jenkins-infra · smerle33 · Jan 19, 2024 · Jan 3, 2024 · Jan 3, 2024 · Jan 9, 2024
diff --git a/test/groovy/TerraformStepTests.groovy b/test/groovy/TerraformStepTests.groovy
@@ -86,9 +86,9 @@ class TerraformStepTests extends BaseTest {
     // And a daily cron trigger for the job
     assertTrue(assertMethodCallContainsPattern('cron', '@daily'))
 
-    // And the correct pod templates defined
-    assertTrue(assertMethodCallContainsPattern('containerTemplate', 'jenkinsciinfra/hashicorp-tools:')) // Not tag as it's managed by updatecli
-    assertTrue(assertMethodCallOccurrences('containerTemplate', 2)) // Only 1 container per pod, but 2 pod spawn (staging and production)
+    // And 2 nodes with default label are spawned
+    assertTrue(assertMethodCallContainsPattern('node', 'jnlp-linux-arm64'))
+    assertTrue(assertMethodCallOccurrences('node', 2))
 
     // xterm color enabled (easier to read Terraform plans)
     assertTrue(assertMethodCallContainsPattern('ansiColor', 'xterm'))
@@ -221,14 +221,14 @@ class TerraformStepTests extends BaseTest {
   @Test
   void itRunSuccessfullyWithCustomParameters() throws Exception {
     def script = loadScript(scriptName)
-    final String customImage = 'hashicorp/terraform-full:0.13.0'
+    final String customLabel = 'jnlp-windows-amd64'
 
     // When calling the shared library global function with custom parameters
     script.call(
         cronTriggerExpression: '@weekly',
         stagingCredentials: stagingCustomCreds,
         productionCredentials: productionCustomCreds,
-        agentContainerImage: customImage,
+        agentLabel: customLabel,
         )
     printCallStack()
 
@@ -244,9 +244,8 @@ class TerraformStepTests extends BaseTest {
     // And the custom cron trigger
     assertTrue(assertMethodCallContainsPattern('cron', '@weekly'))
 
-    // And the custom agent container template defined
-    assertFalse(assertMethodCallContainsPattern('containerTemplate', 'jenkinsciinfra/terraform:'))
-    assertTrue(assertMethodCallContainsPattern('containerTemplate', customImage))
-    assertTrue(assertMethodCallOccurrences('containerTemplate', 2))
+    // And 2 nodes with custom label are spawned
+    assertTrue(assertMethodCallContainsPattern('node', customLabel))
+    assertTrue(assertMethodCallOccurrences('node', 2))
   }
 }
diff --git a/updatecli/updatecli.d/terraform-hashicorp.yml b/updatecli/updatecli.d/terraform-hashicorp.yml
diff --git a/vars/terraform.groovy b/vars/terraform.groovy
@@ -9,7 +9,7 @@ def call(userConfig = [:]) {
     stagingCredentials: [], // No custom secrets for staging by default
     productionCredentials: [], // No custom secrets for production by default
     productionBranch: 'main', // Defaults to the principal branch
-    agentContainerImage: 'jenkinsciinfra/hashicorp-tools:1.0.62', // Version managed by updatecli
+    agentLabel: 'jnlp-linux-arm64', // replace agentContainerImage
     runTests: false, // Executes the tests provided by the "calling" project, which should provide a tests/Makefile
     runCommonTests: true, // Executes the default test suite from the shared tools repository (terratest)
   ]
@@ -50,7 +50,7 @@ def call(userConfig = [:]) {
     if (!isBuildCauseUser) {
       parallelStages['staging'] = {
         stage('Staging') {
-          agentTemplate(finalConfig.agentContainerImage, {
+          agentTemplate(finalConfig.agentLabel, {
             withCredentials(finalConfig.stagingCredentials) {
               stage('🔎 Validate Terraform for Staging Environment') {
                 getInfraSharedTools(sharedToolsSubDir)
@@ -75,7 +75,7 @@ def call(userConfig = [:]) {
 
     parallelStages['production'] = {
       stage('Production') {
-        agentTemplate(finalConfig.agentContainerImage, {
+        agentTemplate(finalConfig.agentLabel, {
           withCredentials(defaultConfig.productionCredentials) {
             final String planFileName = 'terraform-plan-for-humans.txt'
             def scmOutput
@@ -139,44 +139,14 @@ def call(userConfig = [:]) {
   }
 }
 
-def agentTemplate(containerImage, body) {
-  podTemplate(
-      // Custom YAML definition to enforce no service account token (if Terraform uses kubernetes, it would grant it a wrong access)
-      yaml: '''
-      apiVersion: v1
-      kind: Pod
-      spec:
-        automountServiceAccountToken: false
-        nodeSelector:
-          kubernetes.azure.com/agentpool: infracipool
-          kubernetes.io/os: linux
-        tolerations:
-        - key: "jenkins"
-          operator: "Equal"
-          value: "infra.ci.jenkins.io"
-          effect: "NoSchedule"
-        - key: "kubernetes.azure.com/scalesetpriority"
-          operator: "Equal"
-          value: "spot"
-          effect: "NoSchedule"
-      resources:
-        limits:
-          cpu: 2
-          memory: 2Gi
-        requests:
-          cpu: 2
-          memory: 2Gi
-      ''',
-      // The Docker image here is aimed at "1 container per pod" and is embedding Jenkins agent tooling
-      containers: [containerTemplate(name: 'jnlp', image: containerImage)]) {
-        node(POD_LABEL) {
-          timeout(time: 1, unit: 'HOURS') {
-            ansiColor('xterm') {
-              body.call()
-            }
-          }
-        }
+def agentTemplate(agentLabel, body) {
+  node (agentLabel) {
+    timeout(time: 1, unit: 'HOURS') {
+      ansiColor('xterm') {
+        body.call()
       }
+    }
+  }
 }