Container Continuous Integration

Automatic building of container images using jenkins.

Security

To enable deployment from jenkins to the container registry we need to store a username/password. We don't want to use a personal account. Harbor provides a robot account for this. Harbor project owners have admin privileges and can create robot accounts for their projects. Login to the registry, select your project, select robot account. The resulting account will be robot$PROJECT+NAME. Save the hash.

In jenkins create a folder. Configure folder properties and enable project-based security. Add the group that should be allowed to manage credentials and add the suitable permissions.

Now we have permissions to add credentials to the folder. Enter folder, select credentials from the left side. Select folder, add domain. Add credentials username/password. Use the id podman (see below)

Jenkins Pipeline

To ease usage of podman a jenkins library is available. Configure folder pipeline libraries and add library https://git.acc.gsi.de/k8s/jenkins.git as podman.

The library makes a few default assumptions

• registry credentials are available as podman
• the last folder is the registry project
• the job is the registry repository
• the git branch is the tag. Master will be replaced with latest.
• A Containerfile is at the top level of the git repository

If all these assumptions are correct, the following jenkinsfile at the top level of a git repository will be enough

@Library('podman') _
# yes with the underscore

podmanPipeline()

otherwise the individual steps for a custom pipeline are podmanBuild and podmanDeploy. See git source code for details.

-- ChristophHandel - 04 Jul 2022