Use Jenkins app service plugin to deploy webapp (#23)

2017-09-22 02:24:41 -05:00 · 2017-09-22 02:24:41 -05:00 · 1fab81c3b0
--- a/6
+++ b/6
@ -38,7 +38,9 @@ node {
    azureUtil.deployDataApp(targetEnv, azureUtil.config.WEST_EUROPE_GROUP)

    // Deploy web app
-    azureUtil.deployWebApp(azureUtil.config.EAST_US_GROUP)
-    azureUtil.deployWebApp(azureUtil.config.WEST_EUROPE_GROUP)
+    dir('web-app/target') {
+        azureUtil.deployWebApp(azureUtil.config.EAST_US_GROUP, "docker/Dockerfile")
+        azureUtil.deployWebApp(azureUtil.config.WEST_EUROPE_GROUP, "docker/Dockerfile")
+    }
  }
 }
--- a/deployment/jenkins/azureutil.groovy
+++ b/deployment/jenkins/azureutil.groovy
@ -76,7 +76,14 @@ def deployFunction() {
    """
 }

-def deployWebApp(String resGroup) {
+def deployWebApp(String resGroup, String dockerFilePath) {
+    def appName = sh(
+            script: "az webapp list -g ${resGroup} --query [0].name | tr -d '\"'",
+            returnStdout: true
+    ).trim()
+
+    azureWebAppPublish appName: appName, azureCredentialsId: 'azure-sp', dockerFilePath: dockerFilePath, dockerImageName: "${this.acrName}.azurecr.io/web-app", dockerImageTag: '', dockerRegistryEndpoint: [credentialsId: 'acr', url: "https://${this.acrName}.azurecr.io"], filePath: '', publishType: 'docker', resourceGroup: resGroup, slotName: '', sourceDirectory: '', targetDirectory: ''
+
    sh """
        data_api_endpoint=\$(az network traffic-manager profile list -g ${config.COMMON_GROUP} --query [0].dnsConfig.fqdn | tr -d '"')
        webapp_id=\$(az resource list -g ${resGroup} --resource-type Microsoft.Web/sites --query [0].id | tr -d '"')
@ -90,12 +97,6 @@ def deployWebApp(String resGroup) {
        redis_host=\$(az redis show -g ${config.COMMON_GROUP} -n \${redis_name} --query hostName | tr -d '"')
        redis_password=\$(az redis list-keys -g ${config.COMMON_GROUP} -n \${redis_name} --query primaryKey | tr -d '"')

-        az webapp config container set --ids \${webapp_id} \\
-                                      --docker-custom-image-name ${acrLoginServer}/web-app \\
-                                      --docker-registry-server-url http://${acrLoginServer} \\
-                                      --docker-registry-server-user ${acrUsername} \\
-                                      --docker-registry-server-password ${acrPassword}
-        az webapp config set --ids \${webapp_id} --linux-fx-version "DOCKER|${acrLoginServer}/web-app"
        az webapp config appsettings set --ids \${webapp_id} \\
                                        --settings  DATA_API_URL=\${data_api_endpoint} \\
                                                    PORT=${config.WEB_APP_CONTAINER_PORT} \\
--- a/deployment/jenkins/docker-master/Dockerfile
+++ b/deployment/jenkins/docker-master/Dockerfile
@ -18,8 +18,8 @@ RUN /usr/local/bin/install-plugins.sh \
    ws-cleanup \
    ant \
    gradle \
-    workflow-job:2.10 \
-    workflow-multibranch:2.10 \
+    workflow-job \
+    workflow-multibranch \
    workflow-aggregator \
    github-organization-folder \
    pipeline-stage-view \
@ -33,4 +33,5 @@ RUN /usr/local/bin/install-plugins.sh \
    mailer \
    kubernetes \
    job-dsl \
-    groovy
+    groovy \
+    azure-app-service
--- a/deployment/jenkins/docker-master/init.groovy
+++ b/deployment/jenkins/docker-master/init.groovy
@ -4,6 +4,7 @@
 * license information.
 */

+import groovy.json.JsonSlurper
 import hudson.model.*
 import jenkins.model.*
 import hudson.security.FullControlOnceLoggedInAuthorizationStrategy
@ -18,6 +19,7 @@ import com.cloudbees.plugins.credentials.*
 import com.cloudbees.plugins.credentials.common.*
 import com.cloudbees.plugins.credentials.domains.*
 import com.cloudbees.plugins.credentials.impl.*
+import com.microsoft.azure.util.AzureCredentials

 /**
 * Set up security for the Jenkins instance with below configuration.
@ -95,6 +97,42 @@ void addKubeCredential(String credentialId) {
    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), kubeCredential)
 }

+void addACRCredential(String credentialId, String configFile) {
+    String content = new File(configFile).text
+    def jsonSlurper = new JsonSlurper()
+    def config = jsonSlurper.parseText(content)
+
+    def acrCredential = new UsernamePasswordCredentialsImpl(
+        CredentialsScope.GLOBAL,
+        credentialId,
+        'Azure Container Registry',
+        config.aadClientId,
+        config.aadClientSecret
+    )
+    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), acrCredential)
+}
+
+void addAzureCredential(String credentialId, String configFile) {
+    String content = new File(configFile).text
+    def jsonSlurper = new JsonSlurper()
+    def config = jsonSlurper.parseText(content)
+
+    def azureCredential = new AzureCredentials(
+        CredentialsScope.GLOBAL,
+        credentialId,
+        'Azure Service Principal',
+        config.subscriptionId,
+        config.aadClientId,
+        config.aadClientSecret,
+        'https://login.microsoftonline.com/' + config.tenantId + '/oauth2',
+        '',
+        '',
+        '',
+        ''
+    )
+    SystemCredentialsProvider.getInstance().getStore().addCredentials(Domain.global(), azureCredential)
+}
+
 /**
 * Configure Kubernetes plugin
 */
@ -143,6 +181,8 @@ Thread.start {
    this.createPipeline(githubRepo, 'prod', 'prod')
    // Configure Kubernetes plugin
    this.configureKubernetes()
+    this.addACRCredential('acr', '/etc/kubernetes/azure.json')
+    this.addAzureCredential('azure-sp', '/etc/kubernetes/azure.json')
    // Set number of executor to 0 so that slave agents will be created for each build
    this.setExecutorNum(0)
    // Setup security
--- a/deployment/jenkins/docker-slave/Dockerfile
+++ b/deployment/jenkins/docker-slave/Dockerfile
@ -1,4 +1,4 @@
-FROM jenkinsci/jnlp-slave
+FROM jenkinsci/jnlp-slave:3.7-1

 USER root

--- a/deployment/lib.sh
+++ b/deployment/lib.sh
@ -367,6 +367,11 @@ function create_webapp()
  az group deployment create -g ${resource_group} --template-file ./arm/linux-webapp.json \
                            --parameters "{\"location\": {\"value\": \"${location}\"}}" \
                            --query "{id:id,name:name,provisioningState:properties.provisioningState,resourceGroup:resourceGroup}"
+
+  # Config to disable built-in image, which will be rejected by the jenkins app service plugin.
+  # Use a docker hub image instead to provision. It will be replaced by a custom image during deploy.
+  local name=$(az resource list -g ${resource_group} --resource-type Microsoft.Web/sites --query [0].name | tr -d '"')
+  az webapp config set -g ${resource_group} -n ${name} --linux-fx-version "DOCKER|NGINX"
 }

 ##############################################################################
@ -492,7 +497,8 @@ function create_secrets_in_jenkins_kubernetes() {
  if [ -n "$(kubectl get secret my-secrets --ignore-not-found)" ]; then
    kubectl delete secret my-secrets
  fi
-  kubectl create secret generic my-secrets --from-literal=jenkinsPassword=${JENKINS_PASSWORD} --save-config
+  kubectl create secret generic my-secrets --save-config \
+                                    --from-literal=jenkinsPassword=${JENKINS_PASSWORD}

  if [ -n "$(kubectl get secret kube-config --ignore-not-found)" ]; then
    kubectl delete secret kube-config