Notes
Notes - notes.io |
name: xxxx-infra-pipeline
identifier: xxxxinfrapipeline
projectIdentifier: investordevelopmenttoolsaa00004567
orgIdentifier: groupict
tags: {}
properties:
ci:
codebase:
connectorRef: org.groupictgithubcgictemu
repoName: xxxx-infra
build: <+input>
stages:
- stage:
name: deploy-qa
identifier: deployqa
type: CI
spec:
cloneCodebase: true
infrastructure:
type: KubernetesDirect
spec:
connectorRef: investordevelopmenttoolsaa00004567_kubernetes_shared
namespace: investordevelopmenttoolsaa00004567-delegate-snp-qa
automountServiceAccountToken: true
nodeSelector: {}
containerSecurityContext:
privileged: false
allowPrivilegeEscalation: false
os: Linux
execution:
steps:
- step:
name: gauntlet-qa
identifier: gauntletqa
template:
templateRef: account.cggauntletscansteptemplate
versionLabel: v.04
gitBranch: main
templateInputs:
type: Run
spec:
envVariables:
ENV_GATE: SNP-QA
- step:
type: Run
spec:
connectorRef: account.acct_cgregistry_readonly
image: harness/delegate:tf-1.6.5
shell: Bash
command: |-
# TFE Workspace info
echo "workspace setup start."
cd $CONFIG_PATH
cat ${ENV}.tfebackend
source ${ENV}.tfebackend
TFE_WORKSPACE=$tf_workspace_name
echo "WORKSPACE NAME:: ${TFE_WORKSPACE}"
echo "workspace setup complete."
envVariables:
ENV: qa
CONFIG_PATH: <+pipeline.variables.CONFIG_PATH>
outputVariables:
- name: TFE_WORKSPACE
runAsUser: "1000"
name: get-tfe-ws
identifier: gettfews
- step:
type: Run
spec:
connectorRef: account.acct_cgregistry_readonly
image: harness/delegate:tf-1.6.5
shell: Sh
command: |-
# TFESync util to set identity credentials as Workspace Variables.
export tfe_workspace_id="not created"
wget https://cgrepo.capgroup.com/repository/cgansible/tfeadmin/1.1.0/tfeadmin_linux_amd64_v1.1.0.zip
unzip -o tfeadmin_linux_amd64_v1.1.0.zip
chmod +x ./tfeadmin
ls ./tfeadmin* -ltr
echo "-a $atm_id -n $workspace_name -o $tfe_org"
if [ $sensitive_qa = "true" ]; then
echo "Sensitive QA is TRUE"
created_id=$(./tfeadmin workspace create -a $atm_id -n $workspace_name -o $tfe_org)
else
echo "Sensitive QA is FALSE"
created_id=$(./tfeadmin workspace create -a $atm_id -n $workspace_name -o $tfe_org -s)
fi
echo "created_id: $created_id"
export tfe_workspace_id=$created_id
envVariables:
TFE_TOKEN: <+stage.variables.TFE_TOKEN_QA>
atm_id: <+pipeline.variables.ATM_ID>
workspace_name: <+execution.steps.gettfews.output.outputVariables.TFE_WORKSPACE>
tfe_org: banzai-qa
sensitive_qa: <+stage.variables.SENSITIVE_QA>
outputVariables:
- name: tfe_workspace_id
runAsUser: "1000"
name: create-tfe-ws
identifier: createtfews
- step:
type: Run
spec:
connectorRef: account.acct_cgregistry_readonly
image: harness/delegate:tf-1.6.5
shell: Bash
command: |-
# Required
terraform -v
aws sts get-caller-identity
# Get tfesync from cgrepo
wget https://cgrepo.capgroup.com/repository/cgansible/tfesync/0.1.1/tfesync_linux_amd64_v0.1.1.zip
unzip -o tfesync_linux_amd64_v0.1.1.zip
# Create credentials file for Terraform Enterprise with TFE_TOKEN
chmod +x ../opt/harness-delegate/.terraform.d
echo -e "{n "credentials": {n "tfe.cguser.capgroup.com": {n "token": "$TFE_TOKEN"n }n }n}" >> ../opt/harness-delegate/.terraform.d/credentials.tfrc.json
cat ../opt/harness-delegate/.terraform.d/credentials.tfrc.json
# Sync current AWS creds to TFE WS
./tfesync -w $TFE_WS_ID
echo "workdir=$WORKDIR"
chmod +x $WORKDIR
cd $WORKDIR
# Overwrite backend.tf
echo -e "terraform { n backend "remote" { n hostname = "tfe.cguser.capgroup.com" n organization = "$TFE_ORG" nn workspaces { n name = "$TFE_WS_NAME" n } n } n}" > ./_override.tf
cat ./_override.tf
###### ------------------------- Enhanced TFE IaC API code -------------------------
echo "rm -fr tfesync*"
rm -fr tfesync* ## cleanup all tfesync files before tar zip
cd - ### cd back to previous. It needs to tar all files with full paths
### 1. Prepare tfvars files
# Copy over *.auto.tfvars files if you need from other directories. Comment out if tfvars file is in the WORKDIR
echo "cp $ENV.tfvars $ENV.auto.tfvars"
cp $ENV.tfvars $ENV.auto.tfvars
### 2. Create the File for Upload
rm -fr .git ## does not need the .git info
rm -fr create_workspace_x86_64* ## does not need create_workspace_x86_64 files anymore
rm -fr ./harness
UPLOAD_FILE_NAME="/tmp/content-$(date +%s).tar.gz"
tar -zcvf "$UPLOAD_FILE_NAME" -C "$WORKDIR" .
# tar -tvf "$UPLOAD_FILE_NAME" # show content without extracting it
### 3. echo Workspace ID
echo "TFE_WS_ID = $TFE_WS_ID"
### 4. Create a New Configuration Version
echo '{"data":{"type":"configuration-versions","attributes":{"auto-queue-runs":false}}}' > ./create_config_version.json
UPLOAD_URL=($(curl
--header "Authorization: Bearer $TFE_TOKEN"
--header "Content-Type: application/vnd.api+json"
--request POST
--data @create_config_version.json
https://tfe.cguser.capgroup.com/api/v2/workspaces/$TFE_WS_ID/configuration-versions
| jq -r '.data.attributes."upload-url"'))
echo "UPLOAD_URL=$UPLOAD_URL"
### 5. Upload the Configuration Content File
curl
--header "Content-Type: application/octet-stream"
--request PUT
--data-binary @"$UPLOAD_FILE_NAME"
$UPLOAD_URL
rm "$UPLOAD_FILE_NAME" ## clean up
privileged: false
envVariables:
TFE_TOKEN: <+stage.variables.TFE_TOKEN_QA>
TFE_WS_ID: <+execution.steps.createtfews.output.outputVariables.tfe_workspace_id>
WORKDIR: <+pipeline.variables.WORKDIR>
TFE_ORG: banzai-qa
TFE_WS_NAME: <+execution.steps.gettfews.output.outputVariables.TFE_WORKSPACE>
ENV: sqa
runAsUser: "0"
description: Zip up the IaC and push it to the TFE backend
name: tfe-iac-push-qa
identifier: tfeiacpushqa
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-snp-qa
variables:
- name: TFE_TOKEN_QA
type: Secret
description: ""
required: false
value: <+input>
- name: SENSITIVE_QA
type: String
description: set to true if sensitive
required: false
value: "true"
- stage:
name: terraform-cloudrun-qa
identifier: terraformcloudrunqa
description: ""
type: Custom
spec:
execution:
steps:
- step:
name: gauntlet-qa
identifier: gauntletqa
template:
templateRef: account.cggauntletscanstepcustomtemplate
versionLabel: v.01
templateInputs:
type: CustomApproval
spec:
environmentVariables:
- name: ENV_GATE
type: String
value: SNP-QA
- step:
type: TerraformCloudRun
spec:
runType: PlanAndApply
runMessage: ""
spec:
organization: banzai-qa
workspace: <+pipeline.stages.deployqa.spec.execution.steps.tfeiacpushqa.spec.envVariables.TFE_WS_ID>
variables: []
discardPendingRuns: true
targets: []
connectorRef: <+input>
provisionerIdentifier: <+project.identifier><+pipeline.identifier>
overridePolicies: false
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-snp-qa
timeout: 1h
name: cg-cloudrun-plan-and-apply-qa
identifier: cgcloudrunplanandapplyqa
tags: {}
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-snp-qa
failureStrategies:
- onFailure:
errors:
- AllErrors
action:
type: Retry
spec:
retryCount: 3 # Number of times to retry the stage
retryInterval: 5m # Time to wait between retries
- stage:
name: Invoke Lambda for CR
identifier: invokeLambdaForCR
type: Custom
spec:
execution:
steps:
- step:
type: Lambda
spec:
connectorRef: investordevelopmenttoolsaa00004567_aws_cloud_snp_qa_2611541
namespace: investordevelopmenttoolsaa00004567-delegate-snp-qa
functionName: arn:aws:lambda:us-east-1:261154:function:xxxx-servicenow
region: us-east-1
qualifier: $LATEST
payload: |
{
"jobid": "<+pipeline.executionId>"
}
outputVariables:
- name: SERVICENOW_CHANGE_REQUEST_ID
- name: sysid
name: invoke-lambda-cr
identifier: invokeLambdaCr
description: Invoke Lambda to get the CR value
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-snp-qa
- stage:
name: servicenow
identifier: servicenow
template:
templateRef: account.cgservicenowapprovalcheckstagetemplate
versionLabel: v.01
templateInputs:
type: Approval
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-cpz-prod
variables:
- name: Change_Request_Number
type: String
value: <+pipeline.variables.SERVICENOW_CHANGE_REQUEST_ID>
tags: {}
- stage:
name: deploy-prod
identifier: deployprod
type: CI
spec:
cloneCodebase: true
infrastructure:
type: KubernetesDirect
spec:
connectorRef: investordevelopmenttoolsaa00004567_kubernetes_shared
namespace: investordevelopmenttoolsaa00004567-delegate-cpz-prod
automountServiceAccountToken: true
nodeSelector: {}
containerSecurityContext:
privileged: false
allowPrivilegeEscalation: false
os: Linux
execution:
steps:
- step:
name: gauntlet-prod
identifier: gauntletprod
template:
templateRef: account.cggauntletscansteptemplate
versionLabel: v.04
gitBranch: main
templateInputs:
type: Run
spec:
envVariables:
ENV_GATE: CPZ-PRD
- step:
type: Run
spec:
connectorRef: account.acct_cgregistry_readonly
image: harness/delegate:tf-1.6.5
shell: Bash
command: |-
# TFE Workspace info
echo "workspace setup start."
cd $CONFIG_PATH
cat ${ENV}.tfebackend
source ${ENV}.tfebackend
TFE_WORKSPACE=$tf_workspace_name
echo "WORKSPACE NAME:: ${TFE_WORKSPACE}"
echo "workspace setup complete."
envVariables:
ENV: prod
CONFIG_PATH: <+pipeline.variables.CONFIG_PATH>
outputVariables:
- name: TFE_WORKSPACE
runAsUser: "1000"
name: get-tfe-ws
identifier: gettfews
- step:
type: Run
spec:
connectorRef: account.acct_cgregistry_readonly
image: harness/delegate:tf-1.6.5
shell: Sh
command: |-
# TFESync util to set identity credentials as Workspace Variables.
export tfe_workspace_id="not created"
wget https://cgrepo.capgroup.com/repository/cgansible/tfeadmin/1.1.0/tfeadmin_linux_amd64_v1.1.0.zip
unzip -o tfeadmin_linux_amd64_v1.1.0.zip
chmod +x ./tfeadmin
ls ./tfeadmin* -ltr
echo "-a $atm_id -n $workspace_name -o $tfe_org"
created_id=$(./tfeadmin workspace create -a $atm_id -n $workspace_name -o $tfe_org)
echo "created_id: $created_id"
export tfe_workspace_id=$created_id
envVariables:
TFE_TOKEN: <+stage.variables.TFE_TOKEN_PROD>
atm_id: <+pipeline.variables.ATM_ID>
workspace_name: <+execution.steps.gettfews.output.outputVariables.TFE_WORKSPACE>
tfe_org: banzai-prd
outputVariables:
- name: tfe_workspace_id
runAsUser: "1000"
name: create-tfe-ws
identifier: createtfews
- step:
type: Run
spec:
connectorRef: account.acct_cgregistry_readonly
image: harness/delegate:tf-1.6.5
shell: Bash
command: |-
# Required
terraform -v
aws sts get-caller-identity
# Get tfesync from cgrepo
wget https://cgrepo.capgroup.com/repository/cgansible/tfesync/0.1.1/tfesync_linux_amd64_v0.1.1.zip
unzip -o tfesync_linux_amd64_v0.1.1.zip
# Create credentials file for Terraform Enterprise with TFE_TOKEN
chmod +x ../opt/harness-delegate/.terraform.d
echo -e "{n "credentials": {n "tfe.cguser.capgroup.com": {n "token": "$TFE_TOKEN"n }n }n}" >> ../opt/harness-delegate/.terraform.d/credentials.tfrc.json
cat ../opt/harness-delegate/.terraform.d/credentials.tfrc.json
# Sync current AWS creds to TFE WS
./tfesync -w $TFE_WS_ID
echo "workdir=$WORKDIR"
chmod +x $WORKDIR
cd $WORKDIR
# Overwrite backend.tf
echo -e "terraform { n backend "remote" { n hostname = "tfe.cguser.capgroup.com" n organization = "$TFE_ORG" nn workspaces { n name = "$TFE_WS_NAME" n } n } n}" > ./_override.tf
cat ./_override.tf
###### ------------------------- Enhanced TFE IaC API code -------------------------
echo "rm -fr tfesync*"
rm -fr tfesync* ## cleanup all tfesync files before tar zip
cd - ### cd back to previous. It needs to tar all files with full paths
### 1. Prepare tfvars files
# Copy over *.auto.tfvars files if you need from other directories. Comment out if tfvars file is in the WORKDIR
echo "cp $ENV.tfvars $ENV.auto.tfvars"
cp $ENV.tfvars $ENV.auto.tfvars
### 2. Create the File for Upload
rm -fr .git ## does not need the .git info
rm -fr create_workspace_x86_64* ## does not need create_workspace_x86_64 files anymore
rm -fr ./harness
UPLOAD_FILE_NAME="/tmp/content-$(date +%s).tar.gz"
tar -zcvf "$UPLOAD_FILE_NAME" -C "$WORKDIR" .
# tar -tvf "$UPLOAD_FILE_NAME" # show content without extracting it
### 3. echo Workspace ID
echo "TFE_WS_ID = $TFE_WS_ID"
### 4. Create a New Configuration Version
echo '{"data":{"type":"configuration-versions","attributes":{"auto-queue-runs":false}}}' > ./create_config_version.json
UPLOAD_URL=($(curl
--header "Authorization: Bearer $TFE_TOKEN"
--header "Content-Type: application/vnd.api+json"
--request POST
--data @create_config_version.json
https://tfe.cguser.capgroup.com/api/v2/workspaces/$TFE_WS_ID/configuration-versions
| jq -r '.data.attributes."upload-url"'))
echo "UPLOAD_URL=$UPLOAD_URL"
### 5. Upload the Configuration Content File
curl
--header "Content-Type: application/octet-stream"
--request PUT
--data-binary @"$UPLOAD_FILE_NAME"
$UPLOAD_URL
rm "$UPLOAD_FILE_NAME" ## clean up
privileged: false
envVariables:
TFE_TOKEN: <+stage.variables.TFE_TOKEN_PROD>
TFE_WS_ID: <+execution.steps.createtfews.output.outputVariables.tfe_workspace_id>
WORKDIR: <+pipeline.variables.WORKDIR>
TFE_ORG: banzai-prd
TFE_WS_NAME: <+execution.steps.gettfews.output.outputVariables.TFE_WORKSPACE>
ENV: prod
runAsUser: "0"
description: Zip up the IaC and push it to the TFE backend
name: tfe-iac-push-prd
identifier: tfeiacpushprd
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-cpz-prod
variables:
- name: TFE_TOKEN_PROD
type: Secret
description: ""
required: false
value: <+input>
- stage:
name: terraform-cloudrun-prd
identifier: terraformcloudrunprd
description: ""
type: Custom
spec:
execution:
steps:
- step:
name: gauntlet-prod
identifier: gauntletprod
template:
templateRef: account.cggauntletscanstepcustomtemplate
versionLabel: v.01
templateInputs:
type: CustomApproval
spec:
environmentVariables:
- name: ENV_GATE
type: String
value: CPZ-PRD
- step:
type: TerraformCloudRun
spec:
runType: PlanAndApply
runMessage: ""
spec:
organization: banzai-prd
workspace: <+pipeline.stages.deployprod.spec.execution.steps.tfeiacpushprd.spec.envVariables.TFE_WS_ID>
variables: []
discardPendingRuns: true
targets: []
connectorRef: <+input>
provisionerIdentifier: <+project.identifier><+pipeline.identifier>
overridePolicies: false
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-cpz-prod
timeout: 1h
name: cg-tft-cloudrun-plan-and-apply-prod
identifier: cgtftcloudrunplanandapplyprod
tags: {}
delegateSelectors:
- investordevelopmenttoolsaa00004567-delegate-cpz-prod
variables:
- name: SERVICENOW_CHANGE_REQUEST_ID
type: String
value: <+execution.steps.invokelambda.output.outputVariables.servicenow_change_request_id>
- name: WORKDIR
type: String
description: ""
required: true
value: ./
- name: ATM_ID
type: String
description: ""
required: false
value: AA00004567
- name: CONFIG_PATH
type: String
description: ""
value: <+input>.default(config)
allowStageExecutions: true
|
|
Notes is a web-based application for online taking notes. You can take your notes and share with others people. If you like taking long notes, notes.io is designed for you. To date, over 8,000,000,000+ notes created and continuing...
With notes.io;
- * You can take a note from anywhere and any device with internet connection.
- * You can share the notes in social platforms (YouTube, Facebook, Twitter, instagram etc.).
- * You can quickly share your contents without website, blog and e-mail.
- * You don't need to create any Account to share a note. As you wish you can use quick, easy and best shortened notes with sms, websites, e-mail, or messaging services (WhatsApp, iMessage, Telegram, Signal).
- * Notes.io has fabulous infrastructure design for a short link and allows you to share the note as an easy and understandable link.
Fast: Notes.io is built for speed and performance. You can take a notes quickly and browse your archive.
Easy: Notes.io doesn’t require installation. Just write and share note!
Short: Notes.io’s url just 8 character. You’ll get shorten link of your note when you want to share. (Ex: notes.io/q )
Free: Notes.io works for 14 years and has been free since the day it was started.
You immediately create your first note and start sharing with the ones you wish. If you want to contact us, you can use the following communication channels;
Email: [email protected]
Twitter: http://twitter.com/notesio
Instagram: http://instagram.com/notes.io
Facebook: http://facebook.com/notesio
Regards;
Notes.io Team
