image: ccsoft/ccsoft-pipeline:latest # ============================================================ # Pipeline Multi-Entorno: Producción y Pruebas # ============================================================ # Uso: # - Rama 'test' o 'develop' → Despliega automáticamente a TEST # - Rama 'main' o 'master' → Requiere aprobación manual para PROD # - Pull Requests → Solo validación (sin despliegue) # # Variables de Repositorio Requeridas en Bitbucket: # TEST_AWS_ACCESS_KEY_ID, TEST_AWS_SECRET_ACCESS_KEY, TEST_AWS_SESSION_TOKEN # PROD_AWS_ACCESS_KEY_ID, PROD_AWS_SECRET_ACCESS_KEY, PROD_AWS_SESSION_TOKEN # ============================================================ definitions: caches: terraform: ~/.terraform.d/plugin-cache npm: ~/.npm gradle: ~/.gradle services: docker: memory: 3072 steps: # Paso reutilizable: Setup SSH y herramientas - step: &setup-tools name: Setup Tools script: - apt-get update -qq - apt-get install -y -qq openssh-client jq unzip curl - terraform --version || (wget -q https://releases.hashicorp.com/terraform/1.5.0/terraform_1.5.0_linux_amd64.zip && unzip -q terraform_1.5.0_linux_amd64.zip && mv terraform /usr/local/bin/) - ansible --version || apt-get install -y -qq ansible - aws --version || pip install awscli - echo "Tools ready" # Paso reutilizable: Validar Terraform - step: &validate-terraform name: Validate Terraform script: - cd iac-duplicate/terraform - terraform init -backend=false - terraform validate - terraform fmt -check -recursive # Paso reutilizable: Plan Terraform (TEST) - step: &plan-test name: Plan Terraform (TEST) deployment: test-plan script: - cd iac-duplicate/terraform - export AWS_ACCESS_KEY_ID="$TEST_AWS_ACCESS_KEY_ID" - export AWS_SECRET_ACCESS_KEY="$TEST_AWS_SECRET_ACCESS_KEY" - export AWS_SESSION_TOKEN="$TEST_AWS_SESSION_TOKEN" - export AWS_DEFAULT_REGION="mx-central-1" - terraform init - terraform workspace select test || terraform workspace new test - terraform plan -var-file="environments/test/terraform.tfvars" -out=tfplan-test artifacts: - iac-duplicate/terraform/tfplan-test # Paso reutilizable: Apply Terraform (TEST) - step: &apply-test name: Apply Terraform (TEST) deployment: test trigger: automatic script: - cd iac-duplicate/terraform - export AWS_ACCESS_KEY_ID="$TEST_AWS_ACCESS_KEY_ID" - export AWS_SECRET_ACCESS_KEY="$TEST_AWS_SECRET_ACCESS_KEY" - export AWS_SESSION_TOKEN="$TEST_AWS_SESSION_TOKEN" - export AWS_DEFAULT_REGION="mx-central-1" - terraform init - terraform workspace select test - terraform apply -auto-approve tfplan-test - terraform output -json > terraform-outputs.json - cat terraform-outputs.json artifacts: - iac-duplicate/terraform/terraform-outputs.json # Paso reutilizable: Ansible Deploy (TEST) - step: &deploy-test name: Deploy Application (TEST) deployment: test-deploy script: - cd iac-duplicate/ansible - EC2_IP=$(cat ../terraform/terraform-outputs.json | jq -r '.ec2_public_ip.value') - echo "[test]" > inventory - echo "$EC2_IP ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/sacc4-test-key.pem" >> inventory - echo "[test:vars]" >> inventory - echo "ansible_python_interpreter=/usr/bin/python3" >> inventory - echo "environment=test" >> inventory - chmod 600 ~/.ssh/sacc4-test-key.pem 2>/dev/null || true - ansible-playbook -i inventory playbooks/site.yml # Paso reutilizable: Health Check (TEST) - step: &health-test name: Health Check (TEST) script: - EC2_IP=$(cat iac-duplicate/terraform/terraform-outputs.json | jq -r '.ec2_public_ip.value') - echo "Checking health on $EC2_IP..." - for port in 8080 8081 8082 8083 8084 8085; do echo "Port $port: $(curl -s -o /dev/null -w '%{http_code}' http://$EC2_IP:$port/actuator/health || echo 'FAILED')"; done - curl -f -I http://$EC2_IP:80 || echo "Nginx check: WARNING" # Paso reutilizable: Plan Terraform (PROD) - step: &plan-prod name: Plan Terraform (PROD) deployment: prod-plan script: - cd iac-duplicate/terraform - export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID" - export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY" - export AWS_SESSION_TOKEN="$PROD_AWS_SESSION_TOKEN" - export AWS_DEFAULT_REGION="mx-central-1" - terraform init - terraform workspace select prod || terraform workspace new prod - terraform plan -var-file="environments/prod/terraform.tfvars" -out=tfplan-prod artifacts: - iac-duplicate/terraform/tfplan-prod # Paso reutilizable: Apply Terraform (PROD) - REQUIERE APROBACIÓN - step: &apply-prod name: Apply Terraform (PROD) deployment: production trigger: manual script: - cd iac-duplicate/terraform - export AWS_ACCESS_KEY_ID="$PROD_AWS_ACCESS_KEY_ID" - export AWS_SECRET_ACCESS_KEY="$PROD_AWS_SECRET_ACCESS_KEY" - export AWS_SESSION_TOKEN="$PROD_AWS_SESSION_TOKEN" - export AWS_DEFAULT_REGION="mx-central-1" - terraform init - terraform workspace select prod - terraform apply -auto-approve tfplan-prod - terraform output -json > terraform-outputs-prod.json artifacts: - iac-duplicate/terraform/terraform-outputs-prod.json # Paso reutilizable: Notificación Telegram - step: ¬ify name: Notify Results script: - |- if [ -n "$TELEGRAM_BOT_TOKEN" ] && [ -n "$TELEGRAM_CHAT_ID" ]; then MESSAGE="✅ SACC4 Pipeline: $BITBUCKET_BRANCH - $BITBUCKET_STEP_KEY completado" curl -s -X POST "https://api.telegram.org/bot$TELEGRAM_BOT_TOKEN/sendMessage" \ -d "chat_id=$TELEGRAM_CHAT_ID" \ -d "text=$MESSAGE" >/dev/null fi # ============================================================ # PIPELINE POR RAMAS # ============================================================ pipelines: # RAMA TEST / DEVELOP → Despliegue automático a TEST branches: test: - step: *setup-tools - step: *validate-terraform - step: *plan-test - step: *apply-test - step: *deploy-test - step: *health-test - step: <<: *notify after-script: - echo "Test environment deployment completed" develop: - step: *setup-tools - step: *validate-terraform - step: *plan-test - step: *apply-test - step: *deploy-test - step: *health-test - step: <<: *notify after-script: - echo "Develop environment deployment completed" # RAMA MAIN / MASTER → Requiere aprobación para PROD main: - step: *setup-tools - step: *validate-terraform - step: *plan-prod - step: <<: *apply-prod trigger: manual # ⚠️ Requiere clic en "Run" en Bitbucket - step: name: Deploy Application (PROD) deployment: production-deploy script: - cd iac-duplicate/ansible - EC2_IP=$(cat ../terraform/terraform-outputs-prod.json | jq -r '.ec2_public_ip.value') - echo "[prod]" > inventory - echo "$EC2_IP ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/sacc4-prod-key.pem" >> inventory - chmod 600 ~/.ssh/sacc4-prod-key.pem 2>/dev/null || true - ansible-playbook -i inventory playbooks/site.yml - step: name: Health Check (PROD) script: - EC2_IP=$(cat iac-duplicate/terraform/terraform-outputs-prod.json | jq -r '.ec2_public_ip.value') - for port in 8080 8081 8082 8083 8084 8085; do echo "Port $port: $(curl -s -o /dev/null -w '%{http_code}' http://$EC2_IP:$port/actuator/health || echo 'FAILED')"; done - step: <<: *notify after-script: - echo "⚠️ PRODUCTION deployment completed - Review required" master: - step: *setup-tools - step: *validate-terraform - step: *plan-prod - step: <<: *apply-prod trigger: manual - step: name: Deploy Application (PROD) deployment: production-deploy script: - cd iac-duplicate/ansible - EC2_IP=$(cat ../terraform/terraform-outputs-prod.json | jq -r '.ec2_public_ip.value') - echo "[prod]" > inventory - echo "$EC2_IP ansible_user=ubuntu ansible_ssh_private_key_file=~/.ssh/sacc4-prod-key.pem" >> inventory - chmod 600 ~/.ssh/sacc4-prod-key.pem 2>/dev/null || true - ansible-playbook -i inventory playbooks/site.yml - step: <<: *notify after-script: - echo "⚠️ PRODUCTION deployment completed" # PULL REQUESTS → Solo validación, sin despliegue pull-requests: '**': - step: name: Code Quality Check script: - echo "Checking code quality..." - terraform fmt -check -recursive || true - step: name: Validate Terraform script: - cd iac-duplicate/terraform - terraform init -backend=false - terraform validate - step: name: Test Plan (TEST Environment) script: - cd iac-duplicate/terraform - terraform init -backend=false - terraform plan -var-file="environments/test/terraform.tfvars" after-script: - echo "PR validation completed - No changes applied" # CUSTOM PIPELINE: Destruir entorno TEST custom: destroy-test: - step: name: Destroy TEST Environment deployment: test trigger: manual script: - cd iac-duplicate/terraform - export AWS_ACCESS_KEY_ID="$TEST_AWS_ACCESS_KEY_ID" - export AWS_SECRET_ACCESS_KEY="$TEST_AWS_SECRET_ACCESS_KEY" - export AWS_SESSION_TOKEN="$TEST_AWS_SESSION_TOKEN" - export AWS_DEFAULT_REGION="mx-central-1" - terraform init - terraform workspace select test - echo "⚠️ WARNING: This will destroy the TEST environment!" - terraform destroy -var-file="environments/test/terraform.tfvars" -auto-approve - echo "TEST environment destroyed"