more elaboration, still full of TODO's
All checks were successful
gitea.arg.rip/deployment/pipeline/head This commit looks good

This commit is contained in:
adam 2024-11-17 13:24:01 -05:00
parent 563fae4908
commit c8b9a5cf0f

View File

@ -3,6 +3,7 @@ pipeline {
parameters {
string(name: 'svcname', description: "service name")
string(name: 'svcdesc', description: "service description")
boolean(name: 'database', description: "service has a database", defaultValue: false)
}
stages {
stage("type strengthening") {
@ -12,18 +13,24 @@ pipeline {
error("svcname mandatory")
}
}
//TODO: generate password for the service account
//TODO: generate password for prod DB
//TODO: generate password for dev DB
//TODO: save them somewhere. probably better to not lock myself out of these accounts from moment 0
}
}
stage("gitea project"){
steps{
script {
//TODO: clone _template-service
//TODO: if not database version, strip out database stuff
}
}
}
stage("service account"){
steps{
script {
//jenkins, the user trying to SSH, must be able to ssh in and sudo
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
#commands to run on remote host
useradd -m -s /bin/bash $username
@ -32,6 +39,27 @@ pipeline {
}
}
}
stage("db init"){
when { expression { return params.database } }
steps {
//i'm pretty sure "update" with nothing will init?
//meaning we don't have to init, first update will init
script {
ssh user@host username=$svcname svcpw=$ARG2 'echo "rootpass" | sudo -Sv && bash -s' << 'ENDSSH'
sudo -u postgres psql
postgres=# create database mydb;
postgres=# create user myuser with encrypted password 'mypass';
postgres=# grant all privileges on database mydb to myuser;
postgres=# create database mydb_dev;
postgres=# create user myuser_dev with encrypted password 'myotherpass';
postgres=# grant all privileges on database mydb_dev to myuser_dev;
ENDSSH
}
}
}
stage("initial service setup"){
steps{
script {