-
Notifications
You must be signed in to change notification settings - Fork 18
/
.gitlab-ci.yml
323 lines (289 loc) · 9.28 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
image: python:3.10
# Change pip's cache directory to be inside the project directory since we can
# only cache local items.
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
MYSQL_DATABASE: terrareg-integration
MYSQL_ROOT_PASSWORD: password
IN_TERRAREG_CI: "true"
AWS_ENDPOINT_URL: "http://minio:9000"
AWS_ACCESS_KEY_ID: "GA7JXYR4LUFQ23YPMO_MFKLI"
AWS_SECRET_ACCESS_KEY: "4x5JqXPd-1JOo97CwI0Pr_LBVS-gApjrU7JUNrclkbOXrdYU"
AWS_BUCKET_NAME: "terrareg"
AWS_REGION: "us-east-1"
# Pip's cache doesn't store the python packages
# https://pip.pypa.io/en/stable/reference/pip_install/#caching
#
# If you want to also cache the installed packages, you have to install
# them in a virtualenv and cache it as well.
cache:
paths:
- .cache/pip
- venv/
- terraform-docs
.limit_release_and_non_pushes:
rules:
- if: $CI_COMMIT_MESSAGE =~ /^chore\(release\):.*/
when: never
- if: $CI_PIPELINE_SOURCE == 'push'
when: always
- when: never
.pr_deployment:
variables:
# Configure base domain that the
# environments will be using
APP_DOMAIN: gitlab-pr.dockstudios.co.uk
# State variable, which will isolate the
# state based on the branch name
TF_STATE_NAME: $CI_COMMIT_REF_SLUG
# Populate the terraform pull_request
# variable that will be passed to the
# deployment terraform
TF_VAR_pull_request: $CI_COMMIT_REF_SLUG
# Variable for docker tag
TF_VAR_docker_image: "terrareg:v${CI_COMMIT_SHORT_SHA}"
TF_VAR_http_proxy: $NOMAD_PROXY
TF_VAR_no_proxy: $NOMAD_NO_PROXY
http_proxy: $NOMAD_PROXY
https_proxy: $NOMAD_PROXY
HTTP_PROXY: $NOMAD_PROXY
HTTPS_PROXY: $NOMAD_PROXY
no_proxy: $NOMAD_NO_PROXY
.before_script_python:
before_script:
- python --version # For debugging
#- pip install --proxy=$http_proxy virtualenv
- apt-get update && apt-get install --assume-yes pkg-config libxml2-dev libxmlsec1-dev libxmlsec1-openssl xmlsec1 libgraphviz-dev && apt-get clean all
- pip install virtualenv
- virtualenv venv
- source venv/bin/activate
- pip install -r requirements.txt
#- pip install --proxy=$http_proxy -r requirements.txt
.test_image:
image: terrareg-test-image:v${CI_COMMIT_SHORT_SHA}
unit-integration-selenium-tests:
stage: test
extends: [.test_image, .limit_release_and_non_pushes]
services:
- name: minio/minio
alias: minio
command: ["server", "/data", "--console-address", ":9001"]
variables:
MINIO_ACCESS_KEY: $AWS_ACCESS_KEY_ID
MINIO_SECRET_KEY: $AWS_SECRET_ACCESS_KEY
script:
# Perform database migration
- alembic upgrade head
# Run integration tests
- http_proxy= HTTP_PROXY= coverage run -m pytest --verbose --junitxml=./pytest-report.xml ./test
- coverage report --include='./terrareg/*'
- coverage xml
coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
artifacts:
reports:
junit: pytest-report.xml
coverage_report:
coverage_format: cobertura
path: pytest-report.xml
mysql-integration-selenium-tests:
stage: test
extends: [.test_image, .limit_release_and_non_pushes]
needs:
- unit-integration-selenium-tests
services:
- name: mariadb:10.8
alias: mysql
- name: minio/minio
alias: minio
command: ["server", "/data", "--console-address", ":9001"]
variables:
# Set database url for integration tests
INTEGRATION_DATABASE_URL: mysql+mysqlconnector://root:${MYSQL_ROOT_PASSWORD}@mysql/${MYSQL_DATABASE}
# Set datbase URL for schema migration
DATABASE_URL: mysql+mysqlconnector://root:${MYSQL_ROOT_PASSWORD}@mysql/${MYSQL_DATABASE}
MINIO_ACCESS_KEY: $AWS_ACCESS_KEY_ID
MINIO_SECRET_KEY: $AWS_SECRET_ACCESS_KEY
script:
# Perform database migration
- alembic upgrade head
# Run integration tests
- http_proxy= HTTP_PROXY= coverage run -m pytest --verbose --junitxml=./pytest-report.xml ./test/integration ./test/selenium
- coverage report --include='./terrareg/*'
- coverage xml
artifacts:
reports:
junit: pytest-report.xml
spell-checker:
stage: test
extends: [.test_image, .limit_release_and_non_pushes]
script:
./scripts/check_spelling.sh
test-docker-image:
stage: test
# Use python:3.10, as it's already used
# by build and comes with curl
image: python:3.10
extends: .limit_release_and_non_pushes
services:
- name: terrareg-image:v${CI_COMMIT_SHORT_SHA}
alias: terrareg
variables:
MIGRATE_DATABASE: "True"
script:
# Wait for Terrareg container to come up
- sleep 30
# Curl the terrareg homepage and ensure the title is displayed
- http_proxy= curl http://terrareg:5000 | grep 'Home - Terrareg'
test-docker-image-waitress:
stage: test
# Use python:3.10, as it's already used
# by build and comes with curl
image: python:3.10
extends: .limit_release_and_non_pushes
services:
- name: terrareg-image:v${CI_COMMIT_SHORT_SHA}
alias: terrareg
variables:
MIGRATE_DATABASE: "True"
SERVER: "waitress"
script:
# Wait for Terrareg container to come up
- sleep 30
# Curl the terrareg homepage and ensure the title is displayed
- http_proxy= curl http://terrareg:5000 | grep 'Home - Terrareg'
build-wheel:
stage: build
extends: [.before_script_python, .limit_release_and_non_pushes]
script:
- python setup.py bdist_wheel
# an alternative approach is to install and run:
- pip install dist/*
#- pip install --proxy=$http_proxy -r requirements.txt
# run the command here
artifacts:
paths:
- dist/*.whl
build-docker-image:
stage: build
image: docker:latest
extends: .limit_release_and_non_pushes
services:
- docker:dind
script:
- docker build -f Dockerfile -t terrareg-image:v${CI_COMMIT_SHORT_SHA} --build-arg http_proxy=$http_proxy --build-arg HTTP_PROXY=$http_proxy --build-arg https_proxy=$https_proxy --build-arg HTTPS_PROXY=$https_proxy .
build-test-docker-image:
stage: build
image: docker:latest
extends: .limit_release_and_non_pushes
services:
- docker:dind
script:
- docker build -f Dockerfile.tests -t terrareg-test-image:v${CI_COMMIT_SHORT_SHA} --build-arg http_proxy=$http_proxy --build-arg HTTP_PROXY=$http_proxy --build-arg https_proxy=$https_proxy --build-arg HTTPS_PROXY=$https_proxy .
build-pr-image:
stage: build
extends: .pr_deployment
# Use tags to limit to the nomad runner
tags: [nomad]
rules:
- if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
# Use docker without docker-in-docker, as we're
# passing through the docker socket
image: docker:latest
script:
- docker build -f Dockerfile -t $TF_VAR_docker_image --build-arg http_proxy=$NOMAD_PROXY --build-arg HTTP_PROXY=$NOMAD_PROXY --build-arg https_proxy=$NOMAD_PROXY --build-arg HTTPS_PROXY=$NOMAD_PROXY .
deploy_review:
stage: deploy
extends: .pr_deployment
tags: [nomad]
needs: [ build-pr-image ]
rules:
- if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
image:
name: hashicorp/terraform:1.5
entrypoint: ["/bin/sh", "-c"]
environment:
name: review/$CI_COMMIT_REF_NAME
url: $DYNAMIC_ENVIRONMENT_URL
auto_stop_in: 1 week
on_stop: stop_review
variables:
NOMAD_ADDR: ${NOMAD_ADDR}
NOMAD_TOKEN: ${NOMAD_TOKEN}
script:
- git clone https://gitlab.dockstudios.co.uk/pub/terra/terrareg-nomad-pipeline
- cd terrareg-nomad-pipeline
- apk add idn2-utils jq
- ./gitlab-terraform plan
- ./gitlab-terraform apply
- echo "DYNAMIC_ENVIRONMENT_URL=https://$(./gitlab-terraform output -json | jq -r '.domain.value')" >> ../deploy.env
artifacts:
reports:
dotenv: deploy.env
stop_review:
stage: deploy
extends: .pr_deployment
tags: [nomad]
rules:
- if: $CI_PIPELINE_SOURCE == 'push' && $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
when: manual
image:
name: hashicorp/terraform:1.5
entrypoint: ["/bin/sh", "-c"]
variables:
GIT_STRATEGY: none
NOMAD_ADDR: ${NOMAD_ADDR}
NOMAD_TOKEN: ${NOMAD_TOKEN}
environment:
name: review/$CI_COMMIT_REF_NAME
action: stop
script:
- git clone https://gitlab.dockstudios.co.uk/pub/terra/terrareg-nomad-pipeline
- cd terrareg-nomad-pipeline
- apk add idn2-utils
- ./gitlab-terraform destroy
allow_failure: true
release:
stage: deploy
image: semantic-release:latest
cache:
paths:
- node_modules/
variables:
GITLAB_TOKEN: $GITLAB_TOKEN
GIT_STRATEGY: clone
script:
- semantic-release
rules:
- if: '$CI_COMMIT_REF_NAME != "main"'
when: never
- if: '$CI_COMMIT_MESSAGE =~ /chore\(release\)/'
when: never
- if: $CI_PIPELINE_SOURCE == 'push'
when: always
- when: never
generate-docs:
stage: deploy
image: python:3.10
variables:
GITHUB_TOKEN: $GH_DEPLOY_TOKEN
script:
- pip install -r requirements-docs.txt
- git remote remove origin
- git remote add origin https://$GITHUB_TOKEN@gitlab.dockstudios.co.uk/pub/terrareg.git
# Ensure gh-pages branch is up-to-date
- git fetch --all
- git checkout gh-pages
- git reset --hard origin/gh-pages
- git checkout -
# Generate docs
- mkdocs gh-deploy
rules:
- if: '$CI_COMMIT_REF_NAME != "main"'
when: never
- if: '$CI_COMMIT_MESSAGE =~ /chore\(release\)/'
when: never
- when: always
stages:
- build
- test
- deploy