Vendor Auto-DevOps.gitlab-ci.yml

2018-05-08 00:18:03 +00:00 · 2018-05-08 00:18:03 +00:00 · c0c21960ef
commit c0c21960ef
parent cb7a6d343a
1 changed files with 166 additions and 23 deletions
--- a/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+++ b/vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
@ -88,6 +88,14 @@ codequality:
  artifacts:
    paths: [codeclimate.json]

+license_management:
+  image: registry.gitlab.com/gitlab-org/security-products/license-management:latest
+  allow_failure: true
+  script:
+    - license_management
+  artifacts:
+    paths: [gl-license-report.json]
+
 performance:
  stage: performance
  image: docker:stable
@ -133,6 +141,7 @@ dependency_scanning:
    - dependency_scanning
  artifacts:
    paths: [gl-dependency-scanning-report.json]
+
 sast:container:
  image: docker:stable
  variables:
@ -217,7 +226,7 @@ stop_review:
 # only manually promote to production, enable this job by removing the dot (.),
 # and uncomment the `when: manual` line in the `production` job.

-.staging:
+staging:
  stage: staging
  script:
    - check_kube_domain
@ -234,6 +243,11 @@ stop_review:
    refs:
      - master
    kubernetes: active
+    variables:
+      - $STAGING_ENABLED
+  except:
+    variables:
+      - $INCREMENTAL_ROLLOUT_ENABLED

 # Canaries are disabled by default, but if you want them,
 # and know what the downsides are, enable this job by removing the dot (.),
@ -263,7 +277,7 @@ stop_review:
 # or `canary` deploys, or you simply want more control over when you deploy
 # to production, uncomment the `when: manual` line in the `production` job.

-production:
+.production: &production_template
  stage: production
  script:
    - check_kube_domain
@ -274,17 +288,103 @@ production:
    - create_secret
    - deploy
    - delete canary
+    - delete rollout
    - persist_environment_url
  environment:
    name: production
    url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
  artifacts:
    paths: [environment_url.txt]
-#  when: manual
+
+production:
+  <<: *production_template
  only:
    refs:
      - master
    kubernetes: active
+  except:
+    variables:
+      - $STAGING_ENABLED
+      - $INCREMENTAL_ROLLOUT_ENABLED
+
+production_manual:
+  <<: *production_template
+  when: manual
+  only:
+    refs:
+      - master
+    kubernetes: active
+    variables:
+      - $STAGING_ENABLED
+  except:
+    variables:
+      - $INCREMENTAL_ROLLOUT_ENABLED
+
+# This job implements incremental rollout on for every push to `master`.
+
+.rollout: &rollout_template
+  stage: production
+  script:
+    - check_kube_domain
+    - install_dependencies
+    - download_chart
+    - ensure_namespace
+    - install_tiller
+    - create_secret
+    - deploy rollout $ROLLOUT_PERCENTAGE
+    - scale stable $((100-ROLLOUT_PERCENTAGE))
+    - delete canary
+    - persist_environment_url
+  environment:
+    name: production
+    url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
+  artifacts:
+    paths: [environment_url.txt]
+
+rollout 10%:
+  <<: *rollout_template
+  variables:
+    ROLLOUT_PERCENTAGE: 10
+  only:
+    refs:
+      - master
+    kubernetes: active
+    variables:
+      - $INCREMENTAL_ROLLOUT_ENABLED
+
+rollout 25%:
+  <<: *rollout_template
+  variables:
+    ROLLOUT_PERCENTAGE: 25
+  when: manual
+  only:
+    refs:
+      - master
+    kubernetes: active
+    variables:
+      - $INCREMENTAL_ROLLOUT_ENABLED
+
+rollout 50%:
+  <<: *rollout_template
+  variables:
+    ROLLOUT_PERCENTAGE: 50
+  when: manual
+  only:
+    refs:
+      - master
+    kubernetes: active
+    variables:
+      - $INCREMENTAL_ROLLOUT_ENABLED
+
+rollout 100%:
+  <<: *production_template
+  when: manual
+  only:
+    refs:
+      - master
+    kubernetes: active
+    variables:
+      - $INCREMENTAL_ROLLOUT_ENABLED

 # ---------------------------------------------------------------------------

@ -308,7 +408,7 @@ production:
    fi

    docker run -d --name db arminc/clair-db:latest
-    docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
+    docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
    apk add -U wget ca-certificates
    docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
    wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
@ -328,6 +428,14 @@ production:
               "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
  }

+  function license_management() {
+    if echo $GITLAB_FEATURES |grep license_management > /dev/null ; then
+      /run.sh .
+    else
+      echo "License management is not available in your subscription"
+    fi
+  }
+
  function sast() {
    case "$CI_SERVER_VERSION" in
      *-ee)
@ -363,30 +471,19 @@ production:
    esac
  }

-  function deploy() {
-    track="${1-stable}"
-    name="$CI_ENVIRONMENT_SLUG"
-
-    if [[ "$track" != "stable" ]]; then
-      name="$name-$track"
-    fi
-
-    replicas="1"
-    service_enabled="false"
-    postgres_enabled="$POSTGRES_ENABLED"
-    # canary uses stable db
-    [[ "$track" == "canary" ]] && postgres_enabled="false"
+  function get_replicas() {
+    track="${1:-stable}"
+    percentage="${2:-100}"

    env_track=$( echo $track | tr -s  '[:lower:]'  '[:upper:]' )
    env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s  '[:lower:]'  '[:upper:]' )

-    if [[ "$track" == "stable" ]]; then
+    if [[ "$track" == "stable" ]] || [[ "$track" == "rollout" ]]; then
      # for stable track get number of replicas from `PRODUCTION_REPLICAS`
      eval new_replicas=\$${env_slug}_REPLICAS
      if [[ -z "$new_replicas" ]]; then
        new_replicas=$REPLICAS
      fi
-      service_enabled="true"
    else
      # for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS`
      eval new_replicas=\$${env_track}_${env_slug}_REPLICAS
@ -394,9 +491,36 @@ production:
        eval new_replicas=\${env_track}_REPLICAS
      fi
    fi
-    if [[ -n "$new_replicas" ]]; then
-      replicas="$new_replicas"
+
+    replicas="${new_replicas:-1}"
+    replicas="$(($replicas * $percentage / 100))"
+
+    # always return at least one replicas
+    if [[ $replicas -gt 0 ]]; then
+      echo "$replicas"
+    else
+      echo 1
    fi
+  }
+
+  function deploy() {
+    track="${1-stable}"
+    percentage="${2:-100}"
+    name="$CI_ENVIRONMENT_SLUG"
+
+    replicas="1"
+    service_enabled="true"
+    postgres_enabled="$POSTGRES_ENABLED"
+
+    # if track is different than stable,
+    # re-use all attached resources
+    if [[ "$track" != "stable" ]]; then
+      name="$name-$track"
+      service_enabled="false"
+      postgres_enabled="false"
+    fi
+
+    replicas=$(get_replicas "$track" "$percentage")

    if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
      secret_name='gitlab-registry'
@ -427,6 +551,25 @@ production:
      chart/
  }

+  function scale() {
+    track="${1-stable}"
+    percentage="${2-100}"
+    name="$CI_ENVIRONMENT_SLUG"
+
+    if [[ "$track" != "stable" ]]; then
+      name="$name-$track"
+    fi
+
+    replicas=$(get_replicas "$track" "$percentage")
+
+    helm upgrade --reuse-values \
+      --wait \
+      --set replicaCount="$replicas" \
+      --namespace="$KUBE_NAMESPACE" \
+      "$name" \
+      chart/
+  }
+
  function install_dependencies() {
    apk add -U openssl curl tar gzip bash ca-certificates git
    wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
@ -548,8 +691,8 @@ production:
    kubectl create secret -n "$KUBE_NAMESPACE" \
      docker-registry gitlab-registry \
      --docker-server="$CI_REGISTRY" \
-      --docker-username="$CI_REGISTRY_USER" \
-      --docker-password="$CI_REGISTRY_PASSWORD" \
+      --docker-username="${CI_DEPLOY_USER:-$CI_REGISTRY_USER}" \
+      --docker-password="${CI_DEPLOY_PASSWORD:-$CI_REGISTRY_PASSWORD}" \
      --docker-email="$GITLAB_USER_EMAIL" \
      -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
  }