.gitlab-ci.yml 5.87 KB
Newer Older
stages:
  - test
  - build
  - staging
  - production

default:
  interruptible:                   true
  retry:
    max: 2
    when:
      - runner_system_failure
      - unknown_failure
      - api_failure

variables:
  KUBE_NAMESPACE:                  "substrate-tip-bot"
  CI_REGISTRY:                     "docker.io/paritytech"
  GIT_STRATEGY:                    fetch
  CI_IMAGE:                        node:16.10-alpine
  DOCKERHUB_REPO:                  "paritytech"
  IMAGE_NAME:                      docker.io/$DOCKERHUB_REPO/substrate-tip-bot
  DOCKER_TAG:                      "${CI_COMMIT_SHORT_SHA}"
  VAULT_ADDR:                      "https://vault.parity-mgmt-vault.parity.io"
  VAULT_AUTH_PATH:                 "gitlab-parity-io-jwt"
  VAULT_AUTH_ROLE:                 "cicd_gitlab_parity_${CI_PROJECT_NAME}"
  HELM_SECRETS_DRIVER:             vals

.common-refs:                      &common-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web"
    - if: $CI_PIPELINE_SOURCE == "schedule"
    - if: $CI_COMMIT_REF_NAME == "master"
    - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs

.test-refs:                        &test-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web" &&
          $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs and from web interface
    - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs

# Deploy on production goes only on tag
.deploy-prod-refs:                 &deploy-prod-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web" &&
          $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # on tags (i.e. v1.0, v2.1rc1) and from web interface
    - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # on tags (i.e. v1.0, v2.1rc1)

# Publish docker image and deploy it on staging
.publish-deploy-stg-refs:          &publish-deploy-stg-refs
  rules:
    - if: $CI_PIPELINE_SOURCE == "web" &&
          $CI_COMMIT_REF_NAME == "master"                           # on commits to main branch and from web interface
    - if: $CI_COMMIT_REF_NAME == "master"                           # on commits to main branch

.kubernetes-env:                   &kubernetes-env
  image:                           $CI_IMAGE
  tags:
    - kubernetes-parity-build

# template task for building and pushing an image
.build-push-docker-image:          &build-push-docker-image
  image:                           quay.io/buildah/stable
  script:
    - test "$Docker_Hub_User_Parity" -a "$Docker_Hub_Pass_Parity" ||
      ( echo "no docker credentials provided"; exit 1 )
    - buildah bud
      --format=docker
      --build-arg VCS_REF="${CI_COMMIT_SHA}"
      --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
      --build-arg VERSION="${DOCKER_TAG}"
      --build-arg PROJECT_NAME="${CI_PROJECT_NAME}"
      --tag "$IMAGE_NAME:${DOCKER_TAG}"
      --tag "$IMAGE_NAME:latest"
      --file "$DOCKERFILE" .
    - echo "$Docker_Hub_Pass_Parity" |
      buildah login --username "$Docker_Hub_User_Parity" --password-stdin docker.io
    - buildah info
    - buildah push --format=v2s2 "$IMAGE_NAME:${DOCKER_TAG}"
    - buildah push --format=v2s2 "$IMAGE_NAME:latest"
  after_script:
    - buildah logout --all

# test that docker image can build

.build-only-docker-image:          &build-only-docker-image
  image:                           quay.io/buildah/stable
  script:
    - buildah bud
      --format=docker
      --build-arg VCS_REF="${CI_COMMIT_SHA}"
      --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
      --build-arg PROJECT_NAME="${CI_PROJECT_NAME}"
      --tag "$IMAGE_NAME:latest"
      --file "$DOCKERFILE" .

check-linting:
  stage:                           test
  <<:                              *common-refs
  <<:                              *kubernetes-env
  script:
    - apk update && apk add --no-cache git
    - yarn --immutable
    - yarn lint

build-docker-bot:
  stage:                           build
  <<:                              *test-refs
  <<:                              *kubernetes-env
  <<:                              *build-only-docker-image
  variables:
    DOCKERFILE:                    "Dockerfile"


publish-docker-bot:
  stage:                           build
  <<:                              *publish-deploy-stg-refs
  <<:                              *kubernetes-env
  <<:                              *build-push-docker-image
  variables:
    DOCKERFILE:                    "Dockerfile"

#### stage:                        deploy

.deploy:                           &deploy-k8s
  script:
    # https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/#example
    - export VAULT_TOKEN="$(vault write -field=token auth/$VAULT_AUTH_PATH/login role=$VAULT_AUTH_ROLE jwt=$CI_JOB_JWT)"
    - helm dependency update helm/
    - helm secrets --version
    - helm secrets upgrade
        --install
        --atomic
        --timeout 300s
        --namespace ${CI_PROJECT_NAME}
        --values helm/values.yaml
        --values helm/values-$ENVIRONMENT.yaml
        --set common.image.tag="$DOCKER_TAG"
        $CI_PROJECT_NAME helm/
    - kubectl get pods -n ${CI_PROJECT_NAME}

# Disabled, enable after conigure HELM chart
.deploy-stg:
  stage:                           staging
  <<:                              *deploy-k8s
  <<:                              *kubernetes-env
  <<:                              *publish-deploy-stg-refs
  variables:
    CI_IMAGE:                      "paritytech/kubetools:3.5.3"
    ENVIRONMENT:                   parity-stg
  environment:
    name:                          parity-stg

.deploy-prod:
  stage:                           production
  <<:                              *deploy-k8s
  <<:                              *kubernetes-env
  <<:                              *deploy-prod-refs
  variables:
    CI_IMAGE:                      "paritytech/kubetools:3.5.3"
    ENVIRONMENT:                   parity-prod
  environment:
    name:                          parity-prod