###1-bundle
if ! gem list | grep -q bundler
then
gem install bundler
fi
bundle
###2-unittest
export LANG=en_US.UTF-8
COVERAGE=true rake ci:setup:rspec spec
metric_fu --no-open --no-churn
bundle exec teaspoon
###3-acceptance
Executa os cenários de testes automatizados com cucumber, para verificar a integridade da nova versão
#RAILS_ENV=test rake db:create
#RAILS_ENV=test rake db:migrate
rake cucumber:ci || :
###4-security
brakeman -z -w2 -o brakeman-output.tabs
pos-build(Groovy Script):
def result = manager.build.result
def commit = manager.build.getEnvironment()["GIT_COMMIT"]
def command = """arcsight -t BRAKEMAN -j 172.19.24.174 -s ${commit} -p ubber-site -a jenkins ${result}"""
manager.listener.logger.println command
def proc = command.execute()
proc.waitFor()
manager.listener.logger.println "stderr: ${proc.err.text}"
manager.listener.logger.println "stdout: ${proc.in.text}"
###5-tagging
Utiliza o stepup para gerar o número da versão, baseado na máscara: 0.0.0-0. Cria a tag no git e atualiza o bitbucket com a nova tag
#(cat .git/config | grep notes > /dev/null) || git config --add remote.origin.fetch +refs/notes/*:refs/notes/*
(stepup version | grep + > /dev/null) && stepup version create --no-editor -m 'Versão gerada pelo Jenkins'
git push --tags
git push origin refs/notes/versioning
CURRENT_VERSION=$(stepup version)
VERSION=$(echo $CURRENT_VERSION | sed 's/v//' | cut -f1 -d '-')
REVISION=$(echo $CURRENT_VERSION | cut -f2 -d '-')
echo "REVISION=$REVISION" > version
echo "VERSION=$VERSION" >> version
echo "GIT_COMMIT=$GIT_COMMIT" >> version
###6-package_deps
Utiliza o Koji para gerar o RPM de deps da aplicação, utilizando a versão testada e gerada pelos jobs anteriores.
Groovy command:
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'GIT_COMMIT', 'LAST_COMMIT')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'VERSION', 'VERSION')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'REVISION', 'RELEASE')
build = br.com.abril.jenkins.weapons.Build.current()
bundle = build.getUpstreamBuild('ubber_site-bundle')
current = build
while (true) {
if (current.jenkinsBuild.previousBuild) {
previous = current.previousBuild()
previousBundle = previous.getUpstreamBuild('ubber_site-bundle')
if (previousBundle.jenkinsBuild != bundle.jenkinsBuild) {
if (previous.isSuccessful()) {
build.addEnvVar('LAST_GIT_COMMIT', previous.getUpstreamBuild('ubber_site-tagging').getPropertiesFromArtifact('version')['GIT_COMMIT'])
break
}
}
current = previous
} else {
build.addEnvVar('LAST_GIT_COMMIT', bundle.previousBuild().jenkinsBuild.getEnvironment(hudson.model.TaskListener.NULL)['GIT_COMMIT'])
break
}
}
Shell command:
echo "GIT_COMMIT: ${GIT_COMMIT}"
echo "LAST_COMMIT: ${LAST_COMMIT}"
echo "GIT_PREVIOUS_COMMIT: ${GIT_PREVIOUS_COMMIT}"
CHANGED=$(git diff --name-only $LAST_COMMIT $LAST_GIT_COMMIT -- Gemfile.lock devops/rpm/dependencies/Makefile devops/rpm/dependencies/ubber-site-deps.spec)
if [ $CHANGED ]; then
PACKAGE_NAME="ubber-site-deps21-$VERSION-$RELEASE.el6"
LAST_BUILD=$(koji latest-build --quiet cds-ubbersite-dev ubber-site-deps21 | awk '{print $1}')
if [ $LAST_BUILD != $PACKAGE_NAME ]; then
koji build --wait cds-ubbersite git+ssh://[email protected]/abrilmdia/ubber-site.git?devops/rpm/dependencies#${LAST_COMMIT}
koji wait-repo --build=$PACKAGE_NAME cds-ubbersite-dev --timeout=7
fi
git tag deps-v${VERSION}-${RELEASE}
git push --tags
echo "MUDOU!"
else
PACKAGE_NAME=$(koji latest-build --quiet cds-ubbersite-dev ubber-site-deps21 | awk '{print $1}')
VERSION=$(echo $PACKAGE_NAME | awk -F'-' '{print $4}')
RELEASE=$(echo $PACKAGE_NAME | awk -F'-' '{print $5}' | awk -F'.' '{print $1}')
echo "NAO MUDOU"
fi
RPM_FILENAME="${PACKAGE_NAME}.x86_64.rpm"
echo "RPM_FILENAME=$RPM_FILENAME" > RPM_FILENAME
echo "PACKAGE_NAME=$PACKAGE_NAME" >> RPM_FILENAME
echo "VERSION=$VERSION" >> RPM_FILENAME
echo "RELEASE=$RELEASE" >> RPM_FILENAME
###7-package
Utiliza o Koji para gerar o RPM da aplicação, utilizando a versão testada e gerada pelos jobs anteriores.
Groovy command:
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'GIT_COMMIT', 'GIT_COMMIT')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'VERSION', 'VERSION')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'REVISION', 'REVISION')
Shell command:
LAST_KOJI_BUILD=$(koji latest-build cds-ubbersite-dev ubber-site | grep cds-ubbersite | awk '{print $1}')
if [ "$LAST_KOJI_BUILD" != "ubber-site-${VERSION}-${REVISION}.el6.abril" ]; then
koji build --wait cds-ubbersite git+ssh://[email protected]/abrilmdia/ubber-site.git#${GIT_COMMIT}
fi
echo "RPM_FILENAME=ubber-site-$VERSION-$REVISION.el6.abril.x86_64.rpm" > RPM_FILENAME
echo "RPM_NAME=ubber-site-$VERSION-$REVISION.el6.abril" >> RPM_FILENAME
echo "RPM_ASSETS_NAME=ubber-site-assets-$VERSION-$REVISION.el6.abril" >> RPM_FILENAME
echo "RPM_VERSION=$VERSION" >> RPM_FILENAME
echo "RPM_RELEASE=$REVISION" >> RPM_FILENAME
###8-promotestage
Groovy command:
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package', 'RPM_FILENAME', 'RPM_NAME', 'RPM')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package_deps', 'RPM_FILENAME', 'PACKAGE_NAME', 'RPM_DEPS')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package', 'RPM_FILENAME', 'RPM_ASSETS_NAME', 'RPM_ASSETS')
Shell command:
function regen_repo() {
koji regen-repo cds-ubbersite-stage
TASK_ID=$(koji list-tasks --mine | grep -v FAILED | grep -v CLOSED | grep newRepo | awk '{ print $1 }')
koji watch-task $TASK_ID
}
koji tag-build cds-ubbersite-stage $RPM
regen_repo
koji tag-build cds-ubbersite-stage $RPM_DEPS
regen_repo
curl http://kojiserver.abril.com.br/kojifiles/repos/cds-ubbersite-stage/latest/x86_64/pkglist | grep $RPM
curl http://kojiserver.abril.com.br/kojifiles/repos/cds-ubbersite-stage/latest/x86_64/pkglist | grep $RPM_ASSETS
curl http://kojiserver.abril.com.br/kojifiles/repos/cds-ubbersite-stage/latest/x86_64/pkglist | grep $RPM_DEPS
echo "RPM=$RPM" > RPM_FILENAME
echo "RPM_DEPS=$RPM_DEPS" >> RPM_FILENAME
echo "RPM_ASSETS=$RPM_ASSETS" >> RPM_FILENAME
###9-codereview
Envia um e-mail para o time com as informações de TAG, SHA1 do commit e nome do RPM gerado da versão aprovada para produção.
Groovy command:
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-promotestage', 'RPM_FILENAME', 'RPM', 'RPM')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-promotestage', 'RPM_FILENAME', 'RPM_DEPS', 'RPM_DEPS')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-tagging', 'version', 'GIT_COMMIT', 'GIT_COMMIT')
br.com.abril.jenkins.weapons.Helper.copyArtifactFromLastSuccessfulBuild('ubber_site-codereview', 'CODE_REVIEW', 'GIT_COMMIT', 'LAST_COMMIT_SENT')
br.com.abril.jenkins.weapons.Helper.copyArtifactFromLastSuccessfulBuild('ubber_site-codereview', 'CODE_REVIEW', 'ISSUE_ID', 'LAST_ISSUE_ID')
// e se, eu rodar um job anterior ao último? hein?
Shell command:
PROJECT_ID=157 # Abril Testing (129), Anotacoes Web (118), Site Engine (106), Site Tools (105), UbberSite (157)
TRACKER_ID=4 # CR - Code Review
AUTHOR_ID=39 # abril_cds (110), afmacedo (94), hamilton (39)
ASSIGNED_TO=10 # Gustavo Pimentel (10)
API_KEY="81d9bb04e4814e6b573cbcecc43fbaf0794263f6"
#API_KEY="5ea0f2533129d93b5aa95271bf6c8653c09899b2"
WATCHER_IDS=(39)
SUBMIT_TICKET_TO_CONVISO=1
echo "User: $BUILD_USER"
echo "User First Name: $BUILD_USER_FIRST_NAME"
echo "User Last Name: $BUILD_USER_LAST_NAME"
echo "User Id: $BUILD_USER_ID"
[ -z $GIT_URL ] && GIT_URL="[email protected]:abrilmdia/ubbersite-casa.git"
TAG=$(echo $RPM | cut -f3 -d'-')-$(echo $RPM | cut -f4 -d'-' | cut -d'.' -f1)
PRODUTO=$(echo $GIT_URL | sed -s 's/.*\///' | cut -d'.' -f1)
GIT_TAG="v$TAG"
RPM_HASH=$(koji rpminfo ${RPM}.x86_64 | grep Payload | awk '{ print $2 }')
RPM_DEPS_HASH=$(koji rpminfo ${RPM_DEPS}.x86_64 | grep Payload | awk '{ print $2 }')
echo "GIT_COMMIT=$GIT_COMMIT"
echo "RPM_FILENAME=$RPM"
echo "RPM_DEPS_FILENAME=$RPM_DEPS"
echo "TAG=$TAG"
echo "PRODUTO=$PRODUTO"
echo "GIT_TAG=$GIT_TAG"
echo "RPM_HASH=$RPM_HASH"
#echo "RPM_DEPS_HASH=$RPM_DEPS_HASH"
#if [ $LAST_COMMIT_SENT = $GIT_COMMIT ]; then
# echo "Já criei anteriormente, não vou fazer de novo! Dê uma olhada no ticket: http://sac.conviso.com.br/issues/$LAST_ISSUE_ID"
# exit 0;
#fi
BODY="Solicito o code review do *+$PRODUTO+*. Abaixo, a lista dos repositórios e hashes:
repositório: $GIT_URL
TAG: $GIT_TAG
SHA1: $GIT_COMMIT
RPM_FILENAME: $RPM
RPM_HASH: $RPM_HASH
RPM_DEPS_FILENAME: $RPM_DEPS
RPM_DEPS_HASH: $RPM_DEPS_HASH
Todos arquivos e diretórios, exceto:
features/*
spec/*
Obrigado,
-- Jenkins"
#### Prepare and submit new issue request ####
if [ $SUBMIT_TICKET_TO_CONVISO -eq 1 ]; then
SUBJECT="$PRODUTO - $GIT_TAG"
XML="
<issue>
<project_id>$PROJECT_ID</project_id>
<subject>$SUBJECT</subject>
<tracker_id>$TRACKER_ID</tracker_id>
<assigned_to_id>$ASSIGNED_TO</assigned_to_id>
<description>$BODY</description>
<priority_id>162</priority_id>
<custom_fields type='array'>
<custom_field id='2' value='$GIT_TAG'/>
</custom_fields>
</issue>"
RET=$(curl -k -v -H "Content-Type: application/xml" -X POST --data "$XML" -H "X-Redmine-API-key: $API_KEY" https://sac.conviso.com.br/issues.xml)
#echo $RET
ISSUE_ID=$(echo $RET | sed -s 's/^.*<id>//' | sed -s 's/<\/id>.*$//')
if [ -n "$ISSUE_ID" ]; then
for watcher in "${WATCHER_IDS[@]}"; do
curl -k -v -H "Content-Type: application/json" -X POST --data "{\"user_id\":\"$watcher\"}" -H "X-Redmine-API-key: $API_KEY" https://sac.conviso.com.br/issues/$ISSUE_ID/watchers.json
done
fi
else
exit 0
fi
if [ -z $ISSUE_ID ]; then
echo 'Cadê o ISSUE_ID da conviso???'
exit 1
fi
curl -d "message=Ticket na CONVISO aberto #${ISSUE_ID} para o projeto do ubber-site(${TAG}).&room=#maio" http://maiohubot.herokuapp.com/notify
curl -d "message=H2: Fique de olho, por favor (http://sac.conviso.com.br/issues/$ISSUE_ID).&room=#maio" http://maiohubot.herokuapp.com/notify
echo "ISSUE_ID=$ISSUE_ID" > CODE_REVIEW
echo "GIT_TAG=$GIT_TAG" >> CODE_REVIEW
echo "GIT_COMMIT=$GIT_COMMIT" >> CODE_REVIEW
echo "RPM_FILENAME=$RPM" >> CODE_REVIEW
echo "RPM_HASH=$RPM_HASH" >> CODE_REVIEW
echo "RPM_DEPS_FILENAME=$RPM_DEPS" >> CODE_REVIEW
echo "RPM_DEPS_HASH=$RPM_DEPS_HASH" >> CODE_REVIEW
exit 0
###10-promoteprod
Groovy command:
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-promotestage', 'RPM_FILENAME', 'RPM', 'RPM')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-promotestage', 'RPM_FILENAME', 'RPM_DEPS', 'RPM_DEPS')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package', 'RPM_FILENAME', 'RPM_VERSION', 'RPM_VERSION')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package', 'RPM_FILENAME', 'RPM_RELEASE', 'RPM_RELEASE')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package_deps', 'RPM_FILENAME', 'VERSION', 'RPM_DEPS_VERSION')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-package_deps', 'RPM_FILENAME', 'RELEASE', 'RPM_DEPS_RELEASE')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-codereview', 'CODE_REVIEW', 'GIT_COMMIT', 'GIT_COMMIT')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-codereview', 'CODE_REVIEW', 'RPM_HASH', 'RPM_HASH')
br.com.abril.jenkins.weapons.Helper.copyFromArtifact('ubber_site-codereview', 'CODE_REVIEW', 'RPM_DEPS_HASH', 'RPM_DEPS_HASH')
build = br.com.abril.jenkins.weapons.Build.current()
build.addEnvVar('BUILD_USER_ID', build.buildUserId())
Shell command:
echo "RPM=$RPM" > RPM_FILENAME
echo "RPM_DEPS=$RPM_DEPS" >> RPM_FILENAME
function regen_repo() {
koji regen-repo cds-ubbersite-prod
TASK_ID=$(koji list-tasks --mine | grep -v FAILED | grep -v CLOSED | grep newRepo | awk '{ print $1 }')
koji watch-task $TASK_ID
}
koji tag-build cds-ubbersite-prod $RPM
regen_repo
koji tag-build cds-ubbersite-prod $RPM_DEPS
regen_repo
curl http://kojiserver.abril.com.br/kojifiles/repos/cds-ubbersite-prod/latest/x86_64/pkglist | grep $RPM
curl http://kojiserver.abril.com.br/kojifiles/repos/cds-ubbersite-prod/latest/x86_64/pkglist | grep $RPM_DEPS
VERSION="${RPM_VERSION}-${RPM_RELEASE}"
VERSION_DEPS="${RPM_DEPS_VERSION}-${RPM_DEPS_RELEASE}"
MD5=$(koji rpminfo ${RPM}.x86_64 | grep Payload | awk '{ print $2 }')
MD5_DEPS=$(koji rpminfo ${RPM_DEPS}.x86_64 | grep Payload | awk '{ print $2 }')
AUTHOR=$BUILD_USER_ID
HOSTADDR=172.30.131.185
PROJECT=UbberSite
arcsight -t ABRILDEPLOY -j ${HOSTADDR} -s ${GIT_COMMIT} -p ${PROJECT} -a ${AUTHOR} "${RPM},${RPM_HASH}"
arcsight -t ABRILDEPLOY -j ${HOSTADDR} -s ${GIT_COMMIT} -p ${PROJECT} -a ${AUTHOR} "${RPM_DEPS},${RPM_DEPS_HASH}"
openticket.py "Deploy em execucao: ${PROJECT} ${VERSION}" "Favor cadastrar deploy no painel de GMUD.\nProjeto: ${PROJECT}\nURL: ${BUILD_URL}\nVersao: ${VERSION}\nAutor: ${AUTHOR}"
###11-seed
Shell command:
snmpwalk -v3 -a SHA -A ubber@maio -x AES -X ubber@maioPriv -l authPriv -u ubber 172.16.19.141 -c snmpnea .1.3.6.1.4.1.8072.1.3.2.3.1.1.5.117.98.98.101.114
sleep 5
snmpwalk -v3 -a SHA -A ubber@maio -x AES -X ubber@maioPriv -l authPriv -u ubber 172.16.19.141 -c snmpnea .1.3.6.1.4.1.8072.1.3.2.3.1.1.3.97.112.112