This repository has been archived by the owner on Jan 30, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 41
/
deploy_app_downstream.yaml.erb
101 lines (92 loc) · 4.44 KB
/
deploy_app_downstream.yaml.erb
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
---
- job:
name: Deploy_App_Downstream
display-name: Deploy_App_Downstream
project-type: freestyle
description: "Kicks off an appliction deploy in a downstream environment"
properties:
- build-discarder:
days-to-keep: 30
artifact-num-to-keep: 5
builders:
<% if @smokey_pre_check %>
- shell: |
# Wait for any app restarts to complete before running Smokey
sleep 60
- trigger-builds:
- project: Smokey
current-parameters: true
block: true
<% end %>
- shell: |
# Check for deploy freeze set in Release App
APPLICATION_METADATA=$(curl -s \
-H "Accept: application/json" \
-H "Authorization: Bearer $RELEASE_APP_BEARER_TOKEN" \
"https://release.publishing.service.gov.uk/applications/$TARGET_APPLICATION")
DEPLOY_FREEZE=$(echo "$APPLICATION_METADATA" | jq .deploy_freeze)
if $DEPLOY_FREEZE; then
echo "This application is under a deploy freeze in Release app. Aborting"
exit 0 # Don't alert about predictable failures
fi
# Workaround for our inconsistent repo vs. deployment naming
case "$TARGET_APPLICATION" in
<% @applications.keys.each do |app| %>
<%= app %>)
REPO="<%= @applications[app].fetch("repository", app) %>"
;;
<% end %>
esac
# Check release to deploy is genuine and we're not going backwards
GITHUB_API="https://api.github.com/repos/alphagov/$REPO"
LATEST_TAGS=$(curl -H "Authorization: token $GITHUB_API_TOKEN" -s "$GITHUB_API/tags?per_page=1")
LATEST_MASTER=$(curl -H "Authorization: token $GITHUB_API_TOKEN" -s "$GITHUB_API/commits?per_page=1")
LATEST_MASTER_SHA=$(echo "$LATEST_MASTER" | jq '.[].sha' | head -1)
LATEST_TAG_SHA=$(echo "$LATEST_TAGS" | jq '.[].commit.sha' | head -1)
LATEST_TAG_NAME=$(echo "$LATEST_TAGS" | jq '.[].name' | head -1)
if [ "$LATEST_TAG_NAME" != "\"$TAG\"" ]; then
echo "The TAG parameter does not match the latest release. Aborting."
exit 0 # Don't alert about predictable failures
fi
if [ "$LATEST_TAG_SHA" != "$LATEST_MASTER_SHA" ]; then
echo "The TAG to deploy is supserseded, or not on master. Aborting."
exit 0 # Don't alert about predictable failures
fi
# Deploy to downstream environment
JSON="{\"parameter\": [{\"name\": \"TARGET_APPLICATION\", \"value\": \"$TARGET_APPLICATION\"}, {\"name\": \"TAG\", \"value\": \"$TAG\"}, {\"name\": \"DEPLOY_TASK\", \"value\": \"deploy\"}, {\"name\": \"NOTIFY_RELEASE_APP\", \"value\": \"true\"}, {\"name\": \"SLACK_NOTIFICATIONS\", \"value\": \"true\"}], \"\": \"\"}"
CRUMB=$(curl https://<%= @jenkins_downstream_api_user %>:<%= @jenkins_downstream_api_password %>@<%= @deploy_url %>/crumbIssuer/api/json | jq --raw-output '. | .crumb')
curl -f -H "Jenkins-Crumb:$CRUMB" -XPOST https://<%= @jenkins_downstream_api_user %>:<%= @jenkins_downstream_api_password %>@<%= @deploy_url %>/job/Deploy_App/build --data-urlencode json="$JSON"
wrappers:
- ansicolor:
colormap: xterm
- inject-passwords:
global: false
mask-password-params: true
job-passwords:
- name: GITHUB_API_TOKEN
password:
'<%= @github_api_token %>'
- name: RELEASE_APP_BEARER_TOKEN
password:
'<%= @release_app_bearer_token %>'
parameters:
- choice:
name: TARGET_APPLICATION
description: 'Application to deploy'
choices: <%= ['-- Choose an app'] + @applications.keys %>
- string:
name: TAG
description: 'Git tag/committish to deploy.'
publishers:
- description-setter:
regexp: ""
description: "$TARGET_APPLICATION $TAG"
- slack:
team-domain: <%= @slack_team_domain %>
auth-token-id: <%= @slack_credential_id %>
auth-token-credential-id: <%= @slack_credential_id %>
build-server-url: <%= @slack_build_server_url %>
notify-every-failure: true
room: "<%= @slack_channel %>"
include-custom-message: true
custom-message: "Automatic deployment failed for $TARGET_APPLICATION $TAG"