Merge 8c27224 into 1772366

nhsuk · Aug 2, 2019 · b3e66d6 · b3e66d6
2 parents 1772366 + 8c27224
commit b3e66d6
Show file tree

Hide file tree

Showing 5 changed files with 196 additions and 55 deletions.
diff --git a/azure-pipelines.yml b/azure-pipelines.yml
@@ -15,65 +15,99 @@ pr:
     include:
     - '*'
 
-jobs:
-- job: tests
-  displayName: 'Run tests'
-  pool:
-    vmImage: 'Ubuntu 16.04'
-  steps:
-  - bash: |
-      export COVERALLS_SERVICE_NAME='Azure Devops'
-      export COVERALLS_REPO_TOKEN=$(PIPELINE_COVERALLS_REPO_TOKEN)
-      ./scripts/devops/test-ci
-    displayName: 'Run tests, copy test artifacts to host and upload code coverage'
+variables:
+  DOCKER_IMAGE_NAME: 'nhsuk/sexual-health-service-finder'
 
-  - task: PublishCodeCoverageResults@1
-    condition: succeededOrFailed()
-    inputs:
-      codeCoverageTool: Cobertura
-      summaryFileLocation: '$(System.DefaultWorkingDirectory)/coverage/cobertura-coverage.xml'
+stages:
+  - stage: build
+    jobs:
+    - job: RunTests
+      displayName: 'Run tests'
+      pool:
+        vmImage: 'Ubuntu 16.04'
+      variables:
+        COVERALLS_SERVICE_NAME: 'Azure Devops'
+      steps:
+      - bash: |
+          # TODO: Can this not just be added as a variable? Does it need export?
+          export COVERALLS_REPO_TOKEN=$(PIPELINE_COVERALLS_REPO_TOKEN)
+          ./scripts/devops/test-ci
+        displayName: 'Run tests, copy test artifacts to host and upload code coverage'
 
-  - task: PublishTestResults@2
-    condition: succeededOrFailed()
-    inputs:
-      testRunner: JUnit
-      testResultsFiles: '$(System.DefaultWorkingDirectory)/test-results.xml'
+      - task: PublishCodeCoverageResults@1
+        condition: succeededOrFailed()
+        inputs:
+          codeCoverageTool: Cobertura
+          summaryFileLocation: '$(System.DefaultWorkingDirectory)/coverage/cobertura-coverage.xml'
 
-- job: docker
-  dependsOn: tests
-  condition: and(succeeded(), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/master'), startsWith(variables['Build.SourceBranch'], 'refs/pull/'), startsWith(variables['Build.SourceBranch'], 'refs/tags/')))
-  displayName: 'Push Docker images'
-  pool:
-    vmImage: 'Ubuntu 16.04'
-  variables:
-    DOCKER_IMAGE_NAME: 'nhsuk/sexual-health-service-finder'
-  steps:
-  - task: Docker@1
-    displayName: 'Login to docker hub'
-    inputs:
-      containerregistrytype: 'Container Registry'
-      dockerRegistryEndpoint: 'sexual-health'
-      command: login
+      - task: PublishTestResults@2
+        condition: succeededOrFailed()
+        inputs:
+          testRunner: JUnit
+          testResultsFiles: '$(System.DefaultWorkingDirectory)/test-results.xml'
 
-  - bash: ./scripts/devops/set-variables
-    displayName: 'Set variables for future tasks'
+    - job: PushImageToRepo
+      dependsOn: RunTests
+      condition: and(succeeded(), or(startsWith(variables['Build.SourceBranch'], 'refs/heads/master'), startsWith(variables['Build.SourceBranch'], 'refs/pull/'), startsWith(variables['Build.SourceBranch'], 'refs/tags/')))
+      displayName: 'Push image to repository'
+      pool:
+        vmImage: 'Ubuntu 16.04'
+      steps:
+      - task: Docker@1
+        displayName: 'Login to Docker Hub'
+        inputs:
+          containerregistrytype: 'Container Registry'
+          dockerRegistryEndpoint: 'sexual-health'
+          command: login
 
-  - bash: ./scripts/devops/push-image
-    displayName: 'Push image to docker hub'
+      - bash: ./scripts/devops/push-image
+        displayName: 'Push image to Docker Hub'
 
-- job: rancher
-  dependsOn: tests
-  displayName: 'Save rancher-config folder'
-  pool:
-    vmImage: 'Ubuntu 16.04'
-  steps:
-  - task: CopyFiles@2
-    displayName: 'Copy Files to: $(Build.ArtifactStagingDirectory)/rancher-config'
-    inputs:
-      sourceFolder: 'rancher-config'
-      targetFolder: '$(Build.ArtifactStagingDirectory)/rancher-config'
-      cleanTargetFolder: true
-      overWrite: true
+    - job: rancher
+      dependsOn: RunTests
+      displayName: 'Save scripts/devops/ and rancher-config/'
+      pool:
+        vmImage: 'Ubuntu 16.04'
+      steps:
+      - task: CopyFiles@2
+        displayName: 'Copy rancher-config/'
+        inputs:
+          sourceFolder: 'rancher-config'
+          targetFolder: '$(Build.ArtifactStagingDirectory)/rancher-config'
+          cleanTargetFolder: true
+          overWrite: true
 
-  - task: PublishBuildArtifacts@1
-    displayName: 'Publish Artifact: drop'
+      - task: CopyFiles@2
+        displayName: 'Copy scripts/devops/'
+        inputs:
+          sourceFolder: 'scripts/devops'
+          targetFolder: '$(Build.ArtifactStagingDirectory)/scripts/devops'
+          cleanTargetFolder: true
+          overWrite: true
+
+      - task: PublishBuildArtifacts@1
+        displayName: 'Publish Artifact: drop'
+
+  - stage: release
+    displayName: 'Deploy Review Environment'
+    jobs:
+      - job: review
+        condition: and(succeeded(), startsWith(variables['Build.SourceBranch'], 'refs/pull/'))
+        pool:
+          vmImage: 'Ubuntu 16.04'
+        variables:
+          GITHUB_REPO_NAME: 'nhsuk/$(PROJECT_NAME)'
+          PROJECT_NAME: 'sexual-health-service-finder'
+          RANCHER_SERVER: 'rancher.nhswebsite-staging.nhs.uk'
+          RANCHER_URL: 'https://$(RANCHER_SERVER)/v2-beta/schemas'
+          RANCHER_VERSION: 'v0.6.12'
+          TRAEFIK_DOMAIN: 'nhswebsite-integration.nhs.uk'
+          VAULT_SERVER: 'vault.nhswebsite.nhs.uk'
+        steps:
+          - bash: |
+              # Is this required?
+              export VAULT_TOKEN=$(VAULT_TOKEN)
+              # TODO: moar work required
+              ./scripts/devops/get-variables-from-vault
+              ./scripts/devops/deploy-to-rancher
+            displayName: 'Setup variables'
diff --git a/scripts/devops/deploy-to-rancher b/scripts/devops/deploy-to-rancher
@@ -0,0 +1,22 @@
+#!/bin/bash
+
+echo "GITHUB_REPO_NAME: $GITHUB_REPO_NAME"
+DESCRIPTION="github/$GITHUB_REPO_NAME"
+PRID=$SYSTEM_PULLREQUEST_PULLREQUESTNUMBER
+echo "PRID: $PRID"
+echo "PULLREQUEST_PULLREQUESTNUMBER: $SYSTEM_PULLREQUEST_PULLREQUESTNUMBER"
+
+if [ -n "$PRID" ]; then
+  DESCRIPTION="(PR-$PRID) $DESCRIPTION"
+  PROJECT_NAME=${PROJECT_NAME}-pr-${PRID}
+  export DOCKER_IMAGE_TAG="pr-$PRID"
+else
+  echo "Non-PR: $BUILD_SOURCEBRANCH"
+  exit 1
+fi
+
+./scripts/devops/install-rancher
+
+echo "Deploying to Rancher at: $PROJECT_NAME"
+cd "./rancher-config" || exit
+../rancher --debug --url "$RANCHER_URL" --wait up --force-upgrade --pull -d --upgrade --confirm-upgrade --stack "$PROJECT_NAME" --description "$DESCRIPTION"
diff --git a/scripts/devops/get-variables-from-vault b/scripts/devops/get-variables-from-vault
@@ -0,0 +1,69 @@
+#!/bin/bash
+
+get_vault_data() {
+  VAULT_PATH="$1"
+
+  HTTP_STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "X-Vault-Token: $VAULT_TOKEN" -X GET "https://${VAULT_SERVER}${VAULT_PATH}")
+  echo "Retrieving variables from path: '$VAULT_PATH}'. Got status: '$HTTP_STATUS}'."
+  if [ "$HTTP_STATUS" = "200" ]; then
+    DATA=$( curl -s  \
+        -H "X-Vault-Token: $VAULT_TOKEN}" \
+        -X GET \
+        "https://${VAULT_SERVER}${VAULT_PATH}" \
+    )
+  fi
+  echo "$DATA" | jq -r '.data | to_entries[] | [ .key, .value|tostring ] | ("##vso[task.setvariable variable="+.[0]+"]"+.[1])'
+}
+
+# CHECK VAULT PATH EXISTS
+if [ -z "$VAULT_SERVER" ]; then
+  echo "VAULT_SERVER not set, skipping vault config"
+  SKIP="1"
+fi
+
+# CHECK VALUT TOKEN EXISTS
+if [ -z "$VAULT_TOKEN" ]; then
+  echo "VAULT_TOKEN not set, skipping vault config"
+  SKIP="1"
+fi
+
+# CHECK ENVIRONMENT NAME EXISTS
+# Within Vault this is the name of the environment e.g. dev, production, staging, etc.
+# The name of stage to which deployment is currently in progress
+if [ -z "$RELEASE_ENVIRONMENTNAME" ]; then
+  echo "RELEASE_ENVIRONMENTNAME not set, skipping environment config"
+  SKIP="1"
+fi
+
+# WHEN RELEASE_ENVIRONMENTNAME=review, USE DEV
+# This saves having to setup a secret within /review but allows the differentiation
+# between review apps and those built from master branch
+if [ "$RELEASE_ENVIRONMENTNAME" == "review" ]; then
+  RELEASE_ENVIRONMENTNAME="dev"
+fi
+
+# CHECK PROJECT NAME EXISTS
+# Within Vault this is the name of the secret (or application) e.g. nhsuk.apim-blue-green-deploy
+# The name of the build pipeline
+if [ -z "$BUILD_DEFINITIONNAME" ]; then
+  echo "BUILD_DEFINITIONNAME not set, skipping environment config"
+  SKIP="1"
+fi
+
+if [ "$SKIP" != "1" ]; then
+  # GET DEFAULT VARIABLES
+  VAULT_PATH="/v1/secret/defaults"
+  get_vault_data "$VAULT_PATH"
+
+  # GET DEFAULT ENVIRONMENT VARIABLES
+  VAULT_PATH="/v1/secret/$RELEASE_ENVIRONMENTNAME/defaults"
+  get_vault_data "$VAULT_PATH"
+
+  # GET APPLICATION VARIABLES
+  VAULT_PATH="/v1/secret/defaults/$BUILD_DEFINITIONNAME/env-vars"
+  get_vault_data "$VAULT_PATH"
+
+  # GET ENVIRONMENT SPECIFIC APPLICATION VARIABLES
+  VAULT_PATH="/v1/secret/${RELEASE_ENVIRONMENTNAME}/$BUILD_DEFINITIONNAME/env-vars"
+  get_vault_data "$VAULT_PATH"
+fi
diff --git a/scripts/devops/install-rancher b/scripts/devops/install-rancher
@@ -0,0 +1,11 @@
+#!/bin/bash
+
+if [ ! -f "./rancher" ] ; then
+  RANCHER_VERSION='v0.6.13'
+
+  echo "Installing Rancher (${RANCHER_VERSION})"
+  curl -Ls https://github.com/rancher/cli/releases/download/${RANCHER_VERSION}/rancher-linux-amd64-${RANCHER_VERSION}.tar.gz \
+    | tar xzf -
+  mv rancher-${RANCHER_VERSION}/rancher ./rancher
+  rm -r rancher-${RANCHER_VERSION}
+fi
diff --git a/scripts/devops/push-image b/scripts/devops/push-image
@@ -1,5 +1,9 @@
 #!/bin/bash
 
+# Setup variables
+./scripts/devops/set-variables
+
+# Setup tags for image
 DOCKER_TAGS=()
 
 if [ "$CUSTOM_BRANCH" = "master" ]; then
@@ -15,6 +19,7 @@ else
   exit 0
 fi
 
+# Tag and build image
 TAGS_ARGS=$(for tag in "${DOCKER_TAGS[@]}"; do echo "-t $DOCKER_IMAGE_NAME:$tag"; done | paste -sd' ' -)
 echo "Running docker build $TAGS_ARGS ."
 # shellcheck disable=SC2086