ci(Jenkins): Add stages for deploying docs to s3 and publishing to npm.

Jenkinsfile

@@ -1,8 +1,3 @@
-/**
- * Defines our build pipeline
- * See: JENKINS.md
- */
-
 String buildVersion = env.BUILD_NUMBER
 
 try {
@@ -53,22 +48,15 @@ try {
   }
 
   stage('Deploy Staging') {
-//  WIP -- Waiting on AWS keys and a bucket to deploy to.
-//    deploy(
-//      name: 'tds',
-//      buildVersion: buildVersion,
-//      environment: 'staging'
-//    )
-
     deploy(
+      name: 'tds',
       buildVersion: buildVersion,
-      environment: 'staging',
-      numReplicas: 1
+      environment: 'staging'
     )
   }
 
   stage('Deploy Prod Trigger') {
-    inputUrl = env.BUILD_URL ? "(${env.BUILD_URL}deploy-prod-trigger)" : '';
+    inputUrl = env.BUILD_URL ? "(${env.BUILD_URL}deploy-prod-trigger)" : ''
     notifyBuild(
       message: "Build is ready for Production ${inputUrl}",
       color: '#0000FF',
@@ -80,17 +68,10 @@ try {
   }
 
   stage('Deploy Production') {
-//  WIP -- Waiting on AWS keys and a bucket to deploy to.
-//    deploy(
-//      name: 'tds',
-//      buildVersion: buildVersion,
-//      environment: 'production'
-//    )
-
     deploy(
+      name: 'tds',
       buildVersion: buildVersion,
-      environment: 'production',
-      numReplicas: 1
+      environment: 'production'
     )
   }
 
@@ -171,40 +152,9 @@ def test(Map attrs) {
 }
 
 def deploy(Map attrs) {
-//  WIP -- Waiting on AWS keys and a bucket to deploy to.
-//  node {
-//    unstash 'scripts'
-//    sh("./openshift/run-deploy-docs.sh ${attrs.name} ${attrs.buildVersion} ${attrs.environment}")
-//  }
-
   node {
-    String dockerRegistry = sh(
-      returnStdout: true,
-      script: "oc get imagestream tds -o='jsonpath={.status.dockerImageRepository}'"
-    ).trim()
-
-    sh("""
-      # workaround for https://github.com/kubernetes/kubernetes/issues/34413
-      if oc get hpa/tds-${attrs.environment} > /dev/null 2>&1
-      then
-        oc delete hpa/tds-${attrs.environment}
-      fi
-
-      oc new-app \
-        --template='tds' \
-        -p VERSION='${attrs.buildVersion}' \
-        -p ENVIRONMENT='${attrs.environment}' \
-        -p DOCKER_REGISTRY='${dockerRegistry}:${attrs.buildVersion}' \
-        -p NUM_REPLICAS='${attrs.numReplicas}' \
-        -o yaml | oc apply -f -
-
-      oc autoscale dc/tds-${attrs.environment} --min ${attrs.numReplicas} --max 5 --cpu-percent=80
-    """)
-
-    openshiftVerifyDeployment(
-      deploymentConfig: "tds-${attrs.environment}",
-      waitTime: '1800000'
-    )
+    unstash 'scripts'
+    sh("./openshift/run-deploy-docs.sh ${attrs.name} ${attrs.buildVersion} ${attrs.environment}")
   }
 }
 

openshift/install.sh

@@ -13,18 +13,15 @@ vault read -field=ssh-key secret/common/github > id_rsa
 oc create secret generic github-secret --from-file=ssh-privatekey=id_rsa --dry-run -o yaml | oc apply -f -
 rm id_rsa
 
-# Newrelic
-oc create secret generic newrelic-license-secret --from-literal=newrelic-license=$(vault read -field=license-key secret/common/newrelic) --dry-run -o yaml | oc apply -f -
-
 # NPM
 oc create secret generic npmrc-secret --from-literal=.npmrc=$(vault read -field=npmrc secret/common/npm) --dry-run -o yaml | oc apply -f -
 
-# SonarQube
-oc create secret generic sonarqube-token-secret --from-literal=sonar.login=$(vault read -field=sonar_token secret/common/sonarqube) --dry-run -o yaml | oc apply -f -
+# NPM publish
+oc create secret generic npmrc-publish-secret --from-literal=.npmrc=$(vault read -field=npmrc secret/projects/npm-libraries/npm) --dry-run -o yaml | oc apply -f -
 
-# AWS -- WIP. Need AWS Access Key and Secret key in Vault.
-#oc create secret generic aws-access-key-secret --from-literal=aws.accesskey=$(vault read -field=sonar_token secret/common/sonarqube) --dry-run -o yaml | oc apply -f -
-#oc create secret generic aws-secret-key-secret --from-literal=aws.secretkey=$(vault read -field=sonar_token secret/common/sonarqube) --dry-run -o yaml | oc apply -f -
+# AWS
+oc create secret generic aws-client-secret --from-literal=aws.client=$(vault read -field=client secret/projects/o-design-outcomes/tds-s3) --dry-run -o yaml | oc apply -f -
+oc create secret generic aws-secret-key-secret --from-literal=aws.secret=$(vault read -field=secret secret/projects/o-design-outcomes/tds-s3) --dry-run -o yaml | oc apply -f -
 
 # Install templates
 oc apply -f openshift-template.yml

openshift/run-deploy-docs.sh

@@ -23,15 +23,15 @@ oc run ${NAME}-${VERSION} \
           "name":"AWS_ACCESS_KEY_ID",
           "valueFrom":{
             "secretKeyRef":{
-              "key": "aws.accesskey",
-              "name":"aws-access-key-secret"
+              "key": "aws.client",
+              "name":"aws-client-secret"
             }
           }
         },{
           "name":"AWS_SECRET_ACCESS_KEY",
           "valueFrom":{
             "secretKeyRef":{
-              "key": "aws.secretkey",
+              "key": "aws.secret",
               "name":"aws-secret-key-secret"
             }
           }

openshift/run-publish.sh

@@ -18,7 +18,16 @@ oc run ${NAME}-${VERSION} \
       "containers":[{
         "name": "'${NAME}'-'${VERSION}'",
         "image": "'${IMAGESTREAM}':'${VERSION}'",
-        "command":["npm", "publish", "--access=public"]
+        "env":[{
+          "name":"NPM_PUBLISH_TOKEN",
+          "valueFrom":{
+            "secretKeyRef":{
+              "key": ".npmrc",
+              "name":"npmrc-publish-secret"
+            }
+          }
+        }]
+        "command":["yarn", "deploy:package"]
       }]
     }
   }'

package.json

@@ -18,6 +18,7 @@
     "build:styleguide": "styleguidist build --config config/styleguide.config.js",
     "build": "yarn build:js && yarn build:scss && yarn build:styleguide",
     "deploy:docs": "node ./scripts/deploy-docs.js",
+    "deploy:package": "scripts/publish.sh",
     "dev": "styleguidist server --config config/styleguide.config.js",
     "lint:js": "eslint src --ext '.js,.jsx' --config config/.eslintrc.json",
     "lint:scss": "stylelint 'src/scss/**/*.scss' --config config/.stylelintrc.json",

scripts/deploy-docs.js

@@ -1,29 +1,84 @@
 #!/usr/bin/env node
 
+// Environment: These variables must be available in the environment.
+//  AWS_ACCESS_KEY_ID
+//  AWS_SECRET_ACCESS_KEY
+
 // Arguments
-//  1 = The environment to deploy. Determines which S3 bucket to use.
+//  1 = staging|production; The environment to deploy. Determines which S3 bucket to use. Defaults to "staging"
+
+// Dependencies
+//  s3-website: https://github.com/klaemo/s3-website
+
+
+if (!process.env.AWS_ACCESS_KEY_ID || !process.env.AWS_SECRET_ACCESS_KEY) {
+  console.error("'AWS_ACCESS_KEY_ID' and 'AWS_SECRET_ACCESS_KEY' must be available in the environment.");
+  process.exit(1);
+}
+
 
 const resolvePath = require('path').resolve;
-const execSync = require('child_process').execSync;
+const relativePath = require('path').relative;
+const readDirSync = require('fs').readdirSync;
+const deploy = require('s3-website').deploy;
+const AWS = require('aws-sdk');
 
-const s3Website = resolvePath('node_modules/.bin/s3-website');
 const uploadDir = resolvePath('styleguide/');
 
-const version = require(resolvePath('package.json')).version;
+// Holding off on using the version for now. Will need DNS changes to properly get versioned folders in the bucket.
+// const version = require(resolvePath('package.json')).version;
 const env = process.argv[2] || 'staging';
 
-const deployToS3 = (prefix) => {
-  execSync(
-    `${s3Website} deploy ${uploadDir} --prefix ${prefix} --domain cdn.telus-digital.tds-docs`,
-    { stdio: 'inherit' }
-  );
+const config = {
+  region: 'us-east-1',
+  domain: `cdn.telus-thorium-doc-${env}`,
+  uploadDir: uploadDir,
+  lockConfig: true
 };
+const s3 = new AWS.S3({region: config.region});
 
 
-if (env === 'production') {
-  deployToS3(`prod/v${version}`);
-  deployToS3("prod/latest");
-}
-else {
-  deployToS3('staging');
-}
+const deployToS3 = (onDeploy) => {
+  deploy(s3, config, (err, website) => {
+    if (err) {
+      throw err;
+    }
+
+    console.log(website);
+
+    onDeploy(s3);
+  });
+};
+
+const grandReadPermissions = (directory) => {
+  readDirSync(directory)
+    .filter((file) => file !== 'build')
+    .forEach((file) => {
+      const absoluteFilePath = resolvePath(directory, file);
+
+      putObjectAcl(relativePath(uploadDir, absoluteFilePath))
+    });
+};
+
+const putObjectAcl = (key) => {
+  const params = {
+    Bucket: config.domain,
+    ACL: 'public-read',
+    Key: key
+  };
+
+  s3.putObjectAcl(params, (err, data) => {
+    if (err) {
+      throw err;
+    }
+
+    console.log(data);
+  });
+};
+
+
+deployToS3(() => {
+  // FIXME: There seems to be something wrong with the permissions when uploading via s3-website. Objects are not public readable by default.
+  grandReadPermissions(uploadDir);
+  grandReadPermissions(resolvePath(uploadDir, 'build'));
+});

scripts/publish.sh

@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -o nounset -o errexit
+
+## Used by the Publish stage of the Jenkinsfile
+## Publishes a package to npm
+
+echo -n ${NPM_PUBLISH_TOKEN} > .npmrc
+
+npm publish
+
+npm access grant read-write telusdigital:developers @telusdigital/tds
+npm access grant read-only  telusdigital:read-only  @telusdigital/tds

scripts/release.sh

@@ -1,4 +1,4 @@
-#!/usr/bin/env bash
+#!/bin/sh
 
 set -e