os2borgerpc-admin-site/.gitlab-ci.yml at master · magenta-aps/os2borgerpc-admin-site · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
---
# Copyright (C) 2021 Magenta ApS, http://magenta.dk.
# Contact: info@magenta.dk.
#
# For `docker push` to work, the following envionment variables have to be set
# in the Gitlab UI.
# RELEASE_REGISTRY_USER
# RELEASE_REGISTRY_PASSWORD
#
# For deployment via config-updater and saltbert these variables are needed as well:
# CONFIG_UPDATER_USERNAME
# CONFIG_UPDATER_PASSWORD
# SALTBERT_TEST_PASSWORD and SALBERT_PROD_PASSWORD
# (both are used as SALBERT_PASSWORD for test and prod servers respectively)
include:
  - project: labs/salt-automation
    ref: master
    file:
      - /gitlab-ci-templates/common/rules.v1.yml
      - /gitlab-ci-templates/common/config-updater-meta.v1.yml
      - /gitlab-ci-templates/common/saltbert.v1.yml
      - /gitlab-ci-templates/common/docker-build-meta.v2.yml
stages: [lint, build, release, deploy]
variables:
  DOCKERFILE: $CI_PROJECT_DIR/docker/Dockerfile
  IMAGE_SHA: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
  IMAGE_DEV: ${CI_REGISTRY_IMAGE}:dev
  RELEASE_IMAGE: magentaaps/os2borgerpc-admin
  RELEASE_IMAGE_TAG: ${RELEASE_IMAGE}:${CI_COMMIT_TAG}
  RELEASE_IMAGE_LATEST: ${RELEASE_IMAGE}:latest

################
#  Lint stage  #
################

pre-commit:
  stage: lint
  image: alpine:edge
  before_script:
    - apk add pre-commit git
    # Prepare bin cache
    - mkdir --parents ${BIN_CACHE_DIR}
    - export PATH=$PATH:${BIN_CACHE_DIR}
  script:
    pre-commit run --all-files --verbose
  variables:
    # GitLab can only cache paths that are in the local working copy, so we
    # change directories to be inside the project directory.
    # https://docs.gitlab.com/ee/ci/yaml/index.html#cache
    # https://pre-commit.com/index.html#gitlab-ci-example
    PIP_CACHE_DIR: ${CI_PROJECT_DIR}/.cache/pip
    PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
    BIN_CACHE_DIR: ${CI_PROJECT_DIR}/.cache/bin
  cache:
    # The cache is tied to the pre-commit and gitlab-ci config, so it is reused
    # as long as .pre-commit-config.yaml and .gitlab-ci.yml is unchanged.
    # https://docs.gitlab.com/ee/ci/yaml/index.html#cachekeyfiles
    key:
      files:
        - .pre-commit-config.yaml
        - .gitlab-ci.yml
    paths:
      - ${PIP_CACHE_DIR}
      - ${PRE_COMMIT_HOME}
      - ${BIN_CACHE_DIR}

lint dockerfiles:
  stage: lint
  image: hadolint/hadolint:latest-alpine
  script:
    - find . -name Dockerfile -exec hadolint {} \;

#################
#  Build stage  #
#################

build app image:
  extends: .build-docker
  # Minimize unnecessary builds, specified because the extended template sets needs to []
  needs:
    - pre-commit
    - lint dockerfiles

###################
#  Release stage  #
###################

.release-default: &release-default
  stage: release
  image: alpine
  variables:
    GIT_STRATEGY: none  # We do not need the source code
  before_script: [apk add skopeo]

release versioned:
  <<: *release-default
  extends: [.rules:semver-all]
  script:
    - skopeo copy --src-creds=${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}
      --dest-creds=${RELEASE_REGISTRY_USER}:${RELEASE_REGISTRY_PASSWORD}
      "docker://${IMAGE_SHA}"
      "docker://${RELEASE_IMAGE_TAG}"

release latest:
  <<: *release-default
  extends: [.rules:semver-core]
  script:
    - skopeo copy --src-creds=${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}
      --dest-creds=${RELEASE_REGISTRY_USER}:${RELEASE_REGISTRY_PASSWORD}
      "docker://${IMAGE_SHA}"
      "docker://${RELEASE_IMAGE_LATEST}"

##################
#  Deploy stage  #
##################

testing update version salt:
  extends: [.rules:semver-all, .config:endpoint-with-tag]
  needs: [release versioned]
  when: manual
  variables:
    ENDPOINT: os2bpc/salt/update-test
    CONFIG_UPDATER_USERNAME: os2bpc

testing trigger salt deployment:
  extends: [.rules:semver-all, .saltbert]
  needs: [testing update version salt]
  when: manual
  variables:
    SALTBERT_ORCHESTRATION: os2bpc.test
    SALTBERT_URL: https://saltmaster.os2borgerpc.magentahosted.dk
    SALTBERT_PASSWORD: $SALTBERT_TEST_PASSWORD
  environment:
    name: os2borgerpc-test
    url: https://os2borgerpc-test.magenta.dk

prod update version salt:
  extends: [.rules:semver-core, .config:endpoint-with-tag]
  needs: [release latest, testing trigger salt deployment]
  when: manual
  variables:
    ENDPOINT: os2bpc/salt/update-production
    CONFIG_UPDATER_USERNAME: os2bpc

prod trigger salt deployment:
  extends: [.rules:semver-core, .saltbert]
  needs: [prod update version salt]
  when: manual
  variables:
    SALTBERT_ORCHESTRATION: os2bpc.production
    SALTBERT_URL: https://saltmaster.os2borgerpc.magentahosted.dk
    SALTBERT_PASSWORD: $SALTBERT_PROD_PASSWORD
  environment:
    name: os2borgerpc-admin
    url: https://os2borgerpc-admin.magenta.dk