bcgov-nr · andrwils · Jan 30, 2025 · Jan 31, 2025 · Feb 1, 2025 · Feb 1, 2025
diff --git a/pipelines/jasper/Jenkinsfile b/pipelines/jasper/Jenkinsfile
@@ -0,0 +1,267 @@
+@Library('polaris')
+import ca.bc.gov.nrids.polaris.Podman
+import ca.bc.gov.nrids.polaris.BrokerIntention
+import ca.bc.gov.nrids.polaris.Vault
+
+def podman
+
+pipeline {
+    agent none
+    stages {
+        stage('Checkout app') {
+            agent {
+                label Podman.AGENT_LABEL_APP
+            }
+            environment {
+                GIT_REPO = "${params.gitRepo}"
+                GIT_BRANCH = "${params.gitTag != null && params.gitTag != "" ? params.gitTag : params.gitBranch}"
+                GITHUB_PRIVATE_REPO = "${params.githubToken != null && params.githubToken != "" ? 'true' : ''}"
+            }
+            steps {
+                script {
+                    sh 'rm -rf app'
+                    if (env.GITHUB_PRIVATE_REPO) {
+                        env.GITHUB_USER = "${params.githubUser}"
+                        env.GITHUB_TOKEN = "${params.githubToken}"
+                        wrap([$class: 'MaskPasswordsBuildWrapper', varPasswordPairs: [[var: env.GITHUB_TOKEN, password: GITHUB_TOKEN]]]) {
+                            sh 'git clone --branch ${GIT_BRANCH} https://${GITHUB_USER}:${GITHUB_TOKEN}@${GIT_REPO} app'
+                        }
+                    } else {
+                        sh 'git clone --branch ${GIT_BRANCH} https://${GIT_REPO} app'
+                    }
+                }
+            }
+        }
+        stage('Deploy to development') {
+            agent {
+                label Podman.AGENT_LABEL_APP
+            }
+            environment {
+                PROJECT = "${params.project}"
+                COMPONENT = "${params.component}"
+                GIT_REPO = "${params.gitRepo}"
+                GIT_BRANCH = "${params.gitBranch}"
+                EVENT_PROVIDER = "${params.eventProvider}"
+                VAULT_ADDR = "https://knox.io.nrs.gov.bc.ca"
+                BROKER_URL = "https://broker.io.nrs.gov.bc.ca"
+                HTTP_PROXY = "http://test-forwardproxy.nrs.bcgov:23128"
+                AUTHFILE = "auth.json"
+                CAUSE_USER_ID = "${params.userId != null && params.userId != "" ? params.userId : "github@internal"}"
+                CONFIG_ROLE_ID = credentials('knox-jasper-jasper-reports-prod-role-id')
+                APP_ROLE_ID = credentials('knox-fnirs-fnirs-jasper-reports-dev-role-id')
+                JASPER_REPORTS_INSTANCE = "${params.jasperReportsInstance}"
+            }
+            steps {
+                script {
+                    try {
+                        echo 'Do development deployment'
+                        intention = new BrokerIntention(readJSON(file: "app/.jenkins/jasper-reports-intention.json"))
+                        intention.setEventDetails(
+                            userName: env.CAUSE_USER_ID,
+                            url: env.BUILD_URL,
+                            provider: env.EVENT_PROVIDER,
+                            environment: 'development'
+                        )
+                        BROKER_JWT = "${params.brokerJwt}"
+                        intention.open(BROKER_JWT)
+                        intention.startAction("login")
+                        def vaultToken = intention.provisionToken("login", CONFIG_ROLE_ID)
+                        def vault = new Vault(vaultToken)
+                        vault.readToObject("apps/data/prod/jasper/jasper-reports/artifactory", env)
+                        vault.readToObject("apps/data/prod/jasper/jasper-reports/${params.jasperReportsInstance}-dev", env)
+                        intention.startAction("configure")
+                        // do we still need APP_ROLE_ID?
+                        def vaultAppToken = intention.provisionToken("configure", APP_ROLE_ID)
+                        def vaultApp = new Vault(vaultAppToken)
+                        vaultApp.readToObject("apps/data/dev/${env.PROJECT}/${env.COMPONENT}/development", env, keyTransform: { key -> 'PODMAN_' + key })
+                        // intention.startAction("install")
+                        // intention.openResponse.actions.each { key, value ->
+                        //     env."ACTION_TOKEN_${key.toUpperCase()}" = "${value.token}"
+                        // }
+                        podman = new Podman(this)
+                        podman.login(authfile: "${env.AUTHFILE}", options: "-u ${env.sa_username} -p ${env.sa_password}")
+                        podman.run("willhallonline/ansible:2.12-alpine-3.16",
+                            authfile: "${env.AUTHFILE}",
+                            options: "-w /ansible -v \$(pwd)/app:/ansible/app \
+                                -v \$(pwd)/files/ansible/ansible.cfg:/etc/ansible/ansible.cfg \
+                                -e PODMAN_*",
+                            command: 'ansible-playbook app/playbooks/jasper.yaml --extra-vars "env_vars=dev"')
+                        podman.logout(authfile: "${env.AUTHFILE}")
+                        // intention.endAction("install")
+                        vaultApp.revokeToken()
+                        vault.revokeToken()
+                        intention.endAction("configure")
+                        intention.endAction("login")
+                        println intention.close(true)
+                        intention = null
+                    } catch (IllegalStateException ex) {
+                        echo "IllegalStateException occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    } catch (IllegalArgumentException ex) {
+                        echo "IllegalArgumentException occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    } catch (Exception ex) {
+                        echo "Other exception occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    }
+                }
+            }
+        }
+        stage('Approve test deployment') {
+            steps {
+	            script {
+                    echo "Deployment to test pending approval"
+                    def approver = input(message: 'Is this build approved for test?',
+                        ok: 'Yes, this build is approved.',
+                        submitterParameter: 'approver'
+                        )
+                    env.TEST_DEPLOYMENT_APPROVER = "${approver}@azureidir".toLowerCase()
+                    echo "Deployment approved for test by ${env.TEST_DEPLOYMENT_APPROVER}"
+                }
+            }
+        }
+        stage('Deploy to test') {
+            agent {
+                label Podman.AGENT_LABEL_APP
+            }
+            environment {
+                PROJECT = "${params.project}"
+                COMPONENT = "${params.component}"
+                GIT_REPO = "${params.gitRepo}"
+                GIT_BRANCH = "${params.gitBranch}"
+                EVENT_PROVIDER = "${params.eventProvider}"
+                VAULT_ADDR = "https://knox.io.nrs.gov.bc.ca"
+                BROKER_URL = "https://broker.io.nrs.gov.bc.ca"
+                HTTP_PROXY = "http://test-forwardproxy.nrs.bcgov:23128"
+                AUTHFILE = "auth.json"
+                CAUSE_USER_ID = "${params.userId != null && params.userId != "" ? params.userId : "github@internal"}"
+                CONFIG_ROLE_ID = credentials('knox-jasper-jasper-reports-prod-role-id')
+                JASPER_REPORTS_INSTANCE = "${params.jasperReportsInstance}"
+            }
+            steps {
+                script {
+                    try {
+                        echo 'Do test deployment'
+                    } catch (IllegalStateException ex) {
+                        echo "IllegalStateException occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    } catch (IllegalArgumentException ex) {
+                        echo "IllegalArgumentException occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    } catch (Exception ex) {
+                        echo "Other exception occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    }
+                }
+            }
+        }
+        stage('Pre-deployment checks for production') {
+            agent {
+                label Podman.AGENT_LABEL_APP
+            }
+            steps {
+                script {
+                    // TODO: Exit pipeline for SNAPSHOT builds, which should NOT proceed beyond the test environment
+                    echo 'Do pre-deployment checks for production'
+                }
+            }
+        }
+        stage('Approve production deployment') {
+            steps {
+	            script {
+                    echo "Deployment to production pending approval"
+                    def approver = input(message: 'Is this build approved for production?',
+                        ok: 'Yes, this build is approved.',
+                        submitterParameter: 'approver'
+                        )
+                    env.PRODUCTION_DEPLOYMENT_APPROVER = "${approver}@azureidir".toLowerCase()
+                    echo "Deployment approved for production by ${env.PRODUCTION_DEPLOYMENT_APPROVER}"
+                }
+            }
+        }
+        stage('Deploy to production') {
+            agent {
+                label Podman.AGENT_LABEL_APP
+            }
+            environment {
+                PROJECT = "${params.project}"
+                COMPONENT = "${params.component}"
+                GIT_REPO = "${params.gitRepo}"
+                GIT_BRANCH = "${params.gitBranch}"
+                EVENT_PROVIDER = "${params.eventProvider}"
+                VAULT_ADDR = "https://knox.io.nrs.gov.bc.ca"
+                BROKER_URL = "https://broker.io.nrs.gov.bc.ca"
+                HTTP_PROXY = "http://test-forwardproxy.nrs.bcgov:23128"
+                AUTHFILE = "auth.json"
+                CAUSE_USER_ID = "${params.userId != null && params.userId != "" ? params.userId : "github@internal"}"
+                CONFIG_ROLE_ID = credentials('knox-jasper-jasper-reports-prod-role-id')
+                JASPER_REPORTS_INSTANCE = "${params.jasperReportsInstance}"
+            }
+            steps {
+                script {
+                    try {
+                        echo 'Do production deployment'
+                    } catch (IllegalStateException ex) {
+                        echo "IllegalStateException occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    } catch (IllegalArgumentException ex) {
+                        echo "IllegalArgumentException occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    } catch (Exception ex) {
+                        echo "Other exception occurred: $ex"
+                        currentBuild.result = 'ABORTED'
+                        error('Quitting')
+                    }
+                }
+            }
+        }
+    }
+    post {
+        unstable {
+            node(Podman.AGENT_LABEL_APP) {
+                script {
+                    if (intention) {
+                        println intention.close(false)
+                    }
+                }
+            }
+        }
+        failure {
+            node(Podman.AGENT_LABEL_APP) {
+                script {
+                    if (intention) {
+                        println intention.close(false)
+                    }
+                }
+            }
+        }
+        aborted {
+            node(Podman.AGENT_LABEL_APP) {
+                script {
+                    if (intention) {
+                        println  intention.close(true)
+                    }
+                }
+            }
+        }
+        always {
+            node(Podman.AGENT_LABEL_APP) {
+                cleanWs(
+                    cleanWhenAborted: true,
+                    cleanWhenFailure: false,
+                    cleanWhenSuccess: true,
+                    cleanWhenUnstable: false,
+                    deleteDirs: true
+                )
+            }
+        }
+    }
+}