|
|
@@ -1,17 +1,20 @@
|
|
|
/**
|
|
|
- * 预生产(UAT):Checkout → Maven 打包 → 将 jar/lib 拷到 UAT 部署目录并 docker restart。
|
|
|
+ * UAT: Checkout -> Maven -> (optional) push images to Harbor -> deploy jar + docker restart.
|
|
|
*
|
|
|
- * Jenkins Job:Pipeline script from SCM 时 Script Path 填 docs/jenkins/Jenkinsfile-uat-build-deploy.groovy
|
|
|
+ * Jenkins Job: Pipeline script from SCM
|
|
|
+ * Script Path: docs/jenkins/Jenkinsfile-uat-build-deploy.groovy
|
|
|
*
|
|
|
- * 构建分支:在「Build with Parameters」中填写 GIT_BRANCH,默认 uat-20260202;须与 Gitea 远端分支名完全一致(连字符/下划线不要混用)。
|
|
|
+ * Harbor (153.68): when PUSH_TO_HARBOR=true, push e.g.
|
|
|
+ * 39.105.153.68/alien_cloud/gateway:uat-build-<BUILD_NUMBER>
|
|
|
+ * Production promote jobs use SOURCE_TAG=uat-build-<same number>.
|
|
|
*/
|
|
|
pipeline {
|
|
|
agent any
|
|
|
|
|
|
options {
|
|
|
- buildDiscarder(logRotator(numToKeepStr: '2', artifactNumToKeepStr: '2'))
|
|
|
+ buildDiscarder(logRotator(numToKeepStr: '15'))
|
|
|
timestamps()
|
|
|
- timeout(time: 60, unit: 'MINUTES')
|
|
|
+ timeout(time: 90, unit: 'MINUTES')
|
|
|
}
|
|
|
|
|
|
parameters {
|
|
|
@@ -19,18 +22,32 @@ pipeline {
|
|
|
name: 'GIT_BRANCH',
|
|
|
defaultValue: 'uat-20260202',
|
|
|
trim: true,
|
|
|
- description: '要构建的 Git 分支名,须与远端一致,例如 uat-20260202、main'
|
|
|
+ description: 'Git branch, must match remote (e.g. uat-20260202)'
|
|
|
)
|
|
|
- booleanParam(name: 'FORCE_UPDATE', defaultValue: true, description: '是否强制更新依赖(mvn -U)')
|
|
|
- booleanParam(name: 'ALLOW_SNAPSHOTS', defaultValue: true, description: '是否允许 SNAPSHOT 依赖')
|
|
|
+ booleanParam(name: 'FORCE_UPDATE', defaultValue: true, description: 'mvn -U')
|
|
|
+ booleanParam(name: 'ALLOW_SNAPSHOTS', defaultValue: true, description: 'allow SNAPSHOT deps')
|
|
|
+ booleanParam(
|
|
|
+ name: 'PUSH_TO_HARBOR',
|
|
|
+ defaultValue: false,
|
|
|
+ description: 'After Maven: docker build + push to 39.105.153.68/alien_cloud (tag uat-build-<BUILD_NUMBER>)'
|
|
|
+ )
|
|
|
+ choice(
|
|
|
+ name: 'HARBOR_PUSH_SCOPE',
|
|
|
+ choices: ['gateway-only', 'all-java-services'],
|
|
|
+ description: 'Only used when PUSH_TO_HARBOR=true'
|
|
|
+ )
|
|
|
+ string(name: 'HARBOR_REGISTRY', defaultValue: '39.105.153.68', trim: true)
|
|
|
+ string(name: 'HARBOR_PROJECT', defaultValue: 'alien_cloud', trim: true)
|
|
|
}
|
|
|
|
|
|
environment {
|
|
|
MAVEN_HOME = tool '3.6.3'
|
|
|
PATH = "${MAVEN_HOME}/bin:${env.PATH}"
|
|
|
-
|
|
|
GIT_URL = 'http://8.152.195.41:3000/alien/alien_cloud'
|
|
|
GIT_CREDENTIALS = 'zhanghaomimapingzheng'
|
|
|
+ HARBOR_CREDENTIALS = 'harbor-robot-alien'
|
|
|
+ UAT_HARBOR_IMAGE_TAG = "uat-build-${env.BUILD_NUMBER}"
|
|
|
+ DOCKERFILE_JAVA = 'docs/jenkins/produ/docker/Dockerfile.java-service'
|
|
|
}
|
|
|
|
|
|
stages {
|
|
|
@@ -39,10 +56,10 @@ pipeline {
|
|
|
script {
|
|
|
def branch = (params.GIT_BRANCH ?: 'uat-20260202').trim()
|
|
|
if (!branch) {
|
|
|
- error('GIT_BRANCH 不能为空')
|
|
|
+ error('GIT_BRANCH is required')
|
|
|
}
|
|
|
env.GIT_BRANCH = branch
|
|
|
- echo ">>> 正在拉取代码... 分支: ${env.GIT_BRANCH}"
|
|
|
+ echo ">>> Checkout branch: ${env.GIT_BRANCH}"
|
|
|
git branch: "${env.GIT_BRANCH}",
|
|
|
credentialsId: "${env.GIT_CREDENTIALS}",
|
|
|
url: "${env.GIT_URL}"
|
|
|
@@ -50,9 +67,7 @@ pipeline {
|
|
|
set -e
|
|
|
git fetch origin
|
|
|
git reset --hard origin/${env.GIT_BRANCH}
|
|
|
- echo ">>> 当前构建使用的提交:"
|
|
|
git log -1 --oneline
|
|
|
- git rev-parse HEAD
|
|
|
"""
|
|
|
}
|
|
|
}
|
|
|
@@ -112,7 +127,6 @@ pipeline {
|
|
|
</settings>
|
|
|
"""
|
|
|
}
|
|
|
- echo ">>> 已生成 settings.xml(包含 Spring 官方仓库)"
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -120,26 +134,16 @@ pipeline {
|
|
|
steps {
|
|
|
script {
|
|
|
def updateFlag = params.FORCE_UPDATE ? '-U' : ''
|
|
|
- echo ">>> 开始 Maven 打包(FORCE_UPDATE=${params.FORCE_UPDATE})"
|
|
|
-
|
|
|
retry(2) {
|
|
|
sh """
|
|
|
set -e
|
|
|
mvn -version
|
|
|
-
|
|
|
- echo ">>> [1/3] 清理代理环境变量 (防止 HTTP 劫持)..."
|
|
|
unset http_proxy https_proxy HTTP_PROXY HTTPS_PROXY ALL_PROXY all_proxy no_proxy NO_PROXY || true
|
|
|
-
|
|
|
- echo ">>> [2/3] 启用 SSL 证书绕过 (防止证书不匹配)..."
|
|
|
export MAVEN_OPTS="-Dmaven.wagon.http.ssl.insecure=true -Dmaven.wagon.http.ssl.allowall=true -Dmaven.wagon.http.ssl.ignore.validity.dates=true"
|
|
|
-
|
|
|
- echo ">>> [3/3] 清理本地仓库缓存 (防止 404 缓存)..."
|
|
|
rm -rf /root/.m2/repository/org/springframework/cloud/spring-cloud-dependencies/Hoxton.SR1 || true
|
|
|
rm -rf /root/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.3.2.RELEASE || true
|
|
|
rm -rf ${WORKSPACE}/.m2/repository/org/springframework/cloud/spring-cloud-dependencies/Hoxton.SR1 || true
|
|
|
rm -rf ${WORKSPACE}/.m2/repository/org/springframework/boot/spring-boot-dependencies/2.3.2.RELEASE || true
|
|
|
-
|
|
|
- echo ">>> 执行 Maven 打包..."
|
|
|
mvn clean package -DskipTests -s settings.xml ${updateFlag} -e -Dmaven.repo.local=${WORKSPACE}/.m2/repository
|
|
|
"""
|
|
|
}
|
|
|
@@ -147,47 +151,108 @@ pipeline {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ stage('Push images to Harbor') {
|
|
|
+ when { expression { return params.PUSH_TO_HARBOR == true } }
|
|
|
+ steps {
|
|
|
+ script {
|
|
|
+ def reg = params.HARBOR_REGISTRY.trim()
|
|
|
+ def proj = params.HARBOR_PROJECT.trim()
|
|
|
+ def tag = env.UAT_HARBOR_IMAGE_TAG
|
|
|
+ def baseImage = "${reg}/${proj}/base/openjdk8-ffmpeg:v1"
|
|
|
+ def dockerfile = env.DOCKERFILE_JAVA
|
|
|
+
|
|
|
+ def harborServices = [
|
|
|
+ [module: 'alien-gateway', repo: 'gateway', port: '8000', withLib: false],
|
|
|
+ [module: 'alien-store', repo: 'store', port: '50014', withLib: true],
|
|
|
+ [module: 'alien-second', repo: 'second', port: '50015', withLib: false],
|
|
|
+ [module: 'alien-store-platform', repo: 'store-platform', port: '50016', withLib: false],
|
|
|
+ [module: 'alien-lawyer', repo: 'lawyer', port: '50017', withLib: true],
|
|
|
+ [module: 'alien-job', repo: 'job', port: '50108', withLib: false],
|
|
|
+ [module: 'alien-dining', repo: 'dining', port: '50019', withLib: false],
|
|
|
+ ]
|
|
|
+ if (params.HARBOR_PUSH_SCOPE == 'gateway-only') {
|
|
|
+ harborServices = harborServices.findAll { it.repo == 'gateway' }
|
|
|
+ }
|
|
|
+
|
|
|
+ withCredentials([usernamePassword(
|
|
|
+ credentialsId: env.HARBOR_CREDENTIALS,
|
|
|
+ usernameVariable: 'HARBOR_USER',
|
|
|
+ passwordVariable: 'HARBOR_PASS',
|
|
|
+ )]) {
|
|
|
+ sh """
|
|
|
+ set -e
|
|
|
+ echo "\${HARBOR_PASS}" | docker login ${reg} -u "\${HARBOR_USER}" --password-stdin
|
|
|
+ """
|
|
|
+ harborServices.each { svc ->
|
|
|
+ def jarName = "${svc.module}-1.0.0.jar"
|
|
|
+ def imageRef = "${reg}/${proj}/${svc.repo}:${tag}"
|
|
|
+ sh """
|
|
|
+ set -e
|
|
|
+ test -f ${WORKSPACE}/${svc.module}/target/${jarName}
|
|
|
+ cd ${WORKSPACE}/${svc.module}
|
|
|
+ rm -rf .jenkins_docker_ctx && mkdir -p .jenkins_docker_ctx/lib
|
|
|
+ cp -f target/${jarName} .jenkins_docker_ctx/${jarName}
|
|
|
+ if [ -d target/lib ]; then
|
|
|
+ cp -rf target/lib/. .jenkins_docker_ctx/lib/
|
|
|
+ else
|
|
|
+ touch .jenkins_docker_ctx/lib/.keep
|
|
|
+ fi
|
|
|
+ cd .jenkins_docker_ctx
|
|
|
+ docker build -f ${WORKSPACE}/${dockerfile} \\
|
|
|
+ --build-arg BASE_IMAGE=${baseImage} \\
|
|
|
+ --build-arg JAR_FILE=${jarName} \\
|
|
|
+ --build-arg SERVER_PORT=${svc.port} \\
|
|
|
+ --build-arg WITH_LIB=${svc.withLib} \\
|
|
|
+ -t ${imageRef} .
|
|
|
+ docker push ${imageRef}
|
|
|
+ echo ">>> pushed ${imageRef}"
|
|
|
+ """
|
|
|
+ }
|
|
|
+ }
|
|
|
+ echo ">>> Harbor tag for prod promote: SOURCE_TAG=${tag}"
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
stage('Deploy Services') {
|
|
|
steps {
|
|
|
script {
|
|
|
def services = [
|
|
|
- "alien-gateway:gateway-uat",
|
|
|
- "alien-job:job-uat",
|
|
|
- "alien-lawyer:lawyer-uat",
|
|
|
- "alien-second:second-uat",
|
|
|
- "alien-store:store-uat",
|
|
|
- "alien-dining:dining-uat",
|
|
|
- "alien-store-platform:store-platform-uat"
|
|
|
+ 'alien-gateway:gateway-uat',
|
|
|
+ 'alien-job:job-uat',
|
|
|
+ 'alien-lawyer:lawyer-uat',
|
|
|
+ 'alien-second:second-uat',
|
|
|
+ 'alien-store:store-uat',
|
|
|
+ 'alien-dining:dining-uat',
|
|
|
+ 'alien-store-platform:store-platform-uat',
|
|
|
]
|
|
|
|
|
|
for (item in services) {
|
|
|
- def (moduleName, dirName) = item.split(':')
|
|
|
+ def parts = item.split(':')
|
|
|
+ def moduleName = parts[0]
|
|
|
+ def dirName = parts[1]
|
|
|
def sourceJar = "${env.WORKSPACE}/${moduleName}/target/${moduleName}-1.0.0.jar"
|
|
|
def sourceLib = "${env.WORKSPACE}/${moduleName}/target/lib"
|
|
|
def targetDir = "/app_deploy_uat/${dirName}"
|
|
|
|
|
|
sh """
|
|
|
set -e
|
|
|
- echo ">>> 正在处理模块: ${moduleName}"
|
|
|
-
|
|
|
+ echo ">>> Deploy module: ${moduleName}"
|
|
|
if [ -f "${sourceJar}" ]; then
|
|
|
mkdir -p "${targetDir}"
|
|
|
-
|
|
|
if [ -d "${sourceLib}" ]; then
|
|
|
rm -rf "${targetDir}/lib"
|
|
|
cp -rf "${sourceLib}" "${targetDir}"
|
|
|
fi
|
|
|
-
|
|
|
cp -f "${sourceJar}" "${targetDir}/"
|
|
|
-
|
|
|
if docker ps -a --format '{{.Names}}' | grep -wq "${dirName}"; then
|
|
|
docker restart "${dirName}"
|
|
|
- echo ">>> [${dirName}] 重启成功"
|
|
|
+ echo ">>> [${dirName}] restarted"
|
|
|
else
|
|
|
- echo ">>> [${dirName}] 容器不存在,仅完成文件拷贝"
|
|
|
+ echo ">>> [${dirName}] container missing, jar copied only"
|
|
|
fi
|
|
|
else
|
|
|
- echo ">>> [${dirName}] 未发现 Jar 包,跳过"
|
|
|
+ echo ">>> [${dirName}] jar missing, skip"
|
|
|
fi
|
|
|
"""
|
|
|
}
|
|
|
@@ -198,14 +263,15 @@ pipeline {
|
|
|
|
|
|
post {
|
|
|
always {
|
|
|
- echo ">>> 构建任务结束"
|
|
|
- sh "rm -f settings.xml || true"
|
|
|
+ sh 'rm -f settings.xml || true'
|
|
|
}
|
|
|
success {
|
|
|
- echo ">>> 流水线执行成功"
|
|
|
- }
|
|
|
- failure {
|
|
|
- echo ">>> 流水线执行失败,请检查 Maven 日志中是否仍有 Download 失败"
|
|
|
+ script {
|
|
|
+ if (params.PUSH_TO_HARBOR) {
|
|
|
+ echo ">>> Harbor images tagged: ${env.UAT_HARBOR_IMAGE_TAG}"
|
|
|
+ echo ">>> Prod promote: SOURCE_TAG=${env.UAT_HARBOR_IMAGE_TAG}"
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
}
|
|
|
}
|
dujian