Unicon recently completed a project for the Colorado School of Mines to setup a continuous integration/continuous delivery (CI/CD) pipeline that can be used as a template for their work modernizing their application deployment processes going forward. Because of the School of Mines participation in the TIER Campus Success Program, Internet2 Grouper and Evolveum midPoint were chosen as the target deployments of this work.
The big picture diagram for the pipeline is:
Jenkins was deployed and configured to:
The process works very well, so School of Mines has permitted Unicon to share it with the community at large. The pipeline script that makes this work is:
​pipeline { agent { label 'docker' } stages { stage('Build') { steps { checkout([ $class: 'GitSCM', branches: [[name: '*/master']], userRemoteConfigs: [[url: 'gitlab@git.example.edu:devops/grouper.git',credentialsId:'gitlab-ssh-key']] ]) sh 'docker image build --no-cache --pull --tag example/grouper:latest .' } } stage('Publish') { steps { sh 'docker image tag example/grouper:latest registry.example.edu/example/grouper:latest' sh "docker image tag example/grouper:latest registry.example.edu/example/grouper:${env.BUILD_NUMBER}" sh 'docker image push registry.example.edu/example/grouper:latest' sh "docker image push registry.example.edu/example/grouper:${env.BUILD_NUMBER}" } } stage('Run') { environment { DOCKER_TLS_VERIFY = 1 DOCKER_HOST = 'tcp://iamswarm.example.edu:2376' } steps { parallel ( "daemon" : { withCredentials([dockerCert(credentialsId: 'iam-swarm', variable: 'DOCKER_CERT_PATH')]) { sh "docker service update --with-registry-auth --image registry.example.edu/example/grouper:${env.BUILD_NUMBER} grouper_daemon" } }, "ui" : { withCredentials([dockerCert(credentialsId: 'iam-swarm', variable: 'DOCKER_CERT_PATH')]) { sh "docker service update --with-registry-auth --image registry.example.edu/example/grouper:${env.BUILD_NUMBER} grouper_ui" } }, "ws" : { withCredentials([dockerCert(credentialsId: 'iam-swarm', variable: 'DOCKER_CERT_PATH')]) { sh "docker service update --with-registry-auth --image registry.example.edu/example/grouper:${env.BUILD_NUMBER} grouper_ws" } } ) } } } }
Here's a quick breakdown of what is happening in this script:
That's it. Pretty straight-forward.
If you compare these steps with the diagram, you'll notice that the red testing steps were not mentioned. Those tests can be quite involved and were out of scope for this project. Perhaps that work will be picked up as part of a future project by a client and then shared with the community like this work was. Reach out to Unicon if that sounds like something that your organization might be interested in. Also, reach out if you'd like Unicon to assist you with setting up any part of your CI/CD pipeline.