Newer
Older
#
# pipelines can be triggered manually in the web
stages:
- build-linux
- build-mac
- publish
variables: &default-vars
CARGO_TARGET_DIR: "/ci-cache/${CI_PROJECT_NAME}/targets/${CI_COMMIT_REF_NAME}/${CI_JOB_NAME}"
VAULT_SERVER_URL: "https://vault.parity-mgmt-vault.parity.io"
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"
workflow:
rules:
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH
.collect-artifacts: &collect-artifacts
artifacts:
name: "${CI_JOB_NAME}_${CI_COMMIT_REF_NAME}"
when: on_success
expire_in: 7 days
paths:
- artifacts/
.docker-env: &docker-env
before_script:
- cargo -vV
- rustc -vV
- rustup show
- bash --version
- mkdir -p ${CARGO_TARGET_DIR}
- sccache -s
interruptible: true
retry:
max: 2
when:
- runner_system_failure
- unknown_failure
- api_failure
tags:
- linux-docker
.kubernetes-env: &kubernetes-env
retry:
max: 2
when:
- runner_system_failure
- unknown_failure
- api_failure
interruptible: true
tags:
- kubernetes-parity-build
.build-refs: &build-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME == "tags"
- if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/ # PRs
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
.master-refs: &master-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_REF_NAME == "master"
- if: $CI_COMMIT_REF_NAME == "tags"
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
.publish-refs: &publish-refs
rules:
- if: $CI_PIPELINE_SOURCE == "web"
- if: $CI_PIPELINE_SOURCE == "schedule"
- if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/ # i.e. v1.0, v2.1rc1
### stage: fmt
fmt:
stage: fmt
<<: *docker-env
script:
- cargo +nightly fmt --verbose --all -- --check
build-linux:
stage: build-linux
<<: *collect-artifacts
<<: *build-refs
- time cargo build --release
- time cargo test --release --all
- mkdir -p ./artifacts/canvas-linux/
- cp ${CARGO_TARGET_DIR}/release/canvas ./artifacts/canvas-linux/canvas
- cp ./scripts/dockerfiles/canvas_injected.Dockerfile ./artifacts/canvas-linux/canvas_injected.Dockerfile
build-mac:
stage: build-mac
# we run the mac build only when we actually want to publish
<<: *publish-refs
before_script:
- unset CARGO_TARGET_DIR
script:
- time cargo build --release
- mkdir -p ./artifacts/canvas-mac/
- cp target/release/canvas ./artifacts/canvas-mac/canvas
tags:
- osx
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
### stage: publish
.build-push-docker-image: &build-push-docker-image
<<: *master-refs
<<: *kubernetes-env
image: quay.io/buildah/stable
variables:
<<: *default-vars
GIT_STRATEGY: none
DOCKERFILE: canvas_injected.Dockerfile
IMAGE_NAME: docker.io/paritytech/canvas
secrets:
DOCKER_HUB_USER:
vault: cicd/gitlab/parity/DOCKER_HUB_USER@kv
file: false
DOCKER_HUB_PASS:
vault: cicd/gitlab/parity/DOCKER_HUB_PASS@kv
file: false
needs:
- job: build-linux
artifacts: true
before_script:
- if [[ "${CI_COMMIT_TAG}" ]]; then
VERSION=${CI_COMMIT_TAG};
elif [[ "${CI_COMMIT_SHORT_SHA}" ]]; then
VERSION=${CI_COMMIT_SHORT_SHA};
fi
- echo "Effective tags = ${VERSION} sha-${CI_COMMIT_SHORT_SHA} latest"
script:
- cd ./artifacts/canvas-linux/
- test "$DOCKER_HUB_USER" -a "$DOCKER_HUB_PASS" ||
( echo "no docker credentials provided"; exit 1 )
- buildah bud
--format=docker
--build-arg VCS_REF="${CI_COMMIT_SHA}"
--build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
--build-arg VERSION="$VERSION"
--tag "$IMAGE_NAME:$VERSION"
--tag "$IMAGE_NAME:latest"
--file "$DOCKERFILE" .
- echo "$DOCKER_HUB_PASS" |
buildah login --username "$DOCKER_HUB_USER" --password-stdin docker.io
- buildah info
- buildah push --format=v2s2 "$IMAGE_NAME:$VERSION"
- buildah push --format=v2s2 "$IMAGE_NAME:latest"
after_script:
- buildah logout --all
publish-docker:
stage: publish
<<: *build-push-docker-image
publish:
stage: publish
<<: *kubernetes-env
image: paritytech/tools:latest
<<: *publish-refs
needs:
- job: build-linux
artifacts: true
- job: build-mac
artifacts: true
secrets:
GITHUB_TOKEN:
vault: cicd/gitlab/$CI_PROJECT_PATH/GITHUB_TOKEN@kv
file: false
- git describe --tags
- TAG_NAME=`git describe --tags`
- echo "tag name ${TAG_NAME}"
- tar -czvf ./canvas-linux.tar.gz ./artifacts/canvas-linux/canvas
- tar -czvf ./canvas-mac.tar.gz ./artifacts/canvas-mac/canvas
- 'curl https://api.github.com/repos/paritytech/canvas/releases
--fail-with-body
-H "Cookie: logged_in=no"
-H "Authorization: token ${GITHUB_TOKEN}"'
- 'curl https://api.github.com/repos/paritytech/canvas/releases
--fail-with-body
-H "Cookie: logged_in=no"
-H "Authorization: token ${GITHUB_TOKEN}" | jq .'
- 'RELEASE_ID=$(curl https://api.github.com/repos/paritytech/canvas/releases
--fail-with-body
-H "Cookie: logged_in=no"
-H "Authorization: token ${GITHUB_TOKEN}"
| jq -r ".[] | select(.tag_name == \"$TAG_NAME\") | .id");
echo "release id if existent: ${RELEASE_ID}"'
- 'if [ -z "$RELEASE_ID" ]; then
RESP=$(curl -X "POST" "https://api.github.com/repos/paritytech/canvas/releases"
--fail-with-body
-H "Cookie: logged_in=no"
-H "Authorization: token ${GITHUB_TOKEN}"
-H "Content-Type: application/json; charset=utf-8"
-d $"{
\"tag_name\": \"${TAG_NAME}\",
\"name\": \"${TAG_NAME}\",
\"prerelease\": false,
\"draft\": true
}");
echo "api response ${RESP}";
RELEASE_ID=$(echo $RESP | jq -r .id);
echo "release id of created release ${RELEASE_ID}";
fi'
- echo "release id ${RELEASE_ID}"
- 'curl -X "POST" "https://uploads.github.com/repos/paritytech/canvas/releases/$RELEASE_ID/assets?name=canvas-linux.tar.gz"
--fail-with-body
-H "Cookie: logged_in=no"
-H "Authorization: token ${GITHUB_TOKEN}"
-H "Content-Type: application/octet-stream"
--data-binary @"./canvas-linux.tar.gz"'
- 'curl -X "POST" "https://uploads.github.com/repos/paritytech/canvas/releases/$RELEASE_ID/assets?name=canvas-mac.tar.gz"