| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124 |
- /**
- * Harbor image promote + optional ACK deploy (loaded from Jenkinsfile, not a job entry).
- */
- def resolveTargetTag(def script, String targetTagParam) {
- def t = (targetTagParam ?: '').trim()
- return t ?: "produ-${script.env.BUILD_NUMBER}"
- }
- def requireSourceTag(def script, String sourceTag) {
- def srcTag = (sourceTag ?: '').trim()
- if (!srcTag) {
- script.error('SOURCE_TAG is required (e.g. uat-latest or uat-build-42). Check Harbor for an existing tag.')
- }
- return srcTag
- }
- def promoteHarborImages(def script, List services, Map cfg) {
- def regHost = cfg.harborRegistry.trim()
- def proj = cfg.harborProject.trim()
- def srcTag = requireSourceTag(script, cfg.sourceTag)
- def tgtTag = cfg.targetTag
- def dryRun = cfg.dryRun == true
- services.each { s ->
- def src = "${regHost}/${proj}/${s.prodDir}:${srcTag}"
- def tgt = "${regHost}/${proj}/${s.prodDir}:${tgtTag}"
- echo ">>> promote ${s.prodDir}: ${src} -> ${tgt}"
- if (dryRun) {
- return
- }
- }
- if (dryRun) {
- return
- }
- script.withCredentials([script.usernamePassword(
- credentialsId: cfg.harborCredentialsId,
- usernameVariable: 'HARBOR_USER',
- passwordVariable: 'HARBOR_PASS',
- )]) {
- script.sh """
- set -e
- echo "\${HARBOR_PASS}" | docker login ${regHost} -u "\${HARBOR_USER}" --password-stdin
- """
- services.each { s ->
- def src = "${regHost}/${proj}/${s.prodDir}:${srcTag}"
- def tgt = "${regHost}/${proj}/${s.prodDir}:${tgtTag}"
- script.sh """
- set -e
- docker pull ${src}
- docker tag ${src} ${tgt}
- docker push ${tgt}
- """
- }
- }
- }
- def deployToAck(def script, Map cfg) {
- def ns = cfg.k8sNamespace
- def imageRef = cfg.imageRef
- def strategy = cfg.deployStrategy
- def targetDeploy = strategy == 'canary' ? cfg.deploymentCanary : cfg.deploymentStable
- def canaryWeight = cfg.canaryWeight
- def ingressCanary = cfg.ingressCanary
- def kubeCreds = cfg.kubeCredentialsId
- script.withCredentials([script.file(credentialsId: kubeCreds, variable: 'KUBECONFIG')]) {
- script.sh """
- set -e
- kubectl config current-context
- kubectl -n ${ns} set image deployment/${targetDeploy} app=${imageRef} --record
- kubectl -n ${ns} rollout status deployment/${targetDeploy} --timeout=300s
- """
- if (strategy == 'canary') {
- script.sh """
- set -e
- kubectl -n ${ns} annotate ingress ${ingressCanary} \\
- nginx.ingress.kubernetes.io/canary=true \\
- nginx.ingress.kubernetes.io/canary-weight=${canaryWeight} \\
- --overwrite
- """
- }
- }
- }
- /** Single-service promote + ACK. Use script.params / script.env (do not pass params/env as args: CPS breaks method dispatch). */
- def promoteOneServiceToAck(def script, Map svc) {
- def regHost = script.params.HARBOR_REGISTRY.trim()
- def proj = script.params.HARBOR_PROJECT.trim()
- def srcTag = requireSourceTag(script, script.params.SOURCE_TAG)
- def tgtTag = resolveTargetTag(script, script.params.TARGET_TAG)
- def dryRun = script.params.DRY_RUN == true
- def strategy = script.params.DEPLOY_STRATEGY ?: 'rolling'
- script.env.TARGET_TAG_RESOLVED = tgtTag
- script.env.IMAGE_REF = "${regHost}/${proj}/${svc.prodDir}:${tgtTag}"
- promoteHarborImages(script, [svc], [
- harborRegistry: regHost,
- harborProject: proj,
- sourceTag: srcTag,
- targetTag: tgtTag,
- harborCredentialsId: script.env.HARBOR_CREDENTIALS,
- dryRun: dryRun,
- ])
- if (dryRun || strategy == 'skip') {
- return
- }
- deployToAck(script, [
- k8sNamespace: script.params.K8S_NAMESPACE,
- imageRef: script.env.IMAGE_REF,
- deployStrategy: strategy == 'canary' ? 'canary' : 'rolling',
- deploymentStable: svc.deployName,
- deploymentCanary: "${svc.deployName}-canary",
- ingressCanary: "${svc.deployName}-canary",
- canaryWeight: (script.params.CANARY_WEIGHT ?: '10').trim(),
- kubeCredentialsId: script.env.KUBECONFIG_CREDENTIALS,
- ])
- }
- return this
|
