azure.yml

# EXPECTED PIPELINE INHERITED GROUP VARIABLES
# --------------------------------------------------------------------------------
# AZURE                     (Protected Branch)
# AZURE_APP_ID              (Protected Branch)
# AZURE_APP_ID_OTHER        (Protected Branch)
# AZURE_APP_OID_OTHER       (Protected Branch)
# AZURE_BASE                (Protected Branch)
# AZURE_BASENAME_21         (Protected Branch)
# AZURE_DNS_NAME            (Protected Branch)
# AZURE_ELASTIC_HOST        (Protected Branch)
# AZURE_ELASTIC_PASSWORD    (Protected Branch/Masked Variable)
# AZURE_INVALID_JWT         (Protected Branch)
# AZURE_NO_ACCESS_ID        (Protected Branch)
# AZURE_NO_ACCESS_SECRET    (Protected Branch/Masked Variable)
# AZURE_PRINCIPAL_ID        (Protected Branch)
# AZURE_PRINCIPAL_SECRET    (Protected Branch/Masked Variable)
# AZURE_REGISTRY            (Protected Branch)
# AZURE_SERVICEBUS_KEY      (Protected Branch/Masked Variable)
# AZURE_STORAGE_KEY         (Protected Branch/Masked Variable)
# AZURE_SUBSCRIPTION_ID     (Protected Branch)
# AZURE_SUBSCRIPTION_NAME   (Protected Branch)
# AZURE_TENANT_ID           (Protected Branch)

# EXPECTED PIPELINE VARIABLES
# --------------------------------------------------------------------------------
# AZURE_TEST_SUBDIR


.azure_variables:
  variables:
    LOG_LEVEL: INFO
    # Common Section
    ENTITLEMENT_URL: https://${AZURE_DNS_NAME}/entitlements/v1/
    LEGAL_URL: https://${AZURE_DNS_NAME}/api/legal/v1/
    STORAGE_URL: https://${AZURE_DNS_NAME}/api/storage/v2/
    SEARCH_URL: https://${AZURE_DNS_NAME}/api/search/v2/
    INDEXER_URL: https://${AZURE_DNS_NAME}/api/indexer/v2/
    DELIVERY_URL: https://${AZURE_DNS_NAME}/api/delivery/v2/
    FILE_URL: https://${AZURE_DNS_NAME}/api/file/v2/
    AZURE_AD_TENANT_ID: $AZURE_TENANT_ID
    INTEGRATION_TESTER: $AZURE_PRINCIPAL_ID
    AZURE_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET
    AZURE_AD_APP_RESOURCE_ID: $AZURE_APP_ID
    AZURE_STORAGE_ACCOUNT: ${AZURE_BASE}data
    MY_TENANT: opendes
    SHARED_TENANT: common
    DOMAIN: contoso.com
    ELASTIC_HOST: $AZURE_ELASTIC_HOST
    ELASTIC_PORT: 9243
    ELASTIC_USER_NAME: elastic
    ELASTIC_PASSWORD: $AZURE_ELASTIC_PASSWORD
    VENDOR: azure
    HOST: https://${AZURE_DNS_NAME}
    ACL_OWNERS: data.test1
    ACL_VIEWERS: data.test1
    # Entitlement Section
    ENTITLEMENT_MEMBER_NAME_VALID: $AZURE_PRINCIPAL_ID
    AZURE_AD_OTHER_APP_RESOURCE_ID: $AZURE_APP_ID_OTHER
    AZURE_AD_OTHER_APP_RESOURCE_OID: $AZURE_APP_OID_OTHER
    EXPIRED_TOKEN: $AZURE_INVALID_JWT
    ENTITLEMENT_GROUP_NAME_VALID: integ.test.data.creator
    ENTITLEMENT_MEMBER_NAME_INVALID: InvalidTestAdmin
    AZURE_AD_USER_EMAIL: integration.test@azureglobal1.onmicrosoft.com
    AZURE_AD_USER_OID: 469e9c25-ad0b-42e3-b023-03814437b21e
    AZURE_AD_GUEST_EMAIL: integration.test@email.com
    AZURE_AD_GUEST_OID: 4cf85597-116b-4aa5-bf03-7665a5b14ed5
    # Legal Section
    HOST_URL: https://${AZURE_DNS_NAME}/api/legal/v1/
    AZURE_LEGAL_STORAGE_ACCOUNT: ${AZURE_BASE}data
    AZURE_LEGAL_STORAGE_KEY: $AZURE_STORAGE_KEY
    LEGAL_STORAGE_CONTAINER: legal-service-azure-configuration
    AZURE_LEGAL_SERVICEBUS: Endpoint=sb://${AZURE_BASENAME_21}-bus.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${AZURE_SERVICEBUS_KEY}
    AZURE_LEGAL_TOPICNAME: legaltags
    # Storage Section
    TENANT_NAME: opendes
    TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET
    NO_DATA_ACCESS_TESTER: $AZURE_NO_ACCESS_ID
    NO_DATA_ACCESS_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_NO_ACCESS_SECRET
    PUBSUB_TOKEN: az
    DEPLOY_ENV: empty
    # Indexer & Search Section
    SEARCH_HOST: https://${AZURE_DNS_NAME}/api/search/v2/
    aad_client_id: $AZURE_APP_ID
    STORAGE_HOST: https://${AZURE_DNS_NAME}/api/storage/v2/
    aad_client_id: $AZURE_APP_ID
    DEFAULT_DATA_PARTITION_ID_TENANT1: opendes
    DEFAULT_DATA_PARTITION_ID_TENANT2: $AZURE_DEFAULT_DATA_PARTITION_ID_TENANT2  # legal=common search=othertenant2
    ENTITLEMENTS_DOMAIN: contoso.com
    ENVIRONMENT: CLOUD
    LEGAL_TAG: opendes-public-usa-dataset-7643990
    OTHER_RELEVANT_DATA_COUNTRIES: US
    # Partition Section
    PARTITION_BASE_URL: https://${AZURE_DNS_NAME}/
    # Delivery Section
    LEGAL_HOST: https://${AZURE_DNS_NAME}/api/legal/v1/
    DELIVERY_HOST: https://${AZURE_DNS_NAME}/api/delivery/v2/
    #Schema
    PRIVATE_TENANT1: $MY_TENANT
    PRIVATE_TENANT2: tenant2
    #File
    FILE_SERVICE_HOST: https://${AZURE_DNS_NAME}/api/file/v2
    USER_ID: "osdu-user"
    EXIST_FILE_ID: "8900a83f-18c6-4b1d-8f38-309a208779cc"
    DATA_PARTITION_ID: "opendes"
    TIME_ZONE: "UTC+0"
    #WKS
    OS_WKS_SCHEMA_KIND: opendes:wks:wellbore:1.0.0


# JOBS
# --------------------------------------------------------------------------------

azure_containerize:
  tags: ["osdu-medium"]
  image: danielscholl/azure-build-image
  stage: containerize
  needs: ["compile-and-unit-test"]
  variables:
    SHA_IMAGE: ${CI_PROJECT_NAME}-${CI_COMMIT_REF_SLUG}:${CI_COMMIT_SHA}
    LATEST_IMAGE: ${CI_PROJECT_NAME}-${CI_COMMIT_REF_SLUG}:latest
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
    - az --version
    - az login --service-principal -u $AZURE_PRINCIPAL_ID -p $AZURE_PRINCIPAL_SECRET --tenant $AZURE_TENANT_ID
  script:
    # Dockerfile
    - |
      echo 'FROM openjdk:8-jdk-alpine
            VOLUME /tmp
            ARG JAR_FILE
            COPY ${JAR_FILE} app.jar
            ENTRYPOINT ["java","-jar","/app.jar"]' > Dockerfile
    - |
      if [ "$AZURE_SERVICE"  == "entitlements" ]; then
        TARGET=$(find ./$AZURE_BUILD_SUBDIR/target -name '*.jar' |head -n 1)
      else
        TARGET=$(find ./$AZURE_BUILD_SUBDIR/target -name '*-spring-boot.jar' |head -n 1)
      fi

    # Gitlab Container Registry
    - echo "Startup Jar is $TARGET"
    - docker build --build-arg JAR_FILE=$TARGET -t $CI_REGISTRY_IMAGE/$SHA_IMAGE .
    - docker push ${CI_REGISTRY_IMAGE}/$SHA_IMAGE
    - docker tag $CI_REGISTRY_IMAGE/$SHA_IMAGE $CI_REGISTRY_IMAGE/$LATEST_IMAGE
    - docker push ${CI_REGISTRY_IMAGE}/$LATEST_IMAGE

    # Azure Container Registry
    - az acr login -n $AZURE_REGISTRY
    - docker tag $CI_REGISTRY_IMAGE/$SHA_IMAGE ${AZURE_REGISTRY}.azurecr.io/$SHA_IMAGE
    - docker push ${AZURE_REGISTRY}.azurecr.io/$SHA_IMAGE
    - docker tag $CI_REGISTRY_IMAGE/$SHA_IMAGE ${AZURE_REGISTRY}.azurecr.io/$LATEST_IMAGE
    - docker push ${AZURE_REGISTRY}.azurecr.io/$LATEST_IMAGE
  only:
    variables:
      - $AZURE == 'true'

azure_deploy:
  image: danielscholl/azure-build-image
  tags: ["osdu-medium"]
  stage: deploy
  needs: ["azure_containerize"]
  variables:
    BRANCH: ${CI_COMMIT_REF_SLUG}
    TAG: $CI_COMMIT_SHA
  extends:
    - .azure_variables
  before_script:
    - az login --service-principal -u $AZURE_PRINCIPAL_ID -p $AZURE_PRINCIPAL_SECRET --tenant $AZURE_TENANT_ID
    - az aks get-credentials -g $AZURE_UNIQUE-rg -n $AZURE_UNIQUE-aks
  script:
    - cd devops/azure
    - echo "--set image.branch=$BRANCH --set image.tag=$TAG"

    # Install Service
    - helm upgrade -i osdu-gitlab-$CI_PROJECT_NAME chart --set image.repository=${AZURE_REGISTRY}.azurecr.io --set image.branch=$BRANCH --set image.tag=$TAG
    - pod=$(kubectl get pod -n osdu|grep $CI_PROJECT_NAME |tail -1 |awk '{print $1}')
    - status=$(kubectl wait -n osdu --for=condition=Ready pod/$pod --timeout=300s)
    - if [[ "$status" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi
  only:
    variables:
      - $AZURE == 'true'

azure_test:
  stage: integration
  needs: ["azure_deploy"]
  extends:
    - .maven
    - .azure_variables
  script:
    - |
      if [ "$AZURE_SERVICE"  == "file" ] || [ "$AZURE_SERVICE"  == "delivery" ] || [ "$AZURE_SERVICE" == "ingestion-workflow" ]; then
        $MAVEN clean verify -f $AZURE_TEST_SUBDIR/pom.xml    # This Variable comes from the individual pipeline
      else
        mvn clean verify -f $AZURE_TEST_SUBDIR/pom.xml
      fi
  only:
    variables:
      - $AZURE == 'true'
  except:
    variables:
      - $AZURE_SKIP_TEST == 'true'