eGov ERP DevOps

CICD Setup

Jenkins Setup: Requires Java (Oracle account), Maven, Nexus repo (user details), git repo.

Jenkins > Manage Jenkins > Config System:

Publish over SSH

  • Jenkins SSH Key -

  • Passphrase: {value_needs_to_be_enter}

  • SSH Servers enter server details and test config

Jenkins > Manage Jenkins > ConfigureSecurity:

Jenkins > Credentials > System > Global credentials:

Add Credentials -

  • jenkins user (username with password)

  • github user (username with password)

  • Oracle user for JDK download (username with password)

  • passcode (Secret text)

  • ssh user with private key

Jenkins > Global Tool Configuration:

  • JDK (with oracle username & password)

  • Git

  • Maven

CI Pipeline from forked repo:

Build job: https://github.com/egovernments/digit-bpa /master

Jenkins Setup: Build Job Configuration: Jenkins > Job (Maven):

General:

  • Enable project-based security

  • Discard old builds

  • GitHub project

  • Promote builds:

  • Promotion process:

  • Criteria: manually approve

  • Actions: Trigger/call builds > Predefined parameters(PROMOTED_NUMBER=${PROMOTED_NUMBER})

SCM:

  • SCM

Build Triggers:

  • GitHub hook trigger for GITScm polling

Build Env:

Pre Steps:

Build:

  • Root POM (egov/pom.xml)

  • Goals and options (clean deploy -U -s settings.xml -Dbuild.number=${BUILD_NUMBER} -Ddb.url=jdbc:postgresql://localhost:5432/digit_bpa_build -Ddb.password=postgres -Ddb.user=postgres -Ddb.driver=org.postgresql.Driver -Dnexus.user= -Dnexus.password=)

Post Steps:

  • Run only if build succeeds

Build Settings:

Post-build Actions:

  • Archive the artifcts:
    Files to archive (**/*.ear)

  • Enable email:
    - Project Recipient List(keep_as_it_is)

- Project Reply-To List (enter_email_id)
- Content Type (keep_as_it_is)
- Default Subject(keep_as_it_is)
- Default Content(keep_as_it_is)
- Attach Build Log(keep_as_it_is)

CD Pipeline for the Deployment to the partners environments:

https://github.com/egovernments/egovdevops.git ​(this requires perl, secret passcode for Encryption, and Decryption

Deployment_Job: git repo(devops) for ear-deployer, passcode.

ear-deployer

General:

- Discard old builds

- Promote builds:

- Promotion process:

- Criteria: manually approve

- Actions: Trigger/call builds > Current build parameter

- This project is parameterised

- String parameter:

Name(PROMOTED_NUMBER)

SCM:

- Git:

Repositories

Branches to build

Repository browser

Additional Behaviours > Sparse Checkout

Build Triggers:

Build Env:

- Use secret texts

- Bindings > Secret Text

Variable(passcode)

Credentials(Specific credentials)

Build:

Send files or execute cmds over ssh:

- SSH Publishers:

- SSH Server:

Name

Transfers > Transfer Set:

- Source files(ear-deployer/config/digit-bpa-dev.yml)

- Exec command (sudo docker pull egovio/ear-deployer:latest && sudo docker run -it -v /home/azureuser/ear-deployer/config/digit-bpa-dev.yml:/config.yml -e 'EAR_PASSCODE=${EAR_PASSCODE}' -e ENV=dev -e BUILDNUMBER=${PROMOTED_NUMBER} -e ENV_CONFIG_FILE=/config.yml egovio/ear-deployer:latest)

Post-build Actions:

DevOps as a Culture