.gitlab-ci.yml 8.71 KB
Newer Older
1

2
variables:
3
4
5
6
7
8
9
  ### Disable cache in Docker builds, as this has occasionally resulted in images not containing what was
  ### expected multiple MRs where being built/retried.
  NO_CACHE: 'true'
  ### Replace RESOURCE with the name of the image you want to build and publish in OpenShift
  ### Important! In order for this template to work, the name of the gitlab repo must match
  ### also the variable name
  RESOURCE: cern-search-rest-api
10
  ### OpenShift namespace and server values
11
  NAMESPACE: cern-search-master
Carina Antunes's avatar
Carina Antunes committed
12
  NAMESPACE_DEV: test-cern-search-master
13
  OPENSHIFT_SERVER: https://openshift.cern.ch
Carina Antunes's avatar
Carina Antunes committed
14
  OPENSHIFT_SERVER_DEV: https://openshift-dev.cern.ch
15

16
17
18
### By default, there are 6 stages that we may use:
### Feel free to adapt this to your specific case.
stages:
19
  - build_base
20
21
  - check_base
  - test
22
  - build
23
24
25
  - tag_image
  - import_image # This stage is only used when the built image is stored in the GitLab Registry
  - deploy
26

27
28
### Build the image and store it in the registry. It is important that this step
### doesn't override the image the applications are running, as we haven't tested the image yet
29
.build_image:
30
31
32
  stage: build
  tags:
    - docker-image-build
33
34
  script: 'echo "Building Docker image..."'

35
36
37
38
39
40
41
### Import image into OpenShift.
.import_image:
  stage: import_image
  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
  script:
    - oc import-image ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}

Pablo Panero's avatar
Pablo Panero committed
42
### If a new tag is pushed it needs to be referenced into the ImageStream
43
.tag_image:
44
45
46
47
48
  stage: tag_image
  only:
  - tags
  image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest
  script:
49
    - oc tag --source=docker ${CI_REGISTRY_IMAGE}:${CI_REGISTRY_TAG} ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE}
50

51

52
53
54
55
56
57
58
59
60
61
62
######################################################
################### Merge Requests ###################

#'Build Base' stage
# Builds the base docker image and tags it according to the commit message.
build_base_image:
  extends: .build_image
  stage: build_base
  only:
    refs:
      - merge_requests
63
    changes:
64
      - Dockerfile-base
Carina Antunes's avatar
Carina Antunes committed
65
66
      - pyproject.toml
      - poetry.lock
67
  when: manual
68
  variables:
69
70
    DOCKER_FILE: Dockerfile-base
    TO: gitlab-registry.cern.ch/webservices/cern-search/cern-search-rest-api/cern-search-rest-api-base:${CI_COMMIT_SHA}
71

72
73
74
# Validate dockerfile is updated with base image tag
validate-base-image-updated:
  stage: check_base
75
  only:
76
77
78
79
    refs:
      - merge_requests
    changes:
      - Dockerfile-base
Carina Antunes's avatar
Carina Antunes committed
80
81
      - pyproject.toml
      - poetry.lock
82
  script:
83
    - git diff --name-only origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME | grep -q -E "(^|[^-])\bDockerfile\b([^-]|$)"
Carina Antunes's avatar
Carina Antunes committed
84

85
# Lint
Carina Antunes's avatar
Carina Antunes committed
86
lint:
Carina Antunes's avatar
Carina Antunes committed
87
88
  services:
    - docker:dind
89
90
91
92
93
94
95
96
97
  variables:
    # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to
    # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting
    # successfully.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
    DOCKER_TLS_CERTDIR: "/certs"
    # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically
    # defaults to tcp://docker:2376 upon seeing the TLS certificate directory.
    #DOCKER_HOST: tcp://docker:2376/
Carina Antunes's avatar
Carina Antunes committed
98
  stage: test
99
100
101
  only:
    refs:
      - merge_requests
Carina Antunes's avatar
Carina Antunes committed
102
  image: tmaier/docker-compose:latest
103
  script: make build-env lint MODE=test
Carina Antunes's avatar
Carina Antunes committed
104
105
  before_script:
    - docker info
106
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
Carina Antunes's avatar
Carina Antunes committed
107
108
109
110
111
    - docker-compose --version
    - apk add make
  allow_failure: true
  tags:
    - docker-privileged-xl
Carina Antunes's avatar
Carina Antunes committed
112

113
# Test
Carina Antunes's avatar
Carina Antunes committed
114
115
116
test:
  services:
    - docker:dind
117
118
119
120
121
122
123
124
125
  variables:
    # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to
    # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting
    # successfully.
    # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled
    DOCKER_TLS_CERTDIR: "/certs"
    # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically
    # defaults to tcp://docker:2376 upon seeing the TLS certificate directory.
    #DOCKER_HOST: tcp://docker:2376/
Carina Antunes's avatar
Carina Antunes committed
126
  stage: test
127
128
129
  only:
    refs:
      - merge_requests
Carina Antunes's avatar
Carina Antunes committed
130
  image: tmaier/docker-compose:latest
131
  script: make ci-test MODE=test
Carina Antunes's avatar
Carina Antunes committed
132
133
  before_script:
    - docker info
134
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
Carina Antunes's avatar
Carina Antunes committed
135
136
137
138
139
    - docker-compose --version
    - apk add make
    - apk add openssl
  tags:
    - docker-privileged-xl
140
141
142
143
144
145
146
147
148
149
150
151

# Build the image and store it in the registry.
build_test_version_manual:
  extends: .build_image
  only:
    refs:
      - merge_requests
  when: manual
  variables:
    BUILD_ARG: build_env=dev
    TO: ${CI_REGISTRY_IMAGE}:$CI_COMMIT_REF_SLUG

Carina Antunes's avatar
Carina Antunes committed
152
153
### Create tag in OpenShift.
tag_image_merge_request_prod:
154
155
156
157
158
159
160
161
162
163
164
165
  extends: .tag_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

Carina Antunes's avatar
Carina Antunes committed
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
### Create tag in OpenShift DEV.
tag_image_merge_request_dev:
  extends: .tag_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

182
# Import image into OpenShift.
Carina Antunes's avatar
Carina Antunes committed
183
import_image_merge_request_prod:
184
185
186
187
188
189
190
191
192
193
194
  extends: .import_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

Carina Antunes's avatar
Carina Antunes committed
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
# Import image into OpenShift DEV.
import_image_merge_request_dev:
  extends: .import_image
  only:
    refs:
      - merge_requests
  environment:
    name: branch/$CI_COMMIT_REF_SLUG
  when: manual
  variables:
    TAG: $CI_COMMIT_REF_SLUG
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

210
211
212
213
214
215
216
217
218
219
######################################################
##################### Dev branch #####################
build_dev_version:
  extends: .build_image
  only:
    - dev
  variables:
    BUILD_ARG: build_env=dev

### Import image into OpenShift.
Carina Antunes's avatar
Carina Antunes committed
220
import_image_dev_branch_prod:
221
222
223
224
225
226
227
228
229
  extends: .import_image
  only:
    - dev
  environment:
    name: staging
  variables:
    TAG: latest
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

Carina Antunes's avatar
Carina Antunes committed
230
231
232
233
234
235
236
237
238
239
240
241
### Import image into OpenShift DEV
import_image_dev_branch_dev:
  extends: .import_image
  only:
    - dev
  environment:
    name: staging
  variables:
    TAG: latest
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}
242
243
244
245
246
247
248
249
250
251

######################################################
####################### Tags ########################
build_tagged_version:
  extends: .build_image
  only:
    - tags
  variables:
    TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}

Carina Antunes's avatar
Carina Antunes committed
252
### Create tag in OpenShift.
253
254
255
256
257
258
259
260
261
tag_image_prod:
  extends: .tag_image
  environment:
    name:  production
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

Carina Antunes's avatar
Carina Antunes committed
262
263
264
265
266
267
268
269
270
271
272
273
274
### Create tag in OpenShift DEV.
tag_image_dev:
  extends: .tag_image
  environment:
    name:  production
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

### Import image into OpenShift.
275
276
277
278
279
280
281
282
283
284
import_tagged_image_prod:
  extends: .import_image
  environment:
    name:  production
  only:
  - tags
  variables:
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}

Carina Antunes's avatar
Carina Antunes committed
285
286
287
288
289
290
291
292
293
294
295
296
297
298
### Import image into OpenShift DEV.
import_tagged_image_dev:
  extends: .import_image
  environment:
    name:  production
  only:
  - tags
  variables:
    TAG: ${CI_COMMIT_TAG}
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}

### Deploy stable into OpenShift.
299
300
301
302
303
304
305
306
307
308
deploy_production:
  extends: .tag_image
  stage: deploy
  environment:
    name:  production
  when: manual
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: stable
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD}
Carina Antunes's avatar
Carina Antunes committed
309
310
311
312
313
314
315
316
317
318
319
320
321
322

### Deploy stable into OpenShift DEV.
deploy_dev:
  extends: .tag_image
  stage: deploy
  environment:
    name:  production
  when: manual
  variables:
    CI_REGISTRY_TAG: ${CI_COMMIT_TAG}
    TAG: stable
    TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV}
    NAMESPACE: ${NAMESPACE_DEV}
    OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}