Newer
Older
/*
* Copyright (C) 2023 Das Land Schleswig-Holstein vertreten durch den
* Ministerpräsidenten des Landes Schleswig-Holstein
* Staatskanzlei
* Abteilung Digitalisierung und zentrales IT-Management der Landesregierung
*
* Lizenziert unter der EUPL, Version 1.2 oder - sobald
* diese von der Europäischen Kommission genehmigt wurden -
* Folgeversionen der EUPL ("Lizenz");
* Sie dürfen dieses Werk ausschließlich gemäß
* dieser Lizenz nutzen.
* Eine Kopie der Lizenz finden Sie hier:
*
* https://joinup.ec.europa.eu/collection/eupl/eupl-text-eupl-12
*
* Sofern nicht durch anwendbare Rechtsvorschriften
* gefordert oder in schriftlicher Form vereinbart, wird
* die unter der Lizenz verbreitete Software "so wie sie
* ist", OHNE JEGLICHE GEWÄHRLEISTUNG ODER BEDINGUNGEN -
* ausdrücklich oder stillschweigend - verbreitet.
* Die sprachspezifischen Genehmigungen und Beschränkungen
* unter der Lizenz sind dem Lizenztext zu entnehmen.
*/
}
}
environment {
RELEASE_REGEX = /\d+.\d+.\d+/
SNAPSHOT_REGEX = /\d+.\d+.\d+-SNAPSHOT/
FAILED_STAGE = ""
SH_SUCCESS_STATUS_CODE = 0
KEYCLOAK_OPERATOR_NAME = 'ozgcloud-keycloak-operator'
ELASTICSEARCH_OPERATOR_NAME = 'ozgcloud-elasticsearch-operator'
}
options {
timeout(time: 1, unit: 'HOURS')
disableConcurrentBuilds()
buildDiscarder(logRotator(numToKeepStr: '10'))
}
stages {
stage('Check Version') {
steps {
script {
FAILED_STAGE = env.STAGE_NAME
def rootPom = readMavenPom file: 'pom.xml'
def rootVersion = rootPom.version
if ( !isReleaseVersion([rootVersion])) {
error("Keine Release Version für Branch ${env.BRANCH_NAME}.")
}
} else {
if ( !isSnapshotVersion([rootVersion])) {
error("Keine Snapshot Version für Branch ${env.BRANCH_NAME}.")
}
}
}
}
}
stage('Set Version') {
when {
not {
anyOf {
branch 'master'
branch 'release'
}
}
}
steps {
script {
FAILED_STAGE=env.STAGE_NAME
JAR_TAG = getPomVersion('pom.xml').replace("SNAPSHOT", "${env.BRANCH_NAME}-SNAPSHOT")
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh "mvn -s $MAVEN_SETTINGS versions:set -DnewVersion=${JAR_TAG} -DprocessAllModules=true"
}
}
}
steps {
script {
FAILED_STAGE=env.STAGE_NAME
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn --version'
sh 'mvn -s $MAVEN_SETTINGS clean install -Dmaven.wagon.http.retryHandler.count=3'
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
script {
try {
if (env.BRANCH_NAME == 'master') {
withSonarQubeEnv('sonarqube-ozg-sh'){
sh 'mvn -s $MAVEN_SETTINGS sonar:sonar'
}
}
} catch (Exception e) {
unstable("SonarQube failed")
}
}
}
}
post {
always{
junit testResults: '**/target/surefire-reports/*.xml', skipPublishingChecks: true
}
}
}
stage('Deploy to Nexus'){
steps {
script {
FAILED_STAGE = env.STAGE_NAME
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn -s $MAVEN_SETTINGS -DskipTests deploy'
sh "mvn -s $MAVEN_SETTINGS versions:revert"
stage('Build Docker image') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn -s $MAVEN_SETTINGS spring-boot:build-image -DskipTests -Dmaven.wagon.http.retryHandler.count=3'
stage('Tag and Push Docker image') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
IMAGE_TAG = generateImageTag()
tagAndPushDockerImage(KEYCLOAK_OPERATOR_NAME, IMAGE_TAG)
tagAndPushDockerImage(ELASTICSEARCH_OPERATOR_NAME, IMAGE_TAG)
if (isMasterBranch()) {
tagAndPushDockerImage(KEYCLOAK_OPERATOR_NAME, 'snapshot-latest')
tagAndPushDockerImage(ELASTICSEARCH_OPERATOR_NAME, 'snapshot-latest')
else if (isReleaseBranch()) {
tagAndPushDockerImage(KEYCLOAK_OPERATOR_NAME, 'latest')
tagAndPushDockerImage(ELASTICSEARCH_OPERATOR_NAME, 'latest')
stage('Test, build and deploy Keycloak-Operator Helm Chart') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
HELM_CHART_VERSION = generateHelmChartVersion()
testAndDeployKeycloakHelmChart(HELM_CHART_VERSION)
}
}
}
stage('Test, build and deploy Elasticsearch-Operator Helm Chart') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
HELM_CHART_VERSION = generateHelmChartVersion()
testAndDeployElasticsearchHelmChart(HELM_CHART_VERSION)
stage('Trigger Dev rollout') {
when {
branch 'master'
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
stage('Trigger Test rollout') {
when {
branch 'release'
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
Void testAndDeployKeycloakHelmChart(String helmChartVersion){
dir("${KEYCLOAK_OPERATOR_NAME}/src/main/helm") {
runHelmTests()
deployHelmChart(KEYCLOAK_OPERATOR_NAME, helmChartVersion)
}
}
Void testAndDeployElasticsearchHelmChart(String helmChartVersion){
dir("${ELASTICSEARCH_OPERATOR_NAME}/src/main/helm") {
deployHelmChart(ELASTICSEARCH_OPERATOR_NAME, helmChartVersion)
}
}
Void runHelmTests(){
sh 'helm lint -f ../../test/helm/linter_values.yaml'
sh "helm unittest -f '../../test/helm/*/*.yaml' ."
sh "helm package --version=${HELM_CHART_VERSION} ."
}
Void deployHelmChart(String helmChartName, String helmChartVersion) {
withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]){
def url = getHelmRepoUrl()
echo "Url: ${url}"
def result = sh script: '''curl -u $USERNAME:$PASSWORD ''' + url + ''' -F file=@'''+helmChartName+'''-'''+helmChartVersion+'''.tgz''', returnStdout: true
if (result != '') {
error(result)
}
}
}
String getHelmRepoUrl(){
if (isReleaseBranch()) {
return "https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps"
}
return "https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps-snapshot"
}
String generateHelmChartVersion() {
def chartVersion = getPomVersion('pom.xml')
return chartVersion.replaceAll('_', '-')
Boolean isMasterBranch() {
return env.BRANCH_NAME == 'master'
}
Boolean isReleaseBranch() {
return env.BRANCH_NAME == 'release'
}
String getElementAccessToken() {
withCredentials([string(credentialsId: 'element-login-json', variable: 'LOGIN_JSON')]) {
return readJSON ( text: sh (script: '''curl -XPOST -d \"$LOGIN_JSON\" https://matrix.ozg-sh.de/_matrix/client/v3/login''', returnStdout: true)).access_token
}
}
Void doDevRollout() {
cloneGitopsRepo()
setNewOperatorVersion('dev')
pushNewGitopsVersion('dev')
}
Void doTestRollout() {
cloneGitopsRepo()
setNewOperatorVersion('test')
pushNewGitopsVersion('test')
Void setNewOperatorVersion(String environment) {
dir('gitops') {
updateKeycloakOperatorVersions(environment)
updateElasticsearchOperatorVersions(environment)
Void updateKeycloakOperatorVersions(String environment){
def envFile = getApplicationValues(environment, KEYCLOAK_OPERATOR_NAME)
def envVersions = readYaml file: envFile
envVersions.ozgcloud_keycloak_operator.image.tag = IMAGE_TAG
envVersions.ozgcloud_keycloak_operator.helm.version = HELM_CHART_VERSION
writeYaml file: envFile, data: envVersions, overwrite: true
Void updateElasticsearchOperatorVersions(String environment){
def envFile = getApplicationValues(environment, ELASTICSEARCH_OPERATOR_NAME)
def envVersions = readYaml file: envFile
envVersions.ozgcloud_elasticsearch_operator.image.tag = IMAGE_TAG
envVersions.ozgcloud_elasticsearch_operator.helm.version = HELM_CHART_VERSION
writeYaml file: envFile, data: envVersions, overwrite: true
String getApplicationValues(String environment, String valuesFileName) {
return "${environment}/application/values/${valuesFileName}-values.yaml"
}
Void pushNewGitopsVersion(String environment) {
dir('gitops') {
return
}
withCredentials([usernamePassword(credentialsId: 'jenkins-gitea-access-token', passwordVariable: 'TOKEN', usernameVariable: 'USER')]) {
sh "git add ${environment}/application/values/ozgcloud-keycloak-operator-values.yaml"
sh "git add ${environment}/application/values/ozgcloud-elasticsearch-operator-values.yaml"
sh "git commit -m 'jenkins rollout ${environment} ozgcloud operators version ${IMAGE_TAG}'"
sh 'git push https://${USER}:${TOKEN}@git.ozg-sh.de/ozgcloud-devops/gitops.git'
return sh (script: "git status | grep '${environment}/application/values/ozgcloud-keycloak-operator-values.yaml'", returnStatus: true) == env.SH_SUCCESS_STATUS_CODE as Integer
}
Void configureGit() {
final email = "jenkins@ozg-sh.de"
final name = "jenkins"
dir("gitops") {
sh "git config user.email '${email}'"
sh "git config user.name '${name}'"
}
}
Void cloneGitopsRepo() {
withCredentials([usernamePassword(credentialsId: 'jenkins-gitea-access-token', passwordVariable: 'TOKEN', usernameVariable: 'USER')]) {
sh 'git clone https://${USER}:${TOKEN}@git.ozg-sh.de/ozgcloud-devops/gitops.git'
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
}
configureGit()
}
Void tagAndPushDockerImage(String imageName, String newTag){
withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
sh 'docker login docker.ozg-sh.de -u ${USER} -p ${PASSWORD}'
sh "docker tag docker.ozg-sh.de/${imageName}:build-latest docker.ozg-sh.de/${imageName}:${newTag}"
sh "docker push docker.ozg-sh.de/${imageName}:${newTag}"
}
}
String getPomVersion(String pomFile){
def pom = readMavenPom file: pomFile
return pom.version
}
String generateImageTag() {
def imageTag = "${env.BRANCH_NAME}-${getPomVersion('pom.xml')}"
if (env.BRANCH_NAME == 'master') {
imageTag += "-${env.GIT_COMMIT.take(7)}"
}
return imageTag
}
String getParentPomVersion(String filePath) {
def pom = readMavenPom file: filePath
return pom.parent.version
}
Boolean isReleaseVersion(List versions) {
return matchRegexVersion(versions, RELEASE_REGEX)
}
Boolean isSnapshotVersion(List versions) {
return matchRegexVersion(versions, SNAPSHOT_REGEX)
}
Boolean matchRegexVersion(List versions, String regex) {
for (version in versions) {
if ( !(version ==~ regex) ) {
return false
}
}
return true
}