added updated dockerfiles and ric workflow
[it/otf.git] / otf-cert-secret-builder / Jenkinsfile
1 #!/usr/bin/env groovy\r
2 \r
3 /*  Copyright (c) 2019 AT&T Intellectual Property.                             #\r
4 #                                                                              #\r
5 #   Licensed under the Apache License, Version 2.0 (the "License");            #\r
6 #   you may not use this file except in compliance with the License.           #\r
7 #   You may obtain a copy of the License at                                    #\r
8 #                                                                              #\r
9 #       http://www.apache.org/licenses/LICENSE-2.0                             #\r
10 #                                                                              #\r
11 #   Unless required by applicable law or agreed to in writing, software        #\r
12 #   distributed under the License is distributed on an "AS IS" BASIS,          #\r
13 #   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.   #\r
14 #   See the License for the specific language governing permissions and        #\r
15 #   limitations under the License.                                             #\r
16 ##############################################################################*/\r
17 \r
18 properties([[$class: 'ParametersDefinitionProperty', parameterDefinitions: [\r
19         [$class: 'hudson.model.StringParameterDefinition', name: 'PHASE', defaultValue: "BUILD"],\r
20         [$class: 'hudson.model.StringParameterDefinition', name: 'ENV', defaultValue: "dev"],\r
21         [$class: 'hudson.model.StringParameterDefinition', name: 'MECHID', defaultValue: "id"],\r
22         [$class: 'hudson.model.StringParameterDefinition', name: 'KUBE_CONFIG', defaultValue: "kubeConfig-dev"],\r
23         [$class: 'hudson.model.StringParameterDefinition', name: 'TILLER_NAMESPACE', defaultValue: "org-onar-otf"],\r
24         [$class: 'hudson.model.StringParameterDefinition', name: 'PKCS12_CERT', defaultValue: "otf_ssl_pkcs12_dev"],\r
25         [$class: 'hudson.model.StringParameterDefinition', name: 'PKCS12_KEY', defaultValue: "server_ssl_key_store_password"],\r
26         [$class: 'hudson.model.StringParameterDefinition', name: 'PEM_CERT', defaultValue: "otf_ssl_pem_dev"],\r
27         [$class: 'hudson.model.StringParameterDefinition', name: 'PEM_KEY', defaultValue: "otf_ssl_pem_key_dev"]\r
28 \r
29 \r
30 ]]])\r
31 \r
32 \r
33 echo "Build branch: ${env.BRANCH_NAME}"\r
34 \r
35 node("docker"){\r
36   stage 'Checkout'\r
37   checkout scm\r
38   PHASES=PHASE.tokenize( '_' );\r
39   echo "PHASES : " + PHASES\r
40   ARTIFACT_ID="otf-cert-secret-builder"\r
41   echo "Tiller Namespace: " + TILLER_NAMESPACE\r
42 \r
43   withEnv(["PATH=${env.PATH}:${tool 'jdk180'}:${env.WORKSPACE}/linux-amd64", "JAVA_HOME=${tool 'jdk180'}","HELM_HOME=${env.WORKSPACE}"]) {\r
44 \r
45     echo "PATH=${env.PATH}"\r
46     echo "JAVA_HOME=${env.JAVA_HOME}"\r
47     echo "HELM_HOME=${env.HELM_HOME}"\r
48 \r
49     wrap([$class: 'ConfigFileBuildWrapper', managedFiles: [\r
50       [fileId: 'maven-settings.xml', variable: 'MAVEN_SETTINGS']\r
51       ]]) {\r
52 \r
53       if (PHASES.contains("DEPLOY") || PHASES.contains("UNDEPLOY")) {\r
54         stage 'Init Helm'\r
55 \r
56         //check if helm exists if not install\r
57         if(fileExists('linux-amd64/helm')){\r
58           sh """\r
59             echo "helm is already installed"\r
60           """\r
61         }\r
62         else{\r
63         //download helm\r
64           sh """\r
65             echo "installing helm"\r
66             wget  https://storage.googleapis.com/kubernetes-helm/helm-v2.8.2-linux-amd64.tar.gz\r
67             tar -xf helm-v2.8.2-linux-amd64.tar.gz\r
68             rm helm-v2.8.2-linux-amd64.tar.gz\r
69           """\r
70         }\r
71 \r
72         withCredentials([file(credentialsId: KUBE_CONFIG, variable: 'KUBECONFIG')]) {\r
73 \r
74           dir('helm'){\r
75               //check if charts are valid, and then perform dry run, if successful then upgrade/install charts\r
76 \r
77                 if (PHASES.contains("UNDEPLOY") ) {\r
78               stage 'Undeploy'\r
79 \r
80                   sh """\r
81                     helm delete --tiller-namespace=$TILLER_NAMESPACE --purge $ARTIFACT_ID\r
82                   """\r
83                 }\r
84 \r
85               //NOTE Double quotes are used below to access groovy variables like artifact_id and tiller_namespace\r
86                     if (PHASES.contains("DEPLOY") ){\r
87                             stage 'Deploy'\r
88                       withCredentials(\r
89                         [usernamePassword(credentialsId: MECHID, usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD'),\r
90                         file(credentialsId: PKCS12_CERT, variable: 'VAR_PKCS12_CERT'),\r
91                         string(credentialsId: PKCS12_KEY, variable: 'VAR_PKCS12_KEY'),\r
92                         file(credentialsId: PEM_CERT, variable: 'VAR_PEM_CERT'),\r
93                         file(credentialsId: PEM_KEY, variable: 'VAR_PEM_KEY'),\r
94                         file(credentialsId: 'PRIVATE_KEY', variable: 'VAR_PRIVATE_KEY'),\r
95                         usernamePassword(credentialsId: 'PRIVATE_KEY_USER_PASS', usernameVariable: 'PRIVATE_KEY_USERNAME', passwordVariable: 'PRIVATE_KEY_PASSPHRASE')\r
96                         ]) {\r
97 \r
98                         sh """\r
99 \r
100                           cp $VAR_PKCS12_CERT $ARTIFACT_ID\r
101                           cp $VAR_PEM_CERT $ARTIFACT_ID\r
102                           cp $VAR_PEM_KEY $ARTIFACT_ID\r
103                           cp $VAR_PRIVATE_KEY $ARTIFACT_ID\r
104                           FILE_PKCS12_CERT=`basename $VAR_PKCS12_CERT`\r
105                           FILE_PEM_CERT=`basename $VAR_PEM_CERT`\r
106                           FILE_PEM_KEY=`basename $VAR_PEM_KEY`\r
107                           FILE_PRIVATE_KEY=`basename $VAR_PRIVATE_KEY`\r
108 \r
109                           echo "Validate Yaml"\r
110                           helm lint $ARTIFACT_ID\r
111 \r
112                           echo "View Helm Templates"\r
113                           helm template $ARTIFACT_ID \\r
114                             --set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \\r
115                             --set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \\r
116                             --set Secret.PEM_CERT=\$FILE_PEM_CERT \\r
117                             --set Secret.PEM_KEY=\$FILE_PEM_KEY \\r
118                             --set Secret.privateKey.key=\$FILE_PRIVATE_KEY \\r
119                             --set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \\r
120                             --set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \\r
121 \r
122                           echo "Perform Dry Run Of Install"\r
123                           helm upgrade --tiller-namespace=$TILLER_NAMESPACE --install --dry-run $ARTIFACT_ID $ARTIFACT_ID \\r
124                             --set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \\r
125                             --set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \\r
126                             --set Secret.PEM_CERT=\$FILE_PEM_CERT \\r
127                             --set Secret.PEM_KEY=\$FILE_PEM_KEY \\r
128                             --set Secret.privateKey.key=\$FILE_PRIVATE_KEY \\r
129                             --set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \\r
130                             --set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \\r
131 \r
132                           echo "Helm Install/Upgrade"\r
133                           helm upgrade --tiller-namespace=$TILLER_NAMESPACE --install $ARTIFACT_ID $ARTIFACT_ID \\r
134                             --set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \\r
135                             --set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \\r
136                             --set Secret.PEM_CERT=\$FILE_PEM_CERT \\r
137                             --set Secret.PEM_KEY=\$FILE_PEM_KEY \\r
138                             --set Secret.privateKey.key=\$FILE_PRIVATE_KEY \\r
139                             --set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \\r
140                             --set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \\r
141 \r
142                         """\r
143                       }\r
144               }\r
145 \r
146            }\r
147         }\r
148       }\r
149     }\r
150   }\r
151 }\r