austinmcconnell/circleci-python-kubernetes-helm-config-example.yml

## circleci-python-kubernetes-helm-config-example.yml
version: 2.1

orbs:
  jira: circleci/jira@1.0.5

workflows:
  build_test_check_deploy:
    jobs:
      - test:
          context: development
          filters:
            tags:
              ignore: /.*/
      - pre-commit-checks:
          context: development
          filters:
            tags:
              ignore: /.*/
      - build:
          context: development
          filters:
            tags:
              ignore: /.*/
      - deploy:
          name: deploy_dev
          context: development
          filters:
            branches:
              only:
                - master
            tags:
              ignore: /.*/
          requires:
            - test
            - pre-commit-checks
            - build
          post-steps:
            - jira/notify:
                job_type: deployment
                environment_type: development
      - deploy:
          name: deploy_qa
          context: quality
          filters:
            branches:
              ignore: /.*/
            tags:
              only: /^v\d+\.\d+\.\d+rc\d*$/
          post-steps:
            - jira/notify:
                job_type: deployment
                environment_type: testing
      - deploy:
          name: deploy_prod
          context: production
          filters:
            branches:
              ignore: /.*/
            tags:
              only: /^v\d+\.\d+\.\d+$/
          post-steps:
            - jira/notify:
                job_type: deployment
                environment_type: production
executors:
  python-executor:
    docker:
      - image: circleci/python:3.7.2
        environment:
          FLASK_APP: run.py
          FLASK_ENV: development
          FLASK_RUN_PORT: 5000

commands:
  install-python-dependencies:
    steps:
      - restore_cache:
          key: deps1-{{ checksum "Pipfile.lock" }}
      - run:
          name: Install Python dependencies
          command: |
            python3 -m venv venv
            . venv/bin/activate
            pipenv install --dev --deploy
      - save_cache:
          key: deps1-{{ checksum "Pipfile.lock" }}
          paths:
            - "venv"
            - "~/.cache/pip"
            - "~/.cache/pipenv"
  get-aws-credentials:
    steps:
      - run:
          name: Install AWS CLI
          command: |
            python3 -m venv venv
            . venv/bin/activate
            pip install awscli
      - run:
          name: Get AWS credentials
          command: |
            . venv/bin/activate
            eval $(aws ecr get-login --region $AWS_ECR_REGION --no-include-email)

jobs:
  test:
    executor: python-executor
    working_directory: ~/repo
    steps:
      - checkout
      - install-python-dependencies
      - run:
          name: Install Code Climate Test Reporter
          command: |
            curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
            chmod +x ./cc-test-reporter
      - run:
          name: Run tests
          command: |
            . venv/bin/activate
            ./cc-test-reporter before-build
            pytest tests --cov app --cov-branch --cov-report=xml
            ./cc-test-reporter after-build --coverage-input-type coverage.py --exit-code $?
          environment:
            CC_TEST_REPORTER_ID: the_correct_id
      - store_artifacts:
          path: htmlcov/
  pre-commit-checks:
    executor: python-executor
    working_directory: ~/repo
    steps:
      - checkout
      - install-python-dependencies
      - restore_cache:
          key: pre-commit-{{ checksum ".pre-commit-config.yaml" }}
      - run:
          name: Run pre-commit checks
          command: |
            . venv/bin/activate
            pre-commit run --all-files --config .pre-commit-config.yaml
      - save_cache:
          key: pre-commit-{{ checksum ".pre-commit-config.yaml" }}
          paths:
            - "~/.cache/pre-commit"
  build:
    executor: python-executor
    working_directory: ~/repo
    steps:
      - checkout
      - setup_remote_docker
      - run:
          name: Setup common environment variables
          command: |
            echo 'export ECR_URL="${AWS_ECR_ACCOUNT_ID}.dkr.ecr.${AWS_ECR_REGION}.amazonaws.com/${CIRCLE_PROJECT_REPONAME}"' >> $BASH_ENV
      - install-python-dependencies
      - get-aws-credentials
      - run:
          name: Pull previous image
          command: |
            docker pull $ECR_URL:base || true
            docker pull $ECR_URL:latest || true
      - run:
          name: Build image
          command: |
            docker build -t $ECR_URL:base --cache-from $ECR_URL:base --target base .
            docker build -t $ECR_URL:latest -t $ECR_URL:${CIRCLE_SHA1} --cache-from $ECR_URL:base --cache-from $ECR_URL:latest .
      - run:
          name: Test image
          command: |
            docker run -d -p 5000:5000 --name built-image $ECR_URL:latest
            sleep 10
            docker run --network container:built-image appropriate/curl --retry 10 --retry-connrefused http://localhost:5000/health | grep "healthy"
      - run:
          name: Push Images to ECR
          command: |
            docker push $ECR_URL:base
            docker push $ECR_URL:latest
            docker push $ECR_URL:${CIRCLE_SHA1}
  deploy:
    environment:
      INFRASTRUCTURE_REPO: git@github.com:user_or_company/repository_name.git
      SERVICE: service-name
      TILLER_NAMESPACE: helm
    docker:
      - image: image_repository/image_name:image_tag
    steps:
      - run:
          name: Keyscan Github
          command: mkdir -p ~/.ssh && ssh-keyscan -H github.com >> ~/.ssh/known_hosts
      - run:
          name: Pull infrastructure and decrypt
          command: |
            cd ~
            echo ${GPG_KEY} | base64 -d | gpg --import
            git clone ${INFRASTRUCTURE_REPO}
            cd infrastructure
            git-crypt unlock
      - run:
          name: Deploy using helm
          command: |
            cd ~/infrastructure
            export KUBECONFIG=~/infrastructure/terraform/environment-accounts/kubeconfig_company-${DEPLOYMENT_ENVIRONMENT}
            sed -i 's/eksadmin/deployment/g' ${KUBECONFIG}
            helm upgrade --install --wait --timeout 900 --kubeconfig=${KUBECONFIG} \
              --namespace ${SERVICE} \
              -f ./kubernetes/helm/${SERVICE}/${DEPLOYMENT_ENVIRONMENT}.values.yaml \
              -f ./kubernetes/helm/${SERVICE}/${DEPLOYMENT_ENVIRONMENT}.secrets.yaml \
              --set image.tag=${CIRCLE_SHA1} \
              ${SERVICE} ./kubernetes/helm/${SERVICE}
	version: 2.1

	orbs:
	jira: circleci/jira@1.0.5

	workflows:
	build_test_check_deploy:
	jobs:
	- test:
	context: development
	filters:
	tags:
	ignore: /.*/
	- pre-commit-checks:
	context: development
	filters:
	tags:
	ignore: /.*/
	- build:
	context: development
	filters:
	tags:
	ignore: /.*/
	- deploy:
	name: deploy_dev
	context: development
	filters:
	branches:
	only:
	- master
	tags:
	ignore: /.*/
	requires:
	- test
	- pre-commit-checks
	- build
	post-steps:
	- jira/notify:
	job_type: deployment
	environment_type: development
	- deploy:
	name: deploy_qa
	context: quality
	filters:
	branches:
	ignore: /.*/
	tags:
	only: /^v\d+\.\d+\.\d+rc\d*$/
	post-steps:
	- jira/notify:
	job_type: deployment
	environment_type: testing
	- deploy:
	name: deploy_prod
	context: production
	filters:
	branches:
	ignore: /.*/
	tags:
	only: /^v\d+\.\d+\.\d+$/
	post-steps:
	- jira/notify:
	job_type: deployment
	environment_type: production
	executors:
	python-executor:
	docker:
	- image: circleci/python:3.7.2
	environment:
	FLASK_APP: run.py
	FLASK_ENV: development
	FLASK_RUN_PORT: 5000

	commands:
	install-python-dependencies:
	steps:
	- restore_cache:
	key: deps1-{{ checksum "Pipfile.lock" }}
	- run:
	name: Install Python dependencies
	command: \|
	python3 -m venv venv
	. venv/bin/activate
	pipenv install --dev --deploy
	- save_cache:
	key: deps1-{{ checksum "Pipfile.lock" }}
	paths:
	- "venv"
	- "~/.cache/pip"
	- "~/.cache/pipenv"
	get-aws-credentials:
	steps:
	- run:
	name: Install AWS CLI
	command: \|
	python3 -m venv venv
	. venv/bin/activate
	pip install awscli
	- run:
	name: Get AWS credentials
	command: \|
	. venv/bin/activate
	eval $(aws ecr get-login --region $AWS_ECR_REGION --no-include-email)

	jobs:
	test:
	executor: python-executor
	working_directory: ~/repo
	steps:
	- checkout
	- install-python-dependencies
	- run:
	name: Install Code Climate Test Reporter
	command: \|
	curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
	chmod +x ./cc-test-reporter
	- run:
	name: Run tests
	command: \|
	. venv/bin/activate
	./cc-test-reporter before-build
	pytest tests --cov app --cov-branch --cov-report=xml
	./cc-test-reporter after-build --coverage-input-type coverage.py --exit-code $?
	environment:
	CC_TEST_REPORTER_ID: the_correct_id
	- store_artifacts:
	path: htmlcov/
	pre-commit-checks:
	executor: python-executor
	working_directory: ~/repo
	steps:
	- checkout
	- install-python-dependencies
	- restore_cache:
	key: pre-commit-{{ checksum ".pre-commit-config.yaml" }}
	- run:
	name: Run pre-commit checks
	command: \|
	. venv/bin/activate
	pre-commit run --all-files --config .pre-commit-config.yaml
	- save_cache:
	key: pre-commit-{{ checksum ".pre-commit-config.yaml" }}
	paths:
	- "~/.cache/pre-commit"
	build:
	executor: python-executor
	working_directory: ~/repo
	steps:
	- checkout
	- setup_remote_docker
	- run:
	name: Setup common environment variables
	command: \|
	echo 'export ECR_URL="${AWS_ECR_ACCOUNT_ID}.dkr.ecr.${AWS_ECR_REGION}.amazonaws.com/${CIRCLE_PROJECT_REPONAME}"' >> $BASH_ENV
	- install-python-dependencies
	- get-aws-credentials
	- run:
	name: Pull previous image
	command: \|
	docker pull $ECR_URL:base \|\| true
	docker pull $ECR_URL:latest \|\| true
	- run:
	name: Build image
	command: \|
	docker build -t $ECR_URL:base --cache-from $ECR_URL:base --target base .
	docker build -t $ECR_URL:latest -t $ECR_URL:${CIRCLE_SHA1} --cache-from $ECR_URL:base --cache-from $ECR_URL:latest .
	- run:
	name: Test image
	command: \|
	docker run -d -p 5000:5000 --name built-image $ECR_URL:latest
	sleep 10
	docker run --network container:built-image appropriate/curl --retry 10 --retry-connrefused http://localhost:5000/health \| grep "healthy"
	- run:
	name: Push Images to ECR
	command: \|
	docker push $ECR_URL:base
	docker push $ECR_URL:latest
	docker push $ECR_URL:${CIRCLE_SHA1}
	deploy:
	environment:
	INFRASTRUCTURE_REPO: git@github.com:user_or_company/repository_name.git
	SERVICE: service-name
	TILLER_NAMESPACE: helm
	docker:
	- image: image_repository/image_name:image_tag
	steps:
	- run:
	name: Keyscan Github
	command: mkdir -p ~/.ssh && ssh-keyscan -H github.com >> ~/.ssh/known_hosts
	- run:
	name: Pull infrastructure and decrypt
	command: \|
	cd ~
	echo ${GPG_KEY} \| base64 -d \| gpg --import
	git clone ${INFRASTRUCTURE_REPO}
	cd infrastructure
	git-crypt unlock
	- run:
	name: Deploy using helm
	command: \|
	cd ~/infrastructure
	export KUBECONFIG=~/infrastructure/terraform/environment-accounts/kubeconfig_company-${DEPLOYMENT_ENVIRONMENT}
	sed -i 's/eksadmin/deployment/g' ${KUBECONFIG}
	helm upgrade --install --wait --timeout 900 --kubeconfig=${KUBECONFIG} \
	--namespace ${SERVICE} \
	-f ./kubernetes/helm/${SERVICE}/${DEPLOYMENT_ENVIRONMENT}.values.yaml \
	-f ./kubernetes/helm/${SERVICE}/${DEPLOYMENT_ENVIRONMENT}.secrets.yaml \
	--set image.tag=${CIRCLE_SHA1} \
	${SERVICE} ./kubernetes/helm/${SERVICE}