-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
147 lines (131 loc) · 4.05 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
stages:
- build
- deploy
image: python:3.9
variables:
# Docker-in-Docker (DIND)
# When using dind service, you must instruct Docker to talk with
# the daemon started inside of the service. The daemon is available
# with a network connection instead of the default
# /var/run/docker.sock socket.
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/services/#accessing-the-services.
DOCKER_HOST: tcp://docker:2376
#
# Specify to Docker where to create the certificates. Docker
# creates them automatically on boot, and creates
# `/certs/client` to share between the service and job
# container, thanks to volume mount from config.toml
DOCKER_TLS_CERTDIR: "/certs"
# These are usually specified by the entrypoint, however the
# Kubernetes executor doesn't run entrypoints
# https://gitlab.com/gitlab-org/gitlab-runner/-/issues/4125
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
# Common vars for `deploy/ci.sh` (these will create deployments to the environments in Gitlab)
.staging_env: &staging_env
name: staging
url: https://archive-staging.cca.edu
.production_env: &production_env
name: production
url: https://archive.cca.edu
# Common vars for `kubernetes/ci.sh`
.staging_vars: &staging_vars
# STAGING_GKE_DEPLOYER_KEY contains an access key
# with permissions in the staging GCP project to:
# * Read from and write to Google Artifact Registry (Artifact Registry Reader/Writer)
# TODO * Access to Kuberentes cluster (Kubernetes Engine Developer)
GCLOUD_KEY: $STAGING_GKE_DEPLOYER_KEY
ENVIRONMENT: $CI_ENVIRONMENT_NAME
GCP_GKE_CLUSTER_NAME: gke_cca-web-staging_us-west1-b_ccaedu-stg
# TODO
.production_vars: &production_vars
# PRODUCTION_GKE_DEPLOYER_KEY contains an access key
# with permissions in the staging GCP project to:
# * Read from and write to Google Artifact Registry (Artifact Registry Reader/Writer)
# * Access to Kuberentes cluster (Kubernetes Engine Developer)
GCLOUD_KEY: $PRODUCTION_GKE_DEPLOYER_KEY
ENVIRONMENT: $CI_ENVIRONMENT_NAME
GCP_GKE_CLUSTER_NAME: gke_cca-web-0_us-west1-b_ccaedu-prod
# Rules for the `staging` environment
.staging_rules_fast: &staging_rules_fast
- if: "$CI_COMMIT_TAG =~ /^stg-fast*/"
when: on_success
# ! Currently no difference between fast/full deploys
.staging_rules_full: &staging_rules_full
- if: "$CI_COMMIT_TAG =~ /^stg-full*/"
when: on_success
.production_rules: &production_rules
- if: "$CI_COMMIT_TAG =~ /^release-*/"
when: manual
.build_template: &build_template
image: google/cloud-sdk:466.0.0
stage: build
tags:
- build
# ? why staging tag in a template used for both?
- staging
variables:
<<: *staging_vars
services:
- docker:dind
script:
- bash ./deploy/ci.sh build
# TODO
.deploy_template: &deploy_template
image: google/cloud-sdk:466.0.0
stage: deploy
tags:
- deploy
# ? why staging tag in a template used for both?
- staging
variables:
<<: *staging_vars
services:
# ? does deploy need docker?
- docker:dind
script:
- bash ./deploy/ci.sh deploy
# NOTE: we need to enumerate these for each environment until Gitlab can fix
# POSIX-compatible substitution in environment.name, such as "${CI_COMMIT_TAG%%-*}".
# See: https://gitlab.com/gitlab-org/gitlab/-/issues/27565
# Build staging environments
build_staging:
<<: *build_template
environment:
<<: *staging_env
rules:
- *staging_rules_fast
- *staging_rules_full
# Deploy staging environments
deploy_staging:
<<: *deploy_template
environment:
<<: *staging_env
rules:
- *staging_rules_fast
- *staging_rules_full
# Build and deploy production environments
build_production:
<<: *build_template
environment:
<<: *production_env
tags:
- build
- production
variables:
<<: *production_vars
rules:
- *production_rules
deploy_production:
<<: *deploy_template
environment:
<<: *production_env
tags:
- deploy
- production
variables:
<<: *production_vars
rules:
- *production_rules