(refactor) Refactor Ansible for standard-container
This patchset moves role tasks into 1 main.yaml file that will use a conditional variable to determine which task to play during the playbook call. Reduces the number of files and readability. Change-Id: Ia83d5fd1c91283ae189aa4c34a2603ef11e42ca0
This commit is contained in:
FLETCHER
Stacey Fletcher
parent
606cde5a95
commit
1169477e65
@ -16,6 +16,7 @@ spec:
|
||||
workspace: k8s_cluster_data
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
|
||||
- name: microflow-setup-image-config
|
||||
taskRef:
|
||||
name: setup-image-config
|
||||
@ -24,6 +25,7 @@ spec:
|
||||
workspace: k8s_cluster_data
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
|
||||
- name: microflow-setup-chart-config
|
||||
taskRef:
|
||||
name: setup-chart-config
|
||||
@ -32,6 +34,7 @@ spec:
|
||||
workspace: k8s_cluster_data
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
|
||||
- name: microflow-setup-cleanup-config
|
||||
taskRef:
|
||||
name: setup-cleanup-config
|
||||
@ -40,6 +43,7 @@ spec:
|
||||
workspace: k8s_cluster_data
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
|
||||
- name: microflow-k8s
|
||||
runAfter:
|
||||
- microflow-setup-cluster-config
|
||||
@ -50,6 +54,7 @@ spec:
|
||||
workspace: k8s_cluster_data
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
|
||||
- name: microflow-images
|
||||
runAfter:
|
||||
- microflow-setup-image-config
|
||||
@ -59,7 +64,8 @@ spec:
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
taskRef:
|
||||
name: build-images
|
||||
name: image-tasks
|
||||
|
||||
- name: microflow-charts
|
||||
runAfter:
|
||||
- microflow-setup-chart-config
|
||||
@ -69,8 +75,14 @@ spec:
|
||||
- name: development_pipeline_data
|
||||
workspace: development_pipeline_data
|
||||
taskRef:
|
||||
name: build-charts
|
||||
name: chart-tasks
|
||||
|
||||
- name: microflow-deployment-manifests
|
||||
runAfter:
|
||||
- microflow-setup-image-config
|
||||
- microflow-setup-chart-config
|
||||
- microflow-setup-cluster-config
|
||||
- microflow-setup-cleanup-config
|
||||
workspaces:
|
||||
- name: k8s_cluster_data
|
||||
workspace: k8s_cluster_data
|
||||
@ -78,6 +90,7 @@ spec:
|
||||
workspace: development_pipeline_data
|
||||
taskRef:
|
||||
name: deployment-manifests
|
||||
|
||||
- name: microflow-functional
|
||||
runAfter:
|
||||
- microflow-deployment-manifests
|
||||
@ -91,6 +104,7 @@ spec:
|
||||
workspace: development_pipeline_data
|
||||
taskRef:
|
||||
name: functional
|
||||
|
||||
- name: microflow-promote-artifacts
|
||||
runAfter:
|
||||
- microflow-functional
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: Task
|
||||
metadata:
|
||||
name: build-charts
|
||||
name: chart-tasks
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
description: >-
|
||||
@ -14,32 +14,38 @@ spec:
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.clonePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.git.gitPlaybook }} -i hosts -e '{"stage":"clone"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: set-chart-output
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
cat "$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: lint-chart
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.lintdryrunPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.chartPlaybook }} -i hosts -e '{"stage":"lint"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: set-chart-output-after-lint-dryrun
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
cat "$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: package-chart
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.packagePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.chartPlaybook }} -i hosts -e '{"stage":"package"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: set-chart-output-after-packaging
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
cat "$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: publish-chart
|
||||
volumeMounts:
|
||||
- mountPath: /usr/local/share/ca-certificates/harbor-ca.crt
|
||||
@ -51,7 +57,8 @@ spec:
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
update-ca-certificates
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.publishPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.chart.chartPlaybook }} -i hosts -e '{"stage":"publish"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: set-chart-output-after-publish
|
||||
image: {{ $.Values.tasks.chart.buildChartImage }}
|
||||
script: |
|
||||
|
||||
@ -23,12 +23,13 @@ spec:
|
||||
script: |
|
||||
#!/bin/sh
|
||||
update-ca-certificates
|
||||
ansible-playbook -vvv "{{ $.Values.tasks.functional.functionalDeployPlaybook }}" -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/cluster.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.functional.functionalPlaybook }} -i hosts -e '{"stage":"deploy"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/cluster.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
|
||||
- name: run-helm-tests
|
||||
image: {{ $.Values.tasks.functional.functionalTestImage }}
|
||||
script: |
|
||||
#!/bin/sh
|
||||
ansible-playbook -vvv "{{ $.Values.tasks.functional.functionalTestPlaybook }}" -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.functional.functionalPlaybook }} -i hosts -e '{"stage":"test"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/cluster.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
volumes:
|
||||
- name: helm-publish-creds
|
||||
secret:
|
||||
|
||||
@ -1,7 +1,7 @@
|
||||
apiVersion: tekton.dev/v1beta1
|
||||
kind: Task
|
||||
metadata:
|
||||
name: build-images
|
||||
name: image-tasks
|
||||
namespace: {{ $.Release.Namespace }}
|
||||
spec:
|
||||
description: >-
|
||||
@ -17,15 +17,14 @@ spec:
|
||||
name: dind-certs
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.clonePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
#docker images
|
||||
# TODO copy JSON file to shared workspace to make it available for other tasks
|
||||
# TODO copy logs and scan results to shared location
|
||||
ansible-playbook -vvv {{ $.Values.tasks.git.gitPlaybook }} -i hosts -e '{"stage":"clone"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: set-image-output
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
cat "$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: docker-build
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
volumeMounts:
|
||||
@ -43,15 +42,14 @@ spec:
|
||||
value: /certs/client
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.buildPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
docker images
|
||||
# TODO copy JSON file to shared workspace to make it available for other tasks
|
||||
# TODO copy logs and scan results to shared location
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.imagePlaybook }} -i hosts -e '{"stage":"build"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: set-image-build-output-after-build
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
cat "$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: publish-and-scan-image
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
volumeMounts:
|
||||
@ -72,12 +70,14 @@ spec:
|
||||
value: /certs/client
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.pushPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.imagePlaybook }} -i hosts -e '{"stage":"push"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: set-image-output-after-publish-scan
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
cat "$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: get-scan-results
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
volumeMounts:
|
||||
@ -85,7 +85,8 @@ spec:
|
||||
name: dind-certs
|
||||
script: |
|
||||
#!/usr/bin/env sh
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.getScanResultsPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.image.imagePlaybook }} -i hosts -e '{"stage":"scan_results"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
|
||||
- name: set-image-output-set-scan-results
|
||||
image: {{ $.Values.tasks.image.buildImage }}
|
||||
script: |
|
||||
@ -99,6 +100,7 @@ spec:
|
||||
- --userland-proxy=false
|
||||
- --debug
|
||||
- --insecure-registry={{ $.Values.tasks.image.insecureRegistry }}
|
||||
##TODO: Get rid of privileged true
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
|
||||
@ -37,8 +37,8 @@ spec:
|
||||
#!/usr/bin/env sh
|
||||
set -ex
|
||||
update-ca-certificates
|
||||
ansible-playbook -vvv {{ $.Values.tasks.promote.promoteImagePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.promote.promoteChartPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.promote.promotePlaybook }} -i hosts -e '{"stage":"promote_image"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json"
|
||||
ansible-playbook -vvv {{ $.Values.tasks.promote.promotePlaybook }} -i hosts -e '{"stage":"promote_chart"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json"
|
||||
sidecars:
|
||||
- image: {{ $.Values.tasks.image.sidecarServer }}
|
||||
name: server
|
||||
@ -47,6 +47,7 @@ spec:
|
||||
- --userland-proxy=false
|
||||
- --debug
|
||||
- --insecure-registry={{ $.Values.tasks.image.insecureRegistry }}
|
||||
##TODO: Get rid of privileged true
|
||||
securityContext:
|
||||
privileged: true
|
||||
env:
|
||||
|
||||
@ -19,33 +19,27 @@ tasks:
|
||||
validateClusterPlaybook: /playbooks/validate-cluster.yaml
|
||||
setup:
|
||||
setupConfigImage: *base_image
|
||||
git:
|
||||
gitPlaybook: /playbooks/git-microflow.yaml
|
||||
image:
|
||||
buildImage: *base_image
|
||||
sidecarServer: docker:19-dind
|
||||
insecureRegistry: harbor-core.jarvis.local
|
||||
clonePlaybook: /playbooks/clone.yaml
|
||||
buildPlaybook: /playbooks/build-image.yaml
|
||||
pushPlaybook: /playbooks/tag-push-image.yaml
|
||||
getScanResultsPlaybook: /playbooks/get-scan-results.yaml
|
||||
imagePlaybook: /playbooks/images-microflow.yaml
|
||||
name: standard-container.yaml
|
||||
chart:
|
||||
buildChartImage: *base_image
|
||||
clonePlaybook: /playbooks/clone.yaml
|
||||
packagePlaybook: /playbooks/package-chart.yaml
|
||||
lintdryrunPlaybook: /playbooks/lint-dryrun-chart.yaml
|
||||
publishPlaybook: /playbooks/publish-chart.yaml
|
||||
chartPlaybook: /playbooks/charts-microflow.yaml
|
||||
deploymentManifests:
|
||||
deploymentManifestsImage: *base_image
|
||||
deploymentManifestsPlaybook: /playbooks/deployment-manifests.yaml
|
||||
promote:
|
||||
promoteImage: *base_image
|
||||
promoteImagePlaybook: /playbooks/promote-image.yaml
|
||||
promoteChartPlaybook: /playbooks/promote-chart.yaml
|
||||
promotePlaybook: /playbooks/promote-microflow.yaml
|
||||
functional:
|
||||
functionalDeployImage: *base_image
|
||||
functionalTestImage: *base_image
|
||||
functionalDeployPlaybook: /playbooks/functional-deploy.yaml
|
||||
functionalTestPlaybook: /playbooks/functional-test.yaml
|
||||
functionalPlaybook: /playbooks/functional-microflow.yaml
|
||||
cleanup:
|
||||
cleanupImage: *base_image
|
||||
cleanupPlaybook: /playbooks/cleanup.yaml
|
||||
|
||||
@ -1,8 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
vars:
|
||||
image_status: "Success"
|
||||
tasks:
|
||||
- name: Build image
|
||||
include_tasks: ./roles/images/tasks/build-image.yaml
|
||||
when: "{{ build_from_source }}"
|
||||
@ -0,0 +1,4 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- { role: charts, vars: { stage: "default" } }
|
||||
@ -1,8 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
vars:
|
||||
image_status: "Success"
|
||||
tasks:
|
||||
- name: Run git clone task
|
||||
include_tasks: ./roles/common/tasks/git-clone.yaml
|
||||
when: "{{ build_from_source }}"
|
||||
@ -1,5 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Deploy CNF
|
||||
include_tasks: ./roles/functional/tasks/functional-deploy.yaml
|
||||
@ -0,0 +1,4 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- { role: functional, vars: { stage: "default" } }
|
||||
@ -1,5 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Test deployed CNF
|
||||
include_tasks: ./roles/functional/tasks/functional-test.yaml
|
||||
@ -2,4 +2,4 @@
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Get kubeconfig for Kubernetes cluster to deploy CNF
|
||||
include_tasks: ./roles/kubernetes/tasks/get-kubeconfig.yaml
|
||||
include_tasks: ./roles/kubernetes/tasks/get-kubeconfig.yaml
|
||||
|
||||
@ -1,7 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
vars:
|
||||
image_status: "Success"
|
||||
tasks:
|
||||
- name: Get Scan Results
|
||||
include_tasks: ./roles/images/tasks/get-scan-results.yaml
|
||||
@ -0,0 +1,4 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- { role: git, vars: { stage: "default" } }
|
||||
@ -1,6 +0,0 @@
|
||||
proxy:
|
||||
http: ""
|
||||
https: ""
|
||||
noproxy: ""
|
||||
enabled: false
|
||||
docker_registry: "harbor-core.jarvis.local"
|
||||
@ -0,0 +1,4 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- { role: images, vars: { stage: "default" } }
|
||||
@ -1,5 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Chart lint and dry-run
|
||||
include_tasks: ./roles/charts/tasks/lint-dryrun-chart.yaml
|
||||
@ -1,6 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Package Helm Chart
|
||||
include_tasks: ./roles/charts/tasks/package-chart.yaml
|
||||
when: "{{ build_from_source }}"
|
||||
@ -1,5 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Promote charts after testing is successful
|
||||
include_tasks: ./roles/promote/tasks/promote-chart.yaml
|
||||
@ -1,5 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Promote images after testing is successful
|
||||
include_tasks: ./roles/promote/tasks/promote-image.yaml
|
||||
@ -0,0 +1,4 @@
|
||||
---
|
||||
- hosts: localhost
|
||||
roles:
|
||||
- { role: promote, vars: { stage: "default" } }
|
||||
@ -1,5 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Publish Helm Chart
|
||||
include_tasks: ./roles/charts/tasks/publish-chart.yaml
|
||||
@ -1,6 +0,0 @@
|
||||
#Helm Chart is upstream already packaged and versioned
|
||||
- name: Existing helm_chart
|
||||
block:
|
||||
- name: Download helm_chart
|
||||
get_url:
|
||||
name: "{{ remote_url }}"
|
||||
@ -1,9 +0,0 @@
|
||||
- name: Helm lint "{{ chart_name }}"
|
||||
command: "helm lint {{ chart_name }}"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
|
||||
- name: Helm Dry-run "{{ chart_name }}"
|
||||
command: "helm install --dry-run {{ chart_name }} {{ chart_name }}"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
@ -0,0 +1,43 @@
|
||||
- name: Helm Lint and Dry-Run
|
||||
when: ( stage == "lint")
|
||||
block:
|
||||
- name: Helm lint "{{ chart_name }}"
|
||||
command: "helm lint {{ chart_name }}"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
|
||||
- name: Helm Dry-run "{{ chart_name }}"
|
||||
command: "helm install --dry-run {{ chart_name }} {{ chart_name }}"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
become: true
|
||||
|
||||
- name: Helm Package
|
||||
when: ( stage == "package")
|
||||
block:
|
||||
- name: Package Helm Chart
|
||||
shell: helm package "{{ chart_name }}"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
|
||||
- name: Helm Publish
|
||||
when: ( stage == "publish")
|
||||
block:
|
||||
- name: Install Plugin
|
||||
shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true
|
||||
|
||||
- name: Get harbor username
|
||||
shell: cat {{ harbor_secret_mounted_path }}/username
|
||||
register: harbor_username
|
||||
|
||||
- name: Get harbor password
|
||||
shell: cat {{ harbor_secret_mounted_path }}/password
|
||||
register: harbor_password
|
||||
|
||||
- name: Add Harbor Helm repository and Test repository
|
||||
shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ chart_name }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }}
|
||||
|
||||
- name: Push chart "{{ chart_name }}" to Harbor staging registry
|
||||
command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}-staging"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
@ -1,4 +0,0 @@
|
||||
- name: Package Helm Chart
|
||||
shell: helm package "{{ chart_name }}"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
@ -1,15 +0,0 @@
|
||||
# TODO: Bring in secrets securely via K8s
|
||||
- name: Install Plugin
|
||||
shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true
|
||||
- name: Get harbor username
|
||||
shell: cat {{ harbor_secret_mounted_path }}/username
|
||||
register: harbor_username
|
||||
- name: Get harbor password
|
||||
shell: cat {{ harbor_secret_mounted_path }}/password
|
||||
register: harbor_password
|
||||
- name: Add Harbor Helm repository and Test repository
|
||||
shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ chart_name }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }}
|
||||
- name: Push chart "{{ chart_name }}" to Harbor staging registry
|
||||
command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}-staging"
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
@ -1,6 +0,0 @@
|
||||
#Build docker image using Makefile given git repository location to clone code from
|
||||
- git:
|
||||
repo: "{{ build.git_repo }}"
|
||||
dest: "{{ build.checkout_loc }}"
|
||||
version: "{{ build.refspec }}"
|
||||
refspec: "refs/changes/*:refs/changes/*"
|
||||
@ -1,13 +0,0 @@
|
||||
#Deploy CNF
|
||||
- name: Get harbor username
|
||||
shell: cat {{ harbor_secret_mounted_path }}/username
|
||||
register: harbor_username
|
||||
- name: Get harbor password
|
||||
shell: cat {{ harbor_secret_mounted_path }}/password
|
||||
register: harbor_password
|
||||
#TODO dex-aio doesn't install, look into another test chart
|
||||
- name: Add Harbor Helm repository and Test repository
|
||||
shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ project }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }}
|
||||
- name: Deploy chart "{{ chart_name }}"
|
||||
#shell: echo "Deploy after mongodb"
|
||||
shell: helm upgrade --install --kubeconfig="{{ cluster_kubeconfig_path }}/kubeconfig" "{{ release_name }}" "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}" --namespace="{{ namespace }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" --create-namespace
|
||||
@ -0,0 +1,27 @@
|
||||
- name: Functional Deploy
|
||||
when: ("{{ stage }}" == "deploy")
|
||||
block:
|
||||
#Deploy CNF
|
||||
- name: Get harbor username
|
||||
shell: cat {{ harbor_secret_mounted_path }}/username
|
||||
register: harbor_username
|
||||
|
||||
- name: Get harbor password
|
||||
shell: cat {{ harbor_secret_mounted_path }}/password
|
||||
register: harbor_password
|
||||
|
||||
#TODO dex-aio doesn't install, look into another test chart
|
||||
- name: Add Harbor Helm repository and Test repository
|
||||
shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ project }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }}
|
||||
|
||||
- name: Deploy chart "{{ chart_name }}"
|
||||
#shell: echo "Deploy after mongodb"
|
||||
shell: helm upgrade --install --kubeconfig="{{ cluster_kubeconfig_path }}/kubeconfig" "{{ release_name }}" "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}" --namespace="{{ namespace }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" --create-namespace
|
||||
become: true
|
||||
|
||||
- name: Functional Test
|
||||
when: ( stage == "test")
|
||||
block:
|
||||
#Test Deployed CNF
|
||||
- name: Chart currently has no Helm Tests, echo for now
|
||||
shell: echo "There are no helm tests yet"
|
||||
@ -0,0 +1,9 @@
|
||||
#Build docker image using Makefile given git repository location to clone code from
|
||||
- name: Clone repository
|
||||
when: ( stage == "clone")
|
||||
block:
|
||||
- git:
|
||||
repo: "{{ build.git_repo }}"
|
||||
dest: "{{ build.checkout_loc }}"
|
||||
version: "{{ build.refspec }}"
|
||||
refspec: "refs/changes/*:refs/changes/*"
|
||||
@ -1,5 +0,0 @@
|
||||
#Build docker image using Makefile given git repository location to clone code from
|
||||
- name: Build Docker Image for "{{ image_name }}"
|
||||
shell: docker build -t "{{ image_fullname }}" .
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
@ -1,25 +0,0 @@
|
||||
#Scan results may take some time, putting in some retries and a delay to determine if scan results get finished
|
||||
- name: output the request
|
||||
shell: echo "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false"
|
||||
|
||||
- name: Get Scan Results
|
||||
uri:
|
||||
validate_certs: false
|
||||
url: "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false"
|
||||
method: GET
|
||||
body_format: "json"
|
||||
headers:
|
||||
accept: "application/json"
|
||||
X-Request-Id: "12345"
|
||||
#Change to encoded from configmap
|
||||
authorization: "Basic YWRtaW46SGFyYm9yMTIzNDU="
|
||||
register: result
|
||||
until: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].scan_status == "Success"
|
||||
retries: 5
|
||||
delay: 30
|
||||
|
||||
- name: Check Scan Results Summary for High and Critical CVE
|
||||
#shell: echo '{{ result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"] }}'
|
||||
set_fact:
|
||||
image_status: "Vulnerable"
|
||||
when: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].severity in ("High","Critical")
|
||||
@ -0,0 +1,48 @@
|
||||
|
||||
- name: Image Build
|
||||
when: ("{{ stage }}" == "build")
|
||||
block:
|
||||
#Build docker image using Makefile given git repository location to clone code from
|
||||
- name: Build Docker Image for "{{ image_name }}"
|
||||
shell: docker build -t "{{ image_fullname }}" .
|
||||
args:
|
||||
chdir: "{{ build.checkout_loc }}/{{ path }}"
|
||||
become: true
|
||||
|
||||
- name: Tag and Push Image
|
||||
when: ( stage == "push")
|
||||
block:
|
||||
- name: Tag and push to internal test repository for vulnerability scanning
|
||||
docker_image:
|
||||
push: true
|
||||
name: "{{ image_fullname }}"
|
||||
repository: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}"
|
||||
tag: "{{ tag }}"
|
||||
|
||||
- name: Get Scan Results
|
||||
when: ( stage == "scan_results")
|
||||
block:
|
||||
#Scan results may take some time, putting in some retries and a delay to determine if scan results get finished
|
||||
- name: output the request
|
||||
shell: echo "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false"
|
||||
|
||||
- name: Get Scan Results
|
||||
uri:
|
||||
validate_certs: false
|
||||
url: "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false"
|
||||
method: GET
|
||||
body_format: "json"
|
||||
headers:
|
||||
accept: "application/json"
|
||||
X-Request-Id: "12345"
|
||||
#Change to encoded from configmap
|
||||
authorization: "Basic YWRtaW46SGFyYm9yMTIzNDU="
|
||||
register: result
|
||||
until: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].scan_status == "Success"
|
||||
retries: 5
|
||||
delay: 30
|
||||
|
||||
- name: Check Scan Results Summary for High and Critical CVE
|
||||
set_fact:
|
||||
image_status: "Vulnerable"
|
||||
when: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].severity in ("High","Critical")
|
||||
@ -1,4 +0,0 @@
|
||||
- name: Tag and push to promotion repository
|
||||
docker_image:
|
||||
pull: true
|
||||
name: "{{ docker_registry }}/{{ project }}-staging/{{ project }}/{{ repo }}:{{ tag }}"
|
||||
@ -1,6 +0,0 @@
|
||||
- name: Tag and push to internal test repository for vulnerability scanning
|
||||
docker_image:
|
||||
push: true
|
||||
name: "{{ image_fullname }}"
|
||||
repository: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}"
|
||||
tag: "{{ tag }}"
|
||||
@ -1,15 +0,0 @@
|
||||
build_from_source: true
|
||||
project: "test"
|
||||
repo: "scratch"
|
||||
tag: "1.built"
|
||||
build:
|
||||
git_repo: "https://review.opendev.org/airship/charts"
|
||||
checkout_loc: "/src/checkout/scratch"
|
||||
refspec: "refs/changes/41/770141/7"
|
||||
version: "refs/changes/*:refs/changes/*"
|
||||
makefile:
|
||||
path: "tools/images"
|
||||
target: "build"
|
||||
file: "Makefile"
|
||||
image_name: "scratch"
|
||||
image_base: "scratch"
|
||||
@ -1,16 +0,0 @@
|
||||
build_from_source: true
|
||||
project: "test"
|
||||
repo: "scratch"
|
||||
tag: "1.built"
|
||||
build:
|
||||
git_repo: "https://review.opendev.org/airship/charts"
|
||||
checkout_loc: "/src/checkout/scratch"
|
||||
refspec: "refs/changes/41/770141/7"
|
||||
version: "refs/changes/*:refs/changes/*"
|
||||
makefile:
|
||||
path: "tools/images"
|
||||
target: "build"
|
||||
file: "Makefile"
|
||||
image_name: "scratch"
|
||||
image_base: "scratch"
|
||||
|
||||
@ -1,15 +0,0 @@
|
||||
build_from_source: true
|
||||
repo: "microflow/standard-container"
|
||||
project: "test"
|
||||
tag: "1.built"
|
||||
build:
|
||||
git_repo: "https://review.opendev.org/airship/charts"
|
||||
checkout_loc: "/src/checkout/standard-container"
|
||||
refspec: "refs/changes/41/770141/7"
|
||||
version: "refs/changes/*:refs/changes/*"
|
||||
makefile:
|
||||
path: "tools/images"
|
||||
target: "build"
|
||||
file: "Makefile"
|
||||
image_name: "standard-container"
|
||||
image_base: "ubuntu:20.04"
|
||||
@ -1,7 +0,0 @@
|
||||
build_from_source: false
|
||||
remote_registry: "docker.io"
|
||||
remote_repo: "testing2016/jrunner"
|
||||
remote_tag: "2.0"
|
||||
repo: "microflow/standard-container"
|
||||
project: "test"
|
||||
tag: "1.existing"
|
||||
@ -0,0 +1,41 @@
|
||||
- name: Promote Chart
|
||||
when: ( stage == "promote_chart")
|
||||
block:
|
||||
- name: Install Plugin
|
||||
shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true
|
||||
|
||||
- name: Get harbor username
|
||||
shell: cat {{ harbor_secret_mounted_path }}/username
|
||||
register: harbor_username
|
||||
|
||||
- name: Get harbor password
|
||||
shell: cat {{ harbor_secret_mounted_path }}/password
|
||||
register: harbor_password
|
||||
|
||||
- name: Install Plugin
|
||||
shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push
|
||||
|
||||
- name: Add Harbor Helm repository and Test repository
|
||||
shell: helm repo add "{{ chart_repository }}-staging" "https://{{ chart_registry_url }}/{{ chart_name }}-staging" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" && helm repo add "{{ chart_repository }}" "https://{{ chart_registry_url }}/{{ chart_name }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}"
|
||||
|
||||
- name: Pull down Helm Chart
|
||||
shell: helm pull "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}"
|
||||
|
||||
- name: Push chart "{{ chart_name }}" to Helm registry
|
||||
command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}"
|
||||
become: true
|
||||
|
||||
- name: Promote Image
|
||||
when: ( stage == "promote_image")
|
||||
block:
|
||||
- name: Tag and push to promotion repository
|
||||
docker_image:
|
||||
pull: true
|
||||
name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}:{{ tag }}"
|
||||
|
||||
- name: Tag and push to promotion repository
|
||||
docker_image:
|
||||
push: true
|
||||
name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}"
|
||||
repository: "{{ docker_registry }}/{{ project }}/{{ repo }}"
|
||||
tag: "{{ tag }}"
|
||||
@ -1,16 +0,0 @@
|
||||
- name: Install Plugin
|
||||
shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true
|
||||
- name: Get harbor username
|
||||
shell: cat {{ harbor_secret_mounted_path }}/username
|
||||
register: harbor_username
|
||||
- name: Get harbor password
|
||||
shell: cat {{ harbor_secret_mounted_path }}/password
|
||||
register: harbor_password
|
||||
- name: Install Plugin
|
||||
shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push
|
||||
- name: Add Harbor Helm repository and Test repository
|
||||
shell: helm repo add "{{ chart_repository }}-staging" "https://{{ chart_registry_url }}/{{ chart_name }}-staging" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" && helm repo add "{{ chart_repository }}" "https://{{ chart_registry_url }}/{{ chart_name }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}"
|
||||
- name: Pull down Helm Chart
|
||||
shell: helm pull "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}"
|
||||
- name: Push chart "{{ chart_name }}" to Helm registry
|
||||
command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}"
|
||||
@ -1,10 +0,0 @@
|
||||
- name: Tag and push to promotion repository
|
||||
docker_image:
|
||||
pull: true
|
||||
name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}:{{ tag }}"
|
||||
- name: Tag and push to promotion repository
|
||||
docker_image:
|
||||
push: true
|
||||
name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}"
|
||||
repository: "{{ docker_registry }}/{{ project }}/{{ repo }}"
|
||||
tag: "{{ tag }}"
|
||||
@ -1,7 +0,0 @@
|
||||
- hosts: localhost
|
||||
become: yes
|
||||
vars:
|
||||
image_status: "Success"
|
||||
tasks:
|
||||
- name: Push Image for scanning to Docker Repository
|
||||
include_tasks: ./roles/images/tasks/tag-push-image.yaml
|
||||
Loading…
x
Reference in New Issue
Block a user