forked from Alfresco/acs-deployment
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.travis.yml
450 lines (407 loc) · 17.3 KB
/
.travis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
language: python
python:
- "3.8.2"
os: linux
dist: xenial
git:
depth: false
services:
- docker
stages:
- name: lint
- name: test
- name: community
- name: 6.2.N
- name: 6.1.N
- name: publish
if: branch = master OR commit_message = "[publish]"
import:
- source: Alfresco/alfresco-build-tools:[email protected]
- source: Alfresco/alfresco-build-tools:[email protected]
- source: Alfresco/alfresco-build-tools:[email protected]
- source: Alfresco/alfresco-build-tools:[email protected]
- source: Alfresco/alfresco-build-tools:[email protected]
- source: Alfresco/alfresco-build-tools:[email protected]
env:
global:
- TRAVIS_WAIT_TIMEOUT=${TRAVIS_WAIT_TIMEOUT:-30}
- BRANCH=${TRAVIS_PULL_REQUEST_BRANCH:-${TRAVIS_BRANCH}}
- HELM_REPO_BASE_URL=https://kubernetes-charts.alfresco.com
- HELM_REPO=incubator
- KUBERNETES_VERSION=1.18.4
- GIT_DIFF=$(git diff origin/master --name-only .)
- AWS_IAM_AUTHENTICATOR_VERSION=${AWS_IAM_AUTHENTICATOR_VERSION:-1.18.8/2020-09-18}
branches:
only:
- master
- /feature.*/
- /fix.*/
before_install:
- |
pip install --upgrade awscli
mkdir -p $HOME/bin && export PATH=$PATH:$HOME/bin
curl -sSLO https://amazon-eks.s3.us-west-2.amazonaws.com/$AWS_IAM_AUTHENTICATOR_VERSION/bin/$(uname | tr '[:upper:]' '[:lower:]')/amd64/aws-iam-authenticator{,.sha256} && openssl sha1 -sha256 aws-iam-authenticator &&
chmod +x ./aws-iam-authenticator && mv ./aws-iam-authenticator $HOME/bin/aws-iam-authenticator
aws eks update-kubeconfig --name acs-cluster --region=eu-west-1
rm -rf /home/travis/.cache/pre-commit
before_script:
- |
echo "GIT_DIFF=${GIT_DIFF}"
echo "TRAVIS_COMMIT_MESSAGE=${TRAVIS_COMMIT_MESSAGE}"
REPO_NAME=${TRAVIS_REPO_SLUG##*/}
PROJECT_NAME=alfresco-content-services
helm repo add alfresco ${HELM_REPO_BASE_URL}/stable
helm repo add ingress-nginx https://kubernetes.github.io/ingress-nginx
helm repo add alfresco-incubator ${HELM_REPO_BASE_URL}/${HELM_REPO}
[[ ( "$A" -eq "0" || "$B" -ne "0" ) && "$C" -eq "0" ]];
if [[ "${TRAVIS_BRANCH}" == "master" ]] && [[ "${TRAVIS_COMMIT_MESSAGE}" == *"[release]"* ]]
then
export HELM_REPO=stable
fi
helm repo update
echo using PROJECT_NAME=${PROJECT_NAME},BRANCH=${BRANCH},HELM_REPO=${HELM_REPO}
echo "$DOCKERHUB_PASSWORD" | docker login -u "$DOCKERHUB_USERNAME" --password-stdin
echo "$DOCKER_REGISTRY_PASSWORD" | docker login -u "$DOCKER_REGISTRY_USERNAME" --password-stdin "$DOCKER_REGISTRY"
_helm_deploy: &helm_deploy
script: |
export STAGE_SUFFIX=$(echo ${TRAVIS_BUILD_STAGE_NAME} | tr -d . | awk '{print tolower($0)}')
export namespace=$(echo ${TRAVIS_BRANCH} | cut -c1-28 | tr /_ - | tr -d [:punct:] | awk '{print tolower($0)}')-${TRAVIS_BUILD_NUMBER}-${STAGE_SUFFIX}
export release_name_ingress=ing-${TRAVIS_BUILD_NUMBER}-${STAGE_SUFFIX}
export release_name_acs=acs-${TRAVIS_BUILD_NUMBER}-${STAGE_SUFFIX}
export values_file=helm/alfresco-content-services/values.yaml
if [[ ${TRAVIS_BUILD_STAGE_NAME} != "test" ]]; then
values_file="helm/alfresco-content-services/${TRAVIS_BUILD_STAGE_NAME}_values.yaml"
fi
deploy=false
if [[ "${TRAVIS_COMMIT_MESSAGE}" == *"[run all tests]"* ]] || [[ "${TRAVIS_COMMIT_MESSAGE}" == *"[release]"* ]] || [[ "${GIT_DIFF}" == *helm/alfresco-content-services/${TRAVIS_BUILD_STAGE_NAME}_values.yaml* ]] || [[ "${GIT_DIFF}" == *helm/alfresco-content-services/templates* ]] || [[ "${GIT_DIFF}" == *helm/alfresco-content-services/charts* ]] || [[ "${GIT_DIFF}" == *helm/alfresco-content-services/requirements* ]] || [[ "${GIT_DIFF}" == *helm/alfresco-content-services/values.yaml* ]] || [[ "${GIT_DIFF}" == *test/postman/helm* ]]
then
deploy=true
fi
if $deploy; then
# Utility Functions
# pod status
pod_status() {
kubectl get pods --namespace $namespace -o=custom-columns=NAME:.metadata.name,STATUS:.status.phase,READY:.status.conditions[?\(@.type==\'Ready\'\)].status
}
# pods ready
pods_ready() {
PODS_COUNTER=0
PODS_COUNTER_MAX=60
PODS_SLEEP_SECONDS=10
while [ "$PODS_COUNTER" -lt "$PODS_COUNTER_MAX" ]; do
totalpods=$(pod_status | grep -v NAME | wc -l | sed 's/ *//')
readypodcount=$(pod_status | grep ' True' | wc -l | sed 's/ *//')
if [ "$readypodcount" -eq "$totalpods" ]; then
echo " $readypodcount/$totalpods pods ready now"
pod_status
echo "All pods are ready!"
break
fi
PODS_COUNTER=$((PODS_COUNTER + 1))
echo "just $readypodcount/$totalpods pods ready now - sleeping $PODS_SLEEP_SECONDS seconds - counter $PODS_COUNTER"
sleep "$PODS_SLEEP_SECONDS"
continue
done
if [ "$PODS_COUNTER" -ge "$PODS_COUNTER_MAX" ]; then
pod_status
echo "Pods did not start - exit 1"
if [[ "$TRAVIS_COMMIT_MESSAGE" != *"[keep env]"* ]]; then
helm delete $release_name_ingress $release_name_acs -n $namespace
kubectl delete namespace $namespace
fi
exit 1
fi
}
cat <<EOF | kubectl apply -f -
apiVersion: v1
kind: Namespace
metadata:
name: $namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: Role
metadata:
name: $namespace:psp
namespace: $namespace
rules:
- apiGroups:
- policy
resourceNames:
- kube-system
resources:
- podsecuritypolicies
verbs:
- use
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: $namespace:psp:default
namespace: $namespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: $namespace:psp
subjects:
- kind: ServiceAccount
name: default
namespace: $namespace
---
apiVersion: rbac.authorization.k8s.io/v1
kind: RoleBinding
metadata:
name: $namespace:psp:$release_name_ingress-nginx-ingress
namespace: $namespace
roleRef:
apiGroup: rbac.authorization.k8s.io
kind: Role
name: $namespace:psp
subjects:
- kind: ServiceAccount
name: $release_name_ingress-nginx-ingress
namespace: $namespace
---
EOF
kubectl create secret generic quay-registry-secret --from-file=.dockerconfigjson=/home/travis/.docker/config.json --type=kubernetes.io/dockerconfigjson -n $namespace
# install ingress
helm upgrade --install $release_name_ingress ingress-nginx/ingress-nginx --version=3.7.1 \
--set controller.scope.enabled=true \
--set controller.scope.namespace=$namespace \
--set rbac.create=true \
--set controller.config."proxy-body-size"="100m" \
--set controller.service.targetPorts.https=80 \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-backend-protocol"="http" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-ports"="https" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-cert"="${ACM_CERTIFICATE}" \
--set controller.service.annotations."external-dns\.alpha\.kubernetes\.io/hostname"="$namespace.dev.alfresco.me" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-ssl-negotiation-policy"="ELBSecurityPolicy-TLS-1-2-2017-01" \
--set controller.service.annotations."service\.beta\.kubernetes\.io/aws-load-balancer-security-groups"="${AWS_SG}" \
--set controller.publishService.enabled=true \
--wait \
--namespace $namespace
# install acs
helm dep up helm/alfresco-content-services
travis_wait 25 helm upgrade --install $release_name_acs helm/alfresco-content-services \
--values=$values_file \
--set externalPort="443" \
--set externalProtocol="https" \
--set externalHost="$namespace.dev.alfresco.me" \
--set persistence.enabled=true \
--set persistence.storageClass.enabled=true \
--set persistence.storageClass.name="nfs-client" \
--set global.alfrescoRegistryPullSecrets=quay-registry-secret \
--wait \
--timeout 20m0s \
--namespace=$namespace
# check dns and pods
DNS_PROPAGATED=0
DNS_COUNTER=0
DNS_COUNTER_MAX=90
DNS_SLEEP_SECONDS=10
echo "Trying to perform a trace DNS query to prevent caching"
dig +trace $namespace.dev.alfresco.me @8.8.8.8
while [ "$DNS_PROPAGATED" -eq 0 ] && [ "$DNS_COUNTER" -le "$DNS_COUNTER_MAX" ]; do
host $namespace.dev.alfresco.me 8.8.8.8
if [ "$?" -eq 1 ]; then
DNS_COUNTER=$((DNS_COUNTER + 1))
echo "DNS Not Propagated - Sleeping $DNS_SLEEP_SECONDS seconds"
sleep "$DNS_SLEEP_SECONDS"
else
echo "DNS Propagated"
DNS_PROPAGATED=1
fi
done
[ $DNS_PROPAGATED -ne 1 ] && echo "DNS entry for $namespace.dev.alfresco.me did not propagate within expected time" && exit 1
pods_ready
# Delay running the tests to give ingress & SOLR a chance to fully initialise
echo "Waiting 3 minutes from $(date) before running tests..."
sleep 180
# run acs checks
docker run -a STDOUT --volume $PWD/test/postman/helm:/etc/newman --network host postman/newman_alpine33:3.9.2 run "acs-test-helm-collection.json" --global-var "protocol=https" --global-var "url=$namespace.dev.alfresco.me"
TEST_RESULT=$?
echo "TEST_RESULT=${TEST_RESULT}"
if [[ "${TEST_RESULT}" == "0" ]]; then
TEST_RESULT=0
# run sync service checks
if [[ "$values_file" != "helm/alfresco-content-services/community_values.yaml" ]]; then
docker run -a STDOUT --volume $PWD/test/postman/helm:/etc/newman --network host postman/newman_alpine33:3.9.2 run "sync-service-test-helm-collection.json" --global-var "protocol=https" --global-var "url=$namespace.dev.alfresco.me"
TEST_RESULT=$?
echo "TEST_RESULT=${TEST_RESULT}"
fi
if [[ "${TEST_RESULT}" == "0" ]]; then
# For checking if persistence failover is correctly working with our deployments
# in the next phase we delete the acs and postgress pods,
# wait for k8s to recreate them, then check if the data created in the first test run is still there
kubectl delete pod -l app=$release_name_acs-alfresco-cs-repository,component=repository -n $namespace
kubectl delete pod -l app=postgresql-acs,release=$release_name_acs -n $namespace
helm upgrade $release_name_acs helm/alfresco-content-services \
--wait \
--timeout 10m0s \
--reuse-values \
--namespace=$namespace
# check pods
pods_ready
# run checks after pod deletion
docker run -a STDOUT --volume $PWD/test/postman/helm:/etc/newman --network host postman/newman_alpine33:3.9.2 run "acs-validate-volume-collection.json" --global-var "protocol=https" --global-var "url=$namespace.dev.alfresco.me"
TEST_RESULT=$?
echo "TEST_RESULT=${TEST_RESULT}"
fi
fi
if [[ "$TRAVIS_COMMIT_MESSAGE" != *"[keep env]"* ]]; then
helm delete $release_name_ingress $release_name_acs -n $namespace
kubectl delete namespace $namespace
fi
if [[ "${TEST_RESULT}" == "1" ]]; then
echo "Tests failed, exiting"
exit 1
fi
fi
_docker_deploy: &docker_deploy
script: |
export compose_file="docker-compose.yml"
export alf_port=8080
deploy=false
if [[ ${TRAVIS_BUILD_STAGE_NAME} != "test" ]]; then
export compose_file="${TRAVIS_BUILD_STAGE_NAME}-docker-compose.yml"
fi
if [[ "${TRAVIS_COMMIT_MESSAGE}" == *"[run all tests]"* ]] || [[ "${TRAVIS_COMMIT_MESSAGE}" == *"[release]"* ]] || [[ "${GIT_DIFF}" == *$compose_file* ]] || [[ "${GIT_DIFF}" == *test/postman/docker-compose* ]]
then
deploy=true
fi
if $deploy; then
cd docker-compose
docker info
docker-compose --version
docker-compose -f $compose_file config
echo "Starting Alfresco in Docker container"
docker-compose ps
docker-compose -f $compose_file pull
export COMPOSE_HTTP_TIMEOUT=120
docker-compose -f $compose_file up -d
# docker-compose up
WAIT_INTERVAL=1
COUNTER=0
TIMEOUT=300
t0=`date +%s`
echo "Waiting for alfresco to start"
response=$(curl --write-out %{http_code} --output /dev/null --silent http://localhost:$alf_port/alfresco/)
until [[ "200" -eq "$response" ]] || [[ "$COUNTER" -eq "$TIMEOUT" ]]; do
printf '.'
sleep $WAIT_INTERVAL
COUNTER=$((COUNTER + WAIT_INTERVAL))
response=$(curl --write-out %{http_code} --output /dev/null --silent http://localhost:$alf_port/alfresco/)
done
if (("$COUNTER" < "$TIMEOUT")) ; then
t1=`date +%s`
delta=$(((t1 - t0)/60))
echo "Alfresco Started in $delta minutes"
else
echo "Waited $COUNTER seconds"
echo "Alfresco could not start in time."
echo "The last response code from /alfresco/ was $response"
exit 1
fi
COUNTER=0
echo "Waiting for share to start"
response=$(curl --write-out %{http_code} --output /dev/null --silent http://localhost:8080/share/page)
until [[ "200" -eq "$response" ]] || [[ "$COUNTER" -eq "$TIMEOUT" ]]; do
printf '.'
sleep $WAIT_INTERVAL
COUNTER=$((COUNTER + WAIT_INTERVAL))
response=$(curl --write-out %{http_code} --output /dev/null --silent http://localhost:8080/share/page)
done
if (("$COUNTER" < "$TIMEOUT")) ; then
t1=`date +%s`
delta=$(((t1 - t0)/60))
echo "Share Started in $delta minutes"
else
echo "Waited $COUNTER seconds"
echo "Share could not start in time."
echo "The last response code from /share/ was $response"
exit 1
fi
COUNTER=0
TIMEOUT=20
echo "Waiting more time for SOLR"
response=$(curl --write-out %{http_code} --user admin:admin --output /dev/null --silent http://localhost:$alf_port/alfresco/s/api/solrstats)
until [[ "200" -eq "$response" ]] || [[ "$COUNTER" -eq "$TIMEOUT" ]]; do
printf '.'
sleep $WAIT_INTERVAL
COUNTER=$((COUNTER + WAIT_INTERVAL))
response=$(curl --write-out %{http_code} --user admin:admin --output /dev/null --silent http://localhost:$alf_port/alfresco/s/api/solrstats)
done
cd ../test/postman/docker-compose
docker run -a STDOUT --volume $PWD:/etc/newman --network host postman/newman_alpine33:3.9.2 run "acs-test-docker-compose-collection.json" --global-var "protocol=http" --global-var "url=localhost:8080"
fi
after_success: |
echo "nothing to cleanup"
after_failure: |
cd docker-compose
docker-compose logs --no-color
jobs:
include:
- name: test chart
stage: test
script: |
helm dep up helm/${PROJECT_NAME}
helm lint helm/${PROJECT_NAME}
- name: Lint for subcharts
stage: test
script: |
helm lint helm/alfresco-content-services/charts/activemq
helm lint helm/alfresco-content-services/charts/alfresco-search
helm lint helm/alfresco-content-services/charts/alfresco-sync-service
helm lint helm/alfresco-content-services/charts/alfresco-search/charts/alfresco-insight-zeppelin
- name: Deploy Docker Compose and Run Postman Checks
stage: test
<<: *docker_deploy
- name: Deploy Latest Chart and Run Postman Checks
stage: test
<<: *helm_deploy
- stage: community
name: community-helm
<<: *helm_deploy
- name: community-compose
<<: *docker_deploy
- stage: 6.2.N
name: 6.2.N-helm
<<: *helm_deploy
- name: 6.2.N-compose
<<: *docker_deploy
- stage: 6.1.N
name: 6.1.N-helm
<<: *helm_deploy
- name: 6.1.N-compose
<<: *docker_deploy
- name: package and publish chart
stage: publish
script: |
if [[ "${TRAVIS_BRANCH}" != "master" ]]; then
CHART_VERSION=$(cat helm/${PROJECT_NAME}/Chart.yaml | grep version: | awk '{print $2}')
NON_SUFFIX_VERSION=$(echo "${CHART_VERSION}" | awk -F - '{print $1}')
ALPHA_BUILD_VERSION="${NON_SUFFIX_VERSION}-A${TRAVIS_BUILD_NUMBER}"
echo "Changing Chart version to ${ALPHA_BUILD_VERSION} as this is a feature branch..."
sed -i s,$CHART_VERSION,$ALPHA_BUILD_VERSION,g helm/${PROJECT_NAME}/Chart.yaml
fi
if [[ "${TRAVIS_BRANCH}" == "master" ]] && [[ "${TRAVIS_COMMIT_MESSAGE}" == *"[release]"* ]]
then
git checkout -B "${TRAVIS_BRANCH}"
git config --local user.email "[email protected]"
export VERSION=`cat helm/alfresco-content-services/Chart.yaml | grep version: | awk '{print $2}'`
echo "Tagging repository with v$VERSION..."
export GIT_TAG="v$VERSION"
git tag $GIT_TAG -a -m "Generated tag from TravisCI for build $TRAVIS_BUILD_NUMBER"
git push https://[email protected]/Alfresco/acs-deployment $GIT_TAG
fi
COMMIT_MESSAGE_FIRST_LINE=$(git log --pretty=format:%s --max-count=1)
echo using COMMIT_MESSAGE_FIRST_LINE=${COMMIT_MESSAGE_FIRST_LINE}
git clone https://${GITHUB_TOKEN}@github.com/Alfresco/charts.git
echo using HELM_REPO=${HELM_REPO}
mkdir repo
helm package --dependency-update --destination repo helm/${PROJECT_NAME}
helm repo index repo --url ${HELM_REPO_BASE_URL}/${HELM_REPO} --merge charts/${HELM_REPO}/index.yaml
mv repo/* charts/${HELM_REPO}
cd charts
git add ${HELM_REPO}
git commit -m "${COMMIT_MESSAGE_FIRST_LINE}"
git push --quiet origin master