Skip to content
Snippets Groups Projects
.gitlab-ci.yml 6.74 KiB
Newer Older
Nico Vermaas's avatar
Nico Vermaas committed
stages:
Mattia Mancini's avatar
Mattia Mancini committed
  - test
Nico Vermaas's avatar
Nico Vermaas committed
  - build
  - integration
Nico Vermaas's avatar
Nico Vermaas committed
  - deploy_to_test
  - deploy_to_production

Mattia Mancini's avatar
Mattia Mancini committed
workflow:
  rules:
    # don't create a pipeline if its a commit pipeline, on a branch and that branch has open merge requests.
    - if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
      when: never
Mattia Mancini's avatar
Mattia Mancini committed
    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
      variables:
        DOCKER_IMAGE_TAG: "latest"
Mattia Mancini's avatar
Mattia Mancini committed
    - if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
      variables:
        DOCKER_IMAGE_TAG: "$CI_COMMIT_REF_SLUG"
Mattia Mancini's avatar
Mattia Mancini committed

test-code:
  image: python:3.10
  stage: test
  services:
Mattia Mancini's avatar
Mattia Mancini committed
  variables:
    POSTGRES_DB: ldv-spec-db
    POSTGRES_USER: postgres
    POSTGRES_PASSWORD: "atdb123"
  script:
    - cd ldvspec
    - pip install -r requirements/dev.txt
    - python manage.py migrate --settings ldvspec.settings.ci
    - python manage.py test --settings ldvspec.settings.ci

docker-build:
  image: docker:20-cli
Nico Vermaas's avatar
Nico Vermaas committed
  stage: build
  services:
    - docker:dind
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  script:
Klaas Kliffen's avatar
Klaas Kliffen committed
    - HASH=$(sha256sum ldvspec/Dockerfile.base | awk '{ print $1 }')
    - >
      if docker manifest inspect $CI_REGISTRY_IMAGE/base:$HASH > /dev/null; then
        echo "Base image exists"
      else
        docker build -t "$CI_REGISTRY_IMAGE/base:$HASH" -f ldvspec/Dockerfile.base ldvspec
        docker push "$CI_REGISTRY_IMAGE/base:$HASH"
      fi
    - echo "Build using $CI_REGISTRY_IMAGE/base:$HASH"
    # Try pulling the existing image for layer reuse; || true to ignore if it does not exist
    #- docker build --cache-from $CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG --build-arg BASE_IMAGE="$CI_REGISTRY_IMAGE/base:$HASH" --pull -t "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG" ldvspec
    - docker build --pull -t "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG" ldvspec
    - docker push "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG"
Nico Vermaas's avatar
Nico Vermaas committed

integration-test:
  image: docker:20-cli
  services:
    - docker:20-dind
  before_script:
    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
  stage: integration
  script:
    - cd integration
    # TODO: cache the integration image
    - docker compose build
Fanna Lautenbach's avatar
Fanna Lautenbach committed
    - docker compose up -d atdb-backend ldv-specification-backend
    - docker compose run integration
  artifacts:
    paths:
      - /workdir/output.xml
      - /workdir/log.html
      - /workdir/report.html
    expire_in: 1 week
Klaas Kliffen's avatar
Klaas Kliffen committed
  rules:
Nico Vermaas's avatar
Nico Vermaas committed
# deploy test/dev version on 'sdc-dev.astron.nl'
docker-deploy-main-test:
Nico Vermaas's avatar
Nico Vermaas committed
  stage: deploy_to_test
Klaas Kliffen's avatar
Klaas Kliffen committed
  tags:
    - "sdc-dev"
Mattia Mancini's avatar
Mattia Mancini committed
  environment:
    name: test
    url: https://sdc-dev.astron.nl/ldvspec/
Nico Vermaas's avatar
Nico Vermaas committed
  before_script:
Nico Vermaas's avatar
Nico Vermaas committed
    ##
    ## Install ssh-agent if not already installed, it is required by Docker.
    ## (change apt-get to yum if you use an RPM-based image)
    ##
    - 'command -v ssh-agent >/dev/null || ( apt-get update && apt-get install openssh-client rsync )'
Nico Vermaas's avatar
Nico Vermaas committed
    ##
    ## Run ssh-agent (inside the build environment)
    ##
Nico Vermaas's avatar
Nico Vermaas committed
    - eval $(ssh-agent -s)
Nico Vermaas's avatar
Nico Vermaas committed
    ##
    ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    ## We're using tr to fix line endings which makes ed25519 keys work
    ## without extra base64 encoding.
    ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
    ##
    ##
    ## Create the SSH directory and give it the right permissions
    ##
Nico Vermaas's avatar
Nico Vermaas committed
    - echo "$SSH_PRIVATE_KEY_USER_SDC" | tr -d '\r' | ssh-add -
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan dop814.astron.nl >> ~/.ssh/known_hosts
    - ssh-keyscan sdc-dev.astron.nl >> ~/.ssh/known_hosts
    - chmod 644 ~/.ssh/known_hosts
  script:
    ## deploy the docker-compose file and use it to spin up the containers
    - scp -O -o StrictHostKeyChecking=no ldvspec/docker/docker-compose-dev-cd.yml sdc@dop814.astron.nl:/docker_compose/ldvspec/docker-compose-dev-cd.yml
    - scp -O -o StrictHostKeyChecking=no ldvspec/docker/resources/prometheus-dev.yml sdc@dop814.astron.nl:/docker_compose/ldvspec/prometheus-dev.yml
    - ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY"
Klaas Kliffen's avatar
Klaas Kliffen committed
    - ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "docker pull "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG""
    - ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "docker-compose -p ldvspec -f /docker_compose/ldvspec/docker-compose-dev-cd.yml up -d --force-recreate"
Robbie Luijben's avatar
Robbie Luijben committed
    - ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "docker exec ldv-specification python manage.py prefill_cache"
    - echo "Application deployed"
Nico Vermaas's avatar
Nico Vermaas committed
  when: manual

docker-deploy-main-production:
Mattia Mancini's avatar
Mattia Mancini committed
  #  image: docker:latest
Nico Vermaas's avatar
Nico Vermaas committed
  stage: deploy_to_production
Mattia Mancini's avatar
Mattia Mancini committed
  environment:
    name: production
    url: https://sdc.astron.nl/ldvspec/
Klaas Kliffen's avatar
Klaas Kliffen committed
  tags:
    - "sdc-dev"
Nico Vermaas's avatar
Nico Vermaas committed
  before_script:
    ##
    ## Install ssh-agent if not already installed, it is required by Docker.
    ## (change apt-get to yum if you use an RPM-based image)
    ##
    - 'command -v ssh-agent >/dev/null || ( apt-get update && apt-get install openssh-client rsync )'
    ##
    ## Run ssh-agent (inside the build environment)
    ##
Nico Vermaas's avatar
Nico Vermaas committed
    - eval $(ssh-agent -s)
    ##
    ## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
    ## We're using tr to fix line endings which makes ed25519 keys work
    ## without extra base64 encoding.
    ## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
    ##
    ##
    ## Create the SSH directory and give it the right permissions
    ##
    - echo "$SSH_PRIVATE_KEY_USER_SDC" | tr -d '\r' | ssh-add -
Nico Vermaas's avatar
Nico Vermaas committed
    - mkdir -p ~/.ssh
    - chmod 700 ~/.ssh
    - ssh-keyscan dop821.astron.nl >> ~/.ssh/known_hosts
    - ssh-keyscan sdc.astron.nl >> ~/.ssh/known_hosts
Nico Vermaas's avatar
Nico Vermaas committed
    - chmod 644 ~/.ssh/known_hosts
  script:
    ## deploy the docker-compose file and use it to spin up the containers
    - scp -O -o StrictHostKeyChecking=no ldvspec/docker/docker-compose-production-cd.yml sdco@dop821.astron.nl:/opt/dockercompose/ldvspec/docker-compose-production-cd.yml
    - scp -O -o StrictHostKeyChecking=no ldvspec/docker/resources/prometheus-prod.yml sdc@dop814.astron.nl:/docker_compose/ldvspec/prometheus-prod.yml
    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY"
    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker pull "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG""
Klaas Kliffen's avatar
Klaas Kliffen committed
    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker-compose -p ldvspec -f /opt/dockercompose/ldvspec/docker-compose-production-cd.yml up -d --force-recreate"
Robbie Luijben's avatar
Robbie Luijben committed
    - ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker exec ldv-specification python manage.py prefill_cache"
    - echo "Application deployed"
Nico Vermaas's avatar
Nico Vermaas committed
  when: manual
  only:
    - main