eGov ERP DevOps
CICD Setup
Jenkins Setup: Requires Java (Oracle account), Maven, Nexus repo (user details), git repo.
Jenkins > Manage Jenkins > Config System:
Publish over SSH
Jenkins SSH Key -
Passphrase: {value_needs_to_be_enter}
SSH Servers enter server details and test config
Jenkins > Manage Jenkins > ConfigureSecurity:
Jenkins > Credentials > System > Global credentials:
Add Credentials -
jenkins user (username with password)
github user (username with password)
Oracle user for JDK download (username with password)
passcode (Secret text)
ssh user with private key
Jenkins > Global Tool Configuration:
JDK (with oracle username & password)
Git
Maven
CI Pipeline from forked repo:
Build job: https://github.com/egovernments/digit-bpa /master
Jenkins Setup: Build Job Configuration: Jenkins > Job (Maven):
General:
Enable project-based security
Discard old builds
GitHub project
Promote builds:
Promotion process:
Criteria: manually approve
Actions: Trigger/call builds > Predefined parameters(PROMOTED_NUMBER=${PROMOTED_NUMBER})
SCM:
SCM
Build Triggers:
GitHub hook trigger for GITScm polling
Build Env:
Pre Steps:
Build:
Root POM (egov/pom.xml)
Goals and options (clean deploy -U -s settings.xml -Dbuild.number=${BUILD_NUMBER} -Ddb.url=jdbc:postgresql://localhost:5432/digit_bpa_build -Ddb.password=postgres -Ddb.user=postgres -Ddb.driver=org.postgresql.Driver -Dnexus.user= -Dnexus.password=)
Post Steps:
Run only if build succeeds
Build Settings:
Post-build Actions:
Archive the artifcts:
Files to archive (**/*.ear)Enable email:
- Project Recipient List(keep_as_it_is)
- Project Reply-To List (enter_email_id)
- Content Type (keep_as_it_is)
- Default Subject(keep_as_it_is)
- Default Content(keep_as_it_is)
- Attach Build Log(keep_as_it_is)
CD Pipeline for the Deployment to the partners environments:
https://github.com/egovernments/egovdevops.git (this requires perl, secret passcode for Encryption, and Decryption
Deployment_Job: git repo(devops) for ear-deployer, passcode.
General:
- Discard old builds
- Promote builds:
- Promotion process:
- Criteria: manually approve
- Actions: Trigger/call builds > Current build parameter
- This project is parameterised
- String parameter:
Name(PROMOTED_NUMBER)
SCM:
- Git:
Repositories
Branches to build
Repository browser
Additional Behaviours > Sparse Checkout
Build Triggers:
Build Env:
- Use secret texts
- Bindings > Secret Text
Variable(passcode)
Credentials(Specific credentials)
Build:
Send files or execute cmds over ssh:
- SSH Publishers:
- SSH Server:
Name
Transfers > Transfer Set:
- Source files(ear-deployer/config/digit-bpa-dev.yml)
- Exec command (sudo docker pull egovio/ear-deployer:latest && sudo docker run -it -v /home/azureuser/ear-deployer/config/digit-bpa-dev.yml:/config.yml -e 'EAR_PASSCODE=${EAR_PASSCODE}' -e ENV=dev -e BUILDNUMBER=${PROMOTED_NUMBER} -e ENV_CONFIG_FILE=/config.yml egovio/ear-deployer:latest)
Post-build Actions:
DevOps as a Culture