Skip to content

Instantly share code, notes, and snippets.

@jim5252

jim5252/ddp-casemangement-drone.yml Secret

Created October 14, 2021 11:30
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save jim5252/844d67f8636c02c0fa5acc598a1e213b to your computer and use it in GitHub Desktop.
Save jim5252/844d67f8636c02c0fa5acc598a1e213b to your computer and use it in GitHub Desktop.
Download ZIP
Hanging Build Drone Files
Raw
ddp-casemangement-drone.yml
kind: pipeline
type: kubernetes
name: dpp
platform:
os: linux
arch: amd64
steps:
- name: mr_core_build_test
pull: if-not-exists
image: quay.io/ukhomeofficedigital/java11-mvn:v3.5.4
commands:
- mvn clean install -U --batch-mode -f jasperfonts/pom.xml
- mvn clean install -U --batch-mode -f camundasdk/pom.xml
- mvn clean test -U --batch-mode -f casemanagement/pom.xml -P drone
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
when:
event:
- push
- pull_request
- tag
- name: mr_audit_build_test
pull: if-not-exists
image: quay.io/ukhomeofficedigital/java11-mvn:v3.5.4
commands:
- mvn clean test -U --batch-mode -f audit/pom.xml
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
when:
event:
- push
- pull_request
- tag
- name: mr_processmanager_build_test
pull: if-not-exists
image: quay.io/ukhomeofficedigital/java11-mvn:v3.5.4
commands:
- mvn clean test -U --batch-mode -f processmanager/pom.xml
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
when:
event:
- push
- pull_request
- tag
- name: mr_frontend_build_test
pull: if-not-exists
image: quay.io/ukhomeofficedigital/nodejs-base:v8
commands:
- cd frontend
- npm install
- npm run test
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
when:
event:
- push
- pull_request
- tag
- name: mr_frontend_cache
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cd frontend
- docker build -t docker.digital.homeoffice.gov.uk/ddp/frontend-cache:latest .
- docker build -t docker.digital.homeoffice.gov.uk/ddp/frontend-cache:${DRONE_BUILD_NUMBER} .
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend-cache:latest
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend-cache:${DRONE_BUILD_NUMBER}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: mr_cache_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp settings.xml casemanagement/settings.xml
- cp -r camundasdk casemanagement/camundasdk
- cp -r jasperfonts casemanagement/jasperfonts
- cp -r processmanager casemanagement/processmanager
- cp -r audit casemanagement/audit
- cp -r finance casemanagement/finance
- cd casemanagement
- mv Dockerfile.deps Dockerfile
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/cache:latest .
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/cache:${DRONE_BUILD_NUMBER} .
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/cache:latest
- docker push docker.digital.homeoffice.gov.uk/ddp/cache:${DRONE_BUILD_NUMBER}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: mr_core_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp -r camundasdk casemanagement/camundasdk
- cp -r jasperfonts casemanagement/jasperfonts
- cp settings.xml casemanagement/settings.xml
- cd casemanagement
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA} .
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: mr_audit_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp settings.xml audit/settings.xml
- cd audit
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA} .
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: mr_frontend_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cd frontend
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/frontend-cache:3448
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA} .
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: mr_processmanager_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp settings.xml processmanager/settings.xml
- cd processmanager
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA} .
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: mr_camunda_db_patches_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cd processmanager/camunda-db-patches
- mv Dockerfile Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build -t docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA} .
environment:
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: master_core_push
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: master_audit_push
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: master_frontend_push
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: master_processmanager_push
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: master_camunda_db_patches_push
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker push docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
- master
- release
event:
- push
- pull_request
- tag
- name: pr_core_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp -r camundasdk casemanagement/camundasdk
- cp -r jasperfonts casemanagement/jasperfonts
- cp settings.xml casemanagement/settings.xml
- cd casemanagement
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA} .
- docker push docker.digital.homeoffice.gov.uk/ddp/core:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_audit_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp settings.xml audit/settings.xml
- cd audit
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA} .
- docker push docker.digital.homeoffice.gov.uk/ddp/audit:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_frontend_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cd frontend
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/frontend-cache:3448
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA} .
- docker push docker.digital.homeoffice.gov.uk/ddp/frontend:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_processmanager_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cp settings.xml processmanager/settings.xml
- cd processmanager
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- mv Dockerfile.deployment Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build --build-arg AF_USERNAME=$${ARTIFACTORY_USERNAME} --build-arg AF_PASSWORD=$${ARTIFACTORY_PASSWORD} -t docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA} .
- docker push docker.digital.homeoffice.gov.uk/ddp/processmanager:$${DRONE_COMMIT_SHA}
environment:
ARTIFACTORY_PASSWORD:
from_secret: artifactory_password
ARTIFACTORY_USERNAME:
from_secret: artifactory_username
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_camunda_db_patches_image
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- cd processmanager/camunda-db-patches
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- mv Dockerfile Dockerfile
- docker login -u osct-ddp -p $${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker pull docker.digital.homeoffice.gov.uk/ddp/cache:3374
- docker build -t docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA} .
- docker push docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:$${DRONE_COMMIT_SHA}
environment:
DOCKER_PASSWORD:
from_secret: docker_password
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_deploy_core
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/core.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/core:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-test
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_deploy_audit
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/audit.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/audit:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-test
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_deploy_processmanager
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/processmanager.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/processmanager:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-test
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_deploy_camunda_db_patches
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/camunda-db-patches.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-test
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: pr_deploy_frontend
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/frontend.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/frontend:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-test
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
exclude:
- master
event:
- pull_request
- push
- name: deploy_core
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/core.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/core:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-dev
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: deploy_audit
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/audit.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/audit:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-dev
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: deploy_processmanager
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/processmanager.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/processmanager:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-dev
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: deploy_camunda_db_patches
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/camunda-db-patches.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-dev
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: deploy_frontend
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/frontend.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/frontend:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-dev
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: deploy_pg
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/pg.sh
environment:
DRONE_DEPLOY_TO: acp-notprod
KUBE_NAMESPACE: ddp-dev
KUBE_TOKEN_ACP_NOTPROD:
from_secret: kube_token_acp_notprod
REPLICA_COUNT: 1
when:
branch:
- master
event:
- push
- pull_request
- tag
- name: deploy_core_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/core.sh
environment:
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/core:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
REPLICA_COUNT: 3
when:
event:
- promote
target:
- prod
- name: deploy_audit_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/audit.sh
environment:
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/audit:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
REPLICA_COUNT: 1
when:
event:
- promote
target:
- prod
- name: deploy_processmanager_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/processmanager.sh
environment:
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/processmanager:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
REPLICA_COUNT: 2
when:
event:
- promote
target:
- prod
- name: deploy_camunda_db_patches_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/camunda-db-patches.sh
environment:
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/camunda-db-patches:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
when:
event:
- promote
target:
- prod
- name: deploy_frontend_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/frontend.sh
environment:
IMAGE_URL: docker.digital.homeoffice.gov.uk/ddp/frontend:${DRONE_COMMIT_SHA}
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
REPLICA_COUNT: 3
when:
event:
- promote
target:
- prod
- name: deploy_pg_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/pg.sh
environment:
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
REPLICA_COUNT: 1
when:
event:
- promote
target:
- prod
- name: deploy_pg_audit_prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.14.0
commands:
- apk update
- apk add curl
- kubernetes/bin/pg-audit.sh
environment:
KUBE_NAMESPACE: ddp-prod
KUBE_TOKEN_ACP_PROD:
from_secret: kube_token_acp_prod
when:
event:
- promote
target:
- prod
services:
- name: docker
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
Raw
entity-search-frontend-drone.yml
---
kind: pipeline
type: kubernetes
name: default
platform:
os: linux
arch: amd64
steps:
- name: scan_commits
pull: if-not-exists
image: alpine:3
commands:
- apk update
- apk add wget gzip git
- wget https://github.com/UKHomeOffice/repo-security-scanner/releases/download/0.4.0/scanrepo-0.4.0-linux-386.tar.gz
- tar -zxvf scanrepo-0.4.0-linux-386.tar.gz
- chmod +x scanrepo
- mv scanrepo /usr/bin
- git log -p -n 100| scanrepo
when:
event:
- push
- pull_request
- name: run_tests
pull: if-not-exists
image: node:14.15.0
commands:
- yarn install
- yarn test
- echo ${DRONE_BUILD_NUMBER} > build.txt
- df -h
when:
event:
- push
- pull_request
- name: retrieve-common-secrets
pull: if-not-exists
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0
commands:
- echo "export DOCKER_USERNAME=$(vault read -field=docker_username secret/dacc/es/admin/docker-username)" >> set_drone_secrets.sh
- echo "export DOCKER_PASSWORD=$(vault read -field=docker_password secret/dacc/es/admin/docker-password)" >> set_drone_secrets.sh
- echo "export SLACK_WEBHOOK=$(vault read -field=slack_webhook secret/dacc/es/admin/slack-webhook)" >> set_drone_secrets.sh
environment:
VAULT_ADDR:
from_secret: VAULT_ADDR_DEV
VAULT_TOKEN:
from_secret: VAULT_TOKEN_DEV
depends_on:
- scan_commits
# build all apps static files
- name: build_static_audit_app
pull: if-not-exists
image: node:14.15.0
commands:
- yarn apps:audit:build
depends_on:
- scan_commits
- run_tests
when:
event:
- push
- name: build_static_leadgen_app
pull: if-not-exists
image: node:14.15.0
commands:
- yarn apps:leadgen:build
depends_on:
- scan_commits
- run_tests
when:
event:
- push
- name: build_static_air_leadgen_app
pull: if-not-exists
image: node:14.15.0
commands:
- yarn apps:air-leadgen:build
depends_on:
- scan_commits
- run_tests
when:
event:
- push
- name: build_static_search_app
pull: if-not-exists
image: node:14.15.0
commands:
- yarn apps:search:build
depends_on:
- scan_commits
- run_tests
when:
event:
- push
- name: build_static_analytics-platform_app
pull: if-not-exists
image: node:14.15.0
commands:
- yarn apps:analytics-platform:build
depends_on:
- scan_commits
- run_tests
when:
event:
- push
- name: build_static_query-builder_app
pull: if-not-exists
image: node:14.15.0
commands:
- yarn apps:query-builder:build
depends_on:
- scan_commits
- run_tests
when:
event:
- push
# package all apps
- name: package_audit_app
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
# wait for docker service to be up before running docker build
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=audit . --no-cache
depends_on:
- build_static_audit_app
when:
event:
- push
- name: package_leadgen_app
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
# wait for docker service to be up before running docker build
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=leadgen . --no-cache
depends_on:
- build_static_leadgen_app
when:
event:
- push
- name: package_air_leadgen_app
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
# wait for docker service to be up before running docker build
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=air-leadgen . --no-cache
depends_on:
- build_static_air_leadgen_app
when:
event:
- push
- name: package_search_app
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
# wait for docker service to be up before running docker build
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=search . --no-cache
depends_on:
- build_static_search_app
when:
event:
- push
- name: package_analytics-platform_app
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
# wait for docker service to be up before running docker build
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=analytics-platform . --no-cache
depends_on:
- build_static_analytics-platform_app
when:
event:
- push
- name: package_query-builder_app
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
# wait for docker service to be up before running docker build
- n=0; while [ "$n" -lt 60 ] && [ ! docker stats --no-stream ]; do n=$(( n + 1 )); sleep 1; done
- docker build -t docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} --build-arg APP=query-builder . --no-cache
depends_on:
- build_static_query-builder_app
when:
event:
- push
# scan images
- name: scan_audit_docker_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
environment:
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:${DRONE_COMMIT_SHA}
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080,CVE-2020-1752
depends_on:
- package_audit_app
when:
event:
- push
- name: scan_leadgen_docker_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
environment:
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:${DRONE_COMMIT_SHA}
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080
depends_on:
- package_leadgen_app
when:
event:
- push
- name: scan_air_leadgen_docker_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
environment:
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:${DRONE_COMMIT_SHA}
WHITELIST: CVE-2021-22946,CVE-2008-4318,CVE-2020-25613,CVE-2020-29363,CVE-2019-25013, CVE-2021-20231, CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080
depends_on:
- package_air_leadgen_app
when:
event:
- push
- name: scan_search_docker_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
environment:
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:${DRONE_COMMIT_SHA}
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080
depends_on:
- package_search_app
when:
event:
- push
- name: scan_analytics-platform_docker_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
environment:
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:${DRONE_COMMIT_SHA}
WHITELIST: CVE-2021-22946,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080
depends_on:
- package_analytics-platform_app
when:
event:
- push
- name: scan_query-builder_docker_image
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
environment:
IMAGE_NAME: docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:${DRONE_COMMIT_SHA}
WHITELIST: CVE-2021-22946,CVE-2020-10878,CVE-2020-10543,CVE-2020-14155,CVE-2020-15719,CVE-2019-2201,CVE-2020-29363,CVE-2019-25013,CVE-2021-20231,CVE-2021-20232,CVE-2018-25011,CVE-2018-25014,CVE-2020-36328,CVE-2020-36329,CVE-2021-3517,CVE-2021-33574,CVE-2021-3520,CVE-2021-22924,CVE-2018-12886,CVE-2019-15847,CVE-2020-1751,CVE-2020-1752,CVE-2021-3326,CVE-2021-33574,CVE-2021-35942,CVE-2017-6363,CVE-2021-40145,CVE-2021-30535,CVE-2019-12290,CVE-2019-13115,CVE-2019-3843,CVE-2019-3844,CVE-2017-16932,CVE-2020-11080
depends_on:
- package_query-builder_app
when:
event:
- push
# push images
- name: push_audit_artifactory_latest
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- source set_drone_secrets.sh
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_BRANCH}
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:b${DRONE_BUILD_NUMBER}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_SHA}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:$${DRONE_COMMIT_BRANCH}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-audit-frontend:b${DRONE_BUILD_NUMBER}
depends_on:
- scan_audit_docker_image
when:
branch:
- master
event:
- push
- name: push_leadgen_artifactory_latest
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- source set_drone_secrets.sh
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_BRANCH}
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:b${DRONE_BUILD_NUMBER}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_SHA}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:$${DRONE_COMMIT_BRANCH}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-leadgen-frontend:b${DRONE_BUILD_NUMBER}
depends_on:
- scan_leadgen_docker_image
when:
branch:
- master
event:
- push
- name: push_air_leadgen_artifactory_latest
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- source set_drone_secrets.sh
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_BRANCH}
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:b${DRONE_BUILD_NUMBER}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_SHA}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:$${DRONE_COMMIT_BRANCH}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-air-leadgen-frontend:b${DRONE_BUILD_NUMBER}
depends_on:
- scan_air_leadgen_docker_image
when:
branch:
- master
event:
- push
- name: push_search_artifactory_latest
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- source set_drone_secrets.sh
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_BRANCH}
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:b${DRONE_BUILD_NUMBER}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_SHA}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:$${DRONE_COMMIT_BRANCH}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-search-frontend:b${DRONE_BUILD_NUMBER}
depends_on:
- scan_search_docker_image
when:
branch:
- master
event:
- push
- name: push_analytics-platform_artifactory_latest
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- source set_drone_secrets.sh
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_BRANCH}
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:b${DRONE_BUILD_NUMBER}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_SHA}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:$${DRONE_COMMIT_BRANCH}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-analytics-platform-frontend:b${DRONE_BUILD_NUMBER}
depends_on:
- scan_analytics-platform_docker_image
when:
branch:
- master
event:
- push
- name: push_query-builder_artifactory_latest
pull: if-not-exists
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
commands:
- source set_drone_secrets.sh
- docker login -u=$${DOCKER_USERNAME} -p=$${DOCKER_PASSWORD} docker.digital.homeoffice.gov.uk
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_BRANCH}
- docker tag docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA} docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:b${DRONE_BUILD_NUMBER}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_SHA}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:$${DRONE_COMMIT_BRANCH}
- docker push docker.digital.homeoffice.gov.uk/ukhomeofficedigital/entitysearch-query-builder-frontend:b${DRONE_BUILD_NUMBER}
depends_on:
- scan_query-builder_docker_image
when:
branch:
- master
event:
- push
- name: retrieve-notprod-secrets
pull: if-not-exists
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0
commands: &retrieve-secrets
- echo "export DEPLOYMENT_TOKEN=$(vault read -field=$${ENV}_kube_token secret/dacc/es/admin/kube-tokens/$${ENV}-kube-token)" >> set_drone_secrets.sh
environment:
ENV: notprod
VAULT_ADDR:
from_secret: VAULT_ADDR_NOTPROD
VAULT_TOKEN:
from_secret: VAULT_TOKEN_NOTPROD
depends_on:
- push_audit_artifactory_latest
- push_leadgen_artifactory_latest
- push_search_artifactory_latest
- push_analytics-platform_artifactory_latest
- push_query-builder_artifactory_latest
when:
event:
- push
branch:
- master
# CD processes
- name: deploy-notprod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.16.0
depends_on:
- retrieve-notprod-secrets
commands: &deploy_settings
- echo "starting $${ENV} deployment"
- source set_drone_secrets.sh
- export DOCKER_IMAGE_TAG=$${DRONE_COMMIT_SHA}
- export DRONE_DEPLOY_TO=$${ENV}
- export FRONTEND_APP_NAMES=$(echo "audit leadgen search analytics-platform query-builder air-leadgen" | base64)
- export ACTION=deploy
- echo $DRONE_DEPLOY_TO
- apk update
- apk add curl
- ./deploy.sh
environment:
ENV: notprod
when:
event:
- push
branch:
- master
- name: retrieve-preprod-secrets
pull: if-not-exists
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0
commands:
*retrieve-secrets
environment:
ENV: prod
VAULT_ADDR:
from_secret: VAULT_ADDR_PROD
VAULT_TOKEN:
from_secret: VAULT_TOKEN_PROD
depends_on:
- deploy-notprod
when:
event:
- push
branch:
- master
- name: deploy-preprod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.16.0
depends_on:
- retrieve-preprod-secrets
commands: *deploy_settings
environment:
ENV: preprod
when:
event:
- push
branch:
- master
- name: retrieve-prod-secrets
pull: if-not-exists
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0
commands:
*retrieve-secrets
environment:
ENV: prod
VAULT_ADDR:
from_secret: VAULT_ADDR_PROD
VAULT_TOKEN:
from_secret: VAULT_TOKEN_PROD
when:
event:
- promote
target:
- production
- name: deploy-prod
pull: if-not-exists
image: quay.io/ukhomeofficedigital/kd:v1.16.0
commands:
- echo "starting $${ENV} deployment"
- source set_drone_secrets.sh
- export DOCKER_IMAGE_TAG=$${DRONE_COMMIT_SHA}
- export DRONE_DEPLOY_TO=prod
- export FRONTEND_APP_NAMES=$(echo ${FRONTEND_APP_NAMES} | base64)
- export ACTION=deploy
- echo $DRONE_DEPLOY_TO
- apk update
- apk add curl
- ./deploy.sh
depends_on:
- retrieve-prod-secrets
environment:
ENV: prod
when:
event:
- promote
target:
- production
- name: notify_slack_deploy_notprod
pull: if-not-exists
image: plugins/slack:1.0
commands:
- source set_drone_secrets.sh
- /bin/drone-slack
environment:
PLUGIN_CHANNEL: hodac
PLUGIN_ICON_URL: http://readme.drone.io/0.5/logo_dark.svg
PLUGIN_TEMPLATE: "entitysearch react frontend deployment notprod status: *{{repo.Name}}* - build #{{build.Number}} finished with a *{{build.Status}}* status.\n *Drone link*: {{build.Link}}\n *Branch*: {{build.Branch}}\n *Author*: {{build.Author}}\n *Commit*: {{build.Commit}}\n"
PLUGIN_USERNAME: drone
depends_on:
- deploy-notprod
when:
event:
- push
branch:
- master
status:
- success
- failure
- name: notify_slack_deploy_preprod
pull: if-not-exists
image: plugins/slack:1.0
commands:
- source set_drone_secrets.sh
- /bin/drone-slack
environment:
PLUGIN_CHANNEL: hodac
PLUGIN_ICON_URL: http://readme.drone.io/0.5/logo_dark.svg
PLUGIN_TEMPLATE: "entitysearch react frontend deployment notprod status: *{{repo.Name}}* - build #{{build.Number}} finished with a *{{build.Status}}* status.\n *Drone link*: {{build.Link}}\n *Branch*: {{build.Branch}}\n *Author*: {{build.Author}}\n *Commit*: {{build.Commit}}\n"
PLUGIN_USERNAME: drone
depends_on:
- deploy-preprod
when:
event:
- push
branch:
- master
status:
- success
- failure
- name: notify_slack_deploy_prod
pull: if-not-exists
image: plugins/slack:1.0
commands:
- source set_drone_secrets.sh
- /bin/drone-slack
environment:
PLUGIN_CHANNEL: hodac
PLUGIN_ICON_URL: http://readme.drone.io/0.5/logo_dark.svg
PLUGIN_TEMPLATE: "entitysearch react frontend deployed in prod status: *{{repo.Name}}* - build #{{build.Number}} finished with a *{{build.Status}}* status.\n *Drone link*: {{build.Link}}\n *Branch*: {{build.Branch}}\n *Author*: {{build.Author}}\n *Commit*: {{build.Commit}}\n"
PLUGIN_USERNAME: drone
depends_on:
- deploy-prod
when:
event:
- promote
status:
- success
- failure
- name: renew-vault-tokens
pull: if-not-exists
image: quay.io/ukhomeofficedigital/hashicorp-vault:1.6.0
commands:
# Renew Dev Drone Vault Token
- export VAULT_TOKEN=$${VAULT_TOKEN_DEV}
- export VAULT_ADDR=$${VAULT_ADDR_DEV}
- vault token renew > /dev/null
- unset VAULT_TOKEN
# Renew NotProd Drone Vault Token
- export VAULT_TOKEN=$${VAULT_TOKEN_NOTPROD}
- export VAULT_ADDR=$${VAULT_ADDR_NOTPROD}
- vault token renew > /dev/null
- unset VAULT_TOKEN
# Renew NotProd Drone Vault Token
- export VAULT_TOKEN=$${VAULT_TOKEN_PROD}
- export VAULT_ADDR=$${VAULT_ADDR_PROD}
- vault token renew > /dev/null
environment:
VAULT_ADDR_DEV:
from_secret: VAULT_ADDR_DEV
VAULT_TOKEN_DEV:
from_secret: VAULT_TOKEN_DEV
VAULT_ADDR_NOTPROD:
from_secret: VAULT_ADDR_NOTPROD
VAULT_TOKEN_NOTPROD:
from_secret: VAULT_TOKEN_NOTPROD
VAULT_ADDR_PROD:
from_secret: VAULT_ADDR_PROD
VAULT_TOKEN_PROD:
from_secret: VAULT_TOKEN_PROD
when:
event:
- cron
services:
- name: docker
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/dind
- name: anchore-submission-server
image: 340268328991.dkr.ecr.eu-west-2.amazonaws.com/acp/anchore-submission:latest
pull: always
commands:
- /run.sh server
Raw
iso-drone.yaml
---
kind: pipeline
name: default
type: kubernetes
platform:
os: linux
arch: amd64
steps:
- name: pull-manifest
pull: always
image: docker-hub.digital.homeoffice.gov.uk/amazon/aws-cli:latest
commands:
- aws s3 sync s3://$${AWS_S3_BUCKET}/manifest manifest
environment:
AWS_DEFAULT_REGION: eu-west-2
AWS_ACCESS_KEY_ID:
from_secret: cba_devops_aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: cba_devops_aws_secret_access_key
AWS_S3_BUCKET:
from_secret: cba_devops_aws_bucket_name
AWS_KMS_KEY_ID:
from_secret: cba_devops_aws_kms_key_id
when:
event:
- pull_request
- tag
- name: decrypt-repo
pull: always
image: docker-hub.digital.homeoffice.gov.uk/alpine:latest
commands:
- apk add git-crypt
- echo $${ISO_SYMMETRIC_KEY} | base64 -d > iso-symmetric-key
- git-crypt unlock iso-symmetric-key
environment:
ISO_SYMMETRIC_KEY:
from_secret: iso_symmetric_key
when:
event:
- pull_request
- tag
- name: check-for-iso
pull: always
image: docker-hub.digital.homeoffice.gov.uk/amazon/aws-cli:latest
commands:
- source manifest/manifest
- bash -x scripts/get-iso.sh
environment:
AWS_DEFAULT_REGION: eu-west-2
AWS_ACCESS_KEY_ID:
from_secret: cba_devops_aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: cba_devops_aws_secret_access_key
AWS_S3_BUCKET:
from_secret: cba_devops_aws_bucket_name
AWS_KMS_KEY_ID:
from_secret: cba_devops_aws_kms_key_id
when:
event:
- pull_request
- tag
- name: build-iso
pull: always
image: docker-hub.digital.homeoffice.gov.uk/centos:7
commands:
- source manifest/manifest
- bash -x scripts/build-iso.sh
when:
event:
- pull_request
- tag
- name: upload-iso
pull: always
image: docker-hub.digital.homeoffice.gov.uk/amazon/aws-cli:latest
commands:
- source manifest/manifest
- aws s3 cp --no-progress build/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO} s3://$${AWS_S3_BUCKET}/iso/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO} --sse aws:kms --sse-kms-key-id $${AWS_KMS_KEY_ID}
- aws s3 cp --no-progress build/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.md5sum s3://$${AWS_S3_BUCKET}/iso/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.md5sum --sse aws:kms --sse-kms-key-id $${AWS_KMS_KEY_ID}
- aws s3 cp --no-progress build/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.sha256sum s3://$${AWS_S3_BUCKET}/iso/dist/$${DRONE_TAG}_$${VAR_CBA_CENTOS_ISO}.sha256sum --sse aws:kms --sse-kms-key-id $${AWS_KMS_KEY_ID}
environment:
AWS_DEFAULT_REGION: eu-west-2
AWS_ACCESS_KEY_ID:
from_secret: cba_devops_aws_access_key_id
AWS_SECRET_ACCESS_KEY:
from_secret: cba_devops_aws_secret_access_key
AWS_S3_BUCKET:
from_secret: cba_devops_aws_bucket_name
AWS_KMS_KEY_ID:
from_secret: cba_devops_aws_kms_key_id
when:
event:
- pull_request
- tag
- name: slack-notify
pull: always
image: docker-hub.digital.homeoffice.gov.uk/plugins/slack:latest
settings:
webhook:
from_secret: slack_webhook_url
channel:
from_secret: slack_webhook_channel
template: >
{{#success build.status}}
Build <{{build.link}}|{{repo.name}}@{{build.branch}}#{{build.number}}> was successful!
{{else}}
Build <{{build.link}}|{{repo.name}}@{{build.branch}}#{{build.number}}> failed!
{{/success}}
when:
event:
- pull_request
- tag
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment