refactor: improve security by updating docker login command in...

#  CI_REGISTRY: $CI_REGISTRY

  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY

  NAMESPACE_PROD: "ocf-prod"

  DOMAIN_PROD: prod.int

  DOMAIN_PROD: ocf.production

  PATH_PROD: prod

# it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed

# to the repository.

#.release_common: &relase_common

#  rules:

##    - if: '$CI_COMMIT_TAG =~ /^.*-release$/'

#    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'

#  tags:

#    - shell

.release_common: &relase_common

  rules:

#    - if: '$CI_COMMIT_TAG =~ /^.*-release$/'

    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'

  tags:

    - shell

prod_build_and_push:

  stage: prod_build_and_push

   - docker logout $CI_REGISTRY

#deploy_ocf_prod:

#  stage: deploy_ocf_prod

#  needs:

#    - prod_build_and_push

#  <<: *relase_common

#  environment:

#    name: review/production

#    url: https://$NAMESPACE_PROD.$DOMAIN_PROD

#  script:

#    - | 

#      echo "------ A release has been created! -------"

#      helm version

#      kubectl version --output=yaml

#      echo "### setting kubeconfig###"

#      whoami

#      kubectl cluster-info

#      yq --version

#      ls -rtt helm/capif

#      cat helm/capif/Chart.yaml

#      yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml

#      cat helm/capif/Chart.yaml

#

#      charts=("mock-server" "nginx" "ocf-access-control-policy" 

#        "ocf-api-invocation-logs" "ocf-api-invoker-management" 

#        "ocf-api-provider-management" "ocf-auditing-api-logs" 

#        "ocf-discover-service-api" "ocf-events" "ocf-helper" 

#        "ocf-publish-service-api" "ocf-register" "ocf-routing-info" 

#        "ocf-security")

#      

#      for chart in "${charts[@]}"; do

#        yq e -i ".appVersion = \"staging\"" "helm/capif/charts/$chart/Chart.yaml"

#      done

#

#

#      echo "### download dependencies###"

#      helm dependency build helm/capif

#      echo "### updating capif###"

#      helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \

#      --set grafana.enabled=true \

#      --set grafana.ingress.enabled=true \

#      --set grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \

#      --set grafana.ingress.hosts[0].paths[0].path="/" \

#      --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \

#      --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \

#      --set grafana.env.tempoUrl="http://ocf-staging-tempo:3100" \

#      --set fluentbit.enabled=true \

#      --set loki.enabled=true \

#      --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \

#      --set otelcollector.enabled=true \

#      --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \

#      --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \

#      --set ocf-access-control-policy.image.tag=staging \

#      --set ocf-access-control-policy.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-access-control-policy.monitoring="true" \

#      --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \

#      --set ocf-api-invocation-logs.image.tag=staging \

#      --set ocf-api-invocation-logs.env.monitoring="true" \

#      --set ocf-api-invocation-logs.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \

#      --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \

#      --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \

#      --set ocf-api-invoker-management.image.tag=staging \

#      --set ocf-api-invoker-management.env.monitoring="true" \

#      --set ocf-api-invoker-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \

#      --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \

#      --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \

#      --set ocf-api-provider-management.image.tag=staging \

#      --set ocf-api-provider-management.env.monitoring="true" \

#      --set ocf-api-provider-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \

#      --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \

#      --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \

#      --set ocf-events.image.tag=staging \

#      --set ocf-events.env.monitoring="true" \

#      --set ocf-events.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \

#      --set ocf-routing-info.image.tag=staging \

#      --set ocf-routing-info.env.monitoring="true" \

#      --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \

#      --set ocf-security.image.tag=staging \

#      --set ocf-security.env.monitoring="true" \

#      --set ocf-security.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \

#      --set ocf-security.env.vaultPort=$VAULT_PORT \

#      --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \

#      --set ocf-register.image.tag=staging \

#      --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \

#      --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set ocf-register.env.vaultPort=$VAULT_PORT \

#      --set ocf-register.env.mongoHost=mongo-register \

#      --set ocf-register.env.mongoPort=27017 \

#      --set ocf-register.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-register.ingress.enabled=true \

#      --set ocf-register.ingress.hosts[0].host=register-staging.$DOMAIN_STAGING \

#      --set ocf-register.ingress.hosts[0].paths[0].path="/" \

#      --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \

#      --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \

#      --set ocf-auditing-api-logs.image.tag=staging \

#      --set ocf-auditing-api-logs.env.monitoring="true" \

#      --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \

#      --set ocf-publish-service-api.image.tag=staging \

#      --set ocf-publish-service-api.env.monitoring="true" \

#      --set ocf-publish-service-api.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \

#      --set ocf-discover-service-api.image.tag=staging \

#      --set ocf-discover-service-api.env.monitoring="true" \

#      --set nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \

#      --set nginx.image.tag=staging \

#      --set nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set nginx.env.vaultHostname=$VAULT_HOSTNAME \

#      --set nginx.env.vaultPort=$VAULT_PORT \

#      --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set nginx.ingress.enabled=true \

#      --set nginx.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \

#      --set nginx.ingress.hosts[0].paths[0].path="/" \

#      --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \

#      --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \

#      --set ocf-helper.image.tag=staging \

#      --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \

#      --set ocf-helper.env.vaultPort=$VAULT_PORT \

#      --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \

#      --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \

#      --set mock-server.enabled=true \

#      --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \

#      --set mock-server.image.tag=staging \

#      --set mock-server.ingress.enabled=true \

#      --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \

#      --set mock-server.ingress.hosts[0].paths[0].path="/" \

#      --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \

#      --set mongo-register-express.enabled=true \

#      --set mongo-register-express.ingress.enabled=true \

#      --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \

#      --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \

#      --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \

#      --set mongo-express.enabled=true \

#      --set mongo-express.ingress.enabled=true \

#      --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \

#      --set mongo-express.ingress.hosts[0].paths[0].path="/" \

#      --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \

#      --wait --timeout=10m --create-namespace --atomic

 No newline at end of file

deploy_ocf_prod:

  stage: deploy_ocf_prod

  needs:

    - prod_build_and_push

  <<: *relase_common

  environment:

    name: review/production

    url: https://$NAMESPACE_PROD.$DOMAIN_PROD

  script:

    - | 

      echo "------ A release has been created! -------"

      helm version

      kubectl version --output=yaml

      echo "### setting kubeconfig###"

      whoami

      kubectl cluster-info

      yq --version

      ls -rtt helm/capif

      cat helm/capif/Chart.yaml

      yq e -i ".appVersion = \"prod\"" helm/capif/Chart.yaml

      cat helm/capif/Chart.yaml

      charts=("mock-server" "nginx" "ocf-access-control-policy" 

        "ocf-api-invocation-logs" "ocf-api-invoker-management" 

        "ocf-api-provider-management" "ocf-auditing-api-logs" 

        "ocf-discover-service-api" "ocf-events" "ocf-helper" 

        "ocf-publish-service-api" "ocf-register" "ocf-routing-info" 

        "ocf-security")

      for chart in "${charts[@]}"; do

        yq e -i ".appVersion = \"prod\"" "helm/capif/charts/$chart/Chart.yaml"

      done

      echo "### download dependencies###"

      helm dependency build helm/capif

      echo "### updating capif###"

      helm upgrade --install -n $NAMESPACE_PROD ocf-prod helm/capif/ \

      --set grafana.enabled=true \

      --set grafana.ingress.enabled=true \

      --set grafana.ingress.hosts[0].host=ocf-mon-prod.$DOMAIN_PROD \

      --set grafana.ingress.hosts[0].paths[0].path="/" \

      --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \

      --set grafana.env.prometheusUrl=http://prometheus.$DOMAIN_PROD \

      --set grafana.env.tempoUrl="http://ocf-prod-tempo:3100" \

      --set fluentbit.enabled=true \

      --set loki.enabled=true \

      --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.$DOMAIN_PROD/api/v1/write \

      --set otelcollector.enabled=true \

      --set otelcollector.configMap.tempoEndpoint=ocf-prod-tempo:4317 \

      --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api \

      --set ocf-access-control-policy.image.tag=$CI_COMMIT_TAG \

      --set ocf-access-control-policy.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-access-control-policy.monitoring="true" \

      --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api \

      --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_TAG \

      --set ocf-api-invocation-logs.env.monitoring="true" \

      --set ocf-api-invocation-logs.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \

      --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \

      --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api \

      --set ocf-api-invoker-management.image.tag=$CI_COMMIT_TAG \

      --set ocf-api-invoker-management.env.monitoring="true" \

      --set ocf-api-invoker-management.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \

      --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \

      --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api \

      --set ocf-api-provider-management.image.tag=$CI_COMMIT_TAG \

      --set ocf-api-provider-management.env.monitoring="true" \

      --set ocf-api-provider-management.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \

      --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \

      --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api \

      --set ocf-events.image.tag=$CI_COMMIT_TAG \

      --set ocf-events.env.monitoring="true" \

      --set ocf-events.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api \

      --set ocf-routing-info.image.tag=$CI_COMMIT_TAG \

      --set ocf-routing-info.env.monitoring="true" \

      --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api \

      --set ocf-security.image.tag=$CI_COMMIT_TAG \

      --set ocf-security.env.monitoring="true" \

      --set ocf-security.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \

      --set ocf-security.env.vaultPort=$VAULT_PORT \

      --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/register \

      --set ocf-register.image.tag=$CI_COMMIT_TAG \

      --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \

      --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set ocf-register.env.vaultPort=$VAULT_PORT \

      --set ocf-register.env.mongoHost=mongo-register \

      --set ocf-register.env.mongoPort=27017 \

      --set ocf-register.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-register.ingress.enabled=true \

      --set ocf-register.ingress.hosts[0].host=register-prod.$DOMAIN_PROD \

      --set ocf-register.ingress.hosts[0].paths[0].path="/" \

      --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \

      --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api \

      --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_TAG \

      --set ocf-auditing-api-logs.env.monitoring="true" \

      --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api \

      --set ocf-publish-service-api.image.tag=$CI_COMMIT_TAG \

      --set ocf-publish-service-api.env.monitoring="true" \

      --set ocf-publish-service-api.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api \

      --set ocf-discover-service-api.image.tag=$CI_COMMIT_TAG \

      --set ocf-discover-service-api.env.monitoring="true" \

      --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/nginx \

      --set nginx.image.tag=$CI_COMMIT_TAG \

      --set nginx.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set nginx.env.vaultHostname=$VAULT_HOSTNAME \

      --set nginx.env.vaultPort=$VAULT_PORT \

      --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set nginx.ingress.enabled=true \

      --set nginx.ingress.hosts[0].host=capif-prod.$DOMAIN_PROD \

      --set nginx.ingress.hosts[0].paths[0].path="/" \

      --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \

      --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/helper \

      --set ocf-helper.image.tag=$CI_COMMIT_TAG \

      --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \

      --set ocf-helper.env.vaultPort=$VAULT_PORT \

      --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \

      --set ocf-helper.env.capifHostname=capif-prod.$DOMAIN_PROD \

      --set mock-server.enabled=true \

      --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server \

      --set mock-server.image.tag=$CI_COMMIT_TAG \

      --set mock-server.ingress.enabled=true \

      --set mock-server.ingress.hosts[0].host=mock-server-prod.$DOMAIN_PROD \

      --set mock-server.ingress.hosts[0].paths[0].path="/" \

      --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \

      --set mongo-register-express.enabled=true \

      --set mongo-register-express.ingress.enabled=true \

      --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-prod.$DOMAIN_PROD" \

      --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \

      --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \

      --set mongo-express.enabled=true \

      --set mongo-express.ingress.enabled=true \

      --set mongo-express.ingress.hosts[0].host="mongo-express-prod.$DOMAIN_PROD" \

      --set mongo-express.ingress.hosts[0].paths[0].path="/" \

      --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \

      --wait --timeout=10m --create-namespace --atomic

 No newline at end of file