From 5349c700862a20b3f7dc7d1a3d2bd8e6a5582744 Mon Sep 17 00:00:00 2001
From: Haim Kortovich <haim.kortovich@topmanage.com>
Date: Wed, 28 Aug 2024 17:56:16 -0500
Subject: [PATCH] Add prod pipeline

[ZITADOPER-6]
---
 bitbucket-pipelines.yml | 50 +++++++++++++++++++++++++++++++++++++++--
 1 file changed, 48 insertions(+), 2 deletions(-)

diff --git a/bitbucket-pipelines.yml b/bitbucket-pipelines.yml
index 05bdaf9..509734b 100644
--- a/bitbucket-pipelines.yml
+++ b/bitbucket-pipelines.yml
@@ -112,6 +112,51 @@ definitions:
             DOCKERREGISTRY_PASSWORD=$K8S_ARES_QA_DOCKERREGISTRY_PASSWORD      \
             ./build/push-image.sh
 
+    - step: &package-prod
+        name: "Package Chart for Production"
+        runs-on:
+          - "nixrunner"
+          - "linux.shell"
+          - "self.hosted"
+        script:
+          - mkdir -p charts
+          - export VERSION="$BITBUCKET_BUILD_NUMBER"
+          - export REPOSITORY="$K8S_ARES_PROD_DOCKERREGISTRY_URL/$BITBUCKET_REPO_SLUG"
+          - nix-shell -p yq-go --run 'yq -i ".controllerManager.manager.image.tag = env(VERSION)" ./ops/chart/values.yaml'
+          - nix-shell -p yq-go --run 'yq -i ".controllerManager.manager.image.repository = env(REPOSITORY)" ./ops/chart/values.yaml'
+          - nix-shell -p kubernetes-helm --run 'helm repo add base "$K8S_ARES_PROD_CHARTMUSEUM_ENDPOINT" --username "$K8S_ARES_PROD_CHARTMUSEUM_USERNAME" --password "$K8S_ARES_PROD_CHARTMUSEUM_PASSWORD" --insecure-skip-tls-verify --force-update && helm dependency build ./ops/chart && helm package ./ops/chart -d result --app-version "$VERSION" --version "$VERSION"'
+          - cp -a ./result/. charts/
+        artifacts:
+          - charts/*
+
+    - step: &publish-prod
+        name: "Publish Chart to Production"
+        runs-on:
+          - "nixrunner"
+          - "linux.shell"
+          - "self.hosted"
+        deployment: prod
+        script:
+          - |
+            nix-shell -p cacert curl --run 'curl -k --fail --data-binary "@charts/$(ls charts | tee /dev/stderr | head -n 1)" -u "$K8S_ARES_PROD_CHARTMUSEUM_USERNAME:$K8S_ARES_PROD_CHARTMUSEUM_PASSWORD" "$K8S_ARES_PROD_CHARTMUSEUM_ENDPOINT/api/charts"'
+
+    - step: &push-prod
+        name: "Push image to Production"
+        image: topmanage/deployment-pipeline-image:28
+        runs-on:
+          - "linux"
+          - "self.hosted"
+        # deployment: prod
+        script:
+          - |
+            set -euo pipefail
+            DOCKERREGISTRY_URL=$K8S_ARES_PROD_DOCKERREGISTRY_URL                \
+            DOCKERREGISTRY_CACERT=$K8S_ARES_PROD_DOCKERREGISTRY_CACERT          \
+            DOCKERREGISTRY_CLIENTCERT=$K8S_ARES_PROD_DOCKERREGISTRY_CLIENTCERT  \
+            DOCKERREGISTRY_CLIENTKEY=$K8S_ARES_PROD_DOCKERREGISTRY_CLIENTKEY    \
+            DOCKERREGISTRY_PASSWORD=$K8S_ARES_PROD_DOCKERREGISTRY_PASSWORD      \
+            ./build/push-image.sh
+
 pipelines:
   default:
     - parallel:
@@ -133,5 +178,6 @@ pipelines:
       - parallel:
           - step: *build
           - step: *test
-          - step: *package-dev
-      - step: *push-dev
+          - step: *package-prod
+      - step: *push-prod
+      - step: *publish-prod