-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
195 lines (171 loc) · 8.69 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
image: golang:1.21.1-alpine3.18
variables:
REPO_NAME: github.com/develatio/nebulant-bridge
BUILD_BRANCH: "nightly"
DEPLOY_BUCKET: "nightly"
stages:
- analysis
- deploy
# The problem is that to be able to use go get, one needs to put
# the repository in the $GOPATH. So for example if your gitlab domain
# is gitlab.com, and that your repository is namespace/project, and
# the default GOPATH being /go, then you'd need to have your
# repository in /go/src/gitlab.com/namespace/project
# Thus, making a symbolic link corrects this.
before_script:
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
- cd $GOPATH/src/$REPO_NAME
#
- apk add -U ca-certificates
- >-
echo "hosts: files dns" > /etc/nsswitch.conf
- echo -e "-----BEGIN CERTIFICATE-----\nMIIEADCCAuigAwIBAgIID+rOSdTGfGcwDQYJKoZIhvcNAQELBQAwgYsxCzAJBgNV\nBAYTAlVTMRkwFwYDVQQKExBDbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91\nZEZsYXJlIE9yaWdpbiBTU0wgQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQH\nEw1TYW4gRnJhbmNpc2NvMRMwEQYDVQQIEwpDYWxpZm9ybmlhMB4XDTE5MDgyMzIx\nMDgwMFoXDTI5MDgxNTE3MDAwMFowgYsxCzAJBgNVBAYTAlVTMRkwFwYDVQQKExBD\nbG91ZEZsYXJlLCBJbmMuMTQwMgYDVQQLEytDbG91ZEZsYXJlIE9yaWdpbiBTU0wg\nQ2VydGlmaWNhdGUgQXV0aG9yaXR5MRYwFAYDVQQHEw1TYW4gRnJhbmNpc2NvMRMw\nEQYDVQQIEwpDYWxpZm9ybmlhMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKC\nAQEAwEiVZ/UoQpHmFsHvk5isBxRehukP8DG9JhFev3WZtG76WoTthvLJFRKFCHXm\nV6Z5/66Z4S09mgsUuFwvJzMnE6Ej6yIsYNCb9r9QORa8BdhrkNn6kdTly3mdnykb\nOomnwbUfLlExVgNdlP0XoRoeMwbQ4598foiHblO2B/LKuNfJzAMfS7oZe34b+vLB\nyrP/1bgCSLdc1AxQc1AC0EsQQhgcyTJNgnG4va1c7ogPlwKyhbDyZ4e59N5lbYPJ\nSmXI/cAe3jXj1FBLJZkwnoDKe0v13xeF+nF32smSH0qB7aJX2tBMW4TWtFPmzs5I\nlwrFSySWAdwYdgxw180yKU0dvwIDAQABo2YwZDAOBgNVHQ8BAf8EBAMCAQYwEgYD\nVR0TAQH/BAgwBgEB/wIBAjAdBgNVHQ4EFgQUJOhTV118NECHqeuU27rhFnj8KaQw\nHwYDVR0jBBgwFoAUJOhTV118NECHqeuU27rhFnj8KaQwDQYJKoZIhvcNAQELBQAD\nggEBAHwOf9Ur1l0Ar5vFE6PNrZWrDfQIMyEfdgSKofCdTckbqXNTiXdgbHs+TWoQ\nwAB0pfJDAHJDXOTCWRyTeXOseeOi5Btj5CnEuw3P0oXqdqevM1/+uWp0CM35zgZ8\nVD4aITxity0djzE6Qnx3Syzz+ZkoBgTnNum7d9A66/V636x4vTeqbZFBr9erJzgz\nhhurjcoacvRNhnjtDRM0dPeiCJ50CP3wEYuvUzDHUaowOsnLCjQIkWbR7Ni6KEIk\nMOz2U0OBSif3FTkhCgZWQKOOLo1P42jHC3ssUZAtVNXrCk3fw9/E15k8NPkBazZ6\n0iykLhH1trywrKRMVw67F44IE8Y=\n-----END CERTIFICATE-----" > /usr/local/share/ca-certificates/cloudflare.crt
- update-ca-certificates
# unittest:
# stage: analysis
# tags:
# - local
# script:
# - make cover
# rules:
# - if: $CI_COMMIT_MESSAGE =~ /skip[-_]all/
# when: never
# - if: $CI_COMMIT_MESSAGE =~ /skip[-_]unittest/
# when: never
# - if: $CI_COMMIT_MESSAGE =~ /Merge tag \'[\w.]+\' into develop/
# when: never
# - if: '$CI_COMMIT_BRANCH == "develop"'
# when: on_success
# - if: '$CI_COMMIT_BRANCH == "master"'
# when: on_success
# - when: never
# autotest:
# stage: analysis
# tags:
# - local
# script:
# - apk update && apk add make git
# - make builddebug
# - echo $BLUEPRINT >/tmp/blueprint.json
# - ./dist/nebulant-debug run -f /tmp/blueprint.json
# # coverage: '/Code coverage: \d+(?:\.\d+)?/'
# rules:
# - if: $CI_COMMIT_MESSAGE =~ /skip[-_]all/
# when: never
# - if: $CI_COMMIT_MESSAGE =~ /skip[-_]self/
# when: never
# - if: $CI_COMMIT_MESSAGE =~ /Merge tag \'[\w.]+\' into develop/
# when: never
# - if: '$CI_COMMIT_BRANCH == "develop"'
# when: on_success
# - if: '$CI_COMMIT_BRANCH == "master"'
# when: on_success
# - when: never
deploy_bridge_develop:
stage: deploy
tags:
- local
script:
- apk update && apk add vault make git libcap curl
- setcap -r /usr/sbin/vault
- curl "https://releases.nebulant.app/v0.5.1-beta/nebulant-linux-amd64" -o nebulant-linux-amd64
- GOOS=linux GOARCH=arm64 make build
- export VAULT_TOKEN=$(vault login -token-only -method=userpass username="$VAULT_USER_GITLAB" password="$VAULT_PASSWORD_GITLAB")
- export HETZNER_CLIENT_AUTH_TOKEN=$(vault kv get -field=HETZNER_CLIENT_AUTH_TOKEN "secret/Nebulant/Sysadmin/Hetzner/NebulantPRE")
- export SSH_KEY=$(vault kv get -field=nebulant.pem "secret/Nebulant/Sysadmin/certificates/SSH")
- echo "$SSH_KEY" | sed 's/\r/\n/g' > nebulant.pem
- chmod 400 nebulant.pem
- mkdir -p deploy_conf/nginx/certs
- export CF_PEM=$(vault kv get -field=PEM "secret/Nebulant/Sysadmin/certificates/Cloudflare/nebulant.dev")
- echo "$CF_PEM" | sed 's/\r/\n/g' > deploy_conf/nginx/certs/nebulant.dev-cloudflare.pem
- export CF_KEY=$(vault kv get -field=KEY "secret/Nebulant/Sysadmin/certificates/Cloudflare/nebulant.dev")
- echo "$CF_KEY" | sed 's/\r/\n/g' > deploy_conf/nginx/certs/nebulant.dev-cloudflare.key
- rm deploy_conf/nginx/sites/nebulant.app.conf
- export ENV=$(vault kv get -field=.env "secret/Nebulant/Dev/PRE")
- echo "$ENV" | sed 's/\r/\n/g' > dist/.env
- chmod +x ./nebulant-linux-amd64
- ./nebulant-linux-amd64 run -f ./deploy_nebulant_bridge.nbp
rules:
- if: $CI_COMMIT_BRANCH == "develop"
when: manual
deploy_bridge_master:
stage: deploy
tags:
- local
script:
- apk update && apk add vault make git libcap curl
- setcap -r /usr/sbin/vault
# TODO: This should point at releases.nebulant.app and use a stable release
- curl "https://releases.nebulant.app/v0.5.1-beta/nebulant-linux-amd64" -o nebulant-linux-amd64
- GOOS=linux GOARCH=arm64 make build
- export VAULT_TOKEN=$(vault login -token-only -method=userpass username="$VAULT_USER_GITLAB" password="$VAULT_PASSWORD_GITLAB")
- export HETZNER_CLIENT_AUTH_TOKEN=$(vault kv get -field=HETZNER_CLIENT_AUTH_TOKEN "secret/Nebulant/Sysadmin/Hetzner/NebulantPROD")
- export SSH_KEY=$(vault kv get -field=nebulant.pem "secret/Nebulant/Sysadmin/certificates/SSH")
- echo "$SSH_KEY" | sed 's/\r/\n/g' > nebulant.pem
- chmod 400 nebulant.pem
- mkdir -p deploy_conf/nginx/certs
- export CF_PEM=$(vault kv get -field=PEM "secret/Nebulant/Sysadmin/certificates/Cloudflare/nebulant.app")
- echo "$CF_PEM" | sed 's/\r/\n/g' > deploy_conf/nginx/certs/nebulant.app-cloudflare.pem
- export CF_KEY=$(vault kv get -field=KEY "secret/Nebulant/Sysadmin/certificates/Cloudflare/nebulant.app")
- echo "$CF_KEY" | sed 's/\r/\n/g' > deploy_conf/nginx/certs/nebulant.app-cloudflare.key
- rm deploy_conf/nginx/sites/nebulant.dev.conf
- export ENV=$(vault kv get -field=.env "secret/Nebulant/Dev/PRO")
- echo "$ENV" | sed 's/\r/\n/g' > dist/.env
- chmod +x ./nebulant-linux-amd64
- ./nebulant-linux-amd64 run -f ./deploy_nebulant_bridge.nbp
rules:
- if: $CI_COMMIT_BRANCH == "master"
when: manual
dev_gobuild_and_r2upload:
stage: deploy
tags:
- local
script:
- echo "build for ${BUILD_BRANCH} - ${DEPLOY_BUCKET}"
- apk update && apk add vault make git perl-utils libcap
- make buildall
- cp dist/*.*.*/nebulant-linux-amd64 ./nebulant
- setcap -r /usr/sbin/vault
- export VAULT_TOKEN=$(vault login -token-only -method=userpass username="$VAULT_USER_GITLAB" password="$VAULT_PASSWORD_GITLAB")
- export CLOUDFLARE_ACCOUNT_ID=$(vault kv get -field="accountid" secret/Nebulant/Dev/Cloudflare/API/nebulant.dev)
- export CLOUDFLARE_ACCESS_KEY_ID=$(vault kv get -field="Builder assets generator access key id" secret/Develatio/Dev/Cloudflare/API/api-tokens)
- export CLOUDFLARE_SECRET_ACCESS_KEY=$(vault kv get -field="Builder assets generator secret access key" secret/Develatio/Dev/Cloudflare/API/api-tokens)
- export VERSION_NUMBER=$(./nebulant -v | head -n 1)
- export VERSION_DATE=$(git log -1 --date=format:'%Y/%m/%d' --format=%cd)
- ./nebulant run -f ./publish_release.nbp --SOURCEPATH=./dist/ --DSTPATH="bridge/" --BUCKET=${DEPLOY_BUCKET} --VERSION_NUMBER=${VERSION_NUMBER} --VERSION_DATE=${VERSION_DATE} --URL_DOMAIN=releases.nebulant.dev
rules:
- if: $CI_COMMIT_TAG && $CI_COMMIT_BRANCH == "develop" && $CI_COMMIT_TAG =~ /v\d\.\d.\d-rc.$/
variables:
BUILD_BRANCH: "pre-release"
DEPLOY_BUCKET: "nebulant-dev-cli-releases"
- if: $CI_COMMIT_BRANCH == "develop"
variables:
BUILD_BRANCH: "pre-release"
DEPLOY_BUCKET: "nebulant-dev-cli-releases"
when: manual
# r2upload:
# stage: deploy
# tags:
# - local
# script:
# - echo "deploy for ${BUILD_BRANCH} ${DEPLOY_BUCKET}"
# - ls
# - ls -R dist/
# needs:
# job: gobuild
# artifacts: true
# rules:
# - if: $CI_COMMIT_TAG && $CI_COMMIT_BRANCH == "main" && $CI_COMMIT_TAG =~ /v\d\.\d.\d$/
# when: manual
# - if: $CI_COMMIT_TAG && $CI_COMMIT_BRANCH == "develop" && $CI_COMMIT_TAG =~ /v\d\.\d.\d-rc.$/
# when: manual
# - if: $CI_COMMIT_TAG && $CI_COMMIT_BRANCH == "develop"
# when: manual
# compile:
# stage: build
# script:
# - make build
# artifacts:
# paths:
# - bin