依赖
安装jenkins
配置podTemplate
podTemplates:
docker: |
- name: docker
label: docker
serviceAccount: jenkins
volumes:
- emptyDirVolume:
mountPath: /var/run/
memory: true
- persistentVolumeClaim:
mountPath: /var/lib/docker
claimName: docker
readOnly: false
containers:
- name: aws
image: amazon/aws-cli
ttyEnabled: true
privileged: false
command: "/bin/sh -c"
args: "cat"
- name: docker
image: docker:dind
ttyEnabled: true
privileged: true
resourceRequestCpu: "400m"
resourceRequestMemory: "512Mi"
resourceLimitCpu: "1"
resourceLimitMemory: "1024Mi"
- name: cli
image: docker:cli
command: "/bin/sh -c"
args: "cat"
ttyEnabled: true
privileged: true
livenessProbe:
execArgs: "ls /var/run/docker.sock"
pipeline使用
pipeline {
agent {
label 'docker'
}
parameters {
string(name: 'GIT_BUILD_REF', defaultValue: 'main', description: 'git branch?')
choice(name: 'TARGET_TAG', choices: ['prod', 'test'], description: 'target env')
}
environment {
TARGET_TAG = "${params.TARGET_TAG}"
}
stages {
stage('检出') {
steps {
checkout([
$class : 'GitSCM',
branches : [[name: params.GIT_BUILD_REF]],
userRemoteConfigs: [[
url : '{{gitUrl}}',
credentialsId: 'git'
]]])
}
}
stage('获取aws token') {
steps {
container('aws') {
withCredentials([usernamePassword(credentialsId: 'aws', usernameVariable: 'AWS_ACCESS_KEY_ID', passwordVariable: 'AWS_SECRET_ACCESS_KEY')
]) {
sh 'aws ecr get-login-password --region ap-southeast-1 > .docker-token'
}
}
}
}
stage('构建') {
steps {
container('cli') {
sh '''cat .docker-token | docker login --username AWS --password-stdin {{docker-registry-url}};
echo SQS_ENV=${TARGET_TAG} > .build_env
cat .build_env
rm -rf .env
cp env.example .env
COMPOSE_DOCKER_CLI_BUILD=1 DOCKER_BUILDKIT=1 docker compose --env-file .build_env build && docker compose --env-file .build_env push'''
}
}
}
}
}