#!/usr/bin/env groovy | |
/* Copyright (c) 2019 AT&T Intellectual Property. # | |
# # | |
# Licensed under the Apache License, Version 2.0 (the "License"); # | |
# you may not use this file except in compliance with the License. # | |
# You may obtain a copy of the License at # | |
# # | |
# http://www.apache.org/licenses/LICENSE-2.0 # | |
# # | |
# Unless required by applicable law or agreed to in writing, software # | |
# distributed under the License is distributed on an "AS IS" BASIS, # | |
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # | |
# See the License for the specific language governing permissions and # | |
# limitations under the License. # | |
##############################################################################*/ | |
properties([[$class: 'ParametersDefinitionProperty', parameterDefinitions: [ | |
[$class: 'hudson.model.StringParameterDefinition', name: 'PHASE', defaultValue: "BUILD"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'ENV', defaultValue: "dev"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'MECHID', defaultValue: "id"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'KUBE_CONFIG', defaultValue: "kubeConfig-dev"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'TILLER_NAMESPACE', defaultValue: "org-onar-otf"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'PKCS12_CERT', defaultValue: "otf_ssl_pkcs12_dev"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'PKCS12_KEY', defaultValue: "server_ssl_key_store_password"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'PEM_CERT', defaultValue: "otf_ssl_pem_dev"], | |
[$class: 'hudson.model.StringParameterDefinition', name: 'PEM_KEY', defaultValue: "otf_ssl_pem_key_dev"] | |
]]]) | |
echo "Build branch: ${env.BRANCH_NAME}" | |
node("docker"){ | |
stage 'Checkout' | |
checkout scm | |
PHASES=PHASE.tokenize( '_' ); | |
echo "PHASES : " + PHASES | |
ARTIFACT_ID="otf-cert-secret-builder" | |
echo "Tiller Namespace: " + TILLER_NAMESPACE | |
withEnv(["PATH=${env.PATH}:${tool 'jdk180'}:${env.WORKSPACE}/linux-amd64", "JAVA_HOME=${tool 'jdk180'}","HELM_HOME=${env.WORKSPACE}"]) { | |
echo "PATH=${env.PATH}" | |
echo "JAVA_HOME=${env.JAVA_HOME}" | |
echo "HELM_HOME=${env.HELM_HOME}" | |
wrap([$class: 'ConfigFileBuildWrapper', managedFiles: [ | |
[fileId: 'maven-settings.xml', variable: 'MAVEN_SETTINGS'] | |
]]) { | |
if (PHASES.contains("DEPLOY") || PHASES.contains("UNDEPLOY")) { | |
stage 'Init Helm' | |
//check if helm exists if not install | |
if(fileExists('linux-amd64/helm')){ | |
sh """ | |
echo "helm is already installed" | |
""" | |
} | |
else{ | |
//download helm | |
sh """ | |
echo "installing helm" | |
wget https://storage.googleapis.com/kubernetes-helm/helm-v2.8.2-linux-amd64.tar.gz | |
tar -xf helm-v2.8.2-linux-amd64.tar.gz | |
rm helm-v2.8.2-linux-amd64.tar.gz | |
""" | |
} | |
withCredentials([file(credentialsId: KUBE_CONFIG, variable: 'KUBECONFIG')]) { | |
dir('helm'){ | |
//check if charts are valid, and then perform dry run, if successful then upgrade/install charts | |
if (PHASES.contains("UNDEPLOY") ) { | |
stage 'Undeploy' | |
sh """ | |
helm delete --tiller-namespace=$TILLER_NAMESPACE --purge $ARTIFACT_ID | |
""" | |
} | |
//NOTE Double quotes are used below to access groovy variables like artifact_id and tiller_namespace | |
if (PHASES.contains("DEPLOY") ){ | |
stage 'Deploy' | |
withCredentials( | |
[usernamePassword(credentialsId: MECHID, usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD'), | |
file(credentialsId: PKCS12_CERT, variable: 'VAR_PKCS12_CERT'), | |
string(credentialsId: PKCS12_KEY, variable: 'VAR_PKCS12_KEY'), | |
file(credentialsId: PEM_CERT, variable: 'VAR_PEM_CERT'), | |
file(credentialsId: PEM_KEY, variable: 'VAR_PEM_KEY'), | |
file(credentialsId: 'PRIVATE_KEY', variable: 'VAR_PRIVATE_KEY'), | |
usernamePassword(credentialsId: 'PRIVATE_KEY_USER_PASS', usernameVariable: 'PRIVATE_KEY_USERNAME', passwordVariable: 'PRIVATE_KEY_PASSPHRASE') | |
]) { | |
sh """ | |
cp $VAR_PKCS12_CERT $ARTIFACT_ID | |
cp $VAR_PEM_CERT $ARTIFACT_ID | |
cp $VAR_PEM_KEY $ARTIFACT_ID | |
cp $VAR_PRIVATE_KEY $ARTIFACT_ID | |
FILE_PKCS12_CERT=`basename $VAR_PKCS12_CERT` | |
FILE_PEM_CERT=`basename $VAR_PEM_CERT` | |
FILE_PEM_KEY=`basename $VAR_PEM_KEY` | |
FILE_PRIVATE_KEY=`basename $VAR_PRIVATE_KEY` | |
echo "Validate Yaml" | |
helm lint $ARTIFACT_ID | |
echo "View Helm Templates" | |
helm template $ARTIFACT_ID \ | |
--set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \ | |
--set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \ | |
--set Secret.PEM_CERT=\$FILE_PEM_CERT \ | |
--set Secret.PEM_KEY=\$FILE_PEM_KEY \ | |
--set Secret.privateKey.key=\$FILE_PRIVATE_KEY \ | |
--set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \ | |
--set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \ | |
echo "Perform Dry Run Of Install" | |
helm upgrade --tiller-namespace=$TILLER_NAMESPACE --install --dry-run $ARTIFACT_ID $ARTIFACT_ID \ | |
--set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \ | |
--set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \ | |
--set Secret.PEM_CERT=\$FILE_PEM_CERT \ | |
--set Secret.PEM_KEY=\$FILE_PEM_KEY \ | |
--set Secret.privateKey.key=\$FILE_PRIVATE_KEY \ | |
--set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \ | |
--set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \ | |
echo "Helm Install/Upgrade" | |
helm upgrade --tiller-namespace=$TILLER_NAMESPACE --install $ARTIFACT_ID $ARTIFACT_ID \ | |
--set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \ | |
--set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \ | |
--set Secret.PEM_CERT=\$FILE_PEM_CERT \ | |
--set Secret.PEM_KEY=\$FILE_PEM_KEY \ | |
--set Secret.privateKey.key=\$FILE_PRIVATE_KEY \ | |
--set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \ | |
--set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \ | |
""" | |
} | |
} | |
} | |
} | |
} | |
} | |
} | |
} |