-
Notifications
You must be signed in to change notification settings - Fork 12
/
.gitlab-ci.yml
174 lines (158 loc) · 4.99 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
variables:
DOCKER_HUB_IMAGE_REPO: index.docker.io/fintechstudios/ververica-platform-k8s-operator
GL_IMAGE_REPO: registry.gitlab.com/$CI_PROJECT_PATH
BUILDER_BRANCH_TAG: builder-$CI_COMMIT_REF_SLUG
BUILDER_COMMIT_TAG: builder-$CI_COMMIT_SHA
RELEASE_COMMIT_TAG: release-$CI_COMMIT_SHA
stages:
- install # install and cache the deps
- test # build and test the code, lint, etc.
- pre-release # build the release image
- release # tag and release the docker image to repositories
# Jobs that need to interact with docker/ the dockerd
.docker-job:
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "" # https://gitlab.com/gitlab-org/gitlab-runner/issues/4501
services:
- docker:dind
image: docker:stable
before_script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
# Jobs that should run on the image built from build.Dockerfile
.builder-image-job:
variables:
GIT_STRATEGY: none
image:
name: $GL_IMAGE_REPO:$BUILDER_COMMIT_TAG # built in the install stage
entrypoint: [""] # override entrypoint to take arbitrary commands
before_script:
- cd /workspace # from build.Dockerfile
install:
extends: .docker-job
stage: install
script:
# per-branch test image will be created and used as the "cache"
# pull test image from registry so it can be used as a cache for the build command
- docker pull $GL_IMAGE_REPO:$BUILDER_BRANCH_TAG || true
# builds the test image using the pulled image as a cache (if available), tag it
- "docker build \
--cache-from $GL_IMAGE_REPO:$BUILDER_BRANCH_TAG \
-f build.Dockerfile \
--tag $GL_IMAGE_REPO:$BUILDER_BRANCH_TAG \
--tag $GL_IMAGE_REPO:$BUILDER_COMMIT_TAG \
."
# push test images to use for subsequent builds
- docker push $GL_IMAGE_REPO:$BUILDER_BRANCH_TAG
- docker push $GL_IMAGE_REPO:$BUILDER_COMMIT_TAG
build:
extends: .builder-image-job
stage: test
script:
- make
# ensure the configs can be built
build-config:
extends: .builder-image-job
stage: test
only:
changes:
- config/**/*
script:
- make kustomize-build
lint:
extends: .builder-image-job
stage: test
script:
- make lint
test:
extends: .builder-image-job
stage: test
script:
- make test
license-check:
stage: test
image: debian:stretch-slim
before_script:
- apt-get update
- apt-get install -y curl
- "curl -H 'Cache-Control: no-cache' https://raw.githubusercontent.com/fossas/fossa-cli/master/install.sh | bash"
script:
# if the test fails, likely because fossa is backed up, so wait 1 minutes and then retry.
# With 2 retries, this will take max 3 minutes.
- fossa analyze --verbose
- fossa test --verbose || (sleep 60 && exit 1)
retry: 2
# don't fail the entire pipeline if this can't complete in time
allow_failure: true
only:
# only run if actual dependencies have changed
changes:
- go.mod
- go.sum
needs: []
lint-charts:
stage: test
image: gcr.io/kubernetes-charts-ci/test-image:v3.3.2
script:
- git fetch origin master # needed for diffing
- ct lint --config ct.yaml --chart-yaml-schema chart-schema.yaml --validate-maintainers=false
needs: []
release-docker-build:
extends: .docker-job
stage: pre-release
needs:
- install
script:
# use the commit's builder image
- docker pull $GL_IMAGE_REPO:$BUILDER_COMMIT_TAG
# builds image using the pulled image as a cache and tag it
- "docker build \
--build-arg BUILD_IMG=$GL_IMAGE_REPO:$BUILDER_COMMIT_TAG \
--build-arg GIT_COMMIT=$CI_COMMIT_SHA \
--build-arg VERSION=$CI_COMMIT_TAG \
-f Dockerfile \
--tag $GL_IMAGE_REPO:$RELEASE_COMMIT_TAG \
."
# push release images to local registry for publishing
- docker push $GL_IMAGE_REPO:$RELEASE_COMMIT_TAG
# Two release stages - one for tags and one for latest on master
.docker-release:
extends: .docker-job
stage: release
needs:
- release-docker-build
- test
script:
# pull image from registry so it can be used as a cache for the build command
- docker pull $GL_IMAGE_REPO:$RELEASE_COMMIT_TAG
# log in and push to the docker hub
- echo "$DOCKER_HUB_PASS" | docker login --username "$DOCKER_HUB_USERNAME" --password-stdin docker.io
- docker tag $GL_IMAGE_REPO:$RELEASE_COMMIT_TAG $DOCKER_HUB_IMAGE_REPO:$RELEASE_TAG
- docker push $DOCKER_HUB_IMAGE_REPO:$RELEASE_TAG
# Release all tags
docker-release-tags:
extends: .docker-release
only:
- tags
variables:
RELEASE_TAG: $CI_COMMIT_TAG
# Release the commit version only on master, but not the tag as that will be run elsewhere
docker-release-commit:
extends: .docker-release
only:
- /^master$/
except:
refs:
- tags
variables:
RELEASE_TAG: $CI_COMMIT_SHA
# Release the latest version only on master, but not the tag as that will be run elsewhere
docker-release-latest:
extends: .docker-release
only:
- /^master$/
except:
refs:
- tags
variables:
RELEASE_TAG: latest