In [None]:
!mkdir -p ~/agave/funwave-tvd-jenkins-pipeline

%cd ~/agave/funwave-tvd-jenkins-pipeline

!pip3 install --upgrade setvar

import re
import os
import sys
import time
from setvar import *

!auth-tokens-refresh


# Commit Our App Configuration
## Everything as Code
From here on out, every change we make will be committed to the Funwave repository, so that we can adhere to the _Everything as Code_ principle. Everything as Code is a powerful practice, as it allows for all aspects of the software lifecycle, like code, build process, documentation, etc., to be treated with the rigor as application code.

We will begin by adding a version tracker to our Funwave repository to better support build automation.

## Semantic Versioning
Our version tracker will use the very popular _Semantic Versioning_ schema. This schema composes a version out of 3 or 4 components, each with discrete meanings:
* **Major Version:** The first number in a semantic version increments when backwards-incompatible changes are made to the public API of a software package.
* **Minor Version:** The second number increments when backwards-compatible features are added to a package.
* **Patch Version:** The third number increments when bugfixes are made to software in a backwards-comptable manner.
* **Label:** The final _(optional)_ component of a semantic version is a label indicating build and release status.


Semantic versions offer a standardized way to communicate the evolution of a software package in a way that is meaningful to dependants. For more information on Semantic Versioning, visit the [official page](https://semver.org/).

The version of funwave we're using is currently pinned at `3.1.0`. Once we add the version tracker and start working on our build automation branch we're going to be working on version `3.2.0-dev`, as we're adding backwards-compatible features that are not yet ready for release.

In [None]:
!ssh sandbox "cd ~/FUNWAVE-TVD && git checkout -b dev"
writefile("version.txt","""3
2
0
dev""")
!files-upload -S ${AGAVE_STORAGE_SYSTEM_ID} -F version.txt /home/jovyan/FUNWAVE-TVD/
time.sleep(2)

In [None]:
!ssh sandbox "git config --global user.email ${AGAVE_USERNAME}@sc18-demo.org"
!ssh sandbox "git config --global user.name '${AGAVE_USERNAME}'"
!ssh sandbox "set -x && cd ~/FUNWAVE-TVD && git add version.txt && git commit -m 'Adding version tracker.' && git checkout -b build-automation"

# Improving Our App for Automation

## Incorporate Our Version Tracker
Now that we have a version tracker, let's restructure our Dockerfile, build wrapper, and build app to incorporate it. 

We'll start by modifying our Dockerfile to _copy_ the Funwave TVD code into the container, instead of cloning from the upstream repository as it was before. This ensures that the Dockerfile and resulting image won't drift from the version of the code they are intended to package. This also makes it possible to reproduce a given version of the container from the git repository, as the git history of the image and code reflect one another directly now.

In [None]:
writefile("Dockerfile","""
FROM stevenrbrandt/science-base
MAINTAINER Steven R. Brandt <sbrandt@cct.lsu.edu>

ARG BUILD_DATE
ARG VERSION


LABEL org.agaveplatform.ax.architecture="x86_64"                                \
      org.agaveplatform.ax.build-date="\$BUILD_DATE"                             \
      org.agaveplatform.ax.version="\$VERSION"                             \
      org.agaveplatform.ax.name="${AGAVE_USERNAME}/funwave-tvd"    \
      org.agaveplatform.ax.summary="Funwave-TVD is a code to simulate the shallow water and Boussinesq equations written by Dr. Fengyan Shi." \
      org.agaveplatform.ax.vcs-type="git"                                       \
      org.agaveplatform.ax.vcs-url="https://github.com/fengyanshi/FUNWAVE-TVD" \
      org.agaveplatform.ax.license="BSD 3-clause"
      
USER root
RUN mkdir -p /home/install/FUNWAVE-TVD/
RUN chown jovyan /home/install/FUNWAVE-TVD/
COPY --chown=jovyan:jovyan ./ /home/install/FUNWAVE-TVD
USER jovyan

WORKDIR /home/install/FUNWAVE-TVD/src
RUN perl -p -i -e 's/FLAG_8 = -DCOUPLING/#$&/' Makefile && \
    make

RUN mkdir -p /home/jovyan/rundir
WORKDIR /home/jovyan/rundir
""")
!files-mkdir -S ${AGAVE_STORAGE_SYSTEM_ID} -N /home/jovyan/FUNWAVE-TVD/build/
!files-upload -S ${AGAVE_STORAGE_SYSTEM_ID} -F Dockerfile /home/jovyan/FUNWAVE-TVD/

## Applying the Version to Every Build
Let's also modify our build wrapper to construct the app version from the version tracker in a given commit, and then assign that constructed version to the Docker build arguments. After this change, we will have a single build wrapper that will always build a Docker image with the correct version for the commit.

We'll also make sure that the Funwave commit is the same in both the Jenkins build and the deploy environment by supplying the commit hash in a file called `commit.txt`, which will be defined dynamically in the Jenkins pipeline. More on this later.

In [None]:
writefile("funwave-build-wrapper.txt","""

VERSION=\$(cat version.txt | paste -sd "..-" -)
COMMIT=\$(cat commit.txt)

git clone /home/jovyan/FUNWAVE-TVD
cd FUNWAVE-TVD
git checkout \$COMMIT

sudo docker build \
    --build-arg "BUILD_DATE=\${AGAVE_JOB_SUBMIT_TIME}" \
    --build-arg "VERSION=\${VERSION}" \
    --rm -t funwave-tvd:\${VERSION} .

docker inspect funwave-tvd:\${VERSION}

""")
!files-upload -S ${AGAVE_STORAGE_SYSTEM_ID} -F funwave-build-wrapper.txt /home/jovyan/FUNWAVE-TVD/build/

In [None]:
writefile("funwave-build-app.txt","""
{  
   "name":"${AGAVE_USERNAME}-${MACHINE_NAME}-funwave-dbuild",
   "version":"3.2.0",
   "label":"Builds the funwave docker image",
   "shortDescription":"Funwave docker build",
   "longDescription":"",
   "deploymentSystem":"${AGAVE_STORAGE_SYSTEM_ID}",
   "deploymentPath":"funwave-jenkins-build/",
   "templatePath":"funwave-build-wrapper.txt",
   "testPath":"version.txt",
   "executionSystem":"${AGAVE_EXECUTION_SYSTEM_ID}",
   "executionType":"CLI",
   "parallelism":"SERIAL",
   "modules":[],
   "inputs":[],
   "parameters":[{
     "id" : "code_version",
     "value" : {
       "visible":true,
       "required":true,
       "type":"string",
       "order":0,
       "enquote":false,
       "default":"latest"
     },
     "details":{
         "label": "Version of the code",
         "description": "If true, output will be packed and compressed",
         "argument": null,
         "showArgument": false,
         "repeatArgument": false
     },
     "semantics":{
         "argument": null,
         "showArgument": false,
         "repeatArgument": false
     }
   }],
   "outputs":[]
}
""")
!files-upload -S ${AGAVE_STORAGE_SYSTEM_ID} -F funwave-build-app.txt /home/jovyan/FUNWAVE-TVD/build/

# Build Automatically On Each Commit
We now have a build app that will build a Docker image containing Funwave at a given point in git history, and apply meaningful metadata about the app and version derived from repository contents. It's all repeatable too, so the next step is to perform this process automatically upon each repository events, like commits, merges, and so forth.

## Jenkins: An Automation Platform
Jenkins is a widely-used platform for task automation that evolved from a software build system. Jenkins is open-source, free-to-use, and its feature set is largely driven by third-party extensions. The platform forms the backbone of many CI/CD architectures.

There are many alternatives ranging from cloud services like CircleCI and Travis CI, to locally-installable software like GoCD. For this tutorial we'll be using Jenkins, as it it is locally-installable and tends to be the most widely used option.

## Components of a Build Pipeline
The fundamental component of Jenkins task automation is a job, which defines a series of steps that jenkins will execute when triggered. There are two primary types of jobs supported by Jenkins: the freestyle job, and the pipeline job. Freestyle jobs are the easiest to set up initially, but they are difficult to manage over time and they necessarily separate build and deployment code from application code, giving you a split perspective on your project.

Pipeline jobs provide a mechanism to package the steps you wish Jenkins to automate directly into your application repository, more closely following the Everything as Code principle. Pipeline jobs are the direction that the Jenkins community is moving towards, and makes up the foundation of Blue Ocean. We'll be focusing on pipeline jobs in this tutorial.

A Jenkins pipeline consists of the following components:
* **Jenkinsfile:** This is a Groovy script named `Jenkinsfile` that exists in the root level of your repository, and defines the steps that Jenkins will execute when a pipeline is started.
* **Source Repository:** The VCS system or repository that contains the content you wish to automate. In our case, it is the Funwave TVD repository containing the application code, build app, and Dockerfile.
* **Triggers:** These are events, often time-based events or git lifecycle events, that Jenkins will watch for. When a trigger event occurs, Jenkins will start the associated pipeline.
* **Build environment:** The environment that your build process will be executed in. In our case, it is the Agave build app.
* **Parameters:** Arguments supplied to the job at runtime that exposed to the pipeline script as environment variables.
* **Secrets and Config:** Credentials and site-specific configuration necessary for your build pipeline. There are a variety of strategies for managing these, some of which are discussed in the _Recommended Reading_ for this section. For simplicity, we will simply include config and secrets in the pipeline in the tutorial pipeline.
* **Notifications:** This is how Jenkins will _(or won't)_ alert users of build status. Often email, Slack, etc.

## Create Our Jenkins Pipeline
We have already configured a pipeline in the tutorial Jenkins instance for you, so all that's left is to upload the Jenkinsfile it will be looking for when triggered. You can view the Jenkinsfile [here](/edit/notebooks/build/Jenkinsfile): 

In [None]:
!files-upload -S ${AGAVE_STORAGE_SYSTEM_ID} -F /home/jovyan/notebooks/build/Jenkinsfile /home/jovyan/FUNWAVE-TVD/build/

### Triggering our Jenkins Pipeline From a Commit
Now that we've added a Jenkinsfile to our repository we need to set up a trigger that starts the Jenkins pipeline after a `git commit`. Normally, this trigger would either be a cron-style process that checks for changes to a repository at regular intervals, or a GitHub webhook our Jenkins server has been attached to. Since our local repository is neither publicly-accessible in its current nor do we have the time to wait for a polling interval, we will instead trigger the build pipeline post-commit by way of _Git Hooks_.

A Git Hook is a user-definable script that executes during particular git repository lifecycle events. Hooks are defined by adding an executable script bearing the named of a particular hook  to a directory named `$GIT_DIR/hooks`. Non-executable hook scripts are ignored. Further documentation on Git Hooks can be found on [git-scm](https://git-scm.com/docs/githooks).

For our use case, we'll want to use the `post-commit` hook, which will fire after each commit. The below hook script will perform a simple curl on the Jenkins URL for our pipeline to kick off the build. We'll also do a `git update-index` to make sure that the post-commit hook is always executable after cloning.

In [None]:
# Post-commit hook to trigger Jenkins job via curl

import os

agave_username = os.environ.get('AGAVE_USERNAME', '')
agave_password = os.environ.get('AGAVE_PASSWORD', '')

script_template = """#!/bin/bash
wget --auth-no-challenge \
     --http-user='{}' \
     --http-password='{}' \
     'jenkins:8080/jenkins/job/funwave-build-pipeline/buildWithParameters?token=sc18-training-job&JOB_TYPE=build'
"""

script_content = script_template.format(agave_username, agave_password)
with open('post-commit', 'w') as post_commit_script:
    post_commit_script.write(script_content)

!files-mkdir -S ${AGAVE_STORAGE_SYSTEM_ID} -N /home/jovyan/FUNWAVE-TVD/.git/hooks
!files-upload -S ${AGAVE_STORAGE_SYSTEM_ID} -F post-commit /home/jovyan/FUNWAVE-TVD/.git/hooks/
time.sleep(2)

In [None]:
# Set the hook to executable so that it won't be ignored.
!ssh sandbox "set -x && cd ~/FUNWAVE-TVD/ && chmod +x .git/hooks/post-commit"

# Commit Your Code, Start Your Pipeline
We've updated our build app for automation and added it to the repo, added a pipeline definition, and a mechanism to trigger the build on each commit. Now all that's left for us to do is commit our changes and watch the pipeline run! Once you've committed your changes, you can view the running pipeline by navigating to the Jenkins pipeline URL:

https://<username\>.sc18.training.agaveplatform.org/jenkins/job

In [None]:
!ssh sandbox "set -x && cd ~/FUNWAVE-TVD && git add Dockerfile build"
!ssh sandbox "cd ~/FUNWAVE-TVD && git commit -m 'Added jenkinsfile and post-commit hook.'"

In [None]:
!ssh sandbox "cd ~/FUNWAVE-TVD && git checkout dev && git merge --squash build-automation"

# Our Jenkinsfile, explained
Let's review the contents of our Jenkinsfile, and discuss some of it's key components. For a full view of the Jenkinsfile, you can open it up in the [file editor](/edit/notebooks/Jenkinsfile).

## Pipeline syntaxes
Jenkinsfiles may be authored in one of two discrete syntaxes: _[Scripted](https://jenkins.io/doc/book/pipeline/syntax/#scripted-pipeline)_ or _[Declarative](https://jenkins.io/doc/book/pipeline/syntax/#declarative-pipeline)_. For this pipeline we elected to use the Scripted syntax due to its flexibility and closer resemblance to typical build scripts.

At a high level Scripted pipelines are comprised of a Jenkins DSL written in Groovy, and with a few exceptions Groovy functionality is available for use within the pipeline script.

## Build workspaces, flow control, and parameters
Each Jenkins pipeline requires a declaration of where the stages within will run. For our pipeline we used the `node` directive to wrap all stages, which tells Jenkins that any agent will suffice, and that all the build stages should be run on the same agent.

We use the common try/catch/finally pattern for state and flow control in our pipeline. If any unhandled error occurs, or if an error and caught and thrown again, the pipeline status will be set to `FAILURE` and the pipeline will terminate. This pattern is frequently used for Scripted pipelines.

An extremely important object to most pipelines is `env`. The `env` object exposes environment variables to the build script as instance attributes with the same name. We've parameterized our Jenkins job so we can specify `JOB_TYPE` at runtime to eliminate code duplication between build and benchmark jobs, as the two vary only by a keyword. Parameters are exposed to the pipeline script as environment variables, so we can access them via the `env` object.

```groovy
import groovy.json.JsonOutput


node {
  currentBuild.result = "SUCCESS"

  env.AGAVE_TENANTS_API_BASEURL = "https://sandbox.agaveplatform.org/tenants"
  env.MACHINE_NAME = "sandbox"
  env.AGAVE_APP_NAME = "funwave-tvd-${env.JOB_TYPE}-${env.AGAVE_USERNAME}"
  env.AGAVE_CLIENT_NAME = "jenkins-cli-${env.AGAVE_USERNAME}"
  env.AGAVE_STORAGE_SYSTEM_ID = "sandbox-storage-${env.AGAVE_USERNAME}"
  env.DEPLOYMENT_PATH = "/home/jovyan/funwave-jenkins-${env.JOB_TYPE}/"

  try {
    // ... Build stages
  } catch (error) {
    currentBuild.result = "FAILURE"
    throw error
  }
}
// ... Post-build triggers
```

## Stages, and setting up the Agave CLI
Jenkins pipelines group individual _Steps_ of work into _Stages_. Stages allow for subsets of your build steps to be provided with environment, agents, and configuration that are distinct from other stages. In the first stage of our pipeline, we go through the process illustrated in Notebook 05 to set up the Agave CLI so that the Jenkins environment can interact with our Agave app.

After we've set up the Agave CLI, the next stage of our pipeline uses the `checkout scm` DSL command to clone the commit being built from the SCM configuration in the Jenkins job.

```groovy
stage("Set up Agave CLI") {
  try {
    sh "tenants-list"
    sh "tenants-init -t sandbox"
  } catch (error) {
    print "Tenant already initialized"
  }

  try {
    sh "clients-delete -u '${env.AGAVE_USERNAME}' -p '${env.AGAVE_PASSWORD}' ${env.AGAVE_APP_NAME}"
  } catch (error) {
    print "Cannot delete client: ${env.AGAVE_APP_NAME} does not exist"
  }

  try {
    sh "clients-create -u '${env.AGAVE_USERNAME}' -p '${env.AGAVE_PASSWORD}' -N '${env.AGAVE_APP_NAME}' -S"
  } catch (error) {
    print "Cannot create client: ${env.AGAVE_APP_NAME} already exists"
  }

  try {
    sh "auth-tokens-create -u '${env.AGAVE_USERNAME}' -p '${env.AGAVE_PASSWORD}' "
  } catch (error) {
    print "Cannot create auth tokens for CLI. Aborting..."
    throw error
  }
}

stage("Clone Funwave TVD") {
  checkout scm
}
```

## Configuring the deployment path and updating the Agave app
The third stage of our pipeline generates and uploads all of the resources needed to bootstrap our Agave build app to the Agave deployment path. These resources include the Dockerfile, wrapper script, app spec, and version tracker we committed above. We've also added a new file that Jenkins dynamically generates on each build called `commit.txt`. This file stores the hash of the commit currently being built so that the `git clone` step of the wrapper script will be operating on the same version of the code as the Jenkins pipeline.

Once all the necessary resources have been uploaded to the deploy path successfully, the Agave build app is updated from the new spec.

As mentioned above, the Jenkins pipeline runs a DSL implemented in Groovy, and not _all_ of Groovy's built-ins are available for use in your pipeline. An example of a Groovy feature that cannot be used is the `File` object. Instead, if you wish to write to a file in your pipeline you must use the [`writeFile` function](https://jenkins.io/doc/pipeline/steps/workflow-basic-steps/#writefile-write-file-to-workspace) provided by the DSL.

```groovy
stage("Configure deployment path") {
  try {
    sh "files-mkdir -S ${env.AGAVE_STORAGE_SYSTEM_ID} -N ${env.DEPLOYMENT_PATH}"
    sh "files-upload -S ${env.AGAVE_STORAGE_SYSTEM_ID} -F build/funwave-${env.JOB_TYPE}-wrapper.txt ${env.DEPLOYMENT_PATH}"
    sh "files-upload -S ${env.AGAVE_STORAGE_SYSTEM_ID} -F build/funwave-${env.JOB_TYPE}-app.txt ${env.DEPLOYMENT_PATH}"
    sh "files-upload -S ${env.AGAVE_STORAGE_SYSTEM_ID} -F version.txt ${env.DEPLOYMENT_PATH}"

    // We need to make sure that we're building the correct commit on the deploy system
    env.GIT_COMMIT = sh(returnStdout: true, script: "git log -n 1 --pretty=format:'%h'")
    env.GIT_COMMIT = env.GIT_COMMIT.trim()
    writeFile(file: "build/commit.txt", text: env.GIT_COMMIT)
    sh "files-upload -S ${env.AGAVE_STORAGE_SYSTEM_ID} -F build/commit.txt ${env.DEPLOYMENT_PATH}"

  } catch (error) {
    print "Could not configure deployment path."
    throw error
  }

  sh "apps-addupdate -F build/funwave-${env.JOB_TYPE}-app.txt"
}
```

## Submitting the job and grabbing output
The next stage builds the job JSON dynamically and writes it out to a file in the Jenkins agent. This JSON is then used to submit the build job to the app we configured and updated in the previous stage. The job is polled  for up to 4 minutes or until a terminal state is reached, at which point the pipeline either fails or the job output is printed to the Jenkins pipeline log.

```groovy
stage("Submit job") {
  env.WEBHOOK_URL = sh(returnStdout: true, script: "requestbin-create")
  env.WEBHOOK_URL = env.WEBHOOK_URL.trim()
  env.VERSION = sh(returnStdout: true, script: 'cat version.txt | paste -sd "..-" -')

  def notificationsSpecs = [
    url: env.WEBHOOK_URL,
    event: "*",
    persistent: "true"
  ]

  def parametersSpecs = [
    code_version: "latest"
  ]

  def appSpecs = [
    name: "funwave-${env.JOB_TYPE}",
    appId: "${env.AGAVE_USERNAME}-${env.MACHINE_NAME}-funwave-d${env.JOB_TYPE}-3.2.0",
    maxRunTime: "00:10:00",
    archive: false,
    notifications: [notificationsSpecs],
    parameters: parametersSpecs
  ]

  def jsonContent = JsonOutput.toJson(appSpecs)
  writeFile(file: "build/funwave-${env.JOB_TYPE}-job.json", text: jsonContent)

  def submitOutput = sh(returnStdout: true, script: "jobs-submit -F build/funwave-${env.JOB_TYPE}-job.json")
  def jobId = submitOutput.split(" ")[-1]
  env.JOB_ID = jobId.trim()

  def jobState = 'SUBMITTING'
  for (i = 0; i < 48; i++) {
    sleep 5
    jobState = sh(returnStdout: true, script: "jobs-status ${env.JOB_ID}").trim()
    print jobState
    if (jobState == 'FINISHED' || jobState == 'FAILED' || jobState == 'STOPPED') {
      break
    }
  }

  assert jobState == 'FINISHED'

  try {
    sh "jobs-output-list --rich --filter=type,length,name ${env.JOB_ID}"
    sh "jobs-output-get -P ${env.JOB_ID} funwave-${env.JOB_TYPE}.out"
  } catch (error) {
    print "Could not get output from job id: ${env.JOB_ID}"
  }
}
```

## Triggering other pipelines
The last stage of our Jenkins pipeline triggers a benchmarking pipeline upon a successful build using the [build step](https://jenkins.io/doc/pipeline/steps/pipeline-build-step/). We've parameterized both the build and benchmarking pipelines so that they can use the same Jenkinsfile while still deploying distinct Agave apps. As a result, our post-build pipeline trigger must also supply the appropriate `JOB_TYPE` parameter for the benchmarking pipeline.

```groovy
// This is covered in notebook 10
if (currentBuild.result == 'SUCCESS' && env.JOB_TYPE == 'build') {
  stage('Run benchmarks') {
    def benchmarkPipeline = build job: 'funwave-benchmark-pipeline', parameters: [
      [
        $class: 'StringParameterValue',
        name: 'JOB_TYPE',
        value: 'benchmark'
      ]
    ]
  }
}
```