From 1d05cfd590bab9ea79a75c8dda1f6bbda79e36ee Mon Sep 17 00:00:00 2001
From: Dimitra Chatzichrysou <dimitra.chatzichrysou@cern.ch>
Date: Fri, 6 Nov 2020 09:54:25 +0000
Subject: [PATCH] [#18] Refactor CI to match deployment in notifications-infra

---
 .gitlab-ci.yml | 253 +++++++++++++++++++++++++++----------------------
 1 file changed, 140 insertions(+), 113 deletions(-)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 11ebcee3..82c3a0fa 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1,25 +1,18 @@
 variables:
   NAMESPACE_DEV: test-notifications-service
-  NAMESPACE_QA: notifications-service-qa
-  NAMESPACE_PROD: notifications-service
-  OPENSHIFT_SERVER_PROD: https://openshift.cern.ch
   OPENSHIFT_SERVER_DEV: https://openshift-dev.cern.ch
   BUILD_ENV_DEV: dev
-  BUILD_ENV_PROD: production
-  BUILD_ENV_QA: qa
-  QA_TAG: qa
   DEV_TAG: dev
-  RESOURCE: ${CI_PROJECT_NAME}
-  APP_NAME: ${CI_PROJECT_NAME}
+  RESOURCE: web-portal-image-stream
   
 stages:
-  #- test
-  - build
-  - build_docker
-  - deploy
+  - Build_App
+  - Build
+  - Tag_Image
+  - Import_Image
 
-.build_template: &build_definition
-  stage: build
+.build_app:
+  stage: Build_App
   image: node:12-alpine
   script:
     - yarn install
@@ -28,130 +21,164 @@ stages:
     paths:
       - build
 
-.docker_build_template: &docker_definition
-  stage: build_docker
+.build:
+  stage: Build
   tags:
     - docker-image-build
-  script: "echo building $CI_REGISTRY_IMAGE for keycloak-rest-adapter" # No empty scripts are allowed
+  script:
+    - "echo 'Building docker image'"
 
-.deploy_template: &deploy_definition
-  stage: deploy
+# If a new tag is pushed it needs to be referenced into the ImageStream
+.tag_image:
+  stage: Tag_Image
   image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
   script:
-    - LOWERCASE_PATH=$(echo ${CI_PROJECT_PATH} | awk '{ print tolower($0) } ')
-    # Adding || true to disable the error message when the image already exists
-    - oc import-image ${APP_NAME} --from="gitlab-registry.cern.ch/${LOWERCASE_PATH}:${TAG}" --confirm --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE} || true
-    - oc tag "gitlab-registry.cern.ch/${LOWERCASE_PATH}:${TAG}" "${APP_NAME}:latest" --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
-
-### Testing
+   - oc tag --source=docker ${CI_REGISTRY_IMAGE}:${CI_REGISTRY_TAG} ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
 
-# test:
-#   stage: test
-#   image: "python:3.7-slim"
-#   before_script:
-#     - pip install -r requirements.txt
-#     - pip install -r test-requirements.txt
-#   script:
-#     - pytest
-#   services:
-#     - name: gitlab-registry.cern.ch/authzsvc/docker-images/keycloak
-#       alias: keycloak
-#   variables:
-#     KEYCLOAK_USER: "admin"
-#     KEYCLOAK_PASSWORD: "admin"
-
-### React build definitions
+# Import image to OpenShift.
+.import_image:
+  stage: Import_Image
+  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
+  script:
+    - oc import-image ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
 
-build_dev:
-  <<: *build_definition
+build_app:
+  extends: .build_app
   variables:
     BUILD_ENV: ${BUILD_ENV_DEV}
-  except:
-    - master
-
-build_qa:
-  <<: *build_definition
+  rules:
+    - if: $CI_MERGE_REQUEST_ID
+      when: manual
+    - if: $CI_COMMIT_TAG || $CI_COMMIT_BRANCH == 'master'
+    - when: never
+
+# Build image and store it in the registry.
+build:
+  extends: .build
   variables:
-    BUILD_ENV: ${BUILD_ENV_QA}
-  only:
-    - master
-
-build_prod:
-  <<: *build_definition
+    TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'master' 
+    - when: never
+
+# Build MR image and store it in the registry.
+build_test_image:
+  extends: .build
   variables:
-    BUILD_ENV: ${BUILD_ENV_PROD}
-  only:
-    - tags
-
-
-
-
-### Docker build definitions
-
-build_docker_dev:
-  <<: *docker_definition
+    TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_SLUG}
+  rules:
+    - if:  $CI_MERGE_REQUEST_ID
+      when: manual
+      allow_failure: true
+    - when: never
+
+# Build dev image and store it in the registry.
+build_dev_image:
+  extends: .build
   variables:
     TO: ${CI_REGISTRY_IMAGE}:${DEV_TAG}
-  except:
-    - master
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - when: never
 
-build_docker_qa:
-  <<: *docker_definition
-  variables:
-    TO: ${CI_REGISTRY_IMAGE}:${QA_TAG}
-  only:
-    - master
-
-build_docker_prod:
-  <<: *docker_definition
+# Build tagged image and store it in the registry.
+build_tagged_image:
+  extends: .build
   variables:
     TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
-  only:
-    - tags # the branch you want to publish
+  rules:
+    - if: $CI_COMMIT_TAG
+    - when: never
 
-### Deployment definitions
-  
-deploy_dev:
-  <<: *deploy_definition
+# Create tag for MR image in OpenShift DEV.
+tag_test_image_dev:
+  extends: .tag_image
+  environment:
+    name: branch/$CI_COMMIT_REF_SLUG
   variables:
-    ENVIRONMENT: dev
-    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+    CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG
+    TAG: $CI_COMMIT_REF_SLUG
     TOKEN: ${OPENSHIFT_DEV_TOKEN}
     NAMESPACE: ${NAMESPACE_DEV}
+    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+  rules:
+    - if:  $CI_MERGE_REQUEST_ID
+      when: manual
+      allow_failure: true
+    - when: never
+
+# Create tag for dev image in OpenShift DEV.
+tag_dev_image_dev:
+  extends: .tag_image
+  environment:
+    name: dev
+  variables:
+    CI_REGISTRY_TAG: ${DEV_TAG}
     TAG: ${DEV_TAG}
-    ROUTE_HOSTNAME: https://${NAMESPACE_DEV}.web.cern.ch
+    TOKEN: ${OPENSHIFT_DEV_TOKEN}
+    NAMESPACE: ${NAMESPACE_DEV}
+    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - when: never
+
+# Create tag for tagged image in OpenShift DEV.
+tag_tagged_image_dev:
+  extends: .tag_image
   environment:
     name: dev
-    url: https://${NAMESPACE_DEV}.web.cern.ch
-  only:
-    - dev
+  variables:
+    CI_REGISTRY_TAG: $CI_COMMIT_TAG
+    TAG: $CI_COMMIT_TAG
+    TOKEN: ${OPENSHIFT_DEV_TOKEN}
+    NAMESPACE: ${NAMESPACE_DEV}
+    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+  rules:
+    - if: $CI_COMMIT_TAG
+    - when: never
 
-deploy_qa:
-  <<: *deploy_definition
+# Import MR image into OpenShift DEV.
+import_test_image_dev:
+  extends: .import_image
+  environment:
+    name: branch/$CI_COMMIT_REF_SLUG
   variables:
-    ENVIRONMENT: qa
-    TOKEN: ${OPENSHIFT_QA_TOKEN}
-    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_PROD}
-    NAMESPACE: ${NAMESPACE_QA}
-    TAG: ${QA_TAG}
-    ROUTE_HOSTNAME: https://${NAMESPACE_QA}.web.cern.ch
+    TAG: $CI_COMMIT_REF_SLUG
+    TOKEN: ${OPENSHIFT_DEV_TOKEN}
+    NAMESPACE: ${NAMESPACE_DEV}
+    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+  rules:
+    - if:  $CI_MERGE_REQUEST_ID
+      when: manual
+      allow_failure: true
+    - when: never
+
+# Import dev image into OpenShift DEV.
+import_dev_image_dev:
+  extends: .import_image
   environment:
-    name: qa
-    url: https://${NAMESPACE_QA}.web.cern.ch
-  only:
-    - master
-
-deploy_prod:
-  <<: *deploy_definition
+    name: dev
+    url: https://${NAMESPACE_DEV}.web.cern.ch
   variables:
-    TOKEN: ${OPENSHIFT_PROD_TOKEN}
-    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_PROD}
-    NAMESPACE: ${NAMESPACE_PROD}
-    TAG: ${CI_COMMIT_TAG}
-    ROUTE_HOSTNAME: https://${NAMESPACE_PROD}.web.cern.ch
+    TAG: ${DEV_TAG}
+    TOKEN: ${OPENSHIFT_DEV_TOKEN}
+    NAMESPACE: ${NAMESPACE_DEV}
+    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+  rules:
+    - if: $CI_COMMIT_BRANCH == 'master'
+    - when: never
+
+# Import tagged image into OpenShift DEV.
+import_tagged_image_dev:
+  extends: .import_image
   environment:
-    name: production
-    url: https://${NAMESPACE_PROD}.web.cern.ch
-  only:
-    - tags
-  
+    name: dev
+    url: https://${NAMESPACE_DEV}.web.cern.ch
+  variables:
+    TAG: $CI_COMMIT_TAG
+    TOKEN: ${OPENSHIFT_DEV_TOKEN}
+    NAMESPACE: ${NAMESPACE_DEV}
+    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
+  rules:
+    - if: $CI_COMMIT_TAG
+    - when: never
-- 
GitLab