.gitlab-ci.yml 6.59 KB
Newer Older
1

2
variables:
3
4
5
6
7
8
9
  ### Disable cache in Docker builds, as this has occasionally resulted in images not containing what was
  ### expected multiple MRs where being built/retried.
  NO_CACHE: 'true'
  ### Replace RESOURCE with the name of the image you want to build and publish in OpenShift
  ### Important! In order for this template to work, the name of the gitlab repo must match
  ### also the variable name
  RESOURCE: cern-search-rest-api
10
  ### OpenShift namespace and server values
11
12
  NAMESPACE: cern-search-master
  OPENSHIFT_SERVER: https://openshift.cern.ch
13

14
15
16
### By default, there are 6 stages that we may use:
### Feel free to adapt this to your specific case.
stages:
17
  - build_base
18
19
  - check_base
  - test
20
  - build
21
22
23
  - tag_image
  - import_image # This stage is only used when the built image is stored in the GitLab Registry
  - deploy
24

25
26
### Build the image and store it in the registry. It is important that this step
### doesn't override the image the applications are running, as we haven't tested the image yet
27
.build_image:
28
29
30
  stage: build
  tags:
    - docker-image-build
31
32
  script: 'echo "Building Docker image..."'

33
34
35
36
37
38
39
### Import image into OpenShift.
.import_image:
  stage: import_image
  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
  script:
    - oc import-image ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}

Pablo Panero's avatar
Pablo Panero committed
40
### If a new tag is pushed it needs to be referenced into the ImageStream
41
.tag_image:
42
43
44
45
46
  stage: tag_image
  only:
  - tags
  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
  script:
47
    - oc tag --source=docker ${CI_REGISTRY_IMAGE}:${CI_REGISTRY_TAG} ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
48

49

50
51
52
53
54
55
56
57
58
59
60
######################################################
################### Merge Requests ###################

#'Build Base' stage
# Builds the base docker image and tags it according to the commit message.
build_base_image:
  extends: .build_image
  stage: build_base
  only:
    refs:
      - merge_requests
61
    changes:
62
      - Dockerfile-base
63
64
      - Pipfile
      - Pipfile.lock
65
  when: manual
66
  variables:
67
68
    DOCKER_FILE: Dockerfile-base
    TO: gitlab-registry.cern.ch/webservices/cern-search/cern-search-rest-api/cern-search-rest-api-base:${CI_COMMIT_SHA}
69

70
71
72
# Validate dockerfile is updated with base image tag
validate-base-image-updated:
  stage: check_base
73
  only:
74
75
76
77
78
79
    refs:
      - merge_requests
    changes:
      - Dockerfile-base
      - Pipfile
      - Pipfile.lock
80
  script:
81
    - git diff --name-only origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME | grep -q -E "(^|[^-])\bDockerfile\b([^-]|$)"
Carina Antunes's avatar
Carina Antunes committed
82

83
# Lint
Carina Antunes's avatar
Carina Antunes committed
84
lint:
Carina Antunes's avatar
Carina Antunes committed
85
86
  services:
    - docker:dind
87
88
89
90
91
92
93
94
95
  variables:
    # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to
    # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting
    # successfully.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
    DOCKER_TLS_CERTDIR: "/certs"
    # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically
    # defaults to tcp://docker:2376 upon seeing the TLS certificate directory.
    #DOCKER_HOST: tcp://docker:2376/
Carina Antunes's avatar
Carina Antunes committed
96
  stage: test
97
98
99
  only:
    refs:
      - merge_requests
Carina Antunes's avatar
Carina Antunes committed
100
  image: tmaier/docker-compose:latest
101
  script: make build-env lint MODE=test
Carina Antunes's avatar
Carina Antunes committed
102
103
  before_script:
    - docker info
104
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
Carina Antunes's avatar
Carina Antunes committed
105
106
107
108
109
    - docker-compose --version
    - apk add make
  allow_failure: true
  tags:
    - docker-privileged-xl
Carina Antunes's avatar
Carina Antunes committed
110

111
# Test
Carina Antunes's avatar
Carina Antunes committed
112
113
114
test:
  services:
    - docker:dind
115
116
117
118
119
120
121
122
123
  variables:
    # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to
    # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting
    # successfully.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
    DOCKER_TLS_CERTDIR: "/certs"
    # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically
    # defaults to tcp://docker:2376 upon seeing the TLS certificate directory.
    #DOCKER_HOST: tcp://docker:2376/
Carina Antunes's avatar
Carina Antunes committed
124
  stage: test
125
126
127
  only:
    refs:
      - merge_requests
Carina Antunes's avatar
Carina Antunes committed
128
  image: tmaier/docker-compose:latest
129
  script: make ci-test MODE=test
Carina Antunes's avatar
Carina Antunes committed
130
131
  before_script:
    - docker info
132
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
Carina Antunes's avatar
Carina Antunes committed
133
134
135
136
137
    - docker-compose --version
    - apk add make
    - apk add openssl
  tags:
    - docker-privileged-xl
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235

# Build the image and store it in the registry.
build_test_version_manual:
  extends: .build_image
  only:
    refs:
      - merge_requests
  when: manual
  variables:
    BUILD_ARG: build_env=dev
    TO: ${CI_REGISTRY_IMAGE}:$CI_COMMIT_REF_SLUG

# If a new tag is pushed it needs to be referenced into the ImageStream
tag_image_test:
  extends: .tag_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

# Import image into OpenShift.
import_image_test:
  extends: .import_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

######################################################
##################### Dev branch #####################
build_dev_version:
  extends: .build_image
  only:
    - dev
  variables:
    BUILD_ARG: build_env=dev

### Import image into OpenShift.
import_image_dev_test:
  extends: .import_image
  only:
    - dev
  environment:
    name: staging
  variables:
    TAG: latest
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}


######################################################
####################### Tags ########################
build_tagged_version:
  extends: .build_image
  only:
    - tags
  variables:
    TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}

tag_image_prod:
  extends: .tag_image
  environment:
    name:  production
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

import_tagged_image_prod:
  extends: .import_image
  environment:
    name:  production
  only:
  - tags
  variables:
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

deploy_production:
  extends: .tag_image
  stage: deploy
  environment:
    name:  production
  when: manual
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: stable
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}