-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
163 lines (151 loc) · 3.67 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
image: docker.io/alpine/k8s:1.26.6
stages:
- prepare
- update_check
- test
- release
- push
# Define Global Definitions
.defaults:
cache: &global_cache
policy: push
unprotect: false
untracked: true
when: on_success
key: "$CI_COMMIT_REF_SLUG"
paths:
- Chart.lock
- charts/
except: &skip_tags
refs:
- tags
# Prepare Docker access
.kaniko:
before_script:
- echo "{\"auths\":{\"${CI_CONTAINER_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${REGISTRY_USER}" "${REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
## Builds the dependency-cache for consecutive stages
build dependency:
stage: prepare
except:
<<: *skip_tags
cache:
<<: *global_cache
script:
- helm dependency update
## builds the datree image
scanner image:
stage: prepare
except:
<<: *skip_tags
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
extends: .kaniko
only:
changes:
- docker/Dockerfile
refs:
- main
script: |
/kaniko/executor \
--context $CI_PROJECT_DIR/docker \
--dockerfile $CI_PROJECT_DIR/docker/Dockerfile \
--destination "$CI_CONTAINER_REGISTRY/$CI_REGISTRY_PROJECT/datree-scanner:latest"
## builds the diff-image for version comparisons
yaml diff image:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: prepare
except:
<<: *skip_tags
extends: .kaniko
only:
changes:
- docker/Dockerfile-k8s
refs:
- main
script: |
/kaniko/executor \
--context $CI_PROJECT_DIR \
--dockerfile $CI_PROJECT_DIR/docker/Dockerfile-k8s \
--destination "$CI_CONTAINER_REGISTRY/$CI_REGISTRY_PROJECT/diff-image:latest"
## runs the diff-image and prints out updates
check chart for updates:
image: "$CI_CONTAINER_REGISTRY/$CI_REGISTRY_PROJECT/diff-image:latest"
stage: update_check
except:
<<: *skip_tags
allow_failure: true
script:
- cd /apps
- sh -c /apps/getChartVersions.sh
## scans the chart with datree
chart scan:
image: $CI_CONTAINER_REGISTRY/$CI_REGISTRY_PROJECT/datree-scanner:latest
stage: test
except:
<<: *skip_tags
cache:
<<: *global_cache
policy: pull
script:
- helm template clops -f values.yaml . > rendered.yaml
- datree test --no-record --ignore-missing-schemas --schema-version 1.27.3 ./rendered.yaml || true
## prints out the templated chart
## if this fails there is an error in the chart vlaues
template dump:
stage: test
except:
<<: *skip_tags
cache:
<<: *global_cache
policy: pull
script:
- helm template clops -f values.yaml .
## semantic-release
release:
image: $CI_CONTAINER_REGISTRY/cci-tools/semantic-release@sha256:3c237539f069b3ed5a863f9d02682ca5844a4c5cb3c1e2629043c33c56b93c6d
stage: release
script:
- semantic-release
only:
refs:
- main
#- dev
## builds the chart on a new release
build chart:
stage: push
only:
refs:
- tags
except:
refs:
- branches
script:
- |
sed -i "s/^version:.*$/version: $CI_COMMIT_TAG/g" Chart.yaml
- helm dependency update
- helm package .
artifacts:
untracked: false
when: on_success
expire_in: "30 days"
paths:
- "clops-helm-*.tgz"
## pushes the chart on a new release
push chart:
stage: push
needs:
- "build chart"
only:
refs:
- tags
except:
refs:
- branches
script:
## Not needed since already present in container
#- helm plugin install https://github.com/chartmuseum/helm-push
- helm repo add cloudical-clops "https://$CI_CHART_REGISTRY/$CI_REGISTRY_PROJECT"
- helm cm-push --dependency-update clops-helm-*.tgz cloudical-clops