variables: ### Disable cache in Docker builds, as this has occasionally resulted in images not containing what was ### expected multiple MRs where being built/retried. NO_CACHE: 'true' ### Replace RESOURCE with the name of the image you want to build and publish in OpenShift ### Important! In order for this template to work, the name of the gitlab repo must match ### also the variable name RESOURCE: cern-search-rest-api ### OpenShift namespace and server values NAMESPACE: cern-search-master NAMESPACE_DEV: test-cern-search-master OPENSHIFT_SERVER: https://openshift.cern.ch OPENSHIFT_SERVER_DEV: https://openshift-dev.cern.ch ### By default, there are 6 stages that we may use: ### Feel free to adapt this to your specific case. stages: - build_base - check_base - test - build - tag_image - import_image # This stage is only used when the built image is stored in the GitLab Registry - deploy ### Build the image and store it in the registry. It is important that this step ### doesn't override the image the applications are running, as we haven't tested the image yet .build_image: stage: build tags: - docker-image-build script: 'echo "Building Docker image..."' ### Import image into OpenShift. .import_image: stage: import_image image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest script: - oc import-image ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE} ### If a new tag is pushed it needs to be referenced into the ImageStream .tag_image: stage: tag_image only: - tags image: gitlab-registry.cern.ch/paas-tools/openshift-client:latest script: - oc tag --source=docker ${CI_REGISTRY_IMAGE}:${CI_REGISTRY_TAG} ${RESOURCE}:${TAG} --token=${TOKEN} --server=${OPENSHIFT_SERVER} -n ${NAMESPACE} ###################################################### ################### Merge Requests ################### #'Build Base' stage # Builds the base docker image and tags it according to the commit message. build_base_image: extends: .build_image stage: build_base only: refs: - merge_requests changes: - Dockerfile-base - pyproject.toml - poetry.lock when: manual variables: DOCKER_FILE: Dockerfile-base TO: gitlab-registry.cern.ch/webservices/cern-search/cern-search-rest-api/cern-search-rest-api-base:${CI_COMMIT_SHA} # Validate dockerfile is updated with base image tag validate-base-image-updated: stage: check_base only: refs: - merge_requests changes: - Dockerfile-base - pyproject.toml - poetry.lock script: - git diff --name-only origin/$CI_MERGE_REQUEST_TARGET_BRANCH_NAME | grep -q -E "(^|[^-])\bDockerfile\b([^-]|$)" # Lint lint: services: - docker:dind variables: # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting # successfully. # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled DOCKER_TLS_CERTDIR: "/certs" # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically # defaults to tcp://docker:2376 upon seeing the TLS certificate directory. #DOCKER_HOST: tcp://docker:2376/ stage: test only: refs: - merge_requests image: tmaier/docker-compose:latest script: make build-env lint MODE=test before_script: - docker info - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - docker-compose --version - apk add make allow_failure: true tags: - docker-privileged-xl # Test test: services: - docker:dind variables: # As of GitLab 12.5, privileged runners at CERN mount a /certs/client docker volume that enables use of TLS to # communicate with the docker daemon. This avoids a warning about the docker service possibly not starting # successfully. # See https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#tls-enabled DOCKER_TLS_CERTDIR: "/certs" # Note that we do not need to set DOCKER_HOST when using the official docker client image: it automatically # defaults to tcp://docker:2376 upon seeing the TLS certificate directory. #DOCKER_HOST: tcp://docker:2376/ stage: test only: refs: - merge_requests image: tmaier/docker-compose:latest script: make ci-test MODE=test before_script: - docker info - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - docker-compose --version - apk add make - apk add openssl tags: - docker-privileged-xl # Build the image and store it in the registry. build_test_version_manual: extends: .build_image only: refs: - merge_requests when: manual variables: BUILD_ARG: build_env=dev TO: ${CI_REGISTRY_IMAGE}:$CI_COMMIT_REF_SLUG ### Create tag in OpenShift. tag_image_merge_request_prod: extends: .tag_image only: refs: - merge_requests environment: name: branch/$CI_COMMIT_REF_SLUG when: manual variables: CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG TAG: $CI_COMMIT_REF_SLUG TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD} ### Create tag in OpenShift DEV. tag_image_merge_request_dev: extends: .tag_image only: refs: - merge_requests environment: name: branch/$CI_COMMIT_REF_SLUG when: manual variables: CI_REGISTRY_TAG: $CI_COMMIT_REF_SLUG TAG: $CI_COMMIT_REF_SLUG TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV} NAMESPACE: ${NAMESPACE_DEV} OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV} # Import image into OpenShift. import_image_merge_request_prod: extends: .import_image only: refs: - merge_requests environment: name: branch/$CI_COMMIT_REF_SLUG when: manual variables: TAG: $CI_COMMIT_REF_SLUG TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD} # Import image into OpenShift DEV. import_image_merge_request_dev: extends: .import_image only: refs: - merge_requests environment: name: branch/$CI_COMMIT_REF_SLUG when: manual variables: TAG: $CI_COMMIT_REF_SLUG TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV} NAMESPACE: ${NAMESPACE_DEV} OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV} ###################################################### ##################### Dev branch ##################### build_dev_version: extends: .build_image only: - dev variables: BUILD_ARG: build_env=dev ### Import image into OpenShift. import_image_dev_branch_prod: extends: .import_image only: - dev environment: name: staging variables: TAG: latest TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD} ### Import image into OpenShift DEV import_image_dev_branch_dev: extends: .import_image only: - dev environment: name: staging variables: TAG: latest TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV} NAMESPACE: ${NAMESPACE_DEV} OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV} ###################################################### ####################### Tags ######################## build_tagged_version: extends: .build_image only: - tags variables: TO: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} ### Create tag in OpenShift. tag_image_prod: extends: .tag_image environment: name: production variables: CI_REGISTRY_TAG: ${CI_COMMIT_TAG} TAG: ${CI_COMMIT_TAG} TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD} ### Create tag in OpenShift DEV. tag_image_dev: extends: .tag_image environment: name: production variables: CI_REGISTRY_TAG: ${CI_COMMIT_TAG} TAG: ${CI_COMMIT_TAG} TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV} NAMESPACE: ${NAMESPACE_DEV} OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV} ### Import image into OpenShift. import_tagged_image_prod: extends: .import_image environment: name: production only: - tags variables: TAG: ${CI_COMMIT_TAG} TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD} ### Import image into OpenShift DEV. import_tagged_image_dev: extends: .import_image environment: name: production only: - tags variables: TAG: ${CI_COMMIT_TAG} TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV} NAMESPACE: ${NAMESPACE_DEV} OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV} ### Deploy stable into OpenShift. deploy_production: extends: .tag_image stage: deploy environment: name: production when: manual variables: CI_REGISTRY_TAG: ${CI_COMMIT_TAG} TAG: stable TOKEN: ${SERVICE_ACCOUNT_TOKEN_PROD} ### Deploy stable into OpenShift DEV. deploy_dev: extends: .tag_image stage: deploy environment: name: production when: manual variables: CI_REGISTRY_TAG: ${CI_COMMIT_TAG} TAG: stable TOKEN: ${SERVICE_ACCOUNT_TOKEN_DEV} NAMESPACE: ${NAMESPACE_DEV} OPENSHIFT_SERVER: ${OPENSHIFT_SERVER_DEV}