Merge branch 'vendor-auto-devops-template-in-10-8' into 'master'
Vendor Auto-DevOps.gitlab-ci.yml See merge request gitlab-org/gitlab-ce!18797
This commit is contained in:
commit
0eb74426b3
|
@ -88,6 +88,14 @@ codequality:
|
||||||
artifacts:
|
artifacts:
|
||||||
paths: [codeclimate.json]
|
paths: [codeclimate.json]
|
||||||
|
|
||||||
|
license_management:
|
||||||
|
image: registry.gitlab.com/gitlab-org/security-products/license-management:latest
|
||||||
|
allow_failure: true
|
||||||
|
script:
|
||||||
|
- license_management
|
||||||
|
artifacts:
|
||||||
|
paths: [gl-license-report.json]
|
||||||
|
|
||||||
performance:
|
performance:
|
||||||
stage: performance
|
stage: performance
|
||||||
image: docker:stable
|
image: docker:stable
|
||||||
|
@ -133,6 +141,7 @@ dependency_scanning:
|
||||||
- dependency_scanning
|
- dependency_scanning
|
||||||
artifacts:
|
artifacts:
|
||||||
paths: [gl-dependency-scanning-report.json]
|
paths: [gl-dependency-scanning-report.json]
|
||||||
|
|
||||||
sast:container:
|
sast:container:
|
||||||
image: docker:stable
|
image: docker:stable
|
||||||
variables:
|
variables:
|
||||||
|
@ -217,7 +226,7 @@ stop_review:
|
||||||
# only manually promote to production, enable this job by removing the dot (.),
|
# only manually promote to production, enable this job by removing the dot (.),
|
||||||
# and uncomment the `when: manual` line in the `production` job.
|
# and uncomment the `when: manual` line in the `production` job.
|
||||||
|
|
||||||
.staging:
|
staging:
|
||||||
stage: staging
|
stage: staging
|
||||||
script:
|
script:
|
||||||
- check_kube_domain
|
- check_kube_domain
|
||||||
|
@ -234,6 +243,11 @@ stop_review:
|
||||||
refs:
|
refs:
|
||||||
- master
|
- master
|
||||||
kubernetes: active
|
kubernetes: active
|
||||||
|
variables:
|
||||||
|
- $STAGING_ENABLED
|
||||||
|
except:
|
||||||
|
variables:
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
# Canaries are disabled by default, but if you want them,
|
# Canaries are disabled by default, but if you want them,
|
||||||
# and know what the downsides are, enable this job by removing the dot (.),
|
# and know what the downsides are, enable this job by removing the dot (.),
|
||||||
|
@ -263,7 +277,7 @@ stop_review:
|
||||||
# or `canary` deploys, or you simply want more control over when you deploy
|
# or `canary` deploys, or you simply want more control over when you deploy
|
||||||
# to production, uncomment the `when: manual` line in the `production` job.
|
# to production, uncomment the `when: manual` line in the `production` job.
|
||||||
|
|
||||||
production:
|
.production: &production_template
|
||||||
stage: production
|
stage: production
|
||||||
script:
|
script:
|
||||||
- check_kube_domain
|
- check_kube_domain
|
||||||
|
@ -274,17 +288,103 @@ production:
|
||||||
- create_secret
|
- create_secret
|
||||||
- deploy
|
- deploy
|
||||||
- delete canary
|
- delete canary
|
||||||
|
- delete rollout
|
||||||
- persist_environment_url
|
- persist_environment_url
|
||||||
environment:
|
environment:
|
||||||
name: production
|
name: production
|
||||||
url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
|
url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
|
||||||
artifacts:
|
artifacts:
|
||||||
paths: [environment_url.txt]
|
paths: [environment_url.txt]
|
||||||
# when: manual
|
|
||||||
|
production:
|
||||||
|
<<: *production_template
|
||||||
only:
|
only:
|
||||||
refs:
|
refs:
|
||||||
- master
|
- master
|
||||||
kubernetes: active
|
kubernetes: active
|
||||||
|
except:
|
||||||
|
variables:
|
||||||
|
- $STAGING_ENABLED
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
|
production_manual:
|
||||||
|
<<: *production_template
|
||||||
|
when: manual
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
kubernetes: active
|
||||||
|
variables:
|
||||||
|
- $STAGING_ENABLED
|
||||||
|
except:
|
||||||
|
variables:
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
|
# This job implements incremental rollout on for every push to `master`.
|
||||||
|
|
||||||
|
.rollout: &rollout_template
|
||||||
|
stage: production
|
||||||
|
script:
|
||||||
|
- check_kube_domain
|
||||||
|
- install_dependencies
|
||||||
|
- download_chart
|
||||||
|
- ensure_namespace
|
||||||
|
- install_tiller
|
||||||
|
- create_secret
|
||||||
|
- deploy rollout $ROLLOUT_PERCENTAGE
|
||||||
|
- scale stable $((100-ROLLOUT_PERCENTAGE))
|
||||||
|
- delete canary
|
||||||
|
- persist_environment_url
|
||||||
|
environment:
|
||||||
|
name: production
|
||||||
|
url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
|
||||||
|
artifacts:
|
||||||
|
paths: [environment_url.txt]
|
||||||
|
|
||||||
|
rollout 10%:
|
||||||
|
<<: *rollout_template
|
||||||
|
variables:
|
||||||
|
ROLLOUT_PERCENTAGE: 10
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
kubernetes: active
|
||||||
|
variables:
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
|
rollout 25%:
|
||||||
|
<<: *rollout_template
|
||||||
|
variables:
|
||||||
|
ROLLOUT_PERCENTAGE: 25
|
||||||
|
when: manual
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
kubernetes: active
|
||||||
|
variables:
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
|
rollout 50%:
|
||||||
|
<<: *rollout_template
|
||||||
|
variables:
|
||||||
|
ROLLOUT_PERCENTAGE: 50
|
||||||
|
when: manual
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
kubernetes: active
|
||||||
|
variables:
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
|
rollout 100%:
|
||||||
|
<<: *production_template
|
||||||
|
when: manual
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
kubernetes: active
|
||||||
|
variables:
|
||||||
|
- $INCREMENTAL_ROLLOUT_ENABLED
|
||||||
|
|
||||||
# ---------------------------------------------------------------------------
|
# ---------------------------------------------------------------------------
|
||||||
|
|
||||||
|
@ -308,7 +408,7 @@ production:
|
||||||
fi
|
fi
|
||||||
|
|
||||||
docker run -d --name db arminc/clair-db:latest
|
docker run -d --name db arminc/clair-db:latest
|
||||||
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
|
docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
|
||||||
apk add -U wget ca-certificates
|
apk add -U wget ca-certificates
|
||||||
docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
|
docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
|
||||||
wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
|
wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
|
||||||
|
@ -328,6 +428,14 @@ production:
|
||||||
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
|
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function license_management() {
|
||||||
|
if echo $GITLAB_FEATURES |grep license_management > /dev/null ; then
|
||||||
|
/run.sh .
|
||||||
|
else
|
||||||
|
echo "License management is not available in your subscription"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
function sast() {
|
function sast() {
|
||||||
case "$CI_SERVER_VERSION" in
|
case "$CI_SERVER_VERSION" in
|
||||||
*-ee)
|
*-ee)
|
||||||
|
@ -363,30 +471,19 @@ production:
|
||||||
esac
|
esac
|
||||||
}
|
}
|
||||||
|
|
||||||
function deploy() {
|
function get_replicas() {
|
||||||
track="${1-stable}"
|
track="${1:-stable}"
|
||||||
name="$CI_ENVIRONMENT_SLUG"
|
percentage="${2:-100}"
|
||||||
|
|
||||||
if [[ "$track" != "stable" ]]; then
|
|
||||||
name="$name-$track"
|
|
||||||
fi
|
|
||||||
|
|
||||||
replicas="1"
|
|
||||||
service_enabled="false"
|
|
||||||
postgres_enabled="$POSTGRES_ENABLED"
|
|
||||||
# canary uses stable db
|
|
||||||
[[ "$track" == "canary" ]] && postgres_enabled="false"
|
|
||||||
|
|
||||||
env_track=$( echo $track | tr -s '[:lower:]' '[:upper:]' )
|
env_track=$( echo $track | tr -s '[:lower:]' '[:upper:]' )
|
||||||
env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s '[:lower:]' '[:upper:]' )
|
env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s '[:lower:]' '[:upper:]' )
|
||||||
|
|
||||||
if [[ "$track" == "stable" ]]; then
|
if [[ "$track" == "stable" ]] || [[ "$track" == "rollout" ]]; then
|
||||||
# for stable track get number of replicas from `PRODUCTION_REPLICAS`
|
# for stable track get number of replicas from `PRODUCTION_REPLICAS`
|
||||||
eval new_replicas=\$${env_slug}_REPLICAS
|
eval new_replicas=\$${env_slug}_REPLICAS
|
||||||
if [[ -z "$new_replicas" ]]; then
|
if [[ -z "$new_replicas" ]]; then
|
||||||
new_replicas=$REPLICAS
|
new_replicas=$REPLICAS
|
||||||
fi
|
fi
|
||||||
service_enabled="true"
|
|
||||||
else
|
else
|
||||||
# for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS`
|
# for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS`
|
||||||
eval new_replicas=\$${env_track}_${env_slug}_REPLICAS
|
eval new_replicas=\$${env_track}_${env_slug}_REPLICAS
|
||||||
|
@ -394,9 +491,36 @@ production:
|
||||||
eval new_replicas=\${env_track}_REPLICAS
|
eval new_replicas=\${env_track}_REPLICAS
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [[ -n "$new_replicas" ]]; then
|
|
||||||
replicas="$new_replicas"
|
replicas="${new_replicas:-1}"
|
||||||
|
replicas="$(($replicas * $percentage / 100))"
|
||||||
|
|
||||||
|
# always return at least one replicas
|
||||||
|
if [[ $replicas -gt 0 ]]; then
|
||||||
|
echo "$replicas"
|
||||||
|
else
|
||||||
|
echo 1
|
||||||
fi
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
|
function deploy() {
|
||||||
|
track="${1-stable}"
|
||||||
|
percentage="${2:-100}"
|
||||||
|
name="$CI_ENVIRONMENT_SLUG"
|
||||||
|
|
||||||
|
replicas="1"
|
||||||
|
service_enabled="true"
|
||||||
|
postgres_enabled="$POSTGRES_ENABLED"
|
||||||
|
|
||||||
|
# if track is different than stable,
|
||||||
|
# re-use all attached resources
|
||||||
|
if [[ "$track" != "stable" ]]; then
|
||||||
|
name="$name-$track"
|
||||||
|
service_enabled="false"
|
||||||
|
postgres_enabled="false"
|
||||||
|
fi
|
||||||
|
|
||||||
|
replicas=$(get_replicas "$track" "$percentage")
|
||||||
|
|
||||||
if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
|
if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
|
||||||
secret_name='gitlab-registry'
|
secret_name='gitlab-registry'
|
||||||
|
@ -427,6 +551,25 @@ production:
|
||||||
chart/
|
chart/
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function scale() {
|
||||||
|
track="${1-stable}"
|
||||||
|
percentage="${2-100}"
|
||||||
|
name="$CI_ENVIRONMENT_SLUG"
|
||||||
|
|
||||||
|
if [[ "$track" != "stable" ]]; then
|
||||||
|
name="$name-$track"
|
||||||
|
fi
|
||||||
|
|
||||||
|
replicas=$(get_replicas "$track" "$percentage")
|
||||||
|
|
||||||
|
helm upgrade --reuse-values \
|
||||||
|
--wait \
|
||||||
|
--set replicaCount="$replicas" \
|
||||||
|
--namespace="$KUBE_NAMESPACE" \
|
||||||
|
"$name" \
|
||||||
|
chart/
|
||||||
|
}
|
||||||
|
|
||||||
function install_dependencies() {
|
function install_dependencies() {
|
||||||
apk add -U openssl curl tar gzip bash ca-certificates git
|
apk add -U openssl curl tar gzip bash ca-certificates git
|
||||||
wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
|
wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
|
||||||
|
@ -548,8 +691,8 @@ production:
|
||||||
kubectl create secret -n "$KUBE_NAMESPACE" \
|
kubectl create secret -n "$KUBE_NAMESPACE" \
|
||||||
docker-registry gitlab-registry \
|
docker-registry gitlab-registry \
|
||||||
--docker-server="$CI_REGISTRY" \
|
--docker-server="$CI_REGISTRY" \
|
||||||
--docker-username="$CI_REGISTRY_USER" \
|
--docker-username="${CI_DEPLOY_USER:-$CI_REGISTRY_USER}" \
|
||||||
--docker-password="$CI_REGISTRY_PASSWORD" \
|
--docker-password="${CI_DEPLOY_PASSWORD:-$CI_REGISTRY_PASSWORD}" \
|
||||||
--docker-email="$GITLAB_USER_EMAIL" \
|
--docker-email="$GITLAB_USER_EMAIL" \
|
||||||
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
|
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue