #toc{border-bottom:1px solid #efefed;padding-bottom:.5em}
158 | #toc>ul{margin-left:.125em}
159 | #toc ul.sectlevel0>li>a{font-style:italic}
160 | #toc ul.sectlevel0 ul.sectlevel1{margin:.5em 0}
161 | #toc ul{font-family:"Open Sans","DejaVu Sans",sans-serif;list-style-type:none}
162 | #toc li{line-height:1.3334;margin-top:.3334em}
163 | #toc a{text-decoration:none}
164 | #toc a:active{text-decoration:underline}
165 | #toctitle{color:#7a2518;font-size:1.2em}
166 | @media only screen and (min-width:768px){#toctitle{font-size:1.375em}
167 | body.toc2{padding-left:15em;padding-right:0}
168 | #toc.toc2{margin-top:0!important;background-color:#f8f8f7;position:fixed;width:15em;left:0;top:0;border-right:1px solid #efefed;border-top-width:0!important;border-bottom-width:0!important;z-index:1000;padding:1.25em 1em;height:100%;overflow:auto}
169 | #toc.toc2 #toctitle{margin-top:0;margin-bottom:.8rem;font-size:1.2em}
170 | #toc.toc2>ul{font-size:.9em;margin-bottom:0}
171 | #toc.toc2 ul ul{margin-left:0;padding-left:1em}
172 | #toc.toc2 ul.sectlevel0 ul.sectlevel1{padding-left:0;margin-top:.5em;margin-bottom:.5em}
173 | body.toc2.toc-right{padding-left:0;padding-right:15em}
174 | body.toc2.toc-right #toc.toc2{border-right-width:0;border-left:1px solid #efefed;left:auto;right:0}}
175 | @media only screen and (min-width:1280px){body.toc2{padding-left:20em;padding-right:0}
176 | #toc.toc2{width:20em}
177 | #toc.toc2 #toctitle{font-size:1.375em}
178 | #toc.toc2>ul{font-size:.95em}
179 | #toc.toc2 ul ul{padding-left:1.25em}
180 | body.toc2.toc-right{padding-left:0;padding-right:20em}}
181 | #content #toc{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
182 | #content #toc>:first-child{margin-top:0}
183 | #content #toc>:last-child{margin-bottom:0}
184 | #footer{max-width:100%;background-color:rgba(0,0,0,.8);padding:1.25em}
185 | #footer-text{color:rgba(255,255,255,.8);line-height:1.44}
186 | .sect1{padding-bottom:.625em}
187 | @media only screen and (min-width:768px){.sect1{padding-bottom:1.25em}}
188 | .sect1+.sect1{border-top:1px solid #efefed}
189 | #content h1>a.anchor,h2>a.anchor,h3>a.anchor,#toctitle>a.anchor,.sidebarblock>.content>.title>a.anchor,h4>a.anchor,h5>a.anchor,h6>a.anchor{position:absolute;z-index:1001;width:1.5ex;margin-left:-1.5ex;display:block;text-decoration:none!important;visibility:hidden;text-align:center;font-weight:400}
190 | #content h1>a.anchor:before,h2>a.anchor:before,h3>a.anchor:before,#toctitle>a.anchor:before,.sidebarblock>.content>.title>a.anchor:before,h4>a.anchor:before,h5>a.anchor:before,h6>a.anchor:before{content:"\00A7";font-size:.85em;display:block;padding-top:.1em}
191 | #content h1:hover>a.anchor,#content h1>a.anchor:hover,h2:hover>a.anchor,h2>a.anchor:hover,h3:hover>a.anchor,#toctitle:hover>a.anchor,.sidebarblock>.content>.title:hover>a.anchor,h3>a.anchor:hover,#toctitle>a.anchor:hover,.sidebarblock>.content>.title>a.anchor:hover,h4:hover>a.anchor,h4>a.anchor:hover,h5:hover>a.anchor,h5>a.anchor:hover,h6:hover>a.anchor,h6>a.anchor:hover{visibility:visible}
192 | #content h1>a.link,h2>a.link,h3>a.link,#toctitle>a.link,.sidebarblock>.content>.title>a.link,h4>a.link,h5>a.link,h6>a.link{color:#ba3925;text-decoration:none}
193 | #content h1>a.link:hover,h2>a.link:hover,h3>a.link:hover,#toctitle>a.link:hover,.sidebarblock>.content>.title>a.link:hover,h4>a.link:hover,h5>a.link:hover,h6>a.link:hover{color:#a53221}
194 | .audioblock,.imageblock,.literalblock,.listingblock,.stemblock,.videoblock{margin-bottom:1.25em}
195 | .admonitionblock td.content>.title,.audioblock>.title,.exampleblock>.title,.imageblock>.title,.listingblock>.title,.literalblock>.title,.stemblock>.title,.openblock>.title,.paragraph>.title,.quoteblock>.title,table.tableblock>.title,.verseblock>.title,.videoblock>.title,.dlist>.title,.olist>.title,.ulist>.title,.qlist>.title,.hdlist>.title{text-rendering:optimizeLegibility;text-align:left;font-family:"Noto Serif","DejaVu Serif",serif;font-size:1rem;font-style:italic}
196 | table.tableblock>caption.title{white-space:nowrap;overflow:visible;max-width:0}
197 | .paragraph.lead>p,#preamble>.sectionbody>.paragraph:first-of-type p{color:rgba(0,0,0,.85)}
198 | table.tableblock #preamble>.sectionbody>.paragraph:first-of-type p{font-size:inherit}
199 | .admonitionblock>table{border-collapse:separate;border:0;background:none;width:100%}
200 | .admonitionblock>table td.icon{text-align:center;width:80px}
201 | .admonitionblock>table td.icon img{max-width:none}
202 | .admonitionblock>table td.icon .title{font-weight:bold;font-family:"Open Sans","DejaVu Sans",sans-serif;text-transform:uppercase}
203 | .admonitionblock>table td.content{padding-left:1.125em;padding-right:1.25em;border-left:1px solid #ddddd8;color:rgba(0,0,0,.6)}
204 | .admonitionblock>table td.content>:last-child>:last-child{margin-bottom:0}
205 | .exampleblock>.content{border-style:solid;border-width:1px;border-color:#e6e6e6;margin-bottom:1.25em;padding:1.25em;background:#fff;-webkit-border-radius:4px;border-radius:4px}
206 | .exampleblock>.content>:first-child{margin-top:0}
207 | .exampleblock>.content>:last-child{margin-bottom:0}
208 | .sidebarblock{border-style:solid;border-width:1px;border-color:#e0e0dc;margin-bottom:1.25em;padding:1.25em;background:#f8f8f7;-webkit-border-radius:4px;border-radius:4px}
209 | .sidebarblock>:first-child{margin-top:0}
210 | .sidebarblock>:last-child{margin-bottom:0}
211 | .sidebarblock>.content>.title{color:#7a2518;margin-top:0;text-align:center}
212 | .exampleblock>.content>:last-child>:last-child,.exampleblock>.content .olist>ol>li:last-child>:last-child,.exampleblock>.content .ulist>ul>li:last-child>:last-child,.exampleblock>.content .qlist>ol>li:last-child>:last-child,.sidebarblock>.content>:last-child>:last-child,.sidebarblock>.content .olist>ol>li:last-child>:last-child,.sidebarblock>.content .ulist>ul>li:last-child>:last-child,.sidebarblock>.content .qlist>ol>li:last-child>:last-child{margin-bottom:0}
213 | .literalblock pre,.listingblock pre:not(.highlight),.listingblock pre[class="highlight"],.listingblock pre[class^="highlight "],.listingblock pre.CodeRay,.listingblock pre.prettyprint{background:#f7f7f8}
214 | .sidebarblock .literalblock pre,.sidebarblock .listingblock pre:not(.highlight),.sidebarblock .listingblock pre[class="highlight"],.sidebarblock .listingblock pre[class^="highlight "],.sidebarblock .listingblock pre.CodeRay,.sidebarblock .listingblock pre.prettyprint{background:#f2f1f1}
215 | .literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{-webkit-border-radius:4px;border-radius:4px;word-wrap:break-word;padding:1em;font-size:.8125em}
216 | .literalblock pre.nowrap,.literalblock pre[class].nowrap,.listingblock pre.nowrap,.listingblock pre[class].nowrap{overflow-x:auto;white-space:pre;word-wrap:normal}
217 | @media only screen and (min-width:768px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:.90625em}}
218 | @media only screen and (min-width:1280px){.literalblock pre,.literalblock pre[class],.listingblock pre,.listingblock pre[class]{font-size:1em}}
219 | .literalblock.output pre{color:#f7f7f8;background-color:rgba(0,0,0,.9)}
220 | .listingblock pre.highlightjs{padding:0}
221 | .listingblock pre.highlightjs>code{padding:1em;-webkit-border-radius:4px;border-radius:4px}
222 | .listingblock pre.prettyprint{border-width:0}
223 | .listingblock>.content{position:relative}
224 | .listingblock code[data-lang]:before{display:none;content:attr(data-lang);position:absolute;font-size:.75em;top:.425rem;right:.5rem;line-height:1;text-transform:uppercase;color:#999}
225 | .listingblock:hover code[data-lang]:before{display:block}
226 | .listingblock.terminal pre .command:before{content:attr(data-prompt);padding-right:.5em;color:#999}
227 | .listingblock.terminal pre .command:not([data-prompt]):before{content:"$"}
228 | table.pyhltable{border-collapse:separate;border:0;margin-bottom:0;background:none}
229 | table.pyhltable td{vertical-align:top;padding-top:0;padding-bottom:0;line-height:1.45}
230 | table.pyhltable td.code{padding-left:.75em;padding-right:0}
231 | pre.pygments .lineno,table.pyhltable td:not(.code){color:#999;padding-left:0;padding-right:.5em;border-right:1px solid #ddddd8}
232 | pre.pygments .lineno{display:inline-block;margin-right:.25em}
233 | table.pyhltable .linenodiv{background:none!important;padding-right:0!important}
234 | .quoteblock{margin:0 1em 1.25em 1.5em;display:table}
235 | .quoteblock>.title{margin-left:-1.5em;margin-bottom:.75em}
236 | .quoteblock blockquote,.quoteblock blockquote p{color:rgba(0,0,0,.85);font-size:1.15rem;line-height:1.75;word-spacing:.1em;letter-spacing:0;font-style:italic;text-align:justify}
237 | .quoteblock blockquote{margin:0;padding:0;border:0}
238 | .quoteblock blockquote:before{content:"\201c";float:left;font-size:2.75em;font-weight:bold;line-height:.6em;margin-left:-.6em;color:#7a2518;text-shadow:0 1px 2px rgba(0,0,0,.1)}
239 | .quoteblock blockquote>.paragraph:last-child p{margin-bottom:0}
240 | .quoteblock .attribution{margin-top:.5em;margin-right:.5ex;text-align:right}
241 | .quoteblock .quoteblock{margin-left:0;margin-right:0;padding:.5em 0;border-left:3px solid rgba(0,0,0,.6)}
242 | .quoteblock .quoteblock blockquote{padding:0 0 0 .75em}
243 | .quoteblock .quoteblock blockquote:before{display:none}
244 | .verseblock{margin:0 1em 1.25em 1em}
245 | .verseblock pre{font-family:"Open Sans","DejaVu Sans",sans;font-size:1.15rem;color:rgba(0,0,0,.85);font-weight:300;text-rendering:optimizeLegibility}
246 | .verseblock pre strong{font-weight:400}
247 | .verseblock .attribution{margin-top:1.25rem;margin-left:.5ex}
248 | .quoteblock .attribution,.verseblock .attribution{font-size:.9375em;line-height:1.45;font-style:italic}
249 | .quoteblock .attribution br,.verseblock .attribution br{display:none}
250 | .quoteblock .attribution cite,.verseblock .attribution cite{display:block;letter-spacing:-.025em;color:rgba(0,0,0,.6)}
251 | .quoteblock.abstract{margin:0 0 1.25em 0;display:block}
252 | .quoteblock.abstract blockquote,.quoteblock.abstract blockquote p{text-align:left;word-spacing:0}
253 | .quoteblock.abstract blockquote:before,.quoteblock.abstract blockquote p:first-of-type:before{display:none}
254 | table.tableblock{max-width:100%;border-collapse:separate}
255 | table.tableblock td>.paragraph:last-child p>p:last-child,table.tableblock th>p:last-child,table.tableblock td>p:last-child{margin-bottom:0}
256 | table.tableblock,th.tableblock,td.tableblock{border:0 solid #dedede}
257 | table.grid-all th.tableblock,table.grid-all td.tableblock{border-width:0 1px 1px 0}
258 | table.grid-all tfoot>tr>th.tableblock,table.grid-all tfoot>tr>td.tableblock{border-width:1px 1px 0 0}
259 | table.grid-cols th.tableblock,table.grid-cols td.tableblock{border-width:0 1px 0 0}
260 | table.grid-all *>tr>.tableblock:last-child,table.grid-cols *>tr>.tableblock:last-child{border-right-width:0}
261 | table.grid-rows th.tableblock,table.grid-rows td.tableblock{border-width:0 0 1px 0}
262 | table.grid-all tbody>tr:last-child>th.tableblock,table.grid-all tbody>tr:last-child>td.tableblock,table.grid-all thead:last-child>tr>th.tableblock,table.grid-rows tbody>tr:last-child>th.tableblock,table.grid-rows tbody>tr:last-child>td.tableblock,table.grid-rows thead:last-child>tr>th.tableblock{border-bottom-width:0}
263 | table.grid-rows tfoot>tr>th.tableblock,table.grid-rows tfoot>tr>td.tableblock{border-width:1px 0 0 0}
264 | table.frame-all{border-width:1px}
265 | table.frame-sides{border-width:0 1px}
266 | table.frame-topbot{border-width:1px 0}
267 | th.halign-left,td.halign-left{text-align:left}
268 | th.halign-right,td.halign-right{text-align:right}
269 | th.halign-center,td.halign-center{text-align:center}
270 | th.valign-top,td.valign-top{vertical-align:top}
271 | th.valign-bottom,td.valign-bottom{vertical-align:bottom}
272 | th.valign-middle,td.valign-middle{vertical-align:middle}
273 | table thead th,table tfoot th{font-weight:bold}
274 | tbody tr th{display:table-cell;line-height:1.6;background:#f7f8f7}
275 | tbody tr th,tbody tr th p,tfoot tr th,tfoot tr th p{color:rgba(0,0,0,.8);font-weight:bold}
276 | p.tableblock>code:only-child{background:none;padding:0}
277 | p.tableblock{font-size:1em}
278 | td>div.verse{white-space:pre}
279 | ol{margin-left:1.75em}
280 | ul li ol{margin-left:1.5em}
281 | dl dd{margin-left:1.125em}
282 | dl dd:last-child,dl dd:last-child>:last-child{margin-bottom:0}
283 | ol>li p,ul>li p,ul dd,ol dd,.olist .olist,.ulist .ulist,.ulist .olist,.olist .ulist{margin-bottom:.625em}
284 | ul.unstyled,ol.unnumbered,ul.checklist,ul.none{list-style-type:none}
285 | ul.unstyled,ol.unnumbered,ul.checklist{margin-left:.625em}
286 | ul.checklist li>p:first-child>.fa-square-o:first-child,ul.checklist li>p:first-child>.fa-check-square-o:first-child{width:1em;font-size:.85em}
287 | ul.checklist li>p:first-child>input[type="checkbox"]:first-child{width:1em;position:relative;top:1px}
288 | ul.inline{margin:0 auto .625em auto;margin-left:-1.375em;margin-right:0;padding:0;list-style:none;overflow:hidden}
289 | ul.inline>li{list-style:none;float:left;margin-left:1.375em;display:block}
290 | ul.inline>li>*{display:block}
291 | .unstyled dl dt{font-weight:400;font-style:normal}
292 | ol.arabic{list-style-type:decimal}
293 | ol.decimal{list-style-type:decimal-leading-zero}
294 | ol.loweralpha{list-style-type:lower-alpha}
295 | ol.upperalpha{list-style-type:upper-alpha}
296 | ol.lowerroman{list-style-type:lower-roman}
297 | ol.upperroman{list-style-type:upper-roman}
298 | ol.lowergreek{list-style-type:lower-greek}
299 | .hdlist>table,.colist>table{border:0;background:none}
300 | .hdlist>table>tbody>tr,.colist>table>tbody>tr{background:none}
301 | td.hdlist1,td.hdlist2{vertical-align:top;padding:0 .625em}
302 | td.hdlist1{font-weight:bold;padding-bottom:1.25em}
303 | .literalblock+.colist,.listingblock+.colist{margin-top:-.5em}
304 | .colist>table tr>td:first-of-type{padding:0 .75em;line-height:1}
305 | .colist>table tr>td:last-of-type{padding:.25em 0}
306 | .thumb,.th{line-height:0;display:inline-block;border:solid 4px #fff;-webkit-box-shadow:0 0 0 1px #ddd;box-shadow:0 0 0 1px #ddd}
307 | .imageblock.left,.imageblock[style*="float: left"]{margin:.25em .625em 1.25em 0}
308 | .imageblock.right,.imageblock[style*="float: right"]{margin:.25em 0 1.25em .625em}
309 | .imageblock>.title{margin-bottom:0}
310 | .imageblock.thumb,.imageblock.th{border-width:6px}
311 | .imageblock.thumb>.title,.imageblock.th>.title{padding:0 .125em}
312 | .image.left,.image.right{margin-top:.25em;margin-bottom:.25em;display:inline-block;line-height:0}
313 | .image.left{margin-right:.625em}
314 | .image.right{margin-left:.625em}
315 | a.image{text-decoration:none;display:inline-block}
316 | a.image object{pointer-events:none}
317 | sup.footnote,sup.footnoteref{font-size:.875em;position:static;vertical-align:super}
318 | sup.footnote a,sup.footnoteref a{text-decoration:none}
319 | sup.footnote a:active,sup.footnoteref a:active{text-decoration:underline}
320 | #footnotes{padding-top:.75em;padding-bottom:.75em;margin-bottom:.625em}
321 | #footnotes hr{width:20%;min-width:6.25em;margin:-.25em 0 .75em 0;border-width:1px 0 0 0}
322 | #footnotes .footnote{padding:0 .375em 0 .225em;line-height:1.3334;font-size:.875em;margin-left:1.2em;text-indent:-1.05em;margin-bottom:.2em}
323 | #footnotes .footnote a:first-of-type{font-weight:bold;text-decoration:none}
324 | #footnotes .footnote:last-of-type{margin-bottom:0}
325 | #content #footnotes{margin-top:-.625em;margin-bottom:0;padding:.75em 0}
326 | .gist .file-data>table{border:0;background:#fff;width:100%;margin-bottom:0}
327 | .gist .file-data>table td.line-data{width:99%}
328 | div.unbreakable{page-break-inside:avoid}
329 | .big{font-size:larger}
330 | .small{font-size:smaller}
331 | .underline{text-decoration:underline}
332 | .overline{text-decoration:overline}
333 | .line-through{text-decoration:line-through}
334 | .aqua{color:#00bfbf}
335 | .aqua-background{background-color:#00fafa}
336 | .black{color:#000}
337 | .black-background{background-color:#000}
338 | .blue{color:#0000bf}
339 | .blue-background{background-color:#0000fa}
340 | .fuchsia{color:#bf00bf}
341 | .fuchsia-background{background-color:#fa00fa}
342 | .gray{color:#606060}
343 | .gray-background{background-color:#7d7d7d}
344 | .green{color:#006000}
345 | .green-background{background-color:#007d00}
346 | .lime{color:#00bf00}
347 | .lime-background{background-color:#00fa00}
348 | .maroon{color:#600000}
349 | .maroon-background{background-color:#7d0000}
350 | .navy{color:#000060}
351 | .navy-background{background-color:#00007d}
352 | .olive{color:#606000}
353 | .olive-background{background-color:#7d7d00}
354 | .purple{color:#600060}
355 | .purple-background{background-color:#7d007d}
356 | .red{color:#bf0000}
357 | .red-background{background-color:#fa0000}
358 | .silver{color:#909090}
359 | .silver-background{background-color:#bcbcbc}
360 | .teal{color:#006060}
361 | .teal-background{background-color:#007d7d}
362 | .white{color:#bfbfbf}
363 | .white-background{background-color:#fafafa}
364 | .yellow{color:#bfbf00}
365 | .yellow-background{background-color:#fafa00}
366 | span.icon>.fa{cursor:default}
367 | .admonitionblock td.icon [class^="fa icon-"]{font-size:2.5em;text-shadow:1px 1px 2px rgba(0,0,0,.5);cursor:default}
368 | .admonitionblock td.icon .icon-note:before{content:"\f05a";color:#19407c}
369 | .admonitionblock td.icon .icon-tip:before{content:"\f0eb";text-shadow:1px 1px 2px rgba(155,155,0,.8);color:#111}
370 | .admonitionblock td.icon .icon-warning:before{content:"\f071";color:#bf6900}
371 | .admonitionblock td.icon .icon-caution:before{content:"\f06d";color:#bf3400}
372 | .admonitionblock td.icon .icon-important:before{content:"\f06a";color:#bf0000}
373 | .conum[data-value]{display:inline-block;color:#fff!important;background-color:rgba(0,0,0,.8);-webkit-border-radius:100px;border-radius:100px;text-align:center;font-size:.75em;width:1.67em;height:1.67em;line-height:1.67em;font-family:"Open Sans","DejaVu Sans",sans-serif;font-style:normal;font-weight:bold}
374 | .conum[data-value] *{color:#fff!important}
375 | .conum[data-value]+b{display:none}
376 | .conum[data-value]:after{content:attr(data-value)}
377 | pre .conum[data-value]{position:relative;top:-.125em}
378 | b.conum *{color:inherit!important}
379 | .conum:not([data-value]):empty{display:none}
380 | dt,th.tableblock,td.content,div.footnote{text-rendering:optimizeLegibility}
381 | h1,h2,p,td.content,span.alt{letter-spacing:-.01em}
382 | p strong,td.content strong,div.footnote strong{letter-spacing:-.005em}
383 | p,blockquote,dt,td.content,span.alt{font-size:1.0625rem}
384 | p{margin-bottom:1.25rem}
385 | .sidebarblock p,.sidebarblock dt,.sidebarblock td.content,p.tableblock{font-size:1em}
386 | .exampleblock>.content{background-color:#fffef7;border-color:#e0e0dc;-webkit-box-shadow:0 1px 4px #e0e0dc;box-shadow:0 1px 4px #e0e0dc}
387 | .print-only{display:none!important}
388 | @media print{@page{margin:1.25cm .75cm}
389 | *{-webkit-box-shadow:none!important;box-shadow:none!important;text-shadow:none!important}
390 | a{color:inherit!important;text-decoration:underline!important}
391 | a.bare,a[href^="#"],a[href^="mailto:"]{text-decoration:none!important}
392 | a[href^="http:"]:not(.bare):after,a[href^="https:"]:not(.bare):after{content:"(" attr(href) ")";display:inline-block;font-size:.875em;padding-left:.25em}
393 | abbr[title]:after{content:" (" attr(title) ")"}
394 | pre,blockquote,tr,img,object,svg{page-break-inside:avoid}
395 | thead{display:table-header-group}
396 | svg{max-width:100%}
397 | p,blockquote,dt,td.content{font-size:1em;orphans:3;widows:3}
398 | h2,h3,#toctitle,.sidebarblock>.content>.title{page-break-after:avoid}
399 | #toc,.sidebarblock,.exampleblock>.content{background:none!important}
400 | #toc{border-bottom:1px solid #ddddd8!important;padding-bottom:0!important}
401 | .sect1{padding-bottom:0!important}
402 | .sect1+.sect1{border:0!important}
403 | #header>h1:first-child{margin-top:1.25rem}
404 | body.book #header{text-align:center}
405 | body.book #header>h1:first-child{border:0!important;margin:2.5em 0 1em 0}
406 | body.book #header .details{border:0!important;display:block;padding:0!important}
407 | body.book #header .details span:first-child{margin-left:0!important}
408 | body.book #header .details br{display:block}
409 | body.book #header .details br+span:before{content:none!important}
410 | body.book #toc{border:0!important;text-align:left!important;padding:0!important;margin:0!important}
411 | body.book #toc,body.book #preamble,body.book h1.sect0,body.book .sect1>h2{page-break-before:always}
412 | .listingblock code[data-lang]:before{display:block}
413 | #footer{background:none!important;padding:0 .9375em}
414 | #footer-text{color:rgba(0,0,0,.6)!important;font-size:.9em}
415 | .hide-on-print{display:none!important}
416 | .print-only{display:block!important}
417 | .hide-for-print{display:none!important}
418 | .show-for-print{display:inherit!important}}
419 | </style>
420 | </head>
421 | <body class="article">
422 | <div id="header">
423 | <h1>OpenShift Pipeline Library</h1>
424 | <div id="toc" class="toc">
425 | <div id="toctitle">Table of Contents</div>
426 | <ul class="sectlevel1">
427 | <li><a href="#_focus_goals">Focus / Goals</a></li>
428 | <li><a href="#GettingStarted">Getting Started</a>
429 | <ul class="sectlevel2">
430 | <li><a href="#_installation">Installation</a></li>
431 | <li><a href="#_how_does_this_work">How does this work?</a></li>
432 | </ul>
433 | </li>
434 | <li><a href="#_library_methods">Library Methods</a>
435 | <ul class="sectlevel2">
436 | <li><a href="#FunctionVariables">Function Variables</a></li>
437 | <li><a href="#Utils">Utils</a></li>
438 | </ul>
439 | </li>
440 | </ul>
441 | </div>
442 | </div>
443 | <div id="content">
444 | <div class="sect1">
445 | <h2 id="_focus_goals">Focus / Goals</h2>
446 | <div class="sectionbody">
447 | <div class="ulist">
448 | <ul>
449 | <li>
450 | <p>Show the benefits of using Jenkins and OpenShift together</p>
451 | </li>
452 | <li>
453 | <p>The Jenkins master should be ephemeral:</p>
454 | <div class="ulist">
455 | <ul>
456 | <li>
457 | <p>Configuration stored in OpenShift</p>
458 | </li>
459 | <li>
460 | <p>Pipeline, Jobs and libraries in source control</p>
461 | </li>
462 | </ul>
463 | </div>
464 | </li>
465 | <li>
466 | <p>GitHub Organizational level and project pull request testing</p>
467 | </li>
468 | </ul>
469 | </div>
470 | </div>
471 | </div>
472 | <div class="sect1">
473 | <h2 id="GettingStarted">Getting Started</h2>
474 | <div class="sectionbody">
475 | <div class="sect2">
476 | <h3 id="_installation">Installation</h3>
477 | <div class="listingblock">
478 | <div class="title">Create New Project</div>
479 | <div class="content">
480 | <pre class="highlight"><code class="language-bash" data-lang="bash">oc new-project &lt;project-name&gt;</code></pre>
481 | </div>
482 | </div>
483 | <div class="listingblock">
484 | <div class="title">Add Template to Project</div>
485 | <div class="content">
486 | <pre class="highlight"><code class="language-bash" data-lang="bash">oc create -f https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/master/jenkins/openshift/template.yaml</code></pre>
487 | </div>
488 | </div>
489 | <div class="paragraph">
490 | <p>At this point you will need to create a <a href="https://github.com/settings/tokens/new?scopes=repo,read:user,user:email">GitHub token</a> to include when processing the template.</p>
491 | </div>
492 | <div class="listingblock">
493 | <div class="title">Process Template</div>
494 | <div class="content">
495 | <pre class="highlight"><code class="language-bash" data-lang="bash">oc new-app --template docker-image-testing \
496 |   -p JENKINS_ORG_FOLDER_NAME=RHsyseng \
497 |   -p JENKINS_GITHUB_OWNER=RHsyseng-user \
498 |   -p JENKINS_GITHUB_REPO=openshift-client-library \
499 |   -p JENKINS_GITHUB_CRED_ID=github \
500 |   -p GITHUB_USERNAME=RHsyseng-user \
501 |   -p GITHUB_TOKEN=token</code></pre>
502 | </div>
503 | </div>
504 | <div class="listingblock">
505 | <div class="title">Add Jenkins to the project</div>
506 | <div class="content">
507 | <pre class="highlight"><code class="language-bash" data-lang="bash">oc new-app --template jenkins-ephemeral -p NAMESPACE=$(oc project -q) -p MEMORY_LIMIT=2Gi</code></pre>
508 | </div>
509 | </div>
510 | <div class="listingblock">
511 | <div class="title">Add the pipeline</div>
512 | <div class="content">
513 | <pre class="highlight"><code class="language-bash" data-lang="bash">oc create -f https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/master/jenkins/openshift/pipeline.yaml</code></pre>
514 | </div>
515 | </div>
516 | <div class="listingblock">
517 | <div class="title">Start the build (pipeline)</div>
518 | <div class="content">
519 | <pre class="highlight"><code class="language-bash" data-lang="bash">oc start-build createcred-pipeline</code></pre>
520 | </div>
521 | </div>
522 | </div>
523 | <div class="sect2">
524 | <h3 id="_how_does_this_work">How does this work?</h3>
525 | <div class="sect3">
526 | <h4 id="_source_to_image_jenkins">Source to Image Jenkins</h4>
527 | <div class="paragraph">
528 | <p>The Jenkins image is S2I enabled which is a huge benefit to this project because it requires additional items
529 | to be successful.  This includes:</p>
530 | </div>
531 | <div class="ulist">
532 | <ul>
533 | <li>
534 | <p>Additional plugins:</p>
535 | <div class="ulist">
536 | <ul>
537 | <li>
538 | <p>OpenShift Jenkins client (master)</p>
539 | </li>
540 | </ul>
541 | </div>
542 | </li>
543 | <li>
544 | <p>Jobs:</p>
545 | <div class="ulist">
546 | <ul>
547 | <li>
548 | <p>Seed</p>
549 | </li>
550 | <li>
551 | <p>Organizational Folder</p>
552 | </li>
553 | </ul>
554 | </div>
555 | </li>
556 | <li>
557 | <p>Configuration:</p>
558 | <div class="ulist">
559 | <ul>
560 | <li>
561 | <p>Global Libraries</p>
562 | </li>
563 | <li>
564 | <p>Script approval</p>
565 | </li>
566 | </ul>
567 | </div>
568 | </li>
569 | </ul>
570 | </div>
571 | </div>
572 | <div class="sect3">
573 | <h4 id="_openshift">OpenShift</h4>
574 | <div class="sect4">
575 | <h5 id="_configmap">ConfigMap</h5>
576 | <div class="paragraph">
577 | <p>The <code>orgfolder</code> ConfigMap stores the configuration parameters for the seed job.</p>
578 | </div>
579 | </div>
580 | <div class="sect4">
581 | <h5 id="_secret">Secret</h5>
582 | <div class="paragraph">
583 | <p>The <code>github</code> secret stores the github username and the token.</p>
584 | </div>
585 | </div>
586 | </div>
587 | <div class="sect3">
588 | <h4 id="_jobs_pipeline">Jobs / Pipeline</h4>
589 | <div class="sect4">
590 | <h5 id="_openshift_pipeline">OpenShift Pipeline</h5>
591 | <div class="sect5">
592 | <h6 id="_files">Files</h6>
593 | <div class="ulist">
594 | <ul>
595 | <li>
596 | <p><code>jenkins/jobs/credPipelineJob.groovy</code></p>
597 | </li>
598 | <li>
599 | <p><code>jenkins/openshift/pipeline.yaml</code></p>
600 | </li>
601 | </ul>
602 | </div>
603 | </div>
604 | <div class="sect5">
605 | <h6 id="_steps">Steps</h6>
606 | <div class="olist arabic">
607 | <ol class="arabic">
608 | <li>
609 | <p>Configures the Jenkins URL (Manage Jenkins - Configure System - Jenkins Location).  This is required to provide the URL when adding the build status to GitHub.</p>
610 | </li>
611 | <li>
612 | <p>Create a <code>List&lt;hudson.model.ParameterValue&gt;</code> from a OpenShift ConfigMap to be used for seed job.</p>
613 | </li>
614 | <li>
615 | <p>Create Jenkins credentials from OpenShift secret.  This adds the GitHub username and token to Jenkins for use in GitHub related plugins.</p>
616 | </li>
617 | <li>
618 | <p>Configure the anonymous user for embedded build status icon.</p>
619 | </li>
620 | <li>
621 | <p>Finally run the seed job with the parameters is ran to build the Organizational Folder job.</p>
622 | </li>
623 | </ol>
624 | </div>
625 | </div>
626 | </div>
627 | <div class="sect4">
628 | <h5 id="_seed_job">Seed Job</h5>
629 | <div class="sect5">
630 | <h6 id="_files_2">Files</h6>
631 | <div class="ulist">
632 | <ul>
633 | <li>
634 | <p><code>jenkins/configuration/jobs/seed</code></p>
635 | </li>
636 | </ul>
637 | </div>
638 | </div>
639 | <div class="sect5">
640 | <h6 id="_details">Details</h6>
641 | <div class="paragraph">
642 | <p>This is the <a href="https://github.com/jenkinsci/job-dsl-plugin/wiki#getting-started">seed job</a> that will be executed to create the <code>orgFolderJob</code> using the Jenkins Job DSL.</p>
643 | </div>
644 | </div>
645 | </div>
646 | <div class="sect4">
647 | <h5 id="_organizational_folder_job_dsl">Organizational Folder Job DSL</h5>
648 | <div class="sect5">
649 | <h6 id="_files_3">Files</h6>
650 | <div class="ulist">
651 | <ul>
652 | <li>
653 | <p><code>jenkins/jobs/orgFolderJob.groovy</code></p>
654 | </li>
655 | </ul>
656 | </div>
657 | </div>
658 | <div class="sect5">
659 | <h6 id="_details_2">Details</h6>
660 | <div class="paragraph">
661 | <p>This Job DSL will create a Organizational Folder job configured for:</p>
662 | </div>
663 | <div class="ulist">
664 | <ul>
665 | <li>
666 | <p>GitHub</p>
667 | </li>
668 | <li>
669 | <p>Specific repository owner (or organization)</p>
670 | </li>
671 | <li>
672 | <p>Repository pattern</p>
673 | </li>
674 | <li>
675 | <p>Checkout credentials</p>
676 | </li>
677 | </ul>
678 | </div>
679 | </div>
680 | </div>
681 | <div class="sect4">
682 | <h5 id="_jenkinsfile">Jenkinsfile</h5>
683 | <div class="sect5">
684 | <h6 id="_files_4">Files</h6>
685 | <div class="ulist">
686 | <ul>
687 | <li>
688 | <p><code>Jenkinsfile</code></p>
689 | </li>
690 | </ul>
691 | </div>
692 | </div>
693 | <div class="sect5">
694 | <h6 id="_details_3">Details</h6>
695 | <div class="paragraph">
696 | <p>This is used for the openshift-pipeline-library project but it can also be used as an example for your own project.</p>
697 | </div>
698 | </div>
699 | </div>
700 | </div>
701 | </div>
702 | </div>
703 | </div>
704 | <div class="sect1">
705 | <h2 id="_library_methods">Library Methods</h2>
706 | <div class="sectionbody">
707 | <div class="sect2">
708 | <h3 id="FunctionVariables">Function Variables</h3>
709 | <div class="sect3">
710 | <h4 id="_newbuildopenshift">newBuildOpenShift</h4>
711 | <div class="paragraph">
712 | <p>Starts a <code>oc new-build</code> process and monitors while the related objects
713 | are executing.</p>
714 | </div>
715 | <div class="listingblock">
716 | <div class="title">Returned HashMap</div>
717 | <div class="content">
718 | <pre class="highlight"><code class="language-java" data-lang="java">[names: newBuild.names(), buildConfigName: buildConfigName]</code></pre>
719 | </div>
720 | </div>
721 | <div class="listingblock">
722 | <div class="title">Example</div>
723 | <div class="content">
724 | <pre class="highlight"><code class="language-java" data-lang="java">def newBuild = newBuildOpenShift() {
725 |     url = scmUrl                                    <b class="conum">(1)</b>
726 |     branch = scmRef                                 <b class="conum">(2)</b>
727 |     contextDir = path                               <b class="conum">(3)</b>
728 |     deleteBuild = false                             <b class="conum">(4)</b>
729 |     randomName = true                               <b class="conum">(5)</b>
730 |     image = "docker.io/aweiteka/playbook2image"     <b class="conum">(6)</b>
731 |     imageStream = "project/isname"                  <b class="conum">(7)</b>
732 | }</code></pre>
733 | </div>
734 | </div>
735 | <div class="colist arabic">
736 | <ol>
737 | <li>
738 | <p>Create a build config from a remote repository.</p>
739 | </li>
740 | <li>
741 | <p>Create a build config from a remote repository using a specific branch.</p>
742 | </li>
743 | <li>
744 | <p>The directory in the repository to be used for the build</p>
745 | </li>
746 | <li>
747 | <p>Delete build config and related objects after complete.</p>
748 | </li>
749 | <li>
750 | <p>Generate a random name (UUID) for the build config objects.</p>
751 | </li>
752 | <li>
753 | <p>External registry location for a container image.</p>
754 | </li>
755 | <li>
756 | <p>Name of an image stream to be used as a builder.</p>
757 | </li>
758 | </ol>
759 | </div>
760 | <div class="admonitionblock note">
761 | <table>
762 | <tr>
763 | <td class="icon">
764 | <div class="title">Note</div>
765 | </td>
766 | <td class="content">
767 | <div class="paragraph">
768 | <p>Do not use <code>image</code> and <code>imageStream</code> options together.</p>
769 | </div>
770 | </td>
771 | </tr>
772 | </table>
773 | </div>
774 | </div>
775 | <div class="sect3">
776 | <h4 id="_runopenshift">runOpenShift</h4>
777 | <div class="paragraph">
778 | <p>Starts a <code>oc run</code> process and monitors the pod object while executing.  Current expectations for this function is that it will do some process and exit.  The exit code will determine success or failure.</p>
779 | </div>
780 | <div class="listingblock">
781 | <div class="title">Example</div>
782 | <div class="content">
783 | <pre class="highlight"><code class="language-java" data-lang="java">runOpenShift {
784 |     deletePod = true                <b class="conum">(1)</b>
785 |     branch = scmRef                 <b class="conum">(2)</b>
786 |     image = dockerImageRepository   <b class="conum">(3)</b>
787 |     env = ["foo=goo"]               <b class="conum">(4)</b>
788 | }</code></pre>
789 | </div>
790 | </div>
791 | <div class="colist arabic">
792 | <ol>
793 | <li>
794 | <p>Delete pod after execution</p>
795 | </li>
796 | <li>
797 | <p>Name of the pod</p>
798 | </li>
799 | <li>
800 | <p>Docker image URL</p>
801 | </li>
802 | <li>
803 | <p>Environmental variables that the pod requires to run.</p>
804 | </li>
805 | </ol>
806 | </div>
807 | </div>
808 | <div class="sect3">
809 | <h4 id="_getimagestreamrepo">getImageStreamRepo</h4>
810 | <div class="paragraph">
811 | <p>Both the newBuildOpenShift and runOpenShift require either the ImageStream or Docker image repoistory url. This function returns both as a HashMap for a given ImageStream name.</p>
812 | </div>
813 | <div class="listingblock">
814 | <div class="title">Returned HashMap</div>
815 | <div class="content">
816 | <pre class="highlight"><code class="language-java" data-lang="java">[dockerImageRepository: is.status.dockerImageRepository,
817 |                  imageStream: imageStream]</code></pre>
818 | </div>
819 | </div>
820 | <div class="listingblock">
821 | <div class="title">Example</div>
822 | <div class="content">
823 | <pre class="highlight"><code class="language-java" data-lang="java">isRepo = getImageStreamRepo(newBuild.buildConfigName)</code></pre>
824 | </div>
825 | </div>
826 | </div>
827 | </div>
828 | <div class="sect2">
829 | <h3 id="Utils">Utils</h3>
830 | <div class="sect3">
831 | <h4 id="_createjobparameters_hashmap_configmap">createJobParameters(HashMap configMap)</h4>
832 | <div class="paragraph">
833 | <p>Converts an OpenShift ConfigMap to a List of ParameterValues which can be used in a parameterized Jenkins Job.</p>
834 | </div>
835 | </div>
836 | <div class="sect3">
837 | <h4 id="_getgithubpr_string_login_string_oauthaccesstoken_string_changeurl">getGitHubPR(String login, String oauthAccessToken, String changeUrl)</h4>
838 | <div class="paragraph">
839 | <p>Returns the originating repository and branch name of a pull request.</p>
840 | </div>
841 | </div>
842 | <div class="sect3">
843 | <h4 id="_configurerooturl_string_url">configureRootUrl(String url)</h4>
844 | <div class="paragraph">
845 | <p>Sets the Jenkins Location Configuration URL in an ephemeral Jenkins instance.</p>
846 | </div>
847 | </div>
848 | <div class="sect3">
849 | <h4 id="_createcredentialsfromopenshift_hashmap_secret_string_id">createCredentialsFromOpenShift(HashMap secret, String id)</h4>
850 | <div class="paragraph">
851 | <p>From an OpenShift secret creates Jenkins credentials to be used in a Jenkins Job or plugin.</p>
852 | </div>
853 | </div>
854 | </div>
855 | </div>
856 | </div>
857 | </div>
858 | <div id="footer">
859 | <div id="footer-text">
860 | Last updated 2017-05-01 14:47:28 EDT
861 | </div>
862 | </div>
863 | </body>
864 | </html>


--------------------------------------------------------------------------------
/examples/REAME.md:
--------------------------------------------------------------------------------
1 | Example pipelines and playbooks.
2 | 


--------------------------------------------------------------------------------
/examples/containerzone/docker/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/6034ae602b4d6cc56bb66bcd0bdbc8f6b218932f/examples/containerzone/docker/.gitignore


--------------------------------------------------------------------------------
/examples/containerzone/docker/jobs/buildPushScan.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | @Library('Utils')
 4 | import com.redhat.*
 5 | 
 6 | node {
 7 |     stage('checkout') {
 8 |         checkout scm
 9 |     }
10 | 
11 |     /** vars/dockerBuildPush.groovy
12 |      * This DSL (groovy closure) will build the dockerfile located in the
13 |      * contextDir.  Once created an optional parameters testJobName and testJobParameters
14 |      * can be used to test the resulting image.  Finally the image will be pushed
15 |      * to the partner registry.
16 |      */
17 |     dockerBuildPush {
18 |         credentialsId = "ContainerZone"
19 |         contextDir = "examples/docker"
20 |         imageName = "czone"
21 |         imageTag = "latest"
22 |     }
23 | 
24 |     /** vars/containerZoneScan.groovy
25 |      * This DSL will use the connect API to determine the status of the scan
26 |      * and display the scan results with the Jenkins console.
27 |      */
28 |     containerZoneScan {
29 |         credentialsId = "ContainerZone"
30 |         openShiftUri = "insecure://api.rhc4tp.openshift.com"
31 |         imageName = "czone"
32 |         imageTag = "latest"
33 |     }
34 | }
35 | 


--------------------------------------------------------------------------------
/examples/containerzone/generic/jobs/CheckHealthGrade/checkHealthGradePipeline.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | @Library('Utils')
 4 | import com.redhat.*
 5 | 
 6 | 
 7 | node {
 8 | 
 9 |     /**
10 |      * This DSL (groovy closure) checks the container status
11 |      * rebuilding the image if required
12 |      */
13 |     def jobParameters = new JenkinsUtils().createJobParameters([name: "foo"])
14 | 
15 |     def jobName = JOBNAME
16 | 
17 |     containerZoneHealthCheck {
18 |         credentialsId = "ContainerZone"
19 |         rebuildJobName = jobName
20 |         rebuildJobParameters = jobParameters
21 |     }
22 | }
23 | 


--------------------------------------------------------------------------------
/examples/containerzone/openshift/.gitignore:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/RHsyseng/openshift-pipeline-library/6034ae602b4d6cc56bb66bcd0bdbc8f6b218932f/examples/containerzone/openshift/.gitignore


--------------------------------------------------------------------------------
/examples/containerzone/openshift/buildconfig-pipeline.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: BuildConfig
 4 | metadata:
 5 |   name: "ContainerZonePipeline"
 6 | spec:
 7 |   source:
 8 |     type: "Git"
 9 |     git:
10 |       uri: "https://github.com/RHsyseng/openshift-pipeline-library"
11 |       ref: "master"
12 |   strategy:
13 |     type: "JenkinsPipeline"
14 |     jenkinsPipelineStrategy:
15 |         jenkinsfilePath: examples/containerzone/openshift/jobs/buildPushScan.groovy
16 | 


--------------------------------------------------------------------------------
/examples/containerzone/openshift/jobs/buildPushScan.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | @Library('Utils')
 4 | import com.redhat.*
 5 | 
 6 | /*
 7 |  * TODO: Add build parameters
 8 |  * TODO: Maybe use newBuildOpenShift?
 9 |  */
10 | 
11 | node {
12 | 
13 |     /** vars/createDockerCfgJenkinsCredential.groovy
14 |      * This DSl will create a Jenkins credential from
15 |      * an OpenShift DockerCfg secret.
16 |      */
17 |     createDockerCfgJenkinsCredential {
18 |         secretName = "ContainerZone"
19 |     }
20 | 
21 |     stage('Start OpenShift Build') {
22 |         openshiftBuild(buildConfig: "${EXTERNAL_REGISTRY_IMAGE_NAME}-ex-reg", showBuildLogs: 'true')
23 |     }
24 | 
25 |     /** vars/containerZoneScan.groovy
26 |      * This DSL will use the connect API to determine the status of the scan
27 |      * and display the scan results with the Jenkins console.
28 |      */
29 |     containerZoneScan {
30 |         credentialsId = "ContainerZone"
31 |         openShiftUri = "insecure://api.rhc4tp.openshift.com"
32 |         imageName = "czone"
33 |         imageTag = "latest"
34 |     }
35 | }
36 | 


--------------------------------------------------------------------------------
/examples/containerzone/playbooks/installseedjob.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | # ----------------------------
 3 | # Running
 4 | # ----------------------------
 5 | # TODO: This should be modified to include secrets
 6 | # The jenkins modules execute using the API so the play can just execute locally.
 7 | # ansible-playbook -i localhost, -c local installseedjob.yml
 8 | # ----------------------------
 9 | - name: Install Container Zone Seed Jobs
10 |   hosts: localhost
11 |   gather_facts: False
12 |   vars:
13 |     start_build: |
14 |       import jenkins.model.*
15 |       import hudson.model.*
16 |       Jenkins.instance.getAllItems(FreeStyleProject).each {it ->
17 |       def pattern = 'checkImageHealthSeed'
18 |       def m = it.getName() =~ pattern
19 |           if(m) {
20 |               it.scheduleBuild()
21 |           }
22 |       }
23 | 
24 |     approve_script: |
25 |       import org.jenkinsci.plugins.scriptsecurity.scripts.*
26 |       ScriptApproval sa = ScriptApproval.get();
27 |       for (ScriptApproval.PendingScript pending : sa.getPendingScripts()) {
28 |           sa.approveScript(pending.getHash());
29 |       }
30 | 
31 |   tasks:
32 | # ----------------------------
33 | # Create Seed Job
34 | # ----------------------------
35 | # This is an example of creating a seed job to build a pipeline job
36 | # that uses the Job DSL plugin.
37 | # ----------------------------
38 |     - name: Create Seed Job for checkHealthGradePipeline (Job DSL)
39 |       jenkins_job:
40 |         config: "{{ lookup('file', 'templates/checkImageHealthSeed.xml') }}"
41 |         name: checkImageHealthSeed
42 |         url: http://10.53.252.84:8080
43 |         user: admin
44 |         token: 66d28ba4dbd8731e1148273158eb4add
45 | 
46 | # ----------------------------
47 | # Jenkins Start Job
48 | # ----------------------------
49 | # This will start the seed job that we just added
50 | # NOTE: this will most likely fail.
51 | # ----------------------------
52 |     - name: Jenkins Start Job
53 |       jenkins_script:
54 |         script: "{{ start_build }}"
55 |         url: http://10.53.252.84:8080
56 |         user: admin
57 |         password: admin
58 | 


--------------------------------------------------------------------------------
/examples/containerzone/playbooks/templates/checkImageHealthSeed.xml:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8'?>
 2 | <flow-definition plugin="workflow-job@2.11">
 3 | <actions/>
 4 | <description></description>
 5 | <keepDependencies>false</keepDependencies>
 6 | <properties>
 7 |   <hudson.model.ParametersDefinitionProperty>
 8 |     <parameterDefinitions>
 9 |       <hudson.model.StringParameterDefinition>
10 |         <name>JOBNAME</name>
11 |         <description>Name of rebuild job</description>
12 |         <defaultValue>foo</defaultValue>
13 |       </hudson.model.StringParameterDefinition>
14 |     </parameterDefinitions>
15 |   </hudson.model.ParametersDefinitionProperty>
16 |   <org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
17 |     <triggers class="java.util.Collections$UnmodifiableRandomAccessList" resolves-to="java.util.Collections$UnmodifiableList">
18 |       <c class="list">
19 |         <hudson.triggers.TimerTrigger>
20 |           <spec>@daily</spec>
21 |         </hudson.triggers.TimerTrigger>
22 |       </c>
23 |       <list reference="../c"/>
24 |     </triggers>
25 |   </org.jenkinsci.plugins.workflow.job.properties.PipelineTriggersJobProperty>
26 | </properties>
27 | <definition class="org.jenkinsci.plugins.workflow.cps.CpsScmFlowDefinition" plugin="workflow-cps@2.33">
28 |   <scm class="hudson.plugins.git.GitSCM" plugin="git@3.3.0">
29 |     <configVersion>2</configVersion>
30 |     <userRemoteConfigs>
31 |       <hudson.plugins.git.UserRemoteConfig>
32 |         <name>openshift-pipeline-library</name>
33 |         <url>https://github.com/RHsyseng/openshift-pipeline-library</url>
34 |       </hudson.plugins.git.UserRemoteConfig>
35 |     </userRemoteConfigs>
36 |     <branches>
37 |       <hudson.plugins.git.BranchSpec>
38 |         <name>master</name>
39 |       </hudson.plugins.git.BranchSpec>
40 |     </branches>
41 |     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
42 |     <gitTool>Default</gitTool>
43 |     <extensions/>
44 |   </scm>
45 |   <scriptPath>examples/containerzone/generic/jobs/CheckHealthGrade/checkHealthGradePipeline.groovy</scriptPath>
46 |   <lightweight>false</lightweight>
47 | </definition>
48 | <disabled>false</disabled>
49 | 


--------------------------------------------------------------------------------
/jenkins/README.md:
--------------------------------------------------------------------------------
1 | This directory contains configuration files and scripts for Jenkins.
2 | 


--------------------------------------------------------------------------------
/jenkins/configuration/jobs/gitHubOrgSeed/config.xml:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8'?>
 2 | <project>
 3 |   <actions/>
 4 |   <description></description>
 5 |   <keepDependencies>true</keepDependencies>
 6 |   <properties>
 7 |     <hudson.model.ParametersDefinitionProperty>
 8 |       <parameterDefinitions>
 9 |         <hudson.model.StringParameterDefinition>
10 |           <name>name</name>
11 |           <description></description>
12 |           <defaultValue></defaultValue>
13 |         </hudson.model.StringParameterDefinition>
14 |         <hudson.model.StringParameterDefinition>
15 |           <name>displayName</name>
16 |           <description></description>
17 |           <defaultValue></defaultValue>
18 |         </hudson.model.StringParameterDefinition>
19 |         <hudson.model.StringParameterDefinition>
20 |           <name>repoOwner</name>
21 |           <description></description>
22 |           <defaultValue></defaultValue>
23 |         </hudson.model.StringParameterDefinition>
24 |         <hudson.model.StringParameterDefinition>
25 |           <name>credentialsId</name>
26 |           <description></description>
27 |           <defaultValue></defaultValue>
28 |         </hudson.model.StringParameterDefinition>
29 |         <hudson.model.StringParameterDefinition>
30 |           <name>pattern</name>
31 |           <description></description>
32 |           <defaultValue></defaultValue>
33 |         </hudson.model.StringParameterDefinition>
34 |       </parameterDefinitions>
35 |     </hudson.model.ParametersDefinitionProperty>
36 |   </properties>
37 |   <scm class="hudson.plugins.git.GitSCM" plugin="git@3.2.0">
38 |     <configVersion>2</configVersion>
39 |     <userRemoteConfigs>
40 |       <hudson.plugins.git.UserRemoteConfig>
41 |         <url>https://github.com/RHsyseng/openshift-pipeline-library</url>
42 |       </hudson.plugins.git.UserRemoteConfig>
43 |     </userRemoteConfigs>
44 |     <branches>
45 |       <hudson.plugins.git.BranchSpec>
46 |         <name>master</name>
47 |       </hudson.plugins.git.BranchSpec>
48 |     </branches>
49 |     <doGenerateSubmoduleConfigurations>false</doGenerateSubmoduleConfigurations>
50 |     <submoduleCfg class="list"/>
51 |     <extensions/>
52 |   </scm>
53 |   <canRoam>true</canRoam>
54 |   <disabled>false</disabled>
55 |   <blockBuildWhenDownstreamBuilding>false</blockBuildWhenDownstreamBuilding>
56 |   <blockBuildWhenUpstreamBuilding>false</blockBuildWhenUpstreamBuilding>
57 |   <triggers/>
58 |   <concurrentBuild>false</concurrentBuild>
59 |   <builders>
60 |     <javaposse.jobdsl.plugin.ExecuteDslScripts plugin="job-dsl@1.59">
61 |       <targets>jenkins/jobs/githubOrgJob.groovy</targets>
62 |       <usingScriptText>false</usingScriptText>
63 |       <ignoreExisting>false</ignoreExisting>
64 |       <ignoreMissingFiles>false</ignoreMissingFiles>
65 |       <failOnMissingPlugin>false</failOnMissingPlugin>
66 |       <unstableOnDeprecation>false</unstableOnDeprecation>
67 |       <removedJobAction>IGNORE</removedJobAction>
68 |       <removedViewAction>IGNORE</removedViewAction>
69 |       <lookupStrategy>JENKINS_ROOT</lookupStrategy>
70 |     </javaposse.jobdsl.plugin.ExecuteDslScripts>
71 |   </builders>
72 |   <publishers/>
73 |   <buildWrappers/>
74 | </project>
75 | 


--------------------------------------------------------------------------------
/jenkins/configuration/org.jenkinsci.plugins.workflow.libs.GlobalLibraries.xml:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8'?>
 2 | <org.jenkinsci.plugins.workflow.libs.GlobalLibraries plugin="workflow-cps-global-lib@2.7">
 3 |   <libraries>
 4 |     <org.jenkinsci.plugins.workflow.libs.LibraryConfiguration>
 5 |       <name>Utils</name>
 6 |       <retriever class="org.jenkinsci.plugins.workflow.libs.SCMSourceRetriever">
 7 |         <scm class="org.jenkinsci.plugins.github_branch_source.GitHubSCMSource" plugin="github-branch-source@2.0.4">
 8 |           <id>44c97d51-cf48-4690-b645-72e0bc32773e</id>
 9 |           <checkoutCredentialsId>SAME</checkoutCredentialsId>
10 |           <repoOwner>RHsyseng</repoOwner>
11 |           <repository>openshift-pipeline-library</repository>
12 |           <includes>*</includes>
13 |           <excludes></excludes>
14 |           <buildOriginBranch>true</buildOriginBranch>
15 |           <buildOriginBranchWithPR>true</buildOriginBranchWithPR>
16 |           <buildOriginPRMerge>false</buildOriginPRMerge>
17 |           <buildOriginPRHead>false</buildOriginPRHead>
18 |           <buildForkPRMerge>true</buildForkPRMerge>
19 |           <buildForkPRHead>false</buildForkPRHead>
20 |         </scm>
21 |       </retriever>
22 |       <defaultVersion>master</defaultVersion>
23 |       <implicit>false</implicit>
24 |       <allowVersionOverride>true</allowVersionOverride>
25 |     </org.jenkinsci.plugins.workflow.libs.LibraryConfiguration>
26 |   </libraries>
27 | </org.jenkinsci.plugins.workflow.libs.GlobalLibraries>
28 | 


--------------------------------------------------------------------------------
/jenkins/configuration/scriptApproval.xml:
--------------------------------------------------------------------------------
 1 | <?xml version='1.0' encoding='UTF-8'?>
 2 | <scriptApproval plugin="script-security@1.27">
 3 |   <approvedScriptHashes/>
 4 |   <approvedSignatures>
 5 |     <string>method hudson.plugins.git.GitSCM getBranches</string>
 6 |     <string>method hudson.plugins.git.browser.GitRepositoryBrowser getUrl</string>
 7 |     <string>method hudson.scm.SCM getBrowser</string>
 8 |     <string>staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods dump java.lang.Object</string>
 9 |   </approvedSignatures>
10 |   <aclApprovedSignatures/>
11 |   <approvedClasspathEntries/>
12 |   <pendingScripts/>
13 |   <pendingSignatures/>
14 |   <pendingClasspathEntries/>
15 | </scriptApproval>
16 | 


--------------------------------------------------------------------------------
/jenkins/jobs/configureJenkinsOpenShift.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | @Library('Utils')
 4 | import com.redhat.*
 5 | 
 6 | node {
 7 |     def id = null
 8 |     def seedJobParameters = null
 9 |     def jenkinsUtils = new com.redhat.JenkinsUtils()
10 | 
11 |     /* The Jenkins root url is configured under
12 |      * Manage Jenkins -> Configure System -> Jenkins Location
13 |      * This is not configured properly in a ephemeral deployment.
14 |      * Use the OpenShift route object to determine the correct url.
15 |      */
16 |     stage('Configure URL') {
17 |         openshift.withCluster() {
18 |             def route = openshift.selector('route', 'jenkins').object()
19 |             jenkinsUtils.configureRootUrl("https://${route.spec.host}")
20 |         }
21 |     }
22 |     /* Create Jenkins build job parameters from a OpenShift ConfigMap */
23 |     stage('Extract ConfigMap') {
24 |         openshift.withCluster() {
25 |             def configMap = openshift.selector( "configmap/orgfolder" ).object().data
26 |             seedJobParameters = jenkinsUtils.createJobParameters(configMap)
27 |         }
28 |     }
29 | 
30 |     /* Create a Jenkins credential from a OpenShift secret for GitHub user and token */
31 |     stage('OpenShift -> Jenkins credentials') {
32 |         openshift.withCluster() {
33 |             def secret = openshift.selector( "secret/github" ).object()
34 |             id = jenkinsUtils.createCredentialsFromOpenShift(secret, "github")
35 |         }
36 |     }
37 |     /* To use the embeddable build status plugin the anonymous user must
38 |        have the ability to ViewStatus and Read.
39 |      */
40 |     stage('Configure Anonymous User') {
41 |         jenkinsUtils.setAnonPermBuildStatusIcon()
42 |     }
43 |     /* This builds the Seed job for the GitHub Organizational folder Job DSL
44 |      * to create a job for the github org configured in seedJobParameters.
45 |      */
46 |     stage('Run Seed Job') {            
47 |         build job: 'gitHubOrgSeed', parameters: seedJobParameters
48 |     }
49 | }
50 | 


--------------------------------------------------------------------------------
/jenkins/jobs/githubOrgJob.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | organizationFolder("${name}") {
 4 |     description('This contains branch source jobs for GitHub')
 5 |     displayName("${displayName}")
 6 |     orphanedItemStrategy {
 7 |         discardOldItems {
 8 |             daysToKeep(0)
 9 |             numToKeep(0)
10 |         }
11 |     }
12 |     organizations {
13 |         github {
14 |             apiUri('https://api.github.com')
15 |             repoOwner("${repoOwner}")
16 |             scanCredentialsId("${credentialsId}")
17 |             pattern("${pattern}")
18 |             checkoutCredentialsId("${credentialsId}")
19 |             buildOriginBranch(true)
20 |             buildOriginBranchWithPR(true)
21 |             buildOriginPRMerge(false)
22 |             buildOriginPRHead(false)
23 |             buildForkPRMerge(true)
24 |             buildForkPRHead(false)
25 |         }
26 |     }
27 |     triggers {
28 |         periodic(10)
29 |     }
30 | }
31 | 


--------------------------------------------------------------------------------
/jenkins/openshift/pipeline.yaml:
--------------------------------------------------------------------------------
 1 | ---
 2 | apiVersion: v1
 3 | kind: BuildConfig
 4 | metadata:
 5 |   name: "configurejenkinspipeline"
 6 | spec:
 7 |   source:
 8 |     type: "Git"
 9 |     git:
10 |       uri: "https://github.com/RHsyseng/openshift-pipeline-library"
11 |       ref: "master"
12 |   strategy:
13 |     type: "JenkinsPipeline"
14 |     jenkinsPipelineStrategy:
15 |         jenkinsfilePath: jenkins/jobs/configureJenkinsOpenShift.groovy
16 | 


--------------------------------------------------------------------------------
/jenkins/openshift/template.yaml:
--------------------------------------------------------------------------------
  1 | ---
  2 | apiVersion: v1
  3 | kind: Template
  4 | labels:
  5 |   template: docker-image-testing-template
  6 | message: A Jenkins service has been created in your project.  Log into Jenkins with
  7 |   your OpenShift account.  The tutorial at URL contains more information about using this template.
  8 | metadata:
  9 |   name: docker-image-testing
 10 |   annotations:
 11 |     description: |-
 12 |       Jenkins service, without persistent storage.
 13 | 
 14 |       WARNING: Any data stored will be lost upon pod destruction. Only use this template for testing.
 15 |     iconClass: icon-jenkins
 16 |     openshift.io/display-name: Docker image testing in Jenkins (Ephemeral)
 17 |     tags: instant-app,jenkins
 18 |     template.openshift.io/documentation-url: https://docs.openshift.org/latest/using_images/other_images/jenkins.html
 19 |     template.openshift.io/long-description: This template deploys a Jenkins server
 20 |       capable of managing OpenShift Pipeline builds and supporting OpenShift-based
 21 |       oauth login.
 22 |     template.openshift.io/provider-display-name: RHsyseng
 23 |     template.openshift.io/support-url: https://github.com/RHsyseng/openshift-pipeline-library
 24 | objects:
 25 | - kind: ConfigMap
 26 |   apiVersion: v1
 27 |   metadata:
 28 |     name: orgfolder
 29 |   data:
 30 |     name: ${JENKINS_ORG_FOLDER_NAME}
 31 |     displayName: ${JENKINS_ORG_FOLDER_NAME}
 32 |     repoOwner: ${JENKINS_GITHUB_OWNER}
 33 |     pattern: ${JENKINS_GITHUB_REPO}
 34 |     credentialsId: ${JENKINS_GITHUB_CRED_ID}
 35 | - apiVersion: v1
 36 |   kind: BuildConfig
 37 |   metadata:
 38 |     name: jenkins
 39 |   spec:
 40 |     nodeSelector: null
 41 |     output:
 42 |       to:
 43 |         kind: ImageStreamTag
 44 |         name: jenkins:latest
 45 |     postCommit: {}
 46 |     resources: {}
 47 |     runPolicy: Serial
 48 |     source:
 49 |       contextDir: jenkins
 50 |       git:
 51 |         uri: https://github.com/RHsyseng/openshift-pipeline-library
 52 |       type: Git
 53 |     strategy:
 54 |       sourceStrategy:
 55 |         from:
 56 |           kind: ImageStreamTag
 57 |           name: jenkins:2
 58 |           namespace: openshift
 59 |       type: Source
 60 |     triggers:
 61 |     - type: ConfigChange
 62 |     - imageChange: {}
 63 |       type: ImageChange
 64 | - apiVersion: v1
 65 |   kind: ImageStream
 66 |   metadata:
 67 |     name: jenkins
 68 | - apiVersion: v1
 69 |   stringData:
 70 |     password: ${GITHUB_TOKEN}
 71 |     username: ${GITHUB_USERNAME}
 72 |   kind: Secret
 73 |   metadata:
 74 |     creationTimestamp: null
 75 |     name: github
 76 |   type: kubernetes.io/basic-auth
 77 | parameters:
 78 | - description: The simple organization folder name
 79 |   displayName: Organization folder name
 80 |   name: JENKINS_ORG_FOLDER_NAME
 81 |   required: true
 82 | - description: Github Owner (https://github.com/owner/repo)
 83 |   displayName: Github Owner
 84 |   name: JENKINS_GITHUB_OWNER
 85 |   required: true
 86 | - description: Github repository pattern (https://github.com/owner/repo)
 87 |   displayName: Github Repo Pattern
 88 |   name: JENKINS_GITHUB_REPO
 89 |   required: true
 90 | - description: Github username and token secret name
 91 |   displayName: GitHub Credentials Name
 92 |   name: JENKINS_GITHUB_CRED_ID
 93 |   required: true
 94 |   value: github
 95 | - description: Github Username
 96 |   displayName: GitHub Username
 97 |   name: GITHUB_USERNAME
 98 |   required: true
 99 | - description: |
100 |     Github Token
101 |     https://github.com/settings/tokens/new?scopes=repo,read:user,user:email
102 |   displayName: GitHub Token
103 |   name: GITHUB_TOKEN
104 |   required: true
105 | 


--------------------------------------------------------------------------------
/jenkins/plugins.txt:
--------------------------------------------------------------------------------
 1 | # OpenShift Jenkins plugins
 2 | openshift-pipeline:1.0.47
 3 | openshift-login:0.12
 4 | openshift-client:0.9.6
 5 | 
 6 | # lockable resource - Used with openshift-client.  Make sure a buildconfig is not running
 7 | # concurrently - https://wiki.jenkins-ci.org/display/JENKINS/Lockable+Resources+Plugin
 8 | lockable-resources:1.11.2
 9 | 
10 | # kubernetes plugin - https://wiki.jenkins-ci.org/display/JENKINS/Kubernetes+Plugin
11 | kubernetes:0.10
12 | 
13 | # fabric8 openshift sync
14 | openshift-sync:0.1.20
15 | 
16 | workflow-scm-step:2.4
17 | 
18 | # https://wiki.jenkins-ci.org/display/JENKINS/Pipeline+Job+Plugin
19 | workflow-job:2.11.1
20 | # Pipeline plugin - https://wiki.jenkins-ci.org/display/JENKINS/Pipeline+Plugin
21 | # 2.5 now includes pipeline-model-definition (declaritive pipeline)
22 | # 2.4 brought in pipeline-milestone-step
23 | workflow-aggregator:2.5
24 | 
25 | # remote loader https://wiki.jenkins-ci.org/display/JENKINS/Pipeline+Remote+Loader+Plugin
26 | workflow-remote-loader:1.2
27 | 
28 | matrix-project:1.7.1
29 | multiple-scms:0.6
30 | ssh-credentials:1.13
31 | 
32 | git:3.4.0
33 | github:1.27.0
34 | git-client:2.4.6
35 | github-api:1.86
36 | 
37 | # Pipeline Utility Steps Plugin - https://wiki.jenkins-ci.org/display/JENKINS/Pipeline+Utility+Steps+Plugin
38 | pipeline-utility-steps:1.1.5
39 | 
40 | # Jenkins v2 specific
41 | matrix-auth:1.5
42 | blueocean:1.1.4
43 | 
44 | # Legacy stuff
45 | mapdb-api:1.0.1.0
46 | subversion:2.5.7
47 | 
48 | 
49 | job-dsl:1.63
50 | 
51 | embeddable-build-status:1.9
52 | slack:2.2
53 | generic-webhook-trigger:1.10
54 | 
55 | monitoring:1.67.0
56 | 


--------------------------------------------------------------------------------
/src/com/redhat/GitHubUtils.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | package com.redhat
 4 | 
 5 | import org.kohsuke.github.*
 6 | import java.util.logging.Level
 7 | import java.util.logging.Logger
 8 | 
 9 | 
10 | @NonCPS
11 | HashMap getGitHubPR(String login, String oauthAccessToken, String changeUrl) {
12 |     try {
13 |         String[] changeUrlArray = changeUrl.split('[/]')
14 |         String organization = changeUrlArray[3]
15 |         String repository = changeUrlArray[4]
16 |         int pullRequest = Integer.parseInt(changeUrlArray[6])
17 | 
18 |         return getGitHubPR(login, oauthAccessToken, organization, repository, pullRequest)
19 |     }
20 |     catch(all){
21 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
22 |         throw all
23 |     }
24 | }
25 | 
26 | @NonCPS
27 | HashMap getGitHubPR(String login, String oauthAccessToken, String organization, String repository, int pullRequest) {
28 |     HashMap map = [:]
29 |     try {
30 |         GitHub github = GitHub.connect(login, oauthAccessToken)
31 | 
32 |         GHCommitPointer pointer = github.getRepository("${organization}/${repository}")
33 |                 .getPullRequest(pullRequest).getHead()
34 | 
35 |         map['ref'] = pointer.ref
36 |         map['url'] = pointer.repository.gitHttpTransportUrl().toString()
37 |         return map
38 |     }
39 |     catch (all) {
40 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
41 |         throw all
42 |     }
43 | }
44 | 


--------------------------------------------------------------------------------
/src/com/redhat/JenkinsUtils.groovy:
--------------------------------------------------------------------------------
  1 | #!groovy
  2 | package com.redhat
  3 | 
  4 | import com.cloudbees.groovy.cps.NonCPS
  5 | import com.cloudbees.plugins.credentials.impl.*
  6 | import com.cloudbees.plugins.credentials.*
  7 | import com.cloudbees.plugins.credentials.domains.*
  8 | import groovy.json.JsonSlurperClassic
  9 | import jenkins.model.*
 10 | import jenkins.model.Jenkins
 11 | import hudson.security.*
 12 | import jenkins.model.JenkinsLocationConfiguration
 13 | import hudson.model.*
 14 | 
 15 | import java.util.logging.Level
 16 | import java.util.logging.Logger
 17 | 
 18 | 
 19 | @NonCPS
 20 | List<hudson.model.ParameterValue> createJobParameters(HashMap configMap) {
 21 |     try {
 22 |         List<hudson.model.ParameterValue> parameters = new ArrayList<hudson.model.ParameterValue>()
 23 |         configMap.each{ k, v ->
 24 |             parameters.add(new StringParameterValue("${k}", "${v}"))
 25 |         }
 26 |         return parameters
 27 |     }
 28 |     catch(all) {
 29 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
 30 |         throw all
 31 |     }
 32 | }
 33 | 
 34 | @NonCPS
 35 | Boolean configureRootUrl(String url) {
 36 |     try {
 37 |         JenkinsLocationConfiguration jlc = JenkinsLocationConfiguration.get()
 38 |         jlc.setUrl(url)
 39 |         jlc.save()
 40 |         return true
 41 |     }
 42 |     catch (all) {
 43 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
 44 |         return false
 45 |     }
 46 | }
 47 | 
 48 | @NonCPS
 49 | String createCredentialsFromOpenShift(HashMap secret, String id) {
 50 |     try {
 51 |         String username = new String(secret.data.username.decodeBase64())
 52 |         String password = new String(secret.data.password.decodeBase64())
 53 |         return createCredentials(id, username, password, "secret from openshift")
 54 |     }
 55 |     catch(all) {
 56 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
 57 |         throw all
 58 |     }
 59 | }
 60 | 
 61 | @NonCPS
 62 | String createCredentialsFromOpenShiftDockerCfg(HashMap secret, String id) {
 63 |     try {
 64 |         JsonSlurperClassic parser = new JsonSlurperClassic()
 65 |         /** Base64 decode the dockercfg map.  There should only be one so
 66 |          * parse the string, use an iterator to get the first entry value which is
 67 |          * a map. Use the username and password from that map to create a Jenkins
 68 |          * credential.
 69 |          */
 70 |         String decoded = new String(secret['data']['.dockercfg'].decodeBase64())
 71 |         HashMap extractedMap = ((HashMap) parser
 72 |                 .parseText(decoded)
 73 |                 .entrySet()
 74 |                 .iterator()
 75 |                 .next()
 76 |                 .getValue())
 77 | 
 78 |         parser = null
 79 |         decoded = null
 80 | 
 81 |         return createCredentials(id, (String) extractedMap.username, (String) extractedMap.password,
 82 |                 "DockerCfg from OpenShift")
 83 | 
 84 |     }
 85 |     catch (all) {
 86 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
 87 |         throw all
 88 |     }
 89 | }
 90 | 
 91 | @NonCPS
 92 | String createCredentials(String id = null, String username, String password, String description) {
 93 |     try {
 94 |         if (id == null) {
 95 |             id = java.util.UUID.randomUUID().toString()
 96 |         }
 97 |         Credentials c = (Credentials) new UsernamePasswordCredentialsImpl(CredentialsScope.GLOBAL, id, description, username, password)
 98 |         SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), c)
 99 |         return id
100 |     }
101 |     catch (all) {
102 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
103 |         throw all
104 |     }
105 | }
106 | 
107 | @NonCPS
108 | Boolean setAnonPermBuildStatusIcon() {
109 | 
110 |     def permissions = ["hudson.model.Item.ViewStatus", "hudson.model.View.Read"]
111 |     def sid = "anonymous"
112 | 
113 |     return setJenkinsPermissions(permissions, sid)
114 | }
115 | 
116 | //https://wiki.jenkins-ci.org/display/JENKINS/Grant+Cancel+Permission+for+user+and+group+that+have+Build+permission
117 | 
118 | @NonCPS
119 | Boolean setJenkinsPermissions(def perms, def sid) {
120 |     try {
121 |         perms.each {
122 |             Jenkins.instance.authorizationStrategy.add(Permission.fromId(it), sid)
123 |         }
124 |         Jenkins.instance.save()
125 |         return true
126 |     }
127 |     catch (all) {
128 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, all.toString())
129 |         return false
130 |     }
131 | }
132 | 


--------------------------------------------------------------------------------
/src/com/redhat/Utils.groovy:
--------------------------------------------------------------------------------
  1 | #!groovy
  2 | package com.redhat
  3 | 
  4 | //@Grab('org.kohsuke:github-api:1.85')
  5 | 
  6 | @Grab(group='org.apache.httpcomponents', module='httpclient', version='4.5.2')
  7 | 
  8 | import com.cloudbees.groovy.cps.NonCPS
  9 | import com.cloudbees.plugins.credentials.impl.*
 10 | import com.cloudbees.plugins.credentials.*
 11 | import com.cloudbees.plugins.credentials.domains.*
 12 | 
 13 | 
 14 | import org.apache.http.protocol.*
 15 | import org.apache.http.conn.*
 16 | import org.apache.http.client.*
 17 | import org.apache.http.client.methods.*
 18 | import org.apache.http.entity.*
 19 | import org.apache.http.impl.client.*
 20 | import org.apache.http.client.config.*
 21 | 
 22 | import jenkins.model.*
 23 | import hudson.security.*
 24 | import hudson.model.*
 25 | import groovy.json.*
 26 | 
 27 | import java.util.logging.Level
 28 | import java.util.logging.Logger
 29 | import javax.net.ssl.SSLException
 30 | 
 31 | 
 32 | /**
 33 |  * This method POSTs to a HTTP uri with the requestJsonString as the payload.
 34 |  * The retry boolean is available for HTTP-based APIs that incorrectly implement
 35 |  * the POST method.  This will force a retry if a POST is used in place of the GET
 36 |  * HTTP method.  ** Using retry should be avoided. **
 37 |  *
 38 |  * http://restcookbook.com/HTTP%20Methods/idempotency/
 39 |  * https://hc.apache.org/httpcomponents-client-ga/tutorial/html/fundamentals.html
 40 |  * @param uri
 41 |  * @param requestJsonString
 42 |  * @param retry
 43 |  * @return
 44 |  */
 45 | //static final HashMap postUrl(String uri, String requestJsonString, boolean retry = false) {
 46 | static final HashMap postUrl(String uri, String requestJsonString, boolean retry = false) {
 47 | 
 48 |     CloseableHttpClient client
 49 |     int timeout = 3;
 50 |     int socketTimeout = 30;
 51 |     RequestConfig config = RequestConfig.custom().
 52 |             setConnectTimeout(timeout * 1000).
 53 |             setConnectionRequestTimeout(timeout * 1000).
 54 |             setSocketTimeout(socketTimeout * 1000).build();
 55 | 
 56 |     if (retry) {
 57 |         HttpRequestRetryHandler postRequestHandler = new HttpRequestRetryHandler() {
 58 | 
 59 |             public boolean retryRequest(IOException exception,
 60 |                                         int executionCount,
 61 |                                         HttpContext context) {
 62 |                 if (executionCount >= 5) {
 63 |                     return false
 64 |                 }
 65 |                 if (exception instanceof InterruptedException) {
 66 |                     // timeout
 67 |                     return false
 68 |                 }
 69 |                 if (exception instanceof UnknownHostException) {
 70 |                     // Unknown host
 71 |                     return false
 72 |                 }
 73 |                 if (exception instanceof ConnectTimeoutException) {
 74 |                     // Connection refused
 75 |                     return false
 76 |                 }
 77 |                 if (exception instanceof SSLException) {
 78 |                     // SSL handshake exception
 79 |                     return false
 80 |                 }
 81 |                 return true
 82 |             }
 83 |         }
 84 | 
 85 |         client = HttpClientBuilder.create()
 86 |                 .setRetryHandler(postRequestHandler)
 87 |                 .setDefaultRequestConfig(config).build()
 88 |     }
 89 |     else {
 90 |         client = HttpClientBuilder.create()
 91 |                 .setDefaultRequestConfig(config).build();
 92 |     }
 93 | 
 94 |     HttpPost httpPost = new HttpPost(uri)
 95 | 
 96 |     httpPost.addHeader("content-type", "application/json")
 97 |     HashMap resultMap = new HashMap()
 98 | 
 99 |     try {
100 |         //Logger.getLogger("com.redhat.Utils").log(Level.INFO, "requestJsonString: ${requestJsonString}")
101 |         httpPost.setEntity(new StringEntity(requestJsonString))
102 |         CloseableHttpResponse response = client.execute(httpPost)
103 | 
104 | 
105 |         BufferedReader bufferedReader = new BufferedReader(new InputStreamReader(response.getEntity().getContent()))
106 |         String jsonResponse = bufferedReader.getText()
107 |         // No longer need the reader or the response
108 |         bufferedReader.close()
109 |         response.close()
110 |         /* The JsonSluperClassic must be used vs JsonSlurper
111 |          * since it returns a LazyMap which is not serializable.
112 |          */
113 |         //Logger.getLogger("com.redhat.Utils").log(Level.INFO, "jsonResponse: ${jsonResponse}")
114 |         Logger.getLogger("com.redhat.Utils").log(Level.INFO, ">>>>>>>> BEFORE PARSER <<<<<<<<<")
115 |         JsonSlurperClassic parser = new JsonSlurperClassic()
116 | 
117 |         Object result = parser.parseText(jsonResponse)
118 |         parser = null
119 |         jsonResponse = null
120 | 
121 |         /** TODO: Maybe add an argument to specify the key
122 |          * TODO: that will represent the ArrayList value
123 |          */
124 |         if( result instanceof ArrayList) {
125 |             return (HashMap) [errors: result]
126 |         }
127 | 
128 |         return (HashMap) result
129 |     }
130 |     catch (IOException ioe) {
131 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, ioe.toString())
132 |         throw ioe
133 |     }
134 |     catch (ClientProtocolException cpe) {
135 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, cpe.toString())
136 |         throw cpe
137 |     }
138 |     catch (Exception e) {
139 |         Logger.getLogger("com.redhat.Utils").log(Level.SEVERE, e.toString())
140 |         throw e
141 |     }
142 |     finally {
143 |         client.close()
144 |     }
145 | }
146 | 


--------------------------------------------------------------------------------
/tests/README.md:
--------------------------------------------------------------------------------
 1 | ### Pipeline Library Testing
 2 | 
 3 | #### tests/jobs
 4 | 
 5 | ##### Mock Pipelines
 6 | 
 7 | - mockHealthCheck.groovy - Tests the vars/containerZoneHealthCheck.groovy function
 8 | - mockPipeline.groovy - Tests all the vars/containerZone.groovy functions
 9 | - mockPublish.groovy - Tests the vars/containerZonePublish.groovy function
10 | - mockRebuild.groovy - Job to be called by mockHealthCheck
11 | - mockScan.groovy - Tests the vars/containerZoneScan.groovy function
12 | 
13 | #### tests/jobs/__files/
14 | 
15 | `test.py` - This python script uses `tests.yml` to iterate through the mock pipelines to test each var function.
16 | ##### requirements
17 | 
18 | - Jenkins
19 |     - pipeline job named `mock` to copy and replace the `scriptPath`
20 |     - Username/password credential with the id of `ContainerZone`
21 |         - The `username` will be the Container Zone project id (pid)
22 |         - The `password` will be the Container Zone project `secret`
23 |     - Required plugins see [plugins.txt](../jenkins/plugins.txt)
24 |     - This global pipeline library configured with the name `Utils`
25 | - OpenShift Project
26 |     - [openshift-wiremock project](https://github.com/jcpowermac/openshift-wiremock)
27 |     - OpenShift generic secret named `containerzone` with one parameter named `secret`
28 | - Local
29 |     - `pip install python-jenkins wiremock PyYAML`
30 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/publish-200-error.json:
--------------------------------------------------------------------------------
1 | ["Image not found"]
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/publish-200-publish.json:
--------------------------------------------------------------------------------
1 | {
2 |     "publish": {
3 |         "success": true,
4 |         "timestamp": 1496174096,
5 |         "published_url": "https://nowhere"
6 |     }
7 | }
8 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/publish-200-unable.json:
--------------------------------------------------------------------------------
1 | {"errors":["Unable to publish container."]}
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/publish-401-error.json:
--------------------------------------------------------------------------------
1 | ["Missing required argument pid"]
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/scanResults-200-error.json:
--------------------------------------------------------------------------------
1 | {"errors":["No scan results found for project."]}
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/scanResults-401-error.json:
--------------------------------------------------------------------------------
1 | ["Missing required argument pid"]
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/status-200-error.json:
--------------------------------------------------------------------------------
1 | {"errors":["No status found for project."]}
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/status-200-mand.json:
--------------------------------------------------------------------------------
1 | {
2 |     "rebuild": "mandatory",
3 |     "grade": "C",
4 |     "start_date": "20161016T05:32:00.000-0400",
5 |     "end_date": "20170318T05:32:00.000-0400",
6 |     "creation_date": "20170215T08:19:43.625-0500"
7 | }
8 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/status-200-none.json:
--------------------------------------------------------------------------------
1 | {
2 |     "rebuild": "none"
3 | }
4 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/status-200-recommend.json:
--------------------------------------------------------------------------------
1 | {
2 |     "rebuild": "recommended",
3 |     "grade": "B",
4 |     "start_date": "20161016T05:32:00.000-0400",
5 |     "end_date": "20170318T05:32:00.000-0400",
6 |     "creation_date": "20170215T08:19:43.625-0500"
7 | }
8 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/status-401-error.json:
--------------------------------------------------------------------------------
1 | ["Missing required argument pid"]
2 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/test.py:
--------------------------------------------------------------------------------
 1 | #!/usr/bin/python
 2 | 
 3 | import jenkins
 4 | import xml.etree.ElementTree as ET
 5 | import pprint
 6 | import yaml
 7 | from time import sleep
 8 | from wiremock.constants import Config
 9 | from wiremock.client import *
10 | 
11 | # *** VERY IMPORTANT ***
12 | # DO NOT ADD A TRAILING SLASH / on __admin/
13 | # MUST BE __admin
14 | 
15 | Config.base_url = 'http://wiremock.router.default.svc.cluster.local/__admin'
16 | 
17 | def find_id_endpoint(all_mappings, endpoint):
18 | 
19 |     for mapping in all_mappings.mappings:
20 |         try:
21 |             if endpoint in mapping.request.url_path:
22 |                 return mapping.id
23 |         except:
24 |             pass
25 |     return None
26 | 
27 | 
28 | def create_job(job_config, server, t):
29 |     xml = ET.fromstring(job_config)
30 |     sp = xml.find('./definition/scriptPath')
31 |     sp.text = 'tests/jobs/%s.groovy' % t['jobname']
32 | 
33 |     server.create_job(t['jobname'], ET.tostring(xml))
34 | 
35 | 
36 | def main():
37 | 
38 |     pp = pprint.PrettyPrinter(indent=4)
39 |     endpoint_id_mapping = {}
40 |     server = jenkins.Jenkins('http://10.53.252.84:8080', username='admin', password='admin')
41 | 
42 |     job_config = server.get_job_config("mock")
43 |     all_mappings = Mappings.retrieve_all_mappings()
44 |     with open("tests.yml", 'r') as stream:
45 |         api_responses = yaml.load(stream)
46 | 
47 |     for t in api_responses['tests']:
48 |         id = endpoint_id_mapping.get(t['endpoint'])
49 |         if not id:
50 |             id = find_id_endpoint(all_mappings, t['endpoint'])
51 |             create_job(job_config, server, t)
52 |             endpoint_id_mapping[t['endpoint']] = id
53 | 
54 |         mapping = Mappings.retrieve_mapping(id)
55 |         mapping.response.status = t['status']
56 |         mapping.response.body_file_name = t['filename']
57 |         Mappings.update_mapping(mapping)
58 | 
59 |         next_build_number = server.get_job_info(t['jobname'])['nextBuildNumber']
60 |         server.build_job(t['jobname'])
61 | 
62 |         while True:
63 |             sleep(10)
64 |             build_info = server.get_build_info(t['jobname'], next_build_number)
65 |             if not build_info['building']:
66 |                 print "scenario: %s\nstatus: %d\nfilename: %s" % (t['name'], t['status'], t['filename'])
67 |                 pp.pprint(build_info)
68 |                 break
69 | 
70 | if __name__ == '__main__':
71 |     main()
72 | 


--------------------------------------------------------------------------------
/tests/jobs/__files/tests.yml:
--------------------------------------------------------------------------------
 1 | ---
 2 | tests:
 3 | - name: publish with 200 error
 4 |   filename: publish-200-error.json
 5 |   endpoint: publish
 6 |   status: 200
 7 |   jobname: mockPublish
 8 | - name: publish with 200 publish
 9 |   filename: publish-200-publish.json
10 |   endpoint: publish
11 |   status: 200
12 |   jobname: mockPublish
13 | - name: publish with 200 error unable to publish
14 |   filename: publish-200-unable.json
15 |   endpoint: publish
16 |   status: 200
17 |   jobname: mockPublish
18 | - name: publish 401 error
19 |   filename: publish-401-error.json
20 |   endpoint: publish
21 |   status: 401
22 |   jobname: mockPublish
23 | - name: scanResults with 200 error
24 |   filename: scanResults-200-error.json
25 |   endpoint: scanResults
26 |   status: 200
27 |   jobname: mockScan
28 | - name: scanResults with 401 error
29 |   filename: scanResults-401-error.json
30 |   endpoint: scanResults
31 |   status: 401
32 |   jobname: mockScan
33 | - name: status with 200 error
34 |   filename: status-200-error.json
35 |   endpoint: status
36 |   status: 200
37 |   jobname: mockHealthCheck
38 | - name: status with rebuild mandatory
39 |   filename: status-200-mand.json
40 |   endpoint: status
41 |   status: 200
42 |   jobname: mockHealthCheck
43 | - name: status with rebuild none
44 |   filename: status-200-none.json
45 |   endpoint: status
46 |   status: 200
47 |   jobname: mockHealthCheck
48 | - name: status with rebuild recommended
49 |   filename: status-200-recommend.json
50 |   endpoint: status
51 |   status: 200
52 |   jobname: mockHealthCheck
53 | - name: status with 401 error
54 |   filename: status-401-error.json
55 |   endpoint: status
56 |   status: 401
57 |   jobname: mockHealthCheck
58 | 


--------------------------------------------------------------------------------
/tests/jobs/mockHealthCheck.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | @Library('Utils')
 3 | import com.redhat.*
 4 | 
 5 | /** This pipeline job uses wiremock to test the vars associated with
 6 |  * the Container Zone.
 7 |  * see https://github.com/jcpowermac/openshift-wiremock
 8 |  */
 9 | 
10 | 
11 | node {
12 |     def jobParameters = new JenkinsUtils().createJobParameters([name: "foo"])
13 |     def jobName = "mockRebuild"
14 | 
15 |     containerZoneHealthCheck {
16 |         uri = "http://wiremock.router.default.svc.cluster.local"
17 |         credentialsId = "ContainerZone"
18 |         rebuildJobName = jobName
19 |         rebuildJobParameters = jobParameters
20 |     }
21 | }
22 | 


--------------------------------------------------------------------------------
/tests/jobs/mockPipeline.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | @Library('Utils')
 3 | import com.redhat.*
 4 | 
 5 | /** This pipeline job uses wiremock to test the vars associated with
 6 |  * the Container Zone.
 7 |  * see https://github.com/jcpowermac/openshift-wiremock
 8 |  */
 9 | 
10 | 
11 | node {
12 | 
13 |     def jobParameters = new JenkinsUtils().createJobParameters([name: "foo"])
14 |     def jobName = "mockRebuild"
15 | 
16 |     containerZoneScan {
17 |         uri = "http://wiremock.router.default.svc.cluster.local"
18 |         credentialsId = "ContainerZone"
19 |         openShiftUri = "insecure://wiremock-ssl.router.default.svc.cluster.local"
20 |         imageName = "starter-arbitrary-uid"
21 |         imageTag = "1.0"
22 |     }
23 | 
24 |     containerZoneHealthCheck {
25 |         uri = "http://wiremock.router.default.svc.cluster.local"
26 |         credentialsId = "ContainerZone"
27 |         rebuildJobName = jobName
28 |         rebuildJobParameters = jobParameters
29 |     }
30 | 
31 |     containerZonePublish {
32 |         uri = "http://wiremock.router.default.svc.cluster.local"
33 |         credentialsId = "ContainerZone"
34 |         openShiftUri = "insecure://wiremock-ssl.router.default.svc.cluster.local"
35 |         imageName = "starter-arbitrary-uid"
36 |         imageTag = "1.0"
37 |     }
38 | }
39 | 


--------------------------------------------------------------------------------
/tests/jobs/mockPublish.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | @Library('Utils')
 3 | import com.redhat.*
 4 | 
 5 | /** This pipeline job uses wiremock to test the vars associated with
 6 |  * the Container Zone.
 7 |  * see https://github.com/jcpowermac/openshift-wiremock
 8 |  */
 9 | 
10 | node {
11 |     containerZonePublish {
12 |         uri = "http://wiremock.router.default.svc.cluster.local"
13 |         credentialsId = "ContainerZone"
14 |         openShiftUri = "insecure://wiremock-ssl.router.default.svc.cluster.local"
15 |         imageName = "starter-arbitrary-uid"
16 |         imageTag = "1.0"
17 |     }
18 | }
19 | 


--------------------------------------------------------------------------------
/tests/jobs/mockRebuild.groovy:
--------------------------------------------------------------------------------
1 | #!groovy
2 | 
3 | node {
4 |     println("In mockRebuild")
5 | }
6 | 


--------------------------------------------------------------------------------
/tests/jobs/mockScan.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | @Library('Utils')
 3 | import com.redhat.*
 4 | 
 5 | /** This pipeline job uses wiremock to test the vars associated with
 6 |  * the Container Zone.
 7 |  * see https://github.com/jcpowermac/openshift-wiremock
 8 |  */
 9 | 
10 | 
11 | node {
12 |     containerZoneScan {
13 |         uri = "http://wiremock.router.default.svc.cluster.local"
14 |         credentialsId = "ContainerZone"
15 |         openShiftUri = "insecure://wiremock-ssl.router.default.svc.cluster.local"
16 |         imageName = "starter-arbitrary-uid"
17 |         imageTag = "1.0"
18 |     }
19 | }
20 | 


--------------------------------------------------------------------------------
/tests/jobs/postUrlJob.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | @Library('Utils')
 4 | import com.redhat.*
 5 | 
 6 | 
 7 | node {
 8 | 
 9 |     def registrySecret = "${secret}"
10 | 
11 |     def jobParameters = new JenkinsUtils().createJobParameters([name: "foo"])
12 | 
13 | 
14 |     rebuildImage {
15 |         pid = "p17633880910e488f5949aab3ad76cd4317542a7a06"
16 |         secret = registrySecret
17 |         rebuildJobName = "foo"
18 |         rebuildJobParameters = jobParameters
19 |     }
20 | }


--------------------------------------------------------------------------------
/tests/one/Dockerfile:
--------------------------------------------------------------------------------
1 | FROM centos
2 | 
3 | # This is just a temp example...
4 | RUN yum install -y vim wget
5 | 
6 | CMD exit 0
7 | 


--------------------------------------------------------------------------------
/tests/two/Dockerfile.rhel7:
--------------------------------------------------------------------------------
1 | FROM registry.access.redhat.com/rhel7 
2 | 
3 | # This is just a temp example...
4 | RUN yum install -y vim wget
5 | 
6 | CMD tail -f /dev/null
7 | 


--------------------------------------------------------------------------------
/vars/README.md:
--------------------------------------------------------------------------------
1 | This directory contains a library of functions that may be used in pipeline scripts. See the `examples` directory.
2 | 


--------------------------------------------------------------------------------
/vars/containerZoneHealthCheck.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | import com.redhat.*
 4 | 
 5 | def call(Closure body) {
 6 |     def config = [:]
 7 |     body.resolveStrategy = Closure.DELEGATE_FIRST
 8 |     body.delegate = config
 9 |     body()
10 | 
11 |     String uri = "https://connect.redhat.com"
12 |     String path = "/api/container/status"
13 |     String url = uri + path
14 | 
15 |     if (config.get('uri')) {
16 |         url = config.uri + path
17 |     }
18 | 
19 |     withCredentials([[$class          : 'UsernamePasswordMultiBinding', credentialsId: "${config.credentialsId}",
20 |                       usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
21 |         stage('Check Container Status') {
22 |             def json = new groovy.json.JsonBuilder()
23 |             def root = json secret: env.PASSWORD, pid: env.USERNAME
24 |             def jsonString = json.toString()
25 |             // No longer needed remove since JsonBuilder is not serializable
26 |             root = null
27 |             json = null
28 | 
29 |             def results = new Utils().postUrl(url, jsonString, true)
30 | 
31 |             println("DEBUG: Container Status Results: ${results}")
32 | 
33 |             if (results.containsKey("errors")) {
34 |                 println(results.errors)
35 |                 currentBuild.result = 'FAILURE'
36 |             } else if (results.containsKey("rebuild")) {
37 |                 if (results.rebuild == "none") {
38 |                     println("Rebuild is not necessary at this time.")
39 |                 } else if (results.rebuild == "recommended") {
40 |                     println("The rebuild status is ${results.rebuild} and freshness grade: ${results.grade}")
41 | 
42 |                 } else if (results.rebuild == "mandatory") {
43 |                     println("The rebuild status is ${results.rebuild} and freshness grade: ${results.grade}")
44 |                     if (config.get('rebuildJobName')) {
45 |                         build job: config['rebuildJobName'],
46 |                                 parameters: config['rebuildJobParameters']
47 |                     }
48 |                 } else {
49 |                     error "ERROR Unknown response from container status: ${results}"
50 |                     currentBuild.result = 'FAILURE'
51 |                 }
52 |             }
53 |         }
54 |     }
55 | }
56 | 


--------------------------------------------------------------------------------
/vars/containerZonePublish.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | import com.cloudbees.groovy.cps.NonCPS
 4 | import com.redhat.*
 5 | 
 6 | def call(Closure body) {
 7 |     def config = [:]
 8 |     body.resolveStrategy = Closure.DELEGATE_FIRST
 9 |     body.delegate = config
10 |     body()
11 | 
12 |     def dockerImageDigest = null
13 |     //def results = null
14 | 
15 |     String uri = "https://connect.redhat.com"
16 |     String path = "/api/container/publish"
17 |     String url = uri + path
18 | 
19 |     if( config.get('uri') ) {
20 |         url = config.uri + path
21 |     }
22 | 
23 |     withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "${config.credentialsId}",
24 |                       usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
25 | 
26 |         /** Retrieve the docker image digest from the Red Hat Connect
27 |          * OpenShift environment - which will be used with the scanning API.
28 |          */
29 |         stage('Retrieve Docker Digest') {
30 |             openshift.withCluster( config.openShiftUri, env.PASSWORD ) {
31 |                 openshift.withProject( env.USERNAME ) {
32 |                     def istagobj = openshift.selector( "istag/${config.imageName}:${config.imageTag}" ).object()
33 |                     dockerImageDigest = istagobj.image.metadata.name
34 |                 }
35 |             }
36 |         }
37 |         /** Create the payload and wait for results to be returned from
38 |          * the API.  Once the certifications key is available break out of the loop
39 |          * and continue.
40 |          */
41 |         stage('Wait for scan') {
42 |             def json = new groovy.json.JsonBuilder()
43 |             def root = json secret: env.PASSWORD, pid: env.USERNAME, docker_image_digest: dockerImageDigest
44 |             def jsonString = json.toString()
45 |             json = null
46 |             root = null
47 |             HashMap results = new Utils().postUrl(url, jsonString, true)
48 | 
49 |             if (results.containsKey("publish")) {
50 |                 if (results.publish.containsKey("success")){
51 |                     if (results.publish.success) {
52 |                         currentBuild.result = 'SUCCESS'
53 |                     }
54 |                 }
55 |             }
56 |             else if (results.containsKey("errors")) {
57 |                 if (results.errors instanceof ArrayList) {
58 |                     error "${results.errors}"
59 |                 }
60 |                 else {
61 |                     printErrorCriteria(results.errors.criteria)
62 |                 }
63 |                 currentBuild.result = 'FAILURE'
64 |             }
65 |             else {
66 |                 println("Unknown response")
67 |             }
68 |         }
69 |     }
70 | }
71 | 
72 | /** sortPrintScanResults
73 |  * Extracts the required and optional items for certification.
74 |  * Determines if there are any items that failed in the required scanning
75 |  * @param results
76 |  * @return boolean
77 |  */
78 | @NonCPS
79 | void printErrorCriteria(def results) {
80 |     results.fail.each {
81 |         println("FAILED - Please Review: ${it.label}\n${it.url}")
82 |     }
83 | }
84 | 
85 | 


--------------------------------------------------------------------------------
/vars/containerZoneScan.groovy:
--------------------------------------------------------------------------------
  1 | #!groovy
  2 | 
  3 | import com.cloudbees.groovy.cps.NonCPS
  4 | import com.redhat.*
  5 | 
  6 | def call(Closure body) {
  7 |     def config = [:]
  8 |     body.resolveStrategy = Closure.DELEGATE_FIRST
  9 |     body.delegate = config
 10 |     body()
 11 | 
 12 |     def dockerImageDigest = null
 13 |     def results = null
 14 | 
 15 |     def uri = "https://connect.redhat.com"
 16 |     def path = "/api/container/scanResults"
 17 |     def url = uri + path
 18 | 
 19 |     if( config.get('uri') ) {
 20 |         url = config.uri + path
 21 |     }
 22 | 
 23 | 
 24 |     println(url)
 25 |     withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "${config.credentialsId}",
 26 |                       usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
 27 | 
 28 |         /** Retrieve the docker image digest from the Red Hat Connect
 29 |          * OpenShift environment - which will be used with the scanning API.
 30 |          */
 31 |         stage('Retrieve Docker Digest') {
 32 |             openshift.withCluster( config.openShiftUri, env.PASSWORD ) {
 33 |                 openshift.withProject( env.USERNAME ) {
 34 |                     def istagobj = openshift.selector( "istag/${config.imageName}:${config.imageTag}" ).object()
 35 |                     dockerImageDigest = istagobj.image.metadata.name
 36 |                 }
 37 |             }
 38 |         }
 39 |         /** Create the payload and wait for results to be returned from
 40 |          * the API.  Once the certifications key is available break out of the loop
 41 |          * and continue.
 42 |          */
 43 |         stage('Wait for scan') {
 44 |             def json = new groovy.json.JsonBuilder()
 45 |             def root = json secret: env.PASSWORD, pid: env.USERNAME, docker_image_digest: dockerImageDigest
 46 |             def jsonString = json.toString()
 47 |             json = null
 48 |             root = null
 49 | 
 50 |             timeout(30) {
 51 |                 waitUntil {
 52 |                     results = new Utils().postUrl(url, jsonString, true)
 53 | 
 54 |                     if (results.containsKey("certifications")) {
 55 |                         return true
 56 |                     } else if( results.containsKey("errors")) {
 57 |                         currentBuild.result = 'FAILURE'
 58 |                         error "${results.errors}"
 59 |                     }
 60 |                     else return false
 61 |                 }
 62 |             }
 63 | 
 64 |             currentBuild.result = 'SUCCESS'
 65 |             if( sortPrintScanResults(results["certifications"][0]["assessment"]) ) {
 66 |                 currentBuild.result = 'FAILURE'
 67 |             }
 68 |         }
 69 |     }
 70 | }
 71 | 
 72 | /** sortPrintScanResults
 73 |  * Extracts the required and optional items for certification.
 74 |  * Determines if there are any items that failed in the required scanning
 75 |  * @param results
 76 |  * @return boolean
 77 |  */
 78 | @NonCPS
 79 | def sortPrintScanResults(def results) {
 80 |     def requiredForCert = results.findAll{ it["required_for_certification"] }
 81 | 
 82 |     /** In the requiredForCert list findall items in the dictionary with the
 83 |      * key 'value' that is false.  Calculate the size as a boolean value.
 84 |      */
 85 |     def failed = requiredForCert.findAll( { !it.value } ).size().asBoolean()
 86 |     def optional = results.findAll{ !it["required_for_certification"] }
 87 | 
 88 |     printScanResults(requiredForCert)
 89 |     printScanResults(optional)
 90 | 
 91 |     return failed
 92 | }
 93 | 
 94 | @NonCPS
 95 | def printScanResults(def results) {
 96 |     results.each {
 97 |         String name = it.name.replaceAll('_', ' ').minus(" exists").capitalize()
 98 |         println("${name}: ${it.value ? "PASSED" : "FAILED"}")
 99 |     }
100 | }
101 | 


--------------------------------------------------------------------------------
/vars/createDockerCfgJenkinsCredential.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | import com.redhat.*
 4 | 
 5 | /** createDockerCfgJenkinsCredential
 6 |  * Required:
 7 |  * secretName
 8 |  *
 9 |  * @param body
10 |  * @return
11 |  */
12 | def call(Closure body) {
13 |     def config = [:]
14 |     body.resolveStrategy = Closure.DELEGATE_FIRST
15 |     body.delegate = config
16 |     body()
17 | 
18 |     stage('Retrieve DockerCfg OpenShift and Create in Jenkins') {
19 |         openshift.withCluster() {
20 |             def secret = openshift.selector( "secret/${config.secretName}" ).object()
21 |             new JenkinsUtils().createCredentialsFromOpenShiftDockerCfg(secret, "${config.secretName}")
22 |         }
23 |     }
24 | }
25 | 


--------------------------------------------------------------------------------
/vars/dockerBuildPush.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | /** dockerBuildPush
 4 |  * Required:
 5 |  * credentialsId
 6 |  * contextDir
 7 |  * imageName
 8 |  * imagetag
 9 |  *
10 |  * Optional:
11 |  * testJobName
12 |  * testJobParameters
13 |  *
14 |  * @param body
15 |  * @return
16 |  */
17 | def call(Closure body) {
18 |     def config = [:]
19 |     body.resolveStrategy = Closure.DELEGATE_FIRST
20 |     body.delegate = config
21 |     body()
22 |     
23 |     def image = null
24 | 
25 |     withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "${config.credentialsId}" , usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD']]) {
26 |         docker.withRegistry('https://registry.rhc4tp.openshift.com', "${config.credentialsId}" ) {
27 |             stage('Build Docker Image') {
28 |                 dir("${config.contextDir}") {
29 |                     image = docker.build("${env.USERNAME}/${config.imageName}:${config.imageTag}")
30 |                 }
31 |             }
32 | 
33 |             if( config.get('testJobName') ) {
34 |                 stage('Run ${config.testJobName}'){
35 |                     build job: config.testJobName,
36 |                             parameters: config.testJobParameters
37 |                 }
38 |             }
39 | 
40 |             stage('Push Image') {
41 |                 image.push()
42 |             }
43 |         }
44 |     }
45 | }
46 | 


--------------------------------------------------------------------------------
/vars/getImageStreamRepo.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | def call(String imageStreamName) {
 4 |     stage('OpenShift Get ImageStream') {
 5 |         openshift.withCluster() {
 6 |             openshift.withProject() {
 7 |                 try {
 8 |                     def is = openshift.selector("is/${imageStreamName}").object()
 9 |                     String imageStream = "${is.metadata.namespace}/${is.metadata.name}"
10 |                     HashMap isMap = [dockerImageRepository: is.status.dockerImageRepository,
11 |                                      imageStream: imageStream]
12 |                     return isMap
13 |                 }
14 |                 catch(all) {
15 |                     currentBuild.result = 'FAILURE'
16 |                 }
17 |             }
18 |         }
19 |     }
20 | }
21 | 


--------------------------------------------------------------------------------
/vars/newBuildOpenShift.groovy:
--------------------------------------------------------------------------------
  1 | #!groovy
  2 | import groovy.json.JsonSlurperClassic
  3 | 
  4 | import java.util.UUID
  5 | 
  6 | def call(Closure body) {
  7 |     def config = [:]
  8 |     body.resolveStrategy = Closure.DELEGATE_FIRST
  9 |     body.delegate = config
 10 |     body()
 11 | 
 12 |     def newBuild = null
 13 |     def buildConfig = null
 14 |     def builds = null
 15 |     def newBuildObjectNames = null
 16 |     String contextDir = config['contextDir'] ?: ""
 17 |     String image = ""
 18 |     String name = config['name'] ?: ""
 19 |     String imageStream = ""
 20 |     String baseImageStreamName = ""
 21 |     String strategy = ""
 22 | 
 23 |     if(config['image']) {
 24 |         image = "${config.image}~"
 25 |     }
 26 | 
 27 |     if(config['imageStream']) {
 28 |         imageStream = "--image-stream=${config.imageStream}"
 29 |     }
 30 | 
 31 |     if(config['randomName']) {
 32 |         name = UUID.randomUUID().toString()
 33 |         if(name[0].isNumber()) {
 34 |             name = name.replaceAll(name[0], 'a')
 35 |         }
 36 |     }
 37 | 
 38 |     def deleteBuild = config['deleteBuild'] ?: false
 39 | 
 40 |     stage("${name} - OpenShift Build") {
 41 |         openshift.withCluster() {
 42 |             openshift.withProject() {
 43 |                 Boolean buildConfigExists = false
 44 | 
 45 |                 try {
 46 |                     buildConfig = openshift.selector('buildconfig', name)
 47 |                     buildConfigExists = buildConfig.exists()
 48 |                 }
 49 |                 catch (err) {
 50 |                     // This resolves an error that will occur if using 3.4.x oc binary
 51 |                     buildConfigExists = false
 52 |                 }
 53 | 
 54 | 
 55 |                 try {
 56 |                     def buildConfigName = null
 57 | 
 58 | 
 59 |                     /* If the OpenShift oc new-build command is ran in succession it can cause a
 60 |                      * race if the base imagestream does not already exist.  In normal situations
 61 |                      * this is not a problem but in Jenkins when multiple jobs could be occurring
 62 |                      * simultaneously this will happen.  Adding a lock in this section resolves
 63 |                      * that issue.
 64 |                      */
 65 | 
 66 |                     lock(resource: 'openshift.newBuild', inversePrecedence: true) {
 67 |                         /* Use oc new-build to build the image using the clone_url and ref
 68 |                          * TODO: Determine a method to new-build with a "Dockerfile" with a
 69 |                          * TODO: different filename e.g. Dockerfile.rhel7.
 70 |                          */
 71 | 
 72 |                         if(buildConfigExists) {
 73 |                             /* With the 3.4 oc binary this will not function */
 74 |                             buildConfig.startBuild()
 75 |                         }
 76 |                         else {
 77 |                             newBuildRaw = openshift.raw("-o json",
 78 |                                     "new-build", "${image}${config.url}#${config.branch}",
 79 |                                     "--name=${name}",
 80 |                                     "--context-dir=${contextDir}",
 81 |                                     "${imageStream}", "--dry-run")
 82 | 
 83 |                             baseImageStreamName = findBaseImageStream((String)(name), (String)(newBuildRaw.out))
 84 | 
 85 |                             if (openshift.selector('is', baseImageStreamName).exists()) {
 86 |                                 println("openshift.project()")
 87 |                                 image = "${openshift.project()}/${baseImageStreamName}~"
 88 |                                 strategy = "--strategy=docker"
 89 |                             }
 90 | 
 91 |                             newBuild = openshift.newBuild("${image}${config.url}#${config.branch}",
 92 |                                     "--name=${name}",
 93 |                                     "--context-dir=${contextDir}",
 94 |                                     "${imageStream}",
 95 |                                     "${strategy}")
 96 |                             echo "newBuild created: ${newBuild.count()} objects : ${newBuild.names()}"
 97 | 
 98 |                             buildConfig = newBuild.narrow("bc")
 99 |                         }
100 |                         buildConfigName = buildConfig.object().metadata.name
101 | 
102 |                         builds = buildConfig.related("builds")
103 |                         timeout(5) {
104 |                             builds.watch {
105 |                                 if (it.count() == 0) {
106 |                                     return false
107 |                                 }
108 |                                 echo "Detected new builds created by buildconfig: ${it.names()}"
109 |                                 return true
110 |                             }
111 |                         }
112 |                     }
113 | 
114 |                     timeout(10) {
115 |                         builds.untilEach(1) {
116 |                             switch (it.object().status.phase) {
117 |                                 case "Complete":
118 |                                     return true
119 |                                 case "Error":
120 |                                     println("message: ${it.object().status.message}")
121 |                                     currentBuild.result = 'FAILURE'
122 |                                     return true
123 |                                 case "Failed":
124 |                                     println("message: ${it.object().status.message}")
125 |                                     currentBuild.result = 'FAILURE'
126 |                                     return true
127 |                                 default:
128 |                                     return false
129 |                             }
130 |                         }
131 |                     }
132 | 
133 | 
134 |                     if (newBuild) {
135 |                         newBuildObjectNames = newBuild.names()
136 |                     } else {
137 |                         newBuildObjectNames = ["bc/${buildConfigName}",
138 |                                                "is/${buildConfigName}"]
139 |                     }
140 | 
141 |                     return new HashMap([names: newBuildObjectNames, buildConfigName: buildConfigName])
142 |                 }
143 |                 catch(all) {
144 |                     println(all)
145 |                 }
146 |                 finally {
147 |                     if (buildConfig) {
148 |                         def result = buildConfig.logs()
149 | 
150 |                         if(deleteBuild) {
151 |                             newBuild.delete()
152 |                         }
153 |                         // After the build is complete clean up the builds
154 |                         builds.delete()
155 |                     }
156 |                 }
157 |             }
158 |         }
159 |     }
160 | }
161 | 
162 | @NonCPS
163 | String findBaseImageStream(String name, String newBuildRawOutput) {
164 |     String baseImageStreamName = ""
165 |     JsonSlurperClassic parser = new JsonSlurperClassic()
166 | 
167 |     HashMap newBuildMap = (HashMap) parser.parseText(newBuildRawOutput)
168 |     parser = null
169 | 
170 |     for (item in newBuildMap["items"]) {
171 |         if( item.kind == 'ImageStream') {
172 |             if (item["metadata"]["name"] != name) {
173 |                 baseImageStreamName = item["metadata"]["name"]
174 |             }
175 |         }
176 |     }
177 |     return baseImageStreamName
178 | }
179 | 


--------------------------------------------------------------------------------
/vars/runOpenShift.groovy:
--------------------------------------------------------------------------------
 1 | #!groovy
 2 | 
 3 | def call(Closure body) {
 4 |     def config = [:]
 5 |     body.resolveStrategy = Closure.DELEGATE_FIRST
 6 |     body.delegate = config
 7 |     body()
 8 | 
 9 |     def pod = null
10 |     def podObject = null
11 |     boolean deletePod = config['deletePod'] ?: false
12 |     def args = []
13 | 
14 | 
15 |     String podName = config['name'] ?: ""
16 |     /* The name of the pod must be alphanumeric lowercase with a hyphen or period */
17 |     //def podName = config['branch'].replaceAll('_','-').toLowerCase()
18 | 
19 |     args << "${podName}"
20 |     args << "--image=${config.image}"
21 |     args << "--restart=Never"
22 |     args << "--image-pull-policy=Always"
23 | 
24 |     if(config['env']) {
25 |         /* BUG: config.env.each works but only
26 |          * iterated through the first item in the list
27 |          * DO NOT USE [].each
28 |          */
29 |         for(env in config.env) {
30 |             args << "--env=\"${env}\""
31 |             println(env)
32 |         }
33 |     }
34 | 
35 |     stage('OpenShift Run') {
36 |         openshift.withCluster() {
37 |             openshift.withProject() {
38 |                 try {
39 | 
40 |                     openshift.run(args)
41 |                     pod = openshift.selector("pod/${podName}")
42 | 
43 |                     timeout(10) {
44 |                         pod.watch {
45 |                             podObject = it.object()
46 |                             if (podObject.status.phase == 'Running' || podObject.status.phase == 'Succeeded' || podObject.status.phase == 'Failed') {
47 |                                 return true
48 |                             } else {
49 |                                 return false
50 |                             }
51 |                         }
52 |                     }
53 |                 }
54 |                 finally {
55 |                     if (pod) {
56 |                         podObject = pod.object()
57 |                         def result = pod.logs()
58 |                         //def exitCode = podObject.status.containerStatuses[0].state.terminated.exitCode
59 |                         echo "status: ${result.status}"
60 |                         echo "output: ${result.out}"
61 | 
62 |                         if (deletePod) {
63 |                             pod.delete()
64 |                         }
65 |                     }
66 |                 }
67 |             }
68 |         }
69 |     }
70 | }
71 | 


--------------------------------------------------------------------------------