Main App:
pipeline {
agent any
stages {
stage('Docker Build') {
steps {
sh '''sed -i "s/appname/${APPNAME}/g; s/relver/v1.${BUILD_NUMBER}/g" ${WORKSPACE}/docker-compose.yml
#sed -i "s/substitute/${JENENV}/g; s/initial/${APPNAME}/g" ${WORKSPACE}/filebeat.yml
sudo docker-compose build
'''
}
}
stage('Docker Push/Pull') {
steps {
sh '''sudo docker-compose push
previous="$((${BUILD_NUMBER}-1))"
sudo docker pull ${REG}/${APPNAME}:v1.$previous || true
if [[ "$(sudo docker images -q ${REG}/${APPNAME}:v1.$previous 2> /dev/null)" != "" ]]; then
sudo docker tag ${REG}/${APPNAME}:v1.$previous ${REG}/${APPNAME}:${RELEASE}
sudo docker push ${REG}/${APPNAME}:${RELEASE}
exit 0
else
:
exit 0
fi
#sudo ssh -T root@${SLAVE} docker login ${REG} -u AraRegistry -p ${ARA_CRED_PSW}
#sudo docker pull ${REG}/${APPNAME}:${RELEASE}
'''
}
}
stage('Anchore Call') {
steps {
build job: 'anchore/Web', parameters: [
string(name: 'IMAGE_NAME', value: String.valueOf(REG) + '/' + String.valueOf(APPNAME) + ':v1.' + String.valueOf(BUILD_NUMBER)),
string(name: 'PARENT_WS', value: String.valueOf(WORKSPACE))
], propagate: false, wait: false
}
}
stage('Secret') {
steps {
sh '''check=$(kubectl get secret -n ${JENENV} | grep ${APPNAME} | awk \'{print $1}\')
if [ -z "$check" ]
then
kubectl apply -f ${MY_CREDENTIAL} -n ${JENENV}
else
kubectl delete secret -n ${JENENV} ${APPNAME}-secret
kubectl apply -f ${MY_CREDENTIAL} -n ${JENENV}
fi
'''
}
}
stage('Deploy') {
steps {
sh '''sed -i "s/JenEnv/${JENENV}/g; s/appname/${APPNAME}/g; s/relver/v1.${BUILD_NUMBER}/g" ${WORKSPACE}/config/deploy.yml
sed -i "s/JenEnv/${JENENV}/g; s/appname/${APPNAME}/g" ${WORKSPACE}/config/service.yml
# Deploy service
kubectl apply -f ${WORKSPACE}/config/service.yml
# Deploy
kubectl apply -f ${WORKSPACE}/config/deploy.yml
sleep 20
# Get rollout status
rolloutStatus=`kubectl rollout status deployment/${APPNAME} -n ${JENENV}`
if [[ $rolloutStatus != *"successfully rolled out"* ]]; then
echo "rollout of ${APPNAME} failed"
exit 1
fi
# Now get the running pods
failingPods=`kubectl get pods --field-selector=status.phase=Running -n ${JENENV} --selector=app=microgateway| wc -l`
if (( $failingPods <= 1 )); then
echo "${APPNAME} pods not running"
exit 1
fi
'''
}
}
stage('Push Version No') {
steps {
sh '''cd /var/lib/jenkins/workspace/${APPNAME}_develop/
echo "${APPNAME}:v1.${BUILD_ID} deployed on $(date)" > last-build-rel-ver.txt
git add last-build-rel-ver.txt
git commit -m "automated version"
git config credential.helper store
git push
'''
}
}
stage('Azure Repo') {
steps {
build job: 'AzureClean/master', parameters: [
string(name: 'PARENT_APPNAME', value: String.valueOf(APPNAME))
], propagate: true, wait: true
}
}
stage('Cleanup') {
steps {
build(job: 'cleanupprod', propagate: true, wait: true)
}
}
}
environment {
MY_CREDENTIAL = credentials('adservice_test')
ARA_CRED = credentials('ara_secret')
KUBECONFIG = '/home/isadmin/.kube/config'
REG = 'araregistry.azurecr.io/ara'
APPNAME = 'adhoc-room-availability'
RELEASE = 'stable'
JENENV = 'prod'
SLAVE = 'box21.ara.ac.nz'
}
}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scanner Call:
pipeline {
agent any
stages {
stage('Analyze') {
steps {
sh 'echo "${IMAGE_NAME} ${PARENT_WS}/Dockerfile" > anchore_images'
anchore(name: 'anchore_images', engineRetries: '5000' )
}
post {
failure {
script {
sh '''job=$(echo ${PARENT_WS} | cut -c 28-)
echo "https://kubeops1.ara.ac.nz:8443/job/anchore/job/${BRANCH_NAME}/${BUILD_NUMBER}/anchore-results/" | mail -s "Build: $job has failed to pass security scan" InfoSystems@ara.ac.nz
'''
}
}
always {
script {
sh '''
for i in `cat anchore_images | awk \'{print $1}\'`;do sudo docker rmi $i; done
'''
}
}
}
}
}
parameters {
string(defaultValue: '', description: 'param1', name: 'IMAGE_NAME')
string(defaultValue: '', description: 'param2', name: 'PARENT_WS')
}
}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Repo Call:
pipeline {
agent any
stages {
stage('Clean-Up') {
steps {
sh '''cd ${WORKSPACE}/
taglist=$(sudo ./docker_reg_tool https://${REPO} list ara/${PARENT_APPNAME} | grep 'latest')
for tags in $taglist
do
echo $tags
sudo ./docker_reg_tool https://${REPO} delete ara/${PARENT_APPNAME} $tags
done'''
}
}
}
parameters {
string(defaultValue: '', description: 'param1', name: 'PARENT_APPNAME')
}
environment {
REPO = 'araregistry.azurecr.io'
}
}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
pipeline {
agent any
stages {
stage('Docker Build') {
steps {
sh '''sed -i "s/appname/${APPNAME}/g; s/relver/v1.${BUILD_NUMBER}/g" ${WORKSPACE}/docker-compose.yml
#sed -i "s/substitute/${JENENV}/g; s/initial/${APPNAME}/g" ${WORKSPACE}/filebeat.yml
sudo docker-compose build
'''
}
}
stage('Docker Push/Pull') {
steps {
sh '''sudo docker-compose push
previous="$((${BUILD_NUMBER}-1))"
sudo docker pull ${REG}/${APPNAME}:v1.$previous || true
if [[ "$(sudo docker images -q ${REG}/${APPNAME}:v1.$previous 2> /dev/null)" != "" ]]; then
sudo docker tag ${REG}/${APPNAME}:v1.$previous ${REG}/${APPNAME}:${RELEASE}
sudo docker push ${REG}/${APPNAME}:${RELEASE}
exit 0
else
:
exit 0
fi
#sudo ssh -T root@${SLAVE} docker login ${REG} -u AraRegistry -p ${ARA_CRED_PSW}
#sudo docker pull ${REG}/${APPNAME}:${RELEASE}
'''
}
}
stage('Anchore Call') {
steps {
build job: 'anchore/Web', parameters: [
string(name: 'IMAGE_NAME', value: String.valueOf(REG) + '/' + String.valueOf(APPNAME) + ':v1.' + String.valueOf(BUILD_NUMBER)),
string(name: 'PARENT_WS', value: String.valueOf(WORKSPACE))
], propagate: false, wait: false
}
}
stage('Secret') {
steps {
sh '''check=$(kubectl get secret -n ${JENENV} | grep ${APPNAME} | awk \'{print $1}\')
if [ -z "$check" ]
then
kubectl apply -f ${MY_CREDENTIAL} -n ${JENENV}
else
kubectl delete secret -n ${JENENV} ${APPNAME}-secret
kubectl apply -f ${MY_CREDENTIAL} -n ${JENENV}
fi
'''
}
}
stage('Deploy') {
steps {
sh '''sed -i "s/JenEnv/${JENENV}/g; s/appname/${APPNAME}/g; s/relver/v1.${BUILD_NUMBER}/g" ${WORKSPACE}/config/deploy.yml
sed -i "s/JenEnv/${JENENV}/g; s/appname/${APPNAME}/g" ${WORKSPACE}/config/service.yml
# Deploy service
kubectl apply -f ${WORKSPACE}/config/service.yml
# Deploy
kubectl apply -f ${WORKSPACE}/config/deploy.yml
sleep 20
# Get rollout status
rolloutStatus=`kubectl rollout status deployment/${APPNAME} -n ${JENENV}`
if [[ $rolloutStatus != *"successfully rolled out"* ]]; then
echo "rollout of ${APPNAME} failed"
exit 1
fi
# Now get the running pods
failingPods=`kubectl get pods --field-selector=status.phase=Running -n ${JENENV} --selector=app=microgateway| wc -l`
if (( $failingPods <= 1 )); then
echo "${APPNAME} pods not running"
exit 1
fi
'''
}
}
stage('Push Version No') {
steps {
sh '''cd /var/lib/jenkins/workspace/${APPNAME}_develop/
echo "${APPNAME}:v1.${BUILD_ID} deployed on $(date)" > last-build-rel-ver.txt
git add last-build-rel-ver.txt
git commit -m "automated version"
git config credential.helper store
git push
'''
}
}
stage('Azure Repo') {
steps {
build job: 'AzureClean/master', parameters: [
string(name: 'PARENT_APPNAME', value: String.valueOf(APPNAME))
], propagate: true, wait: true
}
}
stage('Cleanup') {
steps {
build(job: 'cleanupprod', propagate: true, wait: true)
}
}
}
environment {
MY_CREDENTIAL = credentials('adservice_test')
ARA_CRED = credentials('ara_secret')
KUBECONFIG = '/home/isadmin/.kube/config'
REG = 'araregistry.azurecr.io/ara'
APPNAME = 'adhoc-room-availability'
RELEASE = 'stable'
JENENV = 'prod'
SLAVE = 'box21.ara.ac.nz'
}
}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Scanner Call:
pipeline {
agent any
stages {
stage('Analyze') {
steps {
sh 'echo "${IMAGE_NAME} ${PARENT_WS}/Dockerfile" > anchore_images'
anchore(name: 'anchore_images', engineRetries: '5000' )
}
post {
failure {
script {
sh '''job=$(echo ${PARENT_WS} | cut -c 28-)
echo "https://kubeops1.ara.ac.nz:8443/job/anchore/job/${BRANCH_NAME}/${BUILD_NUMBER}/anchore-results/" | mail -s "Build: $job has failed to pass security scan" InfoSystems@ara.ac.nz
'''
}
}
always {
script {
sh '''
for i in `cat anchore_images | awk \'{print $1}\'`;do sudo docker rmi $i; done
'''
}
}
}
}
}
parameters {
string(defaultValue: '', description: 'param1', name: 'IMAGE_NAME')
string(defaultValue: '', description: 'param2', name: 'PARENT_WS')
}
}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Repo Call:
pipeline {
agent any
stages {
stage('Clean-Up') {
steps {
sh '''cd ${WORKSPACE}/
taglist=$(sudo ./docker_reg_tool https://${REPO} list ara/${PARENT_APPNAME} | grep 'latest')
for tags in $taglist
do
echo $tags
sudo ./docker_reg_tool https://${REPO} delete ara/${PARENT_APPNAME} $tags
done'''
}
}
}
parameters {
string(defaultValue: '', description: 'param1', name: 'PARENT_APPNAME')
}
environment {
REPO = 'araregistry.azurecr.io'
}
}
----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
No comments:
Post a Comment