cicd

openshift/libs/utilities.groovy

@@ -0,0 +1,226 @@
+def defineAuth() {
+  def api = "https://ocpcluster-a.arbetsformedlingen.se:443"
+  env.API = sh(script:"set +x; echo ${ api }", returnStdout: true).replaceAll(/https?/, 'insecure')
+  def encodedToken = openshift.selector('secret/imagepromote-token-ocp-a').object().data.tokenbase64
+  env.TOKEN = sh(script:"set +x; echo ${ encodedToken } | base64 --decode", returnStdout: true)
+}
+
+def generateTag() {
+  echo '### Generating build tag... ###'
+  def hash = getVersionHash()
+  def tag = "${ hash }"
+  echo "### build tag: \"${ tag }\" ###"
+  return tag
+}
+
+def getVersionHash() {
+  return sh(returnStdout: true, script: "git tag --points-at HEAD").trim()
+}
+def getShortCommitHash() {
+  return sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
+}
+
+def pushToExternalRegistry( String appName,
+                            String tag,
+                            String imageProject,
+                            String internalRegistry,
+                            String externalRegistry) {
+  withCredentials([usernamePassword(credentialsId: "${ openshift.project() }-nexus-secret", usernameVariable: "REG_USER", passwordVariable: "REG_PWD")]) {
+    echo "Copying image..."
+    echo "from docker://${ internalRegistry }/${ imageProject }/${ appName }:${ tag }"
+    echo "to docker://${ externalRegistry }/app-af-nexus/${ appName }:latest"
+    sh "skopeo copy docker://${ internalRegistry }/${ imageProject }/${ appName }:${ tag } docker://${ externalRegistry }/app-af-nexus/${ appName }:latest --src-creds jenkins:\$(oc whoami -t) --dest-creds \"$REG_USER:$REG_PWD\" --src-tls-verify=false --dest-tls-verify=false --format v2s2"
+    // todo: annotate the image with a label
+  }
+}
+
+def rollout(String appName,
+            String imageStreamName,
+            String imageTag,
+            String label,
+            String imageProject,
+            String registry,
+            boolean useConfigMap,
+            String configMapKey,
+            String configMapPath) {
+  if (useConfigMap) {
+    echo "useConfigMap was set to true"
+    def configMap = openshift.selector("configmap", configMapKey)
+    if (configMap.exists()) {
+      echo "Found existing config map. Removing..."
+      openshift.selector("configmap", configMapKey).delete();
+    }
+    echo "Applying configmap from path: ${configMapPath} ..."
+    openshift.apply(readFile(configMapPath))
+  }
+
+  echo "Setting image for Deployment Config: ${ appName } to ${ registry }/${ imageProject }/${ imageStreamName }:${ imageTag } ..."
+  openshift.raw("set image dc/${ appName } ${ appName }=${registry}/${ imageProject }/${ imageStreamName }:${ imageTag } --record=true")
+
+  echo "Labeling Deployment Config with build: ${ label } ..."
+  openshift.raw("patch dc ${ appName } -p \"{\\\"spec\\\":{\\\"template\\\":{\\\"metadata\\\":{\\\"labels\\\":{\\\"build\\\":\\\"${ label }\\\"}}}}}}\"")
+
+  echo "Rolling out..."
+  openshift.selector("dc", "${ appName }").rollout().status();
+
+  def latestDeploymentVersion = openshift.selector('dc',"${ appName }").object().status.latestVersion
+  echo "Labeling Replication Controller ${ appName }-${ latestDeploymentVersion } with build: ${ label } ..."
+  openshift.raw("patch rc ${ appName }-${ latestDeploymentVersion } -p \"{\\\"metadata\\\":{\\\"labels\\\":{\\\"build\\\":\\\"${ label }\\\"}}}\"")
+}
+
+def selectTag(String applicationName,
+              Integer timeoutTime = 10,
+              String timeoutUnit = 'MINUTES') {
+  def tagToPromote = ""
+  def imageStreamsSelector = openshift.selector('is')
+  def cancelled = false
+
+  imageStreamsSelector.withEach { is ->
+    def streamName = is.name()
+    if (streamName == "imagestream/" + applicationName) {
+      def tags = sortTags(is.object().spec.tags)
+      try {
+        timeout(time: timeoutTime, unit: timeoutUnit) {
+          tagToPromote = input  message: "We need some input from you:",
+            ok: "Proceed",
+            parameters: [
+              choice(name: 'Tag', choices: tags, description: 'What tag do you want to promote?')
+            ]
+        }
+      } catch(err) {
+        def user = err.getCauses()[0].getUser()
+        if('SYSTEM' == user.toString()) { // SYSTEM means timeout.
+          echo "Pipeline timed out waiting for user input"
+          currentBuild.result = 'NOT_BUILT'
+        } else {
+          echo "Aborted by ${user}"
+          currentBuild.result = 'ABORTED'
+        }
+        error('Pipeline timed out or was aborted')
+      }
+    }
+  }
+
+  return tagToPromote
+}
+
+@NonCPS
+def sortTags(tags) {
+  def sorted = tags.sort { a, b -> a.generation <=> b.generation }.reverse()
+  def arr = []
+  sorted.each { tag ->
+    arr.add("$tag.name")
+  }
+  return arr
+}
+
+def selectTarget(ArrayList<String> targets, Integer timeoutTime = 10, String timeoutUnit = 'MINUTES') {
+  def target = ""
+  try {
+    timeout(time: timeoutTime, unit: timeoutUnit) {
+      target = input  message: "We need some input from you!",
+        ok: "Proceed",
+        parameters: [
+          choice(name: 'Target', choices: targets, description: 'Select target for promotion: ')
+        ]
+    }
+  } catch(err) {
+    def user = err.getCauses()[0].getUser()
+    if('SYSTEM' == user.toString()) { // SYSTEM means timeout.
+      echo "Pipeline timed out waiting for user input"
+      currentBuild.result = 'NOT_BUILT'
+    } else {
+      echo "Aborted by ${user}"
+      currentBuild.result = 'ABORTED'
+    }
+    error('Pipeline timed out or was aborted')
+  }
+  return target
+}
+
+return this
+
+def createVulnerabilityScan(String projectName, String projectVersion, String apiKey) {
+  echo "### Generating vulnerability scan for \"${ projectVersion }\" of \"${ projectName }\""
+  sh """
+        cyclonedx-bom -o bom.xml -d
+        set +x
+        REPORT=\$(cat bom.xml|base64 -w 0)
+        cat > payload.json <<EOF
+{
+\"projectName\": \"${projectName}\",
+\"projectVersion\": \"${projectVersion}\",
+\"autoCreate\": \"True\",
+\"bom\": \"\${REPORT}\"
+}
+EOF
+        curl -X \"PUT\" \"http://dependency-tracker-infra-dependencytracker.tocp.arbetsformedlingen.se/api/v1/bom\" -H 'Content-Type: application/json' \
+        -H 'X-API-Key: ${apiKey}' \
+        -d @payload.json
+    """
+  echo "Go to http://dependency-tracker-infra-dependencytracker.tocp.arbetsformedlingen.se and login to see your report"
+}
+
+def tagGitWithBuild(String tag, String credentials) {
+  try {
+    sshagent([credentials]) {
+      echo "### Creating the tag \"${tag}\" ###"
+      sh(returnStdout: false, script: "git fetch --tags --q")
+      sh(returnStdout: false, script: "git tag \"${ tag }\"")
+      try {
+        sh(returnStdout: false, script: "git push origin \"${ tag }\"")
+      } catch (err) {
+        currentBuild.result = 'UNSTABLE'
+        echo "Error occured when trying to push tag to origin. Did the tag exist already?"
+        echo "Message: ${err}"
+      }
+    }
+  } catch (err) {
+    currentBuild.result = 'UNSTABLE'
+    echo "Error occured when trying to tag commit. Did you check if you have the plugin SSH Agent installed? This step needs to be executed with the proper credentials."
+    echo "Message: ${err}"
+  }
+}
+
+def updateDeployTag(String appName, String project, String tag, String credentials) {
+  try {
+    sshagent([credentials]) {
+      echo "Attempting to find a commit with the tag \"${ tag }\" ..."
+      def commitSHA = sh (
+        script: "git show-ref -s ${tag} || echo \"\"",
+        returnStdout: true
+      )
+      def tagName = "ocp/deployed/${ appName }/${ project }"
+      if (commitSHA != '') {
+        echo "Tagging SHA: ${ commitSHA } with tag: ${ tagName }"
+        def existingTagSHA =  sh (
+          script: "git show-ref -s  ${ tagName } || echo \"\"",
+          returnStdout: true,
+        ).trim()
+        echo "existingTagSHA: \"${existingTagSHA}\""
+        if (existingTagSHA != '') {
+          echo "Removing existing tag..."
+          sh(returnStdout: false, script: "git tag -d ${ tagName }") // deletes local deploy tag
+          sh(returnStdout: false, script: "git push origin :${ tagName }")  // deletes original remote tag
+        }
+        sh(returnStdout: false, script: "git tag ${ tagName } ${ commitSHA }") // creates new local deploy tag
+        try {
+          sh(returnStdout: false, script: "git push origin ${ tagName }") // creates new remote tag
+        }
+        catch (err) {
+          currentBuild.result = 'UNSTABLE'
+          echo "Error occured when trying to push tag to origin. Make sure tags are fetched so the function knows if it needs to remove existing tags first."
+          echo "Message: ${err}"
+        }
+      } else {
+        echo "Warning! Couldn\'t find any commits with the tag ocp/${ appName }/${ tag }"
+        echo "This function assumes that you are tagging your commits with this pattern when generating new images"
+        currentBuild.result = 'UNSTABLE'
+      }
+    }
+  } catch (err) {
+    currentBuild.result = 'UNSTABLE'
+    echo "Error occured when trying to tag commit. Did you check if you have the plugin SSH Agent installed? This step needs to be executed with the proper credentials."
+    echo "Message: ${err}"
+  }
+}