Evert Daniel Romero Garrido
cbea3e932b
- Agrega paso 03_terraform para DEV y PROD con init, plan y apply - Crea backend.dev.hcl para configuración explícita de estado DEV - Refactoriza Route53/ACM en main.tf para soportar PROD cross-account usando count condicional sin romper estado de DEV - Descomenta provider aws.route53 en provider.tf - Añade domain_name faltante en prod.tfvars y confirma dev.tfvars - Corrige output route53_record para recursos con count - Elimina errored.tfstate corrupto local - Incluye permiso sts:AssumeRole en IAM policy para Route53 cross-account
215 lines
9.8 KiB
YAML
215 lines
9.8 KiB
YAML
# ===============================================================================================================
|
|
# bitbucket-pipelines.yml - Pipeline CI/CD para proyectosacc
|
|
# Descripción:
|
|
# Pipeline de 7 pasos estándar de CCsoft para desplegar infraestructura (Terraform),
|
|
# frontend React (S3+CloudFront) y API backend (EC2) de SACC.
|
|
#
|
|
# Autor: Área de Tecnología y Desarrollo - CCsoft
|
|
# ===============================================================================================================
|
|
|
|
image: atlassian/default-image:5
|
|
|
|
definitions:
|
|
steps:
|
|
- step: ¬ify-start
|
|
name: Notify Start
|
|
script:
|
|
- export TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN}"
|
|
- export TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID}"
|
|
- bash ci-cd-commons/telegram_alert.sh "🚀 Iniciando pipeline de proyectosacc (${BITBUCKET_BRANCH})"
|
|
|
|
- step: ¬ify-fail
|
|
name: Notify Failure
|
|
script:
|
|
- export TELEGRAM_BOT_TOKEN="${TELEGRAM_BOT_TOKEN}"
|
|
- export TELEGRAM_CHAT_ID="${TELEGRAM_CHAT_ID}"
|
|
- bash ci-cd-commons/telegram_alert.sh "❌ Pipeline de proyectosacc falló en el paso ${BITBUCKET_STEP_KEY}"
|
|
|
|
pipelines:
|
|
default:
|
|
- step:
|
|
name: 04_build
|
|
script:
|
|
- set -euo pipefail
|
|
- echo "=== Build de proyectosacc (sin deploy) ==="
|
|
- npm ci
|
|
- npm run build
|
|
- ./gradlew clean bootJar
|
|
|
|
branches:
|
|
developer:
|
|
- step:
|
|
name: 01_image-setup
|
|
script:
|
|
- set -euo pipefail
|
|
- apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli wget unzip
|
|
- mkdir -p ~/.ssh
|
|
- echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
|
|
- chmod 600 ~/.ssh/sacc4_key
|
|
- ssh-keyscan -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" "${DEV_SERVER_IP_PROYECTOSACC}" >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
- export TELEGRAM_BOT_TOKEN="${DEV_TELEGRAM_BOT_TOKEN}"
|
|
- export TELEGRAM_CHAT_ID="${DEV_TELEGRAM_CHAT_ID}"
|
|
- bash ci-cd-commons/telegram_alert.sh "🚀 Iniciando pipeline DEV de proyectosacc"
|
|
|
|
- step:
|
|
name: 02_repo-config
|
|
script:
|
|
- set -euo pipefail
|
|
- git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-commons.git" ci-cd-commons
|
|
- git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-saac4.git" ci-cd-saac4
|
|
|
|
- step:
|
|
name: 03_terraform
|
|
script:
|
|
- set -euo pipefail
|
|
- cd terraform
|
|
- wget -q "https://releases.hashicorp.com/terraform/1.11.4/terraform_1.11.4_linux_amd64.zip"
|
|
- unzip -q terraform_1.11.4_linux_amd64.zip
|
|
- mv terraform /usr/local/bin/terraform
|
|
- terraform version
|
|
- export AWS_ACCESS_KEY_ID="${DEV_AWS_ACCESS_KEY_ID}"
|
|
- export AWS_SECRET_ACCESS_KEY="${DEV_AWS_SECRET_ACCESS_KEY}"
|
|
- export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-mx-central-1}"
|
|
- terraform init -backend-config=backend.dev.hcl
|
|
- terraform plan -var-file=environments/dev.tfvars -var="db_password=${DEV_DB_PASSWORD}" -out=dev.tfplan
|
|
- terraform apply -auto-approve dev.tfplan
|
|
- terraform output -json > terraform-outputs.json
|
|
- cat terraform-outputs.json
|
|
artifacts:
|
|
- terraform/terraform-outputs.json
|
|
|
|
- step:
|
|
name: 04_build
|
|
script:
|
|
- set -euo pipefail
|
|
- npm ci
|
|
- npm run build
|
|
- ./gradlew clean bootJar
|
|
artifacts:
|
|
- build/**
|
|
- build/libs/*.jar
|
|
|
|
- step:
|
|
name: 05_publish
|
|
script:
|
|
- set -euo pipefail
|
|
- aws s3 sync build/ "s3://${DEV_S3_FRONTEND_BUCKET}/" --delete
|
|
- aws s3 cp build/libs/*.jar "s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar"
|
|
|
|
- step:
|
|
name: 06_install
|
|
script:
|
|
- set -euo pipefail
|
|
- echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
|
|
- chmod 600 ~/.ssh/sacc4_key
|
|
- |
|
|
ssh -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" \
|
|
-i ~/.ssh/sacc4_key \
|
|
-o StrictHostKeyChecking=no \
|
|
"${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \
|
|
"bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${DEV_S3_ARTIFACTS_BUCKET}/develop/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
|
|
|
|
- step:
|
|
name: 07_deploy
|
|
script:
|
|
- set -euo pipefail
|
|
- echo "${DEV_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
|
|
- chmod 600 ~/.ssh/sacc4_key
|
|
- |
|
|
ssh -p "${DEV_SSH_PORT_PROYECTOSACC:-22}" \
|
|
-i ~/.ssh/sacc4_key \
|
|
-o StrictHostKeyChecking=no \
|
|
"${DEV_SERVER_USER_PROYECTOSACC:-thoth}@${DEV_SERVER_IP_PROYECTOSACC}" \
|
|
"bash /home/thoth/deploy/setup/deploy.sh"
|
|
- export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])")
|
|
- aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
|
|
- bash ci-cd-commons/telegram_alert.sh "✅ Deploy DEV de proyectosacc completado exitosamente"
|
|
|
|
master:
|
|
- step:
|
|
name: 01_image-setup
|
|
script:
|
|
- set -euo pipefail
|
|
- apt-get update -y && apt-get install -y openssh-client openjdk-21-jdk awscli wget unzip
|
|
- mkdir -p ~/.ssh
|
|
- echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
|
|
- chmod 600 ~/.ssh/sacc4_key
|
|
- ssh-keyscan -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" "${PROD_SERVER_IP_PROYECTOSACC}" >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
- export TELEGRAM_BOT_TOKEN="${PROD_TELEGRAM_BOT_TOKEN}"
|
|
- export TELEGRAM_CHAT_ID="${PROD_TELEGRAM_CHAT_ID}"
|
|
- bash ci-cd-commons/telegram_alert.sh "🚀 Iniciando pipeline PROD de proyectosacc"
|
|
|
|
- step:
|
|
name: 02_repo-config
|
|
script:
|
|
- set -euo pipefail
|
|
- git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-commons.git" ci-cd-commons
|
|
- git clone "https://x-token-auth:${BITBUCKET_PASSWORD}@bitbucket.org/ccsoft1/ci-cd-saac4.git" ci-cd-saac4
|
|
|
|
- step:
|
|
name: 03_terraform
|
|
script:
|
|
- set -euo pipefail
|
|
- cd terraform
|
|
- wget -q "https://releases.hashicorp.com/terraform/1.11.4/terraform_1.11.4_linux_amd64.zip"
|
|
- unzip -q terraform_1.11.4_linux_amd64.zip
|
|
- mv terraform /usr/local/bin/terraform
|
|
- terraform version
|
|
- export AWS_ACCESS_KEY_ID="${PROD_AWS_ACCESS_KEY_ID}"
|
|
- export AWS_SECRET_ACCESS_KEY="${PROD_AWS_SECRET_ACCESS_KEY}"
|
|
- export AWS_DEFAULT_REGION="${AWS_DEFAULT_REGION:-mx-central-1}"
|
|
- terraform init -backend-config=backend.prod.hcl
|
|
- terraform plan -var-file=environments/prod.tfvars -var="db_password=${PROD_DB_PASSWORD}" -out=prod.tfplan
|
|
- terraform apply -auto-approve prod.tfplan
|
|
- terraform output -json > terraform-outputs.json
|
|
- cat terraform-outputs.json
|
|
artifacts:
|
|
- terraform/terraform-outputs.json
|
|
|
|
- step:
|
|
name: 04_build
|
|
script:
|
|
- set -euo pipefail
|
|
- npm ci
|
|
- npm run build
|
|
- ./gradlew clean bootJar
|
|
artifacts:
|
|
- build/**
|
|
- build/libs/*.jar
|
|
|
|
- step:
|
|
name: 05_publish
|
|
script:
|
|
- set -euo pipefail
|
|
- aws s3 sync build/ "s3://${PROD_S3_FRONTEND_BUCKET}/" --delete
|
|
- aws s3 cp build/libs/*.jar "s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar"
|
|
|
|
- step:
|
|
name: 06_install
|
|
script:
|
|
- set -euo pipefail
|
|
- echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
|
|
- chmod 600 ~/.ssh/sacc4_key
|
|
- |
|
|
ssh -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" \
|
|
-i ~/.ssh/sacc4_key \
|
|
-o StrictHostKeyChecking=no \
|
|
"${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
|
|
"bash -c 'mkdir -p /home/thoth/deploy/artifacts/current && aws s3 cp s3://${PROD_S3_ARTIFACTS_BUCKET}/main/proyectosacc-app.jar /home/thoth/deploy/artifacts/current/proyectosacc-app.jar && chown osiris:osiris /home/thoth/deploy/artifacts/current/proyectosacc-app.jar'"
|
|
|
|
- step:
|
|
name: 07_deploy
|
|
script:
|
|
- set -euo pipefail
|
|
- echo "${PROD_SSH_PRIVATE_KEY_THOTH_PROYECTOSACC}" | base64 -d > ~/.ssh/sacc4_key
|
|
- chmod 600 ~/.ssh/sacc4_key
|
|
- |
|
|
ssh -p "${PROD_SSH_PORT_PROYECTOSACC:-22}" \
|
|
-i ~/.ssh/sacc4_key \
|
|
-o StrictHostKeyChecking=no \
|
|
"${PROD_SERVER_USER_PROYECTOSACC:-thoth}@${PROD_SERVER_IP_PROYECTOSACC}" \
|
|
"bash /home/thoth/deploy/setup/deploy.sh"
|
|
- export CLOUDFRONT_DISTRIBUTION_ID=$(python3 -c "import json; print(json.load(open('terraform/terraform-outputs.json'))['cloudfront_distribution_id']['value'])")
|
|
- aws cloudfront create-invalidation --distribution-id "${CLOUDFRONT_DISTRIBUTION_ID}" --paths "/*"
|
|
- bash ci-cd-commons/telegram_alert.sh "✅ Deploy PROD de proyectosacc completado exitosamente"
|