Added Jenkinsfile (#2)

Signed-off-by: Martin Lowe <martin.lowe@eclipse-foundation.org>

Jenkinsfile

+  @Library('common-shared') _
+
+  pipeline {
+    agent {
+      kubernetes {
+        label 'buildpack-agent'
+        yaml '''
+        apiVersion: v1
+        kind: Pod
+        spec:
+          containers:
+          - name: buildpack
+            image: buildpack-deps:stable
+            command:
+            - cat
+            tty: true
+            resources:
+              limits:
+                memory: "2Gi"
+                cpu: "1"
+              requests:
+                memory: "2Gi"
+                cpu: "1"
+            volumeMounts:
+            - name: tmp
+              mountPath: /tmp
+          - name: jnlp
+            resources:
+              limits:
+                memory: "2Gi"
+                cpu: "1"
+              requests:
+                memory: "2Gi"
+                cpu: "1"
+            volumeMounts:
+            - name: mvnw
+              mountPath: /home/jenkins/.m2/wrapper
+              readOnly: false
+            - name: m2-repo
+              mountPath: /home/jenkins/.m2/repository
+            - name: settings-xml
+              mountPath: /home/jenkins/.m2/settings.xml
+              subPath: settings.xml
+              readOnly: true
+            - name: tmp
+              mountPath: /tmp
+          volumes:
+          - name: mvnw
+            emptyDir: {}
+          - name: m2-repo
+            emptyDir: {}
+          - name: tmp
+            emptyDir: {}
+          - name: settings-xml
+            secret:
+              secretName: m2-secret-dir
+              items:
+              - key: settings.xml
+                path: settings.xml
+        '''
+      }
+    }
+
+    environment {
+      APP_NAME = 'git-eca-rest-api'
+      NAMESPACE = 'foundation-internal-webdev-apps'
+      IMAGE_NAME = 'eclipsefdn/git-eca-rest-api'
+      CONTAINER_NAME = 'app'
+      ENVIRONMENT = sh(
+        script: """
+          if [ "${env.BRANCH_NAME}" = "master" ]; then
+            printf "production"
+          else
+            printf "${env.BRANCH_NAME}"
+          fi
+        """,
+        returnStdout: true
+      )
+      TAG_NAME = sh(
+        script: """
+          GIT_COMMIT_SHORT=\$(git rev-parse --short ${env.GIT_COMMIT})
+          if [ "${env.ENVIRONMENT}" = "" ]; then
+            printf \${GIT_COMMIT_SHORT}-${env.BUILD_NUMBER}
+          else
+            printf ${env.ENVIRONMENT}-\${GIT_COMMIT_SHORT}-${env.BUILD_NUMBER}
+          fi
+        """,
+        returnStdout: true
+      )
+    }
+
+    options {
+      buildDiscarder(logRotator(numToKeepStr: '10'))
+    }
+
+    stages {
+      stage('Build Java code') {
+        steps {
+          sh './mvnw -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=warn --batch-mode package'
+          stash includes: 'target/', name: 'target'
+        }
+      }
+
+      stage('Build docker image') {
+        agent {
+          label 'docker-build'
+        }
+        steps {
+          unstash 'target'
+
+          sh 'docker build -f src/main/docker/Dockerfile.jvm --no-cache -t ${IMAGE_NAME}:${TAG_NAME} -t ${IMAGE_NAME}:latest .'
+        }
+      }
+
+      stage('Push docker image') {
+        agent {
+          label 'docker-build'
+        }
+        when {
+          anyOf {
+            environment name: 'ENVIRONMENT', value: 'production'
+            environment name: 'ENVIRONMENT', value: 'staging'
+          }
+        }
+        steps {
+          withDockerRegistry([credentialsId: '04264967-fea0-40c2-bf60-09af5aeba60f', url: 'https://index.docker.io/v1/']) {
+            sh '''
+              docker push ${IMAGE_NAME}:${TAG_NAME}
+              docker push ${IMAGE_NAME}:latest
+            '''
+          }
+        }
+      }
+
+      stage('Deploy to cluster') {
+        agent {
+          kubernetes {
+            label 'kubedeploy-agent'
+            yaml '''
+            apiVersion: v1
+            kind: Pod
+            spec:
+              containers:
+              - name: kubectl
+                image: eclipsefdn/kubectl:1.9-alpine
+                command:
+                - cat
+                tty: true
+            '''
+          }
+        }
+
+        when {
+          anyOf {
+            environment name: 'ENVIRONMENT', value: 'production'
+            environment name: 'ENVIRONMENT', value: 'staging'
+          }
+        }
+        steps {
+          container('kubectl') {
+            withKubeConfig([credentialsId: '1d8095ea-7e9d-4e94-b799-6dadddfdd18a', serverUrl: 'https://console-int.c1-ci.eclipse.org']) {
+              sh '''
+                DEPLOYMENT="$(k8s getFirst deployment "${NAMESPACE}" "app=${APP_NAME},environment=${ENVIRONMENT}")"
+                if [[ $(echo "${DEPLOYMENT}" | jq -r 'length') -eq 0 ]]; then
+                  echo "ERROR: Unable to find a deployment to patch matching 'app=${APP_NAME},environment=${ENVIRONMENT}' in namespace ${NAMESPACE}"
+                  exit 1
+                else 
+                  DEPLOYMENT_NAME="$(echo "${DEPLOYMENT}" | jq -r '.metadata.name')"
+                  kubectl set image "deployment.v1.apps/${DEPLOYMENT_NAME}" -n "${NAMESPACE}" "${CONTAINER_NAME}=${IMAGE_NAME}:${TAG_NAME}" --record=true
+                  if ! kubectl rollout status "deployment.v1.apps/${DEPLOYMENT_NAME}" -n "${NAMESPACE}"; then
+                    # will fail if rollout does not succeed in less than .spec.progressDeadlineSeconds
+                    kubectl rollout undo "deployment.v1.apps/${DEPLOYMENT_NAME}" -n "${NAMESPACE}"
+                    exit 1
+                  fi
+                fi
+              '''
+            }
+          }
+        }
+      }
+    }
+
+    post {
+      always {
+        deleteDir() /* clean up workspace */
+        sendNotifications currentBuild
+      }
+    }
+  }
\ No newline at end of file

src/main/k8s/production.yml

@@ -28,6 +28,15 @@ spec:
           requests:
             cpu: 200m
             memory: 512Mi
+        args: ["-Dconfig.secret.path=/run/secrets/git-eca-rest-api/secret.properties"]
+        volumeMounts:
+        - name: api-oauth-token
+          mountPath: "/run/secrets/git-eca-rest-api"
+          readOnly: true
+      volumes:
+      - name: api-oauth-token
+        secret:
+          secretName: git-eca-rest-api
 ---
 apiVersion: "v1"
 kind: "Service"

src/main/k8s/staging.yml

@@ -28,6 +28,15 @@ spec:
           requests:
             cpu: 100m
             memory: 512Mi
+        args: ["-Dconfig.secret.path=/run/secrets/git-eca-rest-api/secret.properties"]
+        volumeMounts:
+        - name: api-oauth-token
+          mountPath: "/run/secrets/git-eca-rest-api"
+          readOnly: true
+      volumes:
+      - name: api-oauth-token
+        secret:
+          secretName: git-eca-rest-api
 ---
 apiVersion: "v1"
 kind: "Service"

src/main/rb/eca.rb

@@ -79,8 +79,5 @@ commit_keys.each do |key|
 end
 ## If error, exit as status 1
 if (response.code == 403) then
-  #exit 1
+  exit 1
 end
-
-## Hardcode exit for testing
-exit 1

src/main/resources/application.properties

@@ -4,4 +4,8 @@ org.eclipsefoundation.git.eca.api.BotsAPI/mp-rest/url=https://api.eclipse.org
 
 ## OAUTH CONFIG
 oauth2.scope=eclipsefdn_view_all_profiles
-quarkus.http.port=8080
\ No newline at end of file
+quarkus.http.port=8080
+
+## required to start when secret.properties isn't found/mounted
+oauth2.client-id=placeholder
+oauth2.client-secret=placeholder
\ No newline at end of file

src/test/java/org/eclipsefoundation/git/eca/resource/ValidationResourceTest.java

@@ -65,7 +65,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(200)
 					.body("passed", is(true),
@@ -113,7 +113,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(200)
 					.body("passed", is(true),
@@ -147,7 +147,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(200)
 					.body("passed", is(true),
@@ -182,7 +182,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(200)
 					.body("passed", is(true),
@@ -217,7 +217,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),
@@ -254,7 +254,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),
@@ -296,7 +296,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(200)
 					.body("passed", is(true),
@@ -324,7 +324,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),
@@ -366,7 +366,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(200)
 					.body("passed", is(true),
@@ -394,7 +394,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),
@@ -429,7 +429,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),
@@ -468,7 +468,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),
@@ -507,7 +507,7 @@ public class ValidationResourceTest {
 		given()
 			.body(vr)
 			.contentType(ContentType.JSON)
-				.when().post("/git/eca")
+				.when().post("/eca")
 				.then()
 					.statusCode(403)
 					.body("passed", is(false),

src/test/java/org/eclipsefoundation/git/eca/service/impl/MockOAuthService.java

+package org.eclipsefoundation.git.eca.service.impl;
+
+import org.eclipsefoundation.git.eca.service.OAuthService;
+
+import io.quarkus.test.Mock;
+
+/**
+ * Disable the OAuth service while in testing via a mock service. This will
+ * never authenticate, but since all external data is mocked, this does not
+ * impact testing.
+ * 
+ * @author Martin Lowe
+ *
+ */
+@Mock
+public class MockOAuthService implements OAuthService {
+
+	@Override
+	public String getToken() {
+		// return an empty (invalid) token every time
+		return "";
+	}
+
+}