Select Git revision
.gitlab-ci.yml
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
.gitlab-ci.yml 6.33 KiB
stages:
- test
- build
- integration
- deploy_to_test
- deploy_to_production
workflow:
rules:
# don't create a pipeline if its a commit pipeline, on a branch and that branch has open merge requests.
- if: $CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS
when: never
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
variables:
DOCKER_IMAGE_TAG: "latest"
- if: $CI_COMMIT_REF_NAME != $CI_DEFAULT_BRANCH
variables:
DOCKER_IMAGE_TAG: "$CI_COMMIT_REF_SLUG"
test-code:
image: python:3.10
stage: test
services:
- postgres:11.0
variables:
POSTGRES_DB: ldv-spec-db
POSTGRES_USER: postgres
POSTGRES_PASSWORD: "atdb123"
script:
- cd ldvspec
- pip install -r requirements/dev.txt
- python manage.py migrate --settings ldvspec.settings.ci
- python manage.py test --settings ldvspec.settings.ci
docker-build:
image: docker:20-cli
stage: build
services:
- docker:dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- HASH=$(sha256sum ldvspec/Dockerfile.base | awk '{ print $1 }')
- >
if docker manifest inspect $CI_REGISTRY_IMAGE/base:$HASH > /dev/null; then
echo "Base image exists"
else
docker build -t "$CI_REGISTRY_IMAGE/base:$HASH" -f ldvspec/Dockerfile.base ldvspec
docker push "$CI_REGISTRY_IMAGE/base:$HASH"
fi
- echo "Build using $CI_REGISTRY_IMAGE/base:$HASH"
# Try pulling the existing image for layer reuse; || true to ignore if it does not exist
#- docker build --cache-from $CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG --build-arg BASE_IMAGE="$CI_REGISTRY_IMAGE/base:$HASH" --pull -t "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG" ldvspec
- docker build --pull -t "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG" ldvspec
- docker push "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG"
integration-test:
image: docker:20-cli
services:
- docker:20-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
stage: integration
tags:
- "sdc-dev"
script:
- cd integration
# TODO: cache the integration image
- docker compose build
- docker compose up -d atdb-backend ldv-specification-backend - docker compose run integration
allow_failure: false
rules:
- when: on_success
# deploy test/dev version on 'sdc-dev.astron.nl'
docker-deploy-main-test:
stage: deploy_to_test
tags:
- "sdc-dev"
environment:
name: test
url: https://sdc-dev.astron.nl/ldvspec/
before_script:
##
## Install ssh-agent if not already installed, it is required by Docker.
## (change apt-get to yum if you use an RPM-based image)
##
- 'command -v ssh-agent >/dev/null || ( apt-get update && apt-get install openssh-client rsync )'
##
## Run ssh-agent (inside the build environment)
##
- eval $(ssh-agent -s)
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
##
## Create the SSH directory and give it the right permissions
##
- echo "$SSH_PRIVATE_KEY_USER_SDC" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan dop814.astron.nl >> ~/.ssh/known_hosts
- ssh-keyscan sdc-dev.astron.nl >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
## deploy the docker-compose file and use it to spin up the containers
- scp -O -o StrictHostKeyChecking=no ldvspec/docker/docker-compose-dev-cd.yml sdc@dop814.astron.nl:/docker_compose/ldvspec/docker-compose-dev-cd.yml
- ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY"
- ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "docker pull "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG""
- ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "docker-compose -p ldvspec -f /docker_compose/ldvspec/docker-compose-dev-cd.yml up -d --force-recreate"
- ssh -o StrictHostKeyChecking=no sdc@dop814.astron.nl "docker exec ldv-specification manage.py prefill_cache"
- echo "Application deployed"
when: manual
only:
- main
docker-deploy-main-production:
# image: docker:latest
stage: deploy_to_production
environment:
name: production
url: https://sdc.astron.nl/ldvspec/
tags:
- "sdc-dev"
before_script:
##
## Install ssh-agent if not already installed, it is required by Docker.
## (change apt-get to yum if you use an RPM-based image)
##
- 'command -v ssh-agent >/dev/null || ( apt-get update && apt-get install openssh-client rsync )'
##
## Run ssh-agent (inside the build environment)
##
- eval $(ssh-agent -s)
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store ## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
##
## Create the SSH directory and give it the right permissions
##
- echo "$SSH_PRIVATE_KEY_USER_SDC" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan dop821.astron.nl >> ~/.ssh/known_hosts
- ssh-keyscan sdc.astron.nl >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
## deploy the docker-compose file and use it to spin up the containers
- scp -O -o StrictHostKeyChecking=no ldvspec/docker/docker-compose-production-cd.yml sdco@dop821.astron.nl:/opt/dockercompose/ldvspec/docker-compose-production-cd.yml
- ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "echo $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY"
- ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker pull "$CI_REGISTRY_IMAGE:$DOCKER_IMAGE_TAG""
- ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker-compose -p ldvspec -f /opt/dockercompose/ldvspec/docker-compose-production-cd.yml up -d --force-recreate"
- ssh -o StrictHostKeyChecking=no sdco@dop821.astron.nl "docker exec ldv-specification manage.py prefill_cache"
- echo "Application deployed"
when: manual
only:
- main