#!/usr/bin/env groovy /* Copyright (c) 2019 AT&T Intellectual Property. # # # # Licensed under the Apache License, Version 2.0 (the "License"); # # you may not use this file except in compliance with the License. # # You may obtain a copy of the License at # # # # http://www.apache.org/licenses/LICENSE-2.0 # # # # Unless required by applicable law or agreed to in writing, software # # distributed under the License is distributed on an "AS IS" BASIS, # # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # # See the License for the specific language governing permissions and # # limitations under the License. # ##############################################################################*/ properties([[$class: 'ParametersDefinitionProperty', parameterDefinitions: [ [$class: 'hudson.model.StringParameterDefinition', name: 'PHASE', defaultValue: "BUILD"], [$class: 'hudson.model.StringParameterDefinition', name: 'ENV', defaultValue: "dev"], [$class: 'hudson.model.StringParameterDefinition', name: 'MECHID', defaultValue: "id"], [$class: 'hudson.model.StringParameterDefinition', name: 'KUBE_CONFIG', defaultValue: "kubeConfig-dev"], [$class: 'hudson.model.StringParameterDefinition', name: 'TILLER_NAMESPACE', defaultValue: "org-onar-otf"], [$class: 'hudson.model.StringParameterDefinition', name: 'PKCS12_CERT', defaultValue: "otf_ssl_pkcs12_dev"], [$class: 'hudson.model.StringParameterDefinition', name: 'PKCS12_KEY', defaultValue: "server_ssl_key_store_password"], [$class: 'hudson.model.StringParameterDefinition', name: 'PEM_CERT', defaultValue: "otf_ssl_pem_dev"], [$class: 'hudson.model.StringParameterDefinition', name: 'PEM_KEY', defaultValue: "otf_ssl_pem_key_dev"] ]]]) echo "Build branch: ${env.BRANCH_NAME}" node("docker"){ stage 'Checkout' checkout scm PHASES=PHASE.tokenize( '_' ); echo "PHASES : " + PHASES ARTIFACT_ID="otf-cert-secret-builder" echo "Tiller Namespace: " + TILLER_NAMESPACE withEnv(["PATH=${env.PATH}:${tool 'jdk180'}:${env.WORKSPACE}/linux-amd64", "JAVA_HOME=${tool 'jdk180'}","HELM_HOME=${env.WORKSPACE}"]) { echo "PATH=${env.PATH}" echo "JAVA_HOME=${env.JAVA_HOME}" echo "HELM_HOME=${env.HELM_HOME}" wrap([$class: 'ConfigFileBuildWrapper', managedFiles: [ [fileId: 'maven-settings.xml', variable: 'MAVEN_SETTINGS'] ]]) { if (PHASES.contains("DEPLOY") || PHASES.contains("UNDEPLOY")) { stage 'Init Helm' //check if helm exists if not install if(fileExists('linux-amd64/helm')){ sh """ echo "helm is already installed" """ } else{ //download helm sh """ echo "installing helm" wget https://storage.googleapis.com/kubernetes-helm/helm-v2.8.2-linux-amd64.tar.gz tar -xf helm-v2.8.2-linux-amd64.tar.gz rm helm-v2.8.2-linux-amd64.tar.gz """ } withCredentials([file(credentialsId: KUBE_CONFIG, variable: 'KUBECONFIG')]) { dir('helm'){ //check if charts are valid, and then perform dry run, if successful then upgrade/install charts if (PHASES.contains("UNDEPLOY") ) { stage 'Undeploy' sh """ helm delete --tiller-namespace=$TILLER_NAMESPACE --purge $ARTIFACT_ID """ } //NOTE Double quotes are used below to access groovy variables like artifact_id and tiller_namespace if (PHASES.contains("DEPLOY") ){ stage 'Deploy' withCredentials( [usernamePassword(credentialsId: MECHID, usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD'), file(credentialsId: PKCS12_CERT, variable: 'VAR_PKCS12_CERT'), string(credentialsId: PKCS12_KEY, variable: 'VAR_PKCS12_KEY'), file(credentialsId: PEM_CERT, variable: 'VAR_PEM_CERT'), file(credentialsId: PEM_KEY, variable: 'VAR_PEM_KEY'), file(credentialsId: 'PRIVATE_KEY', variable: 'VAR_PRIVATE_KEY'), usernamePassword(credentialsId: 'PRIVATE_KEY_USER_PASS', usernameVariable: 'PRIVATE_KEY_USERNAME', passwordVariable: 'PRIVATE_KEY_PASSPHRASE') ]) { sh """ cp $VAR_PKCS12_CERT $ARTIFACT_ID cp $VAR_PEM_CERT $ARTIFACT_ID cp $VAR_PEM_KEY $ARTIFACT_ID cp $VAR_PRIVATE_KEY $ARTIFACT_ID FILE_PKCS12_CERT=`basename $VAR_PKCS12_CERT` FILE_PEM_CERT=`basename $VAR_PEM_CERT` FILE_PEM_KEY=`basename $VAR_PEM_KEY` FILE_PRIVATE_KEY=`basename $VAR_PRIVATE_KEY` echo "Validate Yaml" helm lint $ARTIFACT_ID echo "View Helm Templates" helm template $ARTIFACT_ID \ --set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \ --set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \ --set Secret.PEM_CERT=\$FILE_PEM_CERT \ --set Secret.PEM_KEY=\$FILE_PEM_KEY \ --set Secret.privateKey.key=\$FILE_PRIVATE_KEY \ --set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \ --set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \ echo "Perform Dry Run Of Install" helm upgrade --tiller-namespace=$TILLER_NAMESPACE --install --dry-run $ARTIFACT_ID $ARTIFACT_ID \ --set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \ --set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \ --set Secret.PEM_CERT=\$FILE_PEM_CERT \ --set Secret.PEM_KEY=\$FILE_PEM_KEY \ --set Secret.privateKey.key=\$FILE_PRIVATE_KEY \ --set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \ --set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \ echo "Helm Install/Upgrade" helm upgrade --tiller-namespace=$TILLER_NAMESPACE --install $ARTIFACT_ID $ARTIFACT_ID \ --set Secret.PKCS12_CERT=\$FILE_PKCS12_CERT \ --set Secret.PKCS12_KEY=$VAR_PKCS12_KEY \ --set Secret.PEM_CERT=\$FILE_PEM_CERT \ --set Secret.PEM_KEY=\$FILE_PEM_KEY \ --set Secret.privateKey.key=\$FILE_PRIVATE_KEY \ --set Secret.privateKey.username=$PRIVATE_KEY_USERNAME \ --set Secret.privateKey.passphrase=$PRIVATE_KEY_PASSPHRASE \ """ } } } } } } } }