diff --git a/Jenkinsfile b/Jenkinsfile deleted file mode 100644 index 61914a1bf..000000000 --- a/Jenkinsfile +++ /dev/null @@ -1,403 +0,0 @@ -// This Jenkins build requires a configmap called jenkin-config with the following in it: -// -// password_qtxn= -// password_nonqtxn= -// client_secret= -// zap_with_url= -// namespace= -// url=/api/v1/ -// authurl= -// clientid= -// realm= - -def WAIT_TIMEOUT = 10 -def TAG_NAMES = ['dev', 'test', 'production'] -def BUILDS = ['queue-management-api', 'queue-management-npm-build', 'queue-management-frontend'] -def DEP_ENV_NAMES = ['dev', 'test', 'prod'] -def label = "mypod-${UUID.randomUUID().toString()}" -def API_IMAGE_HASH = "" -def FRONTEND_IMAGE_HASH = "" - -String getNameSpace() { - def NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - return NAMESPACE -} - -// Get an image's hash tag -String getImageTagHash(String imageName, String tag = "") { - - if(!tag?.trim()) { - tag = "latest" - } - - def istag = openshift.raw("get istag ${imageName}:${tag} -o template --template='{{.image.dockerImageReference}}'") - return istag.out.tokenize('@')[1].trim() -} - -podTemplate( - label: label, - name: 'jenkins-python3nodejs', - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ - containerTemplate( - name: 'jnlp', - image: '172.50.0.2:5000/openshift/jenkins-slave-python3nodejs', - resourceRequestCpu: '1000m', - resourceLimitCpu: '2000m', - resourceRequestMemory: '2Gi', - resourceLimitMemory: '4Gi', - workingDir: '/tmp', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - ) - ] -){ -node(label) { - stage('Checkout Source') { - echo "checking out source" - checkout scm - } - - stage('SonarQube Analysis') { - echo ">>> Performing static analysis <<<" - SONARQUBE_PWD = sh ( - script: 'oc set env dc/sonarqube --list | awk -F "=" \'/SONARQUBE_ADMINPW/{print $2}\'', - returnStdout: true - ).trim() - - SONARQUBE_URL = sh ( - script: 'oc get routes -o wide --no-headers | awk \'/sonarqube/{ print match($0,/edge/) ? "https://"$2 : "http://"$2 }\'', - returnStdout: true - ).trim() - - echo "PWD: ${SONARQUBE_PWD}" - echo "URL: ${SONARQUBE_URL}" - - dir('sonar-runner') { - sh ( - returnStdout: true, - script: "./gradlew sonarqube -Dsonar.host.url=${SONARQUBE_URL} --stacktrace --info" - ) - } - } - - stage("Build API..") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - def bc = openshift.selector("bc", "${BUILDS[0]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "API Build complete ..." - } - } - } - - stage("Deploy API to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - API_IMAGE_HASH = getImageTagHash("${BUILDS[0]}") - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - - stage("Build Front End..") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - bc = openshift.selector("bc", "${BUILDS[1]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - - bc = openshift.selector("bc", "${BUILDS[2]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Front End complete ..." - } - } - } - - stage("Deploy Frontend to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - - stage('Newman Tests') { - dir('api/postman') { - sh "ls -alh" - - sh ( - returnStdout: true, - script: "npm init -y" - ) - - sh ( - returnStdout: true, - script: "npm install newman" - ) - - USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - USERID_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - CLIENT_SECRET = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^client_secret/{print $2}\'', - returnStdout: true - ).trim() - - REALM = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^realm/{print $2}\'', - returnStdout: true - ).trim() - - API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^url/{print $2}\'', - returnStdout: true - ).trim() - - AUTH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/auth_url/{print $2}\'', - returnStdout: true - ).trim() - - CLIENTID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^clientid/{print $2}\'', - returnStdout: true - ).trim() - - PUBLICID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_id/{print $2}\'', - returnStdout: true - ).trim() - - PUBLICPW = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_password/{print $2}\'', - returnStdout: true - ).trim() - - PUBLICURL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_url/{print $2}\'', - returnStdout: true - ).trim() - - NODE_OPTIONS='--max_old_space_size=2048' - - sh ( - returnStdout: true, - script: "./node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json -e postman_env.json --global-var 'userid=${USERID}' --global-var 'password=${PASSWORD}' --global-var 'userid_nonqtxn=${USERID_NONQTXN}' --global-var 'password_nonqtxn=${PASSWORD_NONQTXN}' --global-var 'client_secret=${CLIENT_SECRET}' --global-var 'url=${API_URL}' --global-var 'auth_url=${AUTH_URL}' --global-var 'clientid=${CLIENTID}' --global-var 'realm=${REALM}' --global-var 'public_user_id=${PUBLICID}' --global-var 'public_user_password=${PUBLICPW}' --global-var 'public_url=${PUBLICURL}'" - ) - } - } -} -} -def owaspPodLabel = "owasp-zap-${UUID.randomUUID().toString()}" -podTemplate( - label: owaspPodLabel, - name: owaspPodLabel, - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ containerTemplate( - name: 'jnlp', - image: '172.50.0.2:5000/openshift/jenkins-slave-zap', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/home/jenkins', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - )] -) { - node(owaspPodLabel) { - stage('ZAP Security Scan') { - sleep 60 - ZAP_WITH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^zap_with_url/{print $2}\'', - returnStdout: true - ).trim() - def retVal = sh ( - returnStatus: true, - script: "${ZAP_WITH_URL}" - ) - publishHTML([ - allowMissing: false, - alwaysLinkToLastBuild: false, - keepAll: true, - reportDir: '/zap/wrk', - reportFiles: 'baseline.html', - reportName: 'ZAP Baseline Scan', - reportTitles: 'ZAP Baseline Scan' - ]) - echo "Return value is: ${retVal}" - - script { - if (retVal != 0) { - echo "MARKING BUILD AS UNSTABLE" - currentBuild.result = 'UNSTABLE' - } - } - } - } -} - -node { - stage("Deploy API - test") { - input "Deploy to test?" - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Frontend - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } -} -node { - stage("Deploy API - Prod") { - input "Deploy to Prod?" - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Frontend - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } -} diff --git a/Jenkinsfile.groovy b/Jenkinsfile.groovy index 0d9c25f8d..e75a10915 100644 --- a/Jenkinsfile.groovy +++ b/Jenkinsfile.groovy @@ -21,13 +21,18 @@ def WAIT_TIMEOUT = 20 def TAG_NAMES = ['dev', 'test', 'prod'] -def BUILDS = ['queue-management-api', 'queue-management-npm-build', 'queue-management-frontend', 'appointment-npm-build', 'appointment-frontend','send-appointment-reminder-crond'] +def BUILDS = ['queue-management-api','queue-management-nginx-frontend','appointment-nginx-frontend','send-appointment-reminder-crond','notifications-api','feedback-api'] def DEP_ENV_NAMES = ['dev', 'test', 'prod'] def label = "mypod-${UUID.randomUUID().toString()}" def API_IMAGE_HASH = "" def FRONTEND_IMAGE_HASH = "" def APPOINTMENT_IMAGE_HASH = "" def REMINDER_IMAGE_HASH = "" +def NOTIFICATION_IMAGE_HASH = "" +def FEEDBACK_IMAGE_HASH = "" +def owaspPodLabel = "jenkins-agent-zap" +def STAFFURL = "" +def APPTMNTURL = "" String getNameSpace() { def NAMESPACE = sh ( @@ -86,7 +91,7 @@ podTemplate( script: "pwd", returnStdout: true ).trim() - SONAR_SOURCES = 'api,frontend,appointment-frontend,jobs' + SONAR_SOURCES = 'api,frontend,appointment-frontend,jobs,feedback-api,notifications-api' SONARQUBE_PWD = sh ( script: 'oc describe configmap jenkin-config | awk -F "=" \'/^sonarqube_key/{print $2}\'', returnStdout: true @@ -111,25 +116,25 @@ podTemplate( ) } } - parallel Build_Staff_FE_NPM: { - stage("Build Front End NPM..") { + parallel Build_Staff_FE_NGINX: { + stage("Build Front End NGINX..") { script: { openshift.withCluster() { openshift.withProject() { - echo "Building Front End NPM" + echo "Building Front End Nginx" openshift.selector("bc", "${BUILDS[1]}").startBuild("--wait") } - echo "Staff Front End NPM Completed ..." + echo "Staff Front End Nginx Completed ..." } } } - }, Build_Appointment_FE_NPM: { - stage("Build Appointment NPM") { + }, Build_Appointment_FE_NGINX: { + stage("Build Appointment NGINX") { script: { openshift.withCluster() { openshift.withProject() { echo "Bulding Appoitment Front End NPM" - openshift.selector("bc", "${BUILDS[3]}").startBuild("--wait") + openshift.selector("bc", "${BUILDS[2]}").startBuild("--wait") } echo "Appointment NPM ..." } @@ -151,38 +156,35 @@ podTemplate( script: { openshift.withCluster() { openshift.withProject() { - openshift.selector("bc", "${BUILDS[5]}").startBuild("--wait") + openshift.selector("bc", "${BUILDS[3]}").startBuild("--wait") } echo "Cron Mail Build complete ..." } } } - } - parallel Build_Staff_FE: { - stage("Build Staff Front End ..") { + }, Build_notifications_api: { + stage("Build notification api") { script: { openshift.withCluster() { openshift.withProject() { - echo "Building Front End Final" - openshift.selector("bc", "${BUILDS[2]}").startBuild("--wait") + openshift.selector("bc", "${BUILDS[4]}").startBuild("--wait") } - echo "Staff Front End Completed ..." + echo "notification api complete ..." } } } - }, Build_Appointment_FE: { - stage("Build Appointment Front End") { + }, Build_feedback_api: { + stage("Build feedback api") { script: { openshift.withCluster() { openshift.withProject() { - echo "Bulding Appoitment Front End Final" - openshift.selector("bc", "${BUILDS[4]}").startBuild("--wait") + openshift.selector("bc", "${BUILDS[5]}").startBuild("--wait") } - echo "Appointment Online complete ..." + echo "notification api complete ..." } } } - } + } parallel Depoy_API_Dev: { stage("Deploy API to Dev") { script: { @@ -213,34 +215,66 @@ podTemplate( script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[0]} ..." + echo "Tagging ${BUILDS[3]} for deployment to ${TAG_NAMES[0]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash - REMINDER_IMAGE_HASH = getImageTagHash("${BUILDS[5]}") + REMINDER_IMAGE_HASH = getImageTagHash("${BUILDS[3]}") echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[0]}") + openshift.tag("${BUILDS[3]}@${REMINDER_IMAGE_HASH}", "${BUILDS[3]}:${TAG_NAMES[0]}") + } + } + } + } + }, Depoy_notifications_api_Dev: { + stage("Deploy notifications api pod") { + script: { + openshift.withCluster() { + openshift.withProject() { + echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[0]} ..." + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + NOTIFICATION_IMAGE_HASH = getImageTagHash("${BUILDS[4]}") + echo "NOTIFICATION_IMAGE_HASH: ${NOTIFICATION_IMAGE_HASH}" + openshift.tag("${BUILDS[4]}@${NOTIFICATION_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[0]}") + } + } + } + } + }, Depoy_feedback_api_Dev: { + stage("Deploy feedback api pod") { + script: { + openshift.withCluster() { + openshift.withProject() { + echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[0]} ..." + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + FEEDBACK_IMAGE_HASH = getImageTagHash("${BUILDS[5]}") + echo "NOTIFICATION_IMAGE_HASH: ${FEEDBACK_IMAGE_HASH}" + openshift.tag("${BUILDS[5]}@${FEEDBACK_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[0]}") } } } } - }, Deploy_Staff_FE_Dev: { + }, Deploy_Staff_FE_NGINX_Dev: { stage("Deploy Frontend to Dev") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." + echo "Tagging ${BUILDS[1]} for deployment to ${TAG_NAMES[0]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash - FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") + FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[1]}") echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") + openshift.tag("${BUILDS[1]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[1]}:${TAG_NAMES[0]}") } def NAME_SPACE = getNameSpace() openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") + dc = openshift.selector('dc', "${BUILDS[1]}") // Wait for the deployment to complete. // This will wait until the desired replicas are all available dc.rollout().status() @@ -249,23 +283,23 @@ podTemplate( } } } - }, Deploy_Appointment_Dev: { + }, Deploy_Appointment_NGINX_Dev: { stage("Deploy Appointment to Dev") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[0]} ..." + echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash - APPOINTMENT_IMAGE_HASH = getImageTagHash("${BUILDS[4]}") + APPOINTMENT_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[0]}") + openshift.tag("${BUILDS[2]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") } def NAME_SPACE = getNameSpace() openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") + dc = openshift.selector('dc', "${BUILDS[2]}") // Wait for the deployment to complete. // This will wait until the desired replicas are all available dc.rollout().status() @@ -357,6 +391,68 @@ podTemplate( } } } +node() { + + stage('get url') { + STAFFURL = sh ( + script: 'oc describe configmap jenkin-config | awk -F "=" \'/^zap_url_staff/{print $2}\'', + returnStdout: true + ).trim() + APPTMNTURL = sh ( + script: 'oc describe configmap jenkin-config | awk -F "=" \'/^zap_url_appntmnt/{print $2}\'', + returnStdout: true + ).trim() + } + } +podTemplate( + label: owaspPodLabel, + name: owaspPodLabel, + serviceAccount: 'jenkins', + cloud: 'openshift', + containers: [ containerTemplate( + name: 'jenkins-agent-zap', + image: 'image-registry.openshift-image-registry.svc:5000/df1ee0-tools/jenkins-agent-zap:latest', + resourceRequestCpu: '1000m', + resourceLimitCpu: '2000m', + resourceRequestMemory: '4Gi', + resourceLimitMemory: '5Gi', + workingDir: '/home/jenkins', + command: '', + args: '${computer.jnlpmac} ${computer.name}' + )] +) { + node(owaspPodLabel) { + stage('ZAP Security Scan') { + def retVal = sh ( + returnStatus: true, + script: "/zap/zap-baseline.py -r index1.html -t ${STAFFURL}" + ) + } + stage('ZAP Security Scan') { + def retVal = sh ( + returnStatus: true, + script: "/zap/zap-baseline.py -r index2.html -t ${APPTMNTURL}" + ) + sh 'echo "Staff Front Report
Appointment Front End Report" > /zap/wrk/index.html' + publishHTML([ + allowMissing: false, + alwaysLinkToLastBuild: true, + keepAll: true, + reportDir: '/zap/wrk', + reportFiles: 'index.html', + reportName: 'OWASPReport', + ]) + echo "Return value is: ${retVal}" + + script { + if (retVal != 0) { + echo "MARKING BUILD AS UNSTABLE" + currentBuild.result = 'UNSTABLE' + } + } + } + } + } node { stage("Deploy to test") { input "Deploy to test?" @@ -388,22 +484,22 @@ node { } } } - }, Deploy_Staff_FE_Test: { + }, Deploy_Staff_FE_NGINX_Test: { stage("Deploy Frontend - Test") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." + echo "Tagging ${BUILDS[1]} for deployment to ${TAG_NAMES[1]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") + openshift.tag("${BUILDS[1]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[1]}:${TAG_NAMES[1]}") } def NAME_SPACE = getNameSpace() openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") + dc = openshift.selector('dc', "${BUILDS[1]}") // Wait for the deployment to complete. // This will wait until the desired replicas are all available dc.rollout().status() @@ -412,22 +508,22 @@ node { } } } - }, Deploy_Appointment_Test: { + }, Deploy_Appointment_NGINX_Test: { stage("Deploy Appointment - Test") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[1]} ..." + echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[1]}") + openshift.tag("${BUILDS[2]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") } def NAME_SPACE = getNameSpace() openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") + dc = openshift.selector('dc', "${BUILDS[2]}") // Wait for the deployment to complete. // This will wait until the desired replicas are all available dc.rollout().status() @@ -436,17 +532,47 @@ node { } } } + }, Depoy_notifications_api_Test: { + stage("Deploy notifications api pod") { + script: { + openshift.withCluster() { + openshift.withProject() { + echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[1]} ..." + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + echo "NOTIFICATION_IMAGE_HASH: ${NOTIFICATION_IMAGE_HASH}" + openshift.tag("${BUILDS[4]}@${NOTIFICATION_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[1]}") + } + } + } + } + }, Depoy_feedback_api_Test: { + stage("Deploy feedback api pod") { + script: { + openshift.withCluster() { + openshift.withProject() { + echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[1]} ..." + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + echo "NOTIFICATION_IMAGE_HASH: ${FEEDBACK_IMAGE_HASH}" + openshift.tag("${BUILDS[5]}@${FEEDBACK_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[1]}") + } + } + } + } }, Deploy_Cron_Email_Test: { stage("Deploy Appt Reminder - test") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[1]} ..." + echo "Tagging ${BUILDS[3]} for deployment to ${TAG_NAMES[1]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[1]}") + openshift.tag("${BUILDS[3]}@${REMINDER_IMAGE_HASH}", "${BUILDS[3]}:${TAG_NAMES[1]}") } echo "Appt Reminder Deployment Complete." } @@ -466,7 +592,9 @@ node { openshift.withProject() { echo "Tagging Production to Stable" openshift.tag("${BUILDS[0]}:prod", "${BUILDS[0]}:stable") + openshift.tag("${BUILDS[1]}:prod", "${BUILDS[1]}:stable") openshift.tag("${BUILDS[2]}:prod", "${BUILDS[2]}:stable") + openshift.tag("${BUILDS[3]}:prod", "${BUILDS[3]}:stable") openshift.tag("${BUILDS[4]}:prod", "${BUILDS[4]}:stable") openshift.tag("${BUILDS[5]}:prod", "${BUILDS[5]}:stable") } @@ -499,22 +627,22 @@ node { } } } - }, Deploy_Staff_FE_Prod: { + }, Deploy_Staff_FE_NGINX_Prod: { stage("Deploy Frontend - Prod") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." + echo "Tagging ${BUILDS[1]} for deployment to ${TAG_NAMES[2]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") + openshift.tag("${BUILDS[1]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[1]}:${TAG_NAMES[2]}") } def NAME_SPACE = getNameSpace() openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") + dc = openshift.selector('dc', "${BUILDS[1]}") // Wait for the deployment to complete. // This will wait until the desired replicas are all available dc.rollout().status() @@ -523,22 +651,22 @@ node { } } } - }, Deploy_Appointment_Prod: { + }, Deploy_Appointment_NGINX_Prod: { stage("Deploy Appointment - Prod") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[2]} ..." + echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[2]}") + openshift.tag("${BUILDS[2]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") } def NAME_SPACE = getNameSpace() openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") + dc = openshift.selector('dc', "${BUILDS[2]}") // Wait for the deployment to complete. // This will wait until the desired replicas are all available dc.rollout().status() @@ -547,17 +675,47 @@ node { } } } + }, Depoy_notifications_api_Prod: { + stage("Deploy notifications api pod - PROD") { + script: { + openshift.withCluster() { + openshift.withProject() { + echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[2]} ..." + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + echo "NOTIFICATION_IMAGE_HASH: ${NOTIFICATION_IMAGE_HASH}" + openshift.tag("${BUILDS[4]}@${NOTIFICATION_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[2]}") + } + } + } + } + }, Depoy_feedback_api_Prod: { + stage("Deploy feedback api pod - PROD") { + script: { + openshift.withCluster() { + openshift.withProject() { + echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[2]} ..." + + // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. + // Tag the images for deployment based on the image's hash + echo "NOTIFICATION_IMAGE_HASH: ${FEEDBACK_IMAGE_HASH}" + openshift.tag("${BUILDS[5]}@${FEEDBACK_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[2]}") + } + } + } + } }, Deploy_Cron_Email_Prod: { stage("Deploy Appt Reminders - Prod") { script: { openshift.withCluster() { openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[2]} ..." + echo "Tagging ${BUILDS[3]} for deployment to ${TAG_NAMES[2]} ..." // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. // Tag the images for deployment based on the image's hash echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[2]}") + openshift.tag("${BUILDS[3]}@${REMINDER_IMAGE_HASH}", "${BUILDS[3]}:${TAG_NAMES[2]}") } echo "Appt Reminders Deployment Complete." } diff --git a/JenkinsfileOC4 b/JenkinsfileOC4 deleted file mode 100644 index 568007b25..000000000 --- a/JenkinsfileOC4 +++ /dev/null @@ -1,539 +0,0 @@ -// This Jenkins build requires a configmap called jenkin-config with the following in it: -// -// password_qtxn= -// password_nonqtxn= -// client_secret= -// zap_with_url= -// namespace= -// url=/api/v1/ -// authurl= -// clientid= -// realm= - -def WAIT_TIMEOUT = 10 -def TAG_NAMES = ['dev', 'test', 'production'] -def BUILDS = ['queue-management-api', 'queue-management-npm-build', 'queue-management-frontend', 'appointment-npm-build', 'appointment-frontend','send-appointment-reminder-cron'] -def DEP_ENV_NAMES = ['dev', 'test', 'prod'] -def label = "mypod-${UUID.randomUUID().toString()}" -def API_IMAGE_HASH = "" -def FRONTEND_IMAGE_HASH = "" -def APPOINTMENT_IMAGE_HASH = "" -def REMINDER_IMAGE_HASH = "" - -String getNameSpace() { - def NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - return NAMESPACE -} - -// Get an image's hash tag -String getImageTagHash(String imageName, String tag = "") { - - if(!tag?.trim()) { - tag = "latest" - } - - def istag = openshift.raw("get istag ${imageName}:${tag} -o template --template='{{.image.dockerImageReference}}'") - return istag.out.tokenize('@')[1].trim() -} - -podTemplate( - label: label, - name: 'jenkins-python3nodejs', - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ - containerTemplate( - name: 'jnlp', - image: 'image-registry.openshift-image-registry.svc:5000/openshift/jenkins-agent-nodejs', - resourceRequestCpu: '1000m', - resourceLimitCpu: '2000m', - resourceRequestMemory: '2Gi', - resourceLimitMemory: '4Gi', - workingDir: '/tmp', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - ) - ] -){ - node(label) { - stage('Checkout Source') { - echo "checking out source" - checkout scm - } - - stage("Build API..") { - script: { - openshift.withCluster() { - openshift.withProject() { - // Find all of the build configurations associated to the application using labels ... - def bc = openshift.selector("bc", "${BUILDS[0]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "API Build complete ..." - } - } - } - stage("Build Appt Reminder..") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - def bc = openshift.selector("bc", "${BUILDS[5]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Appt Reminder Build complete ..." - } - } - } - stage("Build Front End..") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - bc = openshift.selector("bc", "${BUILDS[1]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - - bc = openshift.selector("bc", "${BUILDS[2]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Front End complete ..." - } - } - } - stage("Build Appointment") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - bc = openshift.selector("bc", "${BUILDS[3]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - - bc = openshift.selector("bc", "${BUILDS[4]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Appointment Online complete ..." - } - } - } - stage("Deploy API to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - API_IMAGE_HASH = getImageTagHash("${BUILDS[0]}") - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Email Reminder to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - REMINDER_IMAGE_HASH = getImageTagHash("${BUILDS[5]}") - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[0]}") - } - } - } - } - stage("Deploy Frontend to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appointment to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - APPOINTMENT_IMAGE_HASH = getImageTagHash("${BUILDS[4]}") - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Appointment Online Complete." - } - } - } - stage('Newman Tests') { - dir('api/postman') { - sh "ls -alh" - - sh ( - returnStdout: true, - script: "npm init -y" - ) - - sh ( - returnStdout: true, - script: "npm install newman@4.6.1" - ) - - USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - USERID_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - CLIENT_SECRET = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^client_secret/{print $2}\'', - returnStdout: true - ).trim() - - REALM = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^realm/{print $2}\'', - returnStdout: true - ).trim() - - API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^url/{print $2}\'', - returnStdout: true - ).trim() - - AUTH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/auth_url/{print $2}\'', - returnStdout: true - ).trim() - - CLIENTID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^clientid/{print $2}\'', - returnStdout: true - ).trim() - - PUBLIC_USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_id/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_PUBLIC_USER = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_password/{print $2}\'', - returnStdout: true - ).trim() - - PUBLIC_API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_url/{print $2}\'', - returnStdout: true - ).trim() - - NODE_OPTIONS='--max_old_space_size=2048' - - sh ( - returnStdout: true, - script: "./node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json --delay-request 250 -e postman_env.json --global-var 'userid=${USERID}' --global-var 'password=${PASSWORD}' --global-var 'userid_nonqtxn=${USERID_NONQTXN}' --global-var 'password_nonqtxn=${PASSWORD_NONQTXN}' --global-var 'client_secret=${CLIENT_SECRET}' --global-var 'url=${API_URL}' --global-var 'auth_url=${AUTH_URL}' --global-var 'clientid=${CLIENTID}' --global-var 'realm=${REALM}' --global-var public_url=${PUBLIC_API_URL} --global-var public_user_id=${PUBLIC_USERID} --global-var public_user_password=${PASSWORD_PUBLIC_USER}" - ) - } - } - } -} -def owaspPodLabel = "owasp-zap-${UUID.randomUUID().toString()}" -podTemplate( - label: owaspPodLabel, - name: owaspPodLabel, - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ containerTemplate( - name: 'jnlp', - image: '172.50.0.2:5000/openshift/jenkins-slave-zap', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/home/jenkins', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - )] -) { - node(owaspPodLabel) { - stage('ZAP Security Scan') { - sleep 60 - ZAP_WITH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^zap_with_url/{print $2}\'', - returnStdout: true - ).trim() - def retVal = sh ( - returnStatus: true, - script: "${ZAP_WITH_URL}" - ) - publishHTML([ - allowMissing: false, - alwaysLinkToLastBuild: false, - keepAll: true, - reportDir: '/zap/wrk', - reportFiles: 'baseline.html', - reportName: 'ZAP_Baseline_Scan', - reportTitles: 'ZAP_Baseline_Scan' - ]) - echo "Return value is: ${retVal}" - - script { - if (retVal != 0) { - echo "MARKING BUILD AS UNSTABLE" - currentBuild.result = 'UNSTABLE' - } - } - } - } -} - -node { - stage("Deploy API - test") { - input "Deploy to test?" - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Appt Reminder - test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[1]}") - } - echo "Appt Reminder Deployment Complete." - } - } - } - stage("Deploy Frontend - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appointment - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } -} -node { - stage("Update Stable") { - input "Deploy to Prod?" - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging Production to Stable" - openshift.tag("${BUILDS[0]}:production", "${BUILDS[0]}:stable") - openshift.tag("${BUILDS[2]}:production", "${BUILDS[2]}:stable") - openshift.tag("${BUILDS[4]}:production", "${BUILDS[4]}:stable") - openshift.tag("${BUILDS[5]}:production", "${BUILDS[5]}:stable") - } - } - } - } -} -node { - stage("Deploy API - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Frontend - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appointment - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appt Reminders - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[2]}") - } - echo "Appt Reminders Deployment Complete." - } - } - } -} diff --git a/JenkinsfileSBC b/JenkinsfileSBC deleted file mode 100644 index 9aadc2f34..000000000 --- a/JenkinsfileSBC +++ /dev/null @@ -1,578 +0,0 @@ -// This Jenkins build requires a configmap called jenkin-config with the following in it: -// -// password_qtxn= -// password_nonqtxn= -// client_secret= -// zap_with_url= -// namespace= -// url=/api/v1/ -// authurl= -// clientid= -// realm= - -def WAIT_TIMEOUT = 10 -def TAG_NAMES = ['dev', 'test', 'production'] -def BUILDS = ['queue-management-api', 'queue-management-npm-build', 'queue-management-frontend', 'appointment-npm-build', 'appointment-frontend','send-appointment-reminder-crond'] -def DEP_ENV_NAMES = ['dev', 'test', 'prod'] -def label = "mypod-${UUID.randomUUID().toString()}" -def API_IMAGE_HASH = "" -def FRONTEND_IMAGE_HASH = "" -def APPOINTMENT_IMAGE_HASH = "" -def REMINDER_IMAGE_HASH = "" - -String getNameSpace() { - def NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - return NAMESPACE -} - -// Get an image's hash tag -String getImageTagHash(String imageName, String tag = "") { - - if(!tag?.trim()) { - tag = "latest" - } - - def istag = openshift.raw("get istag ${imageName}:${tag} -o template --template='{{.image.dockerImageReference}}'") - return istag.out.tokenize('@')[1].trim() -} - -podTemplate( - label: label, - name: 'jenkins-python3nodejs', - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ - containerTemplate( - name: 'jnlp', - image: '172.50.0.2:5000/openshift/jenkins-slave-python3nodejs', - resourceRequestCpu: '1000m', - resourceLimitCpu: '2000m', - resourceRequestMemory: '2Gi', - resourceLimitMemory: '4Gi', - workingDir: '/tmp', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - ) - ] -){ - node(label) { - - stage('Checkout Source') { - echo "checking out source" - checkout scm - } - - stage('SonarQube Analysis') { - echo ">>> Performing static analysis <<<" - SONAR_ROUTE_NAME = 'sonarqube' - SONAR_ROUTE_NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - SONAR_PROJECT_NAME = 'Queue Management' - SONAR_PROJECT_KEY = 'queue-management' - SONAR_PROJECT_BASE_DIR = '../' - SONAR_SOURCES = './' - - SONARQUBE_PWD = sh ( - script: 'oc set env dc/sonarqube --list | awk -F "=" \'/SONARQUBE_ADMINPW/{print $2}\'', - returnStdout: true - ).trim() - - SONARQUBE_URL = sh ( - script: 'oc get routes -o wide --no-headers | awk \'/sonarqube/{ print match($0,/edge/) ? "https://"$2 : "http://"$2 }\'', - returnStdout: true - ).trim() - - echo "PWD: ${SONARQUBE_PWD}" - echo "URL: ${SONARQUBE_URL}" - - dir('sonar-runner') { - sh ( - returnStdout: true, - script: "./gradlew sonarqube --stacktrace --info \ - -Dsonar.verbose=true \ - -Dsonar.host.url=${SONARQUBE_URL} \ - -Dsonar.projectName='${SONAR_PROJECT_NAME}' \ - -Dsonar.projectKey=${SONAR_PROJECT_KEY} \ - -Dsonar.projectBaseDir=${SONAR_PROJECT_BASE_DIR} \ - -Dsonar.sources=${SONAR_SOURCES}" - ) - } - } - stage("Build API..") { - script: { - openshift.withCluster() { - openshift.withProject() { - // Find all of the build configurations associated to the application using labels ... - def bc = openshift.selector("bc", "${BUILDS[0]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "API Build complete ..." - } - } - } - stage("Build Appt Reminder..") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - def bc = openshift.selector("bc", "${BUILDS[5]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Appt Reminder Build complete ..." - } - } - } - stage("Build Front End..") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - bc = openshift.selector("bc", "${BUILDS[1]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - - bc = openshift.selector("bc", "${BUILDS[2]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Front End complete ..." - } - } - } - stage("Build Appointment") { - script: { - openshift.withCluster() { - openshift.withProject() { - - // Find all of the build configurations associated to the application using labels ... - bc = openshift.selector("bc", "${BUILDS[3]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - - bc = openshift.selector("bc", "${BUILDS[4]}") - echo "Started builds: ${bc.names()}" - bc.startBuild("--wait").logs("-f") - } - echo "Appointment Online complete ..." - } - } - } - stage("Deploy API to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - API_IMAGE_HASH = getImageTagHash("${BUILDS[0]}") - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Email Reminder to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - REMINDER_IMAGE_HASH = getImageTagHash("${BUILDS[5]}") - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[0]}") - } - } - } - } - stage("Deploy Frontend to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appointment to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - APPOINTMENT_IMAGE_HASH = getImageTagHash("${BUILDS[4]}") - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Appointment Online Complete." - } - } - } - stage('Newman Tests') { - dir('api/postman') { - sh "ls -alh" - - sh ( - returnStdout: true, - script: "npm init -y" - ) - - sh ( - returnStdout: true, - script: "npm install newman@4.6.1" - ) - - USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - USERID_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - CLIENT_SECRET = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^client_secret/{print $2}\'', - returnStdout: true - ).trim() - - REALM = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^realm/{print $2}\'', - returnStdout: true - ).trim() - - API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^url/{print $2}\'', - returnStdout: true - ).trim() - - AUTH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/auth_url/{print $2}\'', - returnStdout: true - ).trim() - - CLIENTID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^clientid/{print $2}\'', - returnStdout: true - ).trim() - - PUBLIC_USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_id/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_PUBLIC_USER = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_password/{print $2}\'', - returnStdout: true - ).trim() - - PUBLIC_API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_url/{print $2}\'', - returnStdout: true - ).trim() - - NODE_OPTIONS='--max_old_space_size=2048' - - sh ( - returnStdout: true, - script: "./node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json --delay-request 250 -e postman_env.json --global-var 'userid=${USERID}' --global-var 'password=${PASSWORD}' --global-var 'userid_nonqtxn=${USERID_NONQTXN}' --global-var 'password_nonqtxn=${PASSWORD_NONQTXN}' --global-var 'client_secret=${CLIENT_SECRET}' --global-var 'url=${API_URL}' --global-var 'auth_url=${AUTH_URL}' --global-var 'clientid=${CLIENTID}' --global-var 'realm=${REALM}' --global-var public_url=${PUBLIC_API_URL} --global-var public_user_id=${PUBLIC_USERID} --global-var public_user_password=${PASSWORD_PUBLIC_USER}" - ) - } - } - } -} -def owaspPodLabel = "owasp-zap-${UUID.randomUUID().toString()}" -podTemplate( - label: owaspPodLabel, - name: owaspPodLabel, - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ containerTemplate( - name: 'jnlp', - image: '172.50.0.2:5000/openshift/jenkins-slave-zap', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/home/jenkins', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - )] -) { - node(owaspPodLabel) { - stage('ZAP Security Scan') { - sleep 60 - ZAP_WITH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^zap_with_url/{print $2}\'', - returnStdout: true - ).trim() - def retVal = sh ( - returnStatus: true, - script: "${ZAP_WITH_URL}" - ) - publishHTML([ - allowMissing: false, - alwaysLinkToLastBuild: false, - keepAll: true, - reportDir: '/zap/wrk', - reportFiles: 'baseline.html', - reportName: 'ZAP_Baseline_Scan', - reportTitles: 'ZAP_Baseline_Scan' - ]) - echo "Return value is: ${retVal}" - - script { - if (retVal != 0) { - echo "MARKING BUILD AS UNSTABLE" - currentBuild.result = 'UNSTABLE' - } - } - } - } -} - -node { - stage("Deploy API - test") { - input "Deploy to test?" - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Appt Reminder - test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[1]}") - } - echo "Appt Reminder Deployment Complete." - } - } - } - stage("Deploy Frontend - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appointment - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } -} -node { - stage("Update Stable") { - input "Deploy to Prod?" - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging Production to Stable" - openshift.tag("${BUILDS[0]}:production", "${BUILDS[0]}:stable") - openshift.tag("${BUILDS[2]}:production", "${BUILDS[2]}:stable") - openshift.tag("${BUILDS[4]}:production", "${BUILDS[4]}:stable") - openshift.tag("${BUILDS[5]}:production", "${BUILDS[5]}:stable") - } - } - } - } -} -node { - stage("Deploy API - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - stage("Deploy Frontend - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appointment - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - stage("Deploy Appt Reminders - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[2]}") - } - echo "Appt Reminders Deployment Complete." - } - } - } -} diff --git a/Jenkinsfilezap.groovy b/Jenkinsfilezap.groovy deleted file mode 100644 index fdb7c98af..000000000 --- a/Jenkinsfilezap.groovy +++ /dev/null @@ -1,617 +0,0 @@ -// This Jenkins build requires a configmap called jenkin-config with the following in it: -// -// client_secret= -// zap_with_url_staff= -// zap_with_url= -// namespace= -// url=/api/v1/ -// auth_url= -// clientid= -// realm= -// dev_namespace= -// userid_qtxn=postman tester -// password_qtxn= -// userid_nonqtxn=cfms-postman-non-operator userid> -// password_nonqtxn= -// public_user_id=cfms-postman-public-user -// public_user_password= -// public_url= -// sonarqube_key= - - -def WAIT_TIMEOUT = 20 -def TAG_NAMES = ['dev', 'test', 'prod'] -def BUILDS = ['queue-management-api', 'queue-management-npm-build', 'queue-management-frontend', 'appointment-npm-build', 'appointment-frontend','send-appointment-reminder-crond'] -def DEP_ENV_NAMES = ['dev', 'test', 'prod'] -def label = "mypod-${UUID.randomUUID().toString()}" -def API_IMAGE_HASH = "" -def FRONTEND_IMAGE_HASH = "" -def APPOINTMENT_IMAGE_HASH = "" -def REMINDER_IMAGE_HASH = "" -def owaspPodLabel = "jenkins-agent-zap" - -String getNameSpace() { - def NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - return NAMESPACE -} - -// Get an image's hash tag -String getImageTagHash(String imageName, String tag = "") { - - if(!tag?.trim()) { - tag = "latest" - } - - def istag = openshift.raw("get istag ${imageName}:${tag} -o template --template='{{.image.dockerImageReference}}'") - return istag.out.tokenize('@')[1].trim() -} - -podTemplate( - label: label, - name: 'jenkins-agent-nodejs', - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ - containerTemplate( - name: 'jnlp', - image: 'registry.redhat.io/openshift3/jenkins-agent-nodejs-12-rhel7', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/tmp', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - ) - ] -){ - node(label) { - - stage('Checkout Source') { - echo "checking out source" - checkout scm - } - stage('SonarQube Analysis') { - echo ">>> Performing static analysis <<<" - SONAR_ROUTE_NAME = 'sonarqube' - SONAR_ROUTE_NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - SONAR_PROJECT_NAME = 'Queue Management' - SONAR_PROJECT_KEY = 'queue-management' - SONAR_PROJECT_BASE_DIR = sh ( - script: "pwd", - returnStdout: true - ).trim() - SONAR_SOURCES = 'api,frontend,appointment-frontend,jobs' - SONARQUBE_PWD = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^sonarqube_key/{print $2}\'', - returnStdout: true - ).trim() - - SONARQUBE_URL = sh ( - script: 'oc get routes -o wide --no-headers | awk \'/sonarqube/{ print match($0,/edge/) ? "https://"$2 : "http://"$2 }\'', - returnStdout: true - ).trim() - - dir('sonar-runner') { - sh ( - returnStdout: true, - script: "./gradlew sonarqube --stacktrace --info \ - -Dsonar.verbose=true \ - -Dsonar.login=${SONARQUBE_PWD} \ - -Dsonar.host.url=${SONARQUBE_URL} \ - -Dsonar.projectName='${SONAR_PROJECT_NAME}' \ - -Dsonar.projectKey=${SONAR_PROJECT_KEY} \ - -Dsonar.projectBaseDir=${SONAR_PROJECT_BASE_DIR} \ - -Dsonar.sources=${SONAR_SOURCES}" - ) - } - } - parallel Build_Staff_FE_NPM: { - stage("Build Front End NPM..") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Building Front End NPM" - openshift.selector("bc", "${BUILDS[1]}").startBuild("--wait") - } - echo "Staff Front End NPM Completed ..." - } - } - } - }, Build_Appointment_FE_NPM: { - stage("Build Appointment NPM") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Bulding Appoitment Front End NPM" - openshift.selector("bc", "${BUILDS[3]}").startBuild("--wait") - } - echo "Appointment NPM ..." - } - } - } - }, Build_Api: { - stage("Build API..") { - script: { - openshift.withCluster() { - openshift.withProject() { - openshift.selector("bc", "${BUILDS[0]}").startBuild("--wait") - } - echo "API Build complete ..." - } - } - } - }, Build_Cron_Pod: { - stage("Build Mail Cron Pod..") { - script: { - openshift.withCluster() { - openshift.withProject() { - openshift.selector("bc", "${BUILDS[5]}").startBuild("--wait") - } - echo "Cron Mail Build complete ..." - } - } - } - } - parallel Build_Staff_FE: { - stage("Build Staff Front End ..") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Building Front End Final" - openshift.selector("bc", "${BUILDS[2]}").startBuild("--wait") - } - echo "Staff Front End Completed ..." - } - } - } - }, Build_Appointment_FE: { - stage("Build Appointment Front End") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Bulding Appoitment Front End Final" - openshift.selector("bc", "${BUILDS[4]}").startBuild("--wait") - } - echo "Appointment Online complete ..." - } - } - } - } - parallel Depoy_API_Dev: { - stage("Deploy API to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - API_IMAGE_HASH = getImageTagHash("${BUILDS[0]}") - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - }, Depoy_Cron_Dev: { - stage("Deploy Email Cron to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - REMINDER_IMAGE_HASH = getImageTagHash("${BUILDS[5]}") - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[0]}") - } - } - } - } - }, Deploy_Staff_FE_Dev: { - stage("Deploy Frontend to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Appointment_Dev: { - stage("Deploy Appointment to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - APPOINTMENT_IMAGE_HASH = getImageTagHash("${BUILDS[4]}") - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Appointment Online Complete." - } - } - } - } - stage('Newman Tests') { - dir('api/postman') { - sh ( - returnStdout: true, - script: "npm init -y" - ) - - sh ( - returnStdout: true, - script: "npm install newman" - ) - - USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_qtxn/{print $2}\'', - returnStdout: true - ).trim() - - USERID_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^userid_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_NONQTXN = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^password_nonqtxn/{print $2}\'', - returnStdout: true - ).trim() - - CLIENT_SECRET = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^client_secret/{print $2}\'', - returnStdout: true - ).trim() - - REALM = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^realm/{print $2}\'', - returnStdout: true - ).trim() - - API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^url/{print $2}\'', - returnStdout: true - ).trim() - - AUTH_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/auth_url/{print $2}\'', - returnStdout: true - ).trim() - - CLIENTID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^clientid/{print $2}\'', - returnStdout: true - ).trim() - - PUBLIC_USERID = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_id/{print $2}\'', - returnStdout: true - ).trim() - - PASSWORD_PUBLIC_USER = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_user_password/{print $2}\'', - returnStdout: true - ).trim() - - PUBLIC_API_URL = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^public_url/{print $2}\'', - returnStdout: true - ).trim() - - NODE_OPTIONS='--max_old_space_size=2048' - sleep(time:10,unit:"SECONDS") - sh ( - returnStdout: true, - script: "./node_modules/newman/bin/newman.js run API_Test_TheQ_Booking.json --delay-request 250 -e postman_env.json --global-var 'userid=${USERID}' --global-var 'password=${PASSWORD}' --global-var 'userid_nonqtxn=${USERID_NONQTXN}' --global-var 'password_nonqtxn=${PASSWORD_NONQTXN}' --global-var 'client_secret=${CLIENT_SECRET}' --global-var 'url=${API_URL}' --global-var 'auth_url=${AUTH_URL}' --global-var 'clientid=${CLIENTID}' --global-var 'realm=${REALM}' --global-var public_url=${PUBLIC_API_URL} --global-var public_user_id=${PUBLIC_USERID} --global-var public_user_password=${PASSWORD_PUBLIC_USER}" - ) - } - } - } -} -podTemplate( - label: owaspPodLabel, - name: owaspPodLabel, - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ containerTemplate( - name: 'jenkins-agent-zap', - image: 'image-registry.openshift-image-registry.svc:5000/5c0dde-tools/jenkins-agent-zap:latest', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/home/jenkins', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - )] -) { - node(owaspPodLabel) { - stage('ZAP Security Scan') { - def retVal = sh ( - returnStatus: true, - script: "/zap/zap-baseline.py -r index1.html -t https://dev-theq.apps.silver.devops.gov.bc.ca/" - ) - } - stage('ZAP Security Scan') { - def retVal = sh ( - returnStatus: true, - script: "/zap/zap-baseline.py -r index2.html -t https://dev-appointments.apps.silver.devops.gov.bc.ca//", - ) - sh 'echo "Staff Front Report
Appointment Front End Report" > /zap/wrk/index.html' - publishHTML([ - allowMissing: false, - alwaysLinkToLastBuild: true, - keepAll: true, - reportDir: '/zap/wrk', - reportFiles: 'index.html', - reportName: 'OWASPReport', - ]) - echo "Return value is: ${retVal}" - - script { - if (retVal != 0) { - echo "MARKING BUILD AS UNSTABLE" - currentBuild.result = 'UNSTABLE' - } - } - } - } - } -node { - stage("Deploy to test") { - input "Deploy to test?" - } -} -node { - - parallel Depoy_API_Test: { - stage("Deploy API - test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - }, Deploy_Staff_FE_Test: { - stage("Deploy Frontend - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Appointment_Test: { - stage("Deploy Appointment - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Cron_Email_Test: { - stage("Deploy Appt Reminder - test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[1]}") - } - echo "Appt Reminder Deployment Complete." - } - } - } - } -} -node { - stage("Deploy to prod") { - input "Deploy to Prod?" - } -} -node { - stage("Update Production") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging Production to Stable" - openshift.tag("${BUILDS[0]}:prod", "${BUILDS[0]}:stable") - openshift.tag("${BUILDS[2]}:prod", "${BUILDS[2]}:stable") - openshift.tag("${BUILDS[4]}:prod", "${BUILDS[4]}:stable") - openshift.tag("${BUILDS[5]}:prod", "${BUILDS[5]}:stable") - } - } - } - } -} -node { - parallel Depoy_API_Prod: { - stage("Deploy API - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - }, Deploy_Staff_FE_Prod: { - stage("Deploy Frontend - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Appointment_Prod: { - stage("Deploy Appointment - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Cron_Email_Prod: { - stage("Deploy Appt Reminders - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[2]}") - } - echo "Appt Reminders Deployment Complete." - } - } - } - } -} \ No newline at end of file diff --git a/jenkinszap.groovy b/jenkinszap.groovy deleted file mode 100644 index e5d11f5ed..000000000 --- a/jenkinszap.groovy +++ /dev/null @@ -1,499 +0,0 @@ -// This Jenkins build requires a configmap called jenkin-config with the following in it: -// -// client_secret= -// zap_with_url_staff= -// zap_with_url= -// namespace= -// url=/api/v1/ -// auth_url= -// clientid= -// realm= -// dev_namespace= -// userid_qtxn=postman tester -// password_qtxn= -// userid_nonqtxn=cfms-postman-non-operator userid> -// password_nonqtxn= -// public_user_id=cfms-postman-public-user -// public_user_password= -// public_url= -// sonarqube_key= - - -def WAIT_TIMEOUT = 20 -def TAG_NAMES = ['dev', 'test', 'prod'] -def BUILDS = ['queue-management-api', 'queue-management-npm-build', 'queue-management-frontend', 'appointment-npm-build', 'appointment-frontend','send-appointment-reminder-crond'] -def DEP_ENV_NAMES = ['dev', 'test', 'prod'] -def label = "mypod-${UUID.randomUUID().toString()}" -def API_IMAGE_HASH = "" -def FRONTEND_IMAGE_HASH = "" -def APPOINTMENT_IMAGE_HASH = "" -def REMINDER_IMAGE_HASH = "" -def owaspPodLabel = "jenkins-agent-zap" - -String getNameSpace() { - def NAMESPACE = sh ( - script: 'oc describe configmap jenkin-config | awk -F "=" \'/^namespace/{print $2}\'', - returnStdout: true - ).trim() - return NAMESPACE -} - -// Get an image's hash tag -String getImageTagHash(String imageName, String tag = "") { - - if(!tag?.trim()) { - tag = "latest" - } - - def istag = openshift.raw("get istag ${imageName}:${tag} -o template --template='{{.image.dockerImageReference}}'") - return istag.out.tokenize('@')[1].trim() -} - -podTemplate( - label: label, - name: 'jenkins-agent-nodejs', - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ - containerTemplate( - name: 'jnlp', - image: 'registry.redhat.io/openshift3/jenkins-agent-nodejs-12-rhel7', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/tmp', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - ) - ] -){ - node(label) { - - stage('Checkout Source') { - echo "checking out source" - checkout scm - } - parallel Build_Staff_FE_NPM: { - stage("Build Front End NPM..") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Building Front End NPM" - openshift.selector("bc", "${BUILDS[1]}").startBuild("--wait") - } - echo "Staff Front End NPM Completed ..." - } - } - } - }, Build_Appointment_FE_NPM: { - stage("Build Appointment NPM") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Bulding Appoitment Front End NPM" - openshift.selector("bc", "${BUILDS[3]}").startBuild("--wait") - } - echo "Appointment NPM ..." - } - } - } - }, Build_Api: { - stage("Build API..") { - script: { - openshift.withCluster() { - openshift.withProject() { - openshift.selector("bc", "${BUILDS[0]}").startBuild("--wait") - } - echo "API Build complete ..." - } - } - } - }, Build_Cron_Pod: { - stage("Build Mail Cron Pod..") { - script: { - openshift.withCluster() { - openshift.withProject() { - openshift.selector("bc", "${BUILDS[5]}").startBuild("--wait") - } - echo "Cron Mail Build complete ..." - } - } - } - } - parallel Build_Staff_FE: { - stage("Build Staff Front End ..") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Building Front End Final" - openshift.selector("bc", "${BUILDS[2]}").startBuild("--wait") - } - echo "Staff Front End Completed ..." - } - } - } - }, Build_Appointment_FE: { - stage("Build Appointment Front End") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Bulding Appoitment Front End Final" - openshift.selector("bc", "${BUILDS[4]}").startBuild("--wait") - } - echo "Appointment Online complete ..." - } - } - } - } - parallel Depoy_API_Dev: { - stage("Deploy API to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - API_IMAGE_HASH = getImageTagHash("${BUILDS[0]}") - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - }, Depoy_Cron_Dev: { - stage("Deploy Email Cron to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - REMINDER_IMAGE_HASH = getImageTagHash("${BUILDS[5]}") - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[0]}") - } - } - } - } - }, Deploy_Staff_FE_Dev: { - stage("Deploy Frontend to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - FRONTEND_IMAGE_HASH = getImageTagHash("${BUILDS[2]}") - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Appointment_Dev: { - stage("Deploy Appointment to Dev") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[0]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - APPOINTMENT_IMAGE_HASH = getImageTagHash("${BUILDS[4]}") - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[0]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[0]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Appointment Online Complete." - } - } - } - } - } -} -podTemplate( - label: owaspPodLabel, - name: owaspPodLabel, - serviceAccount: 'jenkins', - cloud: 'openshift', - containers: [ containerTemplate( - name: 'jenkins-agent-zap', - image: 'image-registry.openshift-image-registry.svc:5000/5c0dde-tools/jenkins-agent-zap:latest', - resourceRequestCpu: '500m', - resourceLimitCpu: '1000m', - resourceRequestMemory: '3Gi', - resourceLimitMemory: '4Gi', - workingDir: '/home/jenkins', - command: '', - args: '${computer.jnlpmac} ${computer.name}' - )] -) { - node(owaspPodLabel) { - stage('ZAP Security Scan') { - def retVal = sh ( - returnStatus: true, - script: "/zap/zap-baseline.py -r index1.html -t https://dev-qms.apps.silver.devops.gov.bc.ca/" - ) - } - stage('ZAP Security Scan') { - def retVal = sh ( - returnStatus: true, - script: "/zap/zap-baseline.py -r index2.html -t https://dev-qmsappointments.apps.silver.devops.gov.bc.ca/appointment/", - ) - sh 'echo "Staff Front Report
Appointment Front End Report" > /zap/wrk/index.html' - publishHTML([ - allowMissing: false, - alwaysLinkToLastBuild: true, - keepAll: true, - reportDir: '/zap/wrk', - reportFiles: 'index.html', - reportName: 'OWASPReport', - ]) - echo "Return value is: ${retVal}" - - script { - if (retVal != 0) { - echo "MARKING BUILD AS UNSTABLE" - currentBuild.result = 'UNSTABLE' - } - } - } - } - } -node { - stage("Deploy to test") { - input "Deploy to test?" - } -} -node { - - parallel Depoy_API_Test: { - stage("Deploy API - test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - }, Deploy_Staff_FE_Test: { - stage("Deploy Frontend - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Appointment_Test: { - stage("Deploy Appointment - Test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[1]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[1]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Cron_Email_Test: { - stage("Deploy Appt Reminder - test") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[1]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[1]}") - } - echo "Appt Reminder Deployment Complete." - } - } - } - } -} -node { - stage("Deploy to prod") { - input "Deploy to Prod?" - } -} -node { - stage("Update Production") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging Production to Stable" - openshift.tag("${BUILDS[0]}:prod", "${BUILDS[0]}:stable") - openshift.tag("${BUILDS[2]}:prod", "${BUILDS[2]}:stable") - openshift.tag("${BUILDS[4]}:prod", "${BUILDS[4]}:stable") - openshift.tag("${BUILDS[5]}:prod", "${BUILDS[5]}:stable") - } - } - } - } -} -node { - parallel Depoy_API_Prod: { - stage("Deploy API - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[0]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "API_IMAGE_HASH: ${API_IMAGE_HASH}" - openshift.tag("${BUILDS[0]}@${API_IMAGE_HASH}", "${BUILDS[0]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - def dc = openshift.selector('dc', "${BUILDS[0]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "API Deployment Complete." - } - } - } - }, Deploy_Staff_FE_Prod: { - stage("Deploy Frontend - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[2]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "FRONTEND_IMAGE_HASH: ${FRONTEND_IMAGE_HASH}" - openshift.tag("${BUILDS[2]}@${FRONTEND_IMAGE_HASH}", "${BUILDS[2]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[2]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Appointment_Prod: { - stage("Deploy Appointment - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[4]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "APPOINTMENT_IMAGE_HASH: ${APPOINTMENT_IMAGE_HASH}" - openshift.tag("${BUILDS[4]}@${APPOINTMENT_IMAGE_HASH}", "${BUILDS[4]}:${TAG_NAMES[2]}") - } - - def NAME_SPACE = getNameSpace() - openshift.withProject("${NAME_SPACE}-${DEP_ENV_NAMES[2]}") { - dc = openshift.selector('dc', "${BUILDS[4]}") - // Wait for the deployment to complete. - // This will wait until the desired replicas are all available - dc.rollout().status() - } - echo "Front End Deployment Complete." - } - } - } - }, Deploy_Cron_Email_Prod: { - stage("Deploy Appt Reminders - Prod") { - script: { - openshift.withCluster() { - openshift.withProject() { - echo "Tagging ${BUILDS[5]} for deployment to ${TAG_NAMES[2]} ..." - - // Don't tag with BUILD_ID so the pruner can do it's job; it won't delete tagged images. - // Tag the images for deployment based on the image's hash - echo "REMINDER_IMAGE_HASH: ${REMINDER_IMAGE_HASH}" - openshift.tag("${BUILDS[5]}@${REMINDER_IMAGE_HASH}", "${BUILDS[5]}:${TAG_NAMES[2]}") - } - echo "Appt Reminders Deployment Complete." - } - } - } - } -} \ No newline at end of file