204 lines
7.6 KiB
Groovy
204 lines
7.6 KiB
Groovy
def cicdproject = "${CICD_NAMESPACE}"
|
|
def appname = "${APP_NAME}"
|
|
def utv_project = "${UTV_NAMESPACE}"
|
|
def acc_project = "${ACC_NAMESPACE}"
|
|
def prod_project = "${PROD_NAMESPACE}"
|
|
def jenkinsslave = "nodejs15-agent"
|
|
def dist_path = "dist/apps/mina-sidor-fa"
|
|
|
|
def REGISTRY = 'nexus.arbetsformedlingen.se:5555'
|
|
def PROJECT_CONTAINING_IMAGES = "app-af-nexus"
|
|
def USE_CONFIG_MAP = false
|
|
def CONFIG_MAP_KEY = "${appname}-config"
|
|
def CONFIG_MAP_PATH = "./openshift/config-maps/${prod_project}.yaml"
|
|
|
|
pipeline {
|
|
|
|
agent {
|
|
node {label "${jenkinsslave}"}
|
|
}
|
|
|
|
environment {
|
|
CURRENT_COMMIT = getShortCommitHash()
|
|
BUILD_TAG = ""
|
|
}
|
|
|
|
stages {
|
|
|
|
stage("Initialize") {
|
|
steps {
|
|
echo '### Generating build tag... ###'
|
|
script {
|
|
def packageJson = readJSON file: 'package.json'
|
|
BUILD_TAG = "prod_v${packageJson.version}_${env.BUILD_NUMBER}_${CURRENT_COMMIT}"
|
|
echo '### Build tag ###'
|
|
echo "${BUILD_TAG}"
|
|
}
|
|
echo '### Build tag generated! ###'
|
|
}
|
|
}
|
|
|
|
stage("Install dependencies") {
|
|
environment {
|
|
NEXUS_CREDS = "${env.NEXUS_USERNAME}:${env.NEXUS_PASSWORD}"
|
|
}
|
|
steps {
|
|
echo '### Installing dependencies... ###'
|
|
sh '''
|
|
ENCODED=$(echo -n "${NEXUS_CREDS}" | openssl base64)
|
|
CACHE_DIRECTORY=/home/jenkins/.npm/cache
|
|
mkdir -p ${CACHE_DIRECTORY}
|
|
echo "_auth=${ENCODED}" >> .npmrc
|
|
|
|
# set -x
|
|
cat .npmrc
|
|
|
|
# Pull from cache if it exists
|
|
(
|
|
# Fail if any step fail
|
|
set -e
|
|
# Remove line 3 from package-lock, which contain the package.json version. Store backup.
|
|
# We only care about dependencies, not the version
|
|
sed -i.bak -e '3d' package-lock.json
|
|
# Hash the package-lock.json file
|
|
sha1sum package-lock.json | tr -s " " | awk '{print $1}' > hashed.pkg-lock
|
|
# Restore package-lock.json with version number intact
|
|
mv package-lock.json.bak package-lock.json
|
|
# Try to get the file from cache
|
|
cp ${CACHE_DIRECTORY}/$(cat hashed.pkg-lock) node_modules.tar.gz 2> /dev/null
|
|
# Check if we found the cached node_modules
|
|
test -f node_modules.tar.gz
|
|
# If we found the cached node_modules, extract the files to node_modules
|
|
(test -f node_modules.tar.gz && tar -zxf node_modules.tar.gz && echo "Using cached node_modules from ${CACHE_DIRECTORY}/$(cat hashed.pkg-lock)") || echo "No cached node_modules.tar.gz found"
|
|
# Echo to the logs stating that we are using cache
|
|
echo "Using cached node_modules from ${CACHE_DIRECTORY}/$(cat hashed.pkg-lock)"
|
|
) || true
|
|
|
|
# If we did not find the cached node_modules, install from the lock
|
|
test -f node_modules.tar.gz || npm ci;
|
|
|
|
# Store cache
|
|
(
|
|
# Fail if any step fail
|
|
set -e
|
|
# Only update the cache if we found no previous cache
|
|
test ! -f node_modules.tar.gz
|
|
# Tar the cache
|
|
tar -zcf node_modules.tar.gz node_modules
|
|
# Clean old cache
|
|
rm -rf ${CACHE_DIRECTORY}/*
|
|
# Store the cache
|
|
cp node_modules.tar.gz ${CACHE_DIRECTORY}/$(cat hashed.pkg-lock)
|
|
) || true
|
|
'''
|
|
echo '### Dependencies installed! ###'
|
|
}
|
|
}
|
|
|
|
stage("Build application") {
|
|
environment {
|
|
NGINX_PATH = "${dist_path}/."
|
|
}
|
|
steps {
|
|
echo '### Building application... ###'
|
|
sh '''
|
|
npm run build:api -- --prod
|
|
cp -r nginx/* ${NGINX_PATH}
|
|
'''
|
|
echo '### Application built! ###'
|
|
}
|
|
}
|
|
|
|
stage('App bake') {
|
|
steps {
|
|
echo '### Creating image... ###'
|
|
script {
|
|
openshift.withCluster() {
|
|
openshift.withProject(utv_project) {
|
|
openshift.selector("bc", "${ appname }").startBuild("--from-dir=${dist_path}", "--wait=true")
|
|
openshift.tag("${ appname }:latest", "${ appname }:${BUILD_TAG}")
|
|
}
|
|
}
|
|
}
|
|
|
|
echo '### Image created! ###'
|
|
}
|
|
}
|
|
|
|
stage('Deploy to "acc"') {
|
|
steps {
|
|
echo '### Deploying to "acc"... ###'
|
|
script {
|
|
openshift.withCluster() {
|
|
openshift.withProject(acc_project) {
|
|
openshift.raw("set image dc/${ appname } ${ appname }=docker-registry.default.svc:5000/${utv_project}/${ appname }:${BUILD_TAG} --record=true --source=docker ")
|
|
openshift.raw("annotate dc ${ appname } version=${BUILD_TAG} --overwrite=true")
|
|
openshift.selector("dc", "${ appname }").rollout().status();
|
|
}
|
|
}
|
|
}
|
|
echo '### Deployed to "acc"! ###'
|
|
}
|
|
}
|
|
|
|
// Stage test where application testing will go in here
|
|
|
|
stage('Push image to External registry') {
|
|
agent {
|
|
label 'skopeo-agent'
|
|
}
|
|
steps {
|
|
echo '### Publishing image to external registry... ###'
|
|
script {
|
|
def branchName = GIT_BRANCH.split('/')[1]
|
|
openshift.withCluster() {
|
|
openshift.withProject(cicdproject) {
|
|
def registry = "nexus.arbetsformedlingen.se:5555"
|
|
withCredentials([usernamePassword(credentialsId: "${openshift.project()}-nexus-secret", usernameVariable: "REG_USER", passwordVariable: "REG_PWD")]) {
|
|
sh "skopeo copy docker://docker-registry.default.svc:5000/${utv_project}/${appname}:latest docker://${registry}/app-af-nexus/${appname}:${BUILD_TAG} --src-creds jenkins:\$(oc whoami -t) --dest-creds \"$REG_USER:$REG_PWD\" --src-tls-verify=false --dest-tls-verify=false --format v2s2"
|
|
}
|
|
}
|
|
}
|
|
}
|
|
echo '### Image published to external registry! ###'
|
|
}
|
|
}
|
|
|
|
stage('Deploy to production') {
|
|
steps {
|
|
echo '### Trying to deploy to prod... ###'
|
|
script {
|
|
openshift.withCluster() {
|
|
utilities.defineAuth()
|
|
// def api = "https://ocpcluster-a.arbetsformedlingen.se:443"
|
|
// env.API = sh(script:"set +x; echo ${api}", returnStdout: true).replaceAll(/https?/, 'insecure')
|
|
// def encodedToken = openshift.selector('secret/imagepromote-token').object().data.tokenbase64
|
|
// env.TOKEN = sh(script:"set +x; echo ${encodedToken} | base64 --decode", returnStdout: true)
|
|
}
|
|
|
|
openshift.withCluster( env.API, env.TOKEN ) {
|
|
openshift.withProject(prod_project) {
|
|
// Wait for approval
|
|
timeout(time:1440, unit:'MINUTES') {
|
|
input message: "Go Live with ${ appname } in Production?", ok: "Confirm"
|
|
def label = "${ env.BUILD_NUMBER }"
|
|
utilities.rollout("${ appname }", "${ appname }", "latest", label, PROJECT_CONTAINING_IMAGES, REGISTRY, USE_CONFIG_MAP, "${ CONFIG_MAP_KEY }", CONFIG_MAP_PATH)
|
|
//openshift.raw("tag nexus.arbetsformedlingen.se:5555/app-af-nexus/${ appname }:${BUILD_TAG} ${appname}:${BUILD_TAG} --insecure")
|
|
//openshift.raw("tag ${ appname }:latest ${ appname }:${BUILD_TAG}")
|
|
//openshift.raw("set image dc/${ appname } ${ appname }=nexus.arbetsformedlingen.se:5555/app-af-nexus/${ appname }:${BUILD_TAG} --record=true --source=docker")
|
|
//openshift.selector("dc", "${ appname }").rollout().status();
|
|
echo '### Deployed to prod! ###'
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
}
|
|
}
|
|
|
|
def getShortCommitHash() {
|
|
return sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'").trim()
|
|
}
|