elastic · v1v · Sep 7, 2022 · Sep 7, 2022
@@ -0,0 +1,96 @@
+#!/usr/bin/env groovy
+
+@Library('apm@current') _
+
+pipeline {
+  agent { label 'ubuntu-20 && immutable' }
+  environment {
+    REPO = 'beats'
+    BASE_DIR = "src/github.com/elastic/${env.REPO}"
+    PIPELINE_LOG_LEVEL = "INFO"
+    BEATS_FOLDER = "x-pack/heartbeat"
+    SLACK_CHANNEL = '#beats'
+    NOTIFY_TO = 'observability-robots-internal+ironbank-beats-validation@elastic.co'
+  }
+  options {
+    timeout(time: 1, unit: 'HOURS')
+    buildDiscarder(logRotator(numToKeepStr: '20', artifactNumToKeepStr: '20', daysToKeepStr: '30'))
+    timestamps()
+    ansiColor('xterm')
+    disableResume()
+    durabilityHint('PERFORMANCE_OPTIMIZED')
+    disableConcurrentBuilds()
+  }
+  stages {
+    stage('Checkout') {
+      options { skipDefaultCheckout() }
+      steps {
+        deleteDir()
+        gitCheckout(basedir: "${BASE_DIR}")
+        setEnvVar("GO_VERSION", readFile("${BASE_DIR}/.go-version").trim())
+        dir("${BASE_DIR}"){
+          setEnvVar('BEAT_VERSION', sh(label: 'Get beat version', script: 'make get-version', returnStdout: true)?.trim())
+        }
+      }
+    }
+    stage('Package'){
+      options { skipDefaultCheckout() }
+      steps {
+        withMageEnv(){
+          dir("${env.BASE_DIR}/${env.BEATS_FOLDER}") {
+            sh(label: 'make ironbank-package', script: "make -C ironbank package")
+          }
+        }
+      }
+      post {
+        failure {
+          notifyStatus(slackStatus: 'danger', subject: "[${env.REPO}@${BRANCH_NAME}] package for ${env.BEATS_FOLDER}", body: "Contact the heartbeats team. (<${env.RUN_DISPLAY_URL}|Open>)")
+        }
+      }
+    }
+    stage('Ironbank'){
+      options { skipDefaultCheckout() }
+      steps {
+        withMageEnv(){
+          dir("${env.BASE_DIR}/${env.BEATS_FOLDER}") {
+            sh(label: 'mage ironbank', script: 'mage ironbank')
+          }
+        }
+      }
+      post {
+        failure {
+          notifyStatus(slackStatus: 'danger', subject: "[${env.REPO}@${BRANCH_NAME}] Ironbank docker context for ${env.BEATS_FOLDER}", body: "Contact the @observablt-robots-team team. (<${env.RUN_DISPLAY_URL}|Open>)")
+        }
+      }
+    }
+    stage('Validate'){
+      options { skipDefaultCheckout() }
+      steps {
+        withMageEnv(){
+          dir("${env.BASE_DIR}/${env.BEATS_FOLDER}") {
+            sh(label: 'make validate-ironbank', script: "make -C ironbank validate-ironbank")
+          }
+        }
+      }
+      post {
+        failure {
+          notifyStatus(slackStatus: 'danger', subject: "[${env.REPO}@${BRANCH_NAME}] Ironbank validation failed", body: "Contact the @observablt-robots-team team. (<${env.RUN_DISPLAY_URL}|Open>)")
+        }
+      }
+    }
+  }
+  post {
+    cleanup {
+      notifyBuildResult(prComment: true)
+    }
+  }
+}
+
+def notifyStatus(def args = [:]) {
+  releaseNotification(slackChannel: "${env.SLACK_CHANNEL}",
+                      slackColor: args.slackStatus,
+                      slackCredentialsId: 'jenkins-slack-integration-token',
+                      to: "${env.NOTIFY_TO}",
+                      subject: args.subject,
+                      body: args.body)
+}
@@ -0,0 +1,53 @@
+BEAT_VERSION ?= 8.5.0
+LOCATION := ../build/heartbeat-ironbank-$(BEAT_VERSION)-docker-build-context
+
+YQ_VERSION ?= v4.13.2
+YQ ?= "../build/yq"
+## Support for 64 bits (arm and amd/intel)
+ARCH = $(shell uname -m)
+ifeq ($(ARCH),x86_64)
+	YQ_ARCH ?= amd64
+else
+	YQ_ARCH ?= arm64
+endif
+OS = $(shell uname)
+ifeq ($(OS),Darwin)
+	YQ_BINARY ?= yq_darwin_$(YQ_ARCH)
+else
+	YQ_BINARY ?= yq_linux_$(YQ_ARCH)
+endif
+
+## @help:setup-yq: Install yq in ../build/yq.
+.PHONY: setup-yq
+setup-yq:
+	@if [ ! -f "../build/yq" ]; then \
+		echo "Downloading yq - $(YQ_VERSION)/$(YQ_BINARY)" ; \
+		curl -sSfL -o $(YQ) https://github.com/mikefarah/yq/releases/download/$(YQ_VERSION)/$(YQ_BINARY) ; \
+		chmod +x $(YQ) ; \
+	fi
+
+.PHONY: download-hardening-manifest-artifacts
+download-hardening-manifest-artifacts: setup-yq ## Parse hardening_manifest.yaml and download each artifact.
+	@for i in $(shell $(YQ) -M e '.resources[] | select(.url == "https*") | { .filename: .url }' - < $(LOCATION)/hardening_manifest.yaml | sed 's#: #=#g');\
+	do \
+		BASENAME=$$(echo "$${i}" | cut -d'=' -f1); \
+		URL=$$(echo "$${i}" | cut -d'=' -f2); \
+		echo "Downloading $${URL}"; \
+		curl -sSfL -o $(LOCATION)/$${BASENAME} "$${URL}"; \
+	done
+
+.PHONY: prepare
+prepare: download-hardening-manifest-artifacts ## Download container dependencies.
+	cp ../build/distributions/heartbeat-$(BEAT_VERSION)-linux-x86_64.tar.gz $(LOCATION)/
+
+package: ## Package heartbeat for the artifacts consumed by the ironbank docker context.
+	cd ../ ; \
+		PLATFORMS='linux/amd64' PACKAGES=tar.gz mage package
+
+.PHONY: validate-ironbank
+validate-ironbank: prepare
+	docker build \
+		--build-arg BASE_REGISTRY=docker.elastic.co \
+		--build-arg BASE_IMAGE=ubi8/ubi \
+		--build-arg BASE_TAG=latest \
+		$(LOCATION)
@@ -0,0 +1,23 @@
+# Overview
+
+These are the build and test files for the Observability Heartbeat to generate and validate the IronBank Docker images.
+
+## Docker context generation
+
+The docker context generation is done as part of the `packaging` pipeline.
+
+## Docker context validation
+
+It has been decoupled from the generation. It requires the below steps to generate the required artifacts and validate the docker context can be built.
+
+```bash
+cd x-pack/heartbeat
+make -C ironbank package
+mage ironbank
+make -C ironbank validate-ironbank
+```
+
+If for any reason it failed to be built, it might be related to some
+dependencies that have been changed and hence it's required to update them in `dev-tools/packaging/templates/ironbank/heartbeat/hardening_manifest.yaml` accordingly.
+
+These steps are explained in an internal GitHub repository, and for the time being won't be public available.