.gitlab-ci.yml
image: ruby:2.5-slim
stages:
- Lint Test
- Test
- Security Test
- Build
- Docker Build
- Smoke Tests
- Merge/Tag
- Deploy
variables:
DOCKER_DRIVER: overlay
AWS_REGION: us-east-1
CHEF_LICENSE: "accept"
.Rubocop:
stage: Lint Test
image: chef/chefdk:4.5
script:
- rubocop modules/
- rubocop bin/
allow_failure: true
except:
variables:
- $IMAGE_BUILD
.Cookstyle:
stage: Lint Test
image: chef/chefdk:4.5
script:
- cookstyle cookbooks/
allow_failure: true
except:
variables:
- $IMAGE_BUILD
Foodcritic:
stage: Lint Test
image: chef/chefdk:4.5
script:
- foodcritic cookbooks/ -t ~FC075 -t ~FC015 -t ~FC034 -t ~FC122 -X firewall/*
except:
variables:
- $IMAGE_BUILD
Foodcritic Deprecations:
stage: Lint Test
image: chef/chefdk:4.5
script:
- foodcritic cookbooks/ -t deprecated -t chef13 -t chef14 -t chef15 -X cokbooks/firewall/*
except:
variables:
- $IMAGE_BUILD
ChefSpec:
stage: Test
image: chef/chefdk:4.5
script:
- for d in ./cookbooks/*/ ; do (cd "$d" && chef exec rspec); done
allow_failure: true
except:
variables:
- $IMAGE_BUILD
.Rspec:
stage: Test
before_script:
- cat spec/azure_creds | sed -e "s/__AZURE_CLIENT_ID__/${AZURE_CLIENT_ID}/" > spec/azure_creds.tmp
- cp spec/azure_creds.tmp spec/azure_creds
- cat spec/azure_creds | sed -e "s/__AZURE_CLIENT_SECRET__/${AZURE_CLIENT_SECRET}/" > spec/azure_creds.tmp
- cp spec/azure_creds.tmp spec/azure_creds
- cat spec/mu.yaml | sed -e "s/__AZURE_DIRECTORY_ID__/${AZURE_CLIENT_SECRET}/" > spec/mu.yaml.tmp
- cp spec/mu.yaml.tmp spec/mu.yaml
- cat spec/mu.yaml | sed -e "s/__AZURE_CLIENT_SECRET__/${AZURE_CLIENT_SECRET}/" > spec/mu.yaml.tmp
- cp spec/mu.yaml.tmp spec/mu.yaml
script:
- cd modules
- bundle install
- gem install rspec simplecov simplecov-console
- cd ../
- rspec
after_script:
- shred -u spec/azure_creds
- shred -u spec/azure_creds.tmp
- shred -u spec/mu.yaml
- shred -u spec/mu.yaml.tmp
allow_failure: true
except:
variables:
- $IMAGE_BUILD
New_Berks:
stage: Test
image: chef/chefdk:4.5
script:
- apt-get -qq update
- apt-get -qq install git -y
- for d in `ls -1 ./cookbooks | grep -v '^firewall$'` ; do (echo && echo "Installing $d" && cd "cookbooks/$d" && berks install); done
- for d in `ls -1 ./cookbooks | grep -v '^firewall$'` ; do (echo && echo "Verifying $d" && cd "cookbooks/$d" && berks verify); done
- for d in `ls -1 ./cookbooks | grep -v '^firewall$'` ; do (echo && echo "Analyzing $d" && cd "cookbooks/$d" && berks outdated); done
except:
variables:
- $IMAGE_BUILD
Berks:
stage: Test
image: chef/chefdk:4.5
script:
- apt-get -qq update
- apt-get -qq install git -y
- rm -rf Berksfile.lock
- berks install
- berks verify
- berks outdated
except:
variables:
- $IMAGE_BUILD
Gem Build:
stage: Build
script:
- gem build cloud-mu.gemspec
artifacts:
paths:
- cloud-mu-*.gem
except:
variables:
- $IMAGE_BUILD
Docker Build:
stage: Docker Build
image: docker:stable
services:
- docker:19.03.5-dind
dependencies:
- Gem Build
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
# - IMGS="`docker images -a --filter=dangling=true -q`"
# - test "$IMGS" != "" && docker rmi $(docker images -a --filter=dangling=true -q)
# - PROCS="`docker ps --filter=status=exited --filter=status=created -q`"
# - test "$PROCS" != "" && docker rm $(docker ps --filter=status=exited --filter=status=created -q)
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME || true
- export MU_VERSION=$(grep '\.version' cloud-mu.gemspec | grep -o "'[^']*'" | tr -d "\'")
- export OS=$(grep 'FROM' Dockerfile | grep -o " [a-zA-Z0-9:]*" | tr -d " " | tr ":" "-")
script:
- docker build --cache-from $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME -t mu .
- docker run mu mu-configure --help
- docker tag mu $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
only:
- master
- development
- /^gem-.*$/
- /^cicd-.*$/
- /^docker-.*$/
- /^hotfix-.*$/
except:
variables:
- $IMAGE_BUILD
tags:
- docker
retry: 2
Parser Test With Gem:
stage: Smoke Tests
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
before_script:
- apt-get -qq update
- myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
- mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address=$myip --google-region=us-east4 --aws-region=us-east-1 --azure-region=eastus
script:
- apt-get -qq install git libyajl-dev libffi-dev libyajl2 -y
- mu-run-tests
only:
- master
- development
- /^gem-.*$/
- /^cicd-.*$/
- /^hotfix-.*$/
except:
variables:
- $IMAGE_BUILD
.Mu Install:
stage: Smoke Tests
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
before_script:
- myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
- mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address=$myip --google-region=us-east4 --aws-region=us-east-1 --azure-region=eastus
script:
- for cloud in AWS Azure Google; do mu-deploy install/mu-master.yaml -p name=$cloud-MU-$CI_COMMIT_SHORT_SHA -p cloud=$cloud; done
only:
- master
- development
- gem-mess_with_test_kitchen
artifacts:
paths:
- /tmp/ssh_debug
Test Kitchen:
stage: Smoke Tests
image: chef/chefdk::4.5
before_script:
- echo "export MU_BRANCH=$(CI_COMMIT_REF_NAME)" > ./kitchen_vars
script:
- kitchen test mu-install-aws-amazon2 mu-install-aws-centos-7 -c 5
after_script:
- kitchen destroy
only:
- master
- development
- /^hotfix-.*$/
when: manual
Smoke Test:
stage: Smoke Tests
before_script:
- apt-get -qq update
- apt-get -qq -y install dnsutils
- myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
- mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address=$myip --google-region=us-east4 --aws-region=us-east-1 --azure-region=eastus
script:
- mu-upload-chef-artifacts -sn
- mu-deploy /opt/mu/var/demo_platform/applications/gitlab-server.yml -p vpc_id=vpc-040da43493f894a8d
tags:
- mu-master
only:
- master
- development
- /^hotfix-.*$/
when: manual
except:
variables:
- $IMAGE_BUILD
Gen Docs:
stage: Merge/Tag
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
before_script:
- mkdir public/
- mkdir -p /var/www/html/docs
- myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
- mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address="${myip}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --google-region=us-east4 --google-project="egt-labs-admin" --aws-region=us-east-1 --azure-region=eastus
script:
- mu-gen-docs
- mv -f /var/www/html/docs/* public/
only:
- master
- development
- gen_docs
- /^hotfix-.*$/
retry: 2
artifacts:
paths:
- public/
except:
variables:
- $IMAGE_BUILD
DockerHub Upload:
stage: Deploy
services:
- docker:19.03.5-dind
image: docker:stable
when: on_success
before_script:
- export MU_VERSION=$(grep '\.version' cloud-mu.gemspec | grep -o "'[^']*'" | tr -d "\'")
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME mu
- docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_PWD
script:
- docker tag mu egtlabs/mu:$MU_VERSION
- docker tag mu egtlabs/mu:latest
- docker tag mu egtlabs/mu:development
- docker push egtlabs/mu:$MU_VERSION
- if [ $CI_COMMIT_REF_NAME == "master" ]; then docker push egtlabs/mu:latest; fi
- if [ $CI_COMMIT_REF_NAME == "development" ]; then docker push egtlabs/mu:development; fi
only:
- master
- development
Upload Gem:
stage: Deploy
script:
- mkdir ~/.gem
- cat .gitlab-ci/gem_credentials | sed -e "s/__RUBYGEMS_API_KEY__/${RUBYGEMS_API_KEY}/" > ~/.gem/credentials
- chmod 0600 ~/.gem/credentials
- gem push cloud-mu-*.gem
- shred -u ~/.gem/credentials
when: on_success
dependencies:
- Gem Build
only:
- master
except:
variables:
- $IMAGE_BUILD
Upload Gem Manual:
stage: Deploy
script:
- mkdir ~/.gem
- cat .gitlab-ci/gem_credentials | sed -e "s/__RUBYGEMS_API_KEY__/${RUBYGEMS_API_KEY}/" > ~/.gem/credentials
- chmod 0600 ~/.gem/credentials
- gem push cloud-mu-*.gem
- shred -u ~/.gem/credentials
dependencies:
- Gem Build
when: manual
only:
- development
- /^gem-.*$/
- /^cicd-.*$/
- /^hotfix-.*$/
except:
variables:
- $IMAGE_BUILD
pages:
stage: Deploy
script:
- ls public
dependencies:
- Gen Docs
artifacts:
paths:
- public
only:
- master
- gen_docs
except:
variables:
- $IMAGE_BUILD
Base Images Linux:
stage: Deploy
script:
- /opt/mu/lib/extras/generate-stock-images --clouds AWS --aws-creds egtprod --platforms centos6 centos7 rhel7
tags:
- mu-gitlab-runner
only:
variables:
- $IMAGE_BUILD == "do_linux"
Base Images Windows:
stage: Deploy
script:
- /opt/mu/lib/extras/generate-stock-images --clouds AWS --aws-creds egtprod --platforms win2k12 win2k16 win2k19
tags:
- mu-gitlab-runner
only:
variables:
- $IMAGE_BUILD == "do_windows"