init

k8s/gitlab-runner/.gitlab-ci.yml

@@ -0,0 +1,177 @@
+##############
+# Conditions #
+##############
+
+.if-merge-request-pipeline: &if-merge-request-pipeline
+  if: $CI_PIPELINE_SOURCE == "merge_request_event"
+
+.if-default-branch: &if-default-branch
+  if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
+
+.if-stable-release-branch: &if-stable-release-branch
+  if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/
+
+.if-release-tag: &if-release-tag
+  if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/charts/gitlab-runner"'
+
+.if-security-release-tag: &if-security-release-tag
+  if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/security/charts/gitlab-runner"'
+
+#########
+# Rules #
+#########
+
+.rules:default:
+  rules:
+  - <<: *if-merge-request-pipeline
+  - <<: *if-default-branch
+  - <<: *if-stable-release-branch
+  - <<: *if-release-tag
+  - <<: *if-security-release-tag
+
+.rules:release:development:
+  rules:
+  - <<: *if-default-branch
+    when: never
+  - <<: *if-merge-request-pipeline
+    when: manual
+
+.rules:release:beta:
+  rules:
+  - <<: *if-default-branch
+
+.rules:release:stable:
+  rules:
+  - <<: *if-release-tag
+  - <<: *if-security-release-tag
+
+############
+# Pipeline #
+############
+
+default:
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7
+  tags:
+  - gitlab-org
+
+variables:
+  GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab-runner
+
+stages:
+- test
+- release
+- post-release
+
+lint:
+  extends:
+  - .rules:default
+  stage: test
+  script:
+  - helm lint .
+
+integration test:
+  extends:
+  - .rules:default
+  variables:
+    DOCKER_HOST: "tcp://kubernetes:2375/"
+    DOCKER_TLS_CERTDIR: ""
+    DOCKER_DRIVER: overlay2
+    INTEGRATION_RUNNER_NAME: integration-test-$CI_COMMIT_SHORT_SHA
+    INTEGRATION_HELM_POD_RELEASE_LABEL: release=$INTEGRATION_RUNNER_NAME
+  stage: test
+  services:
+  - name: docker:20.10.16-dind
+    alias: kubernetes
+  image: docker:20.10.16-git
+  script:
+    # Initialize KIND cluster
+  - apk add --no-cache openssl curl bash
+  - curl -Lo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl
+  - curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 && chmod +x /usr/local/bin/kind
+  - kind create cluster --config=$(pwd)/scripts/kind-config.yaml
+  - kind get kubeconfig|sed -e 's/0.0.0.0/kubernetes/g' > kubeconfig.yaml
+  - export KUBECONFIG=$(pwd)/kubeconfig.yaml
+  - kubectl version
+  - kubectl cluster-info
+  - bash -c "for _i in {0..60}; do kubectl -n default get serviceaccount default -o name > /dev/null 2>&1 && break; sleep 1; done"
+  - bash -c "for _i in {0..60}; do kubectl get nodes|grep -w Ready > /dev/null 2>&1 && break; sleep 1; done"
+  # Install helm latest version instead of pre-installed one in registry.gitlab.com/gitlab-org/gitlab-build-images image
+  - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
+  # Run tests
+  - bash -x scripts/integration.sh
+  after_script:
+  - export KUBECONFIG=$(pwd)/kubeconfig.yaml
+  - bash -x scripts/integration_cleanup.sh
+  tags:
+  - gitlab-org-docker
+
+release development:
+  extends:
+  - .rules:release:development
+  stage: release
+  script:
+  - helm package .
+  artifacts:
+    paths:
+    - gitlab-runner*.tgz
+    expire_in: 7d
+  allow_failure: true
+
+release beta:
+  extends:
+  - .rules:release:beta
+  stage: release
+  variables:
+    S3_URL: s3://${S3_BUCKET}${S3_PATH}
+    REPO_URL: https://${S3_BUCKET}.s3.amazonaws.com${S3_PATH}
+  script:
+  - apk add --no-cache py-pip
+  - pip install awscli
+  - 'beta_info=$(git describe --long | sed -r "s/v[0-9\.]+(-rc[0-9]+)?-//")'
+  - 'build_time=$(date +%s)'
+  - 'sed -r "s/(version: [0-9\.]+-beta)/\1-${build_time}-${beta_info}/" -i Chart.yaml'
+  - 'sed -r "s/appVersion: .*/appVersion: bleeding/" -i Chart.yaml'
+  - 'sed -r "s/imagePullPolicy: IfNotPresent/imagePullPolicy: Always/" -i values.yaml'
+  - mkdir -p public/
+  - aws s3 cp ${S3_URL}/index.yaml public/index.yaml || true
+  - (cd public; helm package ../)
+  - helm repo index public --merge public/index.yaml --url ${REPO_URL}
+  - aws s3 sync public ${S3_URL} --acl public-read
+  - 'echo "To install repository run: helm repo add gitlab-runner-beta ${REPO_URL} && helm repo update"'
+
+release stable:
+  extends:
+  - .rules:release:stable
+  stage: release
+  image: alpine:3.14
+  script:
+  - apk add --no-cache curl
+  - curl --fail-with-body
+         --request POST
+         --form "token=$CI_JOB_TOKEN"
+         --form ref=master
+         --form "variables[CHART_NAME]=$CI_PROJECT_NAME"
+         --form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
+         https://gitlab.com/api/v4/projects/2860651/trigger/pipeline
+
+trigger charts update:
+  extends:
+  - .rules:release:stable
+  stage: post-release
+  image: alpine:3.14
+  script:
+  - apk add --no-cache curl
+  - curl --fail-with-body
+         --request POST
+         --form "token=${GITLAB_CHARTS_TRIGGER_TOKEN}"
+         --form ref=master
+         --form "variables[DEPS_PIPELINE]=true"
+         https://gitlab.com/api/v4/projects/3828396/trigger/pipeline
+  needs:
+    - job: release stable
+
+##############
+# Includes #
+##############
+include:
+  - template: Security/Dependency-Scanning.gitlab-ci.yml