-
Notifications
You must be signed in to change notification settings - Fork 2
/
Jenkinsfile
83 lines (82 loc) · 2.34 KB
/
Jenkinsfile
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
def tag = ""
def image = ""
def build_result = 'SUCCESS'
if (env.BRANCH_NAME == 'staging' || env.BRANCH_NAME == 'prod') {
build_result = 'FAILURE'
} else {
build_result = 'UNSTABLE'
}
pipeline {
agent {
kubernetes {
yamlFile "jenkins-agent.yaml"
}
}
stages {
stage('Collect info') {
steps {
container('git') {
script {
sh "apk add yq"
echo "preparing to deploy ${env.BRANCH_NAME}"
echo "get docker image tag from values file"
tag = sh(script: "yq r env-values.yaml image.tag", returnStdout: true).trim()
}
}
}
}
stage("Evaluate Policy"){
when {
anyOf {
expression {
env.CHANGE_TARGET != null
}
branch 'dev';
branch 'staging';
branch 'prod';
}
}
steps {
container('git') {
sh "echo Validating deployment..."
sh "echo ${tag}"
sh "apk add jq"
script {
try {
sh """
wget -O- -q \
--post-data='{
"resourceUri": "harbor.internal.lead.prod.liatr.io/rode-demo/rode-demo-node-app@sha256:${tag}"
}' \
--header='Content-Type: application/json' \
'http://rode.rode-demo.svc.cluster.local:50051/v1alpha1/policies/4127d475-80ec-4d36-9ece-98029176bdec:attest' | jq .pass | grep true
"""
} catch (err) {
if (env.BRANCH_NAME == 'staging' || env.BRANCH_NAME == 'prod' || env.CHANGE_TARGET == 'staging' || env.CHANGE_TARGET == 'prod') {
build_result = 'FAILURE'
sh "exit 1"
} else {
currentBuild.result = "UNSTABLE"
}
}
}
}
}
}
stage('Deploy') {
when {
anyOf {
branch 'dev';
branch 'staging';
branch 'prod';
}
}
steps {
container('helm') {
sh "helm version"
sh "helm upgrade -f env-values.yaml -f environments/${env.BRANCH_NAME}/values.yaml --install demo-app-test charts/demo-app -n rode-demo-app-${env.BRANCH_NAME}"
}
}
}
}
}