gitlab-ci/k8s/gitlab-runner/.gitlab-ci.yml

##############
# Conditions #
##############

.if-merge-request-pipeline: &if-merge-request-pipeline
  if: $CI_PIPELINE_SOURCE == "merge_request_event"

.if-default-branch: &if-default-branch
  if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'

.if-stable-release-branch: &if-stable-release-branch
  if: $CI_COMMIT_REF_NAME =~ /\A[0-9]+-[0-9]+-stable\z/

.if-release-tag: &if-release-tag
  if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/charts/gitlab-runner"'

.if-security-release-tag: &if-security-release-tag
  if: '$CI_COMMIT_TAG =~ /^v[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?$/ && $CI_PROJECT_URL == "https://gitlab.com/gitlab-org/security/charts/gitlab-runner"'

#########
# Rules #
#########

.rules:default:
  rules:
  - <<: *if-merge-request-pipeline
  - <<: *if-default-branch
  - <<: *if-stable-release-branch
  - <<: *if-release-tag
  - <<: *if-security-release-tag

.rules:release:development:
  rules:
  - <<: *if-default-branch
    when: never
  - <<: *if-merge-request-pipeline
    when: manual

.rules:release:beta:
  rules:
  - <<: *if-default-branch

.rules:release:stable:
  rules:
  - <<: *if-release-tag
  - <<: *if-security-release-tag

############
# Pipeline #
############

default:
  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base-helm-3.7
  tags:
  - gitlab-org

variables:
  GIT_CLONE_PATH: $CI_BUILDS_DIR/gitlab-runner

stages:
- test
- release
- post-release

lint:
  extends:
  - .rules:default
  stage: test
  script:
  - helm lint .

integration test:
  extends:
  - .rules:default
  variables:
    DOCKER_HOST: "tcp://kubernetes:2375/"
    DOCKER_TLS_CERTDIR: ""
    DOCKER_DRIVER: overlay2
    INTEGRATION_RUNNER_NAME: integration-test-$CI_COMMIT_SHORT_SHA
    INTEGRATION_HELM_POD_RELEASE_LABEL: release=$INTEGRATION_RUNNER_NAME
  stage: test
  services:
  - name: docker:20.10.16-dind
    alias: kubernetes
  image: docker:20.10.16-git
  script:
    # Initialize KIND cluster
  - apk add --no-cache openssl curl bash
  - curl -Lo /usr/local/bin/kubectl https://storage.googleapis.com/kubernetes-release/release/v1.20.4/bin/linux/amd64/kubectl && chmod +x /usr/local/bin/kubectl
  - curl -Lo /usr/local/bin/kind https://kind.sigs.k8s.io/dl/v0.11.1/kind-linux-amd64 && chmod +x /usr/local/bin/kind
  - kind create cluster --config=$(pwd)/scripts/kind-config.yaml
  - kind get kubeconfig|sed -e 's/0.0.0.0/kubernetes/g' > kubeconfig.yaml
  - export KUBECONFIG=$(pwd)/kubeconfig.yaml
  - kubectl version
  - kubectl cluster-info
  - bash -c "for _i in {0..60}; do kubectl -n default get serviceaccount default -o name > /dev/null 2>&1 && break; sleep 1; done"
  - bash -c "for _i in {0..60}; do kubectl get nodes|grep -w Ready > /dev/null 2>&1 && break; sleep 1; done"
  # Install helm latest version instead of pre-installed one in registry.gitlab.com/gitlab-org/gitlab-build-images image
  - curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bash
  # Run tests
  - bash -x scripts/integration.sh
  after_script:
  - export KUBECONFIG=$(pwd)/kubeconfig.yaml
  - bash -x scripts/integration_cleanup.sh
  tags:
  - gitlab-org-docker

release development:
  extends:
  - .rules:release:development
  stage: release
  script:
  - helm package .
  artifacts:
    paths:
    - gitlab-runner*.tgz
    expire_in: 7d
  allow_failure: true

release beta:
  extends:
  - .rules:release:beta
  stage: release
  variables:
    S3_URL: s3://${S3_BUCKET}${S3_PATH}
    REPO_URL: https://${S3_BUCKET}.s3.amazonaws.com${S3_PATH}
  script:
  - apk add --no-cache py-pip
  - pip install awscli
  - 'beta_info=$(git describe --long | sed -r "s/v[0-9\.]+(-rc[0-9]+)?-//")'
  - 'build_time=$(date +%s)'
  - 'sed -r "s/(version: [0-9\.]+-beta)/\1-${build_time}-${beta_info}/" -i Chart.yaml'
  - 'sed -r "s/appVersion: .*/appVersion: bleeding/" -i Chart.yaml'
  - 'sed -r "s/imagePullPolicy: IfNotPresent/imagePullPolicy: Always/" -i values.yaml'
  - mkdir -p public/
  - aws s3 cp ${S3_URL}/index.yaml public/index.yaml || true
  - (cd public; helm package ../)
  - helm repo index public --merge public/index.yaml --url ${REPO_URL}
  - aws s3 sync public ${S3_URL} --acl public-read
  - 'echo "To install repository run: helm repo add gitlab-runner-beta ${REPO_URL} && helm repo update"'

release stable:
  extends:
  - .rules:release:stable
  stage: release
  image: alpine:3.14
  script:
  - apk add --no-cache curl
  - curl --fail-with-body
         --request POST
         --form "token=$CI_JOB_TOKEN"
         --form ref=master
         --form "variables[CHART_NAME]=$CI_PROJECT_NAME"
         --form "variables[RELEASE_REF]=$CI_COMMIT_REF_NAME"
         https://gitlab.com/api/v4/projects/2860651/trigger/pipeline

trigger charts update:
  extends:
  - .rules:release:stable
  stage: post-release
  image: alpine:3.14
  script:
  - apk add --no-cache curl
  - curl --fail-with-body
         --request POST
         --form "token=${GITLAB_CHARTS_TRIGGER_TOKEN}"
         --form ref=master
         --form "variables[DEPS_PIPELINE]=true"
         https://gitlab.com/api/v4/projects/3828396/trigger/pipeline
  needs:
    - job: release stable

##############
# Includes #
##############
include:
  - template: Security/Dependency-Scanning.gitlab-ci.yml