Merge branch 'add-review-app' into 'master'
Add review app Closes #52188 and #49569 See merge request gitlab-org/gitlab-ce!22010
This commit is contained in:
commit
d25a8ed076
|
@ -139,7 +139,7 @@ stages:
|
||||||
- export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}"
|
- export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}"
|
||||||
- apk add --update openssl
|
- apk add --update openssl
|
||||||
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
|
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
|
||||||
- chmod 755 $SCRIPT_NAME
|
- chmod 755 $(basename $SCRIPT_NAME)
|
||||||
|
|
||||||
.rake-exec: &rake-exec
|
.rake-exec: &rake-exec
|
||||||
<<: *dedicated-no-docs-no-db-pull-cache-job
|
<<: *dedicated-no-docs-no-db-pull-cache-job
|
||||||
|
@ -929,3 +929,94 @@ no_ee_check:
|
||||||
- scripts/no-ee-check
|
- scripts/no-ee-check
|
||||||
only:
|
only:
|
||||||
- //@gitlab-org/gitlab-ce
|
- //@gitlab-org/gitlab-ce
|
||||||
|
|
||||||
|
# GitLab Review apps
|
||||||
|
review:
|
||||||
|
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
|
||||||
|
stage: test
|
||||||
|
allow_failure: true
|
||||||
|
before_script:
|
||||||
|
- gem install gitlab --no-document
|
||||||
|
variables:
|
||||||
|
GIT_DEPTH: "1"
|
||||||
|
HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG"
|
||||||
|
DOMAIN: "-$CI_ENVIRONMENT_SLUG.$REVIEW_APPS_DOMAIN"
|
||||||
|
GITLAB_HELM_CHART_REF: "master"
|
||||||
|
script:
|
||||||
|
- export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
|
||||||
|
- export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
|
||||||
|
- export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
|
||||||
|
- source ./scripts/review_apps/review-apps.sh
|
||||||
|
- BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
|
||||||
|
- check_kube_domain
|
||||||
|
- download_gitlab_chart
|
||||||
|
- ensure_namespace
|
||||||
|
- install_tiller
|
||||||
|
- create_secret
|
||||||
|
- install_external_dns
|
||||||
|
- deploy
|
||||||
|
environment:
|
||||||
|
name: review/$CI_COMMIT_REF_NAME
|
||||||
|
url: https://gitlab-$CI_ENVIRONMENT_SLUG.$REVIEW_APPS_DOMAIN
|
||||||
|
on_stop: stop_review
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- branches@gitlab-org/gitlab-ce
|
||||||
|
- branches@gitlab-org/gitlab-ee
|
||||||
|
kubernetes: active
|
||||||
|
except:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
- /(^docs[\/-].*|.*-docs$)/
|
||||||
|
|
||||||
|
stop_review:
|
||||||
|
<<: *single-script-job
|
||||||
|
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
|
||||||
|
stage: test
|
||||||
|
allow_failure: true
|
||||||
|
cache: {}
|
||||||
|
dependencies: []
|
||||||
|
variables:
|
||||||
|
SCRIPT_NAME: "review_apps/review-apps.sh"
|
||||||
|
script:
|
||||||
|
- source $(basename "${SCRIPT_NAME}")
|
||||||
|
- delete
|
||||||
|
- cleanup
|
||||||
|
when: manual
|
||||||
|
environment:
|
||||||
|
name: review/$CI_COMMIT_REF_NAME
|
||||||
|
action: stop
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- branches@gitlab-org/gitlab-ce
|
||||||
|
- branches@gitlab-org/gitlab-ee
|
||||||
|
kubernetes: active
|
||||||
|
except:
|
||||||
|
- master
|
||||||
|
- /(^docs[\/-].*|.*-docs$)/
|
||||||
|
|
||||||
|
schedule:review_apps_cleanup:
|
||||||
|
<<: *dedicated-no-docs-pull-cache-job
|
||||||
|
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
|
||||||
|
stage: build
|
||||||
|
allow_failure: true
|
||||||
|
cache: {}
|
||||||
|
dependencies: []
|
||||||
|
before_script:
|
||||||
|
- gem install gitlab --no-document
|
||||||
|
variables:
|
||||||
|
GIT_DEPTH: "1"
|
||||||
|
script:
|
||||||
|
- ruby -rrubygems scripts/review_apps/automated_cleanup.rb
|
||||||
|
environment:
|
||||||
|
name: review/auto-cleanup
|
||||||
|
action: stop
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- schedules@gitlab-org/gitlab-ce
|
||||||
|
- schedules@gitlab-org/gitlab-ee
|
||||||
|
kubernetes: active
|
||||||
|
except:
|
||||||
|
- master
|
||||||
|
- tags
|
||||||
|
- /(^docs[\/-].*|.*-docs$)/
|
||||||
|
|
|
@ -47,15 +47,23 @@ function create_secret() {
|
||||||
--dry-run -o json | kubectl apply -f -
|
--dry-run -o json | kubectl apply -f -
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function deployExists() {
|
||||||
|
local namespace="${1}"
|
||||||
|
local deploy="${2}"
|
||||||
|
helm status --tiller-namespace "${namespace}" "${deploy}" >/dev/null 2>&1
|
||||||
|
return $?
|
||||||
|
}
|
||||||
|
|
||||||
function previousDeployFailed() {
|
function previousDeployFailed() {
|
||||||
set +e
|
set +e
|
||||||
echo "Checking for previous deployment of $CI_ENVIRONMENT_SLUG"
|
deploy="${1}"
|
||||||
deployment_status=$(helm status $CI_ENVIRONMENT_SLUG >/dev/null 2>&1)
|
echo "Checking for previous deployment of ${deploy}"
|
||||||
|
deployment_status=$(helm status ${deploy} >/dev/null 2>&1)
|
||||||
status=$?
|
status=$?
|
||||||
# if `status` is `0`, deployment exists, has a status
|
# if `status` is `0`, deployment exists, has a status
|
||||||
if [ $status -eq 0 ]; then
|
if [ $status -eq 0 ]; then
|
||||||
echo "Previous deployment found, checking status"
|
echo "Previous deployment found, checking status"
|
||||||
deployment_status=$(helm status $CI_ENVIRONMENT_SLUG | grep ^STATUS | cut -d' ' -f2)
|
deployment_status=$(helm status ${deploy} | grep ^STATUS | cut -d' ' -f2)
|
||||||
echo "Previous deployment state: $deployment_status"
|
echo "Previous deployment state: $deployment_status"
|
||||||
if [[ "$deployment_status" == "FAILED" || "$deployment_status" == "PENDING_UPGRADE" || "$deployment_status" == "PENDING_INSTALL" ]]; then
|
if [[ "$deployment_status" == "FAILED" || "$deployment_status" == "PENDING_UPGRADE" || "$deployment_status" == "PENDING_INSTALL" ]]; then
|
||||||
status=0;
|
status=0;
|
||||||
|
@ -113,7 +121,7 @@ function deploy() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
|
# Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
|
||||||
if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed ; then
|
if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed "$CI_ENVIRONMENT_SLUG" ; then
|
||||||
echo "Deployment in bad state, cleaning up $CI_ENVIRONMENT_SLUG"
|
echo "Deployment in bad state, cleaning up $CI_ENVIRONMENT_SLUG"
|
||||||
delete
|
delete
|
||||||
cleanup
|
cleanup
|
||||||
|
@ -149,6 +157,7 @@ HELM_CMD=$(cat << EOF
|
||||||
--set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
|
--set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
|
||||||
--set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
|
--set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
|
||||||
--set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_NAME" \
|
--set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_NAME" \
|
||||||
|
--set nginx-ingress.controller.config.ssl-ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" \
|
||||||
--namespace="$KUBE_NAMESPACE" \
|
--namespace="$KUBE_NAMESPACE" \
|
||||||
--version="$CI_PIPELINE_ID-$CI_JOB_ID" \
|
--version="$CI_PIPELINE_ID-$CI_JOB_ID" \
|
||||||
"$name" \
|
"$name" \
|
||||||
|
@ -182,3 +191,23 @@ function cleanup() {
|
||||||
| xargs kubectl -n "$KUBE_NAMESPACE" delete \
|
| xargs kubectl -n "$KUBE_NAMESPACE" delete \
|
||||||
|| true
|
|| true
|
||||||
}
|
}
|
||||||
|
|
||||||
|
function install_external_dns() {
|
||||||
|
local release_name="dns-gitlab-review-app"
|
||||||
|
local domain=$(echo "${REVIEW_APPS_DOMAIN}" | awk -F. '{printf "%s.%s", $(NF-1), $NF}')
|
||||||
|
|
||||||
|
if ! deployExists "${KUBE_NAMESPACE}" "${release_name}" || previousDeployFailed "${release_name}" ; then
|
||||||
|
echo "Installing external-dns helm chart"
|
||||||
|
helm repo update
|
||||||
|
helm install stable/external-dns \
|
||||||
|
-n "${release_name}" \
|
||||||
|
--namespace "${KUBE_NAMESPACE}" \
|
||||||
|
--set provider="aws" \
|
||||||
|
--set aws.secretKey="${REVIEW_APPS_AWS_SECRET_KEY}" \
|
||||||
|
--set aws.accessKey="${REVIEW_APPS_AWS_ACCESS_KEY}" \
|
||||||
|
--set aws.zoneType="public" \
|
||||||
|
--set domainFilters[0]="${domain}" \
|
||||||
|
--set txtOwnerId="${KUBE_NAMESPACE}" \
|
||||||
|
--set rbac.create="true"
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
Loading…
Reference in New Issue