-
-
Save jim5252/844d67f8636c02c0fa5acc598a1e213b to your computer and use it in GitHub Desktop.
Hanging Build Drone Files
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
kind: pipeline | |
type: kubernetes | |
name: dpp | |
platform: | |
os: linux | |
arch: amd64 | |
steps: | |
- name: mr_core_build_test | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/java11-mvn:v3.5.4 | |
commands: | |
- mvn clean install -U --batch-mode -f jasperfonts/pom.xml | |
- mvn clean install -U --batch-mode -f camundasdk/pom.xml | |
- mvn clean test -U --batch-mode -f casemanagement/pom.xml -P drone | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
when: | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_audit_build_test | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/java11-mvn:v3.5.4 | |
commands: | |
- mvn clean test -U --batch-mode -f audit/pom.xml | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
when: | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_processmanager_build_test | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/java11-mvn:v3.5.4 | |
commands: | |
- mvn clean test -U --batch-mode -f processmanager/pom.xml | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
when: | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_frontend_build_test | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/nodejs-base:v8 | |
commands: | |
- cd frontend | |
- npm install | |
- npm run test | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
when: | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_frontend_cache | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cd frontend | |
- docker build -t docker.digital.homeoffice.gov.uk/ddp/frontend-cache:latest . | |
- docker build -t docker.digital.homeoffice.gov.uk/ddp/frontend-cache:${DRONE_BUILD_NUMBER} . | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend-cache:latest | |
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend-cache:${DRONE_BUILD_NUMBER} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_cache_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp settings.xml casemanagement/settings.xml | |
- cp -r camundasdk casemanagement/camundasdk | |
- cp -r jasperfonts casemanagement/jasperfonts | |
- cp -r processmanager casemanagement/processmanager | |
- cp -r audit casemanagement/audit | |
- cp -r finance casemanagement/finance | |
- cd casemanagement | |
- mv Dockerfile.deps Dockerfile | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/cache:latest . | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/cache:${DRONE_BUILD_NUMBER} . | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/cache:latest | |
- docker push docker.digital.homeoffice.gov.uk/ddp/cache:${DRONE_BUILD_NUMBER} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_core_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp -r camundasdk casemanagement/camundasdk | |
- cp -r jasperfonts casemanagement/jasperfonts | |
- cp settings.xml casemanagement/settings.xml | |
- cd casemanagement | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA} . | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_audit_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp settings.xml audit/settings.xml | |
- cd audit | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA} . | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_frontend_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cd frontend | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/frontend-cache:3448 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA} . | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_processmanager_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp settings.xml processmanager/settings.xml | |
- cd processmanager | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA} . | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: mr_camunda_db_patches_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cd processmanager/camunda-db-patches | |
- mv Dockerfile Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build -t docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA} . | |
environment: | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: master_core_push | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: master_audit_push | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: master_frontend_push | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: master_processmanager_push | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: master_camunda_db_patches_push | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker push docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
- master | |
- release | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: pr_core_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp -r camundasdk casemanagement/camundasdk | |
- cp -r jasperfonts casemanagement/jasperfonts | |
- cp settings.xml casemanagement/settings.xml | |
- cd casemanagement | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA} . | |
- docker push docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_audit_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp settings.xml audit/settings.xml | |
- cd audit | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA} . | |
- docker push docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_frontend_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cd frontend | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/frontend-cache:3448 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA} . | |
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_processmanager_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cp settings.xml processmanager/settings.xml | |
- cd processmanager | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- mv Dockerfile.deployment Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA} . | |
- docker push docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA} | |
environment: | |
ARTIFACTORY_PASSWORD: | |
from_secret: artifactory_password | |
ARTIFACTORY_USERNAME: | |
from_secret: artifactory_username | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_camunda_db_patches_image | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- cd processmanager/camunda-db-patches | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- mv Dockerfile Dockerfile | |
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374 | |
- docker build -t docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA} . | |
- docker push docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA} | |
environment: | |
DOCKER_PASSWORD: | |
from_secret: docker_password | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_deploy_core | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/core.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/core:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-test | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_deploy_audit | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/audit.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/audit:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-test | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_deploy_processmanager | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/processmanager.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/processmanager:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-test | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_deploy_camunda_db_patches | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/camunda-db-patches.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-test | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: pr_deploy_frontend | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/frontend.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/frontend:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-test | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
exclude: | |
- master | |
event: | |
- pull_request | |
- push | |
- name: deploy_core | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/core.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/core:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-dev | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: deploy_audit | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/audit.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/audit:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-dev | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: deploy_processmanager | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/processmanager.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/processmanager:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-dev | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: deploy_camunda_db_patches | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/camunda-db-patches.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-dev | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: deploy_frontend | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/frontend.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/frontend:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-dev | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: deploy_pg | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/pg.sh | |
environment: | |
DRONE_DEPLOY_TO: acp-notprod | |
KUBE_NAMESPACE: ddp-dev | |
KUBE_TOKEN_ACP_NOTPROD: | |
from_secret: kube_token_acp_notprod | |
REPLICA_COUNT: 1 | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- pull_request | |
- tag | |
- name: deploy_core_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/core.sh | |
environment: | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/core:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
REPLICA_COUNT: 3 | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
- name: deploy_audit_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/audit.sh | |
environment: | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/audit:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
REPLICA_COUNT: 1 | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
- name: deploy_processmanager_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/processmanager.sh | |
environment: | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/processmanager:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
REPLICA_COUNT: 2 | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
- name: deploy_camunda_db_patches_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/camunda-db-patches.sh | |
environment: | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
- name: deploy_frontend_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/frontend.sh | |
environment: | |
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/frontend:${DRONE_COMMIT_SHA} | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
REPLICA_COUNT: 3 | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
- name: deploy_pg_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/pg.sh | |
environment: | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
REPLICA_COUNT: 1 | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
- name: deploy_pg_audit_prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.14.0 | |
commands: | |
- apk update | |
- apk add curl | |
- kubernetes/bin/pg-audit.sh | |
environment: | |
KUBE_NAMESPACE: ddp-prod | |
KUBE_TOKEN_ACP_PROD: | |
from_secret: kube_token_acp_prod | |
when: | |
event: | |
- promote | |
target: | |
- prod | |
services: | |
- name: docker | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
kind: pipeline | |
type: kubernetes | |
name: default | |
platform: | |
os: linux | |
arch: amd64 | |
steps: | |
- name: scan_commits | |
pull: if-not-exists | |
image: alpine:3 | |
commands: | |
- apk update | |
- apk add wget gzip git | |
- wget https://github.com/UKHomeOffice/repo-security-scanner/releases/download/0.4.0/scanrepo-0.4.0-linux-386.tar.gz | |
- tar -zxvf scanrepo-0.4.0-linux-386.tar.gz | |
- chmod +x scanrepo | |
- mv scanrepo /usr/bin | |
- git log -p -n 100| scanrepo | |
when: | |
event: | |
- push | |
- pull_request | |
- name: run_tests | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn install | |
- yarn test | |
- echo ${DRONE_BUILD_NUMBER} > build.txt | |
- df -h | |
when: | |
event: | |
- push | |
- pull_request | |
- name: retrieve-common-secrets | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0 | |
commands: | |
- echo "export DOCKER_USERNAME=$(vault read -field=docker_username secret/dacc/es/admin/docker-username)" >> set_drone_secrets.sh | |
- echo "export DOCKER_PASSWORD=$(vault read -field=docker_password secret/dacc/es/admin/docker-password)" >> set_drone_secrets.sh | |
- echo "export SLACK_WEBHOOK=$(vault read -field=slack_webhook secret/dacc/es/admin/slack-webhook)" >> set_drone_secrets.sh | |
environment: | |
VAULT_ADDR: | |
from_secret: VAULT_ADDR_DEV | |
VAULT_TOKEN: | |
from_secret: VAULT_TOKEN_DEV | |
depends_on: | |
- scan_commits | |
# build all apps static files | |
- name: build_static_audit_app | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn apps:audit:build | |
depends_on: | |
- scan_commits | |
- run_tests | |
when: | |
event: | |
- push | |
- name: build_static_leadgen_app | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn apps:leadgen:build | |
depends_on: | |
- scan_commits | |
- run_tests | |
when: | |
event: | |
- push | |
- name: build_static_air_leadgen_app | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn apps:air-leadgen:build | |
depends_on: | |
- scan_commits | |
- run_tests | |
when: | |
event: | |
- push | |
- name: build_static_search_app | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn apps:search:build | |
depends_on: | |
- scan_commits | |
- run_tests | |
when: | |
event: | |
- push | |
- name: build_static_analytics-platform_app | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn apps:analytics-platform:build | |
depends_on: | |
- scan_commits | |
- run_tests | |
when: | |
event: | |
- push | |
- name: build_static_query-builder_app | |
pull: if-not-exists | |
image: node:14.15.0 | |
commands: | |
- yarn apps:query-builder:build | |
depends_on: | |
- scan_commits | |
- run_tests | |
when: | |
event: | |
- push | |
# package all apps | |
- name: package_audit_app | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
# wait for docker service to be up before running docker build | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=audit . --no-cache | |
depends_on: | |
- build_static_audit_app | |
when: | |
event: | |
- push | |
- name: package_leadgen_app | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
# wait for docker service to be up before running docker build | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=leadgen . --no-cache | |
depends_on: | |
- build_static_leadgen_app | |
when: | |
event: | |
- push | |
- name: package_air_leadgen_app | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
# wait for docker service to be up before running docker build | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=air-leadgen . --no-cache | |
depends_on: | |
- build_static_air_leadgen_app | |
when: | |
event: | |
- push | |
- name: package_search_app | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
# wait for docker service to be up before running docker build | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=search . --no-cache | |
depends_on: | |
- build_static_search_app | |
when: | |
event: | |
- push | |
- name: package_analytics-platform_app | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
# wait for docker service to be up before running docker build | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=analytics-platform . --no-cache | |
depends_on: | |
- build_static_analytics-platform_app | |
when: | |
event: | |
- push | |
- name: package_query-builder_app | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
# wait for docker service to be up before running docker build | |
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done | |
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=query-builder . --no-cache | |
depends_on: | |
- build_static_query-builder_app | |
when: | |
event: | |
- push | |
# scan images | |
- name: scan_audit_docker_image | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
environment: | |
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:${DRONE_COMMIT_SHA} | |
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080,CVE-2020-1752 | |
depends_on: | |
- package_audit_app | |
when: | |
event: | |
- push | |
- name: scan_leadgen_docker_image | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
environment: | |
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:${DRONE_COMMIT_SHA} | |
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080 | |
depends_on: | |
- package_leadgen_app | |
when: | |
event: | |
- push | |
- name: scan_air_leadgen_docker_image | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
environment: | |
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:${DRONE_COMMIT_SHA} | |
WHITELIST: CVE-2021-22946,CVE-2008-4318,CVE-2020-25613,CVE-2020-29363,CVE-2019-25013, CVE-2021-20231, CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080 | |
depends_on: | |
- package_air_leadgen_app | |
when: | |
event: | |
- push | |
- name: scan_search_docker_image | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
environment: | |
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:${DRONE_COMMIT_SHA} | |
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080 | |
depends_on: | |
- package_search_app | |
when: | |
event: | |
- push | |
- name: scan_analytics-platform_docker_image | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
environment: | |
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:${DRONE_COMMIT_SHA} | |
WHITELIST: CVE-2021-22946,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080 | |
depends_on: | |
- package_analytics-platform_app | |
when: | |
event: | |
- push | |
- name: scan_query-builder_docker_image | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
environment: | |
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:${DRONE_COMMIT_SHA} | |
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080 | |
depends_on: | |
- package_query-builder_app | |
when: | |
event: | |
- push | |
# push images | |
- name: push_audit_artifactory_latest | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- source set_drone_secrets.sh | |
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:b${DRONE_BUILD_NUMBER} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:b${DRONE_BUILD_NUMBER} | |
depends_on: | |
- scan_audit_docker_image | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- name: push_leadgen_artifactory_latest | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- source set_drone_secrets.sh | |
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:b${DRONE_BUILD_NUMBER} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:b${DRONE_BUILD_NUMBER} | |
depends_on: | |
- scan_leadgen_docker_image | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- name: push_air_leadgen_artifactory_latest | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- source set_drone_secrets.sh | |
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:b${DRONE_BUILD_NUMBER} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:b${DRONE_BUILD_NUMBER} | |
depends_on: | |
- scan_air_leadgen_docker_image | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- name: push_search_artifactory_latest | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- source set_drone_secrets.sh | |
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:b${DRONE_BUILD_NUMBER} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:b${DRONE_BUILD_NUMBER} | |
depends_on: | |
- scan_search_docker_image | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- name: push_analytics-platform_artifactory_latest | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- source set_drone_secrets.sh | |
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:b${DRONE_BUILD_NUMBER} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:b${DRONE_BUILD_NUMBER} | |
depends_on: | |
- scan_analytics-platform_docker_image | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- name: push_query-builder_artifactory_latest | |
pull: if-not-exists | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
commands: | |
- source set_drone_secrets.sh | |
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:b${DRONE_BUILD_NUMBER} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_BRANCH} | |
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:b${DRONE_BUILD_NUMBER} | |
depends_on: | |
- scan_query-builder_docker_image | |
when: | |
branch: | |
- master | |
event: | |
- push | |
- name: retrieve-notprod-secrets | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0 | |
commands: &retrieve-secrets | |
- echo "export DEPLOYMENT_TOKEN=$(vault read -field=$${ENV}_kube_token secret/dacc/es/admin/kube-tokens/$${ENV}-kube-token)" >> set_drone_secrets.sh | |
environment: | |
ENV: notprod | |
VAULT_ADDR: | |
from_secret: VAULT_ADDR_NOTPROD | |
VAULT_TOKEN: | |
from_secret: VAULT_TOKEN_NOTPROD | |
depends_on: | |
- push_audit_artifactory_latest | |
- push_leadgen_artifactory_latest | |
- push_search_artifactory_latest | |
- push_analytics-platform_artifactory_latest | |
- push_query-builder_artifactory_latest | |
when: | |
event: | |
- push | |
branch: | |
- master | |
# CD processes | |
- name: deploy-notprod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.16.0 | |
depends_on: | |
- retrieve-notprod-secrets | |
commands: &deploy_settings | |
- echo "starting $${ENV} deployment" | |
- source set_drone_secrets.sh | |
- export DOCKER_IMAGE_TAG=$${DRONE_COMMIT_SHA} | |
- export DRONE_DEPLOY_TO=$${ENV} | |
- export FRONTEND_APP_NAMES=$(echo "audit leadgen search analytics-platform query-builder air-leadgen" | base64) | |
- export ACTION=deploy | |
- echo $DRONE_DEPLOY_TO | |
- apk update | |
- apk add curl | |
- ./deploy.sh | |
environment: | |
ENV: notprod | |
when: | |
event: | |
- push | |
branch: | |
- master | |
- name: retrieve-preprod-secrets | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0 | |
commands: | |
*retrieve-secrets | |
environment: | |
ENV: prod | |
VAULT_ADDR: | |
from_secret: VAULT_ADDR_PROD | |
VAULT_TOKEN: | |
from_secret: VAULT_TOKEN_PROD | |
depends_on: | |
- deploy-notprod | |
when: | |
event: | |
- push | |
branch: | |
- master | |
- name: deploy-preprod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.16.0 | |
depends_on: | |
- retrieve-preprod-secrets | |
commands: *deploy_settings | |
environment: | |
ENV: preprod | |
when: | |
event: | |
- push | |
branch: | |
- master | |
- name: retrieve-prod-secrets | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0 | |
commands: | |
*retrieve-secrets | |
environment: | |
ENV: prod | |
VAULT_ADDR: | |
from_secret: VAULT_ADDR_PROD | |
VAULT_TOKEN: | |
from_secret: VAULT_TOKEN_PROD | |
when: | |
event: | |
- promote | |
target: | |
- production | |
- name: deploy-prod | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/kd:v1.16.0 | |
commands: | |
- echo "starting $${ENV} deployment" | |
- source set_drone_secrets.sh | |
- export DOCKER_IMAGE_TAG=$${DRONE_COMMIT_SHA} | |
- export DRONE_DEPLOY_TO=prod | |
- export FRONTEND_APP_NAMES=$(echo ${FRONTEND_APP_NAMES} | base64) | |
- export ACTION=deploy | |
- echo $DRONE_DEPLOY_TO | |
- apk update | |
- apk add curl | |
- ./deploy.sh | |
depends_on: | |
- retrieve-prod-secrets | |
environment: | |
ENV: prod | |
when: | |
event: | |
- promote | |
target: | |
- production | |
- name: notify_slack_deploy_notprod | |
pull: if-not-exists | |
image: plugins/slack:1.0 | |
commands: | |
- source set_drone_secrets.sh | |
- /bin/drone-slack | |
environment: | |
PLUGIN_CHANNEL: hodac | |
PLUGIN_ICON_URL: http://readme.drone.io/0.5/logo_dark.svg | |
PLUGIN_TEMPLATE: "entitysearch react frontend deployment notprod status: *{{repo.Name}}* - build #{{build.Number}} finished with a *{{build.Status}}* status.\n *Drone link*: {{build.Link}}\n *Branch*: {{build.Branch}}\n *Author*: {{build.Author}}\n *Commit*: {{build.Commit}}\n" | |
PLUGIN_USERNAME: drone | |
depends_on: | |
- deploy-notprod | |
when: | |
event: | |
- push | |
branch: | |
- master | |
status: | |
- success | |
- failure | |
- name: notify_slack_deploy_preprod | |
pull: if-not-exists | |
image: plugins/slack:1.0 | |
commands: | |
- source set_drone_secrets.sh | |
- /bin/drone-slack | |
environment: | |
PLUGIN_CHANNEL: hodac | |
PLUGIN_ICON_URL: http://readme.drone.io/0.5/logo_dark.svg | |
PLUGIN_TEMPLATE: "entitysearch react frontend deployment notprod status: *{{repo.Name}}* - build #{{build.Number}} finished with a *{{build.Status}}* status.\n *Drone link*: {{build.Link}}\n *Branch*: {{build.Branch}}\n *Author*: {{build.Author}}\n *Commit*: {{build.Commit}}\n" | |
PLUGIN_USERNAME: drone | |
depends_on: | |
- deploy-preprod | |
when: | |
event: | |
- push | |
branch: | |
- master | |
status: | |
- success | |
- failure | |
- name: notify_slack_deploy_prod | |
pull: if-not-exists | |
image: plugins/slack:1.0 | |
commands: | |
- source set_drone_secrets.sh | |
- /bin/drone-slack | |
environment: | |
PLUGIN_CHANNEL: hodac | |
PLUGIN_ICON_URL: http://readme.drone.io/0.5/logo_dark.svg | |
PLUGIN_TEMPLATE: "entitysearch react frontend deployed in prod status: *{{repo.Name}}* - build #{{build.Number}} finished with a *{{build.Status}}* status.\n *Drone link*: {{build.Link}}\n *Branch*: {{build.Branch}}\n *Author*: {{build.Author}}\n *Commit*: {{build.Commit}}\n" | |
PLUGIN_USERNAME: drone | |
depends_on: | |
- deploy-prod | |
when: | |
event: | |
- promote | |
status: | |
- success | |
- failure | |
- name: renew-vault-tokens | |
pull: if-not-exists | |
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0 | |
commands: | |
# Renew Dev Drone Vault Token | |
- export VAULT_TOKEN=$${VAULT_TOKEN_DEV} | |
- export VAULT_ADDR=$${VAULT_ADDR_DEV} | |
- vault token renew > /dev/null | |
- unset VAULT_TOKEN | |
# Renew NotProd Drone Vault Token | |
- export VAULT_TOKEN=$${VAULT_TOKEN_NOTPROD} | |
- export VAULT_ADDR=$${VAULT_ADDR_NOTPROD} | |
- vault token renew > /dev/null | |
- unset VAULT_TOKEN | |
# Renew NotProd Drone Vault Token | |
- export VAULT_TOKEN=$${VAULT_TOKEN_PROD} | |
- export VAULT_ADDR=$${VAULT_ADDR_PROD} | |
- vault token renew > /dev/null | |
environment: | |
VAULT_ADDR_DEV: | |
from_secret: VAULT_ADDR_DEV | |
VAULT_TOKEN_DEV: | |
from_secret: VAULT_TOKEN_DEV | |
VAULT_ADDR_NOTPROD: | |
from_secret: VAULT_ADDR_NOTPROD | |
VAULT_TOKEN_NOTPROD: | |
from_secret: VAULT_TOKEN_NOTPROD | |
VAULT_ADDR_PROD: | |
from_secret: VAULT_ADDR_PROD | |
VAULT_TOKEN_PROD: | |
from_secret: VAULT_TOKEN_PROD | |
when: | |
event: | |
- cron | |
services: | |
- name: docker | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind | |
- name: anchore-submission-server | |
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest | |
pull: always | |
commands: | |
- /run.sh server |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
kind: pipeline | |
name: default | |
type: kubernetes | |
platform: | |
os: linux | |
arch: amd64 | |
steps: | |
- name: pull-manifest | |
pull: always | |
image: docker-hub.digital.homeoffice.gov.uk/amazon/aws-cli:latest | |
commands: | |
- aws s3 sync s3://$${AWS_S3_BUCKET}/manifest manifest | |
environment: | |
AWS_DEFAULT_REGION: eu-west-2 | |
AWS_ACCESS_KEY_ID: | |
from_secret: cba_devops_aws_access_key_id | |
AWS_SECRET_ACCESS_KEY: | |
from_secret: cba_devops_aws_secret_access_key | |
AWS_S3_BUCKET: | |
from_secret: cba_devops_aws_bucket_name | |
AWS_KMS_KEY_ID: | |
from_secret: cba_devops_aws_kms_key_id | |
when: | |
event: | |
- pull_request | |
- tag | |
- name: decrypt-repo | |
pull: always | |
image: docker-hub.digital.homeoffice.gov.uk/alpine:latest | |
commands: | |
- apk add git-crypt | |
- echo $${ISO_SYMMETRIC_KEY} | base64 -d > iso-symmetric-key | |
- git-crypt unlock iso-symmetric-key | |
environment: | |
ISO_SYMMETRIC_KEY: | |
from_secret: iso_symmetric_key | |
when: | |
event: | |
- pull_request | |
- tag | |
- name: check-for-iso | |
pull: always | |
image: docker-hub.digital.homeoffice.gov.uk/amazon/aws-cli:latest | |
commands: | |
- source manifest/manifest | |
- bash -x scripts/get-iso.sh | |
environment: | |
AWS_DEFAULT_REGION: eu-west-2 | |
AWS_ACCESS_KEY_ID: | |
from_secret: cba_devops_aws_access_key_id | |
AWS_SECRET_ACCESS_KEY: | |
from_secret: cba_devops_aws_secret_access_key | |
AWS_S3_BUCKET: | |
from_secret: cba_devops_aws_bucket_name | |
AWS_KMS_KEY_ID: | |
from_secret: cba_devops_aws_kms_key_id | |
when: | |
event: | |
- pull_request | |
- tag | |
- name: build-iso | |
pull: always | |
image: docker-hub.digital.homeoffice.gov.uk/centos:7 | |
commands: | |
- source manifest/manifest | |
- bash -x scripts/build-iso.sh | |
when: | |
event: | |
- pull_request | |
- tag | |
- name: upload-iso | |
pull: always | |
image: docker-hub.digital.homeoffice.gov.uk/amazon/aws-cli:latest | |
commands: | |
- source manifest/manifest | |
- aws s3 cp --no-progress build/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO} s3://$${AWS_S3_BUCKET}/iso/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO} --sse aws:kms --sse-kms-key-id $${AWS_KMS_KEY_ID} | |
- aws s3 cp --no-progress build/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.md5sum s3://$${AWS_S3_BUCKET}/iso/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.md5sum --sse aws:kms --sse-kms-key-id $${AWS_KMS_KEY_ID} | |
- aws s3 cp --no-progress build/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.sha256sum s3://$${AWS_S3_BUCKET}/iso/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.sha256sum --sse aws:kms --sse-kms-key-id $${AWS_KMS_KEY_ID} | |
environment: | |
AWS_DEFAULT_REGION: eu-west-2 | |
AWS_ACCESS_KEY_ID: | |
from_secret: cba_devops_aws_access_key_id | |
AWS_SECRET_ACCESS_KEY: | |
from_secret: cba_devops_aws_secret_access_key | |
AWS_S3_BUCKET: | |
from_secret: cba_devops_aws_bucket_name | |
AWS_KMS_KEY_ID: | |
from_secret: cba_devops_aws_kms_key_id | |
when: | |
event: | |
- pull_request | |
- tag | |
- name: slack-notify | |
pull: always | |
image: docker-hub.digital.homeoffice.gov.uk/plugins/slack:latest | |
settings: | |
webhook: | |
from_secret: slack_webhook_url | |
channel: | |
from_secret: slack_webhook_channel | |
template: > | |
{{#success build.status}} | |
Build <{{build.link}}|{{repo.name}}@{{build.branch}}#{{build.number}}> was successful! | |
{{else}} | |
Build <{{build.link}}|{{repo.name}}@{{build.branch}}#{{build.number}}> failed! | |
{{/success}} | |
when: | |
event: | |
- pull_request | |
- tag |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment