diff --git a/charts/development-pipeline/templates/pipeline.yaml b/charts/development-pipeline/templates/pipeline.yaml index 26805e5d..dfb87211 100644 --- a/charts/development-pipeline/templates/pipeline.yaml +++ b/charts/development-pipeline/templates/pipeline.yaml @@ -16,6 +16,7 @@ spec: workspace: k8s_cluster_data - name: development_pipeline_data workspace: development_pipeline_data + - name: microflow-setup-image-config taskRef: name: setup-image-config @@ -24,6 +25,7 @@ spec: workspace: k8s_cluster_data - name: development_pipeline_data workspace: development_pipeline_data + - name: microflow-setup-chart-config taskRef: name: setup-chart-config @@ -32,6 +34,7 @@ spec: workspace: k8s_cluster_data - name: development_pipeline_data workspace: development_pipeline_data + - name: microflow-setup-cleanup-config taskRef: name: setup-cleanup-config @@ -40,6 +43,7 @@ spec: workspace: k8s_cluster_data - name: development_pipeline_data workspace: development_pipeline_data + - name: microflow-k8s runAfter: - microflow-setup-cluster-config @@ -50,6 +54,7 @@ spec: workspace: k8s_cluster_data - name: development_pipeline_data workspace: development_pipeline_data + - name: microflow-images runAfter: - microflow-setup-image-config @@ -59,7 +64,8 @@ spec: - name: development_pipeline_data workspace: development_pipeline_data taskRef: - name: build-images + name: image-tasks + - name: microflow-charts runAfter: - microflow-setup-chart-config @@ -69,8 +75,14 @@ spec: - name: development_pipeline_data workspace: development_pipeline_data taskRef: - name: build-charts + name: chart-tasks + - name: microflow-deployment-manifests + runAfter: + - microflow-setup-image-config + - microflow-setup-chart-config + - microflow-setup-cluster-config + - microflow-setup-cleanup-config workspaces: - name: k8s_cluster_data workspace: k8s_cluster_data @@ -78,6 +90,7 @@ spec: workspace: development_pipeline_data taskRef: name: deployment-manifests + - name: microflow-functional runAfter: - microflow-deployment-manifests @@ -91,6 +104,7 @@ spec: workspace: development_pipeline_data taskRef: name: functional + - name: microflow-promote-artifacts runAfter: - microflow-functional diff --git a/charts/development-pipeline/templates/task-chart.yaml b/charts/development-pipeline/templates/task-chart.yaml index c5ec3707..e5e33a85 100644 --- a/charts/development-pipeline/templates/task-chart.yaml +++ b/charts/development-pipeline/templates/task-chart.yaml @@ -1,7 +1,7 @@ apiVersion: tekton.dev/v1beta1 kind: Task metadata: - name: build-charts + name: chart-tasks namespace: {{ $.Release.Namespace }} spec: description: >- @@ -14,32 +14,38 @@ spec: image: {{ $.Values.tasks.chart.buildChartImage }} script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.chart.clonePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.git.gitPlaybook }} -i hosts -e '{"stage":"clone"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + - name: set-chart-output image: {{ $.Values.tasks.chart.buildChartImage }} script: | #!/usr/bin/env sh cat "$(workspaces.development_pipeline_data.path)/chart.json" + - name: lint-chart image: {{ $.Values.tasks.chart.buildChartImage }} script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.chart.lintdryrunPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.chart.chartPlaybook }} -i hosts -e '{"stage":"lint"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + - name: set-chart-output-after-lint-dryrun image: {{ $.Values.tasks.chart.buildChartImage }} script: | #!/usr/bin/env sh cat "$(workspaces.development_pipeline_data.path)/chart.json" + - name: package-chart image: {{ $.Values.tasks.chart.buildChartImage }} script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.chart.packagePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.chart.chartPlaybook }} -i hosts -e '{"stage":"package"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + - name: set-chart-output-after-packaging image: {{ $.Values.tasks.chart.buildChartImage }} script: | #!/usr/bin/env sh cat "$(workspaces.development_pipeline_data.path)/chart.json" + - name: publish-chart volumeMounts: - mountPath: /usr/local/share/ca-certificates/harbor-ca.crt @@ -51,7 +57,8 @@ spec: script: | #!/usr/bin/env sh update-ca-certificates - ansible-playbook -vvv {{ $.Values.tasks.chart.publishPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.chart.chartPlaybook }} -i hosts -e '{"stage":"publish"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + - name: set-chart-output-after-publish image: {{ $.Values.tasks.chart.buildChartImage }} script: | diff --git a/charts/development-pipeline/templates/task-functional.yaml b/charts/development-pipeline/templates/task-functional.yaml index c3f56f4f..2edb3c3b 100644 --- a/charts/development-pipeline/templates/task-functional.yaml +++ b/charts/development-pipeline/templates/task-functional.yaml @@ -23,12 +23,13 @@ spec: script: | #!/bin/sh update-ca-certificates - ansible-playbook -vvv "{{ $.Values.tasks.functional.functionalDeployPlaybook }}" -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/cluster.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.functional.functionalPlaybook }} -i hosts -e '{"stage":"deploy"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/cluster.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + - name: run-helm-tests image: {{ $.Values.tasks.functional.functionalTestImage }} script: | #!/bin/sh - ansible-playbook -vvv "{{ $.Values.tasks.functional.functionalTestPlaybook }}" -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.functional.functionalPlaybook }} -i hosts -e '{"stage":"test"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/cluster.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" volumes: - name: helm-publish-creds secret: diff --git a/charts/development-pipeline/templates/task-image.yaml b/charts/development-pipeline/templates/task-image.yaml index d08b69ad..c47c0bb1 100644 --- a/charts/development-pipeline/templates/task-image.yaml +++ b/charts/development-pipeline/templates/task-image.yaml @@ -1,7 +1,7 @@ apiVersion: tekton.dev/v1beta1 kind: Task metadata: - name: build-images + name: image-tasks namespace: {{ $.Release.Namespace }} spec: description: >- @@ -17,15 +17,14 @@ spec: name: dind-certs script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.image.clonePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" - #docker images - # TODO copy JSON file to shared workspace to make it available for other tasks - # TODO copy logs and scan results to shared location + ansible-playbook -vvv {{ $.Values.tasks.git.gitPlaybook }} -i hosts -e '{"stage":"clone"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + - name: set-image-output image: {{ $.Values.tasks.image.buildImage }} script: | #!/usr/bin/env sh cat "$(workspaces.development_pipeline_data.path)/image.json" + - name: docker-build image: {{ $.Values.tasks.image.buildImage }} volumeMounts: @@ -43,15 +42,14 @@ spec: value: /certs/client script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.image.buildPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" - docker images - # TODO copy JSON file to shared workspace to make it available for other tasks - # TODO copy logs and scan results to shared location + ansible-playbook -vvv {{ $.Values.tasks.image.imagePlaybook }} -i hosts -e '{"stage":"build"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + - name: set-image-build-output-after-build image: {{ $.Values.tasks.image.buildImage }} script: | #!/usr/bin/env sh cat "$(workspaces.development_pipeline_data.path)/image.json" + - name: publish-and-scan-image image: {{ $.Values.tasks.image.buildImage }} volumeMounts: @@ -72,12 +70,14 @@ spec: value: /certs/client script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.image.pushPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + ansible-playbook -vvv {{ $.Values.tasks.image.imagePlaybook }} -i hosts -e '{"stage":"push"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + - name: set-image-output-after-publish-scan image: {{ $.Values.tasks.image.buildImage }} script: | #!/usr/bin/env sh cat "$(workspaces.development_pipeline_data.path)/image.json" + - name: get-scan-results image: {{ $.Values.tasks.image.buildImage }} volumeMounts: @@ -85,7 +85,8 @@ spec: name: dind-certs script: | #!/usr/bin/env sh - ansible-playbook -vvv {{ $.Values.tasks.image.getScanResultsPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + ansible-playbook -vvv {{ $.Values.tasks.image.imagePlaybook }} -i hosts -e '{"stage":"scan_results"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + - name: set-image-output-set-scan-results image: {{ $.Values.tasks.image.buildImage }} script: | @@ -99,6 +100,7 @@ spec: - --userland-proxy=false - --debug - --insecure-registry={{ $.Values.tasks.image.insecureRegistry }} + ##TODO: Get rid of privileged true securityContext: privileged: true env: diff --git a/charts/development-pipeline/templates/task-promote.yaml b/charts/development-pipeline/templates/task-promote.yaml index 6e82e0c4..03c94001 100644 --- a/charts/development-pipeline/templates/task-promote.yaml +++ b/charts/development-pipeline/templates/task-promote.yaml @@ -37,8 +37,8 @@ spec: #!/usr/bin/env sh set -ex update-ca-certificates - ansible-playbook -vvv {{ $.Values.tasks.promote.promoteImagePlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" - ansible-playbook -vvv {{ $.Values.tasks.promote.promoteChartPlaybook }} -i hosts -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" + ansible-playbook -vvv {{ $.Values.tasks.promote.promotePlaybook }} -i hosts -e '{"stage":"promote_image"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/image.json" + ansible-playbook -vvv {{ $.Values.tasks.promote.promotePlaybook }} -i hosts -e '{"stage":"promote_chart"}' -e @"$(workspaces.development_pipeline_data.path)/default.json" -e @"$(workspaces.development_pipeline_data.path)/chart.json" sidecars: - image: {{ $.Values.tasks.image.sidecarServer }} name: server @@ -47,6 +47,7 @@ spec: - --userland-proxy=false - --debug - --insecure-registry={{ $.Values.tasks.image.insecureRegistry }} + ##TODO: Get rid of privileged true securityContext: privileged: true env: diff --git a/charts/development-pipeline/values.yaml b/charts/development-pipeline/values.yaml index cd5bf8dc..e53895f8 100644 --- a/charts/development-pipeline/values.yaml +++ b/charts/development-pipeline/values.yaml @@ -19,33 +19,27 @@ tasks: validateClusterPlaybook: /playbooks/validate-cluster.yaml setup: setupConfigImage: *base_image + git: + gitPlaybook: /playbooks/git-microflow.yaml image: buildImage: *base_image sidecarServer: docker:19-dind insecureRegistry: harbor-core.jarvis.local - clonePlaybook: /playbooks/clone.yaml - buildPlaybook: /playbooks/build-image.yaml - pushPlaybook: /playbooks/tag-push-image.yaml - getScanResultsPlaybook: /playbooks/get-scan-results.yaml + imagePlaybook: /playbooks/images-microflow.yaml name: standard-container.yaml chart: buildChartImage: *base_image - clonePlaybook: /playbooks/clone.yaml - packagePlaybook: /playbooks/package-chart.yaml - lintdryrunPlaybook: /playbooks/lint-dryrun-chart.yaml - publishPlaybook: /playbooks/publish-chart.yaml + chartPlaybook: /playbooks/charts-microflow.yaml deploymentManifests: deploymentManifestsImage: *base_image deploymentManifestsPlaybook: /playbooks/deployment-manifests.yaml promote: promoteImage: *base_image - promoteImagePlaybook: /playbooks/promote-image.yaml - promoteChartPlaybook: /playbooks/promote-chart.yaml + promotePlaybook: /playbooks/promote-microflow.yaml functional: functionalDeployImage: *base_image functionalTestImage: *base_image - functionalDeployPlaybook: /playbooks/functional-deploy.yaml - functionalTestPlaybook: /playbooks/functional-test.yaml + functionalPlaybook: /playbooks/functional-microflow.yaml cleanup: cleanupImage: *base_image cleanupPlaybook: /playbooks/cleanup.yaml diff --git a/tools/images/standard-container/assets/playbooks/build-image.yaml b/tools/images/standard-container/assets/playbooks/build-image.yaml deleted file mode 100644 index 3015fd4a..00000000 --- a/tools/images/standard-container/assets/playbooks/build-image.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- hosts: localhost - become: yes - vars: - image_status: "Success" - tasks: - - name: Build image - include_tasks: ./roles/images/tasks/build-image.yaml - when: "{{ build_from_source }}" diff --git a/tools/images/standard-container/assets/playbooks/charts-microflow.yaml b/tools/images/standard-container/assets/playbooks/charts-microflow.yaml new file mode 100644 index 00000000..61e6ee97 --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/charts-microflow.yaml @@ -0,0 +1,4 @@ +--- +- hosts: localhost + roles: + - { role: charts, vars: { stage: "default" } } diff --git a/tools/images/standard-container/assets/playbooks/clone.yaml b/tools/images/standard-container/assets/playbooks/clone.yaml deleted file mode 100644 index b87bdba8..00000000 --- a/tools/images/standard-container/assets/playbooks/clone.yaml +++ /dev/null @@ -1,8 +0,0 @@ -- hosts: localhost - become: yes - vars: - image_status: "Success" - tasks: - - name: Run git clone task - include_tasks: ./roles/common/tasks/git-clone.yaml - when: "{{ build_from_source }}" \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/functional-deploy.yaml b/tools/images/standard-container/assets/playbooks/functional-deploy.yaml deleted file mode 100644 index dde5ae23..00000000 --- a/tools/images/standard-container/assets/playbooks/functional-deploy.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Deploy CNF - include_tasks: ./roles/functional/tasks/functional-deploy.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/functional-microflow.yaml b/tools/images/standard-container/assets/playbooks/functional-microflow.yaml new file mode 100644 index 00000000..b13d4fa6 --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/functional-microflow.yaml @@ -0,0 +1,4 @@ +--- +- hosts: localhost + roles: + - { role: functional, vars: { stage: "default" } } \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/functional-test.yaml b/tools/images/standard-container/assets/playbooks/functional-test.yaml deleted file mode 100644 index 0811380c..00000000 --- a/tools/images/standard-container/assets/playbooks/functional-test.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Test deployed CNF - include_tasks: ./roles/functional/tasks/functional-test.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/get-kubeconfig.yaml b/tools/images/standard-container/assets/playbooks/get-kubeconfig.yaml index 901f0fe8..66c6b354 100644 --- a/tools/images/standard-container/assets/playbooks/get-kubeconfig.yaml +++ b/tools/images/standard-container/assets/playbooks/get-kubeconfig.yaml @@ -2,4 +2,4 @@ become: yes tasks: - name: Get kubeconfig for Kubernetes cluster to deploy CNF - include_tasks: ./roles/kubernetes/tasks/get-kubeconfig.yaml \ No newline at end of file + include_tasks: ./roles/kubernetes/tasks/get-kubeconfig.yaml diff --git a/tools/images/standard-container/assets/playbooks/get-scan-results.yaml b/tools/images/standard-container/assets/playbooks/get-scan-results.yaml deleted file mode 100644 index 50787755..00000000 --- a/tools/images/standard-container/assets/playbooks/get-scan-results.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- hosts: localhost - become: yes - vars: - image_status: "Success" - tasks: - - name: Get Scan Results - include_tasks: ./roles/images/tasks/get-scan-results.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/git-microflow.yaml b/tools/images/standard-container/assets/playbooks/git-microflow.yaml new file mode 100644 index 00000000..c47bcb8d --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/git-microflow.yaml @@ -0,0 +1,4 @@ +--- +- hosts: localhost + roles: + - { role: git, vars: { stage: "default" } } \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/group_vars/main.yaml b/tools/images/standard-container/assets/playbooks/group_vars/main.yaml deleted file mode 100644 index bc55b004..00000000 --- a/tools/images/standard-container/assets/playbooks/group_vars/main.yaml +++ /dev/null @@ -1,6 +0,0 @@ -proxy: - http: "" - https: "" - noproxy: "" - enabled: false -docker_registry: "harbor-core.jarvis.local" diff --git a/tools/images/standard-container/assets/playbooks/images-microflow.yaml b/tools/images/standard-container/assets/playbooks/images-microflow.yaml new file mode 100644 index 00000000..fc3ddf4c --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/images-microflow.yaml @@ -0,0 +1,4 @@ +--- +- hosts: localhost + roles: + - { role: images, vars: { stage: "default" } } \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/lint-dryrun-chart.yaml b/tools/images/standard-container/assets/playbooks/lint-dryrun-chart.yaml deleted file mode 100644 index 266a8bd2..00000000 --- a/tools/images/standard-container/assets/playbooks/lint-dryrun-chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Chart lint and dry-run - include_tasks: ./roles/charts/tasks/lint-dryrun-chart.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/package-chart.yaml b/tools/images/standard-container/assets/playbooks/package-chart.yaml deleted file mode 100644 index 53361126..00000000 --- a/tools/images/standard-container/assets/playbooks/package-chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Package Helm Chart - include_tasks: ./roles/charts/tasks/package-chart.yaml - when: "{{ build_from_source }}" \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/promote-chart.yaml b/tools/images/standard-container/assets/playbooks/promote-chart.yaml deleted file mode 100644 index 1d0a8f27..00000000 --- a/tools/images/standard-container/assets/playbooks/promote-chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Promote charts after testing is successful - include_tasks: ./roles/promote/tasks/promote-chart.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/promote-image.yaml b/tools/images/standard-container/assets/playbooks/promote-image.yaml deleted file mode 100644 index 5b1016ab..00000000 --- a/tools/images/standard-container/assets/playbooks/promote-image.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Promote images after testing is successful - include_tasks: ./roles/promote/tasks/promote-image.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/promote-microflow.yaml b/tools/images/standard-container/assets/playbooks/promote-microflow.yaml new file mode 100644 index 00000000..b4bd1659 --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/promote-microflow.yaml @@ -0,0 +1,4 @@ +--- +- hosts: localhost + roles: + - { role: promote, vars: { stage: "default" } } \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/publish-chart.yaml b/tools/images/standard-container/assets/playbooks/publish-chart.yaml deleted file mode 100644 index 91835c5b..00000000 --- a/tools/images/standard-container/assets/playbooks/publish-chart.yaml +++ /dev/null @@ -1,5 +0,0 @@ -- hosts: localhost - become: yes - tasks: - - name: Publish Helm Chart - include_tasks: ./roles/charts/tasks/publish-chart.yaml \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/download-chart.yaml b/tools/images/standard-container/assets/playbooks/roles/charts/tasks/download-chart.yaml deleted file mode 100644 index 8188ea40..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/download-chart.yaml +++ /dev/null @@ -1,6 +0,0 @@ -#Helm Chart is upstream already packaged and versioned -- name: Existing helm_chart - block: - - name: Download helm_chart - get_url: - name: "{{ remote_url }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/lint-dryrun-chart.yaml b/tools/images/standard-container/assets/playbooks/roles/charts/tasks/lint-dryrun-chart.yaml deleted file mode 100644 index 056bf8f9..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/lint-dryrun-chart.yaml +++ /dev/null @@ -1,9 +0,0 @@ -- name: Helm lint "{{ chart_name }}" - command: "helm lint {{ chart_name }}" - args: - chdir: "{{ build.checkout_loc }}/{{ path }}" - -- name: Helm Dry-run "{{ chart_name }}" - command: "helm install --dry-run {{ chart_name }} {{ chart_name }}" - args: - chdir: "{{ build.checkout_loc }}/{{ path }}" \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/main.yaml b/tools/images/standard-container/assets/playbooks/roles/charts/tasks/main.yaml new file mode 100644 index 00000000..7812ac8e --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/roles/charts/tasks/main.yaml @@ -0,0 +1,43 @@ +- name: Helm Lint and Dry-Run + when: ( stage == "lint") + block: + - name: Helm lint "{{ chart_name }}" + command: "helm lint {{ chart_name }}" + args: + chdir: "{{ build.checkout_loc }}/{{ path }}" + + - name: Helm Dry-run "{{ chart_name }}" + command: "helm install --dry-run {{ chart_name }} {{ chart_name }}" + args: + chdir: "{{ build.checkout_loc }}/{{ path }}" + become: true + +- name: Helm Package + when: ( stage == "package") + block: + - name: Package Helm Chart + shell: helm package "{{ chart_name }}" + args: + chdir: "{{ build.checkout_loc }}/{{ path }}" + +- name: Helm Publish + when: ( stage == "publish") + block: + - name: Install Plugin + shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true + + - name: Get harbor username + shell: cat {{ harbor_secret_mounted_path }}/username + register: harbor_username + + - name: Get harbor password + shell: cat {{ harbor_secret_mounted_path }}/password + register: harbor_password + + - name: Add Harbor Helm repository and Test repository + shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ chart_name }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }} + + - name: Push chart "{{ chart_name }}" to Harbor staging registry + command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}-staging" + args: + chdir: "{{ build.checkout_loc }}/{{ path }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/package-chart.yaml b/tools/images/standard-container/assets/playbooks/roles/charts/tasks/package-chart.yaml deleted file mode 100644 index 44d91efa..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/package-chart.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Package Helm Chart - shell: helm package "{{ chart_name }}" - args: - chdir: "{{ build.checkout_loc }}/{{ path }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/publish-chart.yaml b/tools/images/standard-container/assets/playbooks/roles/charts/tasks/publish-chart.yaml deleted file mode 100644 index 7c497140..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/charts/tasks/publish-chart.yaml +++ /dev/null @@ -1,15 +0,0 @@ -# TODO: Bring in secrets securely via K8s -- name: Install Plugin - shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true -- name: Get harbor username - shell: cat {{ harbor_secret_mounted_path }}/username - register: harbor_username -- name: Get harbor password - shell: cat {{ harbor_secret_mounted_path }}/password - register: harbor_password -- name: Add Harbor Helm repository and Test repository - shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ chart_name }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }} -- name: Push chart "{{ chart_name }}" to Harbor staging registry - command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}-staging" - args: - chdir: "{{ build.checkout_loc }}/{{ path }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/common/tasks/git-clone.yaml b/tools/images/standard-container/assets/playbooks/roles/common/tasks/git-clone.yaml deleted file mode 100644 index fd886694..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/common/tasks/git-clone.yaml +++ /dev/null @@ -1,6 +0,0 @@ -#Build docker image using Makefile given git repository location to clone code from -- git: - repo: "{{ build.git_repo }}" - dest: "{{ build.checkout_loc }}" - version: "{{ build.refspec }}" - refspec: "refs/changes/*:refs/changes/*" diff --git a/tools/images/standard-container/assets/playbooks/roles/functional/tasks/functional-deploy.yaml b/tools/images/standard-container/assets/playbooks/roles/functional/tasks/functional-deploy.yaml deleted file mode 100644 index 636c9db0..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/functional/tasks/functional-deploy.yaml +++ /dev/null @@ -1,13 +0,0 @@ -#Deploy CNF -- name: Get harbor username - shell: cat {{ harbor_secret_mounted_path }}/username - register: harbor_username -- name: Get harbor password - shell: cat {{ harbor_secret_mounted_path }}/password - register: harbor_password -#TODO dex-aio doesn't install, look into another test chart -- name: Add Harbor Helm repository and Test repository - shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ project }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }} -- name: Deploy chart "{{ chart_name }}" - #shell: echo "Deploy after mongodb" - shell: helm upgrade --install --kubeconfig="{{ cluster_kubeconfig_path }}/kubeconfig" "{{ release_name }}" "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}" --namespace="{{ namespace }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" --create-namespace \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/roles/functional/tasks/main.yaml b/tools/images/standard-container/assets/playbooks/roles/functional/tasks/main.yaml new file mode 100644 index 00000000..c06c6c2c --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/roles/functional/tasks/main.yaml @@ -0,0 +1,27 @@ +- name: Functional Deploy + when: ("{{ stage }}" == "deploy") + block: + #Deploy CNF + - name: Get harbor username + shell: cat {{ harbor_secret_mounted_path }}/username + register: harbor_username + + - name: Get harbor password + shell: cat {{ harbor_secret_mounted_path }}/password + register: harbor_password + + #TODO dex-aio doesn't install, look into another test chart + - name: Add Harbor Helm repository and Test repository + shell: helm repo add "{{ chart_repository }}-staging" "https://{{ docker_registry }}/chartrepo/{{ project }}-staging" --username={{ harbor_username.stdout }} --password={{ harbor_password.stdout }} + + - name: Deploy chart "{{ chart_name }}" + #shell: echo "Deploy after mongodb" + shell: helm upgrade --install --kubeconfig="{{ cluster_kubeconfig_path }}/kubeconfig" "{{ release_name }}" "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}" --namespace="{{ namespace }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" --create-namespace + become: true + +- name: Functional Test + when: ( stage == "test") + block: + #Test Deployed CNF + - name: Chart currently has no Helm Tests, echo for now + shell: echo "There are no helm tests yet" diff --git a/tools/images/standard-container/assets/playbooks/roles/git/tasks/main.yaml b/tools/images/standard-container/assets/playbooks/roles/git/tasks/main.yaml new file mode 100644 index 00000000..6efddcc7 --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/roles/git/tasks/main.yaml @@ -0,0 +1,9 @@ +#Build docker image using Makefile given git repository location to clone code from +- name: Clone repository + when: ( stage == "clone") + block: + - git: + repo: "{{ build.git_repo }}" + dest: "{{ build.checkout_loc }}" + version: "{{ build.refspec }}" + refspec: "refs/changes/*:refs/changes/*" diff --git a/tools/images/standard-container/assets/playbooks/roles/images/tasks/build-image.yaml b/tools/images/standard-container/assets/playbooks/roles/images/tasks/build-image.yaml deleted file mode 100644 index a01a17cc..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/tasks/build-image.yaml +++ /dev/null @@ -1,5 +0,0 @@ -#Build docker image using Makefile given git repository location to clone code from -- name: Build Docker Image for "{{ image_name }}" - shell: docker build -t "{{ image_fullname }}" . - args: - chdir: "{{ build.checkout_loc }}/{{ path }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/images/tasks/get-scan-results.yaml b/tools/images/standard-container/assets/playbooks/roles/images/tasks/get-scan-results.yaml deleted file mode 100644 index e47b063f..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/tasks/get-scan-results.yaml +++ /dev/null @@ -1,25 +0,0 @@ -#Scan results may take some time, putting in some retries and a delay to determine if scan results get finished -- name: output the request - shell: echo "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false" - -- name: Get Scan Results - uri: - validate_certs: false - url: "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false" - method: GET - body_format: "json" - headers: - accept: "application/json" - X-Request-Id: "12345" - #Change to encoded from configmap - authorization: "Basic YWRtaW46SGFyYm9yMTIzNDU=" - register: result - until: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].scan_status == "Success" - retries: 5 - delay: 30 - -- name: Check Scan Results Summary for High and Critical CVE - #shell: echo '{{ result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"] }}' - set_fact: - image_status: "Vulnerable" - when: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].severity in ("High","Critical") diff --git a/tools/images/standard-container/assets/playbooks/roles/images/tasks/main.yaml b/tools/images/standard-container/assets/playbooks/roles/images/tasks/main.yaml new file mode 100644 index 00000000..c624680e --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/roles/images/tasks/main.yaml @@ -0,0 +1,48 @@ + +- name: Image Build + when: ("{{ stage }}" == "build") + block: + #Build docker image using Makefile given git repository location to clone code from + - name: Build Docker Image for "{{ image_name }}" + shell: docker build -t "{{ image_fullname }}" . + args: + chdir: "{{ build.checkout_loc }}/{{ path }}" + become: true + +- name: Tag and Push Image + when: ( stage == "push") + block: + - name: Tag and push to internal test repository for vulnerability scanning + docker_image: + push: true + name: "{{ image_fullname }}" + repository: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}" + tag: "{{ tag }}" + +- name: Get Scan Results + when: ( stage == "scan_results") + block: + #Scan results may take some time, putting in some retries and a delay to determine if scan results get finished + - name: output the request + shell: echo "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false" + + - name: Get Scan Results + uri: + validate_certs: false + url: "https://{{ docker_registry }}/api/v2.0/projects/{{ project }}-staging/repositories/{{ repo | replace('/','%2F') }}/artifacts/{{ tag }}?page=1&page_size=10&with_tag=true&with_label=false&with_scan_overview=true&with_signature=false&with_immutable_status=false" + method: GET + body_format: "json" + headers: + accept: "application/json" + X-Request-Id: "12345" + #Change to encoded from configmap + authorization: "Basic YWRtaW46SGFyYm9yMTIzNDU=" + register: result + until: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].scan_status == "Success" + retries: 5 + delay: 30 + + - name: Check Scan Results Summary for High and Critical CVE + set_fact: + image_status: "Vulnerable" + when: result.json.scan_overview["application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0"].severity in ("High","Critical") diff --git a/tools/images/standard-container/assets/playbooks/roles/images/tasks/pull-image.yaml b/tools/images/standard-container/assets/playbooks/roles/images/tasks/pull-image.yaml deleted file mode 100644 index e89c566a..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/tasks/pull-image.yaml +++ /dev/null @@ -1,4 +0,0 @@ -- name: Tag and push to promotion repository - docker_image: - pull: true - name: "{{ docker_registry }}/{{ project }}-staging/{{ project }}/{{ repo }}:{{ tag }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/images/tasks/tag-push-image.yaml b/tools/images/standard-container/assets/playbooks/roles/images/tasks/tag-push-image.yaml deleted file mode 100644 index 7b4529fe..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/tasks/tag-push-image.yaml +++ /dev/null @@ -1,6 +0,0 @@ -- name: Tag and push to internal test repository for vulnerability scanning - docker_image: - push: true - name: "{{ image_fullname }}" - repository: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}" - tag: "{{ tag }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/images/vars/main.yaml b/tools/images/standard-container/assets/playbooks/roles/images/vars/main.yaml deleted file mode 100644 index 353157f0..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/vars/main.yaml +++ /dev/null @@ -1,15 +0,0 @@ -build_from_source: true -project: "test" -repo: "scratch" -tag: "1.built" -build: - git_repo: "https://review.opendev.org/airship/charts" - checkout_loc: "/src/checkout/scratch" - refspec: "refs/changes/41/770141/7" - version: "refs/changes/*:refs/changes/*" -makefile: - path: "tools/images" - target: "build" - file: "Makefile" - image_name: "scratch" - image_base: "scratch" \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/roles/images/vars/scratch.yaml b/tools/images/standard-container/assets/playbooks/roles/images/vars/scratch.yaml deleted file mode 100644 index d638afa6..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/vars/scratch.yaml +++ /dev/null @@ -1,16 +0,0 @@ -build_from_source: true -project: "test" -repo: "scratch" -tag: "1.built" -build: - git_repo: "https://review.opendev.org/airship/charts" - checkout_loc: "/src/checkout/scratch" - refspec: "refs/changes/41/770141/7" - version: "refs/changes/*:refs/changes/*" -makefile: - path: "tools/images" - target: "build" - file: "Makefile" - image_name: "scratch" - image_base: "scratch" - diff --git a/tools/images/standard-container/assets/playbooks/roles/images/vars/standard-container.yaml b/tools/images/standard-container/assets/playbooks/roles/images/vars/standard-container.yaml deleted file mode 100644 index db7631c0..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/vars/standard-container.yaml +++ /dev/null @@ -1,15 +0,0 @@ -build_from_source: true -repo: "microflow/standard-container" -project: "test" -tag: "1.built" -build: - git_repo: "https://review.opendev.org/airship/charts" - checkout_loc: "/src/checkout/standard-container" - refspec: "refs/changes/41/770141/7" - version: "refs/changes/*:refs/changes/*" -makefile: - path: "tools/images" - target: "build" - file: "Makefile" - image_name: "standard-container" - image_base: "ubuntu:20.04" diff --git a/tools/images/standard-container/assets/playbooks/roles/images/vars/upstream-container.yaml b/tools/images/standard-container/assets/playbooks/roles/images/vars/upstream-container.yaml deleted file mode 100644 index e2b5e7af..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/images/vars/upstream-container.yaml +++ /dev/null @@ -1,7 +0,0 @@ -build_from_source: false -remote_registry: "docker.io" -remote_repo: "testing2016/jrunner" -remote_tag: "2.0" -repo: "microflow/standard-container" -project: "test" -tag: "1.existing" diff --git a/tools/images/standard-container/assets/playbooks/roles/promote/tasks/main.yaml b/tools/images/standard-container/assets/playbooks/roles/promote/tasks/main.yaml new file mode 100644 index 00000000..55686942 --- /dev/null +++ b/tools/images/standard-container/assets/playbooks/roles/promote/tasks/main.yaml @@ -0,0 +1,41 @@ +- name: Promote Chart + when: ( stage == "promote_chart") + block: + - name: Install Plugin + shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true + + - name: Get harbor username + shell: cat {{ harbor_secret_mounted_path }}/username + register: harbor_username + + - name: Get harbor password + shell: cat {{ harbor_secret_mounted_path }}/password + register: harbor_password + + - name: Install Plugin + shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push + + - name: Add Harbor Helm repository and Test repository + shell: helm repo add "{{ chart_repository }}-staging" "https://{{ chart_registry_url }}/{{ chart_name }}-staging" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" && helm repo add "{{ chart_repository }}" "https://{{ chart_registry_url }}/{{ chart_name }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" + + - name: Pull down Helm Chart + shell: helm pull "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}" + + - name: Push chart "{{ chart_name }}" to Helm registry + command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}" + become: true + +- name: Promote Image + when: ( stage == "promote_image") + block: + - name: Tag and push to promotion repository + docker_image: + pull: true + name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}:{{ tag }}" + + - name: Tag and push to promotion repository + docker_image: + push: true + name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}" + repository: "{{ docker_registry }}/{{ project }}/{{ repo }}" + tag: "{{ tag }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/promote/tasks/promote-chart.yaml b/tools/images/standard-container/assets/playbooks/roles/promote/tasks/promote-chart.yaml deleted file mode 100644 index c1e704bf..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/promote/tasks/promote-chart.yaml +++ /dev/null @@ -1,16 +0,0 @@ -- name: Install Plugin - shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push || true -- name: Get harbor username - shell: cat {{ harbor_secret_mounted_path }}/username - register: harbor_username -- name: Get harbor password - shell: cat {{ harbor_secret_mounted_path }}/password - register: harbor_password -- name: Install Plugin - shell: helm plugin update push || helm plugin install https://github.com/chartmuseum/helm-push -- name: Add Harbor Helm repository and Test repository - shell: helm repo add "{{ chart_repository }}-staging" "https://{{ chart_registry_url }}/{{ chart_name }}-staging" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" && helm repo add "{{ chart_repository }}" "https://{{ chart_registry_url }}/{{ chart_name }}" --username="{{ harbor_username.stdout }}" --password="{{ harbor_password.stdout }}" -- name: Pull down Helm Chart - shell: helm pull "{{ chart_repository }}-staging/{{ chart_name }}" --version="{{ version }}" -- name: Push chart "{{ chart_name }}" to Helm registry - command: helm push "{{ chart_name }}-{{ version }}".tgz "{{ chart_repository }}" diff --git a/tools/images/standard-container/assets/playbooks/roles/promote/tasks/promote-image.yaml b/tools/images/standard-container/assets/playbooks/roles/promote/tasks/promote-image.yaml deleted file mode 100644 index 30ce363c..00000000 --- a/tools/images/standard-container/assets/playbooks/roles/promote/tasks/promote-image.yaml +++ /dev/null @@ -1,10 +0,0 @@ -- name: Tag and push to promotion repository - docker_image: - pull: true - name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}:{{ tag }}" -- name: Tag and push to promotion repository - docker_image: - push: true - name: "{{ docker_registry }}/{{ project }}-staging/{{ repo }}" - repository: "{{ docker_registry }}/{{ project }}/{{ repo }}" - tag: "{{ tag }}" \ No newline at end of file diff --git a/tools/images/standard-container/assets/playbooks/tag-push-image.yaml b/tools/images/standard-container/assets/playbooks/tag-push-image.yaml deleted file mode 100644 index b5fa0aa4..00000000 --- a/tools/images/standard-container/assets/playbooks/tag-push-image.yaml +++ /dev/null @@ -1,7 +0,0 @@ -- hosts: localhost - become: yes - vars: - image_status: "Success" - tasks: - - name: Push Image for scanning to Docker Repository - include_tasks: ./roles/images/tasks/tag-push-image.yaml \ No newline at end of file