sendy/sendy-deploy-prod.jenkinsfile at master · ZanichelliEditore/sendy · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
pipeline {
    agent {
        label 'master'
    }

    stages {

        stage('S3 download inventory file') {
            environment {
                bucket_name = 'public-ip-terraform-production'
                bucket_path = 'sendy-inventory'
            }
            steps {
                script() {
                    withAWS(credentials: 'Jenkins', region: 'eu-west-1', role: 'ContinuousIntegrationAccessRole', roleAccount: '305507912930' ) {
                        s3Download(
                            file: "${WORKSPACE}/ansible/inventory/production.inv",
                            bucket: "${bucket_name}",
                            path: "${bucket_path}",
                            force: true
                        )
                    }
                }

                sh """
                more $WORKSPACE/ansible/inventory/production.inv |grep -m 1 'port' |awk '{print "ssh-keyscan -p", \$3, " -t ecdsa ", \$1, " >> ~/.ssh/known_hosts"}' |sed -n -e 's/ansible_port=//p'
                """
            }
        }

        stage('Start Deploy') {

            environment {
                ANSIBLE_PLAYBOOK_PATH = '$WORKSPACE/ansible/playbook.yml'
                ANSIBLE_INVENTORY_PATH = '$WORKSPACE/ansible/inventory/production.inv'
                BRANCH_NAME = "$params.deploy_branch"

                DB_HOST_SENDY_PRODUCTION = credentials('db_host_sendy_production')
                DB_USERNAME_SENDY_PRODUCTION = credentials('db_username_sendy_production')
                DB_PASSWORD_SENDY_PRODUCTION = credentials('db_password_sendy_production')
                REDIS_HOST = credentials('sendy_redis_host_production')
                LOGSTASH_HOST = credentials('logstash_host')
                LOG_SLACK_WEBHOOK_URL = credentials('slack_infrastructure_notifications_webhook')

            }

            steps {
                echo 'deploy with ansible...'

                withCredentials([
                    file(credentialsId: 'certificate_zanichelli', variable: 'certificate'),
                    file(credentialsId: 'key_zanichelli', variable: 'key'),
                    file(credentialsId: 'OAUTH_PRIVATE_KEY_SENDY_PROD', variable: 'private_key'),
                    file(credentialsId: 'OAUTH_PUBLIC_KEY_SENDY_PROD', variable: 'public_key')
                ]) {
                    sh('cp -n \$certificate $WORKSPACE/ansible/roles/deploy-sendy/templates/star_certificate.crt')
                    sh('cp -n \$key $WORKSPACE/ansible/roles/deploy-sendy/templates/star_certificate.key')
                    sh('cp -n \$public_key $WORKSPACE/ansible/roles/deploy-sendy/templates/oauth-public.key')
                    sh('cp -n \$private_key $WORKSPACE/ansible/roles/deploy-sendy/templates/oauth-private.key')
                }
                sshagent(credentials: ['jenkins_private_key']) {
                    ansiColor('xterm') {
                        ansiblePlaybook(
                            playbook: "${ANSIBLE_PLAYBOOK_PATH}",
                            inventory: "${ANSIBLE_INVENTORY_PATH}",
                            extras: "--tags deploy",
                            colorized: true)
                    }
                }
            }
        }

        stage("Cleanup") {

            steps {
                cleanWs()
                sh 'pwd'
                sh 'ls'
            }
        }

    }

    post {
        failure {
            echo "There were some errors during the pipeline execution."
        }
    }
}