diff --git a/Makefile b/Makefile index eb58b3291..73a0131a7 100644 --- a/Makefile +++ b/Makefile @@ -4,7 +4,7 @@ .PHONY: help deps clean build test fmt lint package asup dev fetch-asup ci SHELL := /bin/bash -REQUIRED_GO_VERSION := 1.22 +REQUIRED_GO_VERSION := 1.23 GOLANGCI_LINT_VERSION := latest GOVULNCHECK_VERSION := latest ifneq (, $(shell which go)) @@ -40,6 +40,9 @@ ifneq (,$(wildcard $(HARVEST_ENV))) export $(shell sed '/^\#/d; s/=.*//' $(HARVEST_ENV)) endif +# FIPS flag +FIPS ?= 0 + help: ## Display this help @awk 'BEGIN {FS = ":.*##"; printf "\nUsage:\n make \033[36m\033[0m\n\nTargets:\n"} /^[a-zA-Z_-]+:.*?##/ { printf " \033[36m%-11s\033[0m %s\n", $$1, $$2 }' $(MAKEFILE_LIST) @@ -100,9 +103,13 @@ all: package ## Build, Test, Package harvest: deps @mkdir -p bin @# Build the harvest and poller cli +ifeq ($(FIPS), 1) + @echo "Building with BoringCrypto (FIPS compliance)" + GOEXPERIMENT=boringcrypto GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=1 go build -trimpath -tags boringcrypto -o bin -ldflags=$(LD_FLAGS) ./cmd/harvest ./cmd/poller +else @echo "Building" @GOOS=$(GOOS) GOARCH=$(GOARCH) CGO_ENABLED=$(CGO_ENABLED) go build -trimpath -o bin -ldflags=$(LD_FLAGS) ./cmd/harvest ./cmd/poller - +endif @cp service/contrib/grafana bin; chmod +x bin/grafana ############################################################################### @@ -131,7 +138,7 @@ asup: else\ git clone -b ${BRANCH} https://${GIT_TOKEN}@github.com/NetApp/harvest-private.git ${ASUP_TMP};\ fi - @cd ${ASUP_TMP}/harvest-asup && CGO_ENABLED=0 make ${ASUP_MAKE_TARGET} VERSION=${VERSION} RELEASE=${RELEASE} + @cd ${ASUP_TMP}/harvest-asup && make ${ASUP_MAKE_TARGET} VERSION=${VERSION} RELEASE=${RELEASE} FIPS=${FIPS} @mkdir -p ${CURRENT_DIR}/autosupport @cp ${ASUP_TMP}/harvest-asup/bin/asup ${CURRENT_DIR}/autosupport diff --git a/cmd/harvest/fips.go b/cmd/harvest/fips.go new file mode 100644 index 000000000..0635063dc --- /dev/null +++ b/cmd/harvest/fips.go @@ -0,0 +1,7 @@ +//go:build boringcrypto + +package main + +import ( + _ "crypto/tls/fipsonly" +) diff --git a/cmd/poller/fips.go b/cmd/poller/fips.go new file mode 100644 index 000000000..0635063dc --- /dev/null +++ b/cmd/poller/fips.go @@ -0,0 +1,7 @@ +//go:build boringcrypto + +package main + +import ( + _ "crypto/tls/fipsonly" +) diff --git a/container/onePollerPerContainer/Dockerfile b/container/onePollerPerContainer/Dockerfile index 0de92dd1f..b75554b18 100644 --- a/container/onePollerPerContainer/Dockerfile +++ b/container/onePollerPerContainer/Dockerfile @@ -9,6 +9,7 @@ ARG BUILD_DIR=/opt/home ARG VERSION=2.0 ARG RELEASE=nightly ARG ASUP_MAKE_TARGET=build +ARG FIPS=0 # Set the Current Working Directory inside the container WORKDIR $BUILD_DIR @@ -19,25 +20,35 @@ COPY . . RUN --mount=type=secret,id=git_token \ if [[ -n "$ASUP_MAKE_TARGET" && -f "/run/secrets/git_token" ]]; then \ - GIT_TOKEN=$(cat /run/secrets/git_token) && \ - make build asup VERSION=$VERSION RELEASE=$RELEASE ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET GIT_TOKEN=$GIT_TOKEN ; \ + make build asup VERSION=$VERSION RELEASE=$RELEASE ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET GIT_TOKEN=$(cat /run/secrets/git_token) FIPS=$FIPS ; \ else \ - make build VERSION=$VERSION RELEASE=$RELEASE BIN_PLATFORM=linux ;\ + make build VERSION=$VERSION RELEASE=$RELEASE BIN_PLATFORM=linux FIPS=$FIPS ;\ fi -RUN cp -a $BUILD_DIR/harvest.yml $INSTALL_DIR/harvest.yml.example - -RUN cp -aR bin $BUILD_DIR/conf $BUILD_DIR/grafana $BUILD_DIR/autosupport $BUILD_DIR/prom-stack.tmpl $INSTALL_DIR - -RUN cp -a $BUILD_DIR/container/onePollerPerContainer/docker-compose.tmpl $INSTALL_DIR/container/onePollerPerContainer - -RUN cp -aR $BUILD_DIR/container/prometheus $INSTALL_DIR/container/ +RUN cp -a $BUILD_DIR/harvest.yml $INSTALL_DIR/harvest.yml.example \ + && cp -aR bin $BUILD_DIR/conf $BUILD_DIR/grafana $BUILD_DIR/autosupport $BUILD_DIR/prom-stack.tmpl $INSTALL_DIR \ + && cp -a $BUILD_DIR/container/onePollerPerContainer/docker-compose.tmpl $INSTALL_DIR/container/onePollerPerContainer \ + && cp -aR $BUILD_DIR/container/prometheus $INSTALL_DIR/container/ + +# Create directories and conditionally copy .so files if FIPS is enabled +RUN mkdir -p /temp_libs/x86_64-linux-gnu /temp_libs/lib64 && \ + if [ "$FIPS" -eq "1" ]; then \ + cp /lib/x86_64-linux-gnu/libresolv.so.2 /temp_libs/x86_64-linux-gnu/ && \ + cp /lib/x86_64-linux-gnu/libpthread.so.0 /temp_libs/x86_64-linux-gnu/ && \ + cp /lib/x86_64-linux-gnu/libc.so.6 /temp_libs/x86_64-linux-gnu/ && \ + cp /lib64/ld-linux-x86-64.so.2 /temp_libs/lib64/; \ + fi FROM gcr.io/distroless/static-debian12:debug ARG INSTALL_DIR=/opt/harvest ENV HARVEST_DOCKER=yes COPY --from=builder $INSTALL_DIR $INSTALL_DIR + +# Conditionally copy .so files from builder stage if they exist +COPY --from=builder /temp_libs/x86_64-linux-gnu/ /lib/x86_64-linux-gnu/ +COPY --from=builder /temp_libs/lib64/ /lib64/ + WORKDIR $INSTALL_DIR ENTRYPOINT ["bin/poller"] \ No newline at end of file diff --git a/integration/Jenkinsfile b/integration/Jenkinsfile index 94894d5c2..d54b52d0d 100644 --- a/integration/Jenkinsfile +++ b/integration/Jenkinsfile @@ -12,6 +12,7 @@ pipeline { string(name: 'VERSION', defaultValue: '', description: 'Version') string(name: 'BRANCH', defaultValue: 'main', description: '[Optional] Branch name to clone. Default (main) ') string(name: 'DOCKER', defaultValue: '', description: 'http url of docker tar build or docker image') + string(name: 'DOCKER_FIPS', defaultValue: '', description: 'http url of fips complaint docker tar build or docker image') string(name: 'RPM', defaultValue: '', description: 'http url of rpm file') string(name: 'NATIVE', defaultValue: '', description: 'http url of native tar file') } @@ -19,7 +20,7 @@ pipeline { BUILD_ID="dontKillMe" JENKINS_NODE_COOKIE="dontKillMe" } - + stages { stage('Setup') { agent { @@ -150,7 +151,7 @@ pipeline { agent { label "docker" } - stages('Test on docker Pkg') { + stages('Test on Docker Pkg') { stage('Setup') { steps { printNodeInfo() @@ -162,7 +163,7 @@ pipeline { stage('Install Docker') { steps { sh ''' - echo "Installing" + echo "Installing Docker" curl -O $DOCKER && docker load -i docker_harvest.tar rm -rf $WORKSPACE/docker mkdir $WORKSPACE/docker @@ -172,9 +173,10 @@ pipeline { --entrypoint "bin/harvest" \ --volume "$(pwd):/opt/temp" \ --volume "$(pwd)/harvest.yml:/opt/harvest/harvest.yml" \ - ghcr.io/netapp/harvest \ + ghcr.io/netapp/harvest:latest \ generate docker full \ - --output harvest-compose.yml + --output harvest-compose.yml \ + --image ghcr.io/netapp/harvest:latest docker compose -f prom-stack.yml -f harvest-compose.yml up -d --remove-orphans sleep 1m INSTALL_DOCKER=1 bash $WORKSPACE/harvest/integration/test/test.sh @@ -205,6 +207,66 @@ pipeline { } } } + stage('DOCKER_FIPS') { + agent { + label "docker" + } + stages('Test on Docker FIPS Pkg') { + stage('Setup') { + steps { + printNodeInfo() + cleanWs() + stopAndRemoveDockers() + setupWorkspace() + } + } + stage('Install Docker FIPS') { + steps { + sh ''' + echo "Installing Docker FIPS" + curl -O $DOCKER_FIPS && docker load -i docker_harvest_fips.tar + rm -rf $WORKSPACE/docker + mkdir $WORKSPACE/docker + cd $WORKSPACE/docker + cp -rf $WORKSPACE/harvest/integration/test/harvest.yml . + docker run --rm \ + --entrypoint "bin/harvest" \ + --volume "$(pwd):/opt/temp" \ + --volume "$(pwd)/harvest.yml:/opt/harvest/harvest.yml" \ + ghcr.io/netapp/harvest:latest-fips \ + generate docker full \ + --output harvest-compose.yml \ + --image ghcr.io/netapp/harvest:latest-fips + docker compose -f prom-stack.yml -f harvest-compose.yml up -d --remove-orphans + sleep 1m + INSTALL_DOCKER=1 bash $WORKSPACE/harvest/integration/test/test.sh + ''' + } + } + stage('Running Test') { + steps { + sh """ + export VERSION=$VERSION + REGRESSION=1 bash $WORKSPACE/harvest/integration/test/test.sh + """ + + } + post { + always { + sh """ + COPY_DOCKER_LOGS=1 bash $WORKSPACE/harvest/integration/test/test.sh + rm -f docker_fips_logs.zip + zip -r docker_fips_logs.zip /var/log/harvest + cd $WORKSPACE/docker + ANALYZE_DOCKER_LOGS=1 bash $WORKSPACE/harvest/integration/test/test.sh + docker ps -q | xargs docker stop | xargs docker rm --force + """ + archiveArtifacts artifacts: "docker_fips_logs.zip", fingerprint: true + } + } + } + } + } } } } @@ -238,4 +300,4 @@ def void printNodeInfo() { socket.connect(InetAddress.getByName("8.8.8.8"), 10002); nodeIp = socket.getLocalAddress().getHostAddress(); println("The Node IP Address is: ${nodeIp}") -} +} \ No newline at end of file diff --git a/jenkins/artifacts/jenkinsfile b/jenkins/artifacts/jenkinsfile index 47926a70c..640b37fc4 100644 --- a/jenkins/artifacts/jenkinsfile +++ b/jenkins/artifacts/jenkinsfile @@ -138,9 +138,9 @@ pipeline { cp ./autosupport/asup $targetLocation/asup_linux_amd64 ''' } - } + } - stage('Build Docker Image') { + stage('Build Docker Images') { steps { withCredentials([string(credentialsId: 'GIT_TOKEN', variable: 'GIT_TOKEN')]) { script { @@ -152,8 +152,10 @@ pipeline { sh ''' targetLocation=$targetParentLocation$VERSION-$RELEASE-$BRANCH docker login - docker build --secret id=git_token,src=${gitTokenFile} -f container/onePollerPerContainer/Dockerfile --build-arg GO_VERSION=${GO_VERSION} --build-arg VERSION=$VERSION --build-arg RELEASE=$RELEASE --build-arg ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET -t ${imageName}:latest -t ${imageName}:$VERSION-$RELEASE -t ${jfrogImagePrefix}:latest -t ${jfrogImagePrefix}:$VERSION-$RELEASE -t ${ghcrImage}:latest -t ${ghcrImage}:$VERSION-$RELEASE . --no-cache + docker build --secret id=git_token,src=${gitTokenFile} -f container/onePollerPerContainer/Dockerfile --build-arg GO_VERSION=${GO_VERSION} --build-arg VERSION=$VERSION --build-arg RELEASE=$RELEASE --build-arg ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET --build-arg FIPS=0 -t ${imageName}:latest -t ${imageName}:$VERSION-$RELEASE -t ${jfrogImagePrefix}:latest -t ${jfrogImagePrefix}:$VERSION-$RELEASE -t ${ghcrImage}:latest -t ${ghcrImage}:$VERSION-$RELEASE . --no-cache + docker build --secret id=git_token,src=${gitTokenFile} -f container/onePollerPerContainer/Dockerfile --build-arg GO_VERSION=${GO_VERSION} --build-arg VERSION=$VERSION --build-arg RELEASE=$RELEASE --build-arg ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET --build-arg FIPS=1 -t ${imageName}:latest-fips -t ${imageName}:$VERSION-$RELEASE-fips -t ${jfrogImagePrefix}:latest-fips -t ${jfrogImagePrefix}:$VERSION-$RELEASE-fips -t ${ghcrImage}:latest-fips -t ${ghcrImage}:$VERSION-$RELEASE-fips . --no-cache docker save -o ${targetLocation}/docker_harvest.tar ${ghcrImage}:latest + docker save -o ${targetLocation}/docker_harvest_fips.tar ${ghcrImage}:latest-fips ''' } } @@ -169,116 +171,132 @@ pipeline { } } - stage('Run Tests') { - when { - expression { - return params.RUN_TEST == 'true'; + stage('Run Tests') { + when { + expression { + return params.RUN_TEST == 'true'; + } } - } - steps { - script { - dockerBuild = "${BUILD_URL}/artifact/docker_harvest.tar" - nativeBuild = "${BUILD_URL}/artifact/harvest-${VERSION}-${RELEASE}_linux_amd64.tar.gz" - rpmBuild = "${BUILD_URL}/artifact/harvest-${VERSION}-${RELEASE}.x86_64.rpm" - build job: 'harvest2_0/smoke', parameters: [string(name: 'VERSION', value: "${VERSION}"), string(name: 'BRANCH', value: "${BRANCH}"), string(name: 'NATIVE', value: "${nativeBuild}"), string(name: 'RPM', value: "${rpmBuild}"), string(name: 'DOCKER', value: "${dockerBuild}")] + steps { + script { + dockerBuild = "${BUILD_URL}/artifact/docker_harvest.tar" + dockerBuildFips = "${BUILD_URL}/artifact/docker_harvest_fips.tar" + nativeBuild = "${BUILD_URL}/artifact/harvest-${VERSION}-${RELEASE}_linux_amd64.tar.gz" + rpmBuild = "${BUILD_URL}/artifact/harvest-${VERSION}-${RELEASE}.x86_64.rpm" + build job: 'harvest2_0/smoke', parameters: [string(name: 'VERSION', value: "${VERSION}"), string(name: 'BRANCH', value: "${BRANCH}"), string(name: 'NATIVE', value: "${nativeBuild}"), string(name: 'RPM', value: "${rpmBuild}"), string(name: 'DOCKER', value: "${dockerBuild}"), string(name: 'DOCKER_FIPS', value: "${dockerBuildFips}")] + } } } - } - stage('Docker Image Publish') { - when { - expression { - return env.DOCKER_PUBLISH == 'true'; - } - } - steps { - withDockerRegistry([credentialsId: "DockerHub", url: ""]) { - sh ''' - docker login - docker push ${imageName}:$VERSION-$RELEASE - ''' - script { - if (OVERWRITE_DOCKER_LATEST_TAG == 'true') { - sh 'docker push ${imageName}:latest' + stage('Docker Image Publish') { + when { + expression { + return env.DOCKER_PUBLISH == 'true'; } - } } - sh ''' - echo $GIT_TOKEN | docker login ghcr.io -u $DOCKERHUB_USERNAME --password-stdin - docker push ${ghcrImage}:$VERSION-$RELEASE - ''' - script { - if (OVERWRITE_DOCKER_LATEST_TAG == 'true') { - sh 'docker push ${ghcrImage}:latest' + steps { + withDockerRegistry([credentialsId: "DockerHub", url: ""]) { + sh ''' + docker login + docker push ${imageName}:$VERSION-$RELEASE + docker push ${imageName}:$VERSION-$RELEASE-fips + ''' + script { + if (OVERWRITE_DOCKER_LATEST_TAG == 'true') { + sh ''' + docker push ${imageName}:latest + docker push ${imageName}:latest-fips + ''' + } + } } - } - withCredentials([usernamePassword(credentialsId: 'Jfrog', passwordVariable: 'password', usernameVariable: 'username')]) { - sh ''' - docker login --username=$username --password=$password ${jfrogRepo} - docker push ${jfrogImagePrefix}:$VERSION-$RELEASE - ''' - script { - if (OVERWRITE_DOCKER_LATEST_TAG == 'true') { - sh 'docker push ${jfrogImagePrefix}:latest' + sh ''' + echo $GIT_TOKEN | docker login ghcr.io -u $DOCKERHUB_USERNAME --password-stdin + docker push ${ghcrImage}:$VERSION-$RELEASE + docker push ${ghcrImage}:$VERSION-$RELEASE-fips + ''' + script { + if (OVERWRITE_DOCKER_LATEST_TAG == 'true') { + sh ''' + docker push ${ghcrImage}:latest + docker push ${ghcrImage}:latest-fips + ''' + } + } + withCredentials([usernamePassword(credentialsId: 'Jfrog', passwordVariable: 'password', usernameVariable: 'username')]) { + sh ''' + docker login --username=$username --password=$password ${jfrogRepo} + docker push ${jfrogImagePrefix}:$VERSION-$RELEASE + docker push ${jfrogImagePrefix}:$VERSION-$RELEASE-fips + ''' + script { + if (OVERWRITE_DOCKER_LATEST_TAG == 'true') { + sh ''' + docker push ${jfrogImagePrefix}:latest + docker push ${jfrogImagePrefix}:latest-fips + ''' + } + } } - } } - } - } + } - stage('Publish Nightly Build to GitHub') { - when { - expression { - return params.RELEASE == 'nightly' && env.BRANCH == 'main' && params.ASUP_MAKE_TARGET == 'production' - } - } - steps { - withCredentials([string(credentialsId: 'GIT_TOKEN', variable: 'GIT_TOKEN')]) { - script { - // Write the GIT_TOKEN to a temporary file - def gitTokenFile = "${env.WORKSPACE}/git_token" - writeFile file: gitTokenFile, text: env.GIT_TOKEN + stage('Publish Nightly Build to GitHub') { + when { + expression { + return params.RELEASE == 'nightly' && env.BRANCH == 'main' && params.ASUP_MAKE_TARGET == 'production' + } + } + steps { + withCredentials([string(credentialsId: 'GIT_TOKEN', variable: 'GIT_TOKEN')]) { + script { + // Write the GIT_TOKEN to a temporary file + def gitTokenFile = "${env.WORKSPACE}/git_token" + writeFile file: gitTokenFile, text: env.GIT_TOKEN - sh ''' - targetLocation=$targetParentLocation$VERSION-$RELEASE-$BRANCH - wget -q -O /opt/home/gh.tar.gz "https://github.com/cli/cli/releases/download/v2.8.0/gh_2.8.0_linux_386.tar.gz" - tar -C /opt/home -xzf /opt/home/gh.tar.gz - echo $GIT_TOKEN > mytoken.txt - /opt/home/gh_2.8.0_linux_386/bin/gh auth login --with-token < mytoken.txt - /opt/home/gh_2.8.0_linux_386/bin/gh release view nightly && /opt/home/gh_2.8.0_linux_386/bin/gh release delete nightly || true - if [ $(git tag -l nightly) ]; then - git push https://$GIT_TOKEN@github.com/NetApp/harvest.git --delete nightly - fi - /opt/home/gh_2.8.0_linux_386/bin/gh release create nightly $targetLocation/*.rpm $targetLocation/*.deb $targetLocation/*.gz --notes "Nightly builds may include bugs and other issues. You might want to use the stable releases instead." --title "Harvest Nightly Release" --prerelease --target main - docker build --secret id=git_token,src=${gitTokenFile} -f container/onePollerPerContainer/Dockerfile --build-arg GO_VERSION=${GO_VERSION} --build-arg VERSION=$VERSION --build-arg RELEASE=$RELEASE --build-arg ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET -t ${imageName}:latest -t ${imageName}:nightly -t ${jfrogImagePrefix}:latest -t ${jfrogImagePrefix}:nightly -t ${ghcrImage}:latest -t ${ghcrImage}:nightly . --no-cache - echo $GIT_TOKEN | docker login ghcr.io -u $DOCKERHUB_USERNAME --password-stdin - docker push ${ghcrImage}:nightly - # Add a dummy user/email for mike deploy to work - git config user.name harvest - git config user.email harvest - git fetch origin gh-pages:gh-pages - mike deploy -r https://$GIT_TOKEN@github.com/NetApp/harvest.git --push --update-aliases nightly - ''' - withDockerRegistry([credentialsId: "DockerHub", url: ""]) { - sh ''' - docker login - docker push ${imageName}:nightly - ''' - } - withCredentials([usernamePassword(credentialsId: 'Jfrog', passwordVariable: 'password', usernameVariable: 'username')]) { - sh ''' - docker login --username=$username --password=$password ${jfrogRepo} - docker push ${jfrogImagePrefix}:nightly - ''' - } - } - } - } - } + sh ''' + targetLocation=$targetParentLocation$VERSION-$RELEASE-$BRANCH + wget -q -O /opt/home/gh.tar.gz "https://github.com/cli/cli/releases/download/v2.8.0/gh_2.8.0_linux_386.tar.gz" + tar -C /opt/home -xzf /opt/home/gh.tar.gz + echo $GIT_TOKEN > mytoken.txt + /opt/home/gh_2.8.0_linux_386/bin/gh auth login --with-token < mytoken.txt + /opt/home/gh_2.8.0_linux_386/bin/gh release view nightly && /opt/home/gh_2.8.0_linux_386/bin/gh release delete nightly || true + if [ $(git tag -l nightly) ]; then + git push https://$GIT_TOKEN@github.com/NetApp/harvest.git --delete nightly + fi + /opt/home/gh_2.8.0_linux_386/bin/gh release create nightly $targetLocation/*.rpm $targetLocation/*.deb $targetLocation/*.gz --notes "Nightly builds may include bugs and other issues. You might want to use the stable releases instead." --title "Harvest Nightly Release" --prerelease --target main + docker build --secret id=git_token,src=${gitTokenFile} -f container/onePollerPerContainer/Dockerfile --build-arg GO_VERSION=${GO_VERSION} --build-arg VERSION=$VERSION --build-arg RELEASE=$RELEASE --build-arg ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET --build-arg FIPS=0 -t ${imageName}:latest -t ${imageName}:nightly -t ${jfrogImagePrefix}:latest -t ${jfrogImagePrefix}:nightly -t ${ghcrImage}:latest -t ${ghcrImage}:nightly . --no-cache + docker build --secret id=git_token,src=${gitTokenFile} -f container/onePollerPerContainer/Dockerfile --build-arg GO_VERSION=${GO_VERSION} --build-arg VERSION=$VERSION --build-arg RELEASE=$RELEASE --build-arg ASUP_MAKE_TARGET=$ASUP_MAKE_TARGET --build-arg FIPS=1 -t ${imageName}:latest-fips -t ${imageName}:nightly-fips -t ${jfrogImagePrefix}:latest-fips -t ${jfrogImagePrefix}:nightly-fips -t ${ghcrImage}:latest-fips -t ${ghcrImage}:nightly-fips . --no-cache + echo $GIT_TOKEN | docker login ghcr.io -u $DOCKERHUB_USERNAME --password-stdin + docker push ${ghcrImage}:nightly + docker push ${ghcrImage}:nightly-fips + # Add a dummy user/email for mike deploy to work + git config user.name harvest + git config user.email harvest + git fetch origin gh-pages:gh-pages + mike deploy -r https://$GIT_TOKEN@github.com/NetApp/harvest.git --push --update-aliases nightly + ''' + withDockerRegistry([credentialsId: "DockerHub", url: ""]) { + sh ''' + docker login + docker push ${imageName}:nightly + docker push ${imageName}:nightly-fips + ''' + } + withCredentials([usernamePassword(credentialsId: 'Jfrog', passwordVariable: 'password', usernameVariable: 'username')]) { + sh ''' + docker login --username=$username --password=$password ${jfrogRepo} + docker push ${jfrogImagePrefix}:nightly + docker push ${jfrogImagePrefix}:nightly-fips + ''' + } + } + } + } + } } - post { failure { sendNotification("FAILED") @@ -305,7 +323,6 @@ def void stopAndRemoveDockers() { ''' } - def getBranchName(gitBranchName, paramBranchName) { if(gitBranchName!=null) { gitBranchName = gitBranchName.replace('origin/', '') @@ -347,4 +364,4 @@ def void updateStatus(def commitId, def statusMsg, def buildUrl, def description }else { throw new RuntimeException("Failed to update GitHub Check "+post.getInputStream().getText()) } -} +} \ No newline at end of file