forked from Informatievlaanderen/metadata-geonetwork
-
Notifications
You must be signed in to change notification settings - Fork 0
/
azure-pipelines-deploy.yml
155 lines (150 loc) · 7.04 KB
/
azure-pipelines-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
parameters:
- name: subscription
- name: clusterRg
- name: clusterName
- name: namespace
- name: acr
stages:
- stage: skipcheck
pool: dv-prd-ubuntu2204
jobs:
# check whether we can/should skip this pipeline, e.g., for comment-only fixes
- job: skipcheck
steps:
- bash: |
echo "Testing whether we need to skip the pipeline."
substring='skipci'
echo "> substring: $substring"
echo "> commit message: $COMMIT_MESSAGE"
if [[ "$COMMIT_MESSAGE" == *"$substring"* ]];
then
echo "> '$substring' was found in the commit message."
echo "##vso[task.setvariable variable=skip;isoutput=true]true"
else
echo "##vso[task.setvariable variable=skip;isoutput=true]false"
fi
name: skipcheck
env:
COMMIT_MESSAGE: $(Build.SourceVersionMessage)
# environment specific deployment steps, repeatable on each env/namespace
- stage: ${{ parameters.namespace }}
pool: dv-prd-ubuntu2204
dependsOn: skipcheck
condition: and(succeeded('skipcheck'),eq(dependencies.skipcheck.outputs['skipcheck.skipcheck.skip'], 'false'))
jobs:
- deployment: deploy
environment: ${{ parameters.namespace }}
strategy:
runOnce:
deploy:
steps:
- checkout: self
displayName: Set up repository
submodules: recursive # needed for submodules
- task: Bash@3
displayName: Set git commit sha as env var
inputs:
targetType: 'inline'
script: |
GIT_COMMIT_SHA=$(git rev-parse HEAD)
echo "GIT_COMMIT_SHA: ${GIT_COMMIT_SHA}"
echo "##vso[task.setvariable variable=GIT_COMMIT_SHA]${GIT_COMMIT_SHA}"
- task: Bash@3
displayName: Retrieve project version
inputs:
targetType: 'inline'
workingDirectory: 'vlaanderen'
script: |
VL_GEONETWORK_VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout)
echo "VL_GEONETWORK_VERSION: ${VL_GEONETWORK_VERSION}"
echo "##vso[task.setvariable variable=VL_GEONETWORK_VERSION]${VL_GEONETWORK_VERSION}"
- task: Bash@3
displayName: Prepare public changelog
inputs:
targetType: 'inline'
workingDirectory: 'vlaanderen/scripts'
script: |
bash public.changelog.sh
changelogFile=../../liquibase/changesets/public.changelog.html
if [ -f "$changelogFile" ]; then
echo "$changelogFile was created, proceeding."
else
echo "$changelogFile does not exist, pipeline broken?"
exit 1
fi
- task: AzureCLI@2
displayName: Configure access to aks cluster
inputs:
azureSubscription: 'md-azuredevops-sc'
addSpnToEnvironment: true
scriptType: bash
scriptLocation: inlineScript
inlineScript: |
# download kubectl and kubelogin
sudo az aks install-cli --subscription ${{ parameters.subscription }} --client-version latest --kubelogin-version latest --only-show-errors
# set the right subscription
az account set --subscription ${{ parameters.subscription }}
# download ~/.kube/config file
az aks get-credentials --subscription ${{ parameters.subscription }} --resource-group ${{ parameters.clusterRg }} --name ${{ parameters.clusterName }} --only-show-errors
# convert ~/.kube/config to a format compatible with kubelogin
kubelogin convert-kubeconfig --login spn
# create secure azure devops variables for later steps
echo "##vso[task.setvariable variable=spnId;isSecret=true]$servicePrincipalId"
echo "##vso[task.setvariable variable=spnSecret;isSecret=true]$servicePrincipalKey"
- task: Docker@2
displayName: Login to ACR
inputs:
containerRegistry: ${{ parameters.acr }}
repository: 'metadata/geonetwork'
command: 'login'
- task: Bash@3
displayName: Re-tag docker image
inputs:
targetType: 'inline'
workingDirectory: 'liquibase'
script: |
image=$ACR.azurecr.io/metadata/geonetwork:$GIT_COMMIT_SHA
newimage=$ACR.azurecr.io/metadata/geonetwork:$NAMESPACE
echo "acr: $acr"
echo "image: $image"
echo "new image: $newimage"
echo "gitcommitsha2: $GIT2"
docker image ls $ACR.azurecr.io/metadata/geonetwork
docker pull $image
docker tag $image $newimage
docker push $newimage
env:
NAMESPACE: ${{ parameters.namespace }}
GIT_COMMIT_SHA: $(GIT_COMMIT_SHA)
ACR: ${{ parameters.acr }}
- task: Bash@3
displayName: Execute liquibase
env:
# get the pipeline variables into our task
LIQUIBASE_GN_SYSTEM_FEEDBACK_MAILSERVER_PASSWORD: $(liquibase.gn.system.feedback.mailserver.password)
LIQUIBASE_MDV_PASSWORDHASH: $(liquibase.mdv.passwordhash)
LIQUIBASE_MAILPIT_PORT: $(liquibase.mailpit.port)
LIQUIBASE_MAILPIT_HOST: $(liquibase.mailpit.host)
# get additional variables into our task
LIQUIBASE_GN_SYSTEM_VLAANDEREN_VERSION: $(VL_GEONETWORK_VERSION)
# needed for kube access
AAD_SERVICE_PRINCIPAL_CLIENT_ID: $(spnId)
AAD_SERVICE_PRINCIPAL_CLIENT_SECRET: $(spnSecret)
inputs:
targetType: 'inline'
workingDirectory: 'liquibase'
script: |
# create an empty liquibase.properties file
touch liquibase.properties
# necessary variables are found in environment
bash execute-on-env.sh -n ${{ parameters.namespace }}
- task: Bash@3
displayName: Rolling restart of geonetwork (${{ parameters.namespace }})
env:
AAD_SERVICE_PRINCIPAL_CLIENT_ID: $(spnId)
AAD_SERVICE_PRINCIPAL_CLIENT_SECRET: $(spnSecret)
inputs:
targetType: 'inline'
script: |
kubectl rollout restart --cluster ${{ parameters.clusterName }} -n ${{ parameters.namespace }} deployment/geonetwork
kubectl rollout restart --cluster ${{ parameters.clusterName }} -n ${{ parameters.namespace }} deployment/geonetwork-replica