Select Git revision
XtaClient.java
-
Jan Zickermann authoredJan Zickermann authored
Jenkinsfile 12.03 KiB
pipeline {
agent {
node {
label 'ozgcloud-jenkins-build-agent'
}
}
environment {
RELEASE_REGEX = /\d+.\d+.\d+/
SNAPSHOT_REGEX = /\d+.\d+.\d+-SNAPSHOT/
FAILED_STAGE = ""
SH_SUCCESS_STATUS_CODE = 0
KEYCLOAK_OPERATOR_NAME = 'ozgcloud-keycloak-operator'
ELASTIC_OPERATOR_NAME = 'ozgcloud-elastic-operator'
}
options {
timeout(time: 1, unit: 'HOURS')
disableConcurrentBuilds()
buildDiscarder(logRotator(numToKeepStr: '10'))
}
stages {
stage('Check Version') {
steps {
script {
FAILED_STAGE = env.STAGE_NAME
def rootPom = readMavenPom file: 'pom.xml'
def rootVersion = rootPom.version
if(isReleaseBranch()){
if ( !isReleaseVersion([rootVersion])) {
error("Keine Release Version für Branch ${env.BRANCH_NAME}.")
}
} else {
if ( !isSnapshotVersion([rootVersion])) {
error("Keine Snapshot Version für Branch ${env.BRANCH_NAME}.")
}
}
}
}
}
stage('Build OzgCloud Operator') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn --version'
sh 'mvn -s $MAVEN_SETTINGS clean install -Dmaven.wagon.http.retryHandler.count=3'
script {
try {
if (env.BRANCH_NAME == 'master') {
withSonarQubeEnv('sonarqube-ozg-sh'){
sh 'mvn -s $MAVEN_SETTINGS sonar:sonar'
}
}
} catch (Exception e) {
unstable("SonarQube failed")
}
}
}
}
post {
always{
junit testResults: '**/target/surefire-reports/*.xml', skipPublishingChecks: true
}
}
}
stage('Deploy to Nexus'){
when {
anyOf {
branch 'master'
branch 'release'
}
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn -s $MAVEN_SETTINGS -DskipTests deploy'
}
}
}
stage('Build Docker image') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
}
configFileProvider([configFile(fileId: 'maven-settings', variable: 'MAVEN_SETTINGS')]) {
sh 'mvn -s $MAVEN_SETTINGS spring-boot:build-image -DskipTests -Dmaven.wagon.http.retryHandler.count=3'
}
}
}
stage('Tag and Push Docker image') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
IMAGE_TAG = generateImageTag()
tagAndPushDockerImage(KEYCLOAK_OPERATOR_NAME, IMAGE_TAG)
tagAndPushDockerImage(ELASTIC_OPERATOR_NAME, IMAGE_TAG)
if (isMasterBranch()) {
tagAndPushDockerImage(KEYCLOAK_OPERATOR_NAME, 'snapshot-latest')
tagAndPushDockerImage(ELASTIC_OPERATOR_NAME, 'snapshot-latest')
}
else if (isReleaseBranch()) {
tagAndPushDockerImage(KEYCLOAK_OPERATOR_NAME, 'latest')
tagAndPushDockerImage(ELASTIC_OPERATOR_NAME, 'latest')
}
}
}
}
stage('Test, build and deploy Keycloak-Operator Helm Chart') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
HELM_CHART_VERSION = generateHelmChartVersion()
testAndDeployKeycloakHelmChart(HELM_CHART_VERSION)
}
}
}
stage('Test, build and deploy Elastic-Operator Helm Chart') {
steps {
script {
FAILED_STAGE=env.STAGE_NAME
HELM_CHART_VERSION = generateHelmChartVersion()
testAndDeployElasticHelmChart(HELM_CHART_VERSION)
}
}
}
stage('Trigger Dev rollout') {
when {
branch 'master'
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
doDevRollout()
}
}
}
stage('Trigger Test rollout') {
when {
branch 'release'
}
steps {
script {
FAILED_STAGE = env.STAGE_NAME
doTestRollout()
}
}
}
stage ('OWASP Dependency-Check Vulnerabilities') {
steps {
dependencyCheck additionalArguments: '''
-o "./"
-s "./"
-f "ALL"
-d /dependency-check-data
--suppression dependency-check-supressions.xml
--disableKnownExploited
--noupdate
--disableArchive
--prettyPrint''', odcInstallation: 'dependency-check-owasp'
dependencyCheckPublisher(
pattern: 'dependency-check-report.xml'
)
}
}
}
}
Void testAndDeployKeycloakHelmChart(String helmChartVersion){
dir("${KEYCLOAK_OPERATOR_NAME}/src/main/helm") {
runHelmTests()
deployHelmChart(KEYCLOAK_OPERATOR_NAME, helmChartVersion)
}
}
Void testAndDeployElasticHelmChart(String helmChartVersion){
dir("${ELASTIC_OPERATOR_NAME}/src/main/helm") {
runHelmTests()
deployHelmChart(ELASTIC_OPERATOR_NAME, helmChartVersion)
}
}
Void runHelmTests(){
sh 'helm lint -f ../../test/helm/linter_values.yaml'
sh "helm unittest --helm3 -f '../../test/helm/*.yaml' -f '../../test/helm/*/*.yaml' ."
sh "helm package --version=${HELM_CHART_VERSION} ."
}
Void deployHelmChart(String helmChartName, String helmChartVersion) {
withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USERNAME', passwordVariable: 'PASSWORD')]){
def url = getHelmRepoUrl()
echo "Url: ${url}"
def result = sh script: '''curl -u $USERNAME:$PASSWORD ''' + url + ''' -F file=@'''+helmChartName+'''-'''+helmChartVersion+'''.tgz''', returnStdout: true
if (result != '') {
error(result)
}
}
}
String getHelmRepoUrl(){
if (isReleaseBranch()) {
return "https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps"
}
return "https://nexus.ozg-sh.de/service/rest/v1/components?repository=ozg-base-apps-snapshot"
}
String generateHelmChartVersion() {
def chartVersion = getPomVersion('pom.xml')
if (isMasterBranch()) {
chartVersion += "-${env.GIT_COMMIT.take(7)}"
}
else if (!isReleaseBranch()) {
chartVersion += "-${env.BRANCH_NAME}"
}
return chartVersion.replaceAll('_', '-')
}
Boolean isMasterBranch() {
return env.BRANCH_NAME == 'master'
}
Boolean isReleaseBranch() {
return env.BRANCH_NAME == 'release'
}
String getElementAccessToken() {
withCredentials([string(credentialsId: 'element-login-json', variable: 'LOGIN_JSON')]) {
return readJSON ( text: sh (script: '''curl -XPOST -d \"$LOGIN_JSON\" https://matrix.ozg-sh.de/_matrix/client/v3/login''', returnStdout: true)).access_token
}
}
Void doDevRollout() {
cloneGitopsRepo()
setNewOperatorVersion('dev')
pushNewGitopsVersion('dev')
}
Void doTestRollout() {
cloneGitopsRepo()
setNewOperatorVersion('test')
pushNewGitopsVersion('test')
}
Void setNewOperatorVersion(String environment) {
dir('gitops') {
updateKeycloakOperatorVersions()
updateElasticOperatorVersions()
}
}
Void updateKeycloakOperatorVersions(String environment){
def valuesFile = getApplicationValues(environment, KEYCLOAK_OPERATOR_NAME)
def envVersions = readYaml file: envFile
envVersions.ozgcloud_keycloak_operator.image.tag = IMAGE_TAG
envVersions.ozgcloud_keycloak_operator.helm.version = HELM_CHART_VERSION
writeYaml file: envFile, data: envVersions, overwrite: true
}
Void updateElasticOperatorVersions(String environment){
def valuesFile = getApplicationValues(environment, ELASTIC_OPERATOR_NAME)
def envVersions = readYaml file: envFile
envVersions.ozgcloud_elastic_operator.image.tag = IMAGE_TAG
envVersions.ozgcloud_elastic_operator.helm.version = HELM_CHART_VERSION
writeYaml file: envFile, data: envVersions, overwrite: true
}
String getApplicationValues(String environment, String valuesFileName) {
return "${environment}/application/values/${valuesFileName}-values.yaml"
}
Void pushNewGitopsVersion(String environment) {
dir('gitops') {
if (!hasValuesFileChanged(environment)) {
return
}
withCredentials([usernamePassword(credentialsId: 'jenkins-gitea-access-token', passwordVariable: 'TOKEN', usernameVariable: 'USER')]) {
sh "git add ${environment}/application/values/ozgcloud-keycloak-operator-values.yaml"
sh "git commit -m 'jenkins rollout ${environment} ozgcloud-keycloak-operator version ${IMAGE_TAG}'"
sh 'git push https://${USER}:${TOKEN}@git.ozg-sh.de/ozgcloud-devops/gitops.git'
}
}
}
Boolean hasValuesFileChanged(String environment) {
return sh (script: "git status | grep '${environment}/application/values/ozgcloud-keycloak-operator-values.yaml'", returnStatus: true) == env.SH_SUCCESS_STATUS_CODE as Integer
}
Void configureGit() {
final email = "jenkins@ozg-sh.de"
final name = "jenkins"
dir("gitops") {
sh "git config user.email '${email}'"
sh "git config user.name '${name}'"
}
}
Void cloneGitopsRepo() {
withCredentials([usernamePassword(credentialsId: 'jenkins-gitea-access-token', passwordVariable: 'TOKEN', usernameVariable: 'USER')]) {
sh 'git clone https://${USER}:${TOKEN}@git.ozg-sh.de/ozgcloud-devops/gitops.git'
}
configureGit()
}
Void tagAndPushDockerImage(String imageName, String newTag){
withCredentials([usernamePassword(credentialsId: 'jenkins-nexus-login', usernameVariable: 'USER', passwordVariable: 'PASSWORD')]) {
sh 'docker login docker.ozg-sh.de -u ${USER} -p ${PASSWORD}'
sh "docker tag docker.ozg-sh.de/${imageName}:build-latest docker.ozg-sh.de/${imageName}:${newTag}"
sh "docker push docker.ozg-sh.de/${imageName}:${newTag}"
}
}
String getPomVersion(String pomFile){
def pom = readMavenPom file: pomFile
return pom.version
}
String generateImageTag() {
def imageTag = "${env.BRANCH_NAME}-${getPomVersion('pom.xml')}"
if (env.BRANCH_NAME == 'master') {
imageTag += "-${env.GIT_COMMIT.take(7)}"
}
return imageTag
}
String getParentPomVersion(String filePath) {
def pom = readMavenPom file: filePath
return pom.parent.version
}
Boolean isReleaseVersion(List versions) {
return matchRegexVersion(versions, RELEASE_REGEX)
}
Boolean isSnapshotVersion(List versions) {
return matchRegexVersion(versions, SNAPSHOT_REGEX)
}
Boolean matchRegexVersion(List versions, String regex) {
for (version in versions) {
if ( !(version ==~ regex) ) {
return false
}
}
return true
}