.gitlab-ci.yml

include:
  - .gitlab/ci_templates/kaniko.yml
  - .gitlab/ci_templates/ssh_setup.yml
stages:
  - build
  - create-vps
  - setup-cluster
  - wait-for-deployments
  - health-test
  - integration-test
  - cleanup
variables:
  SSH_KEY_ID: "411"
  HOSTNAME: "${CI_COMMIT_REF_SLUG}"
  # Repeated values, because we're not allowed to use a variable in a variable
  SUBDOMAIN: "${CI_COMMIT_REF_SLUG}.ci"
  DOMAIN: "openappstack.net"
  ADDRESS: "${CI_COMMIT_REF_SLUG}.ci.openappstack.net"
  ANSIBLE_HOST_KEY_CHECKING: "False"
  KANIKO_BUILD_IMAGENAME: "openappstack-ci"

default:
  image: "${CI_REGISTRY_IMAGE}/${KANIKO_BUILD_IMAGENAME}:${CI_COMMIT_REF_SLUG}"


ci_test_image:
  stage: build
  only:
    changes:
      - .gitlab-ci.yml
      - Dockerfile
      - requirements.txt
      - .gitlab/ci_templates/kaniko.yml
  extends: .kaniko_build

create-vps:
  stage: create-vps
  script:
    - echo "hostname $HOSTNAME, subdomain $SUBDOMAIN, domain $DOMAIN, address $ADDRESS";
    - ls clusters/${HOSTNAME} || echo "directory clusters/${HOSTNAME} not found"
    # Creates the VPS only if an old VPS for this branch is not re-usable
    - sh .gitlab/ci_scripts/create_vps.sh
  artifacts:
    paths:
    - clusters
    expire_in: 1 month
    when: always
  only:
    changes:
      - .gitlab-ci.yml
      - .gitlab/ci_scripts/*
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*
  extends: .ssh_setup
  # Cache the cluster secrets so the next job can use it too
  cache:
    paths:
      - clusters/$HOSTNAME/**
    key: ${CI_COMMIT_REF_SLUG}

setup-openappstack:
  stage: setup-cluster
  script:
    # Copy inventory files to ansible folder for use in install-apps step
    - chmod 700 ansible
    - cp clusters/${CI_COMMIT_REF_SLUG}/inventory.yml ansible/
    - cp clusters/${CI_COMMIT_REF_SLUG}/group_vars/all/settings.yml ansible/group_vars/all/
    # Set up cluster
    - python3 -m openappstack $HOSTNAME install
    # Show versions of installed apps/binaries
    - chmod 700 ansible
    - cd ansible
    - ansible master -m shell -a 'oas-version-info.sh 2>&1'
  artifacts:
    paths:
    - ./clusters
    - ansible/inventory.yml
    - ansible/group_vars/all/settings.yml
    expire_in: 1 month
    when: always
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*
  extends: .ssh_setup
  # Cache the cluster secrets so the next job can use them
  cache:
    paths:
      - clusters/$HOSTNAME/**
    key: ${CI_COMMIT_REF_SLUG}

test_helmreleases:
  stage: wait-for-deployments
  script:
    - cd ansible/
    - export KUBECONFIG="${PWD}/../clusters/${HOSTNAME}/secrets/kube_config_cluster.yml"
    - pytest -v -s -m 'helmreleases' --connection=ansible --ansible-inventory=../clusters/${HOSTNAME}/inventory.yml --hosts='ansible://*' --reruns 120 --reruns-delay 10
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*
  extends: .ssh_setup

testinfra:
  stage: health-test
  script:
    - cd ansible/
    - pytest -v -m 'testinfra' --connection=ansible --ansible-inventory=../clusters/${HOSTNAME}/inventory.yml --hosts='ansible://*'
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*
  extends: .ssh_setup

certs:
  stage: health-test
  allow_failure: true
  script:
    - cd ansible/
    - pytest -s -m 'certs' --connection=ansible --ansible-inventory=../clusters/${HOSTNAME}/inventory.yml --hosts='ansible://*'
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*
  extends: .ssh_setup

prometheus-alerts:
  stage: health-test
  variables:
    OAS_DOMAIN: '${CI_COMMIT_REF_SLUG}.ci.openappstack.net'
  allow_failure: true
  script:
    - cd test/
    - pytest -s -m 'prometheus' --connection=ansible --ansible-inventory=../clusters/${HOSTNAME}/inventory.yml --hosts='ansible://*'
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
  extends: .ssh_setup

behave-nextcloud:
  stage: integration-test
  script:
    # Wait until flux creates the NextCloud HelmRelease.
    - ssh root@$ADDRESS '/bin/bash -c "while true; do kubectl get hr -n oas-apps nextcloud; if [ \$? -eq 0 ]; then break; fi; sleep 20; done"'
    # Wait until NextCloud is ready.
    - ssh root@$ADDRESS '/bin/bash -c "kubectl wait -n oas-apps hr/nextcloud --for condition=Released --timeout=20m"'
    # Run the behave tests for NextCloud.
    - python3 -m openappstack $HOSTNAME test --behave-headless --behave-tags nextcloud || python3 -m openappstack $HOSTNAME test --behave-headless --behave-rerun-failing --behave-tags nextcloud
  artifacts:
    paths:
    - test/behave/screenshots/
    expire_in: 1 month
    when: on_failure
  retry: 2
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*
  extends: .ssh_setup

behave-grafana:
  stage: integration-test
  script:
    - python3 -m openappstack $HOSTNAME test --behave-headless --behave-tags grafana || python3 -m openappstack $HOSTNAME test --behave-headless --behave-rerun-failing --behave-tags grafana
  artifacts:
    paths:
    - test/behave/screenshots/
    expire_in: 1 month
    when: on_failure
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*

terminate_mr_droplet_after_merge:
  stage: cleanup
  before_script:
    - echo "We leave MR droplets running even when the pipeline is successful \
      to be able to investigate a MR. We need to terminate them when the MR \
      is merged into master."
  script: |
    if [ "$(git show -s --pretty=%p HEAD | wc -w)" -gt 1 ]
    then
      commit_message="$(git show -s --format=%s)"
      tmp="${commit_message#*\'}"
      merged_branch="${tmp%%\'*}"
      echo "Current HEAD is a merge commit, removing droplet from related merge request branch name '#${merged_branch}'."
      python3 -c "import greenhost_cloud; greenhost_cloud.terminate_droplets_by_name(\"^${merged_branch}\.\")"
    else
      echo "Current HEAD is NOT a merge commit, nothing to do."
    fi
  only:
    refs:
      - master

terminate_old_droplets:
  stage: cleanup
  script:
    - echo "Terminate droplets 5 days after creation. Branches that exist longer than 5 days will get a new droplet when CI runs again."
    - python3 -c "import greenhost_cloud; greenhost_cloud.terminate_droplets_by_name('\d+-.*', 5)"
  only:
    changes:
      - .gitlab-ci.yml
      - ansible/**/*
      - flux/**/*
      - test/**/*
      - openappstack/**/*

# We need one job that run every time (without any `only:` limitation).
# This works around a Gitlab bug: if no job runs at all due to
# `only`, Gitlab gets confused and doesn't allow you to merge the MR:
# https://docs.gitlab.com/ee/user/project/merge_requests/merge_when_pipeline_succeeds.html#limitations
gitlab-merge-workaround:
  stage: cleanup
  script:
    - echo "That went well"