pipeline: fully move to S3

Now that we have a prod build in S3, we can fully switch over to it. Most of the changes are straightforward. One note of interest: the "pruning" stage is now really just about pruning the local cache. For now, we're not pruning from the bucket at all, pending a more defined policy & mechanism. Note we're still uploading the latest build to the artifact server to make it easier for folks to download. Though soon we should replace that with a frontend.
coreos · Jun 6, 2019 · 004a13a · 004a13a
1 parent 51c0048
commit 004a13a
Showing 1 changed file with 16 additions and 18 deletions.
diff --git a/Jenkinsfile b/Jenkinsfile
@@ -102,18 +102,12 @@ podTemplate(cloud: 'openshift', label: 'coreos-assembler', yaml: pod, defaultCon
         }
 
         stage('Fetch') {
-            // XXX: drop `!prod && ` once we've uploaded prod builds there
-            if (!prod && s3_builddir) {
+            if (s3_builddir) {
                 utils.shwrap("""
                 coreos-assembler buildprep s3://${s3_builddir}
                 """)
             }
 
-            if (prod) {
-                // make sure our cached version matches prod exactly before continuing
-                utils.rsync_in("builds", "builds")
-            }
-
             utils.shwrap("""
             coreos-assembler fetch
             """)
@@ -164,10 +158,9 @@ podTemplate(cloud: 'openshift', label: 'coreos-assembler', yaml: pod, defaultCon
             """)
         }
 
-        stage('Prune') {
-            // XXX: stop pruning like this when we fully drop artifact server
+        stage('Prune Cache') {
             utils.shwrap("""
-            coreos-assembler prune --keep=8
+            coreos-assembler prune --keep=1
             """)
 
             // If the cache img is larger than e.g. 8G, then nuke it. Otherwise
@@ -188,9 +181,21 @@ podTemplate(cloud: 'openshift', label: 'coreos-assembler', yaml: pod, defaultCon
             coreos-assembler compress
             """)
 
+            if (s3_builddir) {
+              // just upload as public-read for now, but see discussions in
+              // https://github.com/coreos/fedora-coreos-tracker/issues/189
+              utils.shwrap("""
+              coreos-assembler buildupload s3 --acl=public-read ${s3_builddir}
+              """)
+            }
+
+            // XXX: For now, we keep uploading the latest build to the artifact
+            // server to make it easier for folks to access since we don't have
+            // a stream metadata frontend/website set up yet. The key part here
+            // is that it is *not* the canonical storage for builds.
+
             // Change perms to allow reading on webserver side.
             // Don't touch symlinks (https://github.com/CentOS/sig-atomic-buildscripts/pull/355)
-            // XXX: can drop this when dropping artifact server
             utils.shwrap("""
             find builds/ ! -type l -exec chmod a+rX {} +
             """)
@@ -201,13 +206,6 @@ podTemplate(cloud: 'openshift', label: 'coreos-assembler', yaml: pod, defaultCon
             if (prod) {
                 utils.rsync_out("builds", "builds")
             }
-
-            if (s3_builddir) {
-              // XXX: just upload as public-read for now
-              utils.shwrap("""
-              coreos-assembler buildupload s3 --acl=public-read ${s3_builddir}
-              """)
-            }
         }
     }}
 }