From a805d510c91f27d040264e8627b37586dab7655e Mon Sep 17 00:00:00 2001
From: Taha Cherfia <taha.cherfia@holi.team>
Date: Wed, 17 Jul 2024 16:05:55 +0200
Subject: [PATCH] ci: clean up .gitlab-ci.yml
---
.gitlab-ci.yml | 101 ++++---------------------------------------------
1 file changed, 7 insertions(+), 94 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index dc01040..4945af4 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -4,48 +4,31 @@ default:
- env
interruptible: true
tags:
- - 1cpu-4gb # build on smaller machine
+ - 1cpu-4gb
variables:
API_DOMAIN_PATH: "$CI_PROJECT_DIR/api_domain"
-# job templates
-
.deploy:
image:
name: "hashicorp/terraform:1.6.1"
- # default entrypoint is terraform command, but we want to run shell scripts
entrypoint: ["/bin/sh", "-c"]
variables:
ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
artifacts:
paths:
- - "terraform/environments/crash.log" # optional, only available in case of a crash/panic
- - "terraform/environments/terraform-*.log" # separate log for every step/command
+ - "terraform/environments/crash.log"
+ - "terraform/environments/terraform-*.log"
- $API_DOMAIN_PATH
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
- #when: on_failure
expire_in: 1 month
script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CLOUD_SERVICE_ACCOUNT}
- terraform/environments/scripts/create-or-update-env.sh $ENVIRONMENT_ID $CI_COMMIT_SHA
- echo "$(terraform/environments/scripts/get-api-domain.sh)" > $API_DOMAIN_PATH
- resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
+ resource_group: $ENVIRONMENT_ID
interruptible: false
-.e2e:
- image: "archlinux:latest"
- script:
- - API_DOMAIN=`cat $API_DOMAIN_PATH`
- - echo "e2e tests against $CI_ENVIRONMENT_SLUG environment go here and against $API_DOMAIN"
- - terraform/environments/scripts/wait-for-ssl.sh "https://${API_DOMAIN}"
-
-# end job templates
-
-# pipeline in chronological order
-
-## common steps
-
cache_lint:
image: "denoland/deno:alpine-1.40.1"
stage: "test"
@@ -53,14 +36,6 @@ cache_lint:
- deno cache --lock=deno.lock app/deps.ts app/dev_deps.ts
- deno fmt --check
- deno lint
-
-# You can override the included template(s) by including variable overrides
-# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
-# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
-# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
-# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
-# Note that environment variables can be set in several places
-# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
sast:
needs: ["cache_lint"]
stage: test
@@ -73,68 +48,14 @@ build_docker:
services:
- docker:20.10-dind
variables:
- # this could be fetched via terraform output ("gcr_location" in infra project), but then we would need an extra job for terraform
GCR_IMAGE: europe-north1-docker.pkg.dev/holi-shared/docker/holi-translation-api
before_script:
- cat $GOOGLE_CLOUD_SERVICE_ACCOUNT | docker login -u _json_key --password-stdin https://europe-north1-docker.pkg.dev
script:
- - docker pull $GCR_IMAGE || true # Allows us to use --cache-from, we need to tag with latest in the next command for this to work
+ - docker pull $GCR_IMAGE || true
- docker build --cache-from $GCR_IMAGE -t $GCR_IMAGE:latest -t $GCR_IMAGE:$CI_COMMIT_SHA -t $GCR_IMAGE:$CI_COMMIT_REF_SLUG .
- - docker push $GCR_IMAGE:$CI_COMMIT_SHA # this is the tag that is used for deployment
- - docker push $GCR_IMAGE:$CI_COMMIT_REF_SLUG # just for easyly knowing which is the last image for a branch
-
-## review environments
-
-review_deploy:
- extends: .deploy
- needs: ["build_docker"]
- environment:
- name: review/$CI_COMMIT_REF_SLUG
- url: https://$CI_ENVIRONMENT_SLUG.translation.apis.holi.social
- on_stop: review_destroy
- auto_stop_in: 1 week
- except:
- - main
- - production
- - /^noenv\/.*/
-
-review_e2e:
- extends: .e2e
- needs: ["review_deploy"]
- except:
- - main
- - production
- - /^noenv\/.*/
-
-review_destroy:
- needs: ["review_deploy"]
- image:
- name: "hashicorp/terraform:1.6.1"
- # default entrypoint is terraform command, but we want to run shell scripts
- entrypoint: ["/bin/sh", "-c"]
- variables:
- # has to be set to none for auto stop
- GIT_STRATEGY: none
- ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
- environment:
- name: review/$CI_COMMIT_REF_SLUG
- action: stop
- dependencies: [] # explicitly disable artifact usage
- script:
- - export GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CLOUD_SERVICE_ACCOUNT}
- # branch may have been deleted, so we clone and checkout main
- - git clone $CI_REPOSITORY_URL main-clone
- - cd main-clone
- - terraform/environments/scripts/destroy-env.sh $CI_ENVIRONMENT_SLUG
- # can't use rules here: https://gitlab.com/gitlab-org/gitlab/-/issues/34077
- when: manual
- allow_failure: false
- except:
- - main
- - production
- - /^noenv\/.*/
- resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
- interruptible: false
+ - docker push $GCR_IMAGE:$CI_COMMIT_SHA
+ - docker push $GCR_IMAGE:$CI_COMMIT_REF_SLUG
## staging environment
@@ -158,14 +79,6 @@ staging_trigger_unified-api_redeployment:
only:
- main
-staging_e2e:
- extends: .e2e
- # if staging_e2e would actually run tests (other than ensuring SSL works), we'd have to
- # wait for the unified-api pipeline to finish.
- needs: ["staging_deploy"]
- only:
- - main
-
## production environment
production_deploy:
--
GitLab