Jenkinsfile

def FAILED_STAGE
def IMAGE_TAG
def VERSION
def E2E_FAILED

pipeline {
    agent {
        node {
            label 'jenkins-worker'
        }
    }

    environment {
        BLUE_OCEAN_URL = "https://jenkins.ozg-sh.de/blue/organizations/jenkins/goofy/detail/${env.BRANCH_NAME}/${env.BUILD_NUMBER}/pipeline"
        RELEASE_REGEX = /\d+.\d+.\d+/
        SNAPSHOT_REGEX = /\d+.\d+.\d+-SNAPSHOT/
    }

    options {
        timeout(time: 1, unit: 'HOURS')
        disableConcurrentBuilds()
        buildDiscarder(logRotator(numToKeepStr: '5'))
    }

    stages {
        stage('Check Version') {
            steps {
                script {
                    FAILED_STAGE = env.STAGE_NAME
                    def rootPom = readMavenPom file: 'pom.xml'
                    VERSION = rootPom.version

                    def serverPom = readMavenPom file: 'goofy-server/pom.xml'
                    def serverVersion = serverPom.parent.version

                    def clientPom = readMavenPom file: 'goofy-client/pom.xml'
                    def clientVersion = clientPom.parent.version

                    if(env.BRANCH_NAME == 'release'){
                        if ( !(VERSION ==~ RELEASE_REGEX) || !(serverVersion ==~ RELEASE_REGEX) || !(clientVersion ==~ RELEASE_REGEX)) {
                            error("Keine Release Version für Branch ${env.BRANCH_NAME}.")
                        }
                    } else {
                        if ( !(VERSION ==~ SNAPSHOT_REGEX) || !(serverVersion ==~ SNAPSHOT_REGEX) || !(clientVersion ==~ SNAPSHOT_REGEX)) {
                            error("Keine Snapshot Version für Branch ${env.BRANCH_NAME}.")
                        }
                    }

                    if( !(VERSION == serverVersion && VERSION == clientVersion)){
                        error("Versionen sind nicht identisch")
                    }
                }
            }
        }
        stage('Client') {
            steps {
                container("nodejs"){
                    script {
                        FAILED_STAGE=env.STAGE_NAME

                        sh 'npm --version'
                        dir('goofy-client') {
                            sh 'echo "registry=https://nexus.ozg-sh.de/repository/npm-proxy" >> ~/.npmrc'
                            sh 'echo "_auth=amVua2luczpQaihzX0ZNNFU5ZC8=" >> ~/.npmrc'

                            sh 'npm install --no-optional'

                            if (env.BRANCH_NAME == 'release') {
                                sh 'npm run ci-prodBuild'
                            }
                            else {
                                sh 'npm run ci-build'
                            }

                            sh 'npm run ci-test'

							try {
	                            if (env.BRANCH_NAME == 'master') {
	                                withSonarQubeEnv('sonarqube-ozg-sh'){
	                                    sh 'npm run ci-sonar'
	                                }
	                            }
                            } catch (Exception e) {
                               unstable("SonarQube failed")
                            }
                        }
                    }
                }
            }
//            post {
//                always{
//                    junit testResults: 'goofy-client/test-report.xml', skipPublishingChecks: true
//                }
//            }
        }
        stage('Server') {
            steps {
                script {
                    FAILED_STAGE=env.STAGE_NAME
                    IMAGE_TAG = "${env.BRANCH_NAME}-${VERSION}"

                    container("maven-17"){
                        configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
                            sh 'mvn --version'
                            sh "mvn -s $MAVEN_SETTINGS -pl -goofy-client clean install spring-boot:build-image -Dspring-boot.build-image.imageName=docker.ozg-sh.de/goofy:${IMAGE_TAG} -Dspring-boot.build-image.publish -Dmaven.wagon.http.retryHandler.count=3"

                           	try {
                                if (env.BRANCH_NAME == 'master') {
        	                        dir('goofy-server'){
                                        withSonarQubeEnv('sonarqube-ozg-sh'){
                                            sh 'mvn -s $MAVEN_SETTINGS sonar:sonar'
                                        }
                                    }
	                            }
                            } catch (Exception e) {
                                unstable("SonarQube failed")
                            }
                        }
                    }
                }
            }
            post {
                always{
                    junit testResults: '**/target/surefire-reports/*.xml', skipPublishingChecks: true
                }
            }
        }
        stage('Deploy Maven Artifacts to Nexus') {
            when {
                anyOf {
                    branch 'master'
                    branch 'release'
                }
            }
            steps {
                script {
                    FAILED_STAGE = env.STAGE_NAME
                }
                container('maven-17') {
                    configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
                        sh 'mvn -s $MAVEN_SETTINGS -pl -goofy-client -DskipTests deploy'
                    }
                }
            }
        }
        stage('Deploy Goofy') {
            when {
                anyOf {
                    branch 'master'
                    branch 'release'
                }
            }

            steps {
                script {
                    FAILED_STAGE = env.STAGE_NAME
                }
                container("docker") {
                    script {
                        withCredentials([usernamePassword(credentialsId: 'jenkins-docker-login', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
                            sh 'docker login docker.ozg-sh.de -u ${USER} -p ${PASSWORD}'

                            if (env.BRANCH_NAME == 'release') {
                                sh "docker tag docker.ozg-sh.de/goofy:${IMAGE_TAG} docker.ozg-sh.de/goofy:latest"
                                sh 'docker push docker.ozg-sh.de/goofy:latest'
                            }

                            if (env.BRANCH_NAME == 'master') {
                                sh "docker tag docker.ozg-sh.de/goofy:${IMAGE_TAG} docker.ozg-sh.de/goofy:snapshot-latest"
                                sh 'docker push docker.ozg-sh.de/goofy:snapshot-latest'
                            }
                        }
                    }
                }
            }
        }
        stage('Init k8s') {
            steps {
                script {
                    FAILED_STAGE = env.STAGE_NAME
                    E2E_FAILED = ""
                }
                container("k8s") {
                    configFileProvider([configFile(fileId: 'jenkins-kuby-kubeconfig', variable: 'KUBE_CONFIG')]) {
                        sh 'mkdir ~/.kube'
                        sh 'cp ${KUBE_CONFIG} ~/.kube/config'
                        sh 'cat ~/.kube/config'
                    }
                    sh 'helm version'
                }
            }
        }
        stage('Rollout Dev Goofy') {
            when {
                branch 'master'
            }
            steps {
                script {
                    FAILED_STAGE = env.STAGE_NAME
                }

                container("k8s"){
                    script {
                            sh """
                                error=0
                                for NAMESPACE in \$(kubectl get namespaces -l ozg-environment=dev -o custom-columns=NAME:.metadata.name --no-headers); \
                                do \
                                    if kubectl get deployment -n \$NAMESPACE | grep goofy; then \
                                        kubectl rollout restart deployment/goofy -n \$NAMESPACE; \
                                        if ! kubectl rollout status deployment/goofy -n \$NAMESPACE; then \
                                            error=1; \
                                        fi; \
                                    fi; \
                                done
                                exit \$error
                            """
                    }
                }
            }
        }
        stage('Trigger Test rollout') {
            when {
                branch 'release'
            }
            steps {
                script {
                    FAILED_STAGE = env.STAGE_NAME
                  	
                    withCredentials([usernamePassword(credentialsId: 'jenkins-gitea-access-token', passwordVariable: 'TOKEN', usernameVariable: 'USER')]) {
                        sh 'git clone https://${USER}:${TOKEN}@git.ozg-sh.de/mgm/rollout.git'

                        dir('rollout') {
                            sh "sed -i 's/GOOFY_APP_VERSION\\=.*/GOOFY_APP_VERSION=${VERSION}/' versions/dev/versions.sh"

                            sh 'git add versions/dev/versions.sh'
                            sh 'git config user.email "jenkins@ozg.de"'
                            sh 'git config user.name "jenkins"'
                            sh "git commit -m 'jenkins rollout goofy ${VERSION}'"
                            sh 'git push https://${USER}:${TOKEN}@git.ozg-sh.de/mgm/rollout.git'
                        }
                    }
                }
            }
        }
        stage('E2E') {
            failFast false

            parallel {
                stage('E2E-EA') {
                    steps {
                        script {
                            def stageName = env.STAGE_NAME
                            def bezeichner = generateBezeichner(stageName)
                            def namespace = generateNamespaceName(bezeichner)

                            startEnvironment(namespace, 'ea-values.yaml', 'ea-values.yaml', IMAGE_TAG, bezeichner)

                            def testResult = runTests(stageName, 'einheitlicher-ansprechpartner')

							shutdownEnvironment(namespace)

                            if(!testResult) {
				            	E2E_FAILED += "${stageName}, "
                                error("Fehler in Stage ${stageName}")
            				}
                        }
                    }
                    post {
                        always {
                            script {
                                publishE2ETestResult("einheitlicher-ansprechpartner", "Goofy E2E-Tests EA")
                            }
                        }
                    }
                }
                stage('E2E-main') {
                    steps {
                        script {
                            def stageName = env.STAGE_NAME
                            def bezeichner = generateBezeichner(stageName)
                            def namespace = generateNamespaceName(bezeichner)

                            startEnvironment(namespace, 'values.yaml', 'values.yaml', IMAGE_TAG, bezeichner)

                            def testResult = runTests(stageName, 'main-tests')

   							shutdownEnvironment(namespace)

							if(!testResult) {
				            	E2E_FAILED += "${stageName}, "
                                error("Fehler in Stage ${stageName}")
            				}
                        }
                    }
                    post {
                        always {
                            script {
                                publishE2ETestResult("main-tests", "Goofy E2E-Tests main")
                            }
                        }
                    }
                }
            }
			post {
        		always {
					script {
						if (E2E_FAILED) {
							FAILED_STAGE = "E2E (${E2E_FAILED.substring(0, E2E_FAILED.length() - 2)})"
                            error("Fehler in E2E-Tests")
						}
					}
            	}
			}
        }
    }
    post {
        failure {
            script {
                if (env.BRANCH_NAME == 'master') {
                    slackSend(color: "danger", message: "Goofy: Build Failed. Stage: ${FAILED_STAGE} Build-ID: <${BLUE_OCEAN_URL}|${env.BUILD_NUMBER}>")
                }
            }
        }
    }
}

Void startEnvironment(String namespace, String goofyValues, String plutoValues, String imageTag, String bezeichner){
    checkIfNamespaceExists(namespace)

    parallel(
        startGoofy: {
		    startGoofy(namespace, goofyValues, imageTag, bezeichner)
        },
        startPluto: {
		    startPluto(namespace, plutoValues, bezeichner)
        }
    )
}

Void publishE2ETestResult(String reportFolder, String reportName) {
    publishHTML (
        target: [
            allowMissing: false,
            alwaysLinkToLastBuild: false,
            keepAll: true,
            reportDir: "goofy-client/apps/goofy-e2e/reports/${reportFolder}",
            reportFiles: 'report.html',
            reportName: reportName
        ]
    )
}

Void checkIfNamespaceExists(String namespace) {
    container("k8s") {
        def namespaceList = sh (script: 'kubectl get namespaces', returnStdout: true)

        if(namespaceList.contains(namespace)) {
            sh "kubectl delete namespace ${namespace}"
        }
    }
}

Void startPluto(String namespace, String values, String bezeichner) {
    container("k8s") {
        dir('goofy-client/apps/goofy-e2e/deployment-values/pluto') {
           	sh "helm upgrade --install --create-namespace pluto ozg-base-apps-snapshot/pluto -f ${values} --set kop.bezeichner=${bezeichner} --namespace ${namespace} --version ${getLatestChartVersion('pluto').trim()} --wait --wait-for-jobs"
        }

	    sh "kubectl rollout status statefulset/pluto-database -n ${namespace}"
    }
}

Void startGoofy(String namespace, String values, String imageTag, String bezeichner) {
    container("k8s") {
        dir('goofy-client/apps/goofy-e2e/deployment-values/goofy') {
           	sh "helm upgrade --install --create-namespace goofy ozg-base-apps-snapshot/goofy -f ${values} --set image.tag=${imageTag} --set kop.bezeichner=${bezeichner} --namespace ${namespace} --version ${getLatestChartVersion('goofy').trim()} --wait --wait-for-jobs"
        }

        createKeycloakGroups(namespace)
        generateKeycloakUserYaml(namespace)
        applyKeycloakUser(namespace)
    }
}

String getLatestChartVersion(String chart) {
    container("k8s") {
        return sh (script: "helm search repo ozg-base-apps-snapshot --devel -l -o json | jq -r 'first(.[] | select((.name==\"ozg-base-apps-snapshot/${chart}\") and (.version|match(\"SNAPSHOT\$\"))) | .version)'", returnStdout: true)
    }
}

String runTests(String stageName, String reportFolder) {
	container("cypress") {
        try {
    	    def configFile = generateCypressConfig(stageName, reportFolder)
            dir("goofy-client") {
        	    sh "npm run cypress:version"
                sh "npm run cypress:ci-run --CONFIG_FILE=${configFile} --REPORT_FOLDER=${reportFolder}"

                return true
            }
        } catch (Exception e) {
            sh "ls -l /root/.npm/_logs/*-debug.log"
            sh "cat /root/.npm/_logs/*-debug.log"
            return false
        }
    }
}

Void shutdownEnvironment(String namespace) {
	container("k8s") {
        sh "helm uninstall goofy --namespace ${namespace} --wait"
        sh "helm uninstall pluto --namespace ${namespace} --wait"

        removeKeycloakUser(namespace)

        sh "kubectl delete namespace ${namespace}"
    }
}

String makeUrlConform(String input) {
    return input.replaceAll(/[^a-zA-Z0-9]+/, "").toLowerCase()
}

String generateBezeichner(String stage) {
    def branchName = makeUrlConform(env.BRANCH_NAME)
    def stageName = makeUrlConform(stage)

    def cutBranchNamePosition = 30 - (branchName.length() + stageName.length() + 8)

    if(cutBranchNamePosition < 0) {
        branchName = branchName[0..cutBranchNamePosition]
    }

    return "${branchName}${stageName}"
}

String generateNamespaceName(String bezeichner) {
    return "e2e-${bezeichner}-dev"
}

Void generateKeycloakUserYaml(String namespace) {
    def e2eUserFiles = sh (script: 'ls goofy-client/apps/goofy-e2e/src/fixtures/user', returnStdout: true)

    e2eUserFiles.split("\\n").each { user ->
        def newUserYaml = readYaml file: "goofy-client/apps/goofy-e2e/deployment-values/goofy/user/user.yaml"
   		def userJson = readJSON file: 'goofy-client/apps/goofy-e2e/src/fixtures/user/'+user

   		newUserYaml.metadata.name = namespace + "-" + userJson.name
        newUserYaml.metadata.namespace = namespace
   		newUserYaml.metadata.labels.realm = namespace
   		newUserYaml.spec.realmSelector.matchLabels.realm = namespace
   		newUserYaml.spec.user.username = userJson.name
   		newUserYaml.spec.user.credentials = [[type: 'password', value: userJson.password]]

        if(userJson.firstName) {
            newUserYaml.spec.user.firstName = userJson.firstName
        }

        if(userJson.lastName) {
       	    newUserYaml.spec.user.lastName = userJson.lastName
        }

        if(userJson.clientRoles) {
            newUserYaml.spec.user.clientRoles = [(namespace+"-goofy"): userJson.clientRoles]
        }

		if(userJson.groups) {
			newUserYaml.spec.user.groups = userJson.groups
		}

        dir (namespace) {
            writeYaml file: userJson.name+".yaml", data: newUserYaml
        }
    }
}

Void createKeycloakGroups(String realm) {
	def groupFiles = sh (script: 'ls goofy-client/apps/goofy-e2e/src/fixtures/group', returnStdout: true)

    groupFiles.split("\\n").each { group ->
        def groupJson = sh (script: "cat goofy-client/apps/goofy-e2e/src/fixtures/group/${group}", returnStdout: true)

		sh """curl -X POST 'https://sso.dev.ozg-sh.de/auth/admin/realms/${realm}/groups' \
				-H 'Content-Type: application/json' \
				-H 'Authorization: bearer ${getKeycloakAccessToken()}' \
				--data-raw '${groupJson}'
				"""
	}
}

Void applyKeycloakUser(String namespace) {
    dir(namespace){
        def kcUserFiles = sh (script: "ls", returnStdout: true)

        kcUserFiles.split("\\n").each { user ->
            sh "kubectl apply -f ${user}"
        }
    }
}

Void removeKeycloakUser(String namespace) {
    dir(namespace){
        def kcUserFiles = sh (script: "ls", returnStdout: true)

        kcUserFiles.split("\\n").each { user ->
            sh "kubectl delete -f ${user}"
        }
    }
}

String generateCypressConfig(String stage, String testFolder) {
    def bezeichner = generateBezeichner(stage)
    def namespace = generateNamespaceName(bezeichner)
    def configName = "cypress-ci-"+testFolder+".json"

    dir('goofy-client/apps/goofy-e2e/'){
        def config = readJSON file: 'cypress-ci.json'

        config.baseUrl = "https://${makeUrlConform(env.BRANCH_NAME)}${makeUrlConform(stage)}.dev.ozg-sh.de" as String
        config.env.dbUrl = "mongodb+srv://pluto-database-user:XnHhfznNWg65NNd@pluto-database-svc.${namespace}.svc.cluster.local/admin?ssl=false" as String
        config.env.keycloakRealm = namespace as String
        config.env.keycloakClient = namespace + "-goofy" as String
		config.env.sabineUuid = getKeycloakUuid(namespace, "sabine") as String
        config.integrationFolder = "./src/integration/${testFolder}" as String
        config.videosFolder = "./reports/${testFolder}/videos" as String
	    config.screenshotsFolder = "./reports/${testFolder}/screenshots" as String
        config.reporterOptions.reportDir = "./reports/${testFolder}/mochawesome-report" as String

        writeJSON file: configName, json: config
    }

    return configName
}

String getKeycloakUuid(realm, userName) {
    def shScript = """curl -H 'Content-Type: application/json' \
                        -H 'Authorization: bearer ${getKeycloakAccessToken()}' \
                        'https://sso.dev.ozg-sh.de/auth/admin/realms/${realm}/users'
                    """

	def users = readJSON text: sh(script: shScript, returnStdout: true)

	for(user in users) {
		if (user.username == userName) {
            return user.id
		}
	}
}

String getKeycloakAccessToken() {
	withCredentials([usernamePassword(credentialsId: 'keycloak-login', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
		def token = readJSON text: sh (script: 'curl -d "client_id=admin-cli" -d "username=$USER" -d "password=$PASSWORD" -d "grant_type=password" "https://sso.dev.ozg-sh.de/auth/realms/master/protocol/openid-connect/token"', returnStdout: true)

		return token.access_token
	}
}