cicd
This commit is contained in:
Daniel Appelgren
226
openshift/libs/utilities.groovy
Normal file
226
openshift/libs/utilities.groovy
Normal file
@@ -0,0 +1,226 @@
|
||||
def defineAuth() {
|
||||
def api = "https://ocpcluster-a.arbetsformedlingen.se:443"
|
||||
env.API = sh(script:"set +x; echo ${ api }", returnStdout: true).replaceAll(/https?/, 'insecure')
|
||||
def encodedToken = openshift.selector('secret/imagepromote-token-ocp-a').object().data.tokenbase64
|
||||
env.TOKEN = sh(script:"set +x; echo ${ encodedToken } | base64 --decode", returnStdout: true)
|
||||
}
|
||||
|
||||
def generateTag() {
|
||||
echo '### Generating build tag... ###'
|
||||
def hash = getVersionHash()
|
||||
def tag = "${ hash }"
|
||||
echo "### build tag: \"${ tag }\" ###"
|
||||
return tag
|
||||
}
|
||||
|
||||
def getVersionHash() {
|
||||
return sh(returnStdout: true, script: "git tag --points-at HEAD").trim()
|
||||
}
|
||||
def getShortCommitHash() {
|
||||
return sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
|
||||
}
|
||||
|
||||
def pushToExternalRegistry( String appName,
|
||||
String tag,
|
||||
String imageProject,
|
||||
String internalRegistry,
|
||||
String externalRegistry) {
|
||||
withCredentials([usernamePassword(credentialsId: "${ openshift.project() }-nexus-secret", usernameVariable: "REG_USER", passwordVariable: "REG_PWD")]) {
|
||||
echo "Copying image..."
|
||||
echo "from docker://${ internalRegistry }/${ imageProject }/${ appName }:${ tag }"
|
||||
echo "to docker://${ externalRegistry }/app-af-nexus/${ appName }:latest"
|
||||
sh "skopeo copy docker://${ internalRegistry }/${ imageProject }/${ appName }:${ tag } docker://${ externalRegistry }/app-af-nexus/${ appName }:latest --src-creds jenkins:\$(oc whoami -t) --dest-creds \"$REG_USER:$REG_PWD\" --src-tls-verify=false --dest-tls-verify=false --format v2s2"
|
||||
// todo: annotate the image with a label
|
||||
}
|
||||
}
|
||||
|
||||
def rollout(String appName,
|
||||
String imageStreamName,
|
||||
String imageTag,
|
||||
String label,
|
||||
String imageProject,
|
||||
String registry,
|
||||
boolean useConfigMap,
|
||||
String configMapKey,
|
||||
String configMapPath) {
|
||||
if (useConfigMap) {
|
||||
echo "useConfigMap was set to true"
|
||||
def configMap = openshift.selector("configmap", configMapKey)
|
||||
if (configMap.exists()) {
|
||||
echo "Found existing config map. Removing..."
|
||||
openshift.selector("configmap", configMapKey).delete();
|
||||
}
|
||||
echo "Applying configmap from path: ${configMapPath} ..."
|
||||
openshift.apply(readFile(configMapPath))
|
||||
}
|
||||
|
||||
echo "Setting image for Deployment Config: ${ appName } to ${ registry }/${ imageProject }/${ imageStreamName }:${ imageTag } ..."
|
||||
openshift.raw("set image dc/${ appName } ${ appName }=${registry}/${ imageProject }/${ imageStreamName }:${ imageTag } --record=true")
|
||||
|
||||
echo "Labeling Deployment Config with build: ${ label } ..."
|
||||
openshift.raw("patch dc ${ appName } -p \"{\\\"spec\\\":{\\\"template\\\":{\\\"metadata\\\":{\\\"labels\\\":{\\\"build\\\":\\\"${ label }\\\"}}}}}}\"")
|
||||
|
||||
echo "Rolling out..."
|
||||
openshift.selector("dc", "${ appName }").rollout().status();
|
||||
|
||||
def latestDeploymentVersion = openshift.selector('dc',"${ appName }").object().status.latestVersion
|
||||
echo "Labeling Replication Controller ${ appName }-${ latestDeploymentVersion } with build: ${ label } ..."
|
||||
openshift.raw("patch rc ${ appName }-${ latestDeploymentVersion } -p \"{\\\"metadata\\\":{\\\"labels\\\":{\\\"build\\\":\\\"${ label }\\\"}}}\"")
|
||||
}
|
||||
|
||||
def selectTag(String applicationName,
|
||||
Integer timeoutTime = 10,
|
||||
String timeoutUnit = 'MINUTES') {
|
||||
def tagToPromote = ""
|
||||
def imageStreamsSelector = openshift.selector('is')
|
||||
def cancelled = false
|
||||
|
||||
imageStreamsSelector.withEach { is ->
|
||||
def streamName = is.name()
|
||||
if (streamName == "imagestream/" + applicationName) {
|
||||
def tags = sortTags(is.object().spec.tags)
|
||||
try {
|
||||
timeout(time: timeoutTime, unit: timeoutUnit) {
|
||||
tagToPromote = input message: "We need some input from you:",
|
||||
ok: "Proceed",
|
||||
parameters: [
|
||||
choice(name: 'Tag', choices: tags, description: 'What tag do you want to promote?')
|
||||
]
|
||||
}
|
||||
} catch(err) {
|
||||
def user = err.getCauses()[0].getUser()
|
||||
if('SYSTEM' == user.toString()) { // SYSTEM means timeout.
|
||||
echo "Pipeline timed out waiting for user input"
|
||||
currentBuild.result = 'NOT_BUILT'
|
||||
} else {
|
||||
echo "Aborted by ${user}"
|
||||
currentBuild.result = 'ABORTED'
|
||||
}
|
||||
error('Pipeline timed out or was aborted')
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return tagToPromote
|
||||
}
|
||||
|
||||
@NonCPS
|
||||
def sortTags(tags) {
|
||||
def sorted = tags.sort { a, b -> a.generation <=> b.generation }.reverse()
|
||||
def arr = []
|
||||
sorted.each { tag ->
|
||||
arr.add("$tag.name")
|
||||
}
|
||||
return arr
|
||||
}
|
||||
|
||||
def selectTarget(ArrayList<String> targets, Integer timeoutTime = 10, String timeoutUnit = 'MINUTES') {
|
||||
def target = ""
|
||||
try {
|
||||
timeout(time: timeoutTime, unit: timeoutUnit) {
|
||||
target = input message: "We need some input from you!",
|
||||
ok: "Proceed",
|
||||
parameters: [
|
||||
choice(name: 'Target', choices: targets, description: 'Select target for promotion: ')
|
||||
]
|
||||
}
|
||||
} catch(err) {
|
||||
def user = err.getCauses()[0].getUser()
|
||||
if('SYSTEM' == user.toString()) { // SYSTEM means timeout.
|
||||
echo "Pipeline timed out waiting for user input"
|
||||
currentBuild.result = 'NOT_BUILT'
|
||||
} else {
|
||||
echo "Aborted by ${user}"
|
||||
currentBuild.result = 'ABORTED'
|
||||
}
|
||||
error('Pipeline timed out or was aborted')
|
||||
}
|
||||
return target
|
||||
}
|
||||
|
||||
return this
|
||||
|
||||
def createVulnerabilityScan(String projectName, String projectVersion, String apiKey) {
|
||||
echo "### Generating vulnerability scan for \"${ projectVersion }\" of \"${ projectName }\""
|
||||
sh """
|
||||
cyclonedx-bom -o bom.xml -d
|
||||
set +x
|
||||
REPORT=\$(cat bom.xml|base64 -w 0)
|
||||
cat > payload.json <<EOF
|
||||
{
|
||||
\"projectName\": \"${projectName}\",
|
||||
\"projectVersion\": \"${projectVersion}\",
|
||||
\"autoCreate\": \"True\",
|
||||
\"bom\": \"\${REPORT}\"
|
||||
}
|
||||
EOF
|
||||
curl -X \"PUT\" \"http://dependency-tracker-infra-dependencytracker.tocp.arbetsformedlingen.se/api/v1/bom\" -H 'Content-Type: application/json' \
|
||||
-H 'X-API-Key: ${apiKey}' \
|
||||
-d @payload.json
|
||||
"""
|
||||
echo "Go to http://dependency-tracker-infra-dependencytracker.tocp.arbetsformedlingen.se and login to see your report"
|
||||
}
|
||||
|
||||
def tagGitWithBuild(String tag, String credentials) {
|
||||
try {
|
||||
sshagent([credentials]) {
|
||||
echo "### Creating the tag \"${tag}\" ###"
|
||||
sh(returnStdout: false, script: "git fetch --tags --q")
|
||||
sh(returnStdout: false, script: "git tag \"${ tag }\"")
|
||||
try {
|
||||
sh(returnStdout: false, script: "git push origin \"${ tag }\"")
|
||||
} catch (err) {
|
||||
currentBuild.result = 'UNSTABLE'
|
||||
echo "Error occured when trying to push tag to origin. Did the tag exist already?"
|
||||
echo "Message: ${err}"
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
currentBuild.result = 'UNSTABLE'
|
||||
echo "Error occured when trying to tag commit. Did you check if you have the plugin SSH Agent installed? This step needs to be executed with the proper credentials."
|
||||
echo "Message: ${err}"
|
||||
}
|
||||
}
|
||||
|
||||
def updateDeployTag(String appName, String project, String tag, String credentials) {
|
||||
try {
|
||||
sshagent([credentials]) {
|
||||
echo "Attempting to find a commit with the tag \"${ tag }\" ..."
|
||||
def commitSHA = sh (
|
||||
script: "git show-ref -s ${tag} || echo \"\"",
|
||||
returnStdout: true
|
||||
)
|
||||
def tagName = "ocp/deployed/${ appName }/${ project }"
|
||||
if (commitSHA != '') {
|
||||
echo "Tagging SHA: ${ commitSHA } with tag: ${ tagName }"
|
||||
def existingTagSHA = sh (
|
||||
script: "git show-ref -s ${ tagName } || echo \"\"",
|
||||
returnStdout: true,
|
||||
).trim()
|
||||
echo "existingTagSHA: \"${existingTagSHA}\""
|
||||
if (existingTagSHA != '') {
|
||||
echo "Removing existing tag..."
|
||||
sh(returnStdout: false, script: "git tag -d ${ tagName }") // deletes local deploy tag
|
||||
sh(returnStdout: false, script: "git push origin :${ tagName }") // deletes original remote tag
|
||||
}
|
||||
sh(returnStdout: false, script: "git tag ${ tagName } ${ commitSHA }") // creates new local deploy tag
|
||||
try {
|
||||
sh(returnStdout: false, script: "git push origin ${ tagName }") // creates new remote tag
|
||||
}
|
||||
catch (err) {
|
||||
currentBuild.result = 'UNSTABLE'
|
||||
echo "Error occured when trying to push tag to origin. Make sure tags are fetched so the function knows if it needs to remove existing tags first."
|
||||
echo "Message: ${err}"
|
||||
}
|
||||
} else {
|
||||
echo "Warning! Couldn\'t find any commits with the tag ocp/${ appName }/${ tag }"
|
||||
echo "This function assumes that you are tagging your commits with this pattern when generating new images"
|
||||
currentBuild.result = 'UNSTABLE'
|
||||
}
|
||||
}
|
||||
} catch (err) {
|
||||
currentBuild.result = 'UNSTABLE'
|
||||
echo "Error occured when trying to tag commit. Did you check if you have the plugin SSH Agent installed? This step needs to be executed with the proper credentials."
|
||||
echo "Message: ${err}"
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user