forked from pluralsight/hydra
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
236 lines (221 loc) · 7.86 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
include:
- project: 'pluralsight/experience/gitlab-helpers'
file: '/salt-deploy/helper.yml'
- project: 'pluralsight/experience/gitlab-helpers'
file: '/helm-deploy/helper.yml'
- project: 'pluralsight/Technology/adapt/data-platform/gitlab-fragments/snyk'
ref: main
file: 'snyk-check.yml'
image: harbor.vnerd.com/library/hydra-build-tools:latest
variables:
ARTIFACT_NAME: hydra-publish
IMAGE_NAME: hydra
DOCKER_REGISTRY_URL: harbor.vnerd.com/library
DOCKER_REGISTRY_IMAGE: ${DOCKER_REGISTRY_URL}/${IMAGE_NAME}
ARTIFACTORY_REPOSITORY: bounded-context
ARTIFACTORY_ID: hydra/publish
ARTIFACTORY_ARTIFACT_VERSION: ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz
ARTIFACTORY_PATH: ${ARTIFACTORY_ID}/${ARTIFACTORY_ARTIFACT_VERSION}
ARTIFACTORY_ARTIFACT_URL: ${ARTIFACTORY_SAAS_REPOSITORY_URL}/${ARTIFACTORY_REPOSITORY}/${ARTIFACTORY_PATH}
BUILD_VERSION: 1.0.${CI_PIPELINE_IID}
BOUNDED_CONTEXT_DEV: adapt-dvs-dev
BOUNDED_CONTEXT_STAGING: adapt-dvs
BOUNDED_CONTEXT_PROD: adapt-dvs
ENV: ${CI_JOB_STAGE}
SERVICE_NAME: "dev-hydra"
SLACK_ICON_EMOJI: ":gitlab:"
SLACK_CHANNEL: '#data-platform-alerts'
SLACK_MESSAGE: |
*[[SERVICE_NAME]]* deployed to *[[ENV]]*.
Version: *[[BUILD_VERSION]]*
[[PIPELINE_LINK]]
SLACK_USERNAME: 'GITLAB'
SNYK_SLACK_CHANNEL: '#dataops-snyk-vulnerability-alerts'
SNYK_SLACK_ICON_EMOJI: ":snyk:"
SNYK_ORG_ID: "d8094638-7a37-413f-b1b4-ad840fb9e239"
SNYK_PROJECT_ID: "d243a0e6-4ced-4efe-83fc-169d03b40cc7"
SNYK_PROJECT_URL: "https://app.snyk.io/org/ps-data-services"
before_script:
- apt-get update -yqq
- apt-get install -yqq apt-transport-https apt-utils
- echo "deb https://repo.scala-sbt.org/scalasbt/debian /" | tee -a /etc/apt/sources.list.d/sbt.list
- mkdir -p /root/.gnupg
- gpg --recv-keys --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/scalasbt-release.gpg --keyserver hkp://keyserver.ubuntu.com:80 2EE0EA64E40A89B84B2DF73499E82A75642AC823
- chmod 644 /etc/apt/trusted.gpg.d/scalasbt-release.gpg
- apt-get update -yqq
- apt-get install -yqq sbt
stages:
- build
- code-analysis
- package
- publish
- deploy_dev
- deploy_staging
- deploy_production
- notify
build:
stage: build
cache: []
retry: 2
script:
- sbt clean compile test
package:
stage: package
cache: []
script:
- sbt universal:packageBin
- ls ingest/target/universal/*.zip | xargs -I {} unzip {} -d ps-publish
- mv ps-publish/hydra-ingest*/* ps-publish
- rm -rf ps-publish/hydra-ingest*
- cd ps-publish/bin
- ls -la
- curl -O https://download.newrelic.com/newrelic/java-agent/newrelic-agent/4.4.0/newrelic-agent-4.4.0.jar
- curl -O https://download.newrelic.com/newrelic/java-agent/newrelic-agent/4.4.0/newrelic.yml
- cd ../../
- echo $BUILD_VERSION > VERSION
- tar czf ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz --exclude=*.tmp --exclude=*.tgz --exclude=*.tgz.md5 VERSION ps-publish/
- echo "##teamcity[publishArtifacts '${ARTIFACT_NAME}-${BUILD_VERSION}.tgz']"
- md5sum ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz > ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz.md5
- echo "${ARTIFACTORY_ARTIFACT_URL}"
- CHECKSUM=$(md5sum ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz | awk '{ print $1 }')
- CHECKSUM_SHA1=$(shasum -a 1 ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz | awk '{ print $1 }')
- CHECKSUM_SHA256=$(shasum -a 256 ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz | awk '{ print $1 }')
- |
curl \
-H "Authorization: Bearer ${ARTIFACTORY_REPOSITORY_TOKEN}" \
-H "X-Checksum-MD5:${CHECKSUM}" \
-H "X-Checksum-Sha1:${CHECKSUM_SHA1}" \
-H "X-Checksum-Sha256:${CHECKSUM_SHA256}" \
-X PUT ${ARTIFACTORY_ARTIFACT_URL} \
-T ${ARTIFACTORY_ARTIFACT_VERSION}
artifacts:
paths:
- ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz
- ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz.md5
- ps-publish/
publish:
stage: publish
image: harbor.vnerd.com/proxy/library/docker:cli
tags:
- ps
- docker
needs:
- package
before_script:
- echo -n "$DOCKER_REGISTRY_PASSWORD" | docker login -u "$DOCKER_REGISTRY_USERNAME" --password-stdin "$DOCKER_REGISTRY_URL"
script:
- pwd
- ls -lh
- docker build -t ${IMAGE_NAME} -f Dockerfile.new .
- docker tag ${IMAGE_NAME} ${DOCKER_REGISTRY_IMAGE}:${BUILD_VERSION}-${CI_COMMIT_SHORT_SHA}
- docker push ${DOCKER_REGISTRY_IMAGE}:${BUILD_VERSION}-${CI_COMMIT_SHORT_SHA}
- docker tag ${IMAGE_NAME} ${DOCKER_REGISTRY_IMAGE}:latest
- docker push ${DOCKER_REGISTRY_IMAGE}:latest
- CURYEAR=$(date +%Y)
- CURMONTH=$(date +%-m)
- echo -n "${CURYEAR}.${CURMONTH}.${BUILD_VERSION}" > VERSION
variables:
DOCKER_HOST: tcp://localhost:2376
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
DOCKER_TLS_VERIFY: 1
.notify-all:
image: harbor.vnerd.com/library/ps-helm:latest
tags:
- ps
- docker
script:
- ps-notify slack "$SLACK_MESSAGE" "$SLACK_CHANNEL" --slack-username $SLACK_USERNAME --slack-icon-emoji $SLACK_ICON_EMOJI
variables:
NODE_ENV: $ENV
deploy_dev:
stage: deploy_dev
needs: ["publish"]
extends: .helmDeploy
when: manual
environment:
name: dev
before_script:
- sed -i -e "s/%IMAGE_TAG%/1.0.${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}/g" $HELM_VALUES_FILE
- cat $HELM_VALUES_FILE
- echo 1.0.${CI_PIPELINE_IID}-${CI_COMMIT_SHORT_SHA}
- kubectl config set-cluster app-${CI_ENVIRONMENT_NAME%/*} --server=${HELM_K8S_CLUSTER_URL} --embed-certs --certificate-authority="$HELM_K8S_CLUSTER_CACERT"
- kubectl config set-credentials deploy --token=`echo ${HELM_DEPLOY_TOKEN} | base64 -d`
- kubectl config set-context deploy --cluster=app-${CI_ENVIRONMENT_NAME%/*} --namespace=${HELM_TARGET_NAMESPACE} --user=deploy
- kubectl config use-context deploy
variables:
HELM_CHART_NAME: ps-service
HELM_DEPLOY_TOKEN: ${HELM_DEV_DEPLOY_TOKEN}
K8S_CLUSTER_NAME: app-eks.eplur-staging.us-west-2
HELM_K8S_CLUSTER_URL: https://6C29C0073BB19BEF220B9437E6962AF2.gr7.us-west-2.eks.amazonaws.com
HELM_TARGET_NAMESPACE: ${BOUNDED_CONTEXT_DEV}
APPLICATION_ROLE: dev-hydra
HELM_VALUES_FILE: helm/eks-dev-values.yml
slack:dev:
stage: notify
extends: .notify-all
when: on_success
needs: ['deploy_dev']
before_script:
- echo "Sending notification to slack"
variables:
ENV: "DEV Cluster"
SERVICE_NAME: "dev-hydra"
deploy_staging:
stage: deploy_staging
extends: .saltDeploy
when: manual
environment:
name: staging
before_script:
- cat $SALT_PILLAR
- sed -i "s/latest/$BUILD_VERSION/" $SALT_PILLAR
- cat $SALT_PILLAR
variables:
CI_JOB_STAGE: stage
SALT_TARGET: roles:hydra-publish-msk
SALT_PASSWORD: ${LDAP_PASS}
SALT_ARGUMENTS: systemd-app
SALT_USERNAME: tcity-data-platform
SALT_KWARGS: 'failhard=true'
SALT_PILLAR: $CI_PROJECT_DIR/pillar_overrides.yaml
SALT_URL: ${SALT_URL_STAGING}
slack:staging:
stage: notify
extends: .notify-all
when: on_success
needs: ['deploy_staging']
before_script:
- echo "Sending notification to slack"
variables:
ENV: "Staging Cluster"
SERVICE_NAME: "staging-hydra-publish"
deploy_production:
stage: deploy_production
extends: .saltDeploy
when: manual
environment:
name: production
before_script:
- cat $SALT_PILLAR
- sed -i "s/latest/$BUILD_VERSION/" $SALT_PILLAR
- cat $SALT_PILLAR
variables:
CI_JOB_STAGE: stage
SALT_TARGET: roles:hydra-publish-msk
SALT_PASSWORD: ${LDAP_PASS}
SALT_ARGUMENTS: systemd-app
SALT_USERNAME: tcity-data-platform
SALT_KWARGS: 'failhard=true'
SALT_PILLAR: $CI_PROJECT_DIR/pillar_overrides.yaml
SALT_URL: ${SALT_URL_PROD}
slack:production:
stage: notify
extends: .notify-all
when: on_success
needs: ['deploy_production']
before_script:
- echo "Sending notification to slack"
variables:
ENV: "Production Cluster"
SERVICE_NAME: "production-hydra-publish"