# EXPECTED PIPELINE INHERITED GROUP VARIABLES # -------------------------------------------------------------------------------- # AZURE (Protected Branch) # AZURE_APP_ID (Protected Branch) # AZURE_APP_ID_OTHER (Protected Branch) # AZURE_APP_OID_OTHER (Protected Branch) # AZURE_BASE (Protected Branch) # AZURE_BASENAME_21 (Protected Branch) # AZURE_DNS_NAME (Protected Branch) # AZURE_ELASTIC_HOST (Protected Branch) # AZURE_ELASTIC_PASSWORD (Protected Branch/Masked Variable) # AZURE_INVALID_JWT (Protected Branch) # AZURE_NO_ACCESS_ID (Protected Branch) # AZURE_NO_ACCESS_SECRET (Protected Branch/Masked Variable) # AZURE_PRINCIPAL_ID (Protected Branch) # AZURE_PRINCIPAL_SECRET (Protected Branch/Masked Variable) # AZURE_REGISTRY (Protected Branch) # AZURE_SERVICEBUS_KEY (Protected Branch/Masked Variable) # AZURE_STORAGE_KEY (Protected Branch/Masked Variable) # AZURE_SUBSCRIPTION_ID (Protected Branch) # AZURE_SUBSCRIPTION_NAME (Protected Branch) # AZURE_TENANT_ID (Protected Branch) # EXPECTED PIPELINE VARIABLES # -------------------------------------------------------------------------------- # AZURE_TEST_SUBDIR .azure_variables: variables: LOG_LEVEL: INFO # Common Section ENTITLEMENT_URL: https://${AZURE_DNS_NAME}/entitlements/v1/ LEGAL_URL: https://${AZURE_DNS_NAME}/api/legal/v1/ STORAGE_URL: https://${AZURE_DNS_NAME}/api/storage/v2/ SEARCH_URL: https://${AZURE_DNS_NAME}/api/search/v2/ INDEXER_URL: https://${AZURE_DNS_NAME}/api/indexer/v2/ DELIVERY_URL: https://${AZURE_DNS_NAME}/api/delivery/v2/ FILE_URL: https://${AZURE_DNS_NAME}/api/file/v2/ AZURE_AD_TENANT_ID: $AZURE_TENANT_ID INTEGRATION_TESTER: $AZURE_PRINCIPAL_ID AZURE_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET AZURE_AD_APP_RESOURCE_ID: $AZURE_APP_ID AZURE_STORAGE_ACCOUNT: ${AZURE_BASE}data MY_TENANT: opendes SHARED_TENANT: common DOMAIN: contoso.com ELASTIC_HOST: $AZURE_ELASTIC_HOST ELASTIC_PORT: 9243 ELASTIC_USER_NAME: elastic ELASTIC_PASSWORD: $AZURE_ELASTIC_PASSWORD VENDOR: azure HOST: https://${AZURE_DNS_NAME} ACL_OWNERS: data.test1 ACL_VIEWERS: data.test1 # Entitlement Section ENTITLEMENT_MEMBER_NAME_VALID: $AZURE_PRINCIPAL_ID AZURE_AD_OTHER_APP_RESOURCE_ID: $AZURE_APP_ID_OTHER AZURE_AD_OTHER_APP_RESOURCE_OID: $AZURE_APP_OID_OTHER EXPIRED_TOKEN: $AZURE_INVALID_JWT ENTITLEMENT_GROUP_NAME_VALID: integ.test.data.creator ENTITLEMENT_MEMBER_NAME_INVALID: InvalidTestAdmin AZURE_AD_USER_EMAIL: integration.test@azureglobal1.onmicrosoft.com AZURE_AD_USER_OID: 469e9c25-ad0b-42e3-b023-03814437b21e AZURE_AD_GUEST_EMAIL: integration.test@email.com AZURE_AD_GUEST_OID: 4cf85597-116b-4aa5-bf03-7665a5b14ed5 # Legal Section HOST_URL: https://${AZURE_DNS_NAME}/api/legal/v1/ AZURE_LEGAL_STORAGE_ACCOUNT: ${AZURE_BASE}data AZURE_LEGAL_STORAGE_KEY: $AZURE_STORAGE_KEY LEGAL_STORAGE_CONTAINER: legal-service-azure-configuration AZURE_LEGAL_SERVICEBUS: Endpoint=sb://${AZURE_BASENAME_21}-bus.servicebus.windows.net/;SharedAccessKeyName=RootManageSharedAccessKey;SharedAccessKey=${AZURE_SERVICEBUS_KEY} AZURE_LEGAL_TOPICNAME: legaltags # Storage Section TENANT_NAME: opendes TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_PRINCIPAL_SECRET NO_DATA_ACCESS_TESTER: $AZURE_NO_ACCESS_ID NO_DATA_ACCESS_TESTER_SERVICEPRINCIPAL_SECRET: $AZURE_NO_ACCESS_SECRET PUBSUB_TOKEN: az DEPLOY_ENV: empty # Indexer & Search Section SEARCH_HOST: https://${AZURE_DNS_NAME}/api/search/v2/ aad_client_id: $AZURE_APP_ID STORAGE_HOST: https://${AZURE_DNS_NAME}/api/storage/v2/ aad_client_id: $AZURE_APP_ID DEFAULT_DATA_PARTITION_ID_TENANT1: opendes DEFAULT_DATA_PARTITION_ID_TENANT2: $AZURE_DEFAULT_DATA_PARTITION_ID_TENANT2 # legal=common search=othertenant2 ENTITLEMENTS_DOMAIN: contoso.com ENVIRONMENT: CLOUD LEGAL_TAG: opendes-public-usa-dataset-7643990 OTHER_RELEVANT_DATA_COUNTRIES: US # Partition Section PARTITION_BASE_URL: https://${AZURE_DNS_NAME}/ # Delivery Section LEGAL_HOST: https://${AZURE_DNS_NAME}/api/legal/v1/ DELIVERY_HOST: https://${AZURE_DNS_NAME}/api/delivery/v2/ #Schema PRIVATE_TENANT1: $MY_TENANT PRIVATE_TENANT2: tenant2 #File FILE_SERVICE_HOST: https://${AZURE_DNS_NAME}/api/file/v2 USER_ID: "osdu-user" EXIST_FILE_ID: "8900a83f-18c6-4b1d-8f38-309a208779cc" DATA_PARTITION_ID: "opendes" TIME_ZONE: "UTC+0" #WKS OS_WKS_SCHEMA_KIND: opendes:wks:wellbore:1.0.0 #Unit client_id: $AZURE_PRINCIPAL_ID VIRTUAL_SERVICE_HOST_NAME: $AZURE_DNS_NAME #Crs_Catalog AZURE_DEPLOY_TENANT: $AZURE_TENANT_ID AZURE_DEPLOY_CLIENT_ID: $AZURE_PRINCIPAL_ID AZURE_DEPLOY_CLIENT_SECRET: $AZURE_PRINCIPAL_SECRET #Register REGISTER_BASE_URL: https://${AZURE_DNS_NAME}/ SUBSCRIPTION_ID: $AZURE_EVENT_SUBSCRIPTION_ID SUBSCRIBER_SECRET: $AZURE_EVENT_SUBSCRIBER_SECRET TEST_TOPIC_NAME: $AZURE_EVENT_TOPIC_NAME # Notification Section NOTIFICATION_BASE_URL: https://${AZURE_DNS_NAME}/api/notification/v1/ NOTIFICATION_REGISTER_BASE_URL: https://${AZURE_DNS_NAME} REGISTER_CUSTOM_PUSH_URL_HMAC: https://${AZURE_DNS_NAME}/api/register/v1/test/challenge/1 TOPIC_ID: $AZURE_EVENT_TOPIC_NAME HMAC_SECRET: $AZURE_EVENT_SUBSCRIBER_SECRET # JOBS # -------------------------------------------------------------------------------- azure_containerize: tags: ["osdu-medium"] image: danielscholl/azure-build-image stage: containerize needs: ["compile-and-unit-test"] variables: SHA_IMAGE: ${CI_PROJECT_NAME}-${CI_COMMIT_REF_SLUG}:${CI_COMMIT_SHA} LATEST_IMAGE: ${CI_PROJECT_NAME}-${CI_COMMIT_REF_SLUG}:latest before_script: - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY - az --version - az login --service-principal -u $AZURE_PRINCIPAL_ID -p $AZURE_PRINCIPAL_SECRET --tenant $AZURE_TENANT_ID script: # Dockerfile - | echo 'FROM openjdk:8-jdk-alpine VOLUME /tmp ARG JAR_FILE COPY ${JAR_FILE} app.jar ENTRYPOINT ["java","-jar","/app.jar"]' > Dockerfile - | if [ "$AZURE_SERVICE" == "entitlements" ]; then TARGET=$(find ./$AZURE_BUILD_SUBDIR/target -name '*.jar' |head -n 1) else TARGET=$(find ./$AZURE_BUILD_SUBDIR/target -name '*-spring-boot.jar' |head -n 1) fi # Gitlab Container Registry - echo "Startup Jar is $TARGET" - docker build --build-arg JAR_FILE=$TARGET -t $CI_REGISTRY_IMAGE/$SHA_IMAGE . - docker push ${CI_REGISTRY_IMAGE}/$SHA_IMAGE - docker tag $CI_REGISTRY_IMAGE/$SHA_IMAGE $CI_REGISTRY_IMAGE/$LATEST_IMAGE - docker push ${CI_REGISTRY_IMAGE}/$LATEST_IMAGE # Azure Container Registry - az acr login -n $AZURE_REGISTRY - docker tag $CI_REGISTRY_IMAGE/$SHA_IMAGE ${AZURE_REGISTRY}.azurecr.io/$SHA_IMAGE - docker push ${AZURE_REGISTRY}.azurecr.io/$SHA_IMAGE - docker tag $CI_REGISTRY_IMAGE/$SHA_IMAGE ${AZURE_REGISTRY}.azurecr.io/$LATEST_IMAGE - docker push ${AZURE_REGISTRY}.azurecr.io/$LATEST_IMAGE only: variables: - $AZURE == 'true' azure_deploy: image: danielscholl/azure-build-image tags: ["osdu-medium"] stage: deploy needs: ["azure_containerize"] variables: BRANCH: ${CI_COMMIT_REF_SLUG} TAG: $CI_COMMIT_SHA extends: - .azure_variables before_script: - az login --service-principal -u $AZURE_PRINCIPAL_ID -p $AZURE_PRINCIPAL_SECRET --tenant $AZURE_TENANT_ID - az aks get-credentials -g $AZURE_UNIQUE-rg -n $AZURE_UNIQUE-aks script: - cd devops/azure - echo "--set image.branch=$BRANCH --set image.tag=$TAG" # Install Service - helm upgrade -i osdu-gitlab-$CI_PROJECT_NAME chart --set image.repository=${AZURE_REGISTRY}.azurecr.io --set image.branch=$BRANCH --set image.tag=$TAG # Increasing to 900s as rolling updates are happening and each service is expected to have minimum 2 containers. - kubectl rollout status deployment.v1.apps/osdu-gitlab-$CI_PROJECT_NAME -n osdu --timeout=900s - pod=$(kubectl get pod -n osdu|grep $CI_PROJECT_NAME |tail -1 |awk '{print $1}') - status=$(kubectl wait -n osdu --for=condition=Ready pod/$pod --timeout=300s) - if [[ "$status" != *"met"* ]]; then echo "POD didn't start correctly" ; exit 1 ; fi only: variables: - $AZURE == 'true' azure_test: image: $CI_REGISTRY/danielscholl/azure-maven/azure-maven:v1.0 stage: integration needs: ["azure_deploy"] extends: - .maven - .azure_variables script: - | if [ "$AZURE_TEST_TYPE" == "python" ]; then cd $AZURE_TEST_SUBDIR chmod +x ./run-integration-tests.sh ./run-integration-tests.sh else if [ "$AZURE_SERVICE" == "file" ] || [ "$AZURE_SERVICE" == "delivery" ] || [ "$AZURE_SERVICE" == "ingestion-workflow" ]; then $MAVEN clean verify -f $AZURE_TEST_SUBDIR/pom.xml # This Variable comes from the individual pipeline else mvn clean verify -f $AZURE_TEST_SUBDIR/pom.xml fi fi only: variables: - $AZURE == 'true' except: variables: - $AZURE_SKIP_TEST == 'true'