# global rules for when pipelines run
workflow:
rules:
# run pipeline for manual tag events
- if: $CI_COMMIT_TAG
# run pipeline on merge request events
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
# run pipeline on commits to default branch
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
# skip pipeline for branches that start with "docs"
- if: '$CI_COMMIT_REF_NAME =~ /^docs/'
when: never
# include templates
include:
- local: '/.gitlab-ci/templates.yml'
stages:
- smoke tests
- network up
- cluster up
- bigbang up
- test
- bigbang down
- cluster down
- network down
- package
- release
variables:
RELEASE_BUCKET: umbrella-bigbang-releases
IMAGE_LIST: images.txt
IMAGE_PKG: images.tar.gz
REPOS_PKG: repositories.tar.gz
#-----------------------------------------------------------------------------------------------------------------------
# Pre Stage Jobs
#
changelog:
image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
stage: .pre
allow_failure: true
variables:
CHANGELOG_FILE: CHANGELOG.md
script:
- ./scripts/lint_changelog.sh
version:
image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
stage: .pre
allow_failure: true
variables:
CHART_FILE: chart/Chart.yaml
script:
- ./scripts/lint_version.sh
commitlint:
image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
stage: .pre
allow_failure: true
script:
- ./scripts/lint_version.sh
pre vars:
image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/pre-envs:ubi8.3
stage: .pre
artifacts:
reports:
dotenv: variables.env
script:
# obtain MR and master versions
- CHART_MR_VERSION=$(sed -n -e 's/^version. //p' chart/Chart.yaml)
- git fetch && git checkout ${CI_DEFAULT_BRANCH}
- CHART_MA_VERSION=$(sed -n -e 's/^version. //p' chart/Chart.yaml)
- git fetch && git checkout ${CI_COMMIT_REF_NAME}
- echo "CHART_MR_VERSION=$CHART_MR_VERSION" >> variables.env
- echo "CHART_MA_VERSION=$CHART_MA_VERSION" >> variables.env
# obtain semver differences (subtract master version from mr verison)
- CHART_VERSION_DIFF=$(./scripts/semver_diff.sh $CHART_MR_VERSION $CHART_MA_VERSION)
- IFS=. DIFF_ARR=(${CHART_VERSION_DIFF##*-})
- echo "CHART_VERSION_DIFF=$CHART_VERSION_DIFF" >> variables.env
# detect breaking change (first two version sections in semver diff)
- CHART_BREAKING_CHANGE="false"
- if (( ${DIFF_ARR[0]} > 0 )); then CHART_BREAKING_CHANGE="true"; fi
- if (( ${DIFF_ARR[1]} > 0 )); then CHART_BREAKING_CHANGE="true"; fi
# store variables
- echo "CHART_BREAKING_CHANGE=$CHART_BREAKING_CHANGE" >> variables.env
# Create the TF_VAR_env variable
- echo "TF_VAR_env=$(echo $CI_COMMIT_REF_SLUG | cut -c 1-7)-$(echo $CI_COMMIT_SHA | cut -c 1-7)" >> variables.env
- cat variables.env
#-----------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# Smoke Tests
#
.bigbang:
image: registry.dsop.io/platform-one/big-bang/pipeline-templates/pipeline-templates/k3d-builder:0.0.1
after_script:
- kubectl get all -A
- kubectl get helmrelease -A
.deploy_bigbang: &deploy_bigbang
- find ./scripts/deploy -type f -name '*.sh' | sort | xargs -r -I {} sh -c 'echo {} && sh {}'
.test_bigbang: &test_bigbang
- find ./tests -type f -name '*.sh' | sort | xargs -r -I {} sh -c 'echo {} && sh {}'
clean install:
stage: smoke tests
extends:
- .k3d
variables:
CLUSTER_NAME: "clean-${CI_COMMIT_SHORT_SHA}"
script:
- *deploy_bigbang
- *test_bigbang
- docker exec -i k3d-${CLUSTER_NAME}-server-0 crictl images -o json | jq -r '.images[].repoTags[0] | select(. != null)' > images.txt
artifacts:
paths:
- images.txt
expire_in: 7 days
upgrade:
stage: smoke tests
dependencies:
- pre vars
extends:
- .k3d
rules:
# skip job when MR title starts with 'Breaking Change'
- if: '$CI_MERGE_REQUEST_TITLE =~ /^Breaking Change/'
when: never
# run pipeline on merge request events
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
variables:
CLUSTER_NAME: "clean-${CI_COMMIT_SHORT_SHA}"
script:
- if $CHART_BREAKING_CHANGE; then echo "Breaking change detected by chart version difference, skipping job"; exit 0; fi
- echo "Install Big Bang from ${CI_DEFAULT_BRANCH}"
- git fetch && git checkout ${CI_DEFAULT_BRANCH}
- *deploy_bigbang
- *test_bigbang
- echo "Upgrade Big Bang from ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}"
- git reset --hard && git clean -fd
- git checkout ${CI_MERGE_REQUEST_SOURCE_BRANCH_NAME}
- *deploy_bigbang
- *test_bigbang
#-----------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# Infrastructure: Management Jobs
#
# Abstract for job manually triggering infrastructure builds
.infra fork:
stage: network up
rules:
# skip job when branch name starts with "hotfix" or "patch"
- if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
when: never
# run job on merge requests when manually activated
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
allow_failure: false
when: manual
# Abstract for jobs responsible for creating infrastructure
.infra create:
rules:
# skip job when branch name starts with "hotfix" or "patch"
- if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
when: never
# run pipeline on commits to default branch
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
# Abstract for jobs responsible for cleaning up infrastructure
.infra cleanup:
rules:
# skip job when branch name starts with "hotfix" or "patch"
- if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME =~ /^(hotfix|patch)/'
when: never
# run job on merge requests regardless of failure
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
allow_failure: true
when: always
#-----------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# Infrastructure: Networking
#
aws/network up:
extends:
- .infra fork
- .network up
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
auto_stop_in: 1 hour
aws/network down:
extends:
- .infra cleanup
- .network down
stage: network down
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
action: stop
#-----------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# Infrastructure: RKE2
#
# Create RKE2 cluster on AWS
aws/rke2/cluster up:
stage: cluster up
extends:
- .infra create
- .rke2 up
needs:
- job: aws/network up
- job: pre vars
artifacts: true
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
# Install BigBang on RKE2 cluster on AWS
aws/rke2/bigbang up:
stage: bigbang up
extends:
- .infra create
- .bigbang
needs:
- job: aws/rke2/cluster up
artifacts: true
before_script:
- mkdir -p ~/.kube
- cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
# Deploy a default storage class for aws
- kubectl apply -f ${CI_PROJECT_DIR}/.gitlab-ci/jobs/rke2/dependencies/k8s-resources/aws/default-ebs-sc.yaml
script:
- *deploy_bigbang
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
# Run tests on BigBang on RKE2 cluster on AWS
aws/rke2/bigbang test:
stage: test
extends:
- .infra create
- .bigbang
needs:
- job: aws/rke2/cluster up
artifacts: true
- job: aws/rke2/bigbang up
before_script:
- mkdir -p ~/.kube
- cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
script:
## Move this yum install to the dockerfile for the builder
## putting it here now for a quick way to install dig
- yum install bind-utils -y
- ./scripts/hosts.sh
- *test_bigbang
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
# Uninstall BigBang on RKE2 cluster on AWS
aws/rke2/bigbang down:
stage: bigbang down
extends:
- .infra cleanup
- .bigbang
needs:
- job: aws/rke2/cluster up
artifacts: true
- job: aws/rke2/bigbang test
before_script:
- mkdir -p ~/.kube
- cp ${CI_PROJECT_DIR}/rke2.yaml ~/.kube/config
script:
- helm un -n bigbang bigbang
# TODO: Smarter wait
- sleep 180
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
# Destroy RKE2 cluster on AWS
aws/rke2/cluster down:
stage: cluster down
extends:
- .infra cleanup
- .rke2 down
needs:
- job: aws/rke2/bigbang down
- job: pre vars
artifacts: true
environment:
name: review/aws-${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
#-----------------------------------------------------------------------------------------------------------------------
#-----------------------------------------------------------------------------------------------------------------------
# Release Jobs
#
package:
stage: package
image: registry.dsop.io/platform-one/big-bang/umbrella/synker:0.0.1
rules:
# run job for manual tag events
- if: $CI_COMMIT_TAG
# when: never
# # run job on commits to default branch
# - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
before_script:
# Set up auth
- mkdir -p /root/.docker
- echo $DOCKER_AUTH_CONFIG > /root/.docker/config.json
script:
- cp ./scripts/package/synker.yaml ./synker.yaml
# Populate images list in synker config
# NOTE: This is stupid and hacky, use yq or something better to do this
- cat images.txt | sed -e 's/^/ - /' >> synker.yaml
- synker pull -b=1
# Tar up synker as well?
- cp /usr/local/bin/synker synker.yaml /var/lib/registry/
- tar -C /var/lib/registry -czvf $IMAGE_PKG .
- tar -czvf $IMAGE_PKG /var/lib/registry
# Package dependent repos
- ./scripts/package/gits.sh
- tar -czf $REPOS_PKG repos/
# Prep release
- mkdir -p release
- mv $IMAGE_LIST $IMAGE_PKG $REPOS_PKG release/
# Publish packages to s3 release
- aws s3 sync --quiet release/ s3://umbrella-bigbang-releases/umbrella/${CI_COMMIT_TAG}
after_script: []
release:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli:latest
rules:
# run job for manual tag events
- if: $CI_COMMIT_TAG
# when: never
# # run job on commits to default branch
# - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
variables:
RELEASE_ENDPOINT: https://${RELEASE_BUCKET}.s3-${AWS_DEFAULT_REGION}.amazonaws.com/umbrella/${CI_COMMIT_TAG}
script:
- |
release-cli create --name "Big Bang v${CI_COMMIT_TAG}" --tag-name ${CI_COMMIT_TAG} \
--description "Automated release notes are a WIP." \
--assets-link "{\"name\":\"${IMAGE_LIST}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_LIST}\"}" \
--assets-link "{\"name\":\"${IMAGE_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${IMAGE_PKG}\"}" \
--assets-link "{\"name\":\"${REPOS_PKG}\",\"url\":\"${RELEASE_ENDPOINT}/${REPOS_PKG}\"}"
#-----------------------------------------------------------------------------------------------------------------------