Something went wrong on our end
-
Daniel Bimschas authoredDaniel Bimschas authored
.gitlab-ci.yml 5.18 KiB
default:
before_script:
- set -ex
- env
interruptible: true
tags:
- holi-small # build on smaller machine
variables:
API_DOMAIN_PATH: "$CI_PROJECT_DIR/api_domain"
# job templates
.deploy:
image:
name: 'hashicorp/terraform:1.1.9'
# default entrypoint is terraform command, but we want to run shell scripts
entrypoint: ["/bin/sh", "-c"]
variables:
ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
artifacts:
paths:
- "terraform/environments/scripts/crash.log" # optional, only available in case of a crash/panic
- "terraform/environments/scripts/terraform-*.log" # separate log for every step/command
- $API_DOMAIN_PATH
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
#when: on_failure
script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CLOUD_SERVICE_ACCOUNT}
- terraform/environments/scripts/create-or-update-env.sh $ENVIRONMENT_ID $CI_COMMIT_SHA
- echo "$(terraform/environments/scripts/get-api-domain.sh)" > $API_DOMAIN_PATH
resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
interruptible: false
.e2e:
image: 'archlinux:latest'
script:
- API_DOMAIN=`cat $API_DOMAIN_PATH`
- echo "e2e tests against $CI_ENVIRONMENT_SLUG environment go here and against $API_DOMAIN"
- terraform/environments/scripts/wait-for-ssl.sh "https://${API_DOMAIN}"
# end job templates
# pipeline in chronological order
## common steps
install_lint_test:
stage: build
image: 'node:18-alpine'
script:
- yarn install
- yarn lint
- yarn test
tags:
- holi-big
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
sast:
needs: ['install_lint_test']
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
build_docker:
needs: ['install_lint_test']
image: docker:20.10
services:
- docker:20.10-dind
variables:
# this could be fetched via terraform output ("gcr_location" in infra project), but then we would need an extra job for terraform
GCR_IMAGE: eu.gcr.io/holi-shared/holi-unified-api
before_script:
- cat $GOOGLE_CLOUD_SERVICE_ACCOUNT | docker login -u _json_key --password-stdin https://eu.gcr.io
script:
- docker pull $GCR_IMAGE || true # Allows us to use --cache-from
- docker build --cache-from $GCR_IMAGE -t $GCR_IMAGE:$CI_COMMIT_SHA -t $GCR_IMAGE:$CI_COMMIT_REF_SLUG .
- docker push $GCR_IMAGE:$CI_COMMIT_SHA # this is the tag that is used for deployment
- docker push $GCR_IMAGE:$CI_COMMIT_REF_SLUG # just for easyly knowing which is the last image for a branch
## review environments
review_deploy:
extends: .deploy
needs: ['build_docker']
environment:
name: review/$CI_COMMIT_REF_SLUG
url: https://$CI_ENVIRONMENT_SLUG.unified.apis.project-holi.org
on_stop: review_destroy
auto_stop_in: 1 week
except:
- main
- /^noenv\/.*/
review_e2e:
extends: .e2e
needs: ['review_deploy']
except:
- main
- /^noenv\/.*/
review_destroy:
needs: ['review_deploy']
image:
name: 'hashicorp/terraform:1.1.9'
# default entrypoint is terraform command, but we want to run shell scripts
entrypoint: ["/bin/sh", "-c"]
variables:
# has to be set to none for auto stop
GIT_STRATEGY: none
ENVIRONMENT_ID: $CI_ENVIRONMENT_SLUG
environment:
name: review/$CI_COMMIT_REF_SLUG
action: stop
dependencies: [] # explicitly disable artifact usage
before_script:
script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_CLOUD_SERVICE_ACCOUNT}
# branch may have been deleted, so we clone and checkout main
- git clone $CI_REPOSITORY_URL main-clone
- cd main-clone
- terraform/environments/scripts/destroy-env.sh $CI_ENVIRONMENT_SLUG
# can't use rules here: https://gitlab.com/gitlab-org/gitlab/-/issues/34077
when: manual
except:
- main
- /^noenv\/.*/
resource_group: $ENVIRONMENT_ID # never execute terraform in parallel on the same environment
interruptible: false
## staging environment
staging_deploy:
extends: .deploy
needs: ['build_docker'] environment:
name: staging
deployment_tier: staging
url: https://staging.unified.apis.project-holi.org
variables:
ENVIRONMENT_ID: staging
only:
- main
staging_e2e:
extends: .e2e
needs: ['staging_deploy']
only:
- main
## production environment
production_deploy:
extends: .deploy
needs: ['staging_e2e']
when: manual
environment:
name: production
deployment_tier: production
url: https://production.unified.apis.project-holi.org
variables:
ENVIRONMENT_ID: production
only:
- main