From a6311d6f2711526eef0a196e8714a082b0fd3a62 Mon Sep 17 00:00:00 2001
From: Varac <varac@varac.net>
Date: Wed, 17 Mar 2021 15:27:44 +0100
Subject: [PATCH] Test individual helm releases
* Use pipelines for merge requests
Fixes: #438
---
.gitlab-ci.yml | 271 +++++++++++++++++++++++++++++++++++--------------
1 file changed, 192 insertions(+), 79 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 3d8ebcc18..6e833d350 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -38,11 +38,40 @@
on_stop: delete-image
auto_stop_in: 3 weeks
+# YAML extends
+# ============
+#
+
+.app_rules:
+ before_script:
+ - *debug_information
+ rules:
+ - changes:
+ - flux/**/$APP*.yaml
+ - ansible/roles/apps/templates/settings/$APP.yaml
+ - ansible/roles/apps/tasks/$APP.yaml
+
+
+.enable_app_template:
+ extends: .app_rules
+ stage: enable-apps
+ script:
+ - |
+ [ ! -d ./enabled_apps ] && mkdir enabled_apps || /bin/true
+ touch ./enabled_apps/$APP
+ artifacts:
+ paths:
+ - ./clusters
+ - ./enabled_apps/$APP
+
+
# Global declarations
# ===================
+# https://docs.gitlab.com/ee/ci/yaml/README.html#workflowrules-templates
include:
+ - template: 'Workflows/Branch-Pipelines.gitlab-ci.yml'
- .gitlab/ci_templates/kaniko.yml
- .gitlab/ci_templates/ssh_setup.yml
- template: 'Workflows/MergeRequest-Pipelines.gitlab-ci.yml'
@@ -50,9 +79,11 @@ include:
stages:
- build
- create-vps
+ - enable-apps
- setup-cluster
- helm-release
- apps-ready
+ - certs
- health-test
- integration-test
@@ -134,6 +165,48 @@ create-vps:
on_stop: terminate-droplet
auto_stop_in: 1 week
+
+# Stage: enable-apps
+# ==================
+#
+# Checks if application needs to get installed
+
+enable-eventrouter:
+ variables:
+ APP: "eventrouter"
+ extends: .enable_app_template
+
+enable-grafana:
+ variables:
+ APP: "grafana"
+ extends: .enable_app_template
+
+enable-nextcloud:
+ variables:
+ APP: "nextcloud"
+ extends: .enable_app_template
+
+enable-prometheus:
+ variables:
+ APP: "prometheus"
+ extends: .enable_app_template
+
+enable-rocketchat:
+ variables:
+ APP: "rocketchat"
+ extends: .enable_app_template
+
+enable-single-sign-on:
+ variables:
+ APP: "single-sign-on"
+ extends: .enable_app_template
+
+enable-wordpress:
+ variables:
+ APP: "wordpress"
+ extends: .enable_app_template
+
+
# Stage: setup-cluster
# ====================
#
@@ -159,6 +232,8 @@ setup-openappstack:
- *debug_information
# Copy inventory files to ansible folder for use in install-apps step
- chmod 700 ansible
+ - ls -al enabled_apps/
+ - for app in enabled_apps/*; do yq -i eval ".enabled_applications += [\"$(basename $app)\"]" clusters/${CI_COMMIT_REF_SLUG}/group_vars/all/settings.yml; done
- cp clusters/${CI_COMMIT_REF_SLUG}/inventory.yml ansible/
- cp clusters/${CI_COMMIT_REF_SLUG}/group_vars/all/settings.yml ansible/group_vars/all/
# Set up cluster
@@ -188,7 +263,7 @@ setup-openappstack:
# Tests if all helmreleases are in `deployed` state
-.helm-release: &helm-release
+.helm-release:
stage: helm-release
script:
- *debug_information
@@ -202,50 +277,44 @@ setup-openappstack:
- ansible/group_vars/all/settings.yml
expire_in: 1 month
when: always
- rules:
- - changes:
- - .gitlab-ci.yml
- - ansible/**/*
- - flux/**/*
- - test/**/*
- - openappstack/**/*
extends:
- .ssh_setup
-
-grafana-helm-release:
- variables:
- APP: "grafana"
- <<: *helm-release
+ - .app_rules
eventrouter-helm-release:
variables:
APP: "eventrouter"
- <<: *helm-release
+ extends: .helm-release
+
+grafana-helm-release:
+ variables:
+ APP: "grafana"
+ extends: .helm-release
nextcloud-helm-release:
variables:
APP: "nextcloud"
- <<: *helm-release
+ extends: .helm-release
prometheus-helm-release:
variables:
APP: "prometheus"
- <<: *helm-release
+ extends: .helm-release
rocketchat-helm-release:
- <<: *helm-release
variables:
APP: "rocketchat"
+ extends: .helm-release
single-sign-on-helm-release:
- <<: *helm-release
variables:
APP: "single-sign-on"
+ extends: .helm-release
wordpress-helm-release:
- <<: *helm-release
variables:
APP: "wordpress"
+ extends: .helm-release
# Stage: app-ready
# ================
@@ -253,7 +322,7 @@ wordpress-helm-release:
# Tests apps for readiness state
-.apps-ready: &apps-ready
+.apps-ready:
stage: apps-ready
script:
- *debug_information
@@ -263,84 +332,135 @@ wordpress-helm-release:
artifacts:
paths:
- ./clusters
- - ansible/inventory.yml
- - ansible/group_vars/all/settings.yml
expire_in: 1 month
when: always
- rules:
- - changes:
- - .gitlab-ci.yml
- - ansible/**/*
- - flux/**/*
- - test/**/*
- - openappstack/**/*
extends:
- .ssh_setup
+ - .app_rules
+
+eventrouter-ready:
+ variables:
+ APP: "eventrouter"
+ needs:
+ - job: eventrouter-helm-release
+ extends: .apps-ready
grafana-ready:
variables:
APP: "grafana"
- needs: ["grafana-helm-release"]
- <<: *apps-ready
+ needs:
+ - job: grafana-helm-release
+ extends: .apps-ready
nextcloud-ready:
variables:
APP: "nextcloud"
- needs: ["nextcloud-helm-release"]
- <<: *apps-ready
+ needs:
+ - job: nextcloud-helm-release
+ extends: .apps-ready
prometheus-ready:
variables:
APP: "prometheus"
- needs: ["prometheus-helm-release"]
- <<: *apps-ready
+ needs:
+ - job: prometheus-helm-release
+ extends: .apps-ready
rocketchat-ready:
- <<: *apps-ready
variables:
APP: "rocketchat"
- needs: ["rocketchat-helm-release"]
+ needs:
+ - job: rocketchat-helm-release
+ extends: .apps-ready
single-sign-on-ready:
- <<: *apps-ready
variables:
APP: "single-sign-on"
- needs: ["single-sign-on-helm-release"]
+ needs:
+ - job: single-sign-on-helm-release
+ extends: .apps-ready
wordpress-ready:
- <<: *apps-ready
variables:
APP: "wordpress"
- needs: ["wordpress-helm-release"]
-
+ needs:
+ - job: wordpress-helm-release
+ extends: .apps-ready
-# Stage: health-test
-# ==================
+# Stage: certs
+# ================
#
-# General cluster health checks
+# Test each app for proper certs
-testinfra:
- stage: health-test
+.apps-cert:
+ stage: certs
script:
- *debug_information
- cd ansible/
- - pytest -v -s -m 'testinfra' --connection=ansible --ansible-inventory=${CLUSTER_DIR}/inventory.yml --hosts='ansible://*'
- rules:
- - changes:
- - .gitlab-ci.yml
- - ansible/**/*
- - flux/**/*
- - test/**/*
- - openappstack/**/*
+ - pytest -v -s -m 'certs' --app="$APP" --connection=ansible --ansible-inventory=${CLUSTER_DIR}/inventory.yml --hosts='ansible://*' --reruns 120 --reruns-delay 10
+ artifacts:
+ paths:
+ - ./clusters
+ expire_in: 1 month
+ when: always
extends:
- .ssh_setup
+ - .app_rules
+
+grafana-cert:
+ variables:
+ APP: "grafana"
+ needs:
+ - job: grafana-ready
+ extends: .apps-cert
+
+nextcloud-cert:
+ variables:
+ APP: "nextcloud"
+ needs:
+ - job: nextcloud-ready
+ extends: .apps-cert
+
+prometheus-cert:
+ variables:
+ APP: "prometheus"
+ needs:
+ - job: prometheus-ready
+ extends: .apps-cert
+
+rocketchat-cert:
+ variables:
+ APP: "rocketchat"
+ needs:
+ - job: rocketchat-ready
+ extends: .apps-cert
-certs:
+single-sign-on-cert:
+ variables:
+ APP: "single-sign-on"
+ needs:
+ - job: single-sign-on-ready
+ extends: .apps-cert
+
+wordpress-cert:
+ variables:
+ APP: "wordpress"
+ needs:
+ - job: wordpress-ready
+ extends: .apps-cert
+
+
+# Stage: health-test
+# ==================
+#
+# General cluster health checks
+
+testinfra:
stage: health-test
script:
- *debug_information
- cd ansible/
- - pytest -s -m 'certs' --connection=ansible --ansible-inventory=${CLUSTER_DIR}/inventory.yml --hosts='ansible://*'
+ - pytest -v -s -m 'testinfra' --connection=ansible --ansible-inventory=${CLUSTER_DIR}/inventory.yml --hosts='ansible://*'
rules:
- changes:
- .gitlab-ci.yml
@@ -353,19 +473,18 @@ certs:
prometheus-alerts:
stage: health-test
+ variables:
+ APP: "prometheus"
allow_failure: true
script:
- *debug_information
- cd test/
- pytest -s -m 'prometheus' --connection=ansible --ansible-inventory=${CLUSTER_DIR}/inventory.yml --hosts='ansible://*'
- rules:
- - changes:
- - .gitlab-ci.yml
- - ansible/**/*
- - flux/**/*
- - test/**/*
extends:
- .ssh_setup
+ - .app_rules
+ needs:
+ - job: prometheus-ready
# Stage: integration-test
@@ -373,7 +492,7 @@ prometheus-alerts:
#
# Runs integration tests for most apps using behave
-.behave: &behave
+.behave:
stage: integration-test
script:
- *debug_information
@@ -385,43 +504,37 @@ prometheus-alerts:
- test/behave/screenshots/
expire_in: 1 month
when: on_failure
- rules:
- - changes:
- - .gitlab-ci.yml
- - ansible/**/*
- - flux/**/*
- - test/**/*
- - openappstack/**/*
extends:
- .ssh_setup
+ - .app_rules
grafana-behave:
variables:
APP: "grafana"
needs:
- - job: grafana-ready
- <<: *behave
+ - job: grafana-cert
+ extends: .behave
nextcloud-behave:
variables:
APP: "nextcloud"
needs:
- - job: nextcloud-ready
- <<: *behave
+ - job: nextcloud-cert
+ extends: .behave
rocketchat-behave:
variables:
APP: "rocketchat"
needs:
- - job: rocketchat-ready
- <<: *behave
+ - job: rocketchat-cert
+ extends: .behave
wordpress-behave:
variables:
APP: "wordpress"
needs:
- - job: wordpress-ready
- <<: *behave
+ - job: wordpress-cert
+ extends: .behave
# Etc
--
GitLab