feat: separate updatecli to its own pipeline (#2866)

* feat: separate updatecli to its own pipeline

Ref: jenkins-infra/helpdesk#2778

* add updatecli job for kubernetes-management on infra.ci

* remove redundant 'Management'

* clean Jenkinsfile_updatecli

* remove unused do token credential for kubernetes-management-updatecli

* update updatecli manifest

* set a top folder with one children instead for now until we adapt the job-dsl chart for a 'organization-scanning' kind

* cleanup: remove helmfile image in Jenkinsfile_updatecli
As it's already defined in the 'updatecli' function of the shared pipeline library

* chore: better job description

* fix: quote

Co-authored-by: Damien Duportal <[email protected]>

Jenkinsfile_k8s

@@ -14,56 +14,16 @@ pipeline {
   }
 
   stages {
-    stage('Chore Tasks') {
-      parallel {
-        stage('Dependency Management') {
-          agent {
-            kubernetes {
-              yamlFile 'PodTemplates.yaml'
-            }
-          }
-          environment {
-            AWS_ACCESS_KEY_ID     = credentials('packer-aws-access-key-id')
-            AWS_SECRET_ACCESS_KEY = credentials('packer-aws-secret-access-key')
-            AWS_DEFAULT_REGION    = 'us-east-2'
-          }
-          stages {
-            stage('Check Configuration Update') {
-              // Run updatecli's diff on both push and pull requests (in case a configuration change breaks updatecli)
-              steps {
-                catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
-                  updatecli(action: 'diff', cronTriggerExpression: cronExpr,
-                    updatecliDockerImage: 'jenkinsciinfra/helmfile:2.4.66', // Tracked by updatecli
-                  )
-                }
-              }
-            } // stage
-            stage('Apply Configuration Update') {
-              when {
-                expression { env.BRANCH_IS_PRIMARY }
-              }
-              steps {
-                catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
-                  updatecli(action: 'apply', cronTriggerExpression: cronExpr,
-                    updatecliDockerImage: 'jenkinsciinfra/helmfile:2.4.66', // Tracked by updatecli,
-                  )
-                }
-              }
-            } // stage
-          }
-        } // stage 'Dependency Management'
-        stage('Yaml Lint') {
-          agent {
-            kubernetes {
-              yamlFile 'PodTemplates.yaml'
-            }
-          }
-          steps {
-            sh 'yamllint --config-file yamllint.config config'
-          }
-        } // stage 'Yaml Lint'
-      } // parallel
-    } // stage 'Chore Tasks
+    stage('Yaml Lint') {
+      agent {
+        kubernetes {
+          yamlFile 'PodTemplates.yaml'
+        }
+      }
+      steps {
+        sh 'yamllint --config-file yamllint.config config'
+      }
+    } // stage 'Yaml Lint'
     stage('Kubernetes Management Tasks') {
       matrix {
         axes {

Jenkinsfile_updatecli

@@ -0,0 +1,45 @@
+def cronExpr = env.BRANCH_IS_PRIMARY ? 'H/30 * * * *' : ''
+
+pipeline {
+  agent {
+    kubernetes {
+      yamlFile 'PodTemplates.yaml'
+    }
+  }
+
+  options {
+    buildDiscarder(logRotator(numToKeepStr: '10'))
+    timeout(time: 30, unit: 'MINUTES')
+    disableConcurrentBuilds()
+  }
+
+  triggers {
+    cron (cronExpr)
+  }
+
+  environment {
+    AWS_ACCESS_KEY_ID     = credentials('packer-aws-access-key-id')
+    AWS_SECRET_ACCESS_KEY = credentials('packer-aws-secret-access-key')
+    AWS_DEFAULT_REGION    = 'us-east-2'
+  }
+  stages {
+    stage('Check Configuration Update') {
+      // Run updatecli's diff on both push and pull requests (in case a configuration change breaks updatecli)
+      steps {
+        catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
+          updatecli(action: 'diff', cronTriggerExpression: cronExpr)
+        }
+      }
+    } // stage
+    stage('Apply Configuration Update') {
+      when {
+        expression { env.BRANCH_IS_PRIMARY }
+      }
+      steps {
+        catchError(buildResult: 'SUCCESS', stageResult: 'FAILURE') {
+          updatecli(action: 'apply', cronTriggerExpression: cronExpr)
+        }
+      }
+    }
+  }
+}

config/ext_jenkins-infra-jobs.yaml

@@ -124,6 +124,17 @@ jobsDefinition:
       helm-charts:
         name: Helm Charts
         description: Custom Helm Charts of the Jenkins Infra
+  updatecli:
+    name: Dependencies Management with Updatecli
+    kind: folder
+    credentials:
+      # Used by updatecli to retrieve AMIs
+      packer-aws-access-key-id: *packer-aws-access-key-id-def
+      # Used by updatecli to retrieve AMIs
+      packer-aws-secret-access-key: *packer-aws-secret-access-key-def
+    children:
+      kubernetes-management:
+        jenkinsfilePath: Jenkinsfile_updatecli
   other-jobs:
     name: Other Jobs
     description: Folder hosting all the jobs not fitting any category

updatecli/updatecli.d/pod-templates/helmfile.yaml

@@ -50,25 +50,16 @@ targets:
       file: "PodTemplates.yaml"
       key: spec.containers[0].image
     scmid: default
-  updatePipelineImage:
-    name: Update docker-helmfile in Jenkinsfile
-    kind: file
-    spec:
-      file: Jenkinsfile_k8s
-      # Please note that the patterns are specified as "block scalars" (>) with the last endline trimmed (-) to avoid tedious escaping of simple quotes
-      matchpattern: >-
-        'jenkinsciinfra/helmfile:(.*)'
-      replacepattern: >-
-        'jenkinsciinfra/helmfile:{{ source `lastRelease` }}'
-    scmid: default
 
 pullrequests:
   default:
     kind: github
     scmid: default
+    title: Bump jenkins-infra helmfile docker image to {{ source `lastRelease` }}
     targets:
       - updatePodImage
       - updatePipelineImage
     spec:
       labels:
         - dependencies
+        - docker-helmfile