Commit c0c21960 authored by Fabio Busatto's avatar Fabio Busatto

Vendor Auto-DevOps.gitlab-ci.yml

parent cb7a6d34
...@@ -88,6 +88,14 @@ codequality: ...@@ -88,6 +88,14 @@ codequality:
artifacts: artifacts:
paths: [codeclimate.json] paths: [codeclimate.json]
license_management:
image: registry.gitlab.com/gitlab-org/security-products/license-management:latest
allow_failure: true
script:
- license_management
artifacts:
paths: [gl-license-report.json]
performance: performance:
stage: performance stage: performance
image: docker:stable image: docker:stable
...@@ -133,6 +141,7 @@ dependency_scanning: ...@@ -133,6 +141,7 @@ dependency_scanning:
- dependency_scanning - dependency_scanning
artifacts: artifacts:
paths: [gl-dependency-scanning-report.json] paths: [gl-dependency-scanning-report.json]
sast:container: sast:container:
image: docker:stable image: docker:stable
variables: variables:
...@@ -217,7 +226,7 @@ stop_review: ...@@ -217,7 +226,7 @@ stop_review:
# only manually promote to production, enable this job by removing the dot (.), # only manually promote to production, enable this job by removing the dot (.),
# and uncomment the `when: manual` line in the `production` job. # and uncomment the `when: manual` line in the `production` job.
.staging: staging:
stage: staging stage: staging
script: script:
- check_kube_domain - check_kube_domain
...@@ -234,6 +243,11 @@ stop_review: ...@@ -234,6 +243,11 @@ stop_review:
refs: refs:
- master - master
kubernetes: active kubernetes: active
variables:
- $STAGING_ENABLED
except:
variables:
- $INCREMENTAL_ROLLOUT_ENABLED
# Canaries are disabled by default, but if you want them, # Canaries are disabled by default, but if you want them,
# and know what the downsides are, enable this job by removing the dot (.), # and know what the downsides are, enable this job by removing the dot (.),
...@@ -263,7 +277,7 @@ stop_review: ...@@ -263,7 +277,7 @@ stop_review:
# or `canary` deploys, or you simply want more control over when you deploy # or `canary` deploys, or you simply want more control over when you deploy
# to production, uncomment the `when: manual` line in the `production` job. # to production, uncomment the `when: manual` line in the `production` job.
production: .production: &production_template
stage: production stage: production
script: script:
- check_kube_domain - check_kube_domain
...@@ -274,17 +288,103 @@ production: ...@@ -274,17 +288,103 @@ production:
- create_secret - create_secret
- deploy - deploy
- delete canary - delete canary
- delete rollout
- persist_environment_url - persist_environment_url
environment: environment:
name: production name: production
url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
artifacts: artifacts:
paths: [environment_url.txt] paths: [environment_url.txt]
# when: manual
production:
<<: *production_template
only:
refs:
- master
kubernetes: active
except:
variables:
- $STAGING_ENABLED
- $INCREMENTAL_ROLLOUT_ENABLED
production_manual:
<<: *production_template
when: manual
only:
refs:
- master
kubernetes: active
variables:
- $STAGING_ENABLED
except:
variables:
- $INCREMENTAL_ROLLOUT_ENABLED
# This job implements incremental rollout on for every push to `master`.
.rollout: &rollout_template
stage: production
script:
- check_kube_domain
- install_dependencies
- download_chart
- ensure_namespace
- install_tiller
- create_secret
- deploy rollout $ROLLOUT_PERCENTAGE
- scale stable $((100-ROLLOUT_PERCENTAGE))
- delete canary
- persist_environment_url
environment:
name: production
url: http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
artifacts:
paths: [environment_url.txt]
rollout 10%:
<<: *rollout_template
variables:
ROLLOUT_PERCENTAGE: 10
only:
refs:
- master
kubernetes: active
variables:
- $INCREMENTAL_ROLLOUT_ENABLED
rollout 25%:
<<: *rollout_template
variables:
ROLLOUT_PERCENTAGE: 25
when: manual
only:
refs:
- master
kubernetes: active
variables:
- $INCREMENTAL_ROLLOUT_ENABLED
rollout 50%:
<<: *rollout_template
variables:
ROLLOUT_PERCENTAGE: 50
when: manual
only: only:
refs: refs:
- master - master
kubernetes: active kubernetes: active
variables:
- $INCREMENTAL_ROLLOUT_ENABLED
rollout 100%:
<<: *production_template
when: manual
only:
refs:
- master
kubernetes: active
variables:
- $INCREMENTAL_ROLLOUT_ENABLED
# --------------------------------------------------------------------------- # ---------------------------------------------------------------------------
...@@ -308,7 +408,7 @@ production: ...@@ -308,7 +408,7 @@ production:
fi fi
docker run -d --name db arminc/clair-db:latest docker run -d --name db arminc/clair-db:latest
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.0.1
apk add -U wget ca-certificates apk add -U wget ca-certificates
docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG} docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
...@@ -328,6 +428,14 @@ production: ...@@ -328,6 +428,14 @@ production:
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code "registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
} }
function license_management() {
if echo $GITLAB_FEATURES |grep license_management > /dev/null ; then
/run.sh .
else
echo "License management is not available in your subscription"
fi
}
function sast() { function sast() {
case "$CI_SERVER_VERSION" in case "$CI_SERVER_VERSION" in
*-ee) *-ee)
...@@ -363,30 +471,19 @@ production: ...@@ -363,30 +471,19 @@ production:
esac esac
} }
function deploy() { function get_replicas() {
track="${1-stable}" track="${1:-stable}"
name="$CI_ENVIRONMENT_SLUG" percentage="${2:-100}"
if [[ "$track" != "stable" ]]; then
name="$name-$track"
fi
replicas="1"
service_enabled="false"
postgres_enabled="$POSTGRES_ENABLED"
# canary uses stable db
[[ "$track" == "canary" ]] && postgres_enabled="false"
env_track=$( echo $track | tr -s '[:lower:]' '[:upper:]' ) env_track=$( echo $track | tr -s '[:lower:]' '[:upper:]' )
env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s '[:lower:]' '[:upper:]' ) env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s '[:lower:]' '[:upper:]' )
if [[ "$track" == "stable" ]]; then if [[ "$track" == "stable" ]] || [[ "$track" == "rollout" ]]; then
# for stable track get number of replicas from `PRODUCTION_REPLICAS` # for stable track get number of replicas from `PRODUCTION_REPLICAS`
eval new_replicas=\$${env_slug}_REPLICAS eval new_replicas=\$${env_slug}_REPLICAS
if [[ -z "$new_replicas" ]]; then if [[ -z "$new_replicas" ]]; then
new_replicas=$REPLICAS new_replicas=$REPLICAS
fi fi
service_enabled="true"
else else
# for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS` # for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS`
eval new_replicas=\$${env_track}_${env_slug}_REPLICAS eval new_replicas=\$${env_track}_${env_slug}_REPLICAS
...@@ -394,9 +491,36 @@ production: ...@@ -394,9 +491,36 @@ production:
eval new_replicas=\${env_track}_REPLICAS eval new_replicas=\${env_track}_REPLICAS
fi fi
fi fi
if [[ -n "$new_replicas" ]]; then
replicas="$new_replicas" replicas="${new_replicas:-1}"
replicas="$(($replicas * $percentage / 100))"
# always return at least one replicas
if [[ $replicas -gt 0 ]]; then
echo "$replicas"
else
echo 1
fi fi
}
function deploy() {
track="${1-stable}"
percentage="${2:-100}"
name="$CI_ENVIRONMENT_SLUG"
replicas="1"
service_enabled="true"
postgres_enabled="$POSTGRES_ENABLED"
# if track is different than stable,
# re-use all attached resources
if [[ "$track" != "stable" ]]; then
name="$name-$track"
service_enabled="false"
postgres_enabled="false"
fi
replicas=$(get_replicas "$track" "$percentage")
if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
secret_name='gitlab-registry' secret_name='gitlab-registry'
...@@ -427,6 +551,25 @@ production: ...@@ -427,6 +551,25 @@ production:
chart/ chart/
} }
function scale() {
track="${1-stable}"
percentage="${2-100}"
name="$CI_ENVIRONMENT_SLUG"
if [[ "$track" != "stable" ]]; then
name="$name-$track"
fi
replicas=$(get_replicas "$track" "$percentage")
helm upgrade --reuse-values \
--wait \
--set replicaCount="$replicas" \
--namespace="$KUBE_NAMESPACE" \
"$name" \
chart/
}
function install_dependencies() { function install_dependencies() {
apk add -U openssl curl tar gzip bash ca-certificates git apk add -U openssl curl tar gzip bash ca-certificates git
wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
...@@ -548,8 +691,8 @@ production: ...@@ -548,8 +691,8 @@ production:
kubectl create secret -n "$KUBE_NAMESPACE" \ kubectl create secret -n "$KUBE_NAMESPACE" \
docker-registry gitlab-registry \ docker-registry gitlab-registry \
--docker-server="$CI_REGISTRY" \ --docker-server="$CI_REGISTRY" \
--docker-username="$CI_REGISTRY_USER" \ --docker-username="${CI_DEPLOY_USER:-$CI_REGISTRY_USER}" \
--docker-password="$CI_REGISTRY_PASSWORD" \ --docker-password="${CI_DEPLOY_PASSWORD:-$CI_REGISTRY_PASSWORD}" \
--docker-email="$GITLAB_USER_EMAIL" \ --docker-email="$GITLAB_USER_EMAIL" \
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f - -o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
} }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment