diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index b03350a6..51fe72c6 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -11,11 +11,10 @@ jobs: with: python-version: 3.8 - - run: pip install -r requirements/requirements.txt - - uses: TrueBrain/actions-flake8@v2 with: - plugins: flake8-isort + flake8_version: 6.0.0 + plugins: flake8-isort~=6.0 requirements: runs-on: ubuntu-latest diff --git a/.github/workflows/re-status.yml b/.github/workflows/re-status.yml index 770a4891..ea269c0f 100644 --- a/.github/workflows/re-status.yml +++ b/.github/workflows/re-status.yml @@ -22,8 +22,6 @@ on: # Optional AWS_ROLE_ARN: required: false - AWS_REGION: - required: false jobs: @@ -35,7 +33,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION || 'us-west-2' }} + AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-west-2' }} steps: - uses: actions/checkout@v3 @@ -67,7 +65,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION || 'us-west-2' }} + AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-west-2' }} steps: - uses: actions/checkout@v3 diff --git a/.github/workflows/re-test-e2e.yml b/.github/workflows/re-test-e2e.yml index 569495b0..3654a44a 100644 --- a/.github/workflows/re-test-e2e.yml +++ b/.github/workflows/re-test-e2e.yml @@ -20,8 +20,6 @@ on: # Optional AWS_ROLE_ARN: required: false - AWS_REGION: - required: false URS_CLIENT_ID: required: false EDL_APP_UID: @@ -39,7 +37,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} + AWS_DEFAULT_REGION: ${{ vars.AWS_REGION }} DEPENDENCY_NAME: tea-dependencylayer-run.${{ github.run_id }}.zip CODE_NAME: tea-code-run.${{ github.run_id }}.zip YAML_NAME: tea-cloudformation-run.${{ github.run_id }}.yaml diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 36c24792..398def7e 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -14,37 +14,14 @@ jobs: with: environment: prod - # The secrets context is not supported on job level `if`. So we need to hack around it: - # https://github.com/actions/runner/issues/520#issuecomment-907427748 - check-tests: - runs-on: ubuntu-latest - outputs: - run-tests: ${{ steps.eval.outputs.val }} - steps: - - id: eval - env: - RUN_TESTS: ${{ secrets.RUN_TESTS }} - if: "${{ env.RUN_TESTS == 'true' }}" - run: echo "val=yes" >> $GITHUB_OUTPUT - test-e2e: needs: - build - - check-tests - if: needs.check-tests.outputs.run-tests == 'yes' + if: ${{ vars.RUN_TESTS }} uses: ./.github/workflows/re-test-e2e.yml with: environment: test - secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_REGION: ${{ secrets.AWS_REGION }} - URS_USERNAME: ${{ secrets.URS_USERNAME }} - URS_PASSWORD: ${{ secrets.URS_PASSWORD }} - URS_CLIENT_ID: ${{ secrets.URS_CLIENT_ID }} - EDL_APP_UID: ${{ secrets.EDL_APP_UID }} - EDL_APP_PASSWORD: ${{ secrets.EDL_APP_PASSWORD }} + secrets: inherit publish: runs-on: ubuntu-latest @@ -57,7 +34,7 @@ jobs: AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION || 'us-west-2' }} + AWS_DEFAULT_REGION: ${{ vars.AWS_REGION || 'us-west-2' }} steps: - uses: actions/checkout@v3 @@ -137,8 +114,4 @@ jobs: environment: prod build_tag: ${{ needs.build.outputs.version }} success: ${{ needs.build.result != 'failure' && needs.publish.result != 'failure' }} - secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_REGION: ${{ secrets.AWS_REGION }} + secrets: inherit diff --git a/.github/workflows/test-e2e.yml b/.github/workflows/test-e2e.yml index 02c6f528..e237f85f 100644 --- a/.github/workflows/test-e2e.yml +++ b/.github/workflows/test-e2e.yml @@ -12,40 +12,14 @@ jobs: with: environment: prod - # The secrets context is not supported on job level `if`. So we need to hack around it: - # https://github.com/actions/runner/issues/520#issuecomment-907427748 - check-tests: - runs-on: ubuntu-latest - outputs: - run-tests: ${{ steps.eval.outputs.val }} - steps: - - id: eval - env: - RUN_TESTS: ${{ secrets.RUN_TESTS }} - if: "${{ env.RUN_TESTS == 'true' }}" - run: echo "val=yes" >> $GITHUB_OUTPUT - test-e2e: needs: - build - - check-tests - if: needs.check-tests.outputs.run-tests == 'yes' + if: ${{ vars.RUN_TESTS }} uses: ./.github/workflows/re-test-e2e.yml with: environment: test - # Reusable workflows + Environments behave very strangely - # https://github.com/AllanOricil/workflow-template-bug/blob/fc8ae4264938adb560fa6928cb19c69d110d8bbd/.github/workflows/workflow-inplementation.yml#L46 - # Yea, seriously hope this gets fixed!!!!! - secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_REGION: ${{ secrets.AWS_REGION }} - URS_USERNAME: ${{ secrets.URS_USERNAME }} - URS_PASSWORD: ${{ secrets.URS_PASSWORD }} - URS_CLIENT_ID: ${{ secrets.URS_CLIENT_ID }} - EDL_APP_UID: ${{ secrets.EDL_APP_UID }} - EDL_APP_PASSWORD: ${{ secrets.EDL_APP_PASSWORD }} + secrets: inherit status: if: always() @@ -57,8 +31,4 @@ jobs: environment: prod build_tag: ${{ needs.build.outputs.version }} success: ${{ needs.build.result != 'failure' && needs.test-e2e.result != 'failure' }} - secrets: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_ROLE_ARN: ${{ secrets.AWS_ROLE_ARN }} - AWS_REGION: ${{ secrets.AWS_REGION }} + secrets: inherit diff --git a/build/Jenkinsfile b/build/Jenkinsfile deleted file mode 100644 index c7ca254f..00000000 --- a/build/Jenkinsfile +++ /dev/null @@ -1,358 +0,0 @@ -pipeline { - - /* Parameters are commented out to prevent trouble when using this file with different Jenkins builds.defaultValue - It is provided here as a reference, please manually enter params in Jenkins GUI - - parameters { - - string(name: 'APPTAG', defaultValue: 'teatest', description: '') - choice(name: 'MATURITY', choices: ['DEV', 'INT', 'TEST', 'PROD'], description: 'The MATURITY (AWS) account to deploy') - - choice(name: 'CHAT_ROOM', choices: ['rain-jenkinsnotifications', 'raindev', 'rain', 'bbarton-scratch'], description: 'MatterMost chat room to post notifications during deployment') - credentials( - name: 'CHATSERVER_SECRET_URL_ID', - credentialType: 'com.cloudbees.plugins.credentials.impl.SecretTextCredentialsImpl', - defaultValue: 'mattermost_webhook_url', - description: 'Chatserver URL, including secret token in path', - required: true - ) - credentials( - name: 'AWSCREDS', - description: 'creds for AWS account where stack resides', - defaultValue: 'ASF-117169578524', - credentialType: 'com.cloudbees.jenkins.plugins.awscredentials.AWSCredentialsImpl', - required: true - ) - credentials( - name: 'URS_ACCT', - credentialType: 'com.cloudbees.plugins.credentials.impl.UsernamePasswordCredentialsImpl', - defaultValue: 'URS-asf_automated_testing', - description: 'urs_client_id and urs_password for cumulus', - required: true - ) - choice(name: 'URS_URL', choices: ['https://urs.earthdata.nasa.gov', - 'https://uat.urs.earthdata.nasa.gov', - 'https://sit.urs.earthdata.nasa.gov', - 'https://sbx.urs.earthdata.nasa.gov'], - description: 'Which URS to use for auth') - string(name: 'URS_CREDS_SECRET_NAME', defaultValue: 'URS_creds_ASF_DATA_ACCESS_EGRESS_CONTROL', description: '') - string(name: 'JWTKEYSECRETNAME', defaultValue: 'bbarton_rsa_keys_4_jwt', description: '') - string(name: 'DOMAIN_NAME', defaultValue: 'tea-test-jenk-0.asf.alaska.edu', description: '') - string(name: 'COOKIE_DOMAIN', defaultValue: '.asf.alaska.edu', description: '') - string(name: 'DOWNLOAD_ROLE_ARN', defaultValue: 'arn:aws:iam::820203326710:role/AccessToNGAP2wSentinel', description: '') - string(name: 'DOWNLOAD_ROLE_ARN_INREGION', defaultValue: 'arn:aws:iam::820203326710:role/EcsS3ReadOnly-inregion-us-west-2', description: '') - string(name: 'BUCKETNAME_PREFIX', defaultValue: 'rain-uw2-t-', description: '') - string(name: 'DOMAIN_CERT_ARN', defaultValue: 'arn:aws:acm:us-east-1:117169578524:certificate/1f3945cf-cac7-4d75-ad8d-b8920534fea2', description: '') - - - } */ - - // Environment Setup - environment { - AWS_DEFAULT_REGION="us-west-2" - AWSENV="" - NEWTAG="build.${BUILD_NUMBER}" - BUILDTAG="${APPTAG}-${NEWTAG}" - CODE_ARCHIVE_FILENAME="${APPTAG}-code-${NEWTAG}.zip" - CF_TEMPLATE_FILENAME="${APPTAG}-cloudformation-${NEWTAG}.yaml" - TF_ZIP_FILENAME="tea-terraform-${NEWTAG}.zip" - CODE_BUCKET="asf.rain.code" - CODE_PUBLIC_BUCKETNAME="asf.public.code" - CODE_DIR="thin-egress-app" - STACKNAME_SAME="${APPTAG}-jenk-same" - STACKNAME_SCND="${APPTAG}-jenk-scnd" - URS_CREDS_SECRET_NAME="${URS_CREDS_SECRET_NAME}" - DEPENDENCY_LAYER_FILENAME="${env.APPTAG}-dependencylayer-${env.NEWTAG}.zip" - DOCKERREPO="docker-registry.asf.alaska.edu:5000" - JWTKEYSECRETNAME="${JWTKEYSECRETNAME}" - JWTALGO="RS256" - ZIPFILENAME="${DEPENDENCY_LAYER_FILENAME}" - LAMBDA_TIMEOUT=10 - LAMBDA_MEMORY=128 - AWS_BIN="/usr/local/bin/aws" - CODE_BUCKET_SUFFIX="""${sh(script:'if [ "${AWS_DEFAULT_REGION}" = "us-west-2" ]; then printf %s ".usw2"; else printf %s ""; fi', returnStdout: true)}""" - CHATSERVER_SECRET_URL = credentials("${params.CHATSERVER_SECRET_URL_ID}") - GIT_CREDS_ID = "6af85197-f063-4c10-aa7e-04c881211997" - USE_CORS = "${params.USE_CORS}" - } - - // Build on a slave with docker on kubernetes - agent { - kubernetes { - yamlFile 'build/k8s.yaml' - } - } - stages { - - // just sort of assess the environment - stage('Setup Env') { - steps { - container('tea-container') { - - // Send chat notification - mattermostSend( - channel: "${CHAT_ROOM}", - color: '#EAEA5C', - endpoint: "${env.CHATSERVER_SECRET_URL}", - message: "Build started: ${env.JOB_NAME} ${env.BUILD_NUMBER}, branch: ${GIT_BRANCH} (<${env.BUILD_URL}|Open>). See (<{$env.RUN_CHANGES_DISPLAY_URL}|Changes>)." - ) - withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: "${env.AWSCREDS}"]]) { - // Dump ENV - sh 'tree' - sh 'pwd' - sh 'env' - } - - // show us the params: - echo "params.APPTAG: ${params.APPTAG}" - echo "params.NEWTAG: ${params.NEWTAG}" - echo "params.AWSCREDS: ${params.AWSCREDS}" - echo "params.URS_ACCT: ${params.URS_ACCT}" - echo "params.CHATHOST: ${params.CHATHOST}" - echo "params.CHAT_ROOM: ${params.CHAT_ROOM}" - echo "params.MATURITY: ${params.MATURITY}" - echo "params.URS_CREDS_SECRET_NAME: ${params.URS_CREDS_SECRET_NAME}" - echo "params.JWTKEYSECRETNAME: ${params.JWTKEYSECRETNAME}" - echo "params.DOMAIN_NAME: ${params.DOMAIN_NAME}" - echo "params.DOWNLOAD_ROLE_ARN: ${params.DOWNLOAD_ROLE_ARN}" - echo "params.DOWNLOAD_ROLE_ARN_INREGION: ${params.DOWNLOAD_ROLE_ARN_INREGION}" - echo "params.BUCKETNAME_PREFIX: ${params.BUCKETNAME_PREFIX}" - echo "params.AWS_DEFAULT_REGION: ${params.AWS_DEFAULT_REGION}" - echo "params.DOMAIN_CERT_ARN: ${params.DOMAIN_CERT_ARN}" - echo "params.AWSCREDS_TEA_DEPLOY: ${params.AWSCREDS_TEA_DEPLOY}" - echo "params.COOKIE_DOMAIN: ${params.COOKIE_DOMAIN}" - - // Clear out Makefile config - sh 'echo "" > Makefile.config' - } - } - } - stage('Package Dependency Layer') { - steps { - container('layer-builder') { - sh "echo '>> Building dependency layer....'" - // We're already running in the right container so tell make to run without docker - sh "make dependencies DOCKER_COMMAND=" - sh "cp ${WORKSPACE}/dist/thin-egress-app-dependencies.zip ${WORKSPACE}/${DEPENDENCY_LAYER_FILENAME}" - - sh 'echo "finished depbuilder, now looking in some dirs" && cd "$WORKSPACE" && ls -lah' - } - } - } - // Package code - stage('Package Code') { - steps { - container('tea-container') { - sh "echo '>> Building lambda code....'" - sh "make code BUILD_ID=${BUILDTAG}" - sh "cp ${WORKSPACE}/dist/thin-egress-app-code.zip ${WORKSPACE}/${CODE_ARCHIVE_FILENAME}" - - sh "echo '>> Building CloudFormation yaml....'" - sh """ make yaml \ - CF_DEFAULT_CODE_BUCKET=${CODE_BUCKET} \ - CF_DEFAULT_DEPENDENCY_ARCHIVE_KEY=${CODE_DIR}/${DEPENDENCY_LAYER_FILENAME} \ - CF_DEFAULT_CODE_ARCHIVE_KEY=${CODE_DIR}/${CODE_ARCHIVE_FILENAME} \ - CF_BUILD_VERSION=${BUILD_ID} \ - CF_DESCRIPTION="TEA built by Jenkins job ${JOB_NAME}, ${BUILDTAG}" """ - sh "cp ${WORKSPACE}/dist/thin-egress-app.yaml ${WORKSPACE}/cloudformation/thin-egress-app.yaml" - - // Zip up terraform - sh "echo '>> Building Terraform Zip....'" - sh "make terraform" - sh "cp ${WORKSPACE}/dist/thin-egress-app-terraform.zip ${WORKSPACE}/${TF_ZIP_FILENAME}" - } - } - } - // Push packages to AWS and deploy new version - stage('Push to AWS') { - steps { - container('tea-container') { - withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: "${env.AWSCREDS}"]]) { - - - // Push the code up to private bucket - sh "echo '>> Pushing dependencylayer to ASF Bucket'" - sh "${AWS_BIN} s3 cp ${WORKSPACE}/${DEPENDENCY_LAYER_FILENAME} s3://${CODE_BUCKET}${CODE_BUCKET_SUFFIX}/${CODE_DIR}/${DEPENDENCY_LAYER_FILENAME}" - sh "echo '>> Pushing code to ASF Bucket'" - sh "${AWS_BIN} s3 cp ./${CODE_ARCHIVE_FILENAME} s3://${CODE_BUCKET}${CODE_BUCKET_SUFFIX}/${CODE_DIR}/" - sh "${AWS_BIN} s3 cp ./cloudformation/thin-egress-app.yaml s3://${CODE_BUCKET}${CODE_BUCKET_SUFFIX}/${CODE_DIR}/${CF_TEMPLATE_FILENAME}" - sh "${AWS_BIN} s3 cp ${WORKSPACE}/${TF_ZIP_FILENAME} s3://${CODE_BUCKET}${CODE_BUCKET_SUFFIX}/${CODE_DIR}/terraform_packages/" - - - // Clarify in description that this stack is deployed by Jenkins, - sh 'cp ./cloudformation/thin-egress-app.yaml ./cloudformation/thin-egress-app-deployed.yaml' - sh 'sed -i -e "s;^Description:.*;Description: \\"TEA built and deployed by Jenkins job ${JOB_NAME}, currently at ${BUILDTAG}\\";" ./cloudformation/thin-egress-app-deployed.yaml' - // Push out the CF Stack - sh "echo '>> Deploying the CF stack'" - sh """ ${AWS_BIN} cloudformation deploy --region=${AWS_DEFAULT_REGION} \ - --stack-name ${STACKNAME_SAME} \ - --template-file cloudformation/thin-egress-app-deployed.yaml \ - --capabilities CAPABILITY_NAMED_IAM \ - --parameter-overrides \ - URSAuthCredsSecretName=${URS_CREDS_SECRET_NAME} \ - AuthBaseUrl=${URS_URL} \ - ConfigBucket=${BUCKETNAME_PREFIX}config \ - PermissionsBoundaryName= \ - BucketMapFile=bucket_map_customheaders.yaml \ - BucketnamePrefix=${BUCKETNAME_PREFIX} \ - DownloadRoleArn="" \ - DownloadRoleInRegionArn="" \ - HtmlTemplateDir= \ - StageName=API \ - Loglevel=DEBUG \ - Logtype=json \ - Maturity=${MATURITY}\ - PrivateVPC= \ - VPCSecurityGroupIDs= \ - VPCSubnetIDs= \ - EnableApiGatewayLogToCloudWatch="False" \ - DomainName=${DOMAIN_NAME-""} \ - DomainCertArn=${DOMAIN_CERT_ARN-""} \ - CookieDomain=${COOKIE_DOMAIN-""} \ - LambdaCodeS3Key=${CODE_DIR}/${CODE_ARCHIVE_FILENAME} \ - LambdaCodeDependencyArchive=${CODE_DIR}/${DEPENDENCY_LAYER_FILENAME} \ - LambdaCodeS3Bucket=${CODE_BUCKET}${CODE_BUCKET_SUFFIX} \ - LambdaTimeout=${LAMBDA_TIMEOUT} \ - LambdaMemory=${LAMBDA_MEMORY} \ - JwtAlgo=${JWTALGO} \ - JwtKeySecretName=${JWTKEYSECRETNAME} \ - UseReverseBucketMap="False" \ - UseCorsCookieDomain=${params.USE_CORS} """ - - // This will be the stack for downloading from 2nd account. - /*sh """ ${AWS_BIN} cloudformation deploy --region=${AWS_DEFAULT_REGION} \ - --stack-name ${STACKNAME_SCND} \ - --template-file cloudformation/thin-egress-app-deployed.yaml \ - --capabilities CAPABILITY_NAMED_IAM \ - --parameter-overrides \ - URSAuthCredsSecretName=${URS_CREDS_SECRET_NAME} \ - AuthBaseUrl=${URS_URL} \ - ConfigBucket=rain-t-config \ - PermissionsBoundaryName= \ - BucketMapFile=bucket_map_customheaders.yaml \ - BucketnamePrefix=${BUCKETNAME_PREFIX_SCND} \ - DownloadRoleArn=${DOWNLOAD_ROLE_ARN} \ - DownloadRoleInRegionArn=${DOWNLOAD_ROLE_ARN_INREGION} \ - HtmlTemplateDir= \ - StageName=API \ - Loglevel=DEBUG \ - Logtype=json \ - Maturity=${env.MATURITY}\ - PrivateVPC= \ - VPCSecurityGroupIDs= \ - VPCSubnetIDs= \ - EnableApiGatewayLogToCloudWatch="False" \ - DomainName=${DOMAIN_NAME} \ - DomainCertArn=${DOMAIN_CERT_ARN} \ - CookieDomain=${COOKIE_DOMAIN} \ - LambdaCodeS3Key=${CODE_DIR}/${CODE_ARCHIVE_FILENAME} \ - LambdaCodeDependencyArchive=${CODE_DIR}/${DEPENDENCY_LAYER_FILENAME} \ - LambdaCodeS3Bucket=${CODE_BUCKET}${CODE_BUCKET_SUFFIX} \ - LambdaTimeout=${LAMBDA_TIMEOUT} \ - LambdaMemory=${LAMBDA_MEMORY} \ - JwtAlgo=${JWTALGO} \ - JwtKeySecretName=${JWTKEYSECRETNAME} \ - UseReverseBucketMap="False" """ - */ - } - } - } - } - - // Run download test script - stage('Validate AWS Deployment'){ - steps { - container('tea-container') { - // Load up AWS + URS credentials - withCredentials([[$class: 'UsernamePasswordMultiBinding', credentialsId: "${env.URS_ACCT}", usernameVariable: 'URS_USERNAME', passwordVariable: 'URS_PASSWORD']]) { - withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: "${env.AWSCREDS}"]]) { - // Run end to end tests - sh("pytest tests_e2e --stack-name=${STACKNAME_SAME} --test-results=asf.public.code/thin-egress-app/testresults.json --log-cli-level=DEBUG") - } - } - } - } - } - - // Tag it in Github - stage('Tag Build'){ - steps { - container('tea-container') { - - sshagent(credentials: ["${env.GIT_CREDS_ID}"]) { - sh(''' - printenv - mkdir -p ~/.ssh - ssh-keyscan -t rsa github.com >> ~/.ssh/known_hosts - GIT_SSH_COMMAND="ssh -oStrictHostKeyChecking=no" - git config user.email 'jenkins@jenkins.asf.alaska.edu' - git config user.name 'jenkins' - git tag ${BUILDTAG} - git push --force origin ${BUILDTAG} - ''') - } - - } - } - } - - // If this is PROD, push the code to public - stage ('Push Public Code') { - when { - expression { "${env.APPTAG}" == 'tea' } - } - steps { - container('tea-container') { - withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: "${env.AWSCREDS}"]]) { - sh "echo '>> Pushing code to Public Code Bucket'" - sh "${AWS_BIN} s3 cp ./${CODE_ARCHIVE_FILENAME} s3://${CODE_PUBLIC_BUCKETNAME}/${CODE_DIR}/ --acl public-read" - sh "${AWS_BIN} s3 cp ./${TF_ZIP_FILENAME} s3://${CODE_PUBLIC_BUCKETNAME}/${CODE_DIR}/ --acl public-read" - sh "${AWS_BIN} s3 cp ${WORKSPACE}/${DEPENDENCY_LAYER_FILENAME} s3://${CODE_PUBLIC_BUCKETNAME}/${CODE_DIR}/${DEPENDENCY_LAYER_FILENAME} --acl public-read" - sh "${AWS_BIN} s3 cp ./cloudformation/thin-egress-app.yaml s3://${CODE_PUBLIC_BUCKETNAME}/${CODE_DIR}/${CF_TEMPLATE_FILENAME} --acl public-read" - sh """ echo '{ "schemaVersion": 1, "label": "Last Release", "message": "'$BUILDTAG'", "color": "success" }' > /tmp/lastrelease.json""" - sh """ ${AWS_BIN} s3 cp --metadata-directive REPLACE --cache-control no-cache \ - --expires '2016-06-14T00:00:00Z' --content-type 'application/json' \ - /tmp/lastrelease.json s3://asf.public.code/thin-egress-app/ --acl public-read """ - } - } - } - } - } // stages - - // Send build status to Mattermost, Update build badge - post { - success { - container('tea-container') { - mattermostSend channel: "${CHAT_ROOM}", color: '#CEEBD3', endpoint: "${env.CHATSERVER_SECRET_URL}", message: "Build Successful: ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL}|Open>)" - sh "rm -rf /tmp/buildreport && mkdir -p /tmp/buildreport/" - - sh """ echo '{ "schemaVersion": 1, "label": "Build Status", "message": "Success", "color": "success" }' > /tmp/buildreport/buildstatus.json """ - sh """ echo '{ "schemaVersion": 1, "label": "Last Successful Build", "message": "'$BUILDTAG'", "color": "success" }' > /tmp/buildreport/lastgoodbuild.json """ - sh """ echo '{ "schemaVersion": 1, "label": "Last Build ", "message": "'$BUILDTAG'", "color": "success" }' > /tmp/buildreport/lastbuild.json """ - withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: "${env.AWSCREDS}"]]) { - sh """ ${AWS_BIN} s3 cp --metadata-directive REPLACE --cache-control no-cache \ - --expires '2016-06-14T00:00:00Z' --content-type 'application/json' \ - --recursive /tmp/buildreport/ \ - s3://asf.public.code/thin-egress-app/ --acl public-read """ - } - } - } - failure { - container('tea-container') { - sh "rm -rf /tmp/buildreport && mkdir -p /tmp/buildreport/" - - sh """ echo '{ "schemaVersion": 1, "label": "Build Status", "message": "Failed!", "color": "critical" }' > /tmp/buildreport/buildstatus.json """ - sh """ echo '{ "schemaVersion": 1, "label": "Last Build ", "message": "'$BUILDTAG'", "color": "critical" }' > /tmp/buildreport/lastbuild.json """ - mattermostSend channel: "${CHAT_ROOM}", color: '#FFBDBD', endpoint: "${env.CHATSERVER_SECRET_URL}", message: "Build Failed: ${env.JOB_NAME} ${env.BUILD_NUMBER} (<${env.BUILD_URL}|Open>)" - withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: "${env.AWSCREDS}"]]) { - sh """ ${AWS_BIN} s3 cp --metadata-directive REPLACE --cache-control no-cache \ - --expires '2016-06-14T00:00:00Z' --content-type 'application/json' \ - --recursive /tmp/buildreport/ \ - s3://asf.public.code/thin-egress-app/ --acl public-read """ - sh 'tree' - sh 'printenv' - } - } - } - } -} diff --git a/build/i_and_a_builder_agent.Dockerfile b/build/i_and_a_builder_agent.Dockerfile deleted file mode 100644 index cb7bada1..00000000 --- a/build/i_and_a_builder_agent.Dockerfile +++ /dev/null @@ -1,23 +0,0 @@ -FROM ubuntu - -RUN apt-get update && \ - apt-get -y install curl python3 python3-pip git vim tree zip make - -RUN pip3 install -U pip -RUN pip3 install awscli boto3 requests pytest - -RUN apt-get clean && apt-get install -y apt-transport-https gnupg2 && \ - curl -s https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - && \ - echo "deb https://apt.kubernetes.io/ kubernetes-xenial main" | tee -a /etc/apt/sources.list.d/kubernetes.list && \ - apt-get update && \ - apt-get install -y kubectl - -# Rebuild instructions: -# docker build -f i_and_a_builder_agent.Dockerfile -t i_and_a_builder_agent . -# registry="docker-registry.asf.alaska.edu:5000" -# apptag="i_and_a_builder_agent" -# appjustbuilt=$(docker images -q "$apptag") -# docker tag ${appjustbuilt} ${registry}/${apptag} -# docker push ${registry}/${apptag} - -CMD ["tail", "-f", "/dev/null"] diff --git a/build/k8s.yaml b/build/k8s.yaml deleted file mode 100644 index 582341f5..00000000 --- a/build/k8s.yaml +++ /dev/null @@ -1,20 +0,0 @@ -apiVersion: v1 -kind: Pod -metadata: - name: 123-tea - labels: - some-label: 123-tea -spec: - containers: - - name: tea-container - image: docker-registry.asf.alaska.edu:5000/i_and_a_builder_agent:latest - command: - - "tail" - - "-f" - - "/dev/null" - - name: layer-builder - image: lambci/lambda:build-python3.8 - command: - - "tail" - - "-f" - - "/dev/null"