[ci] Add .gitlab-ci and CODEOWNERS

24b0de47 · Alexander · 5d55e2cd · 24b0de47 · 24b0de47 · 24b0de47
Verified Commit 24b0de47 authored Jun 27, 2022 by Alexander
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
+stages:
+  - test
+  - build
+  - staging
+  - production
+
+default:
+  interruptible:                   true
+  retry:
+    max: 2
+    when:
+      - runner_system_failure
+      - unknown_failure
+      - api_failure
+
+variables:
+  KUBE_NAMESPACE:                  "substrate-tip-bot"
+  CI_REGISTRY:                     "docker.io/paritytech"
+  GIT_STRATEGY:                    fetch
+  CI_IMAGE:                        node:16.10-alpine
+  DOCKERHUB_REPO:                  "paritytech"
+  IMAGE_NAME:                      docker.io/$DOCKERHUB_REPO/substrate-tip-bot
+  DOCKER_TAG:                      "${CI_COMMIT_SHORT_SHA}"
+  VAULT_ADDR:                      "https://vault.parity-mgmt-vault.parity.io"
+  VAULT_AUTH_PATH:                 "gitlab-parity-io-jwt"
+  VAULT_AUTH_ROLE:                 "cicd_gitlab_parity_${CI_PROJECT_NAME}"
+  HELM_SECRETS_DRIVER:             vals
+
+.common-refs:                      &common-refs
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web"
+    - if: $CI_PIPELINE_SOURCE == "schedule"
+    - if: $CI_COMMIT_REF_NAME == "master"
+    - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs
+
+.test-refs:                        &test-refs
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web" &&
+          $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs and from web interface
+    - if: $CI_COMMIT_REF_NAME =~ /^[0-9]+$/                         # PRs
+
+# Deploy on production goes only on tag
+.deploy-prod-refs:                 &deploy-prod-refs
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web" &&
+          $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # on tags (i.e. v1.0, v2.1rc1) and from web interface
+    - if: $CI_COMMIT_REF_NAME =~ /^v[0-9]+\.[0-9]+.*$/              # on tags (i.e. v1.0, v2.1rc1)
+
+# Publish docker image and deploy it on staging
+.publish-deploy-stg-refs:          &publish-deploy-stg-refs
+  rules:
+    - if: $CI_PIPELINE_SOURCE == "web" &&
+          $CI_COMMIT_REF_NAME == "master"                           # on commits to main branch and from web interface
+    - if: $CI_COMMIT_REF_NAME == "master"                           # on commits to main branch
+
+.kubernetes-env:                   &kubernetes-env
+  image:                           $CI_IMAGE
+  tags:
+    - kubernetes-parity-build
+
+# template task for building and pushing an image
+.build-push-docker-image:          &build-push-docker-image
+  image:                           quay.io/buildah/stable
+  script:
+    - test "$Docker_Hub_User_Parity" -a "$Docker_Hub_Pass_Parity" ||
+      ( echo "no docker credentials provided"; exit 1 )
+    - buildah bud
+      --format=docker
+      --build-arg VCS_REF="${CI_COMMIT_SHA}"
+      --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+      --build-arg VERSION="${DOCKER_TAG}"
+      --build-arg PROJECT_NAME="${CI_PROJECT_NAME}"
+      --tag "$IMAGE_NAME:${DOCKER_TAG}"
+      --tag "$IMAGE_NAME:latest"
+      --file "$DOCKERFILE" .
+    - echo "$Docker_Hub_Pass_Parity" |
+      buildah login --username "$Docker_Hub_User_Parity" --password-stdin docker.io
+    - buildah info
+    - buildah push --format=v2s2 "$IMAGE_NAME:${DOCKER_TAG}"
+    - buildah push --format=v2s2 "$IMAGE_NAME:latest"
+  after_script:
+    - buildah logout --all
+
+# test that docker image can build
+
+.build-only-docker-image:          &build-only-docker-image
+  image:                           quay.io/buildah/stable
+  script:
+    - buildah bud
+      --format=docker
+      --build-arg VCS_REF="${CI_COMMIT_SHA}"
+      --build-arg BUILD_DATE="$(date -u '+%Y-%m-%dT%H:%M:%SZ')"
+      --build-arg PROJECT_NAME="${CI_PROJECT_NAME}"
+      --tag "$IMAGE_NAME:latest"
+      --file "$DOCKERFILE" .
+
+check-linting:
+  stage:                           test
+  <<:                              *common-refs
+  <<:                              *kubernetes-env
+  script:
+    - apk update && apk add --no-cache git
+    - yarn --immutable
+    - yarn lint
+
+build-docker-bot:
+  stage:                           build
+  <<:                              *test-refs
+  <<:                              *kubernetes-env
+  <<:                              *build-only-docker-image
+  variables:
+    DOCKERFILE:                    "Dockerfile"
+
+
+publish-docker-bot:
+  stage:                           build
+  <<:                              *publish-deploy-stg-refs
+  <<:                              *kubernetes-env
+  <<:                              *build-push-docker-image
+  variables:
+    DOCKERFILE:                    "Dockerfile"
+
+#### stage:                        deploy
+
+.deploy:                           &deploy-k8s
+  script:
+    # https://docs.gitlab.com/ee/ci/examples/authenticating-with-hashicorp-vault/#example
+    - export VAULT_TOKEN="$(vault write -field=token auth/$VAULT_AUTH_PATH/login role=$VAULT_AUTH_ROLE jwt=$CI_JOB_JWT)"
+    - helm dependency update helm/
+    - helm secrets --version
+    - helm secrets upgrade
+        --install
+        --atomic
+        --timeout 300s
+        --namespace ${CI_PROJECT_NAME}
+        --values helm/values.yaml
+        --values helm/values-$ENVIRONMENT.yaml
+        --set common.image.tag="$DOCKER_TAG"
+        $CI_PROJECT_NAME helm/
+    - kubectl get pods -n ${CI_PROJECT_NAME}
+
+# Disabled, enable after conigure HELM chart
+.deploy-stg:
+  stage:                           staging
+  <<:                              *deploy-k8s
+  <<:                              *kubernetes-env
+  <<:                              *publish-deploy-stg-refs
+  variables:
+    CI_IMAGE:                      "paritytech/kubetools:3.5.3"
+    ENVIRONMENT:                   parity-stg
+  environment:
+    name:                          parity-stg
+
+.deploy-prod:
+  stage:                           production
+  <<:                              *deploy-k8s
+  <<:                              *kubernetes-env
+  <<:                              *deploy-prod-refs
+  variables:
+    CI_IMAGE:                      "paritytech/kubetools:3.5.3"
+    ENVIRONMENT:                   parity-prod
+  environment:
+    name:                          parity-prod
--- a/CODEOWNERS
+++ b/CODEOWNERS
+# Lists some code owners.
+#
+# A codeowner just oversees some part of the codebase. If an owned file is changed then the
+# corresponding codeowner receives a review request. An approval of the codeowner might be
+# required for merging a PR (depends on repository settings).
+#
+# For details about syntax, see:
+# https://help.github.com/en/articles/about-code-owners
+# But here are some important notes:
+#
+# - Glob syntax is git-like, e.g. `/core` means the core directory in the root, unlike `core`
+#   which can be everywhere.
+# - Multiple owners are supported.
+# - Either handle (e.g, @github_user or @github_org/team) or email can be used. Keep in mind,
+#   that handles might work better because they are more recognizable on GitHub,
+#   you can use them for mentioning unlike an email.
+# - The latest matching rule, if multiple, takes precedence.
+
+# Global code owners
+* @paritytech/opstooling
+
+# CI
+/.gitlab-ci.yml @paritytech/ci
+/.github @paritytech/ci
--- a/Dockerfile
+++ b/Dockerfile
 FROM node:16-alpine

+# metadata
+ARG VCS_REF=master
+ARG BUILD_DATE=""
+ARG REGISTRY_PATH=docker.io/paritytech
+ARG PROJECT_NAME=""
+
+LABEL io.parity.image.authors="cicd-team@parity.io" \
+    io.parity.image.vendor="Parity Technologies" \
+    io.parity.image.title="${REGISTRY_PATH}/${PROJECT_NAME}" \
+    io.parity.image.description="Substrate Tip bot" \
+    io.parity.image.source="https://github.com/paritytech/${PROJECT_NAME}/blob/${VCS_REF}/Dockerfile" \
+    io.parity.image.documentation="https://github.com/paritytech/${PROJECT_NAME}/blob/${VCS_REF}/README.md" \
+    io.parity.image.revision="${VCS_REF}" \
+    io.parity.image.created="${BUILD_DATE}"
+
 RUN apk -U upgrade --no-cache

 WORKDIR /usr/src/app