Newer
Older
default:
before_script:
- set -ex
- env
interruptible: true
tags:
- holi-small # build on smaller machine
variables:
API_DOMAIN_PATH: "$CI_PROJECT_DIR/api_domain"
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
# job templates
.deploy:
image:
name: 'hashicorp/terraform:1.1.9'
# default entrypoint is terraform command, but we want to run shell scripts
entrypoint: ["/bin/sh", "-c"]
variables:
ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
artifacts:
paths:
- "terraform/environments/scripts/crash.log" # optional, only available in case of a crash/panic
- "terraform/environments/scripts/terraform-*.log" # separate log for every step/command
- $API_DOMAIN_PATH
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
#when: on_failure
script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CLOUD_SERVICE_ACCOUNT}
- terraform/environments/scripts/create-or-update-env.sh $ENVIRONMENT_ID $CI_COMMIT_SHA
- echo "$(terraform/environments/scripts/get-api-domain.sh)" > $API_DOMAIN_PATH
resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
interruptible: false
.e2e:
image: 'codeceptjs/codeceptjs'
script:
- API_DOMAIN=`cat $API_DOMAIN_PATH`
- echo "e2e tests against $CI_ENVIRONMENT_SLUG environment go here and against $API_DOMAIN"
- terraform/environments/scripts/wait-for-ssl.sh "https://${API_DOMAIN}"
# end job templates
# pipeline in chronological order
## common steps
install_lint_test:
stage: build
image: 'node:18-alpine'
script:
- yarn install
- yarn lint
- yarn test
Ole Langbehn
committed
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
sast:
needs: ['install_lint_test']
Ole Langbehn
committed
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
build_docker:
needs: ['install_lint_test']
image: docker:20.10
services:
- docker:20.10-dind
variables:
# this could be fetched via terraform output ("gcr_location" in infra project), but then we would need an extra job for terraform
GCR_IMAGE: eu.gcr.io/holi-shared/holi-unified-api
before_script:
- cat $GOOGLE_CLOUD_SERVICE_ACCOUNT | docker login -u _json_key --password-stdin https://eu.gcr.io
script:
- docker pull $GCR_IMAGE || true # Allows us to use --cache-from
- docker build --cache-from $GCR_IMAGE -t $GCR_IMAGE:$CI_COMMIT_SHA -t $GCR_IMAGE:$CI_COMMIT_REF_SLUG .
- docker push $GCR_IMAGE:$CI_COMMIT_SHA # this is the tag that is used for deployment
- docker push $GCR_IMAGE:$CI_COMMIT_REF_SLUG # just for easyly knowing which is the last image for a branch
## review environments
review_deploy:
extends: .deploy
needs: ['build_docker']
environment:
name: review/$CI_COMMIT_REF_SLUG
url: https://$CI_ENVIRONMENT_SLUG.unified.apis.project-holi.org
on_stop: review_destroy
auto_stop_in: 1 week
except:
- main
- /^noenv\/.*/
review_e2e:
extends: .e2e
needs: ['review_deploy']
except:
- main
- /^noenv\/.*/
review_destroy:
needs: ['review_deploy']
image:
name: 'hashicorp/terraform:1.1.9'
# default entrypoint is terraform command, but we want to run shell scripts
entrypoint: ["/bin/sh", "-c"]
variables:
# has to be set to none for auto stop
GIT_STRATEGY: none
ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
environment:
name: review/$CI_COMMIT_REF_SLUG
action: stop
dependencies: [] # explicitly disable artifact usage
before_script:
script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CLOUD_SERVICE_ACCOUNT}
# branch may have been deleted, so we clone and checkout main
- git clone $CI_REPOSITORY_URL main-clone
- cd main-clone
- terraform/environments/scripts/destroy-env.sh $CI_ENVIRONMENT_SLUG
# can't use rules here: https://gitlab.com/gitlab-org/gitlab/-/issues/34077
when: manual
except:
- main
- /^noenv\/.*/
resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
interruptible: false
## staging environment
staging_deploy:
extends: .deploy
needs: ['build_docker']
environment:
name: staging
deployment_tier: staging
url: https://staging.unified.apis.project-holi.org
variables:
ENVIRONMENT_ID: staging
only:
- main
staging_e2e:
extends: .e2e
needs: ['staging_deploy']
only:
- main
## production environment
production_deploy:
extends: .deploy
needs: ['staging_e2e']
when: manual
environment:
name: production
deployment_tier: production
url: https://production.unified.apis.project-holi.org
variables:
ENVIRONMENT_ID: production
only:
- main