RHINENG-24144: Add Jenkinsfile for GitHub Branch Source migration

[saurabhpimpalgaokar123]

PR Title 💥

Please title this PR with a summary of the change, along with the JIRA card number.

Suggested formats:

1. Fixes/Refs #RHIROS-XXX - Title
2. RHIROS-XXX Title

Feel free to remove this section from PR description once done.

Why do we need this change? 💭

Please include the context of this change here.

Documentation update? 📝

• Yes
• No

Security Checklist 🔒

Upon raising this PR please go through RedHatInsights/secure-coding-checklist

💂‍♂️ Checklist 🎯

• Bugfix
• New Feature
• Refactor
• Unittests Added
• DRY code
• Dependency Added
• DB Migration Added

ROS RHEL GitHub label usage for executing a desired test suite

Select the appropriate GitHub label to control which ROS RHEL backend tests run for this PR (Labels can be added before or after commits are pushed):

Note: Changing a Label on a PR with an already-tested commit will not trigger a new test run

Available ROS RHEL labels:

• test-backend-v1: Run legacy backend tests only
• test-backend-v2: Run new backend tests only
• test-backend-both: Run both backend tests

Additional 📣

Feel free to add any other relevant details such as links, notes, screenshots, here.

Summary by Sourcery

Build:

• Introduce a Jenkinsfile defining CI stages for PR validation and non-PR build/deploy workflows backed by Vault secrets.

[sourcery-ai]

Reviewer's Guide

Adds a Jenkins declarative pipeline to support GitHub Branch Source–based CI, wiring Vault-managed credentials into PR checks and build/deploy jobs and archiving artifacts for all runs.

Sequence diagram for Jenkins pipeline execution on PR vs main branch

sequenceDiagram
    participant gh as GitHub
    participant jb as Jenkins
    participant pl as Jenkins_pipeline
    participant hv as Vault
    participant sh_pr as pr_check_sh
    participant sh_bd as build_deploy_sh

    gh->>jb: Webhook event (push or PR)
    jb->>pl: Start pipeline from Jenkinsfile

    alt Change request (PR)
        pl->>pl: Evaluate changeRequest()
        pl->>hv: withVault(configuration, secrets)
        hv-->>pl: Export OC_LOGIN_TOKEN_DEV, OC_LOGIN_SERVER_DEV,
        hv-->>pl: OC_LOGIN_TOKEN, OC_LOGIN_SERVER,
        hv-->>pl: QUAY_USER, QUAY_TOKEN,
        hv-->>pl: GITHUB_TOKEN, GITHUB_API_URL,
        hv-->>pl: RH_REGISTRY_USER, RH_REGISTRY_TOKEN
        pl->>sh_pr: sh bash pr_check.sh
        sh_pr-->>pl: PR checks completed
    else Not a change request (main or release branch)
        pl->>pl: Evaluate not changeRequest()
        pl->>hv: withVault(configuration, secrets)
        hv-->>pl: Export all required env vars
        pl->>sh_bd: sh bash build_deploy.sh
        sh_bd-->>pl: Build and deploy completed
    end

    pl->>pl: post always
    pl->>gh: archiveArtifacts artifacts artifacts/**/*
    pl->>pl: cleanWs()

Loading

File-Level Changes

Change	Details	Files
Introduce Jenkins declarative pipeline integrating Vault secrets and separate stages for PR checks vs mainline build/deploy.	Define shared Vault secrets mapping for OpenShift login, Quay push, GitHub access, and Red Hat registry credentials Configure pipeline agent to run on rhel8-spot nodes with timestamps and a global timeout Set APP_NAME environment variable for downstream scripts Add PR Check stage gated on changeRequest() that runs pr_check.sh under withVault Add Build and Deploy stage for non-PR runs that executes build_deploy.sh under withVault Add post block to always archive artifacts from artifacts/**/* and clean the workspace	Jenkinsfile

---

Tips and commands

Interacting with Sourcery

• Trigger a new review: Comment @sourcery-ai review on the pull request.
• Continue discussions: Reply directly to Sourcery's review comments.
• Generate a GitHub issue from a review comment: Ask Sourcery to create an
  issue from a review comment by replying to it. You can also reply to a
  review comment with @sourcery-ai issue to create an issue from it.
• Generate a pull request title: Write @sourcery-ai anywhere in the pull
  request title to generate a title at any time. You can also comment
  @sourcery-ai title on the pull request to (re-)generate the title at any time.
• Generate a pull request summary: Write @sourcery-ai summary anywhere in
  the pull request body to generate a PR summary at any time exactly where you
  want it. You can also comment @sourcery-ai summary on the pull request to
  (re-)generate the summary at any time.
• Generate reviewer's guide: Comment @sourcery-ai guide on the pull
  request to (re-)generate the reviewer's guide at any time.
• Resolve all Sourcery comments: Comment @sourcery-ai resolve on the
  pull request to resolve all Sourcery comments. Useful if you've already
  addressed all the comments and don't want to see them anymore.
• Dismiss all Sourcery reviews: Comment @sourcery-ai dismiss on the pull
  request to dismiss all existing Sourcery reviews. Especially useful if you
  want to start fresh with a new review - don't forget to comment
  @sourcery-ai review to trigger a new review!

Customizing Your Experience

Access your dashboard to:

• Enable or disable review features such as the Sourcery-generated pull request
  summary, the reviewer's guide, and others.
• Change the review language.
• Add, remove or edit custom review instructions.
• Adjust other review settings.

Getting Help

• Contact our support team for questions or feedback.
• Visit our documentation for detailed guides and information.
• Keep in touch with the Sourcery team by following us on X/Twitter, LinkedIn or GitHub.

[sourcery-ai]

Hey - I've left some high level feedback:

• The pipeline assumes VAULT_ADDRESS and VAULT_CREDS_ID parameters are always present and valid; consider adding an early guard (e.g., a short validation stage or a when { expression { ... } } check) that fails fast with a clear message if these parameters are missing or empty.

Prompt for AI Agents

Please address the comments from this code review:

## Overall Comments
- The pipeline assumes `VAULT_ADDRESS` and `VAULT_CREDS_ID` parameters are always present and valid; consider adding an early guard (e.g., a short validation stage or a `when { expression { ... } }` check) that fails fast with a clear message if these parameters are missing or empty.

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.}