Add review app to gitlab-ce

* Uses the same supporting code as used in EE
* Includes automated cleanup
* Install external-dns helm chart to review apps cluster if it isn't
already
* Adds variables REVIEW_APPS_AWS_SECRET_KEY and
REVIEW_APPS_AWS_ACCESS_key
* review-apps-ce uses a different cipher

.gitlab-ci.yml

@@ -139,7 +139,7 @@ stages:
     - export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}"
     - apk add --update openssl
     - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
-    - chmod 755 $SCRIPT_NAME
+    - chmod 755 $(basename $SCRIPT_NAME)
 
 .rake-exec: &rake-exec
   <<: *dedicated-no-docs-no-db-pull-cache-job
@@ -930,13 +930,13 @@ no_ee_check:
   only:
     - //@gitlab-org/gitlab-ce
 
-# GitLab CE Review apps
+# GitLab Review apps
 review:
-  <<: *dedicated-no-docs-pull-cache-job
   image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
   stage: test
   allow_failure: true
-  before_script: []
+  before_script:
+    - gem install gitlab --no-document
   variables:
     GIT_DEPTH: "1"
     HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG"
@@ -953,6 +953,7 @@ review:
     - ensure_namespace
     - install_tiller
     - create_secret
+    - install_external_dns
     - deploy
   environment:
     name: review/$CI_COMMIT_REF_NAME
@@ -961,6 +962,7 @@ review:
   only:
     refs:
       - branches@gitlab-org/gitlab-ce
+      - branches@gitlab-org/gitlab-ee
     kubernetes: active
   except:
     refs:
@@ -970,13 +972,14 @@ review:
 stop_review:
   <<: *single-script-job
   image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
-  stage: post-cleanup
+  stage: test
   allow_failure: true
   cache: {}
   dependencies: []
-  before_script: []
+  variables:
+    SCRIPT_NAME: "review_apps/review-apps.sh"
   script:
-    - source ./scripts/review_apps/review-apps.sh
+    - source $(basename "${SCRIPT_NAME}")
     - delete
     - cleanup
   when: manual
@@ -985,6 +988,7 @@ stop_review:
     action: stop
   only:
     refs:
+      - branches@gitlab-org/gitlab-ce
       - branches@gitlab-org/gitlab-ee
     kubernetes: active
   except:
@@ -994,7 +998,7 @@ stop_review:
 automated_review_cleanup:
   <<: *dedicated-no-docs-pull-cache-job
   image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
-  stage: build
+  stage: post-cleanup
   allow_failure: true
   cache: {}
   dependencies: []
@@ -1006,6 +1010,7 @@ automated_review_cleanup:
     - ruby -rrubygems scripts/review_apps/automated_cleanup.rb
   only:
     refs:
+      - schedules@gitlab-org/gitlab-ce
       - schedules@gitlab-org/gitlab-ee
   except:
     - master

scripts/review_apps/review-apps.sh

@@ -47,15 +47,23 @@ function create_secret() {
     --dry-run -o json | kubectl apply -f -
 }
 
+function deployExists() {
+    local namespace="${1}"
+    local deploy="${2}"
+    helm status --tiller-namespace "${namespace}" "${deploy}" >/dev/null 2>&1
+    return $?
+}
+
 function previousDeployFailed() {
   set +e
-  echo "Checking for previous deployment of $CI_ENVIRONMENT_SLUG"
-  deployment_status=$(helm status $CI_ENVIRONMENT_SLUG >/dev/null 2>&1)
+  deploy="${1}"
+  echo "Checking for previous deployment of ${deploy}"
+  deployment_status=$(helm status ${deploy} >/dev/null 2>&1)
   status=$?
   # if `status` is `0`, deployment exists, has a status
   if [ $status -eq 0 ]; then
     echo "Previous deployment found, checking status"
-    deployment_status=$(helm status $CI_ENVIRONMENT_SLUG | grep ^STATUS | cut -d' ' -f2)
+    deployment_status=$(helm status ${deploy} | grep ^STATUS | cut -d' ' -f2)
     echo "Previous deployment state: $deployment_status"
     if [[ "$deployment_status" == "FAILED" || "$deployment_status" == "PENDING_UPGRADE" || "$deployment_status" == "PENDING_INSTALL" ]]; then
       status=0;
@@ -113,7 +121,7 @@ function deploy() {
   fi
 
   # Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
-  if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed ; then
+  if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed "$CI_ENVIRONMENT_SLUG" ; then
     echo "Deployment in bad state, cleaning up $CI_ENVIRONMENT_SLUG"
     delete
     cleanup
@@ -149,6 +157,7 @@ HELM_CMD=$(cat << EOF
     --set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
     --set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
     --set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_NAME" \
+    --set nginx-ingress.controller.config.ssl-ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" \
     --namespace="$KUBE_NAMESPACE" \
     --version="$CI_PIPELINE_ID-$CI_JOB_ID" \
     "$name" \
@@ -182,3 +191,23 @@ function cleanup() {
     | xargs kubectl -n "$KUBE_NAMESPACE" delete \
     || true
 }
+
+function install_external_dns() {
+  local release_name="dns-gitlab-review-app"
+  local domain=$(echo "${REVIEW_APPS_DOMAIN}" | awk -F. '{printf "%s.%s", $(NF-1), $NF}')
+
+  if ! deployExists "${KUBE_NAMESPACE}" "${release_name}" || previousDeployFailed "${release_name}" ; then
+    echo "Installing external-dns helm chart"
+    helm repo update
+    helm install stable/external-dns \
+      -n "${release_name}" \
+      --namespace "${KUBE_NAMESPACE}" \
+      --set provider="aws" \
+      --set aws.secretKey="${REVIEW_APPS_AWS_SECRET_KEY}" \
+      --set aws.accessKey="${REVIEW_APPS_AWS_ACCESS_KEY}" \
+      --set aws.zoneType="public" \
+      --set domainFilters[0]="${domain}" \
+      --set txtOwnerId="${KUBE_NAMESPACE}" \
+      --set rbac.create="true"
+  fi
+}