From a267e99ff97a9437eb8b067284934cf5fa09daf3 Mon Sep 17 00:00:00 2001
From: David Hoese <david.hoese@ssec.wisc.edu>
Date: Wed, 25 Nov 2020 13:29:41 -0600
Subject: [PATCH] Make sure GCP deployments only run when tagged
---
.gitlab-ci.yml | 1 -
ci_gcp/gitlab-ci.yaml | 33 ++++++++++-------------------
ci_gcp/values-geosphere-rabbit.yaml | 13 ++++++++++++
helpers/get_namespace.sh | 13 +++++++++++-
4 files changed, 36 insertions(+), 24 deletions(-)
create mode 100644 ci_gcp/values-geosphere-rabbit.yaml
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index c8edb23..eba71e6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -3,7 +3,6 @@ stages:
- build prereqs
- test
- create storage
- - test
- deploy rabbit
- deploy GRB
- deploy G2G
diff --git a/ci_gcp/gitlab-ci.yaml b/ci_gcp/gitlab-ci.yaml
index 464f192..8706b37 100644
--- a/ci_gcp/gitlab-ci.yaml
+++ b/ci_gcp/gitlab-ci.yaml
@@ -4,10 +4,8 @@
environment:
name: gcp
extends: .helm_based_job
- image: gitlab.ssec.wisc.edu:5555/cspp_geo/geosphere/gcloud-kubectl-helm/gcloud-kubectl-helm:6d3e308b
- variables:
- KUBECONFIG: "/root/.kube/config"
before_script:
+ - export KUBECONFIG="/root/.kube/config"
- gcloud --verbosity=debug auth activate-service-account "${GEOSPHERE_DEPLOY_GCP_SA_EMAIL}" --key-file="${GEOSPHERE_DEPLOY_GCP_SA_KEY}"
# If this produces a warning about not having permission make sure the SA
# has the project "Viewer" role. If it still produces a warning then try
@@ -18,6 +16,10 @@
- helm registry login -u ${CI_REGISTRY_USER} -p ${CI_JOB_TOKEN} ${CI_REGISTRY}
- helm repo add stable https://kubernetes-charts.storage.googleapis.com
- helm repo update
+ rules:
+ - if: $CI_COMMIT_TAG !~ /$GCP_TAG_REGEX/
+ when: never
+ - when: on_success
test gcp connection:
extends: .gcloud_base
@@ -44,10 +46,6 @@ gstest deploy grb:
- helm upgrade -v 2 --install --namespace $ns -f ../../ci_gcp/values-grb-g16.yaml cspp-geo-grb cspp-geo-grb/
dependencies:
- get_chart_grb
- rules:
- - if: '$CI_COMMIT_BRANCH != "gcp"'
- when: never
- - when: on_success
gs create geotiff storage:
extends: .gcloud_base
@@ -58,12 +56,11 @@ gs create geotiff storage:
# this job doesn't actually need any artifacts from previous jobs
dependencies: []
rules:
- - if: '$CI_COMMIT_BRANCH != "gcp"'
+ - if: $CI_COMMIT_TAG !~ /$GCP_TAG_REGEX/
when: never
- - when: on_success
# this will always be true for tags
- changes:
- - ci_geosphere/geotiff-pvc.yaml
+ - ci_gcp/geotiff-pvc.yaml
- if: $CREATE_STORAGE
gs create shapefile storage:
@@ -75,13 +72,11 @@ gs create shapefile storage:
# this job doesn't actually need any artifacts from previous jobs
dependencies: []
rules:
- - if: "$CI_COMMIT_TAG == null"
- when: never
- - if: '$kubekorner_k3s_config == null'
+ - if: $CI_COMMIT_TAG !~ /$GCP_TAG_REGEX/
when: never
# this will always be true for tags
- changes:
- - ci_geosphere/shapefiles-pvc.yaml
+ - ci_gcp/shapefiles-pvc.yaml
- if: $CREATE_STORAGE
gs deploy rabbit:
@@ -92,16 +87,10 @@ gs deploy rabbit:
stage: deploy rabbit
script:
- ./helpers/deploy_rabbitmq.sh ci_geosphere
- - cp ${kubekorner_k3s_config} .
- - kubeconfig=$(basename ${kubekorner_k3s_config})
- - |-
- kubectl get secret --kubeconfig "${kubeconfig}" geosphere-rabbit-rabbitmq --namespace=geosphere -oyaml | grep -v '^\s*namespace:\s' | grep -v "[Hh]elm" | grep -v "[tT]ime" | grep -v "selfLink" | grep -v "uid" | grep -v "resourceVersion" | sed 's/ name: .*/ name: geosphere-rabbit-rabbitmq-production/' | kubectl_stdin apply --kubeconfig "${kubeconfig}" --namespace=geosphere-test -f -
# this job doesn't actually need any artifacts from previous jobs
dependencies: []
rules:
- - if: "$CI_COMMIT_TAG == null"
- when: never
- - if: '$kubekorner_k3s_config == null'
+ - if: $CI_COMMIT_TAG !~ /$GCP_TAG_REGEX/
when: never
# no need to build if another project triggered us
- if: $CI_PIPELINE_SOURCE == "pipeline"
@@ -122,7 +111,7 @@ gstest deploy client:
dependencies:
- get_chart_client_test
rules:
- - if: '$CI_COMMIT_BRANCH != "gcp"'
+ - if: $CI_COMMIT_TAG !~ /$GCP_TAG_REGEX/
when: never
- when: on_success
diff --git a/ci_gcp/values-geosphere-rabbit.yaml b/ci_gcp/values-geosphere-rabbit.yaml
new file mode 100644
index 0000000..678aba0
--- /dev/null
+++ b/ci_gcp/values-geosphere-rabbit.yaml
@@ -0,0 +1,13 @@
+#rabbitmq:
+# configuration: |-
+# ## Clustering
+# cluster_formation.peer_discovery_backend = rabbit_peer_discovery_k8s
+# cluster_formation.k8s.host = kubernetes.default.svc.cluster.local
+# cluster_formation.node_cleanup.interval = 10
+# cluster_formation.node_cleanup.only_log_warning = true
+# cluster_partition_handling = autoheal
+# # queue master locator
+# queue_master_locator=min-masters
+# # enable guest user
+# loopback_users.guest = false
+rbacEnabled: false
diff --git a/helpers/get_namespace.sh b/helpers/get_namespace.sh
index e0bb44d..38ce288 100755
--- a/helpers/get_namespace.sh
+++ b/helpers/get_namespace.sh
@@ -12,9 +12,20 @@ error() {
>&2 echo "ERROR: $@"
}
+test_namespace() {
+ if [[ $CI_ENVIRONMENT_NAME == "gcp" ]]; then
+ echo "${GCP_NAMESPACE}"
+ else
+ echo "${TESTS_NAMESPACE}"
+ fi
+}
+
if [[ -n "$CI_COMMIT_TAG" ]]; then
debug "Tag detected: $CI_COMMIT_TAG"
- if [[ $CI_COMMIT_TAG =~ $GEOSPHERE_TAG_REGEX ]]; then
+ if [[ $CI_JOB_STAGE == "test" ]]; then
+ debug "Ignoring tag because we are in the 'test' stage"
+ ns=$(test_namespace)
+ elif [[ $CI_COMMIT_TAG =~ $GEOSPHERE_TAG_REGEX ]]; then
debug "geosphere tag matched"
ns="${GEOSPHERE_NAMESPACE}"
elif [[ $CI_COMMIT_TAG =~ $GEOSPHERE_TEST_TAG_REGEX ]]; then
--
GitLab