Skip to content
Snippets Groups Projects
cd-deploy-ocf.gitlab-ci.yml 9.72 KiB
Newer Older
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
stages:
  - deploy_ocf_staging
  - delete_ocf_staging
  - deploy_ocf_dev
  - delete_ocf_dev

variables:
  NAMESPACE_DEV: "ocf-dev-$CI_ENVIRONMENT_SLUG"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  NAMESPACE_STAGING: "ocf-staging"
  DOMAIN_STAGING: staging.int
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  DOMAIN_DEV: developer.int
  DOMAIN_PROD: prod.int
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  CI_JOB_TOKEN: $CI_JOB_TOKEN
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG
  IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  VAULT_HOSTNAME: $VAULT_HOSTNAME
  VAULT_PORT: $VAULT_PORT
  VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN
  CI_REGISTRY: $CI_REGISTRY
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

.main_common: &main_common
  only:
    - merge_requests
  except:
    variables:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#      - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
.staging_common: &staging_common
  only:
    - merge_requests
  except:
    variables:
      - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging"
  tags:
    - shell

.dev_common: &dev_common
  tags:
    - shell

deploy_ocf_staging:
  stage: deploy_ocf_staging
  needs:
    - staging_build_and_push
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  <<: *staging_common
  environment:
    name: review/staging
    url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    on_stop: delete_ocf_staging
    auto_stop_in: 3 day
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#  rules:
#    - if: $CI_COMMIT_BRANCH == "main"
#      when: never
#    - if: $CI_COMMIT_BRANCH == "staging"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  script:
    - |
      helm version
      kubectl version --output=yaml
      echo "### setting kubeconfig###"
      whoami
      kubectl cluster-info
      yq --version
      ls -rtt helm/capif
      cat helm/capif/Chart.yaml
      yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml
      cat helm/capif/Chart.yaml
      echo "### download dependencies###"
      helm dependency build helm/capif
      echo "### updating capif###"
      helm upgrade --install -n NAMESPACE_DEV ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \
      --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \
      --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING" \
      --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \
      --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \
      --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \
      --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \
      --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \
      --set parametersVault.env.vaultPort=$VAULT_PORT \
      --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
      --set ingress.ip=10.43.107.132 \
      --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \
      --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \
      --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \
      --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \
      --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \
      --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \
      --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \
      --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \
      --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \
      --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \
      --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \
      --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \
      --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \
      --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \
      --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \
      --set register.register.image.tag=$CI_COMMIT_REF_SLUG \
      --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \
      --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \
      --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \
      --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \
      --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \
      --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \
      --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \
      --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \
      --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \
      --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

delete_ocf_staging:
  stage: delete_ocf_staging
  <<: *staging_common
  script:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - echo "### deleting environment $NAMESPACE_STAGING###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#    - helm uninstall -n $NAMESPACE_STAGING ocf-staging
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  when: manual
  environment:
    name: review/staging
    action: stop

## dev ###
deploy_ocf_dev:
  stage: deploy_ocf_dev
  needs:
    - dev_build_and_push
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  <<: *dev_common
  environment:
    name: review/$CI_COMMIT_REF_SLUG
    url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    on_stop: delete_ocf_dev
    auto_stop_in: 3 day
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#  rules:
#    - if: $CI_COMMIT_BRANCH == "main"
#      when: never
#    - if: $CI_COMMIT_BRANCH == "staging"
#      when: never      
#    - if: $CI_COMMIT_BRANCH
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  script:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - |
      helm version
      kubectl version --output=yaml
      echo "### setting kubeconfig###"
      kubectl cluster-info
      yq --version
      cat helm/capif/Chart.yaml
      yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml
      cat helm/capif/Chart.yaml
      echo "### download dependencies###"
      helm dependency build helm/capif
      echo "### updating capif###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \
      --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \
      --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \
      --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \
      --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \
      --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \
      --set parametersVault.env.vaultPort=$VAULT_PORT \
      --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \
      --set ingress.ip=10.43.107.132 \
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \
      --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \
      --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \
      --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \
      --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \
      --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \
      --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \
      --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \
      --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \
      --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \
      --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \
      --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \
      --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \
      --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \
      --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \
      --set register.register.image.tag=$CI_COMMIT_REF_SLUG \
      --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \
      --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \
      --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \
      --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \
      --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \
      --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \
      --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \
      --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \
      --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

delete_ocf_dev:
  stage: delete_ocf_dev
  <<: *staging_common
  script:
    - echo "### deleting environment $NAMESPACE_DEV###"
    - helm uninstall -n $NAMESPACE_DEV ocf-developer
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  when: manual
  environment:
    name: review/$CI_COMMIT_REF_SLUG
    action: stop