icecheng/freeleaps-ops
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix(pipeline): update SourceFetcher to use dynamic git credentials ID

Browse Source 
Signed-off-by: 孙振宇 <>
This commit is contained in:
孙振宇 2025-02-07 15:57:10 +08:00
parent 044f96d525
commit 9352de5270
1 changed files with 200 additions and 188 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

388
first-class-pipeline/vars/executeFreeleapsPipeline.groovy
View File

@ -15,32 +15,34 @@ import com.freeleaps.devops.enums.CodeLinterTypes
import com.freeleaps.devops.enums.ImageBuilderTypes import com.freeleaps.devops.enums.ImageBuilderTypes
def generateComponentStages(component, configurations) { def generateComponentStages(component, configurations) {
return [ def stages = []
stage("${component.name} :: Build Agent Setup") { stages.addAll([
script { // Build Agent Setup
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) { stage("${component.name} :: Build Agent Setup") {
def buildAgentImage = component.buildAgentImage script {
if (buildAgentImage == null || buildAgentImage.isEmpty()) { if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
log.warn("Pipeline", "Not set buildAgentImage for ${component.name}, using default build agent image") def buildAgentImage = component.buildAgentImage
if (buildAgentImage == null || buildAgentImage.isEmpty()) {
log.warn("Pipeline", "Not set buildAgentImage for ${component.name}, using default build agent image")
def language = ServiceLanguage.parse(component.language) def language = ServiceLanguage.parse(component.language)
switch(language) { switch(language) {
case ServiceLanguage.PYTHON: case ServiceLanguage.PYTHON:
buildAgentImage = "docker.io/python:3.10-slim-buster" buildAgentImage = "docker.io/python:3.10-slim-buster"
break break
case ServiceLanguage.JS: case ServiceLanguage.JS:
buildAgentImage = "docker.io/node:lts-alpine" buildAgentImage = "docker.io/node:lts-alpine"
break break
default: default:
error("Unknown service language") error("Unknown service language")
} }
} }
log.info("Pipeline", "Using ${buildAgentImage} as build agent image for ${component.name}") log.info("Pipeline", "Using ${buildAgentImage} as build agent image for ${component.name}")
env.buildAgentImage = buildAgentImage env.buildAgentImage = buildAgentImage
} }
} }
}, },
// Dependencies Resolving
stage("${component.name} :: Dependencies Resolving") { stage("${component.name} :: Dependencies Resolving") {
podTemplate( podTemplate(
label: "dep-resolver-${component.name}", label: "dep-resolver-${component.name}",
@ -81,195 +83,208 @@ def generateComponentStages(component, configurations) {
} }
} }
}, },
])
stage("${component.name} :: Code Linter Preparation") { if (component.lintEnabled != null && component.lintEnabled) {
script { stages.addAll([
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) { // Code Linter Environment Preparation
if (component.lintEnabled != null && component.lintEnabled) { stage("${component.name} :: Code Linter Preparation") {
log.info("Pipeline", "Code linting has enabled, preparing linter...") script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.lintEnabled != null && component.lintEnabled) {
log.info("Pipeline", "Code linting has enabled, preparing linter...")
if (component.linter == null || component.linter.isEmpty()) { if (component.linter == null || component.linter.isEmpty()) {
log.error("Pipeline", "Not set linter for ${component.name}, using default linter settings as fallback") log.error("Pipeline", "Not set linter for ${component.name}, using default linter settings as fallback")
}
def linter = CodeLinterTypes.parse(component.linter)
if (linter == null) {
log.error("Pipeline", "Unknown linter for ${component.name}, skipping code linting")
}
if (linter.language != ServiceLanguage.parse(component.language)) {
log.error("Pipeline", "Linter ${linter.linter} is not supported for ${component.language}, skipping code linting")
}
log.info("Pipeline", "Using ${linter.linter} with image ${linter.containerImage} as linter for ${component.name}")
env.linterContainerImage = linter.containerImage
} else {
log.info("Pipeline", "Code linting is not enabled for ${component.name}, skipping...")
}
}
}
},
stage("${component.name} :: Code Linting If Enabled") {
when {
expression {
return (env.executeMode == "fully" || env.changedComponents.contains(component.name)) && env.linterContainerImage != null && !env.linterContainerImage.isEmpty()
}
}
podTemplate(
label: "code-linter-${component.name}",
containers: [
containerTemplate(
name: 'code-linter',
image: env.linterContainerImage,
ttyEnabled: true,
command: 'sleep',
args: 'infinity'
)
]
) {
node("code-linter-${component.name}") {
container('code-linter') {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.lintEnabled != null && component.lintEnabled) {
log.info("Pipeline", "Code linting has enabled, linting code...")
def sourceFetcher = new SourceFetcher(this)
sourceFetcher.fetch(configurations)
def linterType = CodeLinterTypes.parse(component.linter)
def codeLintExecutor = new CodeLintExecutor(this, env.workroot + "/" + component.root + "/", component.linterConfig, linterType)
codeLintExecutor.execute()
}
} }
}
}
}
}
},
stage("${component.name} :: SAST Scanner Preparation") { def linter = CodeLinterTypes.parse(component.linter)
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.sastEnabled != null && component.sastEnabled) {
log.info("Pipeline", "SAST scanning has enabled, preparing scanner...")
if (sastScanner == null || sastScanner.isEmpty()) { if (linter == null) {
log.error("Pipeline", "Not set sastScanner for ${component.name}") log.error("Pipeline", "Unknown linter for ${component.name}, skipping code linting")
} }
def sastScannerType = SASTScannerTypes.parse(component.sastScanner) if (linter.language != ServiceLanguage.parse(component.language)) {
if (sastScannerType == null) { log.error("Pipeline", "Linter ${linter.linter} is not supported for ${component.language}, skipping code linting")
log.error("Pipeline", "Unknown SAST scanner for ${component.name}, skipping SAST scanning") }
} else if (sastScannerType.language != ServiceLanguage.parse(component.language)) {
log.error("Pipeline", "SAST scanner ${sastScannerType.scanner} is not supported for ${component.language}, skipping SAST scanning") log.info("Pipeline", "Using ${linter.linter} with image ${linter.containerImage} as linter for ${component.name}")
env.linterContainerImage = linter.containerImage
} else { } else {
log.info("Pipeline", "Using ${sastScanner} as SAST scanner for ${component.name}") log.info("Pipeline", "Code linting is not enabled for ${component.name}, skipping...")
env.sastScannerContainerImage = sastScannerType.containerImage
} }
} }
} }
} },
}, // Code Linting
stage("${component.name} :: Code Linting") {
podTemplate(
label: "code-linter-${component.name}",
containers: [
containerTemplate(
name: 'code-linter',
image: env.linterContainerImage,
ttyEnabled: true,
command: 'sleep',
args: 'infinity'
)
]
) {
node("code-linter-${component.name}") {
container('code-linter') {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.lintEnabled != null && component.lintEnabled) {
log.info("Pipeline", "Code linting has enabled, linting code...")
stage("${component.name} :: SAST Scanning If Enabled") { def sourceFetcher = new SourceFetcher(this)
when { sourceFetcher.fetch(configurations)
expression {
return (env.executeMode == "fully" || env.changedComponents.contains(component.name)) && env.sastScannerContainerImage != null && !env.sastScannerContainerImage.isEmpty()
}
}
podTemplate(
label: "sast-scanner-${component.name}",
containers: [
containerTemplate(
name: 'sast-scanner',
image: env.sastScannerContainerImage,
ttyEnabled: true,
command: 'sleep',
args: 'infinity'
)
]
) {
node("sast-scanner-${component.name}") {
container('sast-scanner') {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.sastEnabled != null && component.sastEnabled) {
log.info("Pipeline", "SAST scanning has enabled, scanning code...")
def sourceFetcher = new SourceFetcher(this) def linterType = CodeLinterTypes.parse(component.linter)
sourceFetcher.fetch(configurations)
def sastScannerType = SASTScannerTypes.parse(component.sastScanner) def codeLintExecutor = new CodeLintExecutor(this, env.workroot + "/" + component.root + "/", component.linterConfig, linterType)
codeLintExecutor.execute()
def sastScanner = new SASTExecutor(this, env.workroot + "/" + component.root + "/", sastScannerType) }
sastScanner.scan()
} }
} }
} }
} }
} }
} }
}, ])
}
stage("${component.name} :: Semantic Release Preparation") { if (component.sastEnabled != null && component.sastEnabled) {
script { stages.addAll([
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) { // SAST Scanner Environment Preparation
if (component.semanticReleaseEnabled != null && component.semanticReleaseEnabled) { stage("${component.name} :: SAST Scanner Preparation") {
log.info("Pipeline", "Semantic releasing has enabled, preparing semantic release...") script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.sastEnabled != null && component.sastEnabled) {
log.info("Pipeline", "SAST scanning has enabled, preparing scanner...")
if (component.semanticReleaseBranch == null || component.semanticReleaseBranch.isEmpty()) { if (sastScanner == null || sastScanner.isEmpty()) {
log.error("Pipeline", "Not set semanticReleaseBranch for ${component.name}, please set it to enable semantic release") log.error("Pipeline", "Not set sastScanner for ${component.name}")
}
def sastScannerType = SASTScannerTypes.parse(component.sastScanner)
if (sastScannerType == null) {
log.error("Pipeline", "Unknown SAST scanner for ${component.name}, skipping SAST scanning")
} else if (sastScannerType.language != ServiceLanguage.parse(component.language)) {
log.error("Pipeline", "SAST scanner ${sastScannerType.scanner} is not supported for ${component.language}, skipping SAST scanning")
} else {
log.info("Pipeline", "Using ${sastScanner} as SAST scanner for ${component.name}")
env.sastScannerContainerImage = sastScannerType.containerImage
}
} }
log.info("Pipeline", "Using ${component.semanticReleaseBranch} as semantic release branch for ${component.name}")
env.semanticReleasingContainerImage = "docker.io/semantic-release/semantic-release:latest"
} }
} }
} },
}, // SAST Scanning
stage("${component.name} :: SAST Scanning") {
stage("${component.name} :: Semantic Releasing If Enabled") { when {
when { expression {
expression { return (env.executeMode == "fully" || env.changedComponents.contains(component.name)) && env.sastScannerContainerImage != null && !env.sastScannerContainerImage.isEmpty()
return (env.executeMode == "fully" || env.changedComponents.contains(component.name)) && env.semanticReleasingContainerImage != null && !env.semanticReleasingContainerImage.isEmpty() }
} }
} podTemplate(
podTemplate( label: "sast-scanner-${component.name}",
label: "semantic-releasing-${component.name}", containers: [
containers: [ containerTemplate(
containerTemplate( name: 'sast-scanner',
name: 'semantic-releasing', image: env.sastScannerContainerImage,
image: env.semanticReleasingContainerImage, ttyEnabled: true,
ttyEnabled: true, command: 'sleep',
command: 'sleep', args: 'infinity'
args: 'infinity' )
) ]
] ) {
) { node("sast-scanner-${component.name}") {
node("semantic-releasing-${component.name}") { container('sast-scanner') {
container('semantic-releasing') { script {
script { if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) { if (component.sastEnabled != null && component.sastEnabled) {
if (component.semanticReleaseEnabled != null && component.semanticReleaseEnabled) { log.info("Pipeline", "SAST scanning has enabled, scanning code...")
log.info("Pipeline", "Semantic releasing has enabled, releasing...")
def sourceFetcher = new SourceFetcher(this) def sourceFetcher = new SourceFetcher(this)
sourceFetcher.fetch(configurations) sourceFetcher.fetch(configurations)
def semanticReleasingExecutor = new SemanticReleasingExecutor(this, env.workroot + "/" + component.root + "/") def sastScannerType = SASTScannerTypes.parse(component.sastScanner)
semanticReleasingExecutor.release()
def sastScanner = new SASTExecutor(this, env.workroot + "/" + component.root + "/", sastScannerType)
sastScanner.scan()
}
} }
} }
} }
} }
} }
} }
}, ])
}
if (component.semanticReleaseEnabled != null && component.semanticReleaseEnabled) {
stages.addAll([
// Semantic Release Environment Preparation
stage("${component.name} :: Semantic Release Preparation") {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.semanticReleaseEnabled != null && component.semanticReleaseEnabled) {
log.info("Pipeline", "Semantic releasing has enabled, preparing semantic release...")
if (component.semanticReleaseBranch == null || component.semanticReleaseBranch.isEmpty()) {
log.error("Pipeline", "Not set semanticReleaseBranch for ${component.name}, please set it to enable semantic release")
}
log.info("Pipeline", "Using ${component.semanticReleaseBranch} as semantic release branch for ${component.name}")
env.semanticReleasingContainerImage = "docker.io/semantic-release/semantic-release:latest"
}
}
}
},
// Semantic Releasing
stage("${component.name} :: Semantic Releasing") {
when {
expression {
return (env.executeMode == "fully" || env.changedComponents.contains(component.name)) && env.semanticReleasingContainerImage != null && !env.semanticReleasingContainerImage.isEmpty()
}
}
podTemplate(
label: "semantic-releasing-${component.name}",
containers: [
containerTemplate(
name: 'semantic-releasing',
image: env.semanticReleasingContainerImage,
ttyEnabled: true,
command: 'sleep',
args: 'infinity'
)
]
) {
node("semantic-releasing-${component.name}") {
container('semantic-releasing') {
script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
if (component.semanticReleaseEnabled != null && component.semanticReleaseEnabled) {
log.info("Pipeline", "Semantic releasing has enabled, releasing...")
def sourceFetcher = new SourceFetcher(this)
sourceFetcher.fetch(configurations)
def semanticReleasingExecutor = new SemanticReleasingExecutor(this, env.workroot + "/" + component.root + "/")
semanticReleasingExecutor.release()
}
}
}
}
}
}
}
])
}
stages.addAll([
// Compilation & Packaging
stage("${component.name} :: Compilation & Packaging") { stage("${component.name} :: Compilation & Packaging") {
podTemplate( podTemplate(
label: "build-agent-${component.name}", label: "build-agent-${component.name}",
@ -313,13 +328,13 @@ def generateComponentStages(component, configurations) {
stash includes: artifact, name: "${component.name}-${artifact}" stash includes: artifact, name: "${component.name}-${artifact}"
} }
} }
}
} }
} }
} }
} }
} },
}, // Image Builder Setup
stage("${component.name} :: Image Builder Setup") { stage("${component.name} :: Image Builder Setup") {
script { script {
if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) { if (env.executeMode == "fully" || env.changedComponents.contains(component.name)) {
@ -340,7 +355,7 @@ def generateComponentStages(component, configurations) {
} }
} }
}, },
// Image Building & Publishing
stage("${component.name} :: Image Building & Publishing") { stage("${component.name} :: Image Building & Publishing") {
when { when {
expression { expression {
@ -400,11 +415,8 @@ def generateComponentStages(component, configurations) {
} }
} }
} }
])
// stage("${component.name} :: Argo Application Version Updating (Deploying)") { return stages
// }
]
} }
def call(Closure closure) { def call(Closure closure) {