Commit 7b4ba57f authored by Hordur Freyr Yngvason's avatar Hordur Freyr Yngvason
Browse files

Merge branch 'beta' into 'master' 

Release v1.0.0 auto-deploy-image

See merge request gitlab-org/cluster-integration/auto-deploy-image!100
parents d2f3982d e9f75f08

.gitlab-ci.yml

+7 −0
Original line number Diff line number Diff line 
workflow:

  rules:

    - if: $CI_MERGE_REQUEST_IID

    - if: $CI_COMMIT_TAG

    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true'



variables:

  DOCKER_DRIVER: overlay2
@@ -17,3 +23,4 @@ include: 
  - local: .gitlab/ci/shellcheck.gitlab-ci.yml

  - local: .gitlab/ci/test.gitlab-ci.yml

  - local: .gitlab/ci/release.gitlab-ci.yml

  - local: .gitlab/ci/chart.gitlab-ci.yml

.gitlab/ci/chart.gitlab-ci.yml

0 → 100644
+59 −0
Original line number Diff line number Diff line 
variables:

  SAST_DISABLE_DIND: "true"

  SCAN_KUBERNETES_MANIFESTS: "true"

  SAST_DEFAULT_ANALYZERS: "kubesec,secrets"



include:

  - template: SAST.gitlab-ci.yml



stages:

  - build

  - test

  - release



.chart-job:

  image: "registry.gitlab.com/gitlab-org/gitlab-build-images:alpine-helm"

  before_script:

    - cd assets/auto-deploy-app



chart:compile_manifests:

  extends: .chart-job

  stage: build

  script:

    - mkdir manifests

    - helm init --client-only

    - helm dependency build .

    - helm template -f values.yaml --output-dir manifests .

  artifacts:

    paths:

      - manifests



chart:lint:

  extends: .chart-job

  stage: test

  script:

    - helm lint .



kubesec-sast:

  needs: ["chart:compile_manifests"]



chart:test:

  extends: .chart-job

  stage: test

  script:

    - apk add --no-cache build-base go

    - helm init --client-only

    - helm dependency build .

    - cd test && GO111MODULE=auto go test .



# auto-deploy-image doesn't need to release the chart to https://charts.gitlab.io/,

# as it bundles a chart by default.

# release-chart:

#   stage: release

#   script:

#     - curl --fail --request POST --form "token=${CHARTS_TRIGGER_TOKEN}" --form ref=master

#         --form "variables[CHART_NAME]=$CI_PROJECT_NAME"

#         --form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"

#         https://gitlab.com/api/v4/projects/2860651/trigger/pipeline

#   only:

#     - /\Av[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?\Z/@gitlab-org/charts/auto-deploy-app

.gitlab/ci/release.gitlab-ci.yml

+37 −22
Original line number Diff line number Diff line
@@ -8,13 +8,6 @@ 
.semantic-release:

  image: node:12

  stage: release

  before_script:

    - npm install -g semantic-release @semantic-release/gitlab

  script:

    - semantic-release $DRY_RUN_OPT

  only:

    variables:

      - $CI_API_V4_URL == "https://gitlab.com/api/v4"



release-tag:

  stage: release
@@ -31,24 +24,46 @@ release-tag: 
    - docker tag "$BUILD_IMAGE_NAME" $ci_image:$ci_image_tag

    - docker push $ci_image:latest

    - docker push $ci_image:$ci_image_tag

  only:

    - tags

  rules:

    - if: $CI_COMMIT_TAG



publish:

  extends: .semantic-release

  only:

    refs:

      - master@gitlab-org/cluster-integration/auto-deploy-image

      - beta@gitlab-org/cluster-integration/auto-deploy-image

      - /^\d+\.x$/@gitlab-org/cluster-integration/auto-deploy-image

      - /^\d+\.\d+\.x$/@gitlab-org/cluster-integration/auto-deploy-image

  before_script:

    - npm install -g semantic-release @semantic-release/gitlab

  script:

    - semantic-release

  rules:

    # Only protected branches on the official project

    - if: $CI_COMMIT_BRANCH && $CI_COMMIT_REF_PROTECTED == 'true' && $CI_PROJECT_PATH == 'gitlab-org/cluster-integration/auto-deploy-image' && $CI_API_V4_URL == "https://gitlab.com/api/v4"



publish-dryrun:

  extends: .semantic-release

  variables:

    DRY_RUN_OPT: '-d'

  only:

    - branches@gitlab-org/cluster-integration/auto-deploy-image

  except:

    refs:

      - master
 
  before_script:

    - npm install -g semantic-release @semantic-release/gitlab

    - git fetch origin refs/merge-requests/$CI_MERGE_REQUEST_IID/merge:$CI_MERGE_REQUEST_TARGET_BRANCH_NAME

    - git checkout $CI_MERGE_REQUEST_TARGET_BRANCH_NAME

    # Overriding the variable that semantic-release runs on.

    # https://github.com/pvdlg/env-ci/blob/master/services/gitlab.js

    - export CI_COMMIT_REF_NAME=$CI_MERGE_REQUEST_TARGET_BRANCH_NAME

    - unset CI_MERGE_REQUEST_ID

  script:

    - semantic-release -d |tee output.log

    # Check if the bundled chart version matches the next auto-deploy-image version.

    - next_release_version=$(cat output.log | grep -oP "The next release version is \K.*$") || true

    - bundled_chart_version=$(cat assets/auto-deploy-app/Chart.yaml | grep -oP "version:\s*\K.*$")

    - echo "next_release_version is $next_release_version"

    - echo "bundled_chart_version is $bundled_chart_version"

    - |

      if [ -n "${next_release_version}" ] && [ -n "${bundled_chart_version}" ] && [ "${next_release_version}" != "${bundled_chart_version}" ]; then

        cat <<- EOS

      [WARN] auto-deploy-app chart version mismatch error.

      This merge request triggers to create a new release, auto-deploy-image ${next_release_version}.

      This version must be matched to the auto-deploy-app chart's version, however, currently it's set to ${bundled_chart_version}.

      Please set ${next_release_version} to the version column in assets/auto-deploy-app/Chart.yaml to resovle this error.

      EOS

      exit 1

      fi

  rules:

    - if: $CI_MERGE_REQUEST_IID && $CI_PROJECT_PATH == 'gitlab-org/cluster-integration/auto-deploy-image' && $CI_API_V4_URL == "https://gitlab.com/api/v4"

  needs: []

.gitlab/ci/shellcheck.gitlab-ci.yml

+2 −2
Original line number Diff line number Diff line
@@ -3,7 +3,7 @@ test-shellcheck: 
  image: koalaman/shellcheck-alpine:stable

  needs: []

  script:

    - shellcheck src/bin/auto-deploy test/*

    - shellcheck src/bin/auto-deploy test/verify-application-secret test/verify-deployment-database



test-shfmt:

  stage: test
@@ -12,4 +12,4 @@ test-shfmt: 
    entrypoint: ["/bin/sh", "-c"]

  needs: []

  script:

    - shfmt -i 2 -ci -l -d src/bin/auto-deploy test/*
 
    - shfmt -i 2 -ci -l -d src/bin/auto-deploy test/verify-application-secret test/verify-deployment-database

.gitlab/ci/test.gitlab-ci.yml

+35 −1
Original line number Diff line number Diff line
@@ -57,11 +57,18 @@ test-kube-domain_error: 
    - auto-deploy check_kube_domain && expected_error || failed_as_expected



test-download-chart:

  <<: *test-job

  script:

    - auto-deploy download_chart

    - ./test/verify-chart-version 1



test-download-chart-from-repo:

  <<: *test-job

  variables:

    GIT_STRATEGY: none

    AUTO_DEVOPS_CHART: gitlab/auto-deploy-app

  script:

    - auto-deploy download_chart

    - ./test/verify-chart-version 0



test-deploy-name:

  <<: *test-job
@@ -443,3 +450,30 @@ test-delete-canary-postgresql: 
    - helm get production-canary && expected_error || failed_as_expected

    - helm get production

    - helm get production-postgresql



test-chart-major-version-upgrade:

  extends: test-deploy

  script:

    - auto-deploy initialize_tiller

    # Downloading legacy v0 chart from charts.gitlab.io and the deployment should succeed

    - AUTO_DEVOPS_CHART=gitlab/auto-deploy-app auto-deploy download_chart

    - auto-deploy deploy

    - rm -Rf chart

    # Copying bundled chart from local storage and the deployment should fail

    - auto-deploy download_chart

    - "sed -i 's/version:.*/version: 10.0.0/g' chart/Chart.yaml"

    - cat chart/Chart.yaml

    - auto-deploy deploy| tee deploy.log || true

    - grep -q "Detected a major version difference" deploy.log || exit 1

    # Force deploy with the AUTO_DEVOPS_FORCE_DEPLOY option and the deployment should succeed

    - export AUTO_DEVOPS_FORCE_DEPLOY_V10=true

    - auto-deploy deploy| tee deploy.log

    - grep -q "allowed to force deploy" deploy.log || exit 1



rspec:

  stage: test

  image: ruby:2.5

  before_script:

    - gem install rspec

  script:

    - rspec test/rspec