forked from pluralsight/hydra-notifications
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
236 lines (222 loc) · 9.43 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
include:
- project: 'pluralsight/experience/gitlab-helpers'
file: '/slack-notification/helper.yml'
- project: 'pluralsight/experience/gitlab-helpers'
file: '/helm-deploy/helper.yml'
- project: 'pluralsight/Technology/adapt/data-platform/gitlab-fragments/snyk'
ref: main
file: 'snyk-check.yml'
image: openjdk:8
variables:
ARTIFACT_NAME: hydra-notifications
IMAGE_NAME: hydra-notifications
DOCKER_REGISTRY_URL: harbor.vnerd.com/library
DOCKER_REGISTRY_IMAGE: ${DOCKER_REGISTRY_URL}/${IMAGE_NAME}
ARTIFACTORY_REPOSITORY_URL: https://repository.vnerd.com/artifactory
ARTIFACTORY_REPOSITORY: bounded-context
ARTIFACTORY_ID: hydra/notifications
ARTIFACTORY_ARTIFACT_VERSION: ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz
ARTIFACTORY_PATH: ${ARTIFACTORY_ID}/${ARTIFACTORY_ARTIFACT_VERSION}
ARTIFACTORY_ARTIFACT_URL: ${ARTIFACTORY_REPOSITORY_URL}/${ARTIFACTORY_REPOSITORY}/${ARTIFACTORY_PATH}
BUILD_VERSION: 1.0.${CI_PIPELINE_IID}
ENV: ${CI_JOB_STAGE}
SERVICE_NAME: "hydra-notifications"
SLACK_ICON_EMOJI: ":gitlab:"
SLACK_CHANNEL: '#data-platform-alerts'
SNYK_SLACK_CHANNEL: '#dataops-snyk-vulnerability-alerts'
SNYK_SLACK_ICON_EMOJI: ":snyk:"
SNYK_ORG_ID: "d8094638-7a37-413f-b1b4-ad840fb9e239"
SNYK_PROJECT_ID: "cdafcbb5-24d1-4afc-bcda-96055113fc57"
SNYK_PROJECT_URL: "https://app.snyk.io/org/ps-data-services"
SLACK_MESSAGE: |
*[[SERVICE_NAME]]* deployed to *[[ENV]]*.
Version: *[[BUILD_VERSION]]*
[[PIPELINE_LINK]]
SLACK_USERNAME: 'GITLAB'
before_script:
- apt-get update -yqq
- apt-get install -yqq apt-transport-https apt-utils
- echo "deb https://repo.scala-sbt.org/scalasbt/debian /" | tee -a /etc/apt/sources.list.d/sbt.list
- mkdir -p /root/.gnupg
- gpg --recv-keys --no-default-keyring --keyring gnupg-ring:/etc/apt/trusted.gpg.d/scalasbt-release.gpg --keyserver hkp://keyserver.ubuntu.com:80 2EE0EA64E40A89B84B2DF73499E82A75642AC823
- chmod 644 /etc/apt/trusted.gpg.d/scalasbt-release.gpg
- apt-get update -yqq
- apt-get install -yqq sbt curl
- curl --compressed https://static.snyk.io/cli/latest/snyk-linux -o snyk
- chmod +x ./snyk
- mv ./snyk /usr/local/bin/
stages:
- build
- package
- code-analysis
- publish
- deploy-dev
- notify
- notify_dev
- deploy-staging
- notify_staging
- deploy-production
- notify_production
build:
stage: build
retry: 2
script:
- sbt clean compile test
package:
stage: package
retry: 2
script:
- sbt universal:packageBin
- CURYEAR=$(date +%Y)
- CURMONTH=$(date +%-m)
- echo -n "${CURYEAR}.${CURMONTH}.${BUILD_VERSION}" > VERSION
- unzip server/target/universal/*.zip
- mv hydra-notifications-server-* hydra-notifications-server
- tar czf ${ARTIFACT_NAME}-${BUILD_VERSION}.tgz --exclude=/${ARTIFACT_NAME}-${BUILD_VERSION}.tgz --exclude=*.tmp --exclude=*.tgz --exclude=*.tgz.md5 .
- echo "##teamcity[publishArtifacts '${ARTIFACT_NAME}.tgz']"
artifacts:
paths:
- hydra-notifications-server
# snyk-code-analysis:
# stage: code-analysis
# allow_failure: true
# script:
# - |
# snyk_ver=$(snyk --version)
# echo "--> Installed SNYK Version:${snyk_ver}"
# echo "----- Configuring SNYK Api Token and Org -----"
# snyk config set api=${SNYK_API_TOKEN}
# snyk config set org=${SNYK_ORG_ID}
# echo "--> Iniciating SNYK Code Analysis"
# snyk code test --report --project-id="cdafcbb5-24d1-4afc-bcda-96055113fc57" --commit-id="${CI_COMMIT_SHA}"
# artifacts:
# when: always
# paths:
# - ./snyk-code-analysis.json
publish:
stage: publish
image: harbor.vnerd.com/proxy/library/docker:cli
# extends: .startup_script
tags:
- ps
- docker
needs:
- package
# - snyk-code-check
before_script:
- echo "$DOCKER_REGISTRY_USERNAME:$DOCKER_REGISTRY_PASSWORD"
- echo -n "$DOCKER_REGISTRY_PASSWORD" | docker login -u "$DOCKER_REGISTRY_USERNAME" --password-stdin "$DOCKER_REGISTRY_URL"
- apk add libstdc++ curl
script:
- docker build -t ${IMAGE_NAME} -f Dockerfile .
- docker tag ${IMAGE_NAME} ${DOCKER_REGISTRY_IMAGE}:${BUILD_VERSION}
- docker push ${DOCKER_REGISTRY_IMAGE}:${BUILD_VERSION}
variables:
DOCKER_HOST: tcp://localhost:2376
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
DOCKER_TLS_VERIFY: 1
.notify-all:
image: harbor.vnerd.com/library/ps-helm:latest
tags:
- ps
- docker
script:
- ps-notify slack "$SLACK_MESSAGE" "$SLACK_CHANNEL" --slack-username $SLACK_USERNAME --slack-icon-emoji $SLACK_ICON_EMOJI
variables:
NODE_ENV: $ENV
deploy-dev:
stage: deploy-dev
extends: .helmDeploy
environment:
name: dev
variables:
HELM_CHART_NAME: ps-service
HELM_DEPLOY_TOKEN: ${HELM_DEV_DEPLOY_TOKEN}
K8S_CLUSTER_NAME: ${K8S_DEV_CLUSTER_NAME}
HELM_K8S_CLUSTER_URL: ${K8S_DEV_CLUSTER_URL}
BOUNDED_CONTEXT: adapt-dvs-dev
HELM_TARGET_NAMESPACE: ${BOUNDED_CONTEXT}
APPLICATION_ROLE: dev-hydra-notifications
HELM_VALUES_FILE: helm/eks-dev-values.yml
HELM_SET_VALUES: "NODE_ENV=production, INGEST_URL=https://hydra-publish-dev.eplur-staging.vnerd.com, PUBLIC_URL=https://dvs-dev.eplur-staging.vnerd.com/dvs-data-explorer, REACT_APP_INGEST_URL=https://hydra-publish-dev.eplur-staging.vnerd.com, REACT_APP_STREAMS_URL=https://hydra-streams-dev.eplur-staging.vnerd.com, STREAMS_URL=https://hydra-streams-dev.eplur-staging.vnerd.com"
before_script:
- export BUILD_VERSION="$(date +%Y).$(date +%m).$(date +%d).${CI_COMMIT_SHORT_SHA}"
- kubectl config set-cluster app-${CI_ENVIRONMENT_NAME%/*} --server=${HELM_K8S_CLUSTER_URL} --embed-certs --certificate-authority="$HELM_DEV_K8S_CLUSTER_CACERT"
- kubectl config set-credentials deploy --token=`echo ${HELM_DEPLOY_TOKEN} | base64 -d`
- kubectl config set-context deploy --cluster=app-${CI_ENVIRONMENT_NAME%/*} --namespace=${HELM_TARGET_NAMESPACE} --user=deploy
- kubectl config use-context deploy
slack:dev:
stage: notify_dev
extends: .notify-all
when: on_success
needs: ['deploy-dev']
before_script:
- echo "Sending notification to slack"
variables:
ENV: "DEV Cluster"
SERVICE_NAME: "dev-hydra-notifications"
deploy-staging:
stage: deploy-staging
extends: .helmDeploy
when: manual
environment:
name: staging
variables:
HELM_CHART_NAME: ps-service
HELM_DEPLOY_TOKEN: ${HELM_STAGE_DEPLOY_TOKEN}
K8S_CLUSTER_NAME: ${K8S_STAGE_CLUSTER_NAME}
HELM_K8S_CLUSTER_URL: ${K8S_STAGE_CLUSTER_URL}
BOUNDED_CONTEXT: adapt-dvs
HELM_TARGET_NAMESPACE: ${BOUNDED_CONTEXT}
APPLICATION_ROLE: is-hydra-notifications
HELM_VALUES_FILE: helm/eks-staging-values.yml
HELM_SET_VALUES: "NODE_ENV=production, INGEST_URL=https://hydra-publish.eplur-staging.vnerd.com, PUBLIC_URL=https://dvs.eplur-staging.vnerd.com/dvs-data-explorer, REACT_APP_INGEST_URL=https://hydra-publish.eplur-staging.vnerd.com, REACT_APP_STREAMS_URL=https://hydra-streams.eplur-staging.vnerd.com, STREAMS_URL=https://hydra-streams.eplur-staging.vnerd.com"
before_script:
- export BUILD_VERSION="$(date +%Y).$(date +%m).$(date +%d).${CI_COMMIT_SHORT_SHA}"
- kubectl config set-cluster app-${CI_ENVIRONMENT_NAME%/*} --server=${HELM_K8S_CLUSTER_URL} --embed-certs --certificate-authority="$HELM_STAGE_K8S_CLUSTER_CACERT"
- kubectl config set-credentials deploy --token=`echo ${HELM_DEPLOY_TOKEN} | base64 -d`
- kubectl config set-context deploy --cluster=app-${CI_ENVIRONMENT_NAME%/*} --namespace=${HELM_TARGET_NAMESPACE} --user=deploy
- kubectl config use-context deploy
slack:staging:
stage: notify_staging
extends: .notify-all
when: on_success
needs: ['deploy-staging']
before_script:
- echo "Sending notification to slack"
variables:
ENV: "STAGING Cluster"
SERVICE_NAME: "is-hydra-notifications"
deploy-production:
stage: deploy-production
extends: .helmDeploy
when: manual
environment:
name: production
variables:
HELM_CHART_NAME: ps-service
HELM_DEPLOY_TOKEN: ${HELM_PROD_DEPLOY_TOKEN}
K8S_CLUSTER_NAME: ${K8S_PROD_CLUSTER_NAME}
HELM_K8S_CLUSTER_URL: ${K8S_PROD_CLUSTER_URL}
BOUNDED_CONTEXT: adapt-dvs
HELM_TARGET_NAMESPACE: ${BOUNDED_CONTEXT}
APPLICATION_ROLE: ip-hydra-notifications
HELM_VALUES_FILE: helm/eks-production-values.yml
HELM_SET_VALUES: "NODE_ENV=production, INGEST_URL=https://hydra-publish.eplur-production.vnerd.com, PUBLIC_URL=https://dvs.eplur-production.vnerd.com/dvs-data-explorer, REACT_APP_INGEST_URL=https://hydra-publish.eplur-production.vnerd.com, REACT_APP_STREAMS_URL=https://hydra-streams.eplur-production.vnerd.com, STREAMS_URL=https://hydra-streams.eplur-production.vnerd.com"
before_script:
- export BUILD_VERSION="$(date +%Y).$(date +%m).$(date +%d).${CI_COMMIT_SHORT_SHA}"
- kubectl config set-cluster app-${CI_ENVIRONMENT_NAME%/*} --server=${HELM_K8S_CLUSTER_URL} --embed-certs --certificate-authority="$HELM_PROD_K8S_CLUSTER_CACERT"
- kubectl config set-credentials deploy --token=`echo ${HELM_DEPLOY_TOKEN} | base64 -d`
- kubectl config set-context deploy --cluster=app-${CI_ENVIRONMENT_NAME%/*} --namespace=${HELM_TARGET_NAMESPACE} --user=deploy
- kubectl config use-context deploy
slack:production:
stage: notify_production
extends: .notify-all
when: on_success
needs: ['deploy-production']
before_script:
- echo "Sending notification to slack"
variables:
ENV: "Production Cluster"
SERVICE_NAME: "ip-hydra-notifications"