@Library('shared-lib') _ import tech.avroid.scm.Git import tech.avroid.jenkins.Notifications properties([ buildDiscarder(logRotator(artifactNumToKeepStr: '10', numToKeepStr: '10')), disableConcurrentBuilds() ]) String recipient = "devops@avroid.team" String ansibleRepo = 'DevOps/ansible' List vaultType = ['policies', 'roles'] List vaultHosts = [ [env: 'avroid_prod', host: 'vault.avroid.tech'], ] podTemplate(workspaceVolume: hostPathWorkspaceVolume(hostPath: '/data'), yaml: getPodTemplate('pythonBuild')){ node(POD_LABEL) { container(name: 'python-build') { try { stage('Get repository') { Git git = new Git(this, "$env.JENKINS_GIT_CREDENTIALS_SSH") git.clone([urlRepo: "${env.JENKINS_GIT_REPOSITORY_SSH_URL}/${ansibleRepo}.git", branch: 'master']) } stage('Update roles policies') { withCredentials([[$class: 'VaultTokenCredentialBinding', credentialsId: 'vault-role', vaultAddr: "${env.JENKINS_VAULT_URL}"]]) { withEnv(["PATH=$PATH:/home/jenkins/.local/bin"]) { ansiColor('xterm') { sh 'pip install --user --pre -r requirements.txt' sh "sed -ie 's/vault_password_file.*//' ansible.cfg" vaultType.each { type -> vaultHosts.each { host -> ansiblePlaybook( installation: 'ansible', colorized: true, playbook: "playbooks/cicd/vault-${type}-update.yaml", extraVars: [ vault_host: host.host, ansible_env: host.env ], ) } } } } } } } catch (err) { errorMessage = err.getMessage() println 'ERROR: ' + errorMessage currentBuild.result = 'FAILURE' String emailSubject = "${currentBuild.currentResult}. Pipeline task: ${currentBuild.fullDisplayName}" Notifications.email( script: this, subject: emailSubject, errorString: errorMessage, recipientProviders: [], to: recipient ) } finally { cleanWs() } } } }