-
Notifications
You must be signed in to change notification settings - Fork 14
/
config.yml
116 lines (108 loc) · 4.54 KB
/
config.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
version: 2.1
orbs:
azure-aks: circleci/azure-aks@0.2.1
kubernetes: circleci/kubernetes@0.4.0
semantic-versioning: payfit/semantic-versioning@0.42.0
jobs:
create-aks-deployment:
executor: azure-aks/default
parameters:
cluster-name:
description: Name of the AKS cluster
type: string
resource-group:
description: Resource group that the cluster is in
type: string
namespace:
description: Namespace to use
type: string
subscription:
description: Subscription id
type: string
steps:
- checkout
- azure-aks/update-kubeconfig-with-credentials:
cluster-name: << parameters.cluster-name >>
resource-group: << parameters.resource-group >>
install-kubectl: true
perform-login: true
subscription: << parameters.subscription >>
get-admin-credentials: true
deployment_development_docker:
docker:
- image: docker:17.12.1-ce-git
steps:
- checkout
- setup_remote_docker
# Build the image
- run:
command: |
docker build -t "${DOCKER_REGISTRY}/${NAMESPACE}/${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}" --build-arg CIRCLE_SHA1="${CIRCLE_SHA1}" --build-arg SENTRY_DSN="${SENTRY_DSN}" --build-arg GA_UA="${GA_UA}" --build-arg GA_UA_CDS="${GA_UA_CDS}" --build-arg CIRCLE_PROJECT_REPONAME="${CIRCLE_PROJECT_REPONAME}" --build-arg CIRCLE_BRANCH="${CIRCLE_BRANCH}" --build-arg CIRCLE_REPOSITORY_URL="${CIRCLE_REPOSITORY_URL}" --build-arg WEBHOOK_URL="${WEBHOOK_URL}" --build-arg AIRTABLE_READ_KEY="${AIRTABLE_READ_KEY}" .
name: "Build Image"
# Scan the image
- run:
command: |
docker run -p 5432:5432 -d --name db arminc/clair-db:latest
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:latest
docker run -v /var/run/docker.sock:/var/run/docker.sock -d --name clair-scanner veteransaffairscanada/clair-scanner:latest tail -f /dev/null
clair_ip=`docker exec -it clair hostname -i | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'`
scanner_ip=`docker exec -it clair-scanner hostname -i | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+'`
docker exec -it clair-scanner clair-scanner --ip ${scanner_ip} --clair=http://${clair_ip}:6060 -t High "${DOCKER_REGISTRY}/${NAMESPACE}/${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}"
name: "Scan image"
# Deploy the image if passes the scan
- run:
command: |
docker login -u "$DOCKER_USERNAME" -p "$DOCKER_PASSWORD"
BRANCH=${CIRCLE_BRANCH//[^a-zA-Z0-9]/-}
IMAGE_NAME=${DOCKER_REGISTRY}/${NAMESPACE}/${CIRCLE_PROJECT_REPONAME}
docker pull veteransaffairscanada/vac-benefits-directory:latest
VERSION=$(git describe --abbrev=0 --tags || $BRANCH)
docker tag veteransaffairscanada/vac-benefits-directory:latest $IMAGE_NAME:$VERSION
docker push $IMAGE_NAME:${CIRCLE_SHA1}
if [ "${CIRCLE_BRANCH}" == "develop" ]; then
docker push $IMAGE_NAME:$VERSION
fi
if [ "${CIRCLE_BRANCH}" == "master" ]; then
docker push $IMAGE_NAME:$VERSION
fi
name: "Tag and Push Docker Image"
- run:
command: apt-get install curl && ~/repo/.circleci/notify_failure.sh
name: "Report failing Development"
when: on_fail
working_directory: ~/repo
workflows:
deployment_aks_dev:
jobs:
- deployment_development_docker:
filters:
branches:
ignore:
- develop
- master
- create-aks-deployment:
cluster-name: ${AKS_CLUSTERNAME_DEV}
resource-group: ${AKS_RESOURCE_GROUP}
subscription: ${SUBSCRIPTION}
namespace: "fbas-dev"
filters:
branches:
ignore:
- develop
- master
- azure-aks/update-container-image:
cluster-name: ${AKS_CLUSTERNAME_DEV}
resource-group: ${AKS_RESOURCE_GROUP}
subscription: ${SUBSCRIPTION}
namespace: "fbas-dev"
resource-name: ${AKS_DEPLOYMENT_DEV}
get-admin-credentials: true
container-image-updates: "vac-benefits-directory=${NAMESPACE}/${CIRCLE_PROJECT_REPONAME}:${CIRCLE_SHA1}"
record: true
requires:
- deployment_development_docker
filters:
branches:
ignore:
- develop
- master