Commit 58690a63 authored by Ian Baum's avatar Ian Baum

Add review app to gitlab-ce

* Uses the same supporting code as used in EE
* Includes automated cleanup
* Install external-dns helm chart to review apps cluster if it isn't
already
* Adds variables REVIEW_APPS_AWS_SECRET_KEY and
REVIEW_APPS_AWS_ACCESS_key
* review-apps-ce uses a different cipher
parent def8e8db
......@@ -139,7 +139,7 @@ stages:
- export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}"
- apk add --update openssl
- wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
- chmod 755 $SCRIPT_NAME
- chmod 755 $(basename $SCRIPT_NAME)
.rake-exec: &rake-exec
<<: *dedicated-no-docs-no-db-pull-cache-job
......@@ -930,13 +930,13 @@ no_ee_check:
only:
- //@gitlab-org/gitlab-ce
# GitLab CE Review apps
# GitLab Review apps
review:
<<: *dedicated-no-docs-pull-cache-job
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
stage: test
allow_failure: true
before_script: []
before_script:
- gem install gitlab --no-document
variables:
GIT_DEPTH: "1"
HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG"
......@@ -953,6 +953,7 @@ review:
- ensure_namespace
- install_tiller
- create_secret
- install_external_dns
- deploy
environment:
name: review/$CI_COMMIT_REF_NAME
......@@ -961,6 +962,7 @@ review:
only:
refs:
- branches@gitlab-org/gitlab-ce
- branches@gitlab-org/gitlab-ee
kubernetes: active
except:
refs:
......@@ -970,13 +972,14 @@ review:
stop_review:
<<: *single-script-job
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
stage: post-cleanup
stage: test
allow_failure: true
cache: {}
dependencies: []
before_script: []
variables:
SCRIPT_NAME: "review_apps/review-apps.sh"
script:
- source ./scripts/review_apps/review-apps.sh
- source $(basename "${SCRIPT_NAME}")
- delete
- cleanup
when: manual
......@@ -985,6 +988,7 @@ stop_review:
action: stop
only:
refs:
- branches@gitlab-org/gitlab-ce
- branches@gitlab-org/gitlab-ee
kubernetes: active
except:
......@@ -994,7 +998,7 @@ stop_review:
automated_review_cleanup:
<<: *dedicated-no-docs-pull-cache-job
image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
stage: build
stage: post-cleanup
allow_failure: true
cache: {}
dependencies: []
......@@ -1006,6 +1010,7 @@ automated_review_cleanup:
- ruby -rrubygems scripts/review_apps/automated_cleanup.rb
only:
refs:
- schedules@gitlab-org/gitlab-ce
- schedules@gitlab-org/gitlab-ee
except:
- master
......
......@@ -47,15 +47,23 @@ function create_secret() {
--dry-run -o json | kubectl apply -f -
}
function deployExists() {
local namespace="${1}"
local deploy="${2}"
helm status --tiller-namespace "${namespace}" "${deploy}" >/dev/null 2>&1
return $?
}
function previousDeployFailed() {
set +e
echo "Checking for previous deployment of $CI_ENVIRONMENT_SLUG"
deployment_status=$(helm status $CI_ENVIRONMENT_SLUG >/dev/null 2>&1)
deploy="${1}"
echo "Checking for previous deployment of ${deploy}"
deployment_status=$(helm status ${deploy} >/dev/null 2>&1)
status=$?
# if `status` is `0`, deployment exists, has a status
if [ $status -eq 0 ]; then
echo "Previous deployment found, checking status"
deployment_status=$(helm status $CI_ENVIRONMENT_SLUG | grep ^STATUS | cut -d' ' -f2)
deployment_status=$(helm status ${deploy} | grep ^STATUS | cut -d' ' -f2)
echo "Previous deployment state: $deployment_status"
if [[ "$deployment_status" == "FAILED" || "$deployment_status" == "PENDING_UPGRADE" || "$deployment_status" == "PENDING_INSTALL" ]]; then
status=0;
......@@ -113,7 +121,7 @@ function deploy() {
fi
# Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed ; then
if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed "$CI_ENVIRONMENT_SLUG" ; then
echo "Deployment in bad state, cleaning up $CI_ENVIRONMENT_SLUG"
delete
cleanup
......@@ -149,6 +157,7 @@ HELM_CMD=$(cat << EOF
--set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
--set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
--set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_NAME" \
--set nginx-ingress.controller.config.ssl-ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" \
--namespace="$KUBE_NAMESPACE" \
--version="$CI_PIPELINE_ID-$CI_JOB_ID" \
"$name" \
......@@ -182,3 +191,23 @@ function cleanup() {
| xargs kubectl -n "$KUBE_NAMESPACE" delete \
|| true
}
function install_external_dns() {
local release_name="dns-gitlab-review-app"
local domain=$(echo "${REVIEW_APPS_DOMAIN}" | awk -F. '{printf "%s.%s", $(NF-1), $NF}')
if ! deployExists "${KUBE_NAMESPACE}" "${release_name}" || previousDeployFailed "${release_name}" ; then
echo "Installing external-dns helm chart"
helm repo update
helm install stable/external-dns \
-n "${release_name}" \
--namespace "${KUBE_NAMESPACE}" \
--set provider="aws" \
--set aws.secretKey="${REVIEW_APPS_AWS_SECRET_KEY}" \
--set aws.accessKey="${REVIEW_APPS_AWS_ACCESS_KEY}" \
--set aws.zoneType="public" \
--set domainFilters[0]="${domain}" \
--set txtOwnerId="${KUBE_NAMESPACE}" \
--set rbac.create="true"
fi
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment