Build with jenkins
ℹ️note
Last tested Jenkins version for custom Jenkins pipelines: Jenkins 2.452.3
The IBM Industry Solutions Workbench provides prebuild pipeline steps ready to use in custom Jenkins pipelines. This sample shows, how to set up custom Jenkins pipelines to work seamlessly with k5 service projects.
Update release dependent container images
The Jenkins pipeline samples contain a section with variables, containing all IBM Industry Solutions Workbench release dependent container images.
To provide a convenient method for updating these container images, the content of the ConfigMap k5-pipeline-image-versions can be used to replace this section.
kind: ConfigMap
apiVersion: v1
metadata:
name: k5-pipeline-image-versions
data:
ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: 'domain-server:7.3.57'
BUILD_BAW_TOOLKIT_IMAGE: 'build-bpm-toolkit@sha256:308c70e7fa192bdf5d95560bb9f79e86256c40f3dc9fb9610a55b180983a5a46'
GENERATE_CODE_TS_IMAGE: 'build-low-code-gen-ts@sha256:0e3b1e740e7d686875cf78796b00570565861b7303b87e8219065d4b7643b3ea'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE: 'k5-domain-server:7.3.57'
GENERATE_CODE_JAVA_IMAGE: 'build-low-code-gen-java@sha256:a77fe2b4f39c69f418c8fe5546f66f4cd2140427f0b375c7b7a9fab2b6e1acdc'
ADO_DS_IMAGE_BASETAG: '7.3.57'
UNIT_TEST_IMAGE: 'step-unit-test@sha256:5ff24d3aef99acbe01ad3efaff11cb996644a568b8e86453e0194a206be7c8a7'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11: 'k5-solution-ubi8-openjdk-11:12.2.59'
DEPLOY_SOLUTION_IMAGE: 'step-deploy-solution@sha256:824a95ff42beacad4beb688a8364bb9a7f6fa4e172a6b79afc8149c589e5361d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17: 'k5-solution-ubi8-openjdk-17:12.2.59'
PREPARE_VALIDATE_DESIGN_MODEL_IMAGE: 'design-model-validation@sha256:c97c56c02d163317094f6e197e7c96f56fecf3d8ede0285fad059cbde5632a33'
PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE: 'prepare-denormalize-domain-model@sha256:85355b07bba338f697434b000099f386c474f266660b07e927a4c485df5ab80d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE: 'k5-solution-ubi8-node:12.2.59'
BUILD_CODE_IMAGE: 'step-build-code@sha256:7d395e574b51d0b2d231fb819fdc024da257a806339fb32c43db278d16873ac8'
BUILD_PUBLISH_DOCKER_IMAGE: 'step-pack-solution-docker@sha256:81e9e83f8cd30ddaf4d3b0b070e75f7e59d8ecd8fa13c61ee8aebe0da1aea01d'
HANDLE_VERSION_IMAGE: 'step-handle-version@sha256:cdb11b32641f3f38dda7b64c05b9e51140234e4a0dea8b181cc978af0e20bafd'
PACK_HELM_CHART_IMAGE: 'step-pack-helm-chart@sha256:6bfb3752bec4fa91b70ec5aba26a2dc27411b4a7556f6673e7d8ec7662f35c52'
Java stack support
This sample shows the content of a Jenkins pipeline to handle a k5 service based on a Java stack.
// Container registry authentication data for all used container image registries (JSON data structure)
DOCKER_AUTH_CONFIG = "{ 'auths': { 'imagerepo.company.cloud': { 'username': 'iamapikey', 'password': 'password', 'auth': 'aWFtYXBpa2***' } }"
// Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
HELM_REPO_USERNAME = "helmRepoUser"
// Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
HELM_REPO_PASSWORD = "password"
// Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
OC_LOGIN_TOKEN ="eyJhbGciOi****"
// configured container image registry path [mandatory]
IMAGE_REGISTRY = "imagerepo.company.cloud/k5_release"
// Acronym of the service project [mandatory]
SOLUTION_ACRONYM = "JAVADDDPROJECT"
// Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST = "openshift-01.company.cloud"
// URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL = "https://urm.company.cloud/repository/component-helm-charts"
// Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY = "imagerepo.company.cloud/k5_components"
// URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL = "https://urm.company.cloud/repository/component-helm-charts/"
// k5 project namespace to install the solution into [mandatory]
K5_PROJECT = "dev-env"
pipeline {
agent any
environment {
// ####################################################################################################################
// Pipeline job and service base images (value from config map 'k5-pipeline-image-versions').
// ####################################################################################################################
ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME = 'domain-server:7.3.57'
BUILD_BAW_TOOLKIT_IMAGE = 'build-bpm-toolkit@sha256:308c70e7fa192bdf5d95560bb9f79e86256c40f3dc9fb9610a55b180983a5a46'
GENERATE_CODE_TS_IMAGE = 'build-low-code-gen-ts@sha256:0e3b1e740e7d686875cf78796b00570565861b7303b87e8219065d4b7643b3ea'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE = 'k5-domain-server:7.3.57'
GENERATE_CODE_JAVA_IMAGE = 'build-low-code-gen-java@sha256:a77fe2b4f39c69f418c8fe5546f66f4cd2140427f0b375c7b7a9fab2b6e1acdc'
ADO_DS_IMAGE_BASETAG = '7.3.57'
UNIT_TEST_IMAGE = 'step-unit-test@sha256:5ff24d3aef99acbe01ad3efaff11cb996644a568b8e86453e0194a206be7c8a7'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11 = 'k5-solution-ubi8-openjdk-11:12.2.59'
DEPLOY_SOLUTION_IMAGE = 'step-deploy-solution@sha256:824a95ff42beacad4beb688a8364bb9a7f6fa4e172a6b79afc8149c589e5361d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17 = 'k5-solution-ubi8-openjdk-17:12.2.59'
PREPARE_VALIDATE_DESIGN_MODEL_IMAGE = 'design-model-validation@sha256:c97c56c02d163317094f6e197e7c96f56fecf3d8ede0285fad059cbde5632a33'
PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE = 'prepare-denormalize-domain-model@sha256:85355b07bba338f697434b000099f386c474f266660b07e927a4c485df5ab80d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE = 'k5-solution-ubi8-node:12.2.59'
BUILD_CODE_IMAGE = 'step-build-code@sha256:7d395e574b51d0b2d231fb819fdc024da257a806339fb32c43db278d16873ac8'
BUILD_PUBLISH_DOCKER_IMAGE = 'step-pack-solution-docker@sha256:81e9e83f8cd30ddaf4d3b0b070e75f7e59d8ecd8fa13c61ee8aebe0da1aea01d'
HANDLE_VERSION_IMAGE = 'step-handle-version@sha256:cdb11b32641f3f38dda7b64c05b9e51140234e4a0dea8b181cc978af0e20bafd'
PACK_HELM_CHART_IMAGE = 'step-pack-helm-chart@sha256:6bfb3752bec4fa91b70ec5aba26a2dc27411b4a7556f6673e7d8ec7662f35c52'
// *********************************************************************
// Security related CI/CD variables (stored not within script)
// *********************************************************************
// DOCKER_AUTH_CONFIG: Container registry authentication data for all used container image registries (JSON data structure)
// HELM_REPO_USERNAME: Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
// HELM_REPO_PASSWORD: Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
// OC_LOGIN_TOKEN: Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
// *********************************************************************
// Common CI/CD variables
// *********************************************************************
// configured container image registry path [mandatory]
IMAGE_REGISTRY = ''
// Node.js configuration to optimize script execution for production environments
// see also: https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production
NODE_ENV = "production"
// Acronym of the service project [mandatory]
SOLUTION_ACRONYM = ""
// Name of the used base 'stack' (always 'JAVA')
STACK = "JAVA"
// Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST = ""
// URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL = ""
// Customized maven settings [optional] (value from secret 'k5-build-settings' and key 'mvnSettings'):
MVN_SETTINGS = ""
// Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY = ""
// Registry, which contains the built solution project image (value from secret 'k5-image-registry-binding' and key 'url')
COMPONENT_IMAGE_REGISTRY = "${SERVICE_PROJECT_IMAGE_REGISTRY}"
// *********************************************************************
// CI/CD variables for job 'git-clone'
// *********************************************************************
// Git repository data [mandatory]
GIT_REPO_URL = ""
GIT_BRANCH_NAME = ""
GIT_CREDENTIALS_ID = ""
// *********************************************************************
// CI/CD variables for job 'handle-version'
// *********************************************************************
// Will check if the current version has already been published or not to prevent previous versions to be overwritten
// unintentionally
UNIQUE_SEMVER_CHECK = "false"
// Defines where uniqueness needs to be enforced by adding the current pipeline id to the version number
ENFORCE_UNIQUENESS = "false"
// Adds a timestamp to pre-release versions to ensure that every commit gets built without manually changing the version
PRE_RELEASE_UNIQUENESS = "false"
// Flag, if unit test feature was activated
UNIT_TEST_FEATURE = "true"
// *********************************************************************
// CI/CD variables for job 'build-publish-docker'
// *********************************************************************
// Base container image for Java 11 solution projects
ADO_UBI_JDK_IMAGE_11 = "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11}"
// Base container image for Java 17 solution projects
ADO_UBI_JDK_IMAGE_17 = "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17}"
// *********************************************************************
// CI/CD variables for job 'pack-helm-chart'
// *********************************************************************
// Flag to enable the push to the configures helm repository
PUBLISH = "false"
// URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL = ""
// Request type to upload the helm chart [optional] (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType').
HELM_REPO_REQUEST_TYPE = ""
// File pattern for the helm chart upload [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern').
HELM_REPO_UPLOAD_FILE_PATTERN = "--upload-file"
// *********************************************************************
// CI/CD variables for job 'deploy-solution'
// *********************************************************************
// k5 project namespace to install the solution into [mandatory]
K5_PROJECT = ""
// ID of the current pipeline run '${CI_PIPELINE_ID}'
PIPELINE_RUN = "${env.BUILD_NUMBER}"
// Hostname of the configured Keycloak server [mandatory] (value from secret 'configuration-management-client-secret' and key 'hostname')
KEYCLOAK_HOST = ""
// Internal service project deployment flag (always 'true')
REMOTE_LOGIN_FLAG = "true"
// Internal service project deployment configuration
DEPLOYMENT_CONFIG = "{ 'environment': { 'host': '${K5_PROJECT}.apps.${OPENSHIFT_CLUSTER_HOST}' } }"
OC_LOGIN_URL = "https://api.${OPENSHIFT_CLUSTER_HOST}:6443"
// id of current jenkins user
JENKINS_USER_ID_RAW = """${sh(
returnStdout: true,
script: 'id -u'
)}"""
JENKINS_USER_ID = JENKINS_USER_ID_RAW.trim()
// name of the jenkins credentials to access the registry [mandatory]
CONTAINER_REGISTRY_CREDENTIALS = ""
CONTAINER_REGISTRY_URL = ""
// execute the container images with jenkins user [mandatory]
CONTAINER_ARGS = "-u ${JENKINS_USER_ID}:0"
}
stages {
//#######################################################################################################################
//
// job name: git-clone
//
// description: Clones the git repository of the service project.
stage('git-clone') {
steps {
node ('master') {
sh 'rm -r ./* | echo "done"'
sh 'rm -r ./.* | echo "done"'
git branch: "${GIT_BRANCH_NAME}", credentialsId: "${GIT_CREDENTIALS_ID}", url: "${GIT_REPO_URL}"
}
}
}
//#######################################################################################################################
//
// job name: handle-version
//
// description: This job will extract the project version number and persist it for the step 'build-publish-docker'.
// parameter:
// NODE_ENV: "production"
// PRE_RELEASE_UNIQUENESS [true|false]: Adds a timestamp to pre-release versions to ensure that every commit gets
// built without manually changing the version
// ENFORCE_UNIQUENESS [true|false]: Defines where uniqueness needs to be enforced by adding the current
// pipeline id to the version number
// UNIQUE_SEMVER_CHECK [true|false]: Will check if the current version has already been published or not to
// prevent previous versions to be overwritten unintentionally
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// HELM_REPO_URL: URL of the configured helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'url')
// HELM_REPO_USERNAME: Username for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'username')
// HELM_REPO_PASSWORD: Password for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'password')
stage('handle-version') {
agent {
docker {
image "${IMAGE_REGISTRY}/${HANDLE_VERSION_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-handle-version.sh'
}
}
//####################################################################################################################
//
// job name: prepare-validate-design-model
//
// description: This job will validate the content of the design model.
// parameter:
// NODE_ENV: "production"
//
stage('prepare-validate-design-model') {
agent {
docker {
image "${IMAGE_REGISTRY}/${PREPARE_VALIDATE_DESIGN_MODEL_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v2/step-validate-design-model.sh'
}
}
//####################################################################################################################
//
// job name: prepare-denormalize-domain-model
//
// description: This job will optimize the content of the design model to prepare the code generation.
// parameter:
// NODE_ENV: "production"
//
stage('prepare-denormalize-domain-model') {
agent {
docker {
image "${IMAGE_REGISTRY}/${PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v2/step-denormalize-domain-model.sh'
}
}
//####################################################################################################################
//
// job name: build-baw-toolkit
//
// description: This job will generate a IBM BAW compatible toolkit to access the APIs within process apps.
// parameter:
// NODE_ENV: "production"
//
stage('build-baw-toolkit') {
agent {
docker {
image "${IMAGE_REGISTRY}/${BUILD_BAW_TOOLKIT_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/bpm-toolkit-creator.sh'
}
}
//####################################################################################################################
//
// job name: generate-code
//
// description: This job will generate the source code according to the used stack.
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// MVN_SETTINGS: Customized maven settings
// (value from secret 'k5-build-settings' and key 'mvnSettings')
stage('generate-code') {
agent {
docker {
image "${IMAGE_REGISTRY}/${GENERATE_CODE_JAVA_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-generate-code.sh'
}
}
//####################################################################################################################
//
// job name: build-code
//
// description: This job will build the service project according to the used stack
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// MVN_SETTINGS: Customized maven settings
// (value from secret 'k5-build-settings' and key 'mvnSettings')
stage('build-code') {
agent {
docker {
image "${IMAGE_REGISTRY}/${BUILD_CODE_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-build-code.sh'
}
}
//####################################################################################################################
//
// job name: unit-test
//
// description: This job will execute the project specific unit tests according to the used stack
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// UNIT_TEST_FEATURE: Flag, if unit test feature was activated
// MVN_SETTINGS: Customized maven settings
// (value from secret 'k5-build-settings' and key 'mvnSettings')
stage('unit-test') {
agent {
docker {
image "${IMAGE_REGISTRY}/${UNIT_TEST_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-unit-test.sh'
}
}
//####################################################################################################################
//
// job name: build-publish-docker
//
// description: This job will pack the solution project into a container image according to the given docker file
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// ADO_UBI_JDK_IMAGE_11: Base container image for Java 11 solution projects
// ADO_UBI_JDK_IMAGE_17: Base container image for Java 17 solution projects
// SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
// (value from secret 'k5-image-registry-binding' and key 'url')
// DOCKER_AUTH_CONFIG: Container registry authentication data (JSON data structure)
stage('build-publish-docker') {
agent {
docker {
image "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args '-u 0:0 --security-opt seccomp=unconfined --security-opt apparmor=unconfined'
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-pack-solution-docker.sh'
sh "chmod o+rw -R ${env.WORKSPACE}"
}
}
//####################################################################################################################
//
// job name: pack-helm-chart
//
// description: This job will pack the solution project into a container image according to the given docker file
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// PUBLISH [true|false]: Flag to enable the push to the configures helm repository
// SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
// (value from secret 'k5-image-registry-binding' and key 'url')
// HELM_REPO_URL: URL of the configured helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'url')
// HELM_REPO_USERNAME: Username for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'username')
// HELM_REPO_PASSWORD: Password for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'password')
// HELM_REPO_UPLOAD_URL: URL of the configured helm upload repository.
// (value from secret 'k5-helm-repo-binding' and key 'uploadUrl')
// HELM_REPO_REQUEST_TYPE: Request type to upload the helm chart
// (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType')
// HELM_REPO_UPLOAD_FILE_PATTERN: File pattern for the helm chart upload
// (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern')
stage('pack-helm-chart') {
agent {
docker {
image "${IMAGE_REGISTRY}/${PACK_HELM_CHART_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-helm-chart.sh'
}
}
//####################################################################################################################
//
// job name: deploy-solution
//
// description: This job will pack the solution project into a container image according to the given docker file
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// K5_PROJECT: k5 project namespace to install the solution into
// PIPELINE_RUN: ID of the current pipeline run '${CI_PIPELINE_ID}'
// COMPONENT_IMAGE_REGISTRY: Registry, which contains the built solution project image
// REMOTE_LOGIN_FLAG: Internal solution deployment flag (always 'true')
// DEPLOYMENT_CONFIG: Internal solution deployment configuration
// OC_LOGIN_URL: OpenShift login url
stage('deploy-solution') {
agent {
docker {
image "${IMAGE_REGISTRY}/${DEPLOY_SOLUTION_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-deploy-solution.sh'
}
}
}
}
TypeScript stack support
This sample shows the content of a Jenkins pipeline to handle a k5 service based on a TypeScript stack.
Please fill all mandatory variables with content regarding your installation, e.g.:
// Container registry authentication data for all used container image registries (JSON data structure)
DOCKER_AUTH_CONFIG = "{ 'auths': { 'imagerepo.company.cloud': { 'username': 'iamapikey', 'password': 'password', 'auth': 'aWFtYXBpa2***' } }"
// Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
HELM_REPO_USERNAME = "helmRepoUser"
// Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
HELM_REPO_PASSWORD = "password"
// Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
OC_LOGIN_TOKEN ="eyJhbGciOi****"
// configured container image registry path [mandatory]
IMAGE_REGISTRY = "imagerepo.company.cloud/k5_release"
// Acronym of the service project [mandatory]
SOLUTION_ACRONYM = "TSDDDPROJECT"
// Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST = "openshift-01.company.cloud"
// URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL = "https://urm.company.cloud/repository/component-helm-charts"
// Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY = "imagerepo.company.cloud/k5_components"
// URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL = "https://urm.company.cloud/repository/component-helm-charts/"
// k5 project namespace to install the solution into [mandatory]
K5_PROJECT = "dev-env"
pipeline {
agent any
environment {
// ####################################################################################################################
// Pipeline job and service base images (value from config map 'k5-pipeline-image-versions').
// ####################################################################################################################
ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME = 'domain-server:7.3.57'
BUILD_BAW_TOOLKIT_IMAGE = 'build-bpm-toolkit@sha256:308c70e7fa192bdf5d95560bb9f79e86256c40f3dc9fb9610a55b180983a5a46'
GENERATE_CODE_TS_IMAGE = 'build-low-code-gen-ts@sha256:0e3b1e740e7d686875cf78796b00570565861b7303b87e8219065d4b7643b3ea'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE = 'k5-domain-server:7.3.57'
GENERATE_CODE_JAVA_IMAGE = 'build-low-code-gen-java@sha256:a77fe2b4f39c69f418c8fe5546f66f4cd2140427f0b375c7b7a9fab2b6e1acdc'
ADO_DS_IMAGE_BASETAG = '7.3.57'
UNIT_TEST_IMAGE = 'step-unit-test@sha256:5ff24d3aef99acbe01ad3efaff11cb996644a568b8e86453e0194a206be7c8a7'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11 = 'k5-solution-ubi8-openjdk-11:12.2.59'
DEPLOY_SOLUTION_IMAGE = 'step-deploy-solution@sha256:824a95ff42beacad4beb688a8364bb9a7f6fa4e172a6b79afc8149c589e5361d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17 = 'k5-solution-ubi8-openjdk-17:12.2.59'
PREPARE_VALIDATE_DESIGN_MODEL_IMAGE = 'design-model-validation@sha256:c97c56c02d163317094f6e197e7c96f56fecf3d8ede0285fad059cbde5632a33'
PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE = 'prepare-denormalize-domain-model@sha256:85355b07bba338f697434b000099f386c474f266660b07e927a4c485df5ab80d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE = 'k5-solution-ubi8-node:12.2.59'
BUILD_CODE_IMAGE = 'step-build-code@sha256:7d395e574b51d0b2d231fb819fdc024da257a806339fb32c43db278d16873ac8'
BUILD_PUBLISH_DOCKER_IMAGE = 'step-pack-solution-docker@sha256:81e9e83f8cd30ddaf4d3b0b070e75f7e59d8ecd8fa13c61ee8aebe0da1aea01d'
HANDLE_VERSION_IMAGE = 'step-handle-version@sha256:cdb11b32641f3f38dda7b64c05b9e51140234e4a0dea8b181cc978af0e20bafd'
PACK_HELM_CHART_IMAGE = 'step-pack-helm-chart@sha256:6bfb3752bec4fa91b70ec5aba26a2dc27411b4a7556f6673e7d8ec7662f35c52'
// *********************************************************************
// Security related CI/CD variables (stored not within script)
// *********************************************************************
// DOCKER_AUTH_CONFIG: Container registry authentication data for all used container image registries (JSON data structure)
// HELM_REPO_USERNAME: Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
// HELM_REPO_PASSWORD: Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
// OC_LOGIN_TOKEN: Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
// *********************************************************************
// Common CI/CD variables
// *********************************************************************
// configured container image registry path [mandatory]
IMAGE_REGISTRY = ''
// Node.js configuration to optimize script execution for production environments
// see also: https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production
NODE_ENV = "production"
// Acronym of the service project [mandatory]
SOLUTION_ACRONYM = ""
//Name of the used base 'stack' (always 'JAVA')
STACK = "TYPESCRIPT"
// Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST = ""
// URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL = ""
// Customized npm settings [optional] (value from secret 'k5-build-settings' and key 'npmSettings'):
NPM_SETTINGS = ""
// Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY = ""
// Registry, which contains the built solution project image (value from secret 'k5-image-registry-binding' and key 'url')
COMPONENT_IMAGE_REGISTRY = "${SERVICE_PROJECT_IMAGE_REGISTRY}"
// *********************************************************************
// CI/CD variables for job 'git-clone'
// *********************************************************************
// Git repository data [mandatory]
GIT_REPO_URL = ""
GIT_BRANCH_NAME = ""
GIT_CREDENTIALS_ID = ""
// *********************************************************************
// CI/CD variables for job 'handle-version'
// *********************************************************************
// Will check if the current version has already been published or not to prevent previous versions to be overwritten
// unintentionally
UNIQUE_SEMVER_CHECK = "false"
// Defines where uniqueness needs to be enforced by adding the current pipeline id to the version number
ENFORCE_UNIQUENESS = "false"
// Adds a timestamp to pre-release versions to ensure that every commit gets built without manually changing the version
PRE_RELEASE_UNIQUENESS = "false"
// Flag, if unit test feature was activated
UNIT_TEST_FEATURE = "true"
// *********************************************************************
// CI/CD variables for job 'build-publish-docker'
// *********************************************************************
// ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: Base images for domain server
// Base images for domain server
ADO_DOMAIN_SERVER_IMAGE = "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE}"
// Base container image for node solution projects
ADO_UBI_NODE_IMAGE = "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE}"
// *********************************************************************
// CI/CD variables for job 'pack-helm-chart'
// *********************************************************************
// Flag to enable the push to the configures helm repository
PUBLISH = "false"
// URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL = ""
// Request type to upload the helm chart [optional] (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType').
HELM_REPO_REQUEST_TYPE = ""
// File pattern for the helm chart upload [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern').
HELM_REPO_UPLOAD_FILE_PATTERN = "--upload-file"
// *********************************************************************
// CI/CD variables for job 'deploy-solution'
// *********************************************************************
// k5 project namespace to install the solution into [mandatory]
K5_PROJECT = ""
// ID of the current pipeline run '${CI_PIPELINE_ID}'
PIPELINE_RUN = "${env.BUILD_NUMBER}"
// Hostname of the configured Keycloak server [mandatory] (value from secret 'configuration-management-client-secret' and key 'hostname')
KEYCLOAK_HOST = ""
// Internal service project deployment flag (always 'true')
REMOTE_LOGIN_FLAG = "true"
// Internal service project deployment configuration
DEPLOYMENT_CONFIG = "{ 'environment': { 'host': '${K5_PROJECT}.apps.${OPENSHIFT_CLUSTER_HOST}' } }"
OC_LOGIN_URL = "https://api.${OPENSHIFT_CLUSTER_HOST}:6443"
// id of current jenkins user
JENKINS_USER_ID_RAW = """${sh(
returnStdout: true,
script: 'id -u'
)}"""
JENKINS_USER_ID = JENKINS_USER_ID_RAW.trim()
// name of the jenkins credentials to access the registry [mandatory]
CONTAINER_REGISTRY_CREDENTIALS = ""
CONTAINER_REGISTRY_URL = ""
// execute the container images with jenkins user
CONTAINER_ARGS = "-u ${JENKINS_USER_ID}:0"
}
stages {
//#######################################################################################################################
//
// job name: git-clone
//
// description: Clones the git repository of the service project.
stage('git-clone') {
steps {
node ('master') {
sh 'rm -r ./* | echo "done"'
sh 'rm -r ./.* | echo "done"'
git branch: "${GIT_BRANCH_NAME}", credentialsId: "${GIT_CREDENTIALS_ID}", url: "${GIT_REPO_URL}"
}
}
}
//#######################################################################################################################
//
// job name: handle-version
//
// description: This job will extract the project version number and persist it for the step 'build-publish-docker'.
// parameter:
// NODE_ENV: "production"
// PRE_RELEASE_UNIQUENESS [true|false]: Adds a timestamp to pre-release versions to ensure that every commit gets
// built without manually changing the version
// ENFORCE_UNIQUENESS [true|false]: Defines where uniqueness needs to be enforced by adding the current
// pipeline id to the version number
// UNIQUE_SEMVER_CHECK [true|false]: Will check if the current version has already been published or not to
// prevent previous versions to be overwritten unintentionally
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// HELM_REPO_URL: URL of the configured helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'url')
// HELM_REPO_USERNAME: Username for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'username')
// HELM_REPO_PASSWORD: Password for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'password')
stage('handle-version') {
agent {
docker {
image "${IMAGE_REGISTRY}/${HANDLE_VERSION_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-handle-version.sh'
}
}
//####################################################################################################################
//
// job name: prepare-validate-design-model
//
// description: This job will validate the content of the design model.
// parameter:
// NODE_ENV: "production"
//
stage('prepare-validate-design-model') {
agent {
docker {
image "${IMAGE_REGISTRY}/${PREPARE_VALIDATE_DESIGN_MODEL_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v2/step-validate-design-model.sh'
}
}
//####################################################################################################################
//
// job name: prepare-denormalize-domain-model
//
// description: This job will optimize the content of the design model to prepare the code generation.
// parameter:
// NODE_ENV: "production"
//
stage('prepare-denormalize-domain-model') {
agent {
docker {
image "${IMAGE_REGISTRY}/${PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v2/step-denormalize-domain-model.sh'
}
}
//####################################################################################################################
//
// job name: build-baw-toolkit
//
// description: This job will generate a IBM BAW compatible toolkit to access the APIs within process apps.
// parameter:
// NODE_ENV: "production"
//
stage('build-baw-toolkit') {
agent {
docker {
image "${IMAGE_REGISTRY}/${BUILD_BAW_TOOLKIT_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/bpm-toolkit-creator.sh'
}
}
//####################################################################################################################
//
// job name: generate-code
//
// description: This job will generate the source code according to the used stack.
// parameter:
// NODE_ENV: "development"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// NPM_SETTINGS: Customized npm settings
// (value from secret 'k5-build-settings' and key 'npmSettings')
stage('generate-code') {
environment {
NODE_ENV = "development"
}
agent {
docker {
image "${IMAGE_REGISTRY}/${GENERATE_CODE_TS_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-generate-code.sh'
}
}
//####################################################################################################################
//
// job name: build-code
//
// description: This job will build the service project according to the used stack
// parameter:
// NODE_ENV: "development"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// NPM_SETTINGS: Customized npm settings
// (value from secret 'k5-build-settings' and key 'npmSettings')
stage('build-code') {
environment {
NODE_ENV = "development"
}
agent {
docker {
image "${IMAGE_REGISTRY}/${BUILD_CODE_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-build-code.sh'
}
}
//####################################################################################################################
//
// job name: unit-test
//
// description: This job will execute the project specific unit tests according to the used stack
// parameter:
// NODE_ENV: "development"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// UNIT_TEST_FEATURE: Flag, if unit test feature was activated
// NPM_SETTINGS: Customized npm settings
// (value from secret 'k5-build-settings' and key 'npmSettings')
stage('unit-test') {
environment {
NODE_ENV = "development"
}
agent {
docker {
image "${IMAGE_REGISTRY}/${UNIT_TEST_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-unit-test.sh'
}
}
//####################################################################################################################
//
// job name: build-publish-docker
//
// description: This job will pack the solution project into a container image according to the given docker file
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: Base image for domain server
// ADO_DOMAIN_SERVER_IMAGE: Base image for domain server
// ADO_UBI_NODE_IMAGE: Base container image for node solution projects
// SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
// (value from secret 'k5-image-registry-binding' and key 'url')
// DOCKER_AUTH_CONFIG: Container registry authentication data (JSON data structure)
stage('build-publish-docker') {
agent {
docker {
image "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args '-u 0:0 --security-opt seccomp=unconfined --security-opt apparmor=unconfined'
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-pack-solution-docker.sh'
sh "chmod o+rw -R ${env.WORKSPACE}"
}
}
//####################################################################################################################
//
// job name: pack-helm-chart
//
// description: This job will pack the solution project into a container image according to the given docker file
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// SOLUTION_ACRONYM: Acronym of the service project
// PUBLISH [true|false]: Flag to enable the push to the configures helm repository
// SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
// (value from secret 'k5-image-registry-binding' and key 'url')
// HELM_REPO_URL: URL of the configured helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'url')
// HELM_REPO_USERNAME: Username for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'username')
// HELM_REPO_PASSWORD: Password for accessing the helm repository.
// (value from secret 'k5-helm-repo-binding' and key 'password')
// HELM_REPO_UPLOAD_URL: URL of the configured helm upload repository.
// (value from secret 'k5-helm-repo-binding' and key 'uploadUrl')
// HELM_REPO_REQUEST_TYPE: Request type to upload the helm chart
// (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType')
// HELM_REPO_UPLOAD_FILE_PATTERN: File pattern for the helm chart upload
// (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern')
// ADO_DS_IMAGE_BASETAG Domain server base image tag
stage('pack-helm-chart') {
agent {
docker {
image "${IMAGE_REGISTRY}/${PACK_HELM_CHART_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-helm-chart.sh'
}
}
//####################################################################################################################
//
// job name: deploy-solution
//
// description: This job will pack the solution project into a container image according to the given docker file
// parameter:
// NODE_ENV: "production"
// STACK: Name of the used 'stack'
// K5_PROJECT: k5 project namespace to install the solution into
// PIPELINE_RUN: ID of the current pipeline run '${CI_PIPELINE_ID}'
// REMOTE_LOGIN_FLAG: Internal solution deployment flag (always 'true')
// DEPLOYMENT_CONFIG: Internal solution deployment configuration
// OC_LOGIN_URL: OpenShift login url
stage('deploy-solution') {
agent {
docker {
image "${IMAGE_REGISTRY}/${DEPLOY_SOLUTION_IMAGE}"
registryCredentialsId "${CONTAINER_REGISTRY_CREDENTIALS}"
registryUrl "${CONTAINER_REGISTRY_URL}"
args "${CONTAINER_ARGS}"
}
}
steps {
sh '/opt/open-banking-platform/scripts/v1/step-deploy-solution.sh'
}
}
}
}