everybody-mov/Jenkinsfile

96 lines
3.0 KiB
Groovy

pipeline {
agent none
environment {
HOME = "${env.WORKSPACE}"
PYTHON_IMAGE = 'python:3.10-slim-bullseye'
CREDENTIALS_ID = 'digital-ocean-ailuridae-registry'
REGISTRY = 'https://registry.digitalocean.com'
IMAGE_NAME = 'registry.digitalocean.com/ailuridae-registry/ailuridae.io/everybodymov'
IMAGE_BUILD = ''
APP_ID = credentials('digital-ocean-app-id')
}
stages {
stage('Check') {
agent {
docker {
image env.PYTHON_IMAGE
args '--rm'
}
}
steps {
sh 'python -m pip install --no-cache-dir --upgrade --user pip'
sh 'python -m pip install --no-cache-dir --user pipenv'
sh 'python -m pipenv install --dev --deploy'
sh 'python -m pipenv check --clear'
sh 'python -m pipenv run bandit *.py'
}
}
stage('Build') {
agent {
label 'main'
}
steps {
script {
IMAGE_BUILD = docker.build("${IMAGE_NAME}")
}
}
}
stage('Publish') {
agent {
label 'main'
}
when {
branch 'main'
}
steps {
script {
// withCredentials is annoyingly required to mask token occurrences.
withCredentials([usernamePassword(
credentialsId: env.CREDENTIALS_ID,
usernameVariable: 'API_TOKEN_USER',
passwordVariable: 'API_TOKEN_PASS'
)]) {
docker.withRegistry(env.REGISTRY, env.CREDENTIALS_ID) {
IMAGE_BUILD.push("${BUILD_NUMBER}")
IMAGE_BUILD.push('latest')
}
}
}
}
}
stage('Deploy') {
agent {
label 'main'
}
// when {
// branch 'main'
// }
steps {
script {
withCredentials([usernamePassword(
credentialsId: env.CREDENTIALS_ID,
usernameVariable: 'API_TOKEN_USER',
passwordVariable: 'API_TOKEN_PASS'
)]) {
sh '''
curl -H 'Authorization: Bearer $API_TOKEN_PASS' -H 'Content-Type: application/json' \
-X POST 'https://api.digitalocean.com/v2/apps/$APP_ID/deployments' \
-d '{ \"force_build\" : true }'
'''
}
}
}
}
}
post {
always {
node('main') {
cleanWs()
}
}
}
}