manifold/.gitlab-ci.yml at main · tulibraries/manifold · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
include:
  - project: "infrastructure-engineering-shared/gitlab-ci-templates"
    file:
      - "lint_docker.yaml"
      - "build_and_scan_docker.yaml"
      - "kubectl_commands.yaml"
      - "sast_scanning.yaml"

variables:
  IMAGE: "tulibraries/manifold"
  HARBOR: "harbor.k8s.temple.edu"
  HELM_EXPERIMENTAL_OCI: "1"
  SAST_EXCLUDED_PATHS: "spec, test, tests, tmp"

.export_variables: &export_variables
  - source .env
  - export VERSION="${DOCKER_IMAGE_VERSION}-${CI_COMMIT_SHORT_SHA}"

before_script:
- *export_variables

stages:
  - lint
  - build
  - tag
  - deploy

lint:
  extends: .lint_docker
  variables:
    DF: ".docker/app/Dockerfile"
  except:
    - tags

build:
  stage: build
  extends: .build_and_scan_image
  variables:
    DF: ".docker/app/Dockerfile --build-arg RAILS_MASTER_KEY=$MANIFOLD_MASTER_KEY --no-cache"
  except:
    - tags

tag:
  stage: tag
  extends: .tag_image
  except:
    - tags

qa_deploy:
  variables:
    IMAGE: $HARBOR/tulibraries/manifold
    RANCHER: np-rancher
    CLUSTER: $DEV_CLUSTER
  stage: deploy
  extends: .helm_setup
  only:
    - main
  script:
    - *export_variables
    - helm pull oci://$HARBOR/tulibraries/charts/manifold --untar
    - |
      helm upgrade manifold oci://$HARBOR/tulibraries/charts/manifold \
        --history-max=5 --namespace=manifold-qa \
        --values manifold/values.yaml \
        --set image.repository=$IMAGE:$VERSION \
        --set skylight.deployId=$CI_COMMIT_SHA \
        --set skylight.gitSha=$CI_COMMIT_SHA \
        --set skylight.description="QA deploy $CI_COMMIT_SHORT_SHA"

tag_prod:
  stage: tag
  extends: .tag_image
  variables:
    TAG: prod
  only:
    - tags

tag_release:
  stage: tag
  extends: .tag_image
  variables:
    TAG: $CI_COMMIT_TAG
  only:
    - tags

tag_prod_chart:
  stage: tag
  extends: .tag_image
  # Helm charts live in Harbor as OCI artifacts; add/update a "prod" tag so we
  # can easily find the chart version that is currently deployed in production.
  variables:
    HARBOR_PROJECT: "tulibraries"
    HARBOR_CHART_REPOSITORY: "charts%2Fmanifold"
  only:
    - tags
  script:
    - |
      API_BASE="https://${HARBOR}/api/v2.0/projects/${HARBOR_PROJECT}/repositories/${HARBOR_CHART_REPOSITORY}"
      curl --silent --show-error -u "${HARBOR_USERNAME}:${HARBOR_TOKEN}" \
        -X DELETE "${API_BASE}/artifacts/prod/tags/prod" || echo "prod tag not present yet"
    - |
      curl --silent --show-error --fail \
        -u "${HARBOR_USERNAME}:${HARBOR_TOKEN}" \
        -H "Content-Type: application/json" \
        -d "{\"name\":\"prod\"}" \
        -X POST "${API_BASE}/artifacts/${HELM_VERSION_PROD}/tags"

prod_deploy:
  variables:
    IMAGE: harbor.k8s.temple.edu/tulibraries/manifold
    RANCHER: prod-rancher
    CLUSTER: $PROD_CLUSTER
  stage: deploy
  extends: .helm_setup
  only:
    - tags
  script:
    - helm pull oci://$HARBOR/tulibraries/charts/manifold --version $HELM_VERSION_PROD --untar
    - |
      helm upgrade manifold oci://$HARBOR/tulibraries/charts/manifold \
        --version $HELM_VERSION_PROD \
        --history-max=5 --namespace=manifold-prod \
        --values manifold/values-prod.yaml \
        --set image.repository=$IMAGE:$CI_COMMIT_TAG \
        --set skylight.deployId=$CI_COMMIT_SHA \
        --set skylight.gitSha=$CI_COMMIT_SHA \
        --set skylight.description="Release $CI_COMMIT_SHORT_SHA"