Commit c919733b authored by Malin, James (Contractor) Christopher's avatar Malin, James (Contractor) Christopher
Browse files

needs to be updated, but can be used with geoserve and generic deploy

parent 870ff605
Pipeline #892 failed with stages
in 18 seconds
...@@ -13,7 +13,7 @@ variables: ...@@ -13,7 +13,7 @@ variables:
BUILDER_CONTAINER: $APP_NAME-$BUILD_ID-BUILDER BUILDER_CONTAINER: $APP_NAME-$BUILD_ID-BUILDER
BUILDER_IMAGE: "usgs/node:10" BUILDER_IMAGE: "usgs/node:10"
# Name of image to deploy (push) to registry # Name of image to deploy (push) to registry
DEPLOY_IMAGE: "$GITLAB_INNERSOURCE_REGISTRY:5001/ghsc/hazdev/earthquake-geoserve/ui" DEPLOY_IMAGE: "${GITLAB_INNERSOURCE_REGISTRY}:5001/ghsc/hazdev/earthquake-geoserve/ui"
# DOCKER_HUB_IMAGE: "usgs/earthquake-geoserve-ui" # DOCKER_HUB_IMAGE: "usgs/earthquake-geoserve-ui"
DOCKER_HUB_IMAGE: "jamesmalin/usgs-geoserve-ui" DOCKER_HUB_IMAGE: "jamesmalin/usgs-geoserve-ui"
# Run application locally for testing security vulnerabilities # Run application locally for testing security vulnerabilities
...@@ -25,27 +25,35 @@ variables: ...@@ -25,27 +25,35 @@ variables:
OWASP_REPORT_DIR: "owasp-data" OWASP_REPORT_DIR: "owasp-data"
ZAP_API_PORT: "8090" ZAP_API_PORT: "8090"
PENTEST_IP: 'application:8080' PENTEST_IP: 'application:8080'
S3_BUCKET: usgs-cf-templates S3_BUCKET: usgs-cf-templates
# COMBINING VARIABLES FROM DEPLOY JOB # COMBINING VARIABLES FROM DEPLOY JOB
CONFIG: '' CONFIG: ''
# DEPLOY_DIR: '/tmp/${APP_NAME}' # DEPLOY_DIR: '/tmp/${APP_NAME}'
DEPLOY_APP_NAME: 'earthquake-geoserve' DEPLOY_APP_NAME: 'earthquake-geoserve'
DEPLOY_DIR: '${APP_NAME}' DEPLOY_DIR: '${APP_NAME}'
REMOTE_DEPLOY_DIR: '/tmp/${DEPLOY_DIR}' REMOTE_DEPLOY_DIR: '/tmp/${DEPLOY_DIR}'
EXPORTS: ''
TARGET_HOSTS: '' TARGET_HOSTS: ''
branch: 'origin/master' branch: 'origin/master'
REMOTE_USER: 'jmalin' REMOTE_USER: 'jmalin'
#WORKING_DIR: '/var/lib/jenkins/workspace/HazDev/earthquake-geoserve/deploy'
#WORKING_DIR: '' DB_IMAGE_NAME: 'ghsc/hazdev/earthquake-geoserve/db:latest'
# GENERIC_APP_REPOSITORY: 'https://${CHS_USERNAME}:${CHS_PASSWORD}@${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/container-deploy.git' ENVIRONMENT: 'Development'
# CUSTOM_APP_REPOSITORY: 'https://${CHS_USERNAME}:${CHS_PASSWORD}@${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/earthquake-geoserve.git' UI_IMAGE_NAME: 'ghsc/hazdev/earthquake-geoserve/ui:latest'
# CONFIG_REPOSITORY: 'https://${CHS_USERNAME}:${CHS_PASSWORD}@${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/jenkins.git' APP_NAME: 'earthquake-geoserve'
# ENVIRONMENT: 'dev01' GIT_BRANCH: 'origin/master'
WS_IMAGE_NAME: 'ghsc/hazdev/earthquake-geoserve/ws:latest'
APP_REPOSITORY: 'https://${GITLAB_INNERSOURCE_REGISTRY}/ghsc/hazdev/earthquake-geoserve.git'
STACK_NAME: 'earthquake-geoserve'
EXPORTS: 'DB_IMAGE_NAME=${DB_IMAGE_NAME},
ENVIRONMENT=${ENVIRONMENT},
UI_IMAGE_NAME=${UI_IMAGE_NAME},
APP_NAME=${APP_NAME},
GIT_BRANCH=${GIT_BRANCH},
WS_IMAGE_NAME=${WS_IMAGE_NAME},
APP_REPOSITORY=${APP_REPOSITORY},
STACK_NAME=${STACK_NAME}'
# Using docker in docker # Using docker in docker
services: services:
- docker:dind - docker:dind
...@@ -53,37 +61,31 @@ services: ...@@ -53,37 +61,31 @@ services:
stages: stages:
- init - init
- build - build
# - unit-tests - unit-tests
# - pen-tests - pen-tests
# - publish-image - publish-image
- trigger_deploy - trigger_deploy
initialize: initialize:
stage: init stage: init
image: node:latest image: node:latest
only:
- merge_requests
script: script:
# - for env in "${!APP_@}"; do printf 'MY_ARRAY+=(%s=%s)\n' "$env" "${!env}"; done;
# - for env in "${!APP_@}"; do printf '%s=%s\n' "$env" "${!env}"; done;
# - for i in "${MY_ARRAY_#[@]}"; do echo "$i"; done
# - PREFIXED VARIABLES NEEDED FOR DEPLOY
# - for env in "${!APP_@}"; do echo export "$env"="${!env}" >> test.txt; done;
- echo "export THISISENV=testit" >> test.sh
- cat test.sh
- source test.sh | while read line; do export "$line"; done
- echo $THISISENV
- node metadata.js ${branch} ${CI_COMMIT_SHA} ${IMAGE_VERSION} - node metadata.js ${branch} ${CI_COMMIT_SHA} ${IMAGE_VERSION}
- cat temp-metadata.json - cat temp-metadata.json
artifacts: artifacts:
paths: paths:
- temp-metadata.json - temp-metadata.json
###### Build ###### ###### Build ######
build: build:
stage: build stage: build
image: docker:stable image: docker:stable
only:
- merge_requests
before_script: before_script:
- rm -rf docker-images - rm -rf docker-images
- rm -rf $OWASP_REPORT_DIR - rm -rf $OWASP_REPORT_DIR
...@@ -91,6 +93,7 @@ build: ...@@ -91,6 +93,7 @@ build:
script: script:
- echo "Building..." - echo "Building..."
- mv temp-metadata.json metadata.json - mv temp-metadata.json metadata.json
# build a local directory to be used later for testing or deploying # build a local directory to be used later for testing or deploying
- mkdir docker-images - mkdir docker-images
# build image and save # build image and save
...@@ -98,134 +101,126 @@ build: ...@@ -98,134 +101,126 @@ build:
--build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE ." --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE ."
- docker save $LOCAL_IMAGE > docker-images/app.tar - docker save $LOCAL_IMAGE > docker-images/app.tar
# Needed later when loading docker images # # Needed later when loading docker images
# Could test without the docker images saved and try to pull local image # # Could test without the docker images saved and try to pull local image
artifacts: artifacts:
paths: paths:
- docker-images - docker-images
- temp-metadata.json - temp-metadata.json
- metadata.json cache:
# cache: key: "$CI_BUILD_REF_NAME"
# key: "$CI_BUILD_REF_NAME" paths:
# paths: - docker-images
# - docker-images
# run unit tests:
# stage: unit-tests
# image: trion/ng-cli-e2e
# cache:
# # untracked: true # cache all files that are untracked in your Git repository
# # job doesn’t alter cached files, skip the upload step by setting policy: pull
# policy: pull
# # only:
# # - master
# script:
# - npm install --no-audit --no-save
# - ng lint
# - ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - npm run build
# - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - ng e2e
# run penetration tests: run unit tests:
# stage: pen-tests stage: unit-tests
# image: docker:stable image: trion/ng-cli-e2e
# cache: only:
# policy: pull - merge_requests
# # before_script: cache:
# # - npm i # untracked: true # cache all files that are untracked in your Git repository
# # - npm i highlightjs # job doesn’t alter cached files, skip the upload step by setting policy: pull
# # only: policy: pull
# # - master # only:
# script: # - master
# - mkdir -p $OWASP_REPORT_DIR script:
# - chmod 777 $OWASP_REPORT_DIR - npm install --no-audit --no-save
# - docker load -i docker-images/app.tar - ng lint
# - docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE - ng test hazdev-ng-geoserve-output --watch=false --code-coverage --progress false --browsers ChromeHeadless
# - docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true - npm run build
# - sleep 20 - ng test earthquake-geoserve-ui --watch=false --code-coverage --progress false --browsers ChromeHeadless
# # docker run --rm -d -u zap --name=earthquake-geoserve-ui-3-OWASP --link=earthquake-geoserve-ui-3-PENTEST:application -v /var/lib/jenkins/workspace/HazDev/earthquake-geoserve/build-ui/owasp-data:/zap/reports:rw -i code.chs.usgs.gov:5001/devops/images/owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true - ng e2e
# # docker run --rm --name earthquake-geoserve-ui-1.0.4-PENTEST -d jamesmalin/usgs-geoserve-ui:1.0.4
# # docker run --rm -d -u zap --name=earthquake-geoserve-ui-1.0.4-OWASP --link=earthquake-geoserve-ui-1.0.4-PENTEST:application -v /owasp-data:/zap/reports:rw -i owasp/zap2docker-stable zap.sh -daemon -port 8090 -config api.disablekey=true run penetration tests:
# - "docker exec -i ${OWASP_CONTAINER} stage: pen-tests
# curl -I localhost:${ZAP_API_PORT} image: docker:stable
# > /dev/null 2>&1 && echo 'SUCCESS'" only:
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/ - merge_requests
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/ cache:
# - docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html policy: pull
# - docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER} # before_script:
# artifacts: # can you make this not available to the public # - npm i
# paths: # - npm i highlightjs
# - owasp-zap-report.html # only:
# - docker-images # - master
# dependencies: script:
# - build - mkdir -p $OWASP_REPORT_DIR
- chmod 777 $OWASP_REPORT_DIR
- docker load -i docker-images/app.tar
- docker run --rm --name $LOCAL_CONTAINER -d $LOCAL_IMAGE
- docker run --rm -d -u zap --name=$OWASP_CONTAINER --link=$LOCAL_CONTAINER:application -v $OWASP_REPORT_DIR:/zap/reports:rw -i $OWASP_IMAGE zap.sh -daemon -port $ZAP_API_PORT -config api.disablekey=true
- sleep 20
- "docker exec -i ${OWASP_CONTAINER}
curl -I localhost:${ZAP_API_PORT}
> /dev/null 2>&1 && echo 'SUCCESS'"
- docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT spider http://$PENTEST_IP/
- docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT active-scan http://$PENTEST_IP/
- docker exec $OWASP_CONTAINER zap-cli -v -p $ZAP_API_PORT report -o owasp-zap-report.html -f html
- docker stop $OWASP_CONTAINER ${LOCAL_CONTAINER}
artifacts: # can you make this not available to the public
paths:
- owasp-zap-report.html
- docker-images
dependencies:
- build
# ###### Publish ###### # ###### Publish ######
# publish image: publish image:
# stage: publish-image stage: publish-image
# image: docker:stable image: docker:stable
# only: only:
# - merge_requests - master
# before_script: # only:
# # - curl -O https://bootstrap.pypa.io/get-pip.py # - merge_requests
# # - python3 get-pip.py --user before_script:
# # - /root/.local/bin/pip3 install awscli --upgrade --user # - curl -O https://bootstrap.pypa.io/get-pip.py
# # - npm install -g docker # - python3 get-pip.py --user
# # - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY # - /root/.local/bin/pip3 install awscli --upgrade --user
# script: # - npm install -g docker
# # - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml # - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
# # - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack script:
# # Re-tag candidate image as actual image name and push actual image to repository # - aws cloudformation package --template-file ./deployment/aws-create-user.json --s3-bucket $S3_BUCKET --output-template usgs-user-template-export.yml
# # TODO - Deploy to USGS Hazdev Registry # - aws cloudformation deploy --template-file /builds/jmalin/earthquake-geoserve-ui/usgs-user-template-export.yml --stack-name usgs-user-deploy-stack
# # - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE . # Re-tag candidate image as actual image name and push actual image to repository
# - docker load -i docker-images/app.tar # TODO - Deploy to USGS Hazdev Registry
# - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION} # - docker build --build-arg FROM_IMAGE=$BASE_IMAGE --build-arg BUILD_IMAGE=$BUILDER_IMAGE -t $LOCAL_IMAGE .
# - echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY - docker load -i docker-images/app.tar
# - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION} - docker tag ${LOCAL_IMAGE} ${DEPLOY_IMAGE}:${IMAGE_VERSION}
- echo "$CHS_PASSWORD" | docker login --username $CHS_USERNAME --password-stdin $GITLAB_INNERSOURCE_REGISTRY
# # Re-tag candidate image as public image name and push to docker hub - docker push ${DEPLOY_IMAGE}:${IMAGE_VERSION}
# # For a private registry include registry URL
# - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION} # Re-tag candidate image as public image name and push to docker hub
# # login to dockerhub # For a private registry include registry URL
# - echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin - docker tag ${LOCAL_IMAGE} ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION} # login to dockerhub
# # Delete pass file - echo "$DOCKER_PASSWORD" | docker login --username $DOCKER_USERNAME --password-stdin
# - rm -rf /root/.docker/config.json - docker push ${DOCKER_HUB_IMAGE}:${IMAGE_VERSION}
# dependencies: # Delete pass file
# - build - rm -rf /root/.docker/config.json
# # - 'run unit tests' dependencies:
# # - 'run penetration tests' - build
# cache: # - 'run unit tests'
# key: "$CI_BUILD_REF_NAME" # - 'run penetration tests'
# paths: cache:
# - docker-images key: "$CI_BUILD_REF_NAME"
paths:
- docker-images
# artifacts:
# paths:
# - docker-images
# trigger container master job
trigger deploy: trigger deploy:
stage: trigger_deploy # variables:
# CI_COMMIT_MESSAGE: $CI_COMMIT_MESSAGE
image: node:latest image: node:latest
when: manual stage: trigger_deploy
# trigger: jmalin/geoserve-container
only: only:
- merge_requests
- master - master
script: script:
- 'curl -X POST - 'curl -X POST
-F token=5db4dbb65dd8f2583082e1555bae6a -F token=${TRIGGER_API_TOKEN}
-F "ref=master" -F "ref=master"
-F "variables[CI_COMMIT_MESSAGE]=$CI_COMMIT_MESSAGE" -F "variables[EXPORTS]=${EXPORTS}"
-F "variables[IMAGE_VERSION]=${IMAGE_VERSION}" https://${GITLAB_INNERSOURCE_REGISTRY}/api/v4/projects/769/trigger/pipeline'
-F "variables[DB_IMAGE_NAME]=ghsc/hazdev/earthquake-geoserve/db:${IMAGE_VERSION}" \ No newline at end of file
-F "variables[ENVIRONMENT]=${ENVIRONMENT}"
-F "variables[UI_IMAGE_NAME]=ghsc/hazdev/earthquake-geoserve/ui:${IMAGE_VERSION}"
-F "variables[APP_NAME]=${DEPLOY_APP_NAME}"
-F "variables[GIT_BRANCH]=origin/master"
-F "variables[WS_IMAGE_NAME]=ghsc/hazdev/earthquake-geoserve/ws:${IMAGE_VERSION}"
-F "variables[APP_REPO]=ghsc/hazdev/earthquake-geoserve.git"
-F "variables[STACK_NAME]=earthquake-geoserve"
-F "variables[TARGET_HOSTNAME]=dev01-container01.cr.usgs.gov"
-F "variables[REMOTE_DEPLOY_DIR]=${REMOTE_DEPLOY_DIR}"
https://code.chs.usgs.gov/api/v4/projects/1955/trigger/pipeline'
# use triggers with Jenkins config
\ No newline at end of file
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment