-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathbuildconfig.yaml
139 lines (129 loc) · 6.49 KB
/
buildconfig.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
kind: "BuildConfig"
apiVersion: "v1"
metadata:
name: "vault-demo-pipeline"
spec:
strategy:
jenkinsPipelineStrategy:
jenkinsfile: |-
// path of the template to use
def templatePath = 'https://raw.githubusercontent.com/openshift/nodejs-ex/master/openshift/templates/nodejs-mongodb.json'
// name of the template that will be created
def templateName = 'nodejs-mongodb-example'
// NOTE, the "pipeline" directive/closure from the declarative pipeline syntax needs to include, or be nested outside,
// and "openshift" directive/closure from the OpenShift Client Plugin for Jenkins. Otherwise, the declarative pipeline engine
// will not be fully engaged.
import groovy.json.JsonSlurperClassic
pipeline {
agent {
node {
// spin up a node.js slave pod to run this build on
label 'nodejs'
}
}
options {
// set a timeout of 20 minutes for this pipeline
timeout(time: 20, unit: 'MINUTES')
}
stages {
stage('preamble') {
steps {
script {
openshift.withCluster() {
openshift.withProject() {
echo "Using project: ${openshift.project()}"
}
}
}
}
}
stage('cleanup') {
steps {
script {
openshift.withCluster() {
openshift.withProject() {
openshift.selector("all", [ template : templateName ]).delete()
// delete any secrets with this template label
if (openshift.selector("secrets", templateName).exists()) {
openshift.selector("secrets", templateName).delete()
}
// Writing secrets to Vault
def token = openshift.raw("sa get-token", "jenkins")
String tokenValue = token.actions[0].out
echo 'sa token: ' + tokenValue
writeFile file: 'credential.json', text: '{ "role":"cicd", "jwt": "'+tokenValue+'"}'
sh 'curl --request POST --data @credential.json "http://vault-vault.apps.683d.example.opentlc.com/v1/auth/kubernetes/login" > token.json'
def file = readFile "token.json"
echo 'file: ' + file
def clientToken = ""
try {
def slurper = new groovy.json.JsonSlurperClassic()
def result = slurper.parseText(file)
clientToken = result.auth.client_token
} catch (Exception ex) {
echo ex.getMessage()
}
writeFile file: 'secret.json', text: '{ "foo": "bar", "zip": "zap" }'
sh 'curl --header "X-Vault-Token: '+clientToken+'" --request POST --data @secret.json "http://vault-vault.apps.683d.example.opentlc.com/v1/secret/PATH/TO/SECRET"'
}
}
} // script
} // steps
} // stage
stage('create') {
steps {
script {
openshift.withCluster() {
openshift.withProject() {
// create a new application from the templatePath
openshift.newApp(templatePath)
}
}
} // script
} // steps
} // stage
stage('build') {
steps {
script {
openshift.withCluster() {
openshift.withProject() {
def builds = openshift.selector("bc", templateName).related('builds')
builds.untilEach(1) {
return (it.object().status.phase == "Complete")
}
}
}
} // script
} // steps
} // stage
stage('deploy') {
steps {
script {
openshift.withCluster() {
openshift.withProject() {
def rm = openshift.selector("dc", templateName).rollout()
openshift.selector("dc", templateName).related('pods').untilEach(1) {
return (it.object().status.phase == "Running")
}
}
}
} // script
} // steps
} // stage
stage('tag') {
steps {
script {
openshift.withCluster() {
openshift.withProject() {
// if everything else succeeded, tag the ${templateName}:latest image as ${templateName}-staging:latest
// a pipeline build config for the staging environment can watch for the ${templateName}-staging:latest
// image to change and then deploy it to the staging environment
openshift.tag("${templateName}:latest", "${templateName}-staging:latest")
}
}
} // script
} // steps
} // stage
} // stages
} // pipeline
type: JenkinsPipeline