lenape/nvhi-atsila-microservice
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

automated terminal push

Browse Source
This commit is contained in:
lenape
2025-07-15 05:32:10 +00:00
parent 8eb7b4533d
commit 8c67b2c218
1 changed files with 100 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

126
Jenkinsfile vendored
View File

@@ -62,21 +62,30 @@ pipeline {
echo "🔐 Using Jenkins credentials to authenticate with AWS" echo "🔐 Using Jenkins credentials to authenticate with AWS"
withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: env.AWS_CRED_ID]]) { withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: env.AWS_CRED_ID]]) {
echo "🔄 Bootstrapping Terraform backend..." echo "🔄 Checking/Bootstrapping Terraform backend..."
dir(tfBackendDir) { dir(tfBackendDir) {
sh """ try {
terraform init \\ sh """
-var="aws_region=${TF_VAR_aws_region}" \\ terraform init \\
-var="backend_bucket_name=${TF_BACKEND_BUCKET}" \\ -var="aws_region=${TF_VAR_aws_region}" \\
-var="lock_table_name=${TF_DDB_TABLE}" -var="backend_bucket_name=${TF_BACKEND_BUCKET}" \\
terraform apply -auto-approve \\ -var="lock_table_name=${TF_DDB_TABLE}"
-var="aws_region=${TF_VAR_aws_region}" \\ terraform apply -auto-approve \\
-var="backend_bucket_name=${TF_BACKEND_BUCKET}" \\ -var="aws_region=${TF_VAR_aws_region}" \\
-var="lock_table_name=${TF_DDB_TABLE}" -var="backend_bucket_name=${TF_BACKEND_BUCKET}" \\
""" -var="lock_table_name=${TF_DDB_TABLE}"
"""
echo "✅ Terraform backend created successfully"
} catch (Exception e) {
if (e.getMessage().contains("BucketAlreadyOwnedByYou") ||
e.getMessage().contains("Table already exists")) {
echo "✅ Terraform backend already exists - continuing..."
} else {
echo "❌ Unexpected error during backend bootstrap: ${e.getMessage()}"
throw e
}
}
} }
echo "✅ Terraform backend created successfully"
} }
} }
} }
@@ -108,8 +117,27 @@ pipeline {
echo "🚨 SECURITY NOTICE: Infrastructure changes detected - elevated permissions required" echo "🚨 SECURITY NOTICE: Infrastructure changes detected - elevated permissions required"
echo " Changed files: ${infrastructureFiles}" echo " Changed files: ${infrastructureFiles}"
} else { } else {
env.DEPLOYMENT_TYPE = "APPLICATION" // Check if infrastructure actually exists in AWS
echo "✅ SECURITY: Application-only deployment - using restricted permissions" def clusterExists = false
try {
withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: env.AWS_CRED_ID]]) {
def clusterCheck = sh(
script: "aws ecs describe-clusters --clusters ${TF_VAR_cluster_name} --region ${AWS_REGION} --query 'clusters[0].status' --output text 2>/dev/null || echo 'NOTFOUND'",
returnStdout: true
).trim()
clusterExists = (clusterCheck == "ACTIVE")
}
} catch (Exception e) {
echo "⚠️ Could not check cluster status: ${e.getMessage()}"
}
if (!clusterExists) {
env.DEPLOYMENT_TYPE = "INFRASTRUCTURE"
echo "🚨 CLEAN AWS DETECTED: No existing infrastructure found - deploying from scratch"
} else {
env.DEPLOYMENT_TYPE = "APPLICATION"
echo "✅ SECURITY: Application-only deployment - using restricted permissions"
}
} }
def gitCommit = sh(script: 'git rev-parse HEAD', returnStdout: true).trim() def gitCommit = sh(script: 'git rev-parse HEAD', returnStdout: true).trim()
@@ -195,6 +223,19 @@ pipeline {
withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: env.AWS_CRED_ID]]) { withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: env.AWS_CRED_ID]]) {
script { script {
echo "🔐 SECURITY: Using ECR for secure, AWS-native container registry" echo "🔐 SECURITY: Using ECR for secure, AWS-native container registry"
// Create ECR repository if it doesn't exist
echo "🔍 Checking/Creating ECR repository..."
sh """
if ! aws ecr describe-repositories --repository-names ${ECR_REPO} --region ${AWS_REGION} 2>/dev/null; then
echo "📦 Creating ECR repository: ${ECR_REPO}"
aws ecr create-repository --repository-name ${ECR_REPO} --region ${AWS_REGION}
echo "✅ ECR repository created successfully"
else
echo "✅ ECR repository already exists"
fi
"""
sh """ sh """
echo "🔐 Authenticating with ECR using temporary credentials..." echo "🔐 Authenticating with ECR using temporary credentials..."
aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com aws ecr get-login-password --region ${AWS_REGION} | docker login --username AWS --password-stdin ${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com
@@ -436,14 +477,24 @@ pipeline {
echo "🚀 DEPLOYMENT: Deploying application to ECS cluster" echo "🚀 DEPLOYMENT: Deploying application to ECS cluster"
// Create task definition // Create task definition
def executionRoleArn = ""
try {
executionRoleArn = sh(
script: 'cd terraform && terraform output -raw ecs_task_execution_role_arn',
returnStdout: true
).trim()
} catch (Exception e) {
echo "⚠️ Could not get execution role ARN: ${e.getMessage()}"
echo "⚠️ Task definition will be created without execution role"
}
def taskDefinition = """ def taskDefinition = """
{ {
"family": "${TF_VAR_cluster_name}-task", "family": "${TF_VAR_cluster_name}-task",
"networkMode": "bridge", "networkMode": "bridge",
"requiresCompatibilities": ["EC2"], "requiresCompatibilities": ["EC2"],
"memory": "512", "memory": "512",
"cpu": "256", "cpu": "256"${executionRoleArn ? ",\n \"executionRoleArn\": \"${executionRoleArn}\"" : ""},
"executionRoleArn": "${sh(script: 'cd terraform && terraform output -raw ecs_task_execution_role_arn', returnStdout: true).trim()}",
"containerDefinitions": [ "containerDefinitions": [
{ {
"name": "${ECR_REPO}", "name": "${ECR_REPO}",
@@ -497,6 +548,7 @@ pipeline {
--service ${TF_VAR_cluster_name}-service \\ --service ${TF_VAR_cluster_name}-service \\
--task-definition ${TF_VAR_cluster_name}-task \\ --task-definition ${TF_VAR_cluster_name}-task \\
--desired-count 1 \\ --desired-count 1 \\
--force-new-deployment \\
--region ${AWS_REGION} --region ${AWS_REGION}
else else
echo "✅ Creating new service..." echo "✅ Creating new service..."
@@ -593,7 +645,11 @@ pipeline {
echo "🧹 CLEANUP: Performing post-build cleanup..." echo "🧹 CLEANUP: Performing post-build cleanup..."
// Archive deployment artifacts // Archive deployment artifacts
archiveArtifacts artifacts: 'task-definition.json', allowEmptyArchive: true try {
archiveArtifacts artifacts: 'deployment-audit.json,task-definition.json', allowEmptyArchive: true
} catch (Exception e) {
echo "⚠️ Could not archive artifacts: ${e.getMessage()}"
}
// Clean up Docker images to save space // Clean up Docker images to save space
sh ''' sh '''
@@ -614,10 +670,20 @@ pipeline {
echo "🎉 SUCCESS: Deployment completed successfully!" echo "🎉 SUCCESS: Deployment completed successfully!"
echo " Version ${IMAGE_TAG} deployed to ECS cluster ${TF_VAR_cluster_name}" echo " Version ${IMAGE_TAG} deployed to ECS cluster ${TF_VAR_cluster_name}"
// Send success notification (customize as needed) // Get application URL for success message
// slackSend channel: '#deployments', def appUrl = ""
// color: 'good', try {
// message: "✅ ${env.JOB_NAME} - Build #${env.BUILD_NUMBER} deployed successfully" appUrl = sh(
script: "cd terraform && terraform output -raw ecs_instance_public_ip 2>/dev/null || echo 'unknown'",
returnStdout: true
).trim()
if (appUrl != "unknown" && appUrl != "") {
echo "🌐 Application available at: http://${appUrl}:8080"
echo "🏥 Health check: http://${appUrl}:8080/health"
}
} catch (Exception e) {
echo "⚠️ Could not determine application URL"
}
} }
} }
@@ -626,10 +692,18 @@ pipeline {
echo "❌ FAILURE: Deployment failed" echo "❌ FAILURE: Deployment failed"
echo " Check the logs above for error details" echo " Check the logs above for error details"
// Send failure notification (customize as needed) // Try to get some debug information
// slackSend channel: '#deployments', try {
// color: 'danger', withCredentials([[$class: 'AmazonWebServicesCredentialsBinding', credentialsId: env.AWS_CRED_ID]]) {
// message: "❌ ${env.JOB_NAME} - Build #${env.BUILD_NUMBER} failed" echo "🔍 DEBUG: Checking ECS cluster status..."
sh """
aws ecs describe-clusters --clusters ${TF_VAR_cluster_name} --region ${AWS_REGION} || echo "Cluster check failed"
aws ecs list-container-instances --cluster ${TF_VAR_cluster_name} --region ${AWS_REGION} || echo "Instance list failed"
"""
}
} catch (Exception e) {
echo "⚠️ Could not get debug information: ${e.getMessage()}"
}
} }
} }