Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Support
Keyboard shortcuts
?
Submit feedback
Contribute to GitLab
Sign in / Register
Toggle navigation
G
gitlab-ce
Project overview
Project overview
Details
Activity
Releases
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Issues
0
Issues
0
List
Boards
Labels
Milestones
Merge Requests
0
Merge Requests
0
Analytics
Analytics
Repository
Value Stream
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Create a new issue
Commits
Issue Boards
Open sidebar
Léo-Paul Géneau
gitlab-ce
Commits
c0c21960
Commit
c0c21960
authored
May 08, 2018
by
Fabio Busatto
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Vendor Auto-DevOps.gitlab-ci.yml
parent
cb7a6d34
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
166 additions
and
23 deletions
+166
-23
vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
+166
-23
No files found.
vendor/gitlab-ci-yml/Auto-DevOps.gitlab-ci.yml
View file @
c0c21960
...
...
@@ -88,6 +88,14 @@ codequality:
artifacts
:
paths
:
[
codeclimate.json
]
license_management
:
image
:
registry.gitlab.com/gitlab-org/security-products/license-management:latest
allow_failure
:
true
script
:
-
license_management
artifacts
:
paths
:
[
gl-license-report.json
]
performance
:
stage
:
performance
image
:
docker:stable
...
...
@@ -133,6 +141,7 @@ dependency_scanning:
-
dependency_scanning
artifacts
:
paths
:
[
gl-dependency-scanning-report.json
]
sast:container:
image
:
docker:stable
variables
:
...
...
@@ -217,7 +226,7 @@ stop_review:
# only manually promote to production, enable this job by removing the dot (.),
# and uncomment the `when: manual` line in the `production` job.
.
staging
:
staging
:
stage
:
staging
script
:
-
check_kube_domain
...
...
@@ -234,6 +243,11 @@ stop_review:
refs
:
-
master
kubernetes
:
active
variables
:
-
$STAGING_ENABLED
except
:
variables
:
-
$INCREMENTAL_ROLLOUT_ENABLED
# Canaries are disabled by default, but if you want them,
# and know what the downsides are, enable this job by removing the dot (.),
...
...
@@ -263,7 +277,7 @@ stop_review:
# or `canary` deploys, or you simply want more control over when you deploy
# to production, uncomment the `when: manual` line in the `production` job.
production
:
.production
:
&production_template
stage
:
production
script
:
-
check_kube_domain
...
...
@@ -274,17 +288,103 @@ production:
-
create_secret
-
deploy
-
delete canary
-
delete rollout
-
persist_environment_url
environment
:
name
:
production
url
:
http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
artifacts
:
paths
:
[
environment_url.txt
]
# when: manual
production
:
<<
:
*production_template
only
:
refs
:
-
master
kubernetes
:
active
except
:
variables
:
-
$STAGING_ENABLED
-
$INCREMENTAL_ROLLOUT_ENABLED
production_manual
:
<<
:
*production_template
when
:
manual
only
:
refs
:
-
master
kubernetes
:
active
variables
:
-
$STAGING_ENABLED
except
:
variables
:
-
$INCREMENTAL_ROLLOUT_ENABLED
# This job implements incremental rollout on for every push to `master`.
.rollout
:
&rollout_template
stage
:
production
script
:
-
check_kube_domain
-
install_dependencies
-
download_chart
-
ensure_namespace
-
install_tiller
-
create_secret
-
deploy rollout $ROLLOUT_PERCENTAGE
-
scale stable $((100-ROLLOUT_PERCENTAGE))
-
delete canary
-
persist_environment_url
environment
:
name
:
production
url
:
http://$CI_PROJECT_PATH_SLUG.$AUTO_DEVOPS_DOMAIN
artifacts
:
paths
:
[
environment_url.txt
]
rollout 10%
:
<<
:
*rollout_template
variables
:
ROLLOUT_PERCENTAGE
:
10
only
:
refs
:
-
master
kubernetes
:
active
variables
:
-
$INCREMENTAL_ROLLOUT_ENABLED
rollout 25%
:
<<
:
*rollout_template
variables
:
ROLLOUT_PERCENTAGE
:
25
when
:
manual
only
:
refs
:
-
master
kubernetes
:
active
variables
:
-
$INCREMENTAL_ROLLOUT_ENABLED
rollout 50%
:
<<
:
*rollout_template
variables
:
ROLLOUT_PERCENTAGE
:
50
when
:
manual
only
:
refs
:
-
master
kubernetes
:
active
variables
:
-
$INCREMENTAL_ROLLOUT_ENABLED
rollout 100%
:
<<
:
*production_template
when
:
manual
only
:
refs
:
-
master
kubernetes
:
active
variables
:
-
$INCREMENTAL_ROLLOUT_ENABLED
# ---------------------------------------------------------------------------
...
...
@@ -308,7 +408,7 @@ production:
fi
docker run -d --name db arminc/clair-db:latest
docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1
docker run -p 6060:6060 --link db:postgres -d --name clair
--restart on-failure
arminc/clair-local-scan:v2.0.1
apk add -U wget ca-certificates
docker pull ${CI_APPLICATION_REPOSITORY}:${CI_APPLICATION_TAG}
wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64
...
...
@@ -328,6 +428,14 @@ production:
"registry.gitlab.com/gitlab-org/security-products/codequality:$SP_VERSION" /code
}
function license_management() {
if echo $GITLAB_FEATURES |grep license_management > /dev/null ; then
/run.sh .
else
echo "License management is not available in your subscription"
fi
}
function sast() {
case "$CI_SERVER_VERSION" in
*-ee)
...
...
@@ -363,30 +471,19 @@ production:
esac
}
function deploy() {
track="${1-stable}"
name="$CI_ENVIRONMENT_SLUG"
if [[ "$track" != "stable" ]]; then
name="$name-$track"
fi
replicas="1"
service_enabled="false"
postgres_enabled="$POSTGRES_ENABLED"
# canary uses stable db
[[ "$track" == "canary" ]] && postgres_enabled="false"
function get_replicas() {
track="${1:-stable}"
percentage="${2:-100}"
env_track=$( echo $track | tr -s '[:lower:]' '[:upper:]' )
env_slug=$( echo ${CI_ENVIRONMENT_SLUG//-/_} | tr -s '[:lower:]' '[:upper:]' )
if [[ "$track" == "stable" ]]; then
if [[ "$track" == "stable" ]]
|| [[ "$track" == "rollout" ]]
; then
# for stable track get number of replicas from `PRODUCTION_REPLICAS`
eval new_replicas=\$${env_slug}_REPLICAS
if [[ -z "$new_replicas" ]]; then
new_replicas=$REPLICAS
fi
service_enabled="true"
else
# for all tracks get number of replicas from `CANARY_PRODUCTION_REPLICAS`
eval new_replicas=\$${env_track}_${env_slug}_REPLICAS
...
...
@@ -394,9 +491,36 @@ production:
eval new_replicas=\${env_track}_REPLICAS
fi
fi
if [[ -n "$new_replicas" ]]; then
replicas="$new_replicas"
replicas="${new_replicas:-1}"
replicas="$(($replicas * $percentage / 100))"
# always return at least one replicas
if [[ $replicas -gt 0 ]]; then
echo "$replicas"
else
echo 1
fi
}
function deploy() {
track="${1-stable}"
percentage="${2:-100}"
name="$CI_ENVIRONMENT_SLUG"
replicas="1"
service_enabled="true"
postgres_enabled="$POSTGRES_ENABLED"
# if track is different than stable,
# re-use all attached resources
if [[ "$track" != "stable" ]]; then
name="$name-$track"
service_enabled="false"
postgres_enabled="false"
fi
replicas=$(get_replicas "$track" "$percentage")
if [[ "$CI_PROJECT_VISIBILITY" != "public" ]]; then
secret_name='gitlab-registry'
...
...
@@ -427,6 +551,25 @@ production:
chart/
}
function scale() {
track="${1-stable}"
percentage="${2-100}"
name="$CI_ENVIRONMENT_SLUG"
if [[ "$track" != "stable" ]]; then
name="$name-$track"
fi
replicas=$(get_replicas "$track" "$percentage")
helm upgrade --reuse-values \
--wait \
--set replicaCount="$replicas" \
--namespace="$KUBE_NAMESPACE" \
"$name" \
chart/
}
function install_dependencies() {
apk add -U openssl curl tar gzip bash ca-certificates git
wget -q -O /etc/apk/keys/sgerrand.rsa.pub https://raw.githubusercontent.com/sgerrand/alpine-pkg-glibc/master/sgerrand.rsa.pub
...
...
@@ -548,8 +691,8 @@ production:
kubectl create secret -n "$KUBE_NAMESPACE" \
docker-registry gitlab-registry \
--docker-server="$CI_REGISTRY" \
--docker-username="$
CI_REGISTRY_USER
" \
--docker-password="$
CI_REGISTRY_PASSWORD
" \
--docker-username="$
{CI_DEPLOY_USER:-$CI_REGISTRY_USER}
" \
--docker-password="$
{CI_DEPLOY_PASSWORD:-$CI_REGISTRY_PASSWORD}
" \
--docker-email="$GITLAB_USER_EMAIL" \
-o yaml --dry-run | kubectl replace -n "$KUBE_NAMESPACE" --force -f -
}
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment