diff --git a/.editorconfig b/.editorconfig index 689f0b8..fe5cb88 100644 --- a/.editorconfig +++ b/.editorconfig @@ -17,7 +17,3 @@ indent_size = 2 [.{babelrc,eslintrc}] indent_style = space indent_size = 2 - -[Jenkinsfile*] -indent_style = space -indent_size = 2 diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 811b448..0000000 --- a/Jenkinsfile +++ /dev/null @@ -1,184 +0,0 @@ -#!groovy - -// -------------------- -// Declarative Pipeline -// -------------------- -pipeline { - agent any - - environment { - // Enable pipeline verbose debug output if greater than 0 - DEBUG_OUTPUT = 'false' - - // Get projects/namespaces from config maps - DEV_PROJECT = new File('/var/run/configs/ns/project.dev').getText('UTF-8').trim() - TEST_PROJECT = new File('/var/run/configs/ns/project.test').getText('UTF-8').trim() - PROD_PROJECT = new File('/var/run/configs/ns/project.prod').getText('UTF-8').trim() - TOOLS_PROJECT = new File('/var/run/configs/ns/project.tools').getText('UTF-8').trim() - - // Get application config from config maps - REPO_OWNER = new File('/var/run/configs/jobs/repo.owner').getText('UTF-8').trim() - REPO_NAME = new File('/var/run/configs/jobs/repo.name').getText('UTF-8').trim() - APP_NAME = new File('/var/run/configs/jobs/app.name').getText('UTF-8').trim() - APP_DOMAIN = new File('/var/run/configs/jobs/app.domain').getText('UTF-8').trim() - - // JOB_NAME should be the pull request/branch identifier (i.e. 'pr-5') - JOB_NAME = JOB_BASE_NAME.toLowerCase() - - // SOURCE_REPO_* references git repository resources - SOURCE_REPO_RAW = "https://raw.githubusercontent.com/${REPO_OWNER}/${REPO_NAME}/master" - SOURCE_REPO_REF = 'master' - SOURCE_REPO_URL = "https://github.com/${REPO_OWNER}/${REPO_NAME}.git" - - // ENV_HOST is the full domain without the path (ie. 'appname-dev.pathfinder.gov.bc.ca') - DEV_HOST = "${APP_NAME}-dev.${APP_DOMAIN}" - TEST_HOST = "${APP_NAME}-test.${APP_DOMAIN}" - PROD_HOST = "${APP_NAME}.${APP_DOMAIN}" - // PATH_ROOT will be appended to ENV_HOST - PATH_ROOT = "/${JOB_NAME.equalsIgnoreCase('master') ? APP_NAME : JOB_NAME}" - } - - options { - parallelsAlwaysFailFast() - } - - stages { - stage('Initialize') { - agent any - steps { - // Cancel any running builds in progress - timeout(10) { - echo "Cancelling previous ${APP_NAME}-${JOB_NAME} builds in progress..." - abortAllPreviousBuildInProgress(currentBuild) - } - - script { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - // Force OpenShift Plugin directives to be verbose - openshift.logLevel(1) - - // Print all environment variables - echo 'DEBUG - All pipeline environment variables:' - echo sh(returnStdout: true, script: 'env') - } - - loadCommonPipeline() - } - } - } - - stage('Build') { - agent any - steps { - script { - loadCommonPipeline() - commonPipeline.runStageBuild() - } - } - post { - success { - echo 'Cleanup App BuildConfigs...' - script { - openshift.withCluster() { - openshift.withProject(TOOLS_PROJECT) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } else { - def bcApp = openshift.selector('bc', "${REPO_NAME}-app-${JOB_NAME}") - - if(bcApp.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-app-${JOB_NAME}..." - bcApp.delete() - } - } - } - } - } - } - } - } - - stage('Deploy - Dev') { - agent any - steps { - script { - loadCommonPipeline() - commonPipeline.runStageDeploy('Dev', DEV_PROJECT, DEV_HOST, PATH_ROOT) - } - } - post { - success { - script { - commonPipeline.createDeploymentStatus(DEV_PROJECT, 'SUCCESS', JOB_NAME, DEV_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Dev', 'SUCCESS') - } - } - unsuccessful { - script { - commonPipeline.createDeploymentStatus(DEV_PROJECT, 'FAILURE', JOB_NAME, DEV_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Dev', 'FAILURE') - } - } - } - } - - stage('Deploy - Test') { - agent any - steps { - script { - loadCommonPipeline() - commonPipeline.runStageDeploy('Test', TEST_PROJECT, TEST_HOST, PATH_ROOT) - } - } - post { - success { - script { - commonPipeline.createDeploymentStatus(TEST_PROJECT, 'SUCCESS', JOB_NAME, TEST_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Test', 'SUCCESS') - } - } - unsuccessful { - script { - commonPipeline.createDeploymentStatus(TEST_PROJECT, 'FAILURE', JOB_NAME, TEST_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Test', 'FAILURE') - } - } - } - } - - stage('Deploy - Prod') { - agent any - steps { - script { - loadCommonPipeline() - commonPipeline.runStageDeploy('Prod', PROD_PROJECT, PROD_HOST, PATH_ROOT) - } - } - post { - success { - script { - commonPipeline.createDeploymentStatus(PROD_PROJECT, 'SUCCESS', JOB_NAME, PROD_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Prod', 'SUCCESS') - } - } - unsuccessful { - script { - commonPipeline.createDeploymentStatus(PROD_PROJECT, 'FAILURE', JOB_NAME, PROD_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Prod', 'FAILURE') - } - } - } - } - } -} - -// -------------------- -// Supporting Functions -// -------------------- - -// Load Common Code as Global Variable -def loadCommonPipeline() { - if (!binding.hasVariable('commonPipeline')) { - commonPipeline = load "${WORKSPACE}/openshift/commonPipeline.groovy" - } -} diff --git a/Jenkinsfile.cicd b/Jenkinsfile.cicd deleted file mode 100644 index af6a7b2..0000000 --- a/Jenkinsfile.cicd +++ /dev/null @@ -1,147 +0,0 @@ -#!groovy - -// -------------------- -// Declarative Pipeline -// -------------------- -pipeline { - agent any - - environment { - // Enable pipeline verbose debug output if greater than 0 - DEBUG_OUTPUT = 'false' - - // Get projects/namespaces from config maps - DEV_PROJECT = new File('/var/run/configs/ns/project.dev').getText('UTF-8').trim() - TEST_PROJECT = new File('/var/run/configs/ns/project.test').getText('UTF-8').trim() - PROD_PROJECT = new File('/var/run/configs/ns/project.prod').getText('UTF-8').trim() - TOOLS_PROJECT = new File('/var/run/configs/ns/project.tools').getText('UTF-8').trim() - - // Get application config from config maps - REPO_OWNER = new File('/var/run/configs/jobs/repo.owner').getText('UTF-8').trim() - REPO_NAME = new File('/var/run/configs/jobs/repo.name').getText('UTF-8').trim() - APP_NAME = new File('/var/run/configs/jobs/app.name').getText('UTF-8').trim() - APP_DOMAIN = new File('/var/run/configs/jobs/app.domain').getText('UTF-8').trim() - - // JOB_NAME should be the pull request/branch identifier (i.e. 'pr-5') - JOB_NAME = JOB_BASE_NAME.toLowerCase() - - // SOURCE_REPO_* references git repository resources - SOURCE_REPO_RAW = "https://raw.githubusercontent.com/${REPO_OWNER}/${REPO_NAME}/master" - SOURCE_REPO_REF = "pull/${CHANGE_ID}/head" - SOURCE_REPO_URL = "https://github.com/${REPO_OWNER}/${REPO_NAME}.git" - - // ENV_HOST is the full domain without the path (ie. 'appname-dev.pathfinder.gov.bc.ca') - DEV_HOST = "${APP_NAME}-dev.${APP_DOMAIN}" - TEST_HOST = "${APP_NAME}-test.${APP_DOMAIN}" - PROD_HOST = "${APP_NAME}.${APP_DOMAIN}" - // PATH_ROOT will be appended to ENV_HOST - PATH_ROOT = "/${JOB_NAME.equalsIgnoreCase('master') ? APP_NAME : JOB_NAME}" - } - - options { - parallelsAlwaysFailFast() - } - - stages { - stage('Initialize') { - agent any - steps { - // Cancel any running builds in progress - timeout(10) { - echo "Cancelling previous ${APP_NAME}-${JOB_NAME} builds in progress..." - abortAllPreviousBuildInProgress(currentBuild) - } - - script { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - // Force OpenShift Plugin directives to be verbose - openshift.logLevel(1) - - // Print all environment variables - echo 'DEBUG - All pipeline environment variables:' - echo sh(returnStdout: true, script: 'env') - } - - loadCommonPipeline() - } - } - } - - stage('Build') { - agent any - steps { - script { - loadCommonPipeline() - commonPipeline.runStageBuild() - } - } - post { - success { - echo 'Cleanup App BuildConfigs...' - script { - openshift.withCluster() { - openshift.withProject(TOOLS_PROJECT) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } else { - def bcApp = openshift.selector('bc', "${REPO_NAME}-app-${JOB_NAME}") - - if(bcApp.exists()) { - echo "Removing BuildConfig ${REPO_NAME}-app-${JOB_NAME}..." - bcApp.delete() - } - } - } - } - } - } - } - } - - stage('Deploy - Dev') { - agent any - steps { - script { - loadCommonPipeline() - commonPipeline.runStageDeploy('Dev', DEV_PROJECT, DEV_HOST, PATH_ROOT) - } - } - post { - success { - script { - commonPipeline.createDeploymentStatus(DEV_PROJECT, 'SUCCESS', JOB_NAME, DEV_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Dev', 'SUCCESS') - } - } - unsuccessful { - script { - commonPipeline.createDeploymentStatus(DEV_PROJECT, 'FAILURE', JOB_NAME, DEV_HOST, PATH_ROOT) - commonPipeline.notifyStageStatus('Deploy - Dev', 'FAILURE') - } - } - } - } - } - post { - changed { - script { - // Comment on Pull Request if build changes to successful - if(currentBuild.currentResult.equalsIgnoreCase('SUCCESS')) { - echo "Posting 'PR Deployed at: https://${DEV_HOST}${PATH_ROOT}' to Pull Request..." - commonPipeline.commentOnPR("PR Deployed at: https://${DEV_HOST}${PATH_ROOT}") - } - } - } - } -} - -// -------------------- -// Supporting Functions -// -------------------- - -// Load Common Code as Global Variable -def loadCommonPipeline() { - if (!binding.hasVariable('commonPipeline')) { - commonPipeline = load "${WORKSPACE}/openshift/commonPipeline.groovy" - } -} diff --git a/README.md b/README.md index c41f680..41ce1c6 100644 --- a/README.md +++ b/README.md @@ -17,8 +17,6 @@ To learn more about the **Common Services** that are available visit the [Common openshift/ - OpenShift-deployment specific files CODE-OF-CONDUCT.md - Code of Conduct CONTRIBUTING.md - Contributing Guidelines - Jenkinsfile - Top-level Pipeline - Jenkinsfile.cicd - Pull-Request Pipeline LICENSE - License vetur.config.js - Vetur configuration diff --git a/app/.editorconfig b/app/.editorconfig index 689f0b8..fe5cb88 100644 --- a/app/.editorconfig +++ b/app/.editorconfig @@ -17,7 +17,3 @@ indent_size = 2 [.{babelrc,eslintrc}] indent_style = space indent_size = 2 - -[Jenkinsfile*] -indent_style = space -indent_size = 2 diff --git a/charts/dgrsc/README.md b/charts/dgrsc/README.md index 45a9a89..048aacd 100644 --- a/charts/dgrsc/README.md +++ b/charts/dgrsc/README.md @@ -1,4 +1,4 @@ -# dgrsc +# document-generation-showcase ![Version: 0.0.1](https://img.shields.io/badge/Version-0.0.1-informational?style=flat-square) ![Type: application](https://img.shields.io/badge/Type-application-informational?style=flat-square) ![AppVersion: 2.0.0](https://img.shields.io/badge/AppVersion-2.0.0-informational?style=flat-square) @@ -38,23 +38,9 @@ Kubernetes: `>= 1.13.0` | autoscaling.maxReplicas | int | `16` | | | autoscaling.minReplicas | int | `2` | | | autoscaling.targetCPUUtilizationPercentage | int | `80` | | -| config.configMap.CDOGS_APIURL | string | `nil` | | -| config.configMap.CDOGS_TOKENURL | string | `nil` | | | config.configMap.FRONTEND_APIPATH | string | `"api/v2"` | | -| config.configMap.FRONTEND_BASEPATH | string | `"/app"` | | -| config.configMap.FRONTEND_DASHBOARDURL | string | `nil` | | -| config.configMap.FRONTEND_KC_CLIENTID | string | `nil` | | -| config.configMap.FRONTEND_KC_REALM | string | `nil` | | -| config.configMap.FRONTEND_KC_SERVERURL | string | `nil` | | | config.configMap.SERVER_APIPATH | string | `"/api/v2"` | | -| config.configMap.SERVER_BASEPATH | string | `"/app"` | | | config.configMap.SERVER_BODYLIMIT | string | `"30mb"` | | -| config.configMap.SERVER_HOSTURL | string | `nil` | | -| config.configMap.SERVER_KC_PUBLICKEY | string | `nil` | | -| config.configMap.SERVER_KC_REALM | string | `nil` | | -| config.configMap.SERVER_KC_SERVERURL | string | `nil` | | -| config.configMap.SERVER_LOGLEVEL | string | `"http"` | | -| config.configMap.SERVER_PORT | string | `"8080"` | | | config.enabled | bool | `false` | | | config.releaseScoped | bool | `false` | | | failurePolicy | string | `"Retry"` | | diff --git a/charts/dgrsc/templates/deploymentconfig.yaml b/charts/dgrsc/templates/deploymentconfig.yaml index 74430a5..0ad5527 100644 --- a/charts/dgrsc/templates/deploymentconfig.yaml +++ b/charts/dgrsc/templates/deploymentconfig.yaml @@ -39,22 +39,22 @@ spec: ports: - containerPort: {{ .Values.service.port }} protocol: TCP - # livenessProbe: - # failureThreshold: 3 - # httpGet: - # path: {{ .Values.route.path }} - # port: {{ .Values.service.port }} - # scheme: HTTP - # initialDelaySeconds: 10 - # timeoutSeconds: 1 - # readinessProbe: - # failureThreshold: 3 - # httpGet: - # path: {{ .Values.route.path }} - # port: {{ .Values.service.port }} - # scheme: HTTP - # initialDelaySeconds: 10 - # timeoutSeconds: 1 + livenessProbe: + failureThreshold: 3 + httpGet: + path: {{ .Values.route.path }} + port: {{ .Values.service.port }} + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 + readinessProbe: + failureThreshold: 3 + httpGet: + path: {{ .Values.route.path }} + port: {{ .Values.service.port }} + scheme: HTTP + initialDelaySeconds: 10 + timeoutSeconds: 1 resources: {{ toYaml .Values.resources | nindent 12 }} env: - name: NODE_ENV @@ -64,12 +64,12 @@ spec: valueFrom: secretKeyRef: key: username - name: app-keycloak-secret + name: {{ include "dgrsc.name" . }}-keycloak-secret - name: SERVER_KC_CLIENTSECRET valueFrom: secretKeyRef: key: password - name: app-keycloak-secret + name: {{ include "dgrsc.name" . }}-keycloak-secret - name: CDOGS_CLIENTID valueFrom: secretKeyRef: diff --git a/openshift/README.md b/openshift/README.md deleted file mode 100644 index 7ab33cc..0000000 --- a/openshift/README.md +++ /dev/null @@ -1,142 +0,0 @@ -# Keycloak - -Login to [dev](https://dev.oidc.gov.bc.ca/auth/admin/98r0z7rz/console/#/realms/98r0z7rz/clients) to get client secrets or add users to groups. - -## Clients - -| Name | Description | -| ---- | --- | -| dgrsc | this is for the node backend to protect the calls to CDOGS. this client contains roles | -| dgrsc-frontend | this is a **public** client for the ui, it uses dgrsc scopes to return dgrsc roles the user is in. There are no credentials for this client, it is guarded by web-origins and allowed redirects in Keycloak.| -| dgrsc-local | configured for localhost:8080, local development. | -| dgrsc-frontend-local | configured for localhost:8080, local development.| - -## Client Scope - -**dgrsc** - Both the backend and frontend clients include **dgrsc** as a default client scope. - -## Groups - -**DGRSC Users** - maps to the dgrsc (client) role: user. Add keycloak users to this group to get access to secured areas in DGRSC and to call the DGRSC backend (protects CDOGS calls). - -Add users to the **DGRSC Users** group. - -## Openshift Manual Configuration and Deployment - -We assume you are logged into OpenShift and are in the repo/openshift local directory. We will run the scripts from there. - -### Add Default Kubernetes Network Policies - -Before deploying, ensure that you have the Network Policies `deny-by-default` and `allow-from-openshift-ingress` by running the following: - -``` sh -export NAMESPACE=bb0279-prod - -oc process -n $NAMESPACE -f https://raw.githubusercontent.com/wiki/bcgov/nr-get-token/assets/templates/default.np.yaml | oc apply -n $NAMESPACE -f - -``` - -### Set up environment parameters - -Replace the following values as necessary. - -Some notes: - -- **FRONTEND\_APIPATH** has no beginning '/', that is so it will always call the relative api. -- **SERVER\_KC\_PUBLICKEY** is the Keycloak Public Key which can be found in the Keycloak Admin Panel under Realm Settings > Keys. Look for the Public key button (normally under RS256 row), and click to see the key. The key should begin with a pattern of `MIIBIjANB...`. - -``` sh -export NAMESPACE=bb0279-dev - -export APP_NAME=dgrsc -export JOB_NAME=pr-x -export REPO_NAME=document-generation-showcase -export SOURCE_REPO_URL=https://github.com/bcgov/document-generation-showcase -export SOURCE_REPO_REF=master - -export SERVER_KC_CLIENTID=dgrsc-backend-1234 -export SERVER_KC_CLIENTSECRET= -export CDOGS_CLIENTID=DGRSC_SERVICE_CLIENT -export CDOGS_CLIENTSECRET= - -export FRONTEND_KC_CLIENTID=dgrsc-frontend-1234 -export FRONTEND_KC_REALM=standard -export FRONTEND_KC_SERVERURL=https://dev.loginproxy.gov.bc.ca/auth -export FRONTEND_APIPATH=api/v2 -export FRONTEND_DASHBOARDURL= -export SERVER_KC_PUBLICKEY=MIIBIjANB... -export SERVER_KC_REALM=standard -export SERVER_KC_SERVERURL=https://dev.loginproxy.gov.bc.ca/auth -export SERVER_LOGLEVEL=info -export SERVER_MORGANFORMAT=dev -export SERVER_PORT=8080 -export SERVER_BODYLIMIT=30mb -export SERVER_APIPATH=/api/v2 -export CDOGS_TOKENURL=https://dev.loginproxy.gov.bc.ca/auth/realms/standard/protocol/openid-connect/token -export CDOGS_APIURL=https://cdogs-dev.api.gov.bc.ca/api/v2 -``` - -### Create secrets and config map - -``` sh -oc create secret -n $NAMESPACE generic app-keycloak-secret --from-literal=username=$SERVER_KC_CLIENTID --from-literal=password=$SERVER_KC_CLIENTSECRET --type=kubernetes.io/basic-auth -``` - -``` sh -oc create secret -n $NAMESPACE generic cdogs-service-secret --from-literal=username=$CDOGS_CLIENTID --from-literal=password=$CDOGS_CLIENTSECRET --type=kubernetes.io/basic-auth -``` - -``` sh -oc create configmap -n $NAMESPACE dgrsc-frontend-config --from-literal=FRONTEND_KC_CLIENTID=$FRONTEND_KC_CLIENTID --from-literal=FRONTEND_KC_REALM=$FRONTEND_KC_REALM --from-literal=FRONTEND_KC_SERVERURL=$FRONTEND_KC_SERVERURL --from-literal=FRONTEND_APIPATH=$FRONTEND_APIPATH ---from-literal=FRONTEND_DASHBOARDURL=$FRONTEND_DASHBOARDURL -``` - -``` sh -oc create configmap -n $NAMESPACE dgrsc-server-config --from-literal=SERVER_KC_PUBLICKEY=$SERVER_KC_PUBLICKEY --from-literal=SERVER_KC_REALM=$SERVER_KC_REALM --from-literal=SERVER_KC_SERVERURL=$SERVER_KC_SERVERURL --from-literal=SERVER_LOGLEVEL=$SERVER_LOGLEVEL --from-literal=SERVER_MORGANFORMAT=$SERVER_MORGANFORMAT --from-literal=SERVER_PORT=$SERVER_PORT --from-literal=SERVER_BODYLIMIT=$SERVER_BODYLIMIT --from-literal=SERVER_APIPATH=$SERVER_APIPATH -``` - -``` sh -oc create configmap -n $NAMESPACE dgrsc-services-config --from-literal=CDOGS_TOKENURL=$CDOGS_TOKENURL --from-literal=CDOGS_APIURL=$CDOGS_APIURL -``` - -### Run the build config - -``` sh -oc -n $NAMESPACE process -f app.bc.yaml -p REPO_NAME=$REPO_NAME -p JOB_NAME=$JOB_NAME -p SOURCE_REPO_URL=$SOURCE_REPO_URL -p SOURCE_REPO_REF=$SOURCE_REPO_REF -o yaml | oc -n $NAMESPACE create -f - - -oc -n $NAMESPACE start-build dgrsc-pr-x-app - -oc logs build/dgrsc-pr-x-app-1 --follow -``` - -### Additional environment and pr specific configuration - -We will expect the following two environment variables to be created and populated in the pipeline. - -These will be used to populate additional configuration required for the application. - -FRONTEND\_BASEPATH and SERVER\_BASEPATH = ROUTE\_PATH -SERVER\_HOST\_URL = https://${ROUTE\_HOST}${ROUTE\_PATH} - -``` sh -export ROUTE_HOST=$APP_NAME-dev.pathfinder.gov.bc.ca -export ROUTE_PATH=/pr-x -``` - -### Run the deployment config - -``` sh -oc -n $NAMESPACE process -f app.dc.yaml -p REPO_NAME=$REPO_NAME -p JOB_NAME=$JOB_NAME -p NAMESPACE=$NAMESPACE -p APP_NAME=$APP_NAME -p ROUTE_HOST=$ROUTE_HOST -p ROUTE_PATH=$ROUTE_PATH -o yaml | oc -n $NAMESPACE create -f - - -oc -n $NAMESPACE rollout latest dc/dgrsc-pr-x-app -``` - -### Clean up the namespace - -``` sh -oc -n $NAMESPACE delete all,template,secret,configmap,pvc,serviceaccount,rolebinding --selector app=$APP_NAME-$JOB_NAME -oc -n $NAMESPACE delete configmap dgrsc-frontend-config -oc -n $NAMESPACE delete configmap dgrsc-server-config -oc -n $NAMESPACE delete configmap dgrsc-services-config -oc -n $NAMESPACE delete secret app-keycloak-secret -oc -n $NAMESPACE delete secret cdogs-service-secret -``` diff --git a/openshift/app.bc.yaml b/openshift/app.bc.yaml deleted file mode 100644 index 349b1df..0000000 --- a/openshift/app.bc.yaml +++ /dev/null @@ -1,77 +0,0 @@ ---- -apiVersion: v1 -kind: Template -labels: - build: "${REPO_NAME}-app" - template: "${REPO_NAME}-app-bc-template" -metadata: - name: "${REPO_NAME}-app-bc" -objects: - - apiVersion: v1 - kind: ImageStream - metadata: - name: "${REPO_NAME}-app" - spec: - lookupPolicy: - local: false - - apiVersion: v1 - kind: BuildConfig - metadata: - name: "${REPO_NAME}-app-${JOB_NAME}" - spec: - completionDeadlineSeconds: 600 - failedBuildsHistoryLimit: 3 - nodeSelector: - output: - to: - kind: ImageStreamTag - name: "${REPO_NAME}-app:latest" - postCommit: {} - resources: - requests: - cpu: 2000m - memory: 1Gi - limits: - cpu: 4000m - memory: 6Gi - runPolicy: SerialLatestOnly - source: - contextDir: app - git: - ref: "${SOURCE_REPO_REF}" - uri: "${SOURCE_REPO_URL}" - type: Git - dockerfile: |- - FROM BuildConfig - ENV NO_UPDATE_NOTIFIER=true - WORKDIR /opt/app-root/src - COPY . . - RUN npm run all:ci \ - && npm run all:build \ - && npm run frontend:purge - EXPOSE 8888 - CMD ["npm", "run", "start"] - strategy: - dockerStrategy: - from: - kind: DockerImage - name: docker.io/node:16.13.1-alpine - type: Docker - successfulBuildsHistoryLimit: 3 -parameters: - - name: REPO_NAME - description: Application repository name - displayName: Repository Name - required: true - - name: JOB_NAME - description: Job identifier (i.e. 'pr-5' OR 'master') - displayName: Job Branch Name - required: true - - name: SOURCE_REPO_REF - description: Git Pull Request Reference (i.e. 'pull/CHANGE_ID/head') - displayName: Source Repository Reference - required: true - - name: SOURCE_REPO_URL - description: Git Repository URL - displayName: Source Repository URL - required: true diff --git a/openshift/app.dc.yaml b/openshift/app.dc.yaml deleted file mode 100644 index 4f1944d..0000000 --- a/openshift/app.dc.yaml +++ /dev/null @@ -1,195 +0,0 @@ ---- -apiVersion: v1 -kind: Template -labels: - app.kubernetes.io/component: app - app.kubernetes.io/instance: "${APP_NAME}-${JOB_NAME}" - app.kubernetes.io/managed-by: jenkins - app.kubernetes.io/name: nodejs - app.kubernetes.io/part-of: "${APP_NAME}-${JOB_NAME}" - app: "${APP_NAME}-${JOB_NAME}" - template: "${REPO_NAME}-app-dc-template" -metadata: - name: "${REPO_NAME}-app-dc" -objects: - - apiVersion: v1 - kind: DeploymentConfig - metadata: - name: "${APP_NAME}-app-${JOB_NAME}" - spec: - replicas: 2 - revisionHistoryLimit: 10 - selector: - app: "${APP_NAME}-${JOB_NAME}" - deploymentconfig: "${APP_NAME}-app-${JOB_NAME}" - role: app - strategy: - type: Rolling - resources: {} - rollingParams: - timeoutSeconds: 600 - template: - metadata: - labels: - app: "${APP_NAME}-${JOB_NAME}" - deploymentconfig: "${APP_NAME}-app-${JOB_NAME}" - role: app - spec: - containers: - - name: app - image: "${IMAGE_REGISTRY}/${NAMESPACE}/${REPO_NAME}-app:${JOB_NAME}" - imagePullPolicy: IfNotPresent - livenessProbe: - httpGet: - path: "${ROUTE_PATH}" - port: 8888 - scheme: HTTP - initialDelaySeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - ports: - - containerPort: 8888 - protocol: TCP - readinessProbe: - httpGet: - path: "${ROUTE_PATH}" - port: 8888 - scheme: HTTP - initialDelaySeconds: 10 - timeoutSeconds: 1 - failureThreshold: 3 - resources: - requests: - cpu: "${CPU_REQUEST}" - memory: "${MEMORY_REQUEST}" - limits: - cpu: "${CPU_LIMIT}" - memory: "${MEMORY_LIMIT}" - env: - - name: NODE_ENV - value: production - - name: FRONTEND_BASEPATH - value: "${ROUTE_PATH}" - - name: SERVER_BASEPATH - value: "${ROUTE_PATH}" - - name: SERVER_HOSTURL - value: https://${ROUTE_HOST}${ROUTE_PATH} - - name: SERVER_KC_CLIENTID - valueFrom: - secretKeyRef: - key: username - name: app-keycloak-secret - - name: SERVER_KC_CLIENTSECRET - valueFrom: - secretKeyRef: - key: password - name: app-keycloak-secret - - name: CDOGS_CLIENTID - valueFrom: - secretKeyRef: - key: username - name: cdogs-service-secret - - name: CDOGS_CLIENTSECRET - valueFrom: - secretKeyRef: - key: password - name: cdogs-service-secret - envFrom: - - configMapRef: - name: dgrsc-frontend-config - - configMapRef: - name: dgrsc-server-config - - configMapRef: - name: dgrsc-services-config - restartPolicy: Always - terminationGracePeriodSeconds: 30 - test: false - triggers: - - type: ConfigChange - - imageChangeParams: - automatic: true - containerNames: - - app - from: - kind: ImageStreamTag - name: "${REPO_NAME}-app:${JOB_NAME}" - namespace: "${NAMESPACE}" - type: ImageChange - - apiVersion: v1 - kind: Service - metadata: - name: "${APP_NAME}-app-${JOB_NAME}" - spec: - ports: - - name: 8888-tcp - port: 8888 - protocol: TCP - targetPort: 8888 - selector: - app: "${APP_NAME}-${JOB_NAME}" - deploymentconfig: "${APP_NAME}-app-${JOB_NAME}" - role: app - sessionAffinity: None - - apiVersion: v1 - kind: Route - metadata: - name: "${APP_NAME}-app-${JOB_NAME}" - spec: - host: "${ROUTE_HOST}" - path: "${ROUTE_PATH}" - port: - targetPort: 8888-tcp - tls: - insecureEdgeTerminationPolicy: Redirect - termination: edge - to: - kind: Service - name: "${APP_NAME}-app-${JOB_NAME}" - weight: 100 - wildcardPolicy: None -parameters: - - name: APP_NAME - description: Application name - displayName: Application name - required: true - - name: ROUTE_HOST - description: The host the route will use to expose service outside cluster - displayName: Route host - required: true - - name: ROUTE_PATH - description: Configure the route path (ex. /pr-5 or /app), also used for FRONTEND_BASEPATH - displayName: Route path - required: true - - name: JOB_NAME - description: Job identifier (i.e. 'pr-5' OR 'master') - displayName: Job Branch Name - required: true - - name: IMAGE_REGISTRY - description: The base OpenShift docker registry - displayName: Docker Image Registry - required: true - value: image-registry.openshift-image-registry.svc:5000 - - name: NAMESPACE - description: Target namespace reference (i.e. 'wfezkf-dev') - displayName: Target Namespace - required: true - - name: REPO_NAME - description: Application repository name - displayName: Repository Name - required: true - - name: CPU_LIMIT - description: Limit Peak CPU per pod (in millicores ex. 1000m) - displayName: CPU Limit - value: 250m - - name: CPU_REQUEST - description: Requested CPU per pod (in millicores ex. 500m) - displayName: CPU Request - value: 50m - - name: MEMORY_LIMIT - description: Limit Peak Memory per pod (in gigabytes Gi or megabytes Mi ex. 2Gi) - displayName: Memory Limit - value: 1Gi - - name: MEMORY_REQUEST - description: Requested Memory per pod (in gigabytes Gi or megabytes Mi ex. 500Mi) - displayName: Memory Request - value: 256Mi diff --git a/openshift/commonPipeline.groovy b/openshift/commonPipeline.groovy deleted file mode 100644 index 31221c9..0000000 --- a/openshift/commonPipeline.groovy +++ /dev/null @@ -1,149 +0,0 @@ -#!groovy -import bcgov.GitHubHelper - -// --------------- -// Pipeline Stages -// --------------- - -// Build Images -def runStageBuild() { - openshift.withCluster() { - openshift.withProject(TOOLS_PROJECT) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } - - try { - notifyStageStatus('Build App', 'PENDING') - - echo "Processing BuildConfig ${REPO_NAME}-app-${JOB_NAME}..." - def bcApp = openshift.process('-f', - 'openshift/app.bc.yaml', - "REPO_NAME=${REPO_NAME}", - "JOB_NAME=${JOB_NAME}", - "SOURCE_REPO_URL=${SOURCE_REPO_URL}", - "SOURCE_REPO_REF=${SOURCE_REPO_REF}" - ) - - echo "Building ImageStream..." - openshift.apply(bcApp).narrow('bc').startBuild('-w').logs('-f') - - echo "Tagging Image ${REPO_NAME}-app:latest..." - openshift.tag("${REPO_NAME}-app:latest", - "${REPO_NAME}-app:${JOB_NAME}" - ) - - echo 'App build successful' - notifyStageStatus('Build App', 'SUCCESS') - } catch (e) { - echo 'App build failed' - notifyStageStatus('Build App', 'FAILURE') - throw e - } - } - } -} - -// Deploy Application and Dependencies -def runStageDeploy(String stageEnv, String projectEnv, String hostEnv, String pathEnv) { - if (!stageEnv.equalsIgnoreCase('Dev')) { - input("Deploy to ${projectEnv}?") - } - - openshift.withCluster() { - openshift.withProject(projectEnv) { - if(DEBUG_OUTPUT.equalsIgnoreCase('true')) { - echo "DEBUG - Using project: ${openshift.project()}" - } - - notifyStageStatus("Deploy - ${stageEnv}", 'PENDING') - createDeploymentStatus(projectEnv, 'PENDING', JOB_NAME, hostEnv, pathEnv) - - echo "Checking for ConfigMaps and Secrets in project ${openshift.project()}..." - if(!(openshift.selector('cm', "dgrsc-frontend-config").exists() && - openshift.selector('cm', "dgrsc-server-config").exists() && - openshift.selector('cm', "dgrsc-services-config").exists() && - openshift.selector('secret', "app-keycloak-secret").exists() && - openshift.selector('secret', "cdogs-service-secret").exists())) { - echo 'Some ConfigMaps and/or Secrets are missing. Please consult the openshift readme for details.' - throw new Exception('Missing ConfigMaps and/or Secrets') - } - - // Wait for deployments to roll out - timeout(time: 10, unit: 'MINUTES') { - // Apply App Server - echo "Tagging Image ${REPO_NAME}-app:${JOB_NAME}..." - openshift.tag("${TOOLS_PROJECT}/${REPO_NAME}-app:${JOB_NAME}", "${REPO_NAME}-app:${JOB_NAME}") - - echo "Processing DeploymentConfig ${REPO_NAME}-app-${JOB_NAME}..." - def dcAppTemplate = openshift.process('-f', - 'openshift/app.dc.yaml', - "REPO_NAME=${REPO_NAME}", - "JOB_NAME=${JOB_NAME}", - "NAMESPACE=${projectEnv}", - "APP_NAME=${APP_NAME}", - "ROUTE_HOST=${hostEnv}", - "ROUTE_PATH=${pathEnv}" - ) - - echo "Applying ${REPO_NAME}-app-${JOB_NAME} Deployment..." - def dcApp = openshift.apply(dcAppTemplate).narrow('dc') - dcApp.rollout().status('--watch=true') - } - } - } -} - -// -------------------- -// Supporting Functions -// -------------------- - -// Notify stage status and pass to Jenkins-GitHub library -def notifyStageStatus(String name, String status) { - def sha1 = GIT_COMMIT - if(JOB_BASE_NAME.startsWith('PR-')) { - sha1 = GitHubHelper.getPullRequestLastCommitId(this) - } - - GitHubHelper.createCommitStatus( - this, sha1, status, BUILD_URL, '', "Stage: ${name}" - ) -} - -// Create deployment status and pass to Jenkins-GitHub library -def createDeploymentStatus(String environment, String status, String jobName, String hostEnv, String pathEnv) { - // library createDeploymentStatus is busted - skipping for now - // def task = (JOB_BASE_NAME.startsWith('PR-')) ? "deploy:pull:${CHANGE_ID}" : "deploy:${jobName}" - // def ghDeploymentId = new GitHubHelper().createDeployment( - // this, - // SOURCE_REPO_REF, - // [ - // 'environment': environment, - // 'task': task - // ] - // ) - - // new GitHubHelper().createDeploymentStatus( - // this, - // ghDeploymentId, - // status, - // ['targetUrl': "https://${hostEnv}${pathEnv}"] - // ) - - if (status.equalsIgnoreCase('SUCCESS')) { - echo "${environment} deployment successful at https://${hostEnv}${pathEnv}" - } else if (status.equalsIgnoreCase('PENDING')) { - echo "${environment} deployment pending..." - } else if (status.equalsIgnoreCase('FAILURE')) { - echo "${environment} deployment failed" - } -} - -// Creates a comment and pass to Jenkins-GitHub library -def commentOnPR(String comment) { - if(JOB_BASE_NAME.startsWith('PR-')) { - GitHubHelper.commentOnPullRequest(this, comment) - } -} - -return this