ci: add Jenkins PR workflow

plexoos · plexoos · commit 9ede8e79f16c · 2026-03-31T18:47:01.000-04:00
diff --git a/.github/workflows/build-pull-request-jenkins.yml b/.github/workflows/build-pull-request-jenkins.yml
@@ -0,0 +1,84 @@
+name: Build Pull Request Jenkins
+
+on:
+  pull_request:
+    paths-ignore:
+      - '.github/**'
+      - 'docs/**'
+      - '!.github/workflows/**'
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event.pull_request.number }}
+  cancel-in-progress: true
+
+permissions:
+  contents: read
+  pull-requests: read
+
+jobs:
+  jenkins-ci-docker:
+    runs-on: ubuntu-latest
+    env:
+      JENKINS_URL: ${{ vars.JENKINS_URL || 'https://starjenkins.sdcc.bnl.gov' }}
+      JENKINS_JOB: ${{ vars.JENKINS_JOB || 'star-sw-ci-pipeline' }}
+      JENKINS_USER: ${{ secrets.JENKINS_USER }}
+      JENKINS_TOKEN: ${{ secrets.JENKINS_TOKEN }}
+      BRANCH_NAME: ${{ github.event.pull_request.head.ref }}
+      GIT_COMMIT: ${{ github.event.pull_request.head.sha }}
+      REPO_URL: ${{ github.event.pull_request.head.repo.clone_url }}
+    steps:
+      - name: Validate Jenkins configuration
+        run: |
+          set -euo pipefail
+          for var in JENKINS_URL JENKINS_JOB JENKINS_USER JENKINS_TOKEN BRANCH_NAME GIT_COMMIT REPO_URL; do
+            if [ -z "${!var:-}" ]; then
+              echo "::error::Missing required value for ${var}"
+              exit 1
+            fi
+          done
+
+      - name: Fetch Jenkins crumb
+        id: crumb
+        run: |
+          set -euo pipefail
+          curl_auth="${JENKINS_USER}:${JENKINS_TOKEN}"
+          crumb="$(curl --silent --show-error --fail --retry 3 --retry-all-errors --user "$curl_auth" \
+            "${JENKINS_URL}/crumbIssuer/api/xml?xpath=concat(//crumbRequestField,%22:%22,//crumb)")"
+          echo "::add-mask::$crumb"
+          echo "value=$crumb" >> "$GITHUB_OUTPUT"
+
+      - name: Trigger Jenkins docker job
+        env:
+          JENKINS_CRUMB: ${{ steps.crumb.outputs.value }}
+        run: |
+          set -euo pipefail
+          curl_auth="${JENKINS_USER}:${JENKINS_TOKEN}"
+          response_headers="$(mktemp)"
+
+          curl --silent --show-error --fail \
+            --request POST \
+            --retry 3 \
+            --retry-all-errors \
+            --user "$curl_auth" \
+            --header "$JENKINS_CRUMB" \
+            --data-urlencode "BRANCH_NAME=${BRANCH_NAME}" \
+            --data-urlencode "GIT_COMMIT=${GIT_COMMIT}" \
+            --data-urlencode "REPO_URL=${REPO_URL}" \
+            --dump-header "$response_headers" \
+            --output /dev/null \
+            "${JENKINS_URL}/job/${JENKINS_JOB}/buildWithParameters"
+
+          queue_url="$(awk 'BEGIN {IGNORECASE=1} /^Location:/ {print $2}' "$response_headers" | tr -d '\r')"
+
+          echo "Triggered Jenkins job ${JENKINS_JOB} for ${BRANCH_NAME}@${GIT_COMMIT}"
+          if [ -n "$queue_url" ]; then
+            echo "Queue item: ${queue_url}"
+            {
+              echo "### Jenkins Triggered"
+              echo
+              echo "- Job: \`${JENKINS_JOB}\`"
+              echo "- Branch: \`${BRANCH_NAME}\`"
+              echo "- Commit: \`${GIT_COMMIT}\`"
+              echo "- Queue item: ${queue_url}"
+            } >> "$GITHUB_STEP_SUMMARY"
+          fi
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -0,0 +1,199 @@
+pipeline {
+  agent none
+
+  options {
+    timestamps()
+    skipDefaultCheckout(true)
+    parallelsAlwaysFailFast()
+  }
+
+  parameters {
+    string(name: 'BRANCH_NAME', defaultValue: 'main', description: 'Branch to build')
+    string(name: 'GIT_COMMIT', defaultValue: '', description: 'Commit SHA to build, optional')
+    string(name: 'REPO_URL', defaultValue: 'https://github.com/star-bnl/star-sw.git', description: 'Repository URL')
+  }
+
+  environment {
+    ARTIFACT_DIR = 'artifacts'
+    BUILDKIT_STEP_LOG_MAX_SIZE = '10000000'
+  }
+
+  stages {
+    stage('Build Docker Images') {
+      matrix {
+        agent any
+
+        axes {
+          axis {
+            name 'STAR_BASE'
+            values 'root5', 'root6'
+          }
+          axis {
+            name 'COMPILER'
+            values 'gcc485', 'gcc11'
+          }
+        }
+
+        stages {
+          stage('Checkout') {
+            steps {
+              echo "PARAM_BRANCH_NAME=${params.BRANCH_NAME}"
+              echo "PARAM_GIT_COMMIT=${params.GIT_COMMIT}"
+              echo "PARAM_REPO_URL=${params.REPO_URL}"
+              echo "JOB_NAME=${env.JOB_NAME}"
+              echo "BUILD_NUMBER=${env.BUILD_NUMBER}"
+              echo "BUILD_URL=${env.BUILD_URL}"
+              echo "NODE_NAME=${env.NODE_NAME}"
+              echo "WORKSPACE=${env.WORKSPACE}"
+              echo "STAR_BASE=${env.STAR_BASE}"
+              echo "COMPILER=${env.COMPILER}"
+              checkout([
+                $class: 'GitSCM',
+                branches: [[name: "*/${params.BRANCH_NAME}"]],
+                userRemoteConfigs: [[
+                  url: "${params.REPO_URL}",
+                  refspec: '+refs/heads/*:refs/remotes/origin/* +refs/tags/*:refs/tags/*'
+                ]]
+              ])
+            }
+          }
+
+          stage('Checkout exact commit if provided') {
+            when {
+              expression { return params.GIT_COMMIT?.trim() }
+            }
+            steps {
+              sh '''
+                set -euxo pipefail
+                echo "Checking out exact commit: ${GIT_COMMIT}"
+                git fetch --all --tags
+                git checkout "${GIT_COMMIT}"
+                git rev-parse HEAD
+              '''
+            }
+          }
+
+          stage('Inspect workspace') {
+            steps {
+              sh '''
+                set -euxo pipefail
+                echo "=== Shell environment snapshot ==="
+                env | sort
+                echo "=== Key variables ==="
+                echo "JOB_NAME=${JOB_NAME:-}"
+                echo "BUILD_NUMBER=${BUILD_NUMBER:-}"
+                echo "BUILD_URL=${BUILD_URL:-}"
+                echo "NODE_NAME=${NODE_NAME:-}"
+                echo "WORKSPACE=${WORKSPACE:-}"
+                echo "GIT_URL=${GIT_URL:-}"
+                echo "GIT_BRANCH=${GIT_BRANCH:-}"
+                echo "BRANCH_NAME=${BRANCH_NAME:-}"
+                echo "CHANGE_ID=${CHANGE_ID:-}"
+                echo "CHANGE_BRANCH=${CHANGE_BRANCH:-}"
+                echo "CHANGE_TARGET=${CHANGE_TARGET:-}"
+                echo "GITHUB_REF=${GITHUB_REF:-}"
+                echo "GITHUB_SHA=${GITHUB_SHA:-}"
+                echo "PARAM_BRANCH_NAME=${BRANCH_NAME:-}"
+                echo "PARAM_GIT_COMMIT=${GIT_COMMIT:-}"
+                echo "PARAM_REPO_URL=${REPO_URL:-}"
+                echo "STAR_BASE=${STAR_BASE:-}"
+                echo "COMPILER=${COMPILER:-}"
+                pwd
+                ls -la
+                echo "=== Git status ==="
+                git status || true
+                echo "=== Git remotes ==="
+                git remote -v || true
+                echo "=== Git HEAD ==="
+                git rev-parse HEAD || true
+              '''
+            }
+          }
+
+          stage('Verify Docker') {
+            steps {
+              sh '''
+                set -euxo pipefail
+                echo "ARTIFACT_DIR=${ARTIFACT_DIR}"
+                echo "STAR_BASE=${STAR_BASE}"
+                echo "COMPILER=${COMPILER}"
+                echo "PATH=${PATH}"
+                command -v docker
+                docker --version
+                docker info
+                docker buildx version
+              '''
+            }
+          }
+
+          stage('Set up Docker Buildx') {
+            steps {
+              sh '''
+                set -euxo pipefail
+                builder_name="star-sw-${BUILD_NUMBER}-${STAR_BASE}-${COMPILER}"
+                echo "${builder_name}" > .buildx-builder-name
+                docker buildx rm "${builder_name}" || true
+                docker buildx create \
+                  --name "${builder_name}" \
+                  --driver docker-container \
+                  --driver-opt "env.BUILDKIT_STEP_LOG_MAX_SIZE=${BUILDKIT_STEP_LOG_MAX_SIZE}" \
+                  --use
+                docker buildx inspect "${builder_name}" --bootstrap
+              '''
+            }
+          }
+
+          stage('Build Docker Image') {
+            steps {
+              sh '''
+                set -euxo pipefail
+                builder_name="$(cat .buildx-builder-name)"
+                starenv="${STAR_BASE}-${COMPILER}"
+                image_tag="ghcr.io/star-bnl/star-sw-${starenv}"
+                image_tar="${ARTIFACT_DIR}/star-sw-${starenv}.tar"
+
+                mkdir -p "${ARTIFACT_DIR}"
+
+                echo "=== Building ${image_tag} ==="
+                docker buildx build \
+                  --builder "${builder_name}" \
+                  --progress plain \
+                  --build-arg "starenv=${STAR_BASE}" \
+                  --build-arg "compiler=${COMPILER}" \
+                  --tag "${image_tag}" \
+                  --output "type=docker,dest=${image_tar}" \
+                  .
+
+                ls -lh "${image_tar}"
+              '''
+            }
+          }
+
+          stage('Archive Docker Image') {
+            steps {
+              archiveArtifacts artifacts: "artifacts/star-sw-${STAR_BASE}-${COMPILER}.tar", fingerprint: true
+            }
+          }
+        }
+
+        post {
+          always {
+            sh '''
+              set +e
+              if [ -f .buildx-builder-name ]; then
+                builder_name="$(cat .buildx-builder-name)"
+                docker buildx rm "${builder_name}" || true
+              fi
+            '''
+          }
+        }
+      }
+    }
+  }
+
+  post {
+    always {
+      echo "Build finished: ${currentBuild.currentResult}"
+    }
+  }
+}
