-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathazure-pipelines.yml
302 lines (263 loc) · 10.3 KB
/
azure-pipelines.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
# trigger build for every branch
trigger:
batch: true
#- feature/65868-iom-bootstrap-project
pool: 'ubuntu-20.4-DS2_v2-adopt-adoptium-jdk'
variables:
M2_LOCAL_REPO: $(Pipeline.Workspace)/local-maven-repo
MAVEN_OPTS: '-Dmaven.repo.local=$(M2_LOCAL_REPO)'
# mitigation for https://issues.sonatype.org/browse/NEXUS-27902
JDK_JAVA_OPTIONS: '--add-opens java.base/java.util=ALL-UNNAMED'
# IOM Helm Chart
IOM_HELM_VERSION: 3.0.0
IOM_HELM_URL: https://intershop.github.io/helm-charts
HELM_RELEASE_NAME: archetype-test-$(Build.BuildId)
# ACR & AKS
IOM_DEVOPS_ACR_HOST: iomdevopsacr.azurecr.io
IOM_DEVOPS_ACR_CONNECTION: order-iomDevopsACR-ISH-ENG-IOM
IOM_AKS_SERVICE_ENDPOINT: order-CiAksAutoScaledConnection-ISH-ENG-IOM
IOM_AKS_NAMESPACE: $(HELM_RELEASE_NAME)
# IOM Docker Hub
# contains all release images, that are made public for our customers.
IOM_DOCKERHUB_HOST: docker.tools.intershop.com/iom/intershophub
IOM_DOCKERHUB_CONNECTION: order-iom-docker.tools.intershop.com
# JDK to be used by Maven + Project build
JDK_MAJOR_VERSION: 17
# directory name with archetype sources
ARCHETYPE_PATH: order-iom-project-archetype
# wrap environment variables for build_image.sh
PROJECT_IMAGE_TAG_FILE: $(Pipeline.Workspace)/image-tag.txt
PROJECT_IMAGE_NAME_FILE: $(Pipeline.Workspace)/image-name.txt
# these will be set by a later job step
PROJECT_IMAGE_TAG:
PROJECT_IMAGE_NAME:
IMAGE_DOCKER_OPTS: >-
--get-image-name=$(PROJECT_IMAGE_NAME_FILE)
--get-image-tag=$(PROJECT_IMAGE_TAG_FILE)
IS_RELEASE_BUILD:
steps:
- task: JavaToolInstaller@0
inputs:
versionSpec: '$(JDK_MAJOR_VERSION)'
jdkArchitectureOption: 'x64'
jdkSourceOption: 'PreInstalled'
timeoutInMinutes: 1
displayName: Install JDK $(JDK_MAJOR_VERSION)
- task: HelmInstaller@1
displayName: "Prepare - install Helm"
- checkout: self
clean: true
path: $(ARCHETYPE_PATH)
displayName: "Checkout - $(ARCHETYPE_PATH)@$(Build.SourceBranchName)"
timeoutInMinutes: "5"
persistCredentials: true
- task: Cache@2
inputs:
# according to https://docs.microsoft.com/en-us/azure/devops/pipelines/process/variables?view=azure-devops&tabs=yaml%2Cbatch
# this variable expansion should not work, but it's the only way I got to work.
key: '"mvn_ipa" | $(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/pom.xml | $(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/src/test/resources/projects/basic/archetype.properties'
restoreKeys: |
mvn_ipa
path: "$(M2_LOCAL_REPO)"
cacheHitVar: M2_REPO_CACHE_HIT
timeoutInMinutes: 5
displayName: "Cache - create/restore local maven cache at $(M2_LOCAL_REPO)"
- task: DownloadSecureFile@1
name: pgpPrivateKey
displayName: 'Secrets - download pgp key'
inputs:
secureFile: 'order-iom-project-archetype-gpg_private_key_iom.pgp'
- task: MavenAuthenticate@0
inputs:
artifactsFeeds: iom-maven-artifacts
mavenServiceConnections: order-iom-sonatype-ossrh
timeoutInMinutes: 1
displayName: "Maven - authenticate"
- task: Docker@2
inputs:
command: login
containerRegistry: $(IOM_DEVOPS_ACR_CONNECTION)
timeoutInMinutes: 1
displayName: "Docker - login to DevOps ACR"
- task: Docker@2
inputs:
command: login
containerRegistry: $(IOM_DOCKERHUB_CONNECTION)
timeoutInMinutes: 1
displayName: "Docker - login to Dockerhub"
- task: Kubernetes@1
displayName: "Kubernetes - Login"
inputs:
connectionType: Kubernetes Service Connection
kubernetesServiceEndpoint: $(IOM_AKS_SERVICE_ENDPOINT)
command: login
- task: Kubernetes@1
displayName: "Kubernetes - Create Namespace"
inputs:
connectionType: Kubernetes Service Connection
kubernetesServiceEndpoint: $(IOM_AKS_SERVICE_ENDPOINT)
command: create
arguments: namespace $(IOM_AKS_NAMESPACE)
- task: KubernetesManifest@0
displayName: Create pull secret for Dockerhub
inputs:
action: createSecret
secretType: dockerRegistry
secretName: intershop-pull-secret
dockerRegistryEndpoint: $(IOM_DOCKERHUB_CONNECTION)
kubernetesServiceConnection: $(IOM_AKS_SERVICE_ENDPOINT)
namespace: $(IOM_AKS_NAMESPACE)
- task: KubernetesManifest@0
displayName: Create pull secret for Devops ACR
inputs:
action: createSecret
secretType: dockerRegistry
secretName: devops-pull-secret
dockerRegistryEndpoint: $(IOM_DEVOPS_ACR_CONNECTION)
kubernetesServiceConnection: $(IOM_AKS_SERVICE_ENDPOINT)
namespace: $(IOM_AKS_NAMESPACE)
- script: |
if mvn help:evaluate -Dexpression=project.version -q -DforceStdout | tail -1 | grep -q -- -SNAPSHOT ; then
echo "##vso[task.setvariable variable=IS_RELEASE_BUILD;]false"
else
echo "##vso[task.setvariable variable=IS_RELEASE_BUILD;]true"
fi
workingDirectory: $(Agent.BuildDirectory)/$(ARCHETYPE_PATH)
timeoutInMinutes: 1
displayName: "Read variables - SNAPSHOT or Release build"
# for SNAPSHOT builds: run verify goal against archetype
- task: Maven@3
condition: and(succeeded(), eq(variables.IS_RELEASE_BUILD, 'false'))
inputs:
goals: clean verify
mavenPomFile: '$(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/pom.xml'
mavenOptions: '-Xmx1024m $(MAVEN_OPTS)'
displayName: "Maven - run verify goal against archetype snapshot"
# for RELEASE builds: run deploy goal to push the archetype to Sonatype STAGING repository.
# The release can be promoted to central in a later step.
- task: Maven@3
condition: and(succeeded(), eq(variables.IS_RELEASE_BUILD, 'true'))
inputs:
goals: clean deploy
mavenPomFile: '$(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/pom.xml'
mavenOptions: '-Xmx1024m $(MAVEN_OPTS)'
displayName: "Maven - run deploy goal against archetype release"
env:
PGP_PASSPHRASE: "literal:$(pgpPassphrase)"
PGP_SECRETKEY: "keyfile:$(pgpPrivateKey.secureFilePath)"
- task: Maven@3
inputs:
goals: clean verify
mavenPomFile: '$(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/target/test-classes/projects/basic/project/archetype-test/dependency-helper/pom.xml'
mavenOptions: '-Xmx1024m $(MAVEN_OPTS)'
displayName: "Maven - run verify goal against dependency-helper"
- script: |
# stop on any error
set -e
docker tag "$(cat $PROJECT_IMAGE_NAME_FILE):$(cat $PROJECT_IMAGE_TAG_FILE)" \
"$IOM_DEVOPS_ACR_HOST/ci/$(cat $PROJECT_IMAGE_NAME_FILE):$(cat $PROJECT_IMAGE_TAG_FILE)-${BUILD_BUILDID}"
docker push "$IOM_DEVOPS_ACR_HOST/ci/$(cat $PROJECT_IMAGE_NAME_FILE):$(cat $PROJECT_IMAGE_TAG_FILE)-${BUILD_BUILDID}"
# set variables
echo "##vso[task.setvariable variable=PROJECT_IMAGE_TAG;]$(cat $PROJECT_IMAGE_TAG_FILE)-${BUILD_BUILDID}"
echo "##vso[task.setvariable variable=PROJECT_IMAGE_NAME;]$IOM_DEVOPS_ACR_HOST/ci/$(cat $PROJECT_IMAGE_NAME_FILE)"
timeoutInMinutes: "10"
displayName: "Docker - tag images and push to ACR"
- script: |
set -e
helm repo add intershop $IOM_HELM_URL
helm repo update
timeoutInMinutes: 1
displayName: download IOM Helm Charts
- task: HelmDeploy@0
displayName: "Helm - install archetype-test release"
inputs:
connectionType: Kubernetes Service Connection
kubernetesServiceEndpoint: $(IOM_AKS_SERVICE_ENDPOINT)
namespace: $(IOM_AKS_NAMESPACE)
releaseName: $(HELM_RELEASE_NAME)
command: install
chartType: Name
chartName: intershop/iom
waitForExecution: true
valueFile: $(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/helm-values-test.yaml
arguments: >-
--version $(IOM_HELM_VERSION)
--create-namespace
--set image.repository=$(PROJECT_IMAGE_NAME)
--set image.tag=$(PROJECT_IMAGE_TAG)
--set ingress.hosts[0].host=ipb.$(Build.BuildId).ci
--timeout 900s
# CLEANUP TASKS
- task: HelmDeploy@0
displayName: "Cleanup - uninstall archetype-test release"
condition: always()
inputs:
connectionType: Kubernetes Service Connection
kubernetesServiceEndpoint: $(IOM_AKS_SERVICE_ENDPOINT)
namespace: $(IOM_AKS_NAMESPACE)
command: uninstall
# NOTE: releaseName parameter doesn't work for uninstall command!
#releaseName: $(HELM_RELEASE_NAME)
waitForExecution: true
arguments: >-
--timeout 300s
$(HELM_RELEASE_NAME)
# the previous login is timed out!
- task: Kubernetes@1
displayName: "Kubernetes - Login"
condition: always()
timeoutInMinutes: 1
inputs:
connectionType: Kubernetes Service Connection
kubernetesServiceEndpoint: $(IOM_AKS_SERVICE_ENDPOINT)
command: login
# Should show, that the cluster is deleted
- script: |
kubectl get all -n $IOM_AKS_NAMESPACE
condition: always()
displayName: Show status of cluster
- script: |
echo "##[debug] cleanup IOM and namespace $IOM_AKS_NAMESPACE"
# wait for pv to disappear before deleting the namespace, otherwise the pv cannot be deleted
PV=$(kubectl get pv | grep " $IOM_AKS_NAMESPACE/" | { read ID REST; echo $ID; })
if [ ! -z "$PV" ]; then
while kubectl get pv | grep -q "$PV"; do
sleep 10
done
fi
kubectl delete namespace "$IOM_AKS_NAMESPACE" || true
timeoutInMinutes: 5
displayName: "Cleanup - wait for PV deletion, delete namespace"
condition: always()
- task: Maven@3
condition: and(succeeded(), eq(variables.IS_RELEASE_BUILD, 'true'))
inputs:
goals: nexus-staging:release
mavenPomFile: '$(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/pom.xml'
mavenOptions: '-Xmx1024m $(MAVEN_OPTS)'
displayName: "Maven - stage successful release"
- task: Maven@3
condition: and(succeeded(), eq(variables.IS_RELEASE_BUILD, 'true'))
inputs:
goals: org.codehaus.mojo:versions-maven-plugin:2.7:set -DgenerateBackupPoms=false -DnextSnapshot
mavenPomFile: '$(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/pom.xml'
mavenOptions: '-Xmx1024m $(MAVEN_OPTS)'
displayName: "Maven - set next snapshot version"
enabled: false
- script: |
git config user.email [email protected]
git config user.name "Azure DevOps Build User"
git add pom.xml
git commit -m "[skip ci] set next snapshot version"
git push
workingDirectory: '$(ARCHETYPE_PATH)'
displayName: "Git - push changes to pom.xml"
condition: and(succeeded(), eq(variables.IS_RELEASE_BUILD, 'true'))
enabled: false
- task: Maven@3
condition: and(failed(), eq(variables.IS_RELEASE_BUILD, 'true'))
inputs:
goals: nexus-staging:drop
mavenPomFile: '$(Agent.BuildDirectory)/$(ARCHETYPE_PATH)/pom.xml'
mavenOptions: '-Xmx1024m $(MAVEN_OPTS)'
displayName: "Maven - rollback failed release in sonatype nexus"