File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 1+ // Jenkinsfile for gh-pr-and-build template
2+ // See: https://www.jenkins.io/doc/book/pipeline/jenkinsfile/
3+
4+ pipeline {
5+ // Agent configuration - defines where the pipeline runs
6+ agent {
7+ node {
8+ // Use spot instances for cost efficiency
9+ label ' rhel8-spot'
10+ }
11+ }
12+
13+ // Pipeline options
14+ options {
15+ // Add timestamps to console output
16+ timestamps()
17+ }
18+
19+ stages {
20+ // Stage 1: PR Check - runs for pull requests only
21+ stage(' PR Check'
22+ when {
23+ // Only execute when building a pull request
24+ // Environment variables available: CHANGE_ID, CHANGE_AUTHOR, CHANGE_TARGET, etc.
25+ changeRequest()
26+ }
27+ steps {
28+ // Run PR validation script
29+ sh ' ./pr_check.sh'
30+ }
31+ }
32+
33+ // Stage 2: Build - runs for main branch only
34+ stage(' Build'
35+ when {
36+ // Only execute when building the main branch
37+ branch ' main'
38+ }
39+ steps {
40+ // VaultBuildWrapper injects secrets as environment variables
41+ // Secrets are ONLY available in this stage, not in PR Check for security
42+ wrap([$class : ' VaultBuildWrapper'
43+ vaultSecrets : [
44+ [
45+ // Vault path containing the secrets
46+ path : ' app-sre/quay/app-sre-push'
47+ secretValues : [
48+ // Map Vault keys to environment variables
49+ [envVar : ' QUAY_USER' vaultKey : ' user'
50+ [envVar : ' QUAY_TOKEN' vaultKey : ' token'
51+ ]
52+ ]
53+ ]
54+ ]) {
55+ // Run build/deploy script with access to secrets
56+ sh ' ./build_deploy.sh'
57+ }
58+ }
59+ }
60+ }
61+
62+ // Post-build actions
63+ post {
64+ always {
65+ // Clean workspace after every build to save disk space
66+ cleanWs()
67+ }
68+ }
69+ }
You can’t perform that action at this time.
0 commit comments