From 3d9793544ccb6b4c8f6a90900deee596bfe945a1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Mon, 26 Feb 2024 14:03:41 +0100 Subject: [PATCH 001/392] frist commit --- capif/.gitlab-ci.yml | 65 +++++++++++++++++++++++ capif/templates/workflow_ci.gitlab-ci.yml | 54 +++++++++++++++++++ 2 files changed, 119 insertions(+) create mode 100644 capif/.gitlab-ci.yml create mode 100644 capif/templates/workflow_ci.gitlab-ci.yml diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml new file mode 100644 index 0000000..32b45a5 --- /dev/null +++ b/capif/.gitlab-ci.yml @@ -0,0 +1,65 @@ +stages: + - cancel_previous_action + - workflow_ci + - ci_in_staging + - ci_deploy_in_staging + - cleaning_in_staging + +variables: + GITLAB_API: "https://labs.etsi.org/api/v4" + CI_JOB_TOKEN: $CI_JOB_TOKEN + +.common: &common + only: + - merge_requests + except: + - $CI_PIPELINE_SOURCE == "merge_request_event" && $GITLAB_USER_LOGIN == "andresanaya21" + tags: + - shell + +cancel_previous_action: + stage: cancel_previous_action + script: + - > + if [[ -n "$CI_JOB_TOKEN" ]]; then + echo "Checking for running jobs in the same pipeline..." + jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") + for job in $(echo "$jobs" | jq -r '.[] | @base64'); do + _jq() { + echo ${job} | base64 --decode | jq -r ${1} + } + status=$(_jq '.status') + id=$(_jq '.id') + if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then + echo "Cancelling job $id" + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" + fi + done + fi + <<: *common + +include: +- 'templates/workflow_ci.gitlab-ci.yml' +#- 'templates/ci_in_staging.gitlab-ci.yml' + + +#ci_in_staging: +# stage: ci_in_staging +# script: +# - echo "Define the ci_in_staging job here" +# needs: ["workflow_ci"] +# <<: *common +# +#ci_deploy_in_staging: +# stage: ci_deploy_in_staging +# script: +# - echo "Define the ci_deploy_in_staging job here" +# needs: ["ci_in_staging"] +# <<: *common +# +#cleaning_in_staging: +# stage: cleaning_in_staging +# script: +# - echo "Define the cleaning_in_staging job here" +# needs: ["ci_deploy_in_staging"] +# <<: *common \ No newline at end of file diff --git a/capif/templates/workflow_ci.gitlab-ci.yml b/capif/templates/workflow_ci.gitlab-ci.yml new file mode 100644 index 0000000..999b637 --- /dev/null +++ b/capif/templates/workflow_ci.gitlab-ci.yml @@ -0,0 +1,54 @@ +stages: + - pulling_repo + - secrets_in_repo + - linting_code + - linting_docker + +variables: + GITLAB_API: "https://labs.etsi.org/api/v4" + CI_JOB_TOKEN: $CI_JOB_TOKEN + +pulling_repo: + stage: pulling_repo + script: +# - https://labs.etsi.org/rep/ocf/capif.git + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + tags: + - shell + +secrets_in_repo: + stage: secrets_in_repo + script: + - pip install trufflehog + - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + needs: ["pulling_repo"] + tags: + - shell + +# define the process to do linting code: Sonarque, ruff? +linting_code: + stage: linting_code + script: + - echo "ruff checks" + needs: ["secrets_in_repo"] + tags: + - shell + +linting_docker: + stage: linting_docker + image: hadolint/hadolint:latest-debian + script: + - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json +# - hadolint services/capif-client/Dockerfile +# - hadolint services/nginx/Dockerfile +# - hadolint services/register/Dockerfile + artifacts: + name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" + when: always + reports: + codequality: + - docker-lint.json + interruptible: true + needs: ["linting_code"] + tags: + - shell -- GitLab From fce71fbbdae327f9c4561f78a755915e21632b81 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Mon, 26 Feb 2024 14:59:36 +0100 Subject: [PATCH 002/392] capif/templates --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 32b45a5..a3f1c0c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -39,7 +39,7 @@ cancel_previous_action: <<: *common include: -- 'templates/workflow_ci.gitlab-ci.yml' +- 'capif/templates/workflow_ci.gitlab-ci.yml' #- 'templates/ci_in_staging.gitlab-ci.yml' -- GitLab From 20cf7f76e223dca1fb181db89bf89ff560f30269 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Mon, 26 Feb 2024 15:03:42 +0100 Subject: [PATCH 003/392] common --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index a3f1c0c..2f39e15 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -13,7 +13,7 @@ variables: only: - merge_requests except: - - $CI_PIPELINE_SOURCE == "merge_request_event" && $GITLAB_USER_LOGIN == "andresanaya21" + - $CI_PIPELINE_SOURCE == "merge_request_event" tags: - shell -- GitLab From ab703d8a8149cf9e8782386160db726b148a5fbb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Mon, 26 Feb 2024 16:48:31 +0100 Subject: [PATCH 004/392] pulling_repo --- capif/.gitlab-ci.yml | 2 +- capif/templates/workflow_ci.gitlab-ci.yml | 1 - 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 2f39e15..e8a3564 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -39,7 +39,7 @@ cancel_previous_action: <<: *common include: -- 'capif/templates/workflow_ci.gitlab-ci.yml' + - 'capif/templates/workflow_ci.gitlab-ci.yml' #- 'templates/ci_in_staging.gitlab-ci.yml' diff --git a/capif/templates/workflow_ci.gitlab-ci.yml b/capif/templates/workflow_ci.gitlab-ci.yml index 999b637..409b15a 100644 --- a/capif/templates/workflow_ci.gitlab-ci.yml +++ b/capif/templates/workflow_ci.gitlab-ci.yml @@ -11,7 +11,6 @@ variables: pulling_repo: stage: pulling_repo script: -# - https://labs.etsi.org/rep/ocf/capif.git - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git tags: - shell -- GitLab From 078ebf017c7b38c5981095a6237141b2abaf378c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Mon, 26 Feb 2024 16:49:58 +0100 Subject: [PATCH 005/392] no include --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e8a3564..6dd56a9 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -38,8 +38,8 @@ cancel_previous_action: fi <<: *common -include: - - 'capif/templates/workflow_ci.gitlab-ci.yml' +#include: +# - 'capif/templates/workflow_ci.gitlab-ci.yml' #- 'templates/ci_in_staging.gitlab-ci.yml' -- GitLab From 3e1c6f15ada2ffbfefe83b2100ada2fb6c097ca3 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Tue, 27 Feb 2024 16:16:54 +0100 Subject: [PATCH 006/392] staging gitlab ci --- capif/.gitlab-ci.yml | 10 ++- .../templates/cd-deploy-ocf-dev.gitlab-ci.yml | 81 +++++++++++++++++++ capif/templates/workflow_ci.gitlab-ci.yml | 21 +++-- 3 files changed, 100 insertions(+), 12 deletions(-) create mode 100644 capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 6dd56a9..c52d450 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -13,7 +13,8 @@ variables: only: - merge_requests except: - - $CI_PIPELINE_SOURCE == "merge_request_event" + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell @@ -38,9 +39,10 @@ cancel_previous_action: fi <<: *common -#include: -# - 'capif/templates/workflow_ci.gitlab-ci.yml' -#- 'templates/ci_in_staging.gitlab-ci.yml' +include: + - 'capif/templates/workflow_ci.gitlab-ci.yml' +# - 'capif/templates/ci_in_staging.gitlab-ci.yml' +# - 'capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml' #ci_in_staging: diff --git a/capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml b/capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml new file mode 100644 index 0000000..452412c --- /dev/null +++ b/capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml @@ -0,0 +1,81 @@ +stages: + - deploy_ocf_dev + - delete_ocf_dev + +variables: + INGRESS: "10.43.32.232" + NAMESPACE: "ocf-staging" + DOMAIN: staging.int + CI_JOB_TOKEN: $CI_JOB_TOKEN + IMAGE_TAG: "v0.0.1-staging" + +.common: &common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + tags: + - shell + +deploy_ocf_dev: + stage: deploy_ocf_dev + <<: *common + environment: + name: review/staging + url: https://$NAMESPACE.$DOMAIN + on_stop: delete_ocf_dev + auto_stop_in: 3 day + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH + script: + - echo "### git clone OCF repo ###" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm ###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + - chmod 700 get_helm.sh + - ./get_helm.sh + - helm version + - echo "### install kubectl ###" + - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + - chmod +x kubectl + - sudo mv kubectl /usr/local/bin + - kubectl version --output=yaml + - echo "### setting kubeconfig ###" + - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig + - kubectl get nodes --kubeconfig ~/cluster.kubeconfig + - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working + - echo "### install yq ###" + - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + - sudo chmod a+x /usr/local/bin/yq + - yq --version + - yq e -i '.version = "$IMAGE_TAG"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies ###" + - helm dependency build helm/capif + - echo "### updating capif ###" + - helm uninstall -n $NAMESPACE ocf --kubeconfig ~/cluster.kubeconfig || true + - helm upgrade --install -n $NAMESPACE ocf helm/capif/ \ + --set nginx.nginx.env.capifHostname=capif.$DOMAIN \ + --set ingress_ip.oneke="$INGRESS" --atomic \ + --set monitoring.prometheus.enable="" \ + --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --wait --timeout=10m \ + --create-namespace --kubeconfig ~/cluster.kubeconfig + + +delete_ocf_dev: + stage: delete_ocf_dev + <<: *common + script: + - echo "### deleting environment $NAMESPACE ###" + - helm uninstall -n $NAMESPACE ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/staging + action: stop \ No newline at end of file diff --git a/capif/templates/workflow_ci.gitlab-ci.yml b/capif/templates/workflow_ci.gitlab-ci.yml index 409b15a..dd45240 100644 --- a/capif/templates/workflow_ci.gitlab-ci.yml +++ b/capif/templates/workflow_ci.gitlab-ci.yml @@ -8,12 +8,20 @@ variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN +.common: &common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + tags: + - shell + pulling_repo: stage: pulling_repo script: - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - tags: - - shell + <<: *common secrets_in_repo: stage: secrets_in_repo @@ -21,8 +29,7 @@ secrets_in_repo: - pip install trufflehog - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 needs: ["pulling_repo"] - tags: - - shell + <<: *common # define the process to do linting code: Sonarque, ruff? linting_code: @@ -30,8 +37,7 @@ linting_code: script: - echo "ruff checks" needs: ["secrets_in_repo"] - tags: - - shell + <<: *common linting_docker: stage: linting_docker @@ -49,5 +55,4 @@ linting_docker: - docker-lint.json interruptible: true needs: ["linting_code"] - tags: - - shell + <<: *common -- GitLab From b680c82683169f846e0dfa59eed2ac1a03c52b21 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Wed, 28 Feb 2024 17:27:22 +0100 Subject: [PATCH 007/392] execution --- capif/.gitlab-ci.yml | 35 +++-- .../templates/cd-deploy-ocf-dev.gitlab-ci.yml | 81 ---------- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 143 ++++++++++++++++++ capif/templates/ci_dev.gitlab-ci.yml | 53 +++++++ ...gitlab-ci.yml => ci_staging.gitlab-ci.yml} | 42 ++--- 5 files changed, 240 insertions(+), 114 deletions(-) delete mode 100644 capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml create mode 100644 capif/templates/cd-deploy-ocf.gitlab-ci.yml create mode 100644 capif/templates/ci_dev.gitlab-ci.yml rename capif/templates/{workflow_ci.gitlab-ci.yml => ci_staging.gitlab-ci.yml} (61%) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index c52d450..eab0e42 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,5 +1,5 @@ stages: - - cancel_previous_action + - staging_cancel_previous_action - workflow_ci - ci_in_staging - ci_deploy_in_staging @@ -9,7 +9,7 @@ variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN -.common: &common +.staging_common: &staging_common only: - merge_requests except: @@ -18,8 +18,12 @@ variables: tags: - shell -cancel_previous_action: - stage: cancel_previous_action +.dev_common: &dev_common + tags: + - shell + +staging_cancel_previous_action: + stage: staging_cancel_previous_action script: - > if [[ -n "$CI_JOB_TOKEN" ]]; then @@ -37,12 +41,19 @@ cancel_previous_action: fi done fi - <<: *common + <<: *staging_common + +dev_cancel_previous_action: + stage: dev_cancel_previous_action + script: + - > + echo "dev_cancel_previous_action job" + <<: *dev_common -include: - - 'capif/templates/workflow_ci.gitlab-ci.yml' -# - 'capif/templates/ci_in_staging.gitlab-ci.yml' -# - 'capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml' +#include: +# - 'capif/templates/ci_staging.gitlab-ci.yml' +# - 'capif/templates/ci_dev.gitlab-ci.yml' +# - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' #ci_in_staging: @@ -50,18 +61,18 @@ include: # script: # - echo "Define the ci_in_staging job here" # needs: ["workflow_ci"] -# <<: *common +# <<: *staging_common # #ci_deploy_in_staging: # stage: ci_deploy_in_staging # script: # - echo "Define the ci_deploy_in_staging job here" # needs: ["ci_in_staging"] -# <<: *common +# <<: *staging_common # #cleaning_in_staging: # stage: cleaning_in_staging # script: # - echo "Define the cleaning_in_staging job here" # needs: ["ci_deploy_in_staging"] -# <<: *common \ No newline at end of file +# <<: *staging_common \ No newline at end of file diff --git a/capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml b/capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml deleted file mode 100644 index 452412c..0000000 --- a/capif/templates/cd-deploy-ocf-dev.gitlab-ci.yml +++ /dev/null @@ -1,81 +0,0 @@ -stages: - - deploy_ocf_dev - - delete_ocf_dev - -variables: - INGRESS: "10.43.32.232" - NAMESPACE: "ocf-staging" - DOMAIN: staging.int - CI_JOB_TOKEN: $CI_JOB_TOKEN - IMAGE_TAG: "v0.0.1-staging" - -.common: &common - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" - tags: - - shell - -deploy_ocf_dev: - stage: deploy_ocf_dev - <<: *common - environment: - name: review/staging - url: https://$NAMESPACE.$DOMAIN - on_stop: delete_ocf_dev - auto_stop_in: 3 day - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH - script: - - echo "### git clone OCF repo ###" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm ###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - - chmod 700 get_helm.sh - - ./get_helm.sh - - helm version - - echo "### install kubectl ###" - - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - - chmod +x kubectl - - sudo mv kubectl /usr/local/bin - - kubectl version --output=yaml - - echo "### setting kubeconfig ###" - - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig - - kubectl get nodes --kubeconfig ~/cluster.kubeconfig - - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working - - echo "### install yq ###" - - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - - sudo chmod a+x /usr/local/bin/yq - - yq --version - - yq e -i '.version = "$IMAGE_TAG"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG"' helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies ###" - - helm dependency build helm/capif - - echo "### updating capif ###" - - helm uninstall -n $NAMESPACE ocf --kubeconfig ~/cluster.kubeconfig || true - - helm upgrade --install -n $NAMESPACE ocf helm/capif/ \ - --set nginx.nginx.env.capifHostname=capif.$DOMAIN \ - --set ingress_ip.oneke="$INGRESS" --atomic \ - --set monitoring.prometheus.enable="" \ - --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ - --wait --timeout=10m \ - --create-namespace --kubeconfig ~/cluster.kubeconfig - - -delete_ocf_dev: - stage: delete_ocf_dev - <<: *common - script: - - echo "### deleting environment $NAMESPACE ###" - - helm uninstall -n $NAMESPACE ocf --kubeconfig ~/cluster.kubeconfig - when: manual - environment: - name: review/staging - action: stop \ No newline at end of file diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml new file mode 100644 index 0000000..5828f8a --- /dev/null +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -0,0 +1,143 @@ +stages: + - deploy_ocf_staging + - delete_ocf_staging + - deploy_ocf_dev + - delete_ocf_dev + +variables: + INGRESS: "10.43.32.232" + NAMESPACE_DEV: "ocf-dev-$CI_JOB_USER" + NAMESPACE_STAGING: "ocf-staging" + DOMAIN_STAGING: staging.int + DOAMIN_DEV: developer.int + CI_JOB_TOKEN: $CI_JOB_TOKEN + IMAGE_TAG_DEV: "v0.0.1-$CI_COMMIT_SHA" + IMAGE_TAG_STAGING: "v0.0.1-staging" + +.staging_common: &staging_common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + tags: + - shell + +.dev_common: &dev_common + tags: + - shell + +deploy_ocf_staging: + stage: deploy_ocf_staging + <<: *staging_common + environment: + name: review/staging + url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + on_stop: delete_ocf_staging + auto_stop_in: 3 day + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH + script: + - echo "### git clone OCF repo ###" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm ###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + - chmod 700 get_helm.sh + - ./get_helm.sh + - helm version + - echo "### install kubectl ###" + - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + - chmod +x kubectl + - sudo mv kubectl /usr/local/bin + - kubectl version --output=yaml + - echo "### setting kubeconfig ###" + - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig + - kubectl get nodes --kubeconfig ~/cluster.kubeconfig + - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working + - echo "### install yq ###" + - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + - sudo chmod a+x /usr/local/bin/yq + - yq --version + - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies ###" + - helm dependency build helm/capif + - echo "### updating capif ###" + - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true + - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ + --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ + --set ingress_ip.oneke="$INGRESS" --atomic \ + --set monitoring.prometheus.enable="" \ + --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --wait --timeout=10m \ + --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + + +delete_ocf_staging: + stage: delete_ocf_staging + <<: *staging_common + script: + - echo "### deleting environment $NAMESPACE_STAGING ###" + - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/staging + action: stop + +## dev ### +deploy_ocf_dev: + stage: deploy_ocf_dev + <<: *dev_common + environment: + name: review/$CI_COMMIT_REF_SLUG + url: https://$NAMESPACE_DEV.$DOMAIN_DEV + on_stop: delete_ocf_dev + auto_stop_in: 3 day + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" + when: never + - if: $CI_COMMIT_BRANCH + script: + - echo "### git clone OCF repo ###" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm ###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + - chmod 700 get_helm.sh + - ./get_helm.sh + - helm version + - echo "### install kubectl ###" + - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + - chmod +x kubectl + - sudo mv kubectl /usr/local/bin + - kubectl version --output=yaml + - echo "### setting kubeconfig ###" + - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig + - kubectl get nodes --kubeconfig ~/cluster.kubeconfig + - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working + - echo "### install yq ###" + - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 + - sudo chmod a+x /usr/local/bin/yq + - yq --version + - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies ###" + - helm dependency build helm/capif + - echo "### updating capif ###" + - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true + - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ + --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ + --set ingress_ip.oneke="$INGRESS" --atomic \ + --set monitoring.prometheus.enable="" \ + --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --wait --timeout=10m \ + --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml new file mode 100644 index 0000000..47e8926 --- /dev/null +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -0,0 +1,53 @@ +stages: + - dev_pulling_repo + - dev_secrets_in_repo + - dev_linting_code + - dev_linting_docker + +variables: + GITLAB_API: "https://labs.etsi.org/api/v4" + CI_JOB_TOKEN: $CI_JOB_TOKEN + +.dev_common: &dev_common + tags: + - shell + +dev_pulling_repo: + stage: dev_pulling_repo + script: + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + <<: *dev_common + +dev_secrets_in_repo: + stage: dev_secrets_in_repo + script: + - pip install trufflehog + - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + needs: ["dev_pulling_repo"] + <<: *dev_common + +# define the process to do linting code: Sonarque, ruff? +dev_linting_code: + stage: dev_linting_code + script: + - echo "ruff checks" + needs: ["dev_secrets_in_repo"] + <<: *dev_common + +dev_linting_docker: + stage: dev_linting_docker + image: hadolint/hadolint:latest-debian + script: + - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json + - hadolint services/capif-client/Dockerfile +# - hadolint services/nginx/Dockerfile +# - hadolint services/register/Dockerfile + artifacts: + name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" + when: always + reports: + codequality: + - docker-lint.json + interruptible: true + needs: ["dev_linting_code"] + <<: *dev_common diff --git a/capif/templates/workflow_ci.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml similarity index 61% rename from capif/templates/workflow_ci.gitlab-ci.yml rename to capif/templates/ci_staging.gitlab-ci.yml index dd45240..be58f5f 100644 --- a/capif/templates/workflow_ci.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -1,14 +1,14 @@ stages: - - pulling_repo - - secrets_in_repo - - linting_code - - linting_docker + - staging_pulling_repo + - staging_secrets_in_repo + - staging_linting_code + - staging_linting_docker variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN -.common: &common +.staging_common: &staging_common only: - merge_requests except: @@ -17,34 +17,34 @@ variables: tags: - shell -pulling_repo: - stage: pulling_repo +staging_pulling_repo: + stage: staging_pulling_repo script: - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - <<: *common + <<: *staging_common -secrets_in_repo: - stage: secrets_in_repo +staging_secrets_in_repo: + stage: staging_secrets_in_repo script: - pip install trufflehog - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 - needs: ["pulling_repo"] - <<: *common + needs: ["staging_pulling_repo"] + <<: *staging_common # define the process to do linting code: Sonarque, ruff? -linting_code: - stage: linting_code +staging_linting_code: + stage: staging_linting_code script: - echo "ruff checks" - needs: ["secrets_in_repo"] - <<: *common + needs: ["staging_secrets_in_repo"] + <<: *staging_common -linting_docker: - stage: linting_docker +staging_linting_docker: + stage: staging_linting_docker image: hadolint/hadolint:latest-debian script: - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json -# - hadolint services/capif-client/Dockerfile + - hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile artifacts: @@ -54,5 +54,5 @@ linting_docker: codequality: - docker-lint.json interruptible: true - needs: ["linting_code"] - <<: *common + needs: ["staging_linting_code"] + <<: *staging_common -- GitLab From 43b94ee70bc082c6909b9d7200eceb7fe91573c8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Andr=C3=A9s=20Anaya?= Date: Wed, 28 Feb 2024 17:30:06 +0100 Subject: [PATCH 008/392] CI_COMMIT_BRANCH --- capif/.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index eab0e42..59aa74a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -48,6 +48,8 @@ dev_cancel_previous_action: script: - > echo "dev_cancel_previous_action job" + rules: + - if: $CI_COMMIT_BRANCH <<: *dev_common #include: -- GitLab From ccda6b50d9da63f435de5deea443800d8a07c186 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Thu, 29 Feb 2024 12:54:06 +0100 Subject: [PATCH 009/392] commit test --- capif/.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 59aa74a..6f1fb4b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -57,7 +57,6 @@ dev_cancel_previous_action: # - 'capif/templates/ci_dev.gitlab-ci.yml' # - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' - #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 47e84c6962cfd75a7d2c8c8bebd5a7c2e106f382 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Thu, 29 Feb 2024 12:55:52 +0100 Subject: [PATCH 010/392] commit test --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 6f1fb4b..59aa74a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -57,6 +57,7 @@ dev_cancel_previous_action: # - 'capif/templates/ci_dev.gitlab-ci.yml' # - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 8fa0c5d1edfbfc95769036b48bb8adfe65c5b66f Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 15:38:46 +0100 Subject: [PATCH 011/392] test commit --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 59aa74a..ee43228 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -77,4 +77,4 @@ dev_cancel_previous_action: # script: # - echo "Define the cleaning_in_staging job here" # needs: ["ci_deploy_in_staging"] -# <<: *staging_common \ No newline at end of file +# <<: *staging_common -- GitLab From 9f3e088c389dedd1fbf8339ed1ffaece66eedbf9 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:06:24 +0100 Subject: [PATCH 012/392] dev_cancel_previous_action --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index ee43228..1f0b86c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,6 +4,7 @@ stages: - ci_in_staging - ci_deploy_in_staging - cleaning_in_staging + - dev_cancel_previous_action variables: GITLAB_API: "https://labs.etsi.org/api/v4" -- GitLab From 398b8d587fbf2c293351f08307383e78ee91bb72 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:15:53 +0100 Subject: [PATCH 013/392] ci_staging.gitlab-ci.yml --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 1f0b86c..53858cc 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -53,8 +53,8 @@ dev_cancel_previous_action: - if: $CI_COMMIT_BRANCH <<: *dev_common -#include: -# - 'capif/templates/ci_staging.gitlab-ci.yml' +include: + - 'capif/templates/ci_staging.gitlab-ci.yml' # - 'capif/templates/ci_dev.gitlab-ci.yml' # - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' -- GitLab From 2e539ed25e897c4191e21bcbceb4e922a3f3e115 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:16:57 +0100 Subject: [PATCH 014/392] staging_pulling_repo --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 53858cc..3081a6a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,6 +5,7 @@ stages: - ci_deploy_in_staging - cleaning_in_staging - dev_cancel_previous_action + - staging_pulling_repo variables: GITLAB_API: "https://labs.etsi.org/api/v4" -- GitLab From 45915940a5de687325aeddc8ea681f55d6957842 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:18:52 +0100 Subject: [PATCH 015/392] local --- capif/.gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 3081a6a..2de87ce 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,7 +5,6 @@ stages: - ci_deploy_in_staging - cleaning_in_staging - dev_cancel_previous_action - - staging_pulling_repo variables: GITLAB_API: "https://labs.etsi.org/api/v4" @@ -55,7 +54,7 @@ dev_cancel_previous_action: <<: *dev_common include: - - 'capif/templates/ci_staging.gitlab-ci.yml' + - local: 'capif/templates/ci_staging.gitlab-ci.yml' # - 'capif/templates/ci_dev.gitlab-ci.yml' # - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' -- GitLab From 244c185c179f82e8a917aceb262fbc48562b52bd Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:27:49 +0100 Subject: [PATCH 016/392] include --- capif/.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 2de87ce..2200a3c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -54,7 +54,9 @@ dev_cancel_previous_action: <<: *dev_common include: - - local: 'capif/templates/ci_staging.gitlab-ci.yml' + - project: 'OCF/Pipeline-scripts/' + ref: cicd-capif + file: '/capif/templates/ci_staging.gitlab-ci.yml' # - 'capif/templates/ci_dev.gitlab-ci.yml' # - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' -- GitLab From a45f1edeec03a8f38c773d96e8007d3054d85e43 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:29:17 +0100 Subject: [PATCH 017/392] ocf/pipeline-scripts --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 2200a3c..19d5ddd 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -54,7 +54,7 @@ dev_cancel_previous_action: <<: *dev_common include: - - project: 'OCF/Pipeline-scripts/' + - project: 'ocf/pipeline-scripts/' ref: cicd-capif file: '/capif/templates/ci_staging.gitlab-ci.yml' # - 'capif/templates/ci_dev.gitlab-ci.yml' -- GitLab From 5ffdb8dd4371005c2af72c1097a6962f3003982b Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:30:08 +0100 Subject: [PATCH 018/392] pipeline-scritps --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 19d5ddd..110e092 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -54,7 +54,7 @@ dev_cancel_previous_action: <<: *dev_common include: - - project: 'ocf/pipeline-scripts/' + - project: 'ocf/pipeline-scripts' ref: cicd-capif file: '/capif/templates/ci_staging.gitlab-ci.yml' # - 'capif/templates/ci_dev.gitlab-ci.yml' -- GitLab From 7ea311bc442e336fe2031ecc723f3b4f2727f6a7 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:42:02 +0100 Subject: [PATCH 019/392] stages --- capif/.gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 110e092..d3e9246 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,6 +5,10 @@ stages: - ci_deploy_in_staging - cleaning_in_staging - dev_cancel_previous_action + - staging_pulling_repo + - staging_secrets_in_repo + - staging_linting_code + - staging_linting_docker variables: GITLAB_API: "https://labs.etsi.org/api/v4" -- GitLab From 85d88c0216602e21c4ecb8aa9215041dcd465ba9 Mon Sep 17 00:00:00 2001 From: anayaamariel Date: Tue, 12 Mar 2024 16:43:19 +0100 Subject: [PATCH 020/392] test --- capif/templates/ci_staging.gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index be58f5f..597a7f7 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -21,7 +21,7 @@ staging_pulling_repo: stage: staging_pulling_repo script: - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - <<: *staging_common + # <<: *staging_common staging_secrets_in_repo: stage: staging_secrets_in_repo @@ -29,7 +29,7 @@ staging_secrets_in_repo: - pip install trufflehog - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 needs: ["staging_pulling_repo"] - <<: *staging_common +# <<: *staging_common # define the process to do linting code: Sonarque, ruff? staging_linting_code: @@ -37,7 +37,7 @@ staging_linting_code: script: - echo "ruff checks" needs: ["staging_secrets_in_repo"] - <<: *staging_common +# <<: *staging_common staging_linting_docker: stage: staging_linting_docker @@ -55,4 +55,4 @@ staging_linting_docker: - docker-lint.json interruptible: true needs: ["staging_linting_code"] - <<: *staging_common +# <<: *staging_common -- GitLab From ab5fef0efb928b10017db85e70cb4c5d01f2134c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 08:46:29 +0100 Subject: [PATCH 021/392] docker --- capif/.gitlab-ci.yml | 27 ++++++++++++++++++++++++--- capif/templates/ci_dev.gitlab-ci.yml | 8 +++++++- 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index d3e9246..9ec6b89 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -9,6 +9,11 @@ stages: - staging_secrets_in_repo - staging_linting_code - staging_linting_docker + - dev_pulling_repo + - dev_secrets_in_repo + - dev_linting_code + - dev_linting_docker + variables: GITLAB_API: "https://labs.etsi.org/api/v4" @@ -52,7 +57,22 @@ dev_cancel_previous_action: stage: dev_cancel_previous_action script: - > - echo "dev_cancel_previous_action job" + echo "### cancel previous actions in dev branchc ###" + if [[ -n "$CI_JOB_TOKEN" ]]; then + echo "Checking for running jobs in the same pipeline..." + jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") + for job in $(echo "$jobs" | jq -r '.[] | @base64'); do + _jq() { + echo ${job} | base64 --decode | jq -r ${1} + } + status=$(_jq '.status') + id=$(_jq '.id') + if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then + echo "Cancelling job $id" + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" + fi + done + fi rules: - if: $CI_COMMIT_BRANCH <<: *dev_common @@ -60,8 +80,9 @@ dev_cancel_previous_action: include: - project: 'ocf/pipeline-scripts' ref: cicd-capif - file: '/capif/templates/ci_staging.gitlab-ci.yml' -# - 'capif/templates/ci_dev.gitlab-ci.yml' + file: +# - '/capif/templates/ci_staging.gitlab-ci.yml' + - 'capif/templates/ci_dev.gitlab-ci.yml' # - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 47e8926..58c3500 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -39,7 +39,7 @@ dev_linting_docker: image: hadolint/hadolint:latest-debian script: - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - - hadolint services/capif-client/Dockerfile + - hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile artifacts: @@ -51,3 +51,9 @@ dev_linting_docker: interruptible: true needs: ["dev_linting_code"] <<: *dev_common + +docker_login: + stage: docker_login + script: + - > + docker --version \ No newline at end of file -- GitLab From 59d1d02787dbee1107f39f03817089ffd5e7a00c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 08:47:46 +0100 Subject: [PATCH 022/392] docker_login --- capif/.gitlab-ci.yml | 1 + capif/templates/ci_dev.gitlab-ci.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9ec6b89..4e2d9fc 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -13,6 +13,7 @@ stages: - dev_secrets_in_repo - dev_linting_code - dev_linting_docker + - docker_login variables: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 58c3500..8ce0e8e 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -3,6 +3,7 @@ stages: - dev_secrets_in_repo - dev_linting_code - dev_linting_docker + - docker_login variables: GITLAB_API: "https://labs.etsi.org/api/v4" -- GitLab From d7c62fa94fb15e9b06cc661bb01c65fb0e4d65c8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 08:51:33 +0100 Subject: [PATCH 023/392] CI_DEBUG_TRACE: true --- capif/.gitlab-ci.yml | 1 + capif/templates/ci_dev.gitlab-ci.yml | 6 ++++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 4e2d9fc..0d572c8 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -19,6 +19,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN + CI_DEBUG_TRACE: true .staging_common: &staging_common only: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 8ce0e8e..c6c33c9 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -8,7 +8,8 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - + CI_DEBUG_TRACE: true + .dev_common: &dev_common tags: - shell @@ -57,4 +58,5 @@ docker_login: stage: docker_login script: - > - docker --version \ No newline at end of file + docker --version + # echo "myusername:mypassword" | docker login --username myusername --password-stdin \ No newline at end of file -- GitLab From 2655e3f837e56086b65e67049135a74a835f9c9f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 08:52:28 +0100 Subject: [PATCH 024/392] CI_DEBUG_TRACE: "true" --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0d572c8..a37de58 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -19,7 +19,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: true + CI_DEBUG_TRACE: "true" .staging_common: &staging_common only: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index c6c33c9..cea1ece 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -8,8 +8,8 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: true - + CI_DEBUG_TRACE: "true" + .dev_common: &dev_common tags: - shell -- GitLab From 0d0ba6867c33d897e5aa8cce71f1fc78d2c593aa Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 08:55:57 +0100 Subject: [PATCH 025/392] - | --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index a37de58..66268c6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -37,7 +37,7 @@ variables: staging_cancel_previous_action: stage: staging_cancel_previous_action script: - - > + - | if [[ -n "$CI_JOB_TOKEN" ]]; then echo "Checking for running jobs in the same pipeline..." jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") @@ -58,7 +58,7 @@ staging_cancel_previous_action: dev_cancel_previous_action: stage: dev_cancel_previous_action script: - - > + - | echo "### cancel previous actions in dev branchc ###" if [[ -n "$CI_JOB_TOKEN" ]]; then echo "Checking for running jobs in the same pipeline..." -- GitLab From 965e899c2ff1241e26e142cd596ba7409e2a7fc0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 09:02:08 +0100 Subject: [PATCH 026/392] CI_DEBUG_TRACE: "false" and dev_secrets_in_repo --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 19 ++++++++++--------- 2 files changed, 11 insertions(+), 10 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 66268c6..8321e4e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -19,7 +19,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "true" + CI_DEBUG_TRACE: "false" .staging_common: &staging_common only: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index cea1ece..270c629 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -8,24 +8,25 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "true" + CI_DEBUG_TRACE: "false" .dev_common: &dev_common tags: - shell -dev_pulling_repo: - stage: dev_pulling_repo - script: - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - <<: *dev_common +#dev_pulling_repo: +# stage: dev_pulling_repo +# script: +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# <<: *dev_common dev_secrets_in_repo: stage: dev_secrets_in_repo script: - - pip install trufflehog - - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 - needs: ["dev_pulling_repo"] + - | + pip install trufflehog + trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 +# needs: ["dev_pulling_repo"] <<: *dev_common # define the process to do linting code: Sonarque, ruff? -- GitLab From 929387268b7799abb4e40bd308bcbb50c9b3bca8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 09:03:03 +0100 Subject: [PATCH 027/392] debug --- capif/templates/ci_dev.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 270c629..94b33b2 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -25,7 +25,9 @@ dev_secrets_in_repo: script: - | pip install trufflehog - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + pwd + ls -lrta + #trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From 77d9c96ca9989c11957bf85e4e309acdd1043cf4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 09:30:45 +0100 Subject: [PATCH 028/392] ls -lrta --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 94b33b2..0f84559 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -25,9 +25,9 @@ dev_secrets_in_repo: script: - | pip install trufflehog - pwd + cd ../ ls -lrta - #trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + # trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From 3908a386f6d95e8a08578fa0e8ea0b22ac7726c2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:15:39 +0100 Subject: [PATCH 029/392] trufflehog --help --- capif/templates/ci_dev.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 0f84559..77a0349 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -26,7 +26,8 @@ dev_secrets_in_repo: - | pip install trufflehog cd ../ - ls -lrta + ls -lrta + trufflehog --help # trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From 289704b241da1c0b4e9cd10f342bb211cdd97f63 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:17:27 +0100 Subject: [PATCH 030/392] trufflehog capif --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 77a0349..e2edb75 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -27,8 +27,8 @@ dev_secrets_in_repo: pip install trufflehog cd ../ ls -lrta - trufflehog --help - # trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + trufflehog --version + trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From 6b0f1e733c1b50c83daa698934d716ab99b41569 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:19:28 +0100 Subject: [PATCH 031/392] trufflehog --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index e2edb75..2ec4b3c 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -28,7 +28,7 @@ dev_secrets_in_repo: cd ../ ls -lrta trufflehog --version - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + #trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From c8878dcb1ce0c347200ad25d2f5ec8baa5c6e5ae Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:21:02 +0100 Subject: [PATCH 032/392] trufflehog --- capif/templates/ci_dev.gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 2ec4b3c..c91857b 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -27,8 +27,7 @@ dev_secrets_in_repo: pip install trufflehog cd ../ ls -lrta - trufflehog --version - #trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From cac708eae347eb9b226d2d563a40ecb063c1c469 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:21:56 +0100 Subject: [PATCH 033/392] capif/cicd/exclusions --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index c91857b..5cfa361 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -27,7 +27,7 @@ dev_secrets_in_repo: pip install trufflehog cd ../ ls -lrta - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 + trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From e51b0f5788b0d1e268d4efd79b8b7eb8bbb118bb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:36:47 +0100 Subject: [PATCH 034/392] dev_linting_code --- capif/templates/ci_dev.gitlab-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 5cfa361..b016a70 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -35,7 +35,10 @@ dev_secrets_in_repo: dev_linting_code: stage: dev_linting_code script: - - echo "ruff checks" + - | + echo "###ruff checks###" + pip install ruff + ruff check --config cicd/ruff.toml . needs: ["dev_secrets_in_repo"] <<: *dev_common -- GitLab From 6ae8ea38f243ca59b5f306a595570223a189486f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:39:13 +0100 Subject: [PATCH 035/392] || true --- capif/templates/ci_dev.gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index b016a70..48d771b 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -25,8 +25,6 @@ dev_secrets_in_repo: script: - | pip install trufflehog - cd ../ - ls -lrta trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common @@ -38,7 +36,7 @@ dev_linting_code: - | echo "###ruff checks###" pip install ruff - ruff check --config cicd/ruff.toml . + ruff check --config cicd/ruff.toml . || true needs: ["dev_secrets_in_repo"] <<: *dev_common -- GitLab From aecf4cb80ba87330fd8f4462d4b8a77ee138c1f9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:40:24 +0100 Subject: [PATCH 036/392] cd ../ --- capif/templates/ci_dev.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 48d771b..5c07245 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -25,6 +25,7 @@ dev_secrets_in_repo: script: - | pip install trufflehog + cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] <<: *dev_common -- GitLab From 8c83d8f82a32df0d54c63e31a9b9f50f5a1c1db1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:44:26 +0100 Subject: [PATCH 037/392] dev_linting_docker --- capif/templates/ci_dev.gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 5c07245..ca58a37 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -45,8 +45,10 @@ dev_linting_docker: stage: dev_linting_docker image: hadolint/hadolint:latest-debian script: - - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - - hadolint services/capif-client/Dockerfile + - | + find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json + cat docker-lint.json + hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile artifacts: -- GitLab From 119c87dcb707948e15fdde602754b6b02e306f7f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:44:53 +0100 Subject: [PATCH 038/392] hadolint --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index ca58a37..34d18d4 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -46,7 +46,7 @@ dev_linting_docker: image: hadolint/hadolint:latest-debian script: - | - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json + find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json cat docker-lint.json hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile -- GitLab From 57c9420dfc8da0f9a1471bf30490cb2df58a89aa Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:48:50 +0100 Subject: [PATCH 039/392] ls -lrt --- capif/templates/ci_dev.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 34d18d4..473d05a 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -46,6 +46,7 @@ dev_linting_docker: image: hadolint/hadolint:latest-debian script: - | + ls -lrt find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json cat docker-lint.json hadolint services/capif-client/Dockerfile -- GitLab From b5941a5d0fa77417dfc3d54c933c28f4539104f9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:57:51 +0100 Subject: [PATCH 040/392] CI_DEBUG_TRACE: "true" --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 473d05a..bd89b72 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -8,7 +8,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "false" + CI_DEBUG_TRACE: "true" .dev_common: &dev_common tags: -- GitLab From 9c056c61bf5238807d5d3d887dec7f9e92440123 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 11:59:00 +0100 Subject: [PATCH 041/392] CI_DEBUG_TRACE: "true" --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8321e4e..66268c6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -19,7 +19,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "false" + CI_DEBUG_TRACE: "true" .staging_common: &staging_common only: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index bd89b72..473d05a 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -8,7 +8,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "true" + CI_DEBUG_TRACE: "false" .dev_common: &dev_common tags: -- GitLab From 0bf2ae9285c0adef852b403468f257111ded134f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:02:56 +0100 Subject: [PATCH 042/392] hadolint/hadolint --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 473d05a..bd6a6dd 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -43,7 +43,7 @@ dev_linting_code: dev_linting_docker: stage: dev_linting_docker - image: hadolint/hadolint:latest-debian + image: hadolint/hadolint script: - | ls -lrt -- GitLab From 5e408929afeb5549b8c44754d355b78969eb84da Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:03:12 +0100 Subject: [PATCH 043/392] CI_DEBUG_TRACE: "false" --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 66268c6..8321e4e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -19,7 +19,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "true" + CI_DEBUG_TRACE: "false" .staging_common: &staging_common only: -- GitLab From 24a155e91d0886548be210c3c6615e6856011f45 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:07:21 +0100 Subject: [PATCH 044/392] hadolint --version --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8321e4e..66268c6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -19,7 +19,7 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "false" + CI_DEBUG_TRACE: "true" .staging_common: &staging_common only: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index bd6a6dd..b2ad993 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -46,9 +46,19 @@ dev_linting_docker: image: hadolint/hadolint script: - | - ls -lrt + # Download hadolint binary + wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint + + # Make it executable + chmod +x hadolint + + # Move it to your binaries folder + sudo mv hadolint /usr/local/bin/ + + # Verify the installation + hadolint --version + find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - cat docker-lint.json hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile -- GitLab From 33489f21f4f0b3435cf4c4520f620fd44700c6c6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:14:00 +0100 Subject: [PATCH 045/392] hadolint --- capif/templates/ci_dev.gitlab-ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index b2ad993..22972cb 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -58,17 +58,17 @@ dev_linting_docker: # Verify the installation hadolint --version - find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json + #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile - artifacts: - name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" - when: always - reports: - codequality: - - docker-lint.json - interruptible: true +# artifacts: +# name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" +# when: always +# reports: +# codequality: +# - docker-lint.json +# interruptible: true needs: ["dev_linting_code"] <<: *dev_common -- GitLab From 26ca732b354757310d22505b57068dcedbf86b8c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:16:01 +0100 Subject: [PATCH 046/392] no sudo --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 22972cb..a9ccfb4 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -53,7 +53,7 @@ dev_linting_docker: chmod +x hadolint # Move it to your binaries folder - sudo mv hadolint /usr/local/bin/ + mv hadolint /usr/local/bin/ # Verify the installation hadolint --version -- GitLab From f81674ca30ed9dce48f32c3f2f58df7c434ac623 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:17:32 +0100 Subject: [PATCH 047/392] ../ --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index a9ccfb4..fce2d30 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -53,10 +53,10 @@ dev_linting_docker: chmod +x hadolint # Move it to your binaries folder - mv hadolint /usr/local/bin/ + mv hadolint ../ # Verify the installation - hadolint --version + ../hadolint --version #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json hadolint services/capif-client/Dockerfile -- GitLab From 1a091c63c175f0f6ce2c04cb9c325bee605c0f96 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:17:41 +0100 Subject: [PATCH 048/392] ../ --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index fce2d30..0a2d433 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -59,7 +59,7 @@ dev_linting_docker: ../hadolint --version #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - hadolint services/capif-client/Dockerfile + ../hadolint services/capif-client/Dockerfile # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile # artifacts: -- GitLab From f3c793d0f7d451bbe2c356d4007fca07c33b00e0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:18:48 +0100 Subject: [PATCH 049/392] || true --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 0a2d433..f315582 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -59,7 +59,7 @@ dev_linting_docker: ../hadolint --version #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - ../hadolint services/capif-client/Dockerfile + ../hadolint services/capif-client/Dockerfile || true # - hadolint services/nginx/Dockerfile # - hadolint services/register/Dockerfile # artifacts: -- GitLab From 89ee08de8e41b73603a5da57893c8ad0eaf3672e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:29:11 +0100 Subject: [PATCH 050/392] hadolint --- capif/templates/ci_dev.gitlab-ci.yml | 40 ++++++++++++++++++++++++++-- 1 file changed, 38 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index f315582..97ae753 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -59,9 +59,45 @@ dev_linting_docker: ../hadolint --version #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json + ../hadolint services/capif-client/Dockerfile || true -# - hadolint services/nginx/Dockerfile -# - hadolint services/register/Dockerfile + ../hadolint services/vault/Dockerfile || true + + echo "### nginx ###" + ../hadolint services/nginx/Dockerfile || true + + echo "### register ###" + ../hadolint services/register/Dockerfile || true + + echo "### TS29222_CAPIF_Access_Control_Policy_API ###" + ../hadolint services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile || true + + echo "### TS29222_CAPIF_API_Invoker_Management_API ###" + ../hadolint services/TS29222_CAPIF_API_Invoker_Management_API/Dockerfile || true + + echo "### TS29222_CAPIF_API_Provider_Management_API ###" + ../hadolint services/TS29222_CAPIF_API_Provider_Management_API/Dockerfile || true + + echo "### TS29222_CAPIF_Auditing_API ###" + ../hadolint services/TS29222_CAPIF_Auditing_API/Dockerfile || true + + echo "### TS29222_CAPIF_Discover_Service_API ###" + ../hadolint services/TS29222_CAPIF_Discover_Service_API/Dockerfile || true + + echo "### TS29222_CAPIF_Events_API ###" + ../hadolint services/TS29222_CAPIF_Events_API/Dockerfile || true + + echo "### TS29222_CAPIF_Logging_API_Invocation_API ###" + ../hadolint services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile || true + + echo "### TS29222_CAPIF_Publish_Service_API ###" + ../hadolint services/TS29222_CAPIF_Publish_Service_API/Dockerfile || true + + echo "### TS29222_CAPIF_Routing_Info_API ###" + ../hadolint services/TS29222_CAPIF_Routing_Info_API/Dockerfile || true + + echo "### TS29222_CAPIF_Security_API ###" + ../hadolint services/TS29222_CAPIF_Security_API/Dockerfile || true # artifacts: # name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # when: always -- GitLab From b649acca0f0711bc0de452b91e90b36b9b8c108a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:36:41 +0100 Subject: [PATCH 051/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 97ae753..49ebe92 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -110,6 +110,9 @@ dev_linting_docker: docker_login: stage: docker_login + image: docker:19.03.12 + services: + - docker:19.03.12-dind script: - > docker --version -- GitLab From 53d5ba2331500d5efd8bcb8783d7485965f4ee42 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:39:04 +0100 Subject: [PATCH 052/392] docker 24.0.9 --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 49ebe92..5aa5a3d 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -110,9 +110,9 @@ dev_linting_docker: docker_login: stage: docker_login - image: docker:19.03.12 + image: docker:24.0.9 services: - - docker:19.03.12-dind + - docker:24.0.9-dind script: - > docker --version -- GitLab From 27901b11ca3b047143709e206f6ecab0fad777c7 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:45:57 +0100 Subject: [PATCH 053/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 5aa5a3d..0d2ceef 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,4 +116,4 @@ docker_login: script: - > docker --version - # echo "myusername:mypassword" | docker login --username myusername --password-stdin \ No newline at end of file + echo "CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD" | docker login --username $CI_REGISTRY_USER $CI_REGISTRY --password-stdin \ No newline at end of file -- GitLab From 07b29a8c1052eece2fd3996ec83bfda924921b38 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:46:13 +0100 Subject: [PATCH 054/392] $ --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 0d2ceef..dcedd9d 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,4 +116,4 @@ docker_login: script: - > docker --version - echo "CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD" | docker login --username $CI_REGISTRY_USER $CI_REGISTRY --password-stdin \ No newline at end of file + echo "$CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD" | docker login --username $CI_REGISTRY_USER $CI_REGISTRY --password-stdin \ No newline at end of file -- GitLab From 3f9255bb2d0f04effa11accdcff49b6ddbcec882 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:50:26 +0100 Subject: [PATCH 055/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index dcedd9d..9998d7f 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,4 +116,4 @@ docker_login: script: - > docker --version - echo "$CI_REGISTRY_USER:$CI_REGISTRY_PASSWORD" | docker login --username $CI_REGISTRY_USER $CI_REGISTRY --password-stdin \ No newline at end of file + echo "$CI_REGISTRY_PASSWORD" | docker login --username $CI_REGISTRY_USER $CI_REGISTRY --password-stdin \ No newline at end of file -- GitLab From 703854f215eb831639f692b4175ad3978d5da66e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:53:01 +0100 Subject: [PATCH 056/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 9998d7f..3608d79 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,4 +116,4 @@ docker_login: script: - > docker --version - echo "$CI_REGISTRY_PASSWORD" | docker login --username $CI_REGISTRY_USER $CI_REGISTRY --password-stdin \ No newline at end of file + docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY \ No newline at end of file -- GitLab From 842f7a2babf794b01dc89883f617f22df25369d0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 12:59:33 +0100 Subject: [PATCH 057/392] variables --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 3608d79..5952ce0 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -9,6 +9,10 @@ variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD + CI_REGISTRY: $CI_REGISTRY + .dev_common: &dev_common tags: -- GitLab From d2509c11f9102549bed4418798fbdb564adae2cb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:02:28 +0100 Subject: [PATCH 058/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 5952ce0..acca379 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -120,4 +120,4 @@ docker_login: script: - > docker --version - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY \ No newline at end of file + docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY \ No newline at end of file -- GitLab From f46195a6e9b4457c51fbf5c300415ddbe6a750eb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:05:04 +0100 Subject: [PATCH 059/392] -| --- capif/templates/ci_dev.gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index acca379..a6de924 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -118,6 +118,5 @@ docker_login: services: - docker:24.0.9-dind script: - - > - docker --version + - | docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY \ No newline at end of file -- GitLab From 736a2070da12e6ec6ea233aebfeec77ff4184aff Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:12:52 +0100 Subject: [PATCH 060/392] docker_login --- capif/templates/ci_dev.gitlab-ci.yml | 17 ++++++++++++----- 1 file changed, 12 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index a6de924..3c57c0c 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -47,7 +47,6 @@ dev_linting_code: dev_linting_docker: stage: dev_linting_docker - image: hadolint/hadolint script: - | # Download hadolint binary @@ -112,11 +111,19 @@ dev_linting_docker: needs: ["dev_linting_code"] <<: *dev_common +#docker_login: +# stage: docker_login +# image: docker:24.0.9 +# services: +# - docker:24.0.9-dind +# script: +# - | +# docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + docker_login: stage: docker_login - image: docker:24.0.9 - services: - - docker:24.0.9-dind script: - | - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY \ No newline at end of file + # Update your existing list of packages + sudo apt-get update + -- GitLab From dc927b1d42fb18c3599c8746d016b8ae6c63d566 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:18:18 +0100 Subject: [PATCH 061/392] bash --- capif/templates/ci_dev.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 3c57c0c..6c0725a 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -124,6 +124,8 @@ docker_login: stage: docker_login script: - | + #!/bin/bash + # Update your existing list of packages sudo apt-get update -- GitLab From d9d54540713a590200b3f8bd622c5a36a444686d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:20:50 +0100 Subject: [PATCH 062/392] no sudo --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 6c0725a..b7f3195 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -125,7 +125,7 @@ docker_login: script: - | #!/bin/bash - + # Update your existing list of packages - sudo apt-get update + apt-get update -- GitLab From b426ee094ee4e548cf6b18d1aec6dd201944bb41 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:22:35 +0100 Subject: [PATCH 063/392] apt --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index b7f3195..ec67838 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -127,5 +127,5 @@ docker_login: #!/bin/bash # Update your existing list of packages - apt-get update + apt update -- GitLab From 62a072aed31e26cb890ed23465349d70eb3887d4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:27:02 +0100 Subject: [PATCH 064/392] yum --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index ec67838..4a1a773 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -127,5 +127,5 @@ docker_login: #!/bin/bash # Update your existing list of packages - apt update + yum update -- GitLab From d93e9faace330d60bc12db00038f2943d78da3c5 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:37:41 +0100 Subject: [PATCH 065/392] docker build and push --- capif/templates/ci_dev.gitlab-ci.yml | 20 ++++++++------------ 1 file changed, 8 insertions(+), 12 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 4a1a773..edb6e7a 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -111,21 +111,17 @@ dev_linting_docker: needs: ["dev_linting_code"] <<: *dev_common -#docker_login: -# stage: docker_login -# image: docker:24.0.9 -# services: -# - docker:24.0.9-dind -# script: -# - | -# docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY - docker_login: stage: docker_login + image: docker:24.0.9 + services: + - docker:24.0.9-dind script: - | - #!/bin/bash + #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + cd services/capif-client/Dockerfile && docker build -t capif-client:$CI_COMMIT_REF_SLUG . + + docker push capif-client:$CI_COMMIT_REF_SLUG + - # Update your existing list of packages - yum update -- GitLab From c0cca7ad34c414f6a24554f81021adef9355da7c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:41:03 +0100 Subject: [PATCH 066/392] cd services --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index edb6e7a..b395874 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -119,7 +119,7 @@ docker_login: script: - | #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY - cd services/capif-client/Dockerfile && docker build -t capif-client:$CI_COMMIT_REF_SLUG . + cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From d289ed0ca6c5664e320acbd4acbfa047d7d89c3d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:45:15 +0100 Subject: [PATCH 067/392] docker in alpine --- capif/templates/ci_dev.gitlab-ci.yml | 33 ++++++++++++++++++++-------- 1 file changed, 24 insertions(+), 9 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index b395874..bc00fba 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -111,17 +111,32 @@ dev_linting_docker: needs: ["dev_linting_code"] <<: *dev_common +#docker_login: +# stage: docker_login +# image: docker:24.0.9 +# services: +# - docker:24.0.9-dind +# script: +# - | +# #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY +# cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . +# +# docker push capif-client:$CI_COMMIT_REF_SLUG + docker_login: stage: docker_login - image: docker:24.0.9 - services: - - docker:24.0.9-dind script: - | - #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY - cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . - - docker push capif-client:$CI_COMMIT_REF_SLUG + #!/bin/bash - - + # Update your existing list of packages + apk update + + # Install Docker + apk add docker + + # Start the Docker service + service docker start + + # Verify the installation + docker --version -- GitLab From 5e4276a63ccb53796f15d9a77b491eb87ef33ff7 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:48:05 +0100 Subject: [PATCH 068/392] rc-update --- capif/templates/ci_dev.gitlab-ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index bc00fba..99afb23 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -128,15 +128,15 @@ docker_login: script: - | #!/bin/bash - + # Update your existing list of packages apk update - + # Install Docker apk add docker - - # Start the Docker service - service docker start + + # Add Docker to the default runlevel + rc-update add docker boot # Verify the installation docker --version -- GitLab From 15ca1c4f31e2276ebc2a9b8d8964ee7fffef756b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:50:40 +0100 Subject: [PATCH 069/392] docker --- capif/templates/ci_dev.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 99afb23..18bc87c 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -135,8 +135,8 @@ docker_login: # Install Docker apk add docker - # Add Docker to the default runlevel - rc-update add docker boot - + # Start the Docker service + dockerd & + # Verify the installation docker --version -- GitLab From 32930c983a1f43d6a989676feb04e0f0157b3c90 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 13:52:16 +0100 Subject: [PATCH 070/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 18bc87c..000365f 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -140,3 +140,6 @@ docker_login: # Verify the installation docker --version + + echo "### docker login ###" + docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY -- GitLab From d9fcff8a7ffe9ba12671f020d2e3d016f17ec2ac Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 14:00:14 +0100 Subject: [PATCH 071/392] test build --- capif/templates/ci_dev.gitlab-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 000365f..63277aa 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -143,3 +143,8 @@ docker_login: echo "### docker login ###" docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + + echo "### build & push capif-client ###" + cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . + + docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 72a7ef23461c33e0ed0d90d6da2bc4eabe40b1fa Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 14:12:18 +0100 Subject: [PATCH 072/392] comments --- capif/templates/ci_dev.gitlab-ci.yml | 53 +++++++++++++++------------- 1 file changed, 28 insertions(+), 25 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 63277aa..f59a310 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -111,6 +111,8 @@ dev_linting_docker: needs: ["dev_linting_code"] <<: *dev_common +# NOT WORKING: failed when docker login. seem we need to use docker-in-docker rather than +# shell alpine runners #docker_login: # stage: docker_login # image: docker:24.0.9 @@ -123,28 +125,29 @@ dev_linting_docker: # # docker push capif-client:$CI_COMMIT_REF_SLUG -docker_login: - stage: docker_login - script: - - | - #!/bin/bash - - # Update your existing list of packages - apk update - - # Install Docker - apk add docker - - # Start the Docker service - dockerd & - - # Verify the installation - docker --version - - echo "### docker login ###" - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY - - echo "### build & push capif-client ###" - cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . - - docker push capif-client:$CI_COMMIT_REF_SLUG +## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2 +#docker_login: +# stage: docker_login +# script: +# - | +# #!/bin/bash +# +# # Update your existing list of packages +# apk update +# +# # Install Docker +# apk add docker +# +# # Start the Docker service +# dockerd & +# +# # Verify the installation +# docker --version +# +# echo "### docker login ###" +# docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY +# +# echo "### build & push capif-client ###" +# cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . +# +# docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From a5105050ca2ede6dcfe536a6b2f3c134f8186444 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 15:52:16 +0100 Subject: [PATCH 073/392] docker_login --- capif/templates/ci_dev.gitlab-ci.yml | 24 +++++++++++++----------- 1 file changed, 13 insertions(+), 11 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index f59a310..cff1e1f 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -113,17 +113,19 @@ dev_linting_docker: # NOT WORKING: failed when docker login. seem we need to use docker-in-docker rather than # shell alpine runners -#docker_login: -# stage: docker_login -# image: docker:24.0.9 -# services: -# - docker:24.0.9-dind -# script: -# - | -# #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY -# cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . -# -# docker push capif-client:$CI_COMMIT_REF_SLUG +docker_login: + stage: docker_login + image: docker:24.0.9 + services: + - docker:24.0.9-dind + tags: + - docker + script: + - | + #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . + + docker push capif-client:$CI_COMMIT_REF_SLUG ## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2 #docker_login: -- GitLab From 5fda088179917ea16cb592692fb35b8d1d3ea2e1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 15:54:53 +0100 Subject: [PATCH 074/392] docker login --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index cff1e1f..9a589f2 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -122,7 +122,7 @@ docker_login: - docker script: - | - #docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 54000ae3035d242bb5f612f4688f477afc5e777e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 16:06:39 +0100 Subject: [PATCH 075/392] docker --- capif/templates/ci_dev.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 9a589f2..2b3adb7 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -12,6 +12,7 @@ variables: CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .dev_common: &dev_common @@ -122,7 +123,7 @@ docker_login: - docker script: - | - docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY + docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 5123d210ce6fb35f8126273e1195108e1b309c8a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 16:23:52 +0100 Subject: [PATCH 076/392] no docker login --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 2b3adb7..0a61436 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -123,7 +123,7 @@ docker_login: - docker script: - | - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + #docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 584a76c0ef227e797446064760906280242c106b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 16:25:40 +0100 Subject: [PATCH 077/392] docker --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 0a61436..c09ed8c 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -123,8 +123,8 @@ docker_login: - docker script: - | - #docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . + cd services/capif-client/ + docker build -t capif-client:$CI_COMMIT_REF_SLUG . docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 8fb12c736659909fd205349045ea0771fcb67577 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 16:31:02 +0100 Subject: [PATCH 078/392] docker:19.03.12 --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index c09ed8c..e6cbdce 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,9 +116,9 @@ dev_linting_docker: # shell alpine runners docker_login: stage: docker_login - image: docker:24.0.9 + image: docker:19.03.12 services: - - docker:24.0.9-dind + - docker:19.03.12-dind tags: - docker script: -- GitLab From 5d824147f5f86b12da870ba28dea4b4abd8e26e6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 25 Mar 2024 16:40:57 +0100 Subject: [PATCH 079/392] docker --- capif/templates/ci_dev.gitlab-ci.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index e6cbdce..6071ec4 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -122,11 +122,9 @@ docker_login: tags: - docker script: - - | - cd services/capif-client/ - docker build -t capif-client:$CI_COMMIT_REF_SLUG . - - docker push capif-client:$CI_COMMIT_REF_SLUG + - cd services/capif-client/ + - docker build -t capif-client:$CI_COMMIT_REF_SLUG . +# - docker push capif-client:$CI_COMMIT_REF_SLUG ## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2 #docker_login: -- GitLab From 2444c6997a18340f891b0f3d2b814bd92e0f7918 Mon Sep 17 00:00:00 2001 From: Miguel Angel Reina Ortega Date: Tue, 26 Mar 2024 09:04:39 +0000 Subject: [PATCH 080/392] Fix docker image tag --- capif/templates/ci_dev.gitlab-ci.yml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 6071ec4..2fc33b2 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,14 +116,16 @@ dev_linting_docker: # shell alpine runners docker_login: stage: docker_login - image: docker:19.03.12 - services: - - docker:19.03.12-dind + image: docker:19.03.12-dind + #services: + # - docker:19.03.12-dind tags: - docker script: - cd services/capif-client/ - - docker build -t capif-client:$CI_COMMIT_REF_SLUG . + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - docker build -t CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG . + - docker logout $CI_REGISTRY # - docker push capif-client:$CI_COMMIT_REF_SLUG ## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2 -- GitLab From 973542aa45db6ce39f5d78d18098901177cc4d2c Mon Sep 17 00:00:00 2001 From: Miguel Angel Reina Ortega Date: Tue, 26 Mar 2024 09:14:25 +0000 Subject: [PATCH 081/392] use shell runner for docker_login job --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 2fc33b2..3b6bdce 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -116,11 +116,11 @@ dev_linting_docker: # shell alpine runners docker_login: stage: docker_login - image: docker:19.03.12-dind + #image: docker:19.03.12-dind #services: # - docker:19.03.12-dind tags: - - docker + - shell script: - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY -- GitLab From 1de0791d606362cb58a0fcb410ee0ddf6fd78f95 Mon Sep 17 00:00:00 2001 From: Miguel Angel Reina Ortega Date: Tue, 26 Mar 2024 09:15:51 +0000 Subject: [PATCH 082/392] add docker push --- capif/templates/ci_dev.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 3b6bdce..1b34af9 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -124,7 +124,8 @@ docker_login: script: - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - docker build -t CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG . + - docker build -t $CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG . + - docker push - docker logout $CI_REGISTRY # - docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 7205899c527f6b46b360d948d4dec38794897b81 Mon Sep 17 00:00:00 2001 From: Miguel Angel Reina Ortega Date: Tue, 26 Mar 2024 09:17:20 +0000 Subject: [PATCH 083/392] add docker image name for push --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 1b34af9..3aea8ee 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -125,7 +125,7 @@ docker_login: - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG . - - docker push + - docker push $CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG - docker logout $CI_REGISTRY # - docker push capif-client:$CI_COMMIT_REF_SLUG -- GitLab From 734f8147e12410a67de34e0891f5baa855036cd7 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 10:31:37 +0100 Subject: [PATCH 084/392] structure build paths in registry gitlab --- capif/templates/ci_dev.gitlab-ci.yml | 60 ++++++++++------------------ 1 file changed, 22 insertions(+), 38 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 3aea8ee..e7b910c 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -112,46 +112,30 @@ dev_linting_docker: needs: ["dev_linting_code"] <<: *dev_common -# NOT WORKING: failed when docker login. seem we need to use docker-in-docker rather than -# shell alpine runners docker_login: stage: docker_login - #image: docker:19.03.12-dind - #services: - # - docker:19.03.12-dind - tags: - - shell script: + - echo "### build and push capif-client image ###" - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - docker build -t $CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/capif-client:$CI_COMMIT_REF_SLUG - - docker logout $CI_REGISTRY -# - docker push capif-client:$CI_COMMIT_REF_SLUG - -## NOT WORKING: failed when build de images - failed to mount overlay: operation not permitted" storage-driver=overlay2 -#docker_login: -# stage: docker_login -# script: -# - | -# #!/bin/bash -# -# # Update your existing list of packages -# apk update -# -# # Install Docker -# apk add docker -# -# # Start the Docker service -# dockerd & -# -# # Verify the installation -# docker --version -# -# echo "### docker login ###" -# docker login --username $CI_REGISTRY_USER --password $CI_REGISTRY_PASSWORD $CI_REGISTRY -# -# echo "### build & push capif-client ###" -# cd services/capif-client/ && docker build -t capif-client:$CI_COMMIT_REF_SLUG . -# -# docker push capif-client:$CI_COMMIT_REF_SLUG + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" +# - echo "### build and push nginx image ###" +# - cd services/nginx/ +# - docker build -t $CI_REGISTRY/ocf/capif/nginx:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/nginx:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push register image ###" +# - cd services/register/ +# - docker build -t $CI_REGISTRY/ocf/capif/register:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/register:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image ###" +# - cd services/TS29222_CAPIF_Access_Control_Policy_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/ocf-access-control-policy:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/register:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - docker logout $CI_REGISTRY + + <<: *dev_common -- GitLab From d61069432567ad7590f93d50f10a2529120b2218 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 10:32:51 +0100 Subject: [PATCH 085/392] echo --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index e7b910c..f6541be 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -115,7 +115,7 @@ dev_linting_docker: docker_login: stage: docker_login script: - - echo "### build and push capif-client image ###" + - echo "### build and push capif-client image###" - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . -- GitLab From 761d76e642318ecc1728357ea74a1704edd9053a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 10:38:47 +0100 Subject: [PATCH 086/392] path images build and push --- capif/templates/ci_dev.gitlab-ci.yml | 32 ++++++++++++++-------------- 1 file changed, 16 insertions(+), 16 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index f6541be..1649269 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -121,21 +121,21 @@ docker_login: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" -# - echo "### build and push nginx image ###" -# - cd services/nginx/ -# - docker build -t $CI_REGISTRY/ocf/capif/nginx:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/nginx:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push register image ###" -# - cd services/register/ -# - docker build -t $CI_REGISTRY/ocf/capif/register:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/register:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image ###" -# - cd services/TS29222_CAPIF_Access_Control_Policy_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/ocf-access-control-policy:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/register:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - docker logout $CI_REGISTRY + - echo "### build and push nginx image ###" + - cd services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push register image ###" + - cd services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image ###" + - cd services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY <<: *dev_common -- GitLab From 2c7c3a6c9a4eff134fabc3817eeaca17f56f457a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 10:41:36 +0100 Subject: [PATCH 087/392] echo --- capif/templates/ci_dev.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 1649269..9ce5778 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -121,17 +121,17 @@ docker_login: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - - echo "### build and push nginx image ###" + - echo "### build and push nginx image###" - cd services/nginx/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - - echo "### build and push register image ###" + - echo "### build and push register image###" - cd services/register/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image ###" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - cd services/TS29222_CAPIF_Access_Control_Policy_API/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG -- GitLab From 56f71505fc1c7a0a16591198b1514153a4ad610c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 10:47:50 +0100 Subject: [PATCH 088/392] TMP_PWD --- capif/templates/ci_dev.gitlab-ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 9ce5778..9174b7f 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -115,6 +115,8 @@ dev_linting_docker: docker_login: stage: docker_login script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" - echo "### build and push capif-client image###" - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY @@ -122,17 +124,17 @@ docker_login: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push nginx image###" - - cd services/nginx/ + - cd $TMP_PWD/services/nginx/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push register image###" - - cd services/register/ + - cd $TMP_PWD/services/register/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - - cd services/TS29222_CAPIF_Access_Control_Policy_API/ + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" -- GitLab From 18b2b9b5e897b7cf55ea9b41166e7e7fc83c772e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 11:06:31 +0100 Subject: [PATCH 089/392] docker build & push ocf images --- capif/templates/ci_dev.gitlab-ci.yml | 54 ++++++++++++++++++++++++++-- 1 file changed, 52 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 9174b7f..fc94af0 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -135,8 +135,58 @@ docker_login: - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY -- GitLab From da26ae1af780781a90a4581fb24912042b441123 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 11:20:00 +0100 Subject: [PATCH 090/392] needs dev_linting_docker --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 5 +++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 66268c6..51da347 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -13,7 +13,7 @@ stages: - dev_secrets_in_repo - dev_linting_code - dev_linting_docker - - docker_login + - dev_build_and_push variables: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index fc94af0..d7941b7 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -3,7 +3,7 @@ stages: - dev_secrets_in_repo - dev_linting_code - dev_linting_docker - - docker_login + - dev_build_and_push variables: GITLAB_API: "https://labs.etsi.org/api/v4" @@ -112,7 +112,8 @@ dev_linting_docker: needs: ["dev_linting_code"] <<: *dev_common -docker_login: +dev_build_and_push: + needs: ["dev_linting_docker"] stage: docker_login script: - export TMP_PWD=$PWD -- GitLab From 0c9ad51464e2924c071ac7aaaa01c69fae7707e3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:07:52 +0100 Subject: [PATCH 091/392] cvs grype --- capif/.gitlab-ci.yml | 2 +- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 42 ++-- capif/templates/ci_dev.gitlab-ci.yml | 10 +- capif/templates/ci_staging.gitlab-ci.yml | 212 +++++++++++++++++--- 4 files changed, 215 insertions(+), 51 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 51da347..cb04530 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -85,7 +85,7 @@ include: file: # - '/capif/templates/ci_staging.gitlab-ci.yml' - 'capif/templates/ci_dev.gitlab-ci.yml' -# - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' + - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' #ci_in_staging: diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 5828f8a..6d5be56 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -11,8 +11,8 @@ variables: DOMAIN_STAGING: staging.int DOAMIN_DEV: developer.int CI_JOB_TOKEN: $CI_JOB_TOKEN - IMAGE_TAG_DEV: "v0.0.1-$CI_COMMIT_SHA" - IMAGE_TAG_STAGING: "v0.0.1-staging" + IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG + IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG .staging_common: &staging_common only: @@ -38,34 +38,34 @@ deploy_ocf_staging: rules: - if: $CI_COMMIT_BRANCH == "main" when: never - - if: $CI_COMMIT_BRANCH + - if: $CI_COMMIT_BRANCH == "staging" script: - - echo "### git clone OCF repo ###" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm ###" +# - echo "### git clone OCF repo ###" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - helm version - - echo "### install kubectl ###" + - echo "### install kubectl###" - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x kubectl - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - - echo "### setting kubeconfig ###" + - echo "### setting kubeconfig###" - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig - kubectl get nodes --kubeconfig ~/cluster.kubeconfig - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working - - echo "### install yq ###" + - echo "### install yq###" - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - sudo chmod a+x /usr/local/bin/yq - yq --version - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - - echo "### download dependencies ###" + - echo "### download dependencies###" - helm dependency build helm/capif - - echo "### updating capif ###" + - echo "### updating capif###" - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ @@ -82,7 +82,7 @@ delete_ocf_staging: stage: delete_ocf_staging <<: *staging_common script: - - echo "### deleting environment $NAMESPACE_STAGING ###" + - echo "### deleting environment $NAMESPACE_STAGING###" - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: @@ -105,32 +105,32 @@ deploy_ocf_dev: when: never - if: $CI_COMMIT_BRANCH script: - - echo "### git clone OCF repo ###" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm ###" +# - echo "### git clone OCF repo###" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - ./get_helm.sh - helm version - - echo "### install kubectl ###" + - echo "### install kubectl###" - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - chmod +x kubectl - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - - echo "### setting kubeconfig ###" + - echo "### setting kubeconfig###" - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig - kubectl get nodes --kubeconfig ~/cluster.kubeconfig - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working - - echo "### install yq ###" + - echo "### install yq###" - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - sudo chmod a+x /usr/local/bin/yq - yq --version - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - - echo "### download dependencies ###" + - echo "### download dependencies###" - helm dependency build helm/capif - - echo "### updating capif ###" + - echo "### updating capif###" - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ @@ -140,4 +140,4 @@ deploy_ocf_dev: --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m \ - --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig \ No newline at end of file diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index d7941b7..04f621e 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -1,16 +1,14 @@ stages: - - dev_pulling_repo +# - dev_pulling_repo - dev_secrets_in_repo - dev_linting_code - dev_linting_docker - dev_build_and_push variables: - GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY_PASSWORD: $CI_REGISTRY_PASSWORD CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY @@ -18,6 +16,12 @@ variables: .dev_common: &dev_common tags: - shell + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" + when: never + - if: $CI_COMMIT_BRANCH #dev_pulling_repo: # stage: dev_pulling_repo diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 597a7f7..20be1cb 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -1,12 +1,17 @@ stages: - - staging_pulling_repo +# - staging_pulling_repo - staging_secrets_in_repo - staging_linting_code - staging_linting_docker + - staging_cvs + - staging_build_and_push variables: - GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN + CI_DEBUG_TRACE: "false" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .staging_common: &staging_common only: @@ -16,43 +21,198 @@ variables: - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" -staging_pulling_repo: - stage: staging_pulling_repo - script: - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - # <<: *staging_common +#staging_pulling_repo: +# stage: staging_pulling_repo +# script: +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# <<: *staging_common staging_secrets_in_repo: stage: staging_secrets_in_repo script: - - pip install trufflehog - - trufflehog capif --exclude_paths cicd/exclusions --max_depth=5 - needs: ["staging_pulling_repo"] -# <<: *staging_common + - | + pip install trufflehog + cd ../ + trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 +# needs: ["staging_pulling_repo"] + <<: *staging_common # define the process to do linting code: Sonarque, ruff? staging_linting_code: stage: staging_linting_code script: - - echo "ruff checks" + - | + echo "###ruff checks###" + pip install ruff + ruff check --config cicd/ruff.toml . || true needs: ["staging_secrets_in_repo"] -# <<: *staging_common + <<: *staging_common staging_linting_docker: stage: staging_linting_docker - image: hadolint/hadolint:latest-debian script: - - find . -name 'capif/services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - - hadolint services/capif-client/Dockerfile -# - hadolint services/nginx/Dockerfile -# - hadolint services/register/Dockerfile - artifacts: - name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" - when: always - reports: - codequality: - - docker-lint.json - interruptible: true + - | + # Download hadolint binary + wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint + + # Make it executable + chmod +x hadolint + + # Move it to your binaries folder + mv hadolint ../ + + # Verify the installation + ../hadolint --version + + #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json + + ../hadolint services/capif-client/Dockerfile || true + ../hadolint services/vault/Dockerfile || true + + echo "### nginx ###" + ../hadolint services/nginx/Dockerfile || true + + echo "### register ###" + ../hadolint services/register/Dockerfile || true + + echo "### TS29222_CAPIF_Access_Control_Policy_API ###" + ../hadolint services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile || true + + echo "### TS29222_CAPIF_API_Invoker_Management_API ###" + ../hadolint services/TS29222_CAPIF_API_Invoker_Management_API/Dockerfile || true + + echo "### TS29222_CAPIF_API_Provider_Management_API ###" + ../hadolint services/TS29222_CAPIF_API_Provider_Management_API/Dockerfile || true + + echo "### TS29222_CAPIF_Auditing_API ###" + ../hadolint services/TS29222_CAPIF_Auditing_API/Dockerfile || true + + echo "### TS29222_CAPIF_Discover_Service_API ###" + ../hadolint services/TS29222_CAPIF_Discover_Service_API/Dockerfile || true + + echo "### TS29222_CAPIF_Events_API ###" + ../hadolint services/TS29222_CAPIF_Events_API/Dockerfile || true + + echo "### TS29222_CAPIF_Logging_API_Invocation_API ###" + ../hadolint services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile || true + + echo "### TS29222_CAPIF_Publish_Service_API ###" + ../hadolint services/TS29222_CAPIF_Publish_Service_API/Dockerfile || true + + echo "### TS29222_CAPIF_Routing_Info_API ###" + ../hadolint services/TS29222_CAPIF_Routing_Info_API/Dockerfile || true + + echo "### TS29222_CAPIF_Security_API ###" + ../hadolint services/TS29222_CAPIF_Security_API/Dockerfile || true +# artifacts: +# name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" +# when: always +# reports: +# codequality: +# - docker-lint.json +# interruptible: true needs: ["staging_linting_code"] -# <<: *staging_common + <<: *staging_common + + +staging_cvs: + needs: ["staging_linting_docker"] + stage: staging_cvs + script: + - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "### build and push capif-client image###" + - cd services/capif-client/ + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . + - grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers + - echo "----------------------------------------------------" + + <<: *staging_common + +staging_build_and_push: + needs: ["staging_cvs"] + stage: docker_login + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "### build and push capif-client image###" + - cd services/capif-client/ + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY + + <<: *staging_common -- GitLab From 545d6bac73b917fce5a1832acad7718a41793759 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:08:58 +0100 Subject: [PATCH 092/392] cvs --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index cb04530..56672aa 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -83,7 +83,7 @@ include: - project: 'ocf/pipeline-scripts' ref: cicd-capif file: -# - '/capif/templates/ci_staging.gitlab-ci.yml' + - '/capif/templates/ci_staging.gitlab-ci.yml' - 'capif/templates/ci_dev.gitlab-ci.yml' - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' -- GitLab From 12b457c8ae03a66e30ec60947425bf5e91ed10ad Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:11:26 +0100 Subject: [PATCH 093/392] deploy ocf commented --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 92 ++++++++++----------- 1 file changed, 46 insertions(+), 46 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6d5be56..316483b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -53,29 +53,29 @@ deploy_ocf_staging: - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig - - kubectl get nodes --kubeconfig ~/cluster.kubeconfig - - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working - - echo "### install yq###" - - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - - sudo chmod a+x /usr/local/bin/yq - - yq --version - - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies###" - - helm dependency build helm/capif - - echo "### updating capif###" - - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true - - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ - --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ - --set ingress_ip.oneke="$INGRESS" --atomic \ - --set monitoring.prometheus.enable="" \ - --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ - --wait --timeout=10m \ - --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig delete_ocf_staging: @@ -118,26 +118,26 @@ deploy_ocf_dev: - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig - - kubectl get nodes --kubeconfig ~/cluster.kubeconfig - - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working - - echo "### install yq###" - - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 - - sudo chmod a+x /usr/local/bin/yq - - yq --version - - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies###" - - helm dependency build helm/capif - - echo "### updating capif###" - - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true - - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ - --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ - --set ingress_ip.oneke="$INGRESS" --atomic \ - --set monitoring.prometheus.enable="" \ - --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ - --wait --timeout=10m \ - --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig \ No newline at end of file +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig \ No newline at end of file -- GitLab From f21a5e391d54dd9bb8e923d4ed57171ca2f019f8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:30:23 +0100 Subject: [PATCH 094/392] rules --- capif/templates/ci_dev.gitlab-ci.yml | 31 ++++++++++++++++++------ capif/templates/ci_staging.gitlab-ci.yml | 26 +++++++++++++++----- 2 files changed, 44 insertions(+), 13 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 04f621e..925ca5a 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -16,12 +16,6 @@ variables: .dev_common: &dev_common tags: - shell - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" - when: never - - if: $CI_COMMIT_BRANCH #dev_pulling_repo: # stage: dev_pulling_repo @@ -37,6 +31,12 @@ dev_secrets_in_repo: cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" + when: never + - if: $CI_COMMIT_BRANCH <<: *dev_common # define the process to do linting code: Sonarque, ruff? @@ -48,6 +48,12 @@ dev_linting_code: pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["dev_secrets_in_repo"] + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" + when: never + - if: $CI_COMMIT_BRANCH <<: *dev_common dev_linting_docker: @@ -114,6 +120,12 @@ dev_linting_docker: # - docker-lint.json # interruptible: true needs: ["dev_linting_code"] + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" + when: never + - if: $CI_COMMIT_BRANCH <<: *dev_common dev_build_and_push: @@ -194,5 +206,10 @@ dev_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY - + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" + when: never + - if: $CI_COMMIT_BRANCH <<: *dev_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 20be1cb..774cde9 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -21,10 +21,6 @@ variables: - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" #staging_pulling_repo: # stage: staging_pulling_repo @@ -40,6 +36,10 @@ staging_secrets_in_repo: cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["staging_pulling_repo"] + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common # define the process to do linting code: Sonarque, ruff? @@ -51,6 +51,10 @@ staging_linting_code: pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["staging_secrets_in_repo"] + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common staging_linting_docker: @@ -117,6 +121,10 @@ staging_linting_docker: # - docker-lint.json # interruptible: true needs: ["staging_linting_code"] + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common @@ -133,7 +141,10 @@ staging_cvs: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers - echo "----------------------------------------------------" - + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common staging_build_and_push: @@ -214,5 +225,8 @@ staging_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY - + rules: + - if: $CI_COMMIT_BRANCH == "main" + when: never + - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common -- GitLab From 9eb06baee904d8a791c0898b1cbb6edd18af0420 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:34:05 +0100 Subject: [PATCH 095/392] rules --- capif/templates/ci_dev.gitlab-ci.yml | 24 ------------------------ capif/templates/ci_staging.gitlab-ci.yml | 20 -------------------- 2 files changed, 44 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 925ca5a..aed8286 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -31,12 +31,6 @@ dev_secrets_in_repo: cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" - when: never - - if: $CI_COMMIT_BRANCH <<: *dev_common # define the process to do linting code: Sonarque, ruff? @@ -48,12 +42,6 @@ dev_linting_code: pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["dev_secrets_in_repo"] - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" - when: never - - if: $CI_COMMIT_BRANCH <<: *dev_common dev_linting_docker: @@ -120,12 +108,6 @@ dev_linting_docker: # - docker-lint.json # interruptible: true needs: ["dev_linting_code"] - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" - when: never - - if: $CI_COMMIT_BRANCH <<: *dev_common dev_build_and_push: @@ -206,10 +188,4 @@ dev_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" - when: never - - if: $CI_COMMIT_BRANCH <<: *dev_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 774cde9..a9a2bd6 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -36,10 +36,6 @@ staging_secrets_in_repo: cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["staging_pulling_repo"] - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common # define the process to do linting code: Sonarque, ruff? @@ -51,10 +47,6 @@ staging_linting_code: pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["staging_secrets_in_repo"] - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common staging_linting_docker: @@ -121,10 +113,6 @@ staging_linting_docker: # - docker-lint.json # interruptible: true needs: ["staging_linting_code"] - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common @@ -141,10 +129,6 @@ staging_cvs: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers - echo "----------------------------------------------------" - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common staging_build_and_push: @@ -225,8 +209,4 @@ staging_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" <<: *staging_common -- GitLab From 2ff1a0b0fe47413477bcffdc953cdcf591805294 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:36:04 +0100 Subject: [PATCH 096/392] rules --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 316483b..b598169 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -35,10 +35,10 @@ deploy_ocf_staging: url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING on_stop: delete_ocf_staging auto_stop_in: 3 day - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" +# rules: +# - if: $CI_COMMIT_BRANCH == "main" +# when: never +# - if: $CI_COMMIT_BRANCH == "staging" script: # - echo "### git clone OCF repo ###" # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git @@ -98,12 +98,12 @@ deploy_ocf_dev: url: https://$NAMESPACE_DEV.$DOMAIN_DEV on_stop: delete_ocf_dev auto_stop_in: 3 day - rules: - - if: $CI_COMMIT_BRANCH == "main" - when: never - - if: $CI_COMMIT_BRANCH == "staging" - when: never - - if: $CI_COMMIT_BRANCH +# rules: +# - if: $CI_COMMIT_BRANCH == "main" +# when: never +# - if: $CI_COMMIT_BRANCH == "staging" +# when: never +# - if: $CI_COMMIT_BRANCH script: # - echo "### git clone OCF repo###" # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -- GitLab From 5da991d63cc2d1e69640554ee383a29d7c8d3822 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:38:20 +0100 Subject: [PATCH 097/392] main cicd stages --- capif/.gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 56672aa..af9a35d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,11 +5,13 @@ stages: - ci_deploy_in_staging - cleaning_in_staging - dev_cancel_previous_action - - staging_pulling_repo +# - staging_pulling_repo - staging_secrets_in_repo - staging_linting_code - staging_linting_docker - - dev_pulling_repo + - staging_cvs + - staging_build_and_push +# - dev_pulling_repo - dev_secrets_in_repo - dev_linting_code - dev_linting_docker -- GitLab From c94406ed6ce0253f2be254c886bdb58ad89fd551 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:40:55 +0100 Subject: [PATCH 098/392] staging_build_and_push --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index a9a2bd6..6cb40f0 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -133,7 +133,7 @@ staging_cvs: staging_build_and_push: needs: ["staging_cvs"] - stage: docker_login + stage: staging_build_and_push script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 24e12af92efe982389a347984f48471497bf8f04 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:41:35 +0100 Subject: [PATCH 099/392] dev_build_and_push --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index aed8286..f21aa80 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -112,7 +112,7 @@ dev_linting_docker: dev_build_and_push: needs: ["dev_linting_docker"] - stage: docker_login + stage: dev_build_and_push script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 45bbebd63bdb12b352c5a9a916375a0685af845c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:43:08 +0100 Subject: [PATCH 100/392] - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev - delete_ocf_dev --- capif/.gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index af9a35d..17a0cc6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -16,6 +16,10 @@ stages: - dev_linting_code - dev_linting_docker - dev_build_and_push + - deploy_ocf_staging + - delete_ocf_staging + - deploy_ocf_dev + - delete_ocf_dev variables: -- GitLab From 0871654d32d12a64f81d26b7ac39f4ed36ad2470 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 12:47:26 +0100 Subject: [PATCH 101/392] delete_ocf_dev --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index b598169..36bc3fe 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -140,4 +140,15 @@ deploy_ocf_dev: # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ # --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig \ No newline at end of file +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + +delete_ocf_dev: + stage: delete_ocf_dev + <<: *staging_common + script: + - echo "### deleting environment $NAMESPACE_DEV###" + - helm uninstall -n $NAMESPACE_DEV ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/$CI_COMMIT_REF_SLUG + action: stop \ No newline at end of file -- GitLab From b1c737cabb595cd9cc5d720cdc5bb1c9c783ff5e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:01:23 +0100 Subject: [PATCH 102/392] commented --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 34 ++++++++++----------- 1 file changed, 17 insertions(+), 17 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 36bc3fe..9fef989 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -44,15 +44,15 @@ deploy_ocf_staging: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - - chmod 700 get_helm.sh - - ./get_helm.sh - - helm version - - echo "### install kubectl###" - - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - - chmod +x kubectl - - sudo mv kubectl /usr/local/bin - - kubectl version --output=yaml - - echo "### setting kubeconfig###" +# - chmod 700 get_helm.sh +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig # - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working @@ -110,14 +110,14 @@ deploy_ocf_dev: - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - - ./get_helm.sh - - helm version - - echo "### install kubectl###" - - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - - chmod +x kubectl - - sudo mv kubectl /usr/local/bin - - kubectl version --output=yaml - - echo "### setting kubeconfig###" +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig # - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -- GitLab From 7a690a215f4c48cd01c227ec9dee6f4461679fa0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:12:07 +0100 Subject: [PATCH 103/392] grype --- capif/templates/ci_staging.gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 6cb40f0..413a161 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -120,14 +120,16 @@ staging_cvs: needs: ["staging_linting_docker"] stage: staging_cvs script: - - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b /usr/local/bin + - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ + - echo "### grype version###" + - ../grype version - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### build and push capif-client image###" - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - - grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers + - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers - echo "----------------------------------------------------" <<: *staging_common -- GitLab From e90f0e6f4639ca92c2e85f2febd8f219235cd0c7 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:19:54 +0100 Subject: [PATCH 104/392] Container Vulnerability Scanning --- capif/templates/ci_staging.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 413a161..6599acb 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -129,6 +129,8 @@ staging_cvs: - cd services/capif-client/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . + - cd $TMP_PWD + - echo "### Container Vulnerability Scanning###" - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers - echo "----------------------------------------------------" <<: *staging_common -- GitLab From 0793ebc797d6781dedc4939e80e2d731e50e9eeb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:34:43 +0100 Subject: [PATCH 105/392] artifact grype --- capif/templates/ci_staging.gitlab-ci.yml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 6599acb..f714c20 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -123,6 +123,7 @@ staging_cvs: - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ - echo "### grype version###" - ../grype version + - mkdir ../grype-outputs - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### build and push capif-client image###" @@ -131,8 +132,16 @@ staging_cvs: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - cd $TMP_PWD - echo "### Container Vulnerability Scanning###" - - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers + - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers \ + --output table > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt - echo "----------------------------------------------------" + artifacts: + untracked: false + paths: + - ../grype-outputs/*.txt + when: on_success + access: all + expire_in: "1 week" <<: *staging_common staging_build_and_push: -- GitLab From 7c1ef7590d224830d7461bff5cc3c15d31da14ad Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:36:12 +0100 Subject: [PATCH 106/392] access no artifact --- capif/templates/ci_staging.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index f714c20..940faf3 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -140,7 +140,6 @@ staging_cvs: paths: - ../grype-outputs/*.txt when: on_success - access: all expire_in: "1 week" <<: *staging_common -- GitLab From 094c924cd4ce2e07a9c877b7571bdc617720ba96 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:39:30 +0100 Subject: [PATCH 107/392] grype output table --- capif/templates/ci_staging.gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 940faf3..961b4c1 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -132,8 +132,7 @@ staging_cvs: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - cd $TMP_PWD - echo "### Container Vulnerability Scanning###" - - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers \ - --output table > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt + - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt - echo "----------------------------------------------------" artifacts: untracked: false -- GitLab From 4f5fc74539a396d98393787a33e762240cea01e3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:46:26 +0100 Subject: [PATCH 108/392] conditional if already exists artifacts folder --- capif/templates/ci_staging.gitlab-ci.yml | 35 ++++++++++++++---------- 1 file changed, 21 insertions(+), 14 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 961b4c1..28b3e4a 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -120,20 +120,27 @@ staging_cvs: needs: ["staging_linting_docker"] stage: staging_cvs script: - - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ - - echo "### grype version###" - - ../grype version - - mkdir ../grype-outputs - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - echo "### build and push capif-client image###" - - cd services/capif-client/ - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - - cd $TMP_PWD - - echo "### Container Vulnerability Scanning###" - - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt - - echo "----------------------------------------------------" + - | + curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ + echo "### grype version###" + ../grype version + DIRECTORY=../grype-outputs + if [ ! -d "$DIRECTORY" ]; then + mkdir $DIRECTORY + echo "Directory created" + else + echo "Directory already exists" + fi + export TMP_PWD=$PWD + echo "TMP_PWD=$TMP_PWD" + echo "### build and push capif-client image###" + cd services/capif-client/ + docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . + cd $TMP_PWD + echo "### Container Vulnerability Scanning###" + ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt + echo "----------------------------------------------------" artifacts: untracked: false paths: -- GitLab From d1ce39f27f599b878949873ae4e194283657e99f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:53:18 +0100 Subject: [PATCH 109/392] cat artifact --- capif/templates/ci_staging.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 28b3e4a..fb6ac52 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -141,6 +141,8 @@ staging_cvs: echo "### Container Vulnerability Scanning###" ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt echo "----------------------------------------------------" + cat ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt + artifacts: untracked: false paths: -- GitLab From 31ffbe51ef4b29d2683c4420a80403af288da8a3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 13:57:31 +0100 Subject: [PATCH 110/392] artifacts --- capif/templates/ci_staging.gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index fb6ac52..31f17f0 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -124,7 +124,7 @@ staging_cvs: curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ echo "### grype version###" ../grype version - DIRECTORY=../grype-outputs + DIRECTORY=./grype-outputs if [ ! -d "$DIRECTORY" ]; then mkdir $DIRECTORY echo "Directory created" @@ -139,14 +139,14 @@ staging_cvs: docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . cd $TMP_PWD echo "### Container Vulnerability Scanning###" - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt + ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt echo "----------------------------------------------------" - cat ../grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt + cat ./grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt artifacts: untracked: false paths: - - ../grype-outputs/*.txt + - ./grype-outputs/*.txt when: on_success expire_in: "1 week" <<: *staging_common -- GitLab From 159f38b4731e28592b004cb1653a6b36aec4f0a5 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 14:27:56 +0100 Subject: [PATCH 111/392] grype nginx scanning --- capif/templates/ci_staging.gitlab-ci.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 31f17f0..c31ac22 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -133,16 +133,26 @@ staging_cvs: fi export TMP_PWD=$PWD echo "TMP_PWD=$TMP_PWD" - echo "### build and push capif-client image###" - cd services/capif-client/ + echo "---- variable ----" + export IMAGE_NAME=capif-client + echo "### build and push $IMAGE_NAME image###" + cd services/$IMAGE_NAME/ docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . + docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG . cd $TMP_PWD echo "### Container Vulnerability Scanning###" - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt + ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt + echo "----------------------------------------------------" + echo "---- variable ----" + export IMAGE_NAME=nginx + echo "### build and push $IMAGE_NAME image###" + cd services/$IMAGE_NAME/ + docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG . + cd $TMP_PWD + echo "### Container Vulnerability Scanning###" + ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt echo "----------------------------------------------------" - cat ./grype-outputs/grype_capif-client-$CI_COMMIT_REF_SLUG.txt - artifacts: untracked: false paths: -- GitLab From 6d00b752b67222321c07578f692444fba8863db1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 14:33:27 +0100 Subject: [PATCH 112/392] improving code grype --- capif/templates/ci_staging.gitlab-ci.yml | 55 +++++++++++++++--------- 1 file changed, 35 insertions(+), 20 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index c31ac22..27b33d1 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -121,9 +121,14 @@ staging_cvs: stage: staging_cvs script: - | + # Install grype curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ + + # Print grype version echo "### grype version###" ../grype version + + # Create output directory if it doesn't exist DIRECTORY=./grype-outputs if [ ! -d "$DIRECTORY" ]; then mkdir $DIRECTORY @@ -131,28 +136,38 @@ staging_cvs: else echo "Directory already exists" fi + + # Save current directory export TMP_PWD=$PWD echo "TMP_PWD=$TMP_PWD" - echo "---- variable ----" - export IMAGE_NAME=capif-client - echo "### build and push $IMAGE_NAME image###" - cd services/$IMAGE_NAME/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG . - cd $TMP_PWD - echo "### Container Vulnerability Scanning###" - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt - echo "----------------------------------------------------" - echo "---- variable ----" - export IMAGE_NAME=nginx - echo "### build and push $IMAGE_NAME image###" - cd services/$IMAGE_NAME/ - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG . - cd $TMP_PWD - echo "### Container Vulnerability Scanning###" - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt - echo "----------------------------------------------------" + + # Array of image names + IMAGE_NAMES=("capif-client" "nginx" "register") + + # Loop over image names + for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do + echo "---- variable ----" + echo "### build and push $IMAGE_NAME image###" + + # Navigate to service directory + cd services/$IMAGE_NAME/ + + # Login to Docker registry + docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + + # Build Docker image + docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG . + + # Navigate back to original directory + cd $TMP_PWD + + echo "### Container Vulnerability Scanning###" + + # Scan Docker image with grype and save output to file + ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt + + echo "----------------------------------------------------" + done artifacts: untracked: false paths: -- GitLab From 3656b2f3845a325b3cb643d5c61d3ffdba5f97f3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 14:44:53 +0100 Subject: [PATCH 113/392] improving code --- capif/templates/ci_dev.gitlab-ci.yml | 70 ++++++++-------------- capif/templates/ci_staging.gitlab-ci.yml | 74 +++++++++--------------- 2 files changed, 50 insertions(+), 94 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index f21aa80..f15b99e 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -49,57 +49,33 @@ dev_linting_docker: script: - | # Download hadolint binary - wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint + wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint # Make it executable - chmod +x hadolint - - # Move it to your binaries folder - mv hadolint ../ - - # Verify the installation - ../hadolint --version - - #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - - ../hadolint services/capif-client/Dockerfile || true - ../hadolint services/vault/Dockerfile || true - - echo "### nginx ###" - ../hadolint services/nginx/Dockerfile || true - - echo "### register ###" - ../hadolint services/register/Dockerfile || true - - echo "### TS29222_CAPIF_Access_Control_Policy_API ###" - ../hadolint services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile || true - - echo "### TS29222_CAPIF_API_Invoker_Management_API ###" - ../hadolint services/TS29222_CAPIF_API_Invoker_Management_API/Dockerfile || true + chmod +x hadolint - echo "### TS29222_CAPIF_API_Provider_Management_API ###" - ../hadolint services/TS29222_CAPIF_API_Provider_Management_API/Dockerfile || true - - echo "### TS29222_CAPIF_Auditing_API ###" - ../hadolint services/TS29222_CAPIF_Auditing_API/Dockerfile || true - - echo "### TS29222_CAPIF_Discover_Service_API ###" - ../hadolint services/TS29222_CAPIF_Discover_Service_API/Dockerfile || true - - echo "### TS29222_CAPIF_Events_API ###" - ../hadolint services/TS29222_CAPIF_Events_API/Dockerfile || true - - echo "### TS29222_CAPIF_Logging_API_Invocation_API ###" - ../hadolint services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile || true - - echo "### TS29222_CAPIF_Publish_Service_API ###" - ../hadolint services/TS29222_CAPIF_Publish_Service_API/Dockerfile || true - - echo "### TS29222_CAPIF_Routing_Info_API ###" - ../hadolint services/TS29222_CAPIF_Routing_Info_API/Dockerfile || true + # Move it to your binaries folder + mv hadolint ../ - echo "### TS29222_CAPIF_Security_API ###" - ../hadolint services/TS29222_CAPIF_Security_API/Dockerfile || true + # Verify the installation + echo "### hadolint version ###" + ../hadolint --version + + # Array of service names + SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" + "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" + "vault") + + # Loop over service names + for SERVICE in "${SERVICES[@]}"; do + echo "### $SERVICE ###" + + # Run hadolint on Dockerfile + ../hadolint services/$SERVICE/Dockerfile || true + + echo "----------------------------------------------------" + done # artifacts: # name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # when: always diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 27b33d1..e881a4f 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -54,57 +54,34 @@ staging_linting_docker: script: - | # Download hadolint binary - wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint + wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint # Make it executable - chmod +x hadolint - - # Move it to your binaries folder - mv hadolint ../ - - # Verify the installation - ../hadolint --version - - #find . -name 'services/Dockerfile*' -exec hadolint --no-fail -f gitlab_codeclimate {} + > docker-lint.json - - ../hadolint services/capif-client/Dockerfile || true - ../hadolint services/vault/Dockerfile || true - - echo "### nginx ###" - ../hadolint services/nginx/Dockerfile || true - - echo "### register ###" - ../hadolint services/register/Dockerfile || true - - echo "### TS29222_CAPIF_Access_Control_Policy_API ###" - ../hadolint services/TS29222_CAPIF_Access_Control_Policy_API/Dockerfile || true - - echo "### TS29222_CAPIF_API_Invoker_Management_API ###" - ../hadolint services/TS29222_CAPIF_API_Invoker_Management_API/Dockerfile || true - - echo "### TS29222_CAPIF_API_Provider_Management_API ###" - ../hadolint services/TS29222_CAPIF_API_Provider_Management_API/Dockerfile || true + chmod +x hadolint - echo "### TS29222_CAPIF_Auditing_API ###" - ../hadolint services/TS29222_CAPIF_Auditing_API/Dockerfile || true - - echo "### TS29222_CAPIF_Discover_Service_API ###" - ../hadolint services/TS29222_CAPIF_Discover_Service_API/Dockerfile || true - - echo "### TS29222_CAPIF_Events_API ###" - ../hadolint services/TS29222_CAPIF_Events_API/Dockerfile || true - - echo "### TS29222_CAPIF_Logging_API_Invocation_API ###" - ../hadolint services/TS29222_CAPIF_Logging_API_Invocation_API/Dockerfile || true - - echo "### TS29222_CAPIF_Publish_Service_API ###" - ../hadolint services/TS29222_CAPIF_Publish_Service_API/Dockerfile || true + # Move it to your binaries folder + mv hadolint ../ - echo "### TS29222_CAPIF_Routing_Info_API ###" - ../hadolint services/TS29222_CAPIF_Routing_Info_API/Dockerfile || true + # Verify the installation + echo "### hadolint version ###" + ../hadolint --version + + # Array of service names + SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" + "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" + "vault") + + # Loop over service names + for SERVICE in "${SERVICES[@]}"; do + echo "### $SERVICE ###" + + # Run hadolint on Dockerfile + ../hadolint services/$SERVICE/Dockerfile || true + + echo "----------------------------------------------------" + done - echo "### TS29222_CAPIF_Security_API ###" - ../hadolint services/TS29222_CAPIF_Security_API/Dockerfile || true # artifacts: # name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" # when: always @@ -142,7 +119,10 @@ staging_cvs: echo "TMP_PWD=$TMP_PWD" # Array of image names - IMAGE_NAMES=("capif-client" "nginx" "register") + IMAGE_NAMES=("capif-client" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" + "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" + "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") # Loop over image names for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do -- GitLab From d1bf59db749b1cd652985d1c3a956de7f148fb18 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 14:54:42 +0100 Subject: [PATCH 114/392] IMAGE_LOWER --- capif/templates/ci_staging.gitlab-ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index e881a4f..38e7e7f 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -126,6 +126,9 @@ staging_cvs: # Loop over image names for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do + # Convert SERVICE to lowercase + IMAGE_LOWER=${IMAGE_NAME,,} + echo "---- variable ----" echo "### build and push $IMAGE_NAME image###" @@ -136,7 +139,7 @@ staging_cvs: docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY # Build Docker image - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG . + docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:$CI_COMMIT_REF_SLUG . # Navigate back to original directory cd $TMP_PWD @@ -144,7 +147,7 @@ staging_cvs: echo "### Container Vulnerability Scanning###" # Scan Docker image with grype and save output to file - ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_NAME:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt + ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt echo "----------------------------------------------------" done -- GitLab From e0fcf32f8390d10b260073dbb581381db510de4e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 14:59:13 +0100 Subject: [PATCH 115/392] echo $IMAGE_NAME --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 38e7e7f..05d6e72 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -144,7 +144,7 @@ staging_cvs: # Navigate back to original directory cd $TMP_PWD - echo "### Container Vulnerability Scanning###" + echo "### Container Vulnerability Scanning $IMAGE_NAME###" # Scan Docker image with grype and save output to file ../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:$CI_COMMIT_REF_SLUG --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-$CI_COMMIT_REF_SLUG.txt -- GitLab From 8bceae45fa1c33cb2dcee4b0f9078cd3091b150a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 15:04:37 +0100 Subject: [PATCH 116/392] no commands in delete_ocf_dev and delete_ocf_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 9fef989..880cf03 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -83,7 +83,7 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" - - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: name: review/staging @@ -147,7 +147,7 @@ delete_ocf_dev: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_DEV###" - - helm uninstall -n $NAMESPACE_DEV ocf --kubeconfig ~/cluster.kubeconfig +# - helm uninstall -n $NAMESPACE_DEV ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: name: review/$CI_COMMIT_REF_SLUG -- GitLab From dc03533e96b0aedface445cc6fd4356a1f0c9555 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 15:07:39 +0100 Subject: [PATCH 117/392] unit_tests template --- capif/templates/ci_unit_test.gitlab-ci.yml | 25 ++++++++++++++++++++++ 1 file changed, 25 insertions(+) create mode 100644 capif/templates/ci_unit_test.gitlab-ci.yml diff --git a/capif/templates/ci_unit_test.gitlab-ci.yml b/capif/templates/ci_unit_test.gitlab-ci.yml new file mode 100644 index 0000000..32f606f --- /dev/null +++ b/capif/templates/ci_unit_test.gitlab-ci.yml @@ -0,0 +1,25 @@ +stages: + - staging_unit_tests + +variables: + CI_JOB_TOKEN: $CI_JOB_TOKEN + CI_DEBUG_TRACE: "false" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + +.staging_common: &staging_common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + tags: + - shell + +staging_unit_tests: + stage: staging_unit_tests + script: + - | + echo "------- Unit Tests -------" + <<: *staging_common -- GitLab From 138ce410d2da66640a21b811547a70ce8e31bd90 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 15:09:47 +0100 Subject: [PATCH 118/392] ci_unit_test --- capif/.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 17a0cc6..9c1cf31 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -11,6 +11,7 @@ stages: - staging_linting_docker - staging_cvs - staging_build_and_push + - staging_unit_tests # - dev_pulling_repo - dev_secrets_in_repo - dev_linting_code @@ -91,6 +92,7 @@ include: file: - '/capif/templates/ci_staging.gitlab-ci.yml' - 'capif/templates/ci_dev.gitlab-ci.yml' + - 'capif/templates/ci_unit_test.gitlab-ci.yml' - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' -- GitLab From bc712e8852cae83971c4d16fb5ea6385a71d2a94 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 15:39:03 +0100 Subject: [PATCH 119/392] merge_request_staging_into_main --- capif/.gitlab-ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9c1cf31..f4012cc 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,4 +1,5 @@ stages: + - merge_request_staging_into_main - staging_cancel_previous_action - workflow_ci - ci_in_staging @@ -27,6 +28,7 @@ variables: GITLAB_API: "https://labs.etsi.org/api/v4" CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "true" + PROJECT_ID: "294" .staging_common: &staging_common only: @@ -96,6 +98,26 @@ include: - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' +merge_request_staging_into_main: + stage: merge_request_staging_into_main + script: + - > + if [ "$CI_COMMIT_REF_NAME" == "staging" ]; then + # Variables + SOURCE_BRANCH="staging" + TARGET_BRANCH="main" + TITLE="Merge staging into main created by GitLab CICD" + + # Create Merge Request + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ + --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ + "$GITLAB_API/projects/$PROJECT_ID/merge_requests" + else + echo "Nothing to do" + fi + only: + - staging + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 263847bf372b42c218f41259f9238ea263fbf786 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 16:25:32 +0100 Subject: [PATCH 120/392] staging_security --- capif/templates/ci_staging.gitlab-ci.yml | 20 +++++++++++++++++--- 1 file changed, 17 insertions(+), 3 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 05d6e72..ba2ecfa 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -3,7 +3,7 @@ stages: - staging_secrets_in_repo - staging_linting_code - staging_linting_docker - - staging_cvs + - staging_security - staging_build_and_push variables: @@ -95,7 +95,7 @@ staging_linting_docker: staging_cvs: needs: ["staging_linting_docker"] - stage: staging_cvs + stage: staging_security script: - | # Install grype @@ -159,8 +159,22 @@ staging_cvs: expire_in: "1 week" <<: *staging_common +staging_sast: + needs: ["staging_linting_docker"] + stage: staging_security + script: + - | + echo "------ Static Application Security Testing ------" + +staging_sca: + needs: ["staging_linting_docker"] + stage: staging_security + script: + - | + echo "------ Software Composition Analysis ------" + staging_build_and_push: - needs: ["staging_cvs"] + needs: ["staging_security"] stage: staging_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 33280bcaa33aae5840ab8ef309f27f498d74818a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 16:25:40 +0100 Subject: [PATCH 121/392] ci_main cicd --- capif/.gitlab-ci.yml | 4 +- capif/templates/ci_main.gitlab-ci.yml | 233 ++++++++++++++++++++++++++ 2 files changed, 236 insertions(+), 1 deletion(-) create mode 100644 capif/templates/ci_main.gitlab-ci.yml diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f4012cc..50f5bc1 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -10,7 +10,7 @@ stages: - staging_secrets_in_repo - staging_linting_code - staging_linting_docker - - staging_cvs + - staging_security - staging_build_and_push - staging_unit_tests # - dev_pulling_repo @@ -96,6 +96,8 @@ include: - 'capif/templates/ci_dev.gitlab-ci.yml' - 'capif/templates/ci_unit_test.gitlab-ci.yml' - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' +# - 'capif/templates/ci_main.gitlab-ci.yml' + merge_request_staging_into_main: diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml new file mode 100644 index 0000000..5bd88a4 --- /dev/null +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -0,0 +1,233 @@ +stages: +# - main_pulling_repo + - main_secrets_in_repo + - main_linting_code + - main_linting_docker + - main_cvs + - main_build_and_push + +variables: + CI_JOB_TOKEN: $CI_JOB_TOKEN + CI_DEBUG_TRACE: "false" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + +.main_common: &main_common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" + tags: + - shell + +main_secrets_in_repo: + stage: main_secrets_in_repo + script: + - | + pip install trufflehog + cd ../ + #trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 + <<: *main_common + +# define the process to do linting code: Sonarque, ruff? +main_linting_code: + stage: main_linting_code + script: + - | + echo "###ruff checks###" + #pip install ruff + #ruff check --config cicd/ruff.toml . || true + needs: ["main_secrets_in_repo"] + <<: *main_common + +main_linting_docker: + stage: main_linting_docker + script: + - | + # Download hadolint binary + wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint + + # Make it executable + chmod +x hadolint + + # Move it to your binaries folder + mv hadolint ../ + + # Verify the installation + echo "### hadolint version ###" + ../hadolint --version + + # Array of service names + SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" + "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" + "vault") + + # Loop over service names + for SERVICE in "${SERVICES[@]}"; do + echo "### $SERVICE ###" + + # Run hadolint on Dockerfile + #../hadolint services/$SERVICE/Dockerfile || true + + echo "----------------------------------------------------" + done + +# artifacts: +# name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" +# when: always +# reports: +# codequality: +# - docker-lint.json +# interruptible: true + needs: ["main_linting_code"] + <<: *main_common + + +main_cvs: + needs: ["main_linting_docker"] + stage: main_cvs + script: + - | + # Install grype + curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ + + # Print grype version + echo "### grype version###" + ../grype version + + # Create output directory if it doesn't exist + DIRECTORY=./grype-outputs + if [ ! -d "$DIRECTORY" ]; then + mkdir $DIRECTORY + echo "Directory created" + else + echo "Directory already exists" + fi + + # Save current directory + export TMP_PWD=$PWD + echo "TMP_PWD=$TMP_PWD" + + # Array of image names + IMAGE_NAMES=("capif-client" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" + "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" + "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") + + # Loop over image names + for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do + # Convert SERVICE to lowercase + IMAGE_LOWER=${IMAGE_NAME,,} + + echo "---- variable ----" + echo "### build and push $IMAGE_NAME image###" + + # Navigate to service directory + cd services/$IMAGE_NAME/ + + # Login to Docker registry + docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + + # Build Docker image + docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . + + # Navigate back to original directory + cd $TMP_PWD + + echo "### Container Vulnerability Scanning $IMAGE_NAME###" + + # Scan Docker image with grype and save output to file + #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt + + echo "----------------------------------------------------" + done + artifacts: + untracked: false + paths: + - ./grype-outputs/*.txt + when: on_success + expire_in: "1 week" + <<: *main_common + +main_build_and_push: + needs: ["main_cvs"] + stage: main_build_and_push + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "### build and push capif-client image###" +# - cd services/capif-client/ +# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:latest +# - echo "----------------------------------------------------" +# - echo "### build and push nginx image###" +# - cd $TMP_PWD/services/nginx/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest +# - echo "----------------------------------------------------" +# - echo "### build and push register image###" +# - cd $TMP_PWD/services/register/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Auditing_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Events_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Security_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:latest +# - echo "----------------------------------------------------" +# - echo "### build and push vault image###" +# - cd $TMP_PWD/services/vault/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:latest . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:latest +# - echo "----------------------------------------------------" +# - docker logout $CI_REGISTRY + <<: *main_common -- GitLab From 895c5d3cd264541830e2c1970602f0426a90d8f0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 26 Mar 2024 16:26:41 +0100 Subject: [PATCH 122/392] main_security --- capif/templates/ci_main.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml index 5bd88a4..ce020a8 100644 --- a/capif/templates/ci_main.gitlab-ci.yml +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -3,7 +3,7 @@ stages: - main_secrets_in_repo - main_linting_code - main_linting_docker - - main_cvs + - main_security - main_build_and_push variables: @@ -88,7 +88,7 @@ main_linting_docker: main_cvs: needs: ["main_linting_docker"] - stage: main_cvs + stage: main_security script: - | # Install grype @@ -153,7 +153,7 @@ main_cvs: <<: *main_common main_build_and_push: - needs: ["main_cvs"] + needs: ["main_security"] stage: main_build_and_push script: - export TMP_PWD=$PWD -- GitLab From ae9b46e3116037d186c0fc73c640abc106dd15e4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 08:28:15 +0100 Subject: [PATCH 123/392] sast template --- capif/.gitlab-ci.yml | 16 ++++++++++++---- 1 file changed, 12 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 50f5bc1..0ace2a8 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,10 +1,8 @@ stages: + - test # to Security and Compliance gitLab + - main_security - merge_request_staging_into_main - staging_cancel_previous_action - - workflow_ci - - ci_in_staging - - ci_deploy_in_staging - - cleaning_in_staging - dev_cancel_previous_action # - staging_pulling_repo - staging_secrets_in_repo @@ -89,6 +87,7 @@ dev_cancel_previous_action: <<: *dev_common include: + - template: Security/SAST.gitlab-ci.yml - project: 'ocf/pipeline-scripts' ref: cicd-capif file: @@ -120,6 +119,15 @@ merge_request_staging_into_main: only: - staging +sast: + stage: main_security + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 04df0bedaa1507237bcbaee8b01a90926c2a7c60 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 08:32:55 +0100 Subject: [PATCH 124/392] staging_sca --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index ba2ecfa..c402fd8 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -174,7 +174,7 @@ staging_sca: echo "------ Software Composition Analysis ------" staging_build_and_push: - needs: ["staging_security"] + needs: ["staging_sca"] stage: staging_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 94fd7e8e7735f988bea46aa64c564cccb5a0aaf4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 08:35:42 +0100 Subject: [PATCH 125/392] <<: *staging_common --- capif/templates/ci_staging.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index c402fd8..849b27c 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -165,6 +165,7 @@ staging_sast: script: - | echo "------ Static Application Security Testing ------" + <<: *staging_common staging_sca: needs: ["staging_linting_docker"] @@ -172,6 +173,7 @@ staging_sca: script: - | echo "------ Software Composition Analysis ------" + <<: *staging_common staging_build_and_push: needs: ["staging_sca"] -- GitLab From b3a8a0da8d6f68c716ee2edbda62dc654919d83a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 08:49:15 +0100 Subject: [PATCH 126/392] sast --- capif/.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0ace2a8..9e3a35b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,6 +1,7 @@ stages: - test # to Security and Compliance gitLab - main_security + - sast - merge_request_staging_into_main - staging_cancel_previous_action - dev_cancel_previous_action @@ -27,6 +28,7 @@ variables: CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "true" PROJECT_ID: "294" + SAST_DEFAULT_ANALYZERS: "bandit" .staging_common: &staging_common only: -- GitLab From 51567a72d86323d59becd4cfb6add350590ba0a2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 08:51:42 +0100 Subject: [PATCH 127/392] script sast --- capif/.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9e3a35b..42f86c4 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -127,6 +127,8 @@ sast: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' when: always - when: never + script: + - echo "This is the SAST stage for your Python project." tags: - docker -- GitLab From eab6de12e5a55c3193716d354662334c5d6d044f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 09:07:34 +0100 Subject: [PATCH 128/392] ls -lrta --- capif/.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 42f86c4..661dd1e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -128,7 +128,9 @@ sast: when: always - when: never script: - - echo "This is the SAST stage for your Python project." + - | + echo "This is the SAST stage for your Python project." + ls -lrta tags: - docker -- GitLab From 7369216836454e85b53f89857e05a1f802d79fff Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 10:06:42 +0100 Subject: [PATCH 129/392] artifact --- capif/.gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 661dd1e..0dee824 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -131,6 +131,9 @@ sast: - | echo "This is the SAST stage for your Python project." ls -lrta + artifacts: + reports: + sast: gl-sast-report.json tags: - docker -- GitLab From 88b52ea08e2479486368771bb9f7f0a9c169cf90 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 10:26:08 +0100 Subject: [PATCH 130/392] main_build_pip --- capif/.gitlab-ci.yml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0dee824..e0d490d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,5 +1,6 @@ stages: - test # to Security and Compliance gitLab + - main_build - main_security - sast - merge_request_staging_into_main @@ -28,7 +29,8 @@ variables: CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "true" PROJECT_ID: "294" - SAST_DEFAULT_ANALYZERS: "bandit" + SAST_DEFAULT_ANALYZERS: "bandit" # to sast + COMPILE: "false" # to sast .staging_common: &staging_common only: @@ -121,8 +123,25 @@ merge_request_staging_into_main: only: - staging +main_build_pip: + stage: main_build + tags: + - shell + script: + - | + pip install -r services/TS29222_CAPIF_Access_Control_Policy_API/requirements.txt + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + artifacts: + paths: + - ./ + sast: stage: main_security + needs: + - main_build_pip rules: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' when: always -- GitLab From 6ac5f73105e1b91c39862857ceaf38cd8d0f127b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 11:13:21 +0100 Subject: [PATCH 131/392] sast --- capif/.gitlab-ci.yml | 25 +------------------------ 1 file changed, 1 insertion(+), 24 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e0d490d..b13c6f0 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,6 +1,5 @@ stages: - test # to Security and Compliance gitLab - - main_build - main_security - sast - merge_request_staging_into_main @@ -30,7 +29,6 @@ variables: CI_DEBUG_TRACE: "true" PROJECT_ID: "294" SAST_DEFAULT_ANALYZERS: "bandit" # to sast - COMPILE: "false" # to sast .staging_common: &staging_common only: @@ -91,7 +89,7 @@ dev_cancel_previous_action: <<: *dev_common include: - - template: Security/SAST.gitlab-ci.yml + - template: 'Jobs/SAST.gitlab-ci.yml' - project: 'ocf/pipeline-scripts' ref: cicd-capif file: @@ -123,25 +121,8 @@ merge_request_staging_into_main: only: - staging -main_build_pip: - stage: main_build - tags: - - shell - script: - - | - pip install -r services/TS29222_CAPIF_Access_Control_Policy_API/requirements.txt - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - artifacts: - paths: - - ./ - sast: stage: main_security - needs: - - main_build_pip rules: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' when: always @@ -149,10 +130,6 @@ sast: script: - | echo "This is the SAST stage for your Python project." - ls -lrta - artifacts: - reports: - sast: gl-sast-report.json tags: - docker -- GitLab From c2718ea832a9a3adadd7b52d4d17bbd063aac997 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Mar 2024 11:45:32 +0100 Subject: [PATCH 132/392] variables in sast job --- capif/.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b13c6f0..5451b75 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -28,7 +28,6 @@ variables: CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "true" PROJECT_ID: "294" - SAST_DEFAULT_ANALYZERS: "bandit" # to sast .staging_common: &staging_common only: @@ -122,6 +121,9 @@ merge_request_staging_into_main: - staging sast: + variables: + SAST_DEFAULT_ANALYZERS: "bandit" # to sast + CI_DEBUG_TRACE: "true" stage: main_security rules: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' -- GitLab From 77e4805bb7d6c3d0d6937a12a4ea6ff6a6805df1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 16:41:43 +0200 Subject: [PATCH 133/392] sast --- capif/.gitlab-ci.yml | 61 +++++++++++++++++++++++++++++++++++++------- 1 file changed, 52 insertions(+), 9 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 5451b75..a9ebed0 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -120,20 +120,63 @@ merge_request_staging_into_main: only: - staging +#sast: +# variables: +# SAST_DEFAULT_ANALYZERS: "bandit" # to sast +# CI_DEBUG_TRACE: "true" +# stage: main_security +# rules: +# - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' +# when: always +# - when: never +# script: +# - | +# echo "This is the SAST stage for your Python project." +# tags: +# - docker + + +test: + stage: main_security + script: + - | + pip install -U pytest + pytest capif/services/register + tags: + - shell + + sast: - variables: - SAST_DEFAULT_ANALYZERS: "bandit" # to sast - CI_DEBUG_TRACE: "true" stage: main_security - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never + variables: +# DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 + allow_failure: true + services: + - docker:24.0.5-dind script: + - export SAST_VERSION=${SP_VERSION:-$(echo \"$CI_SERVER_VERSION\" | sed 's/^\\([0-9]*\\)\\.\\([0-9]*\\).*/\\1-\\2-stable/')} - | - echo "This is the SAST stage for your Python project." + docker run \ + --env SAST_ANALYZER_IMAGES \ + --env SAST_ANALYZER_IMAGE_PREFIX \ + --env SAST_ANALYZER_IMAGE_TAG \ + --env SAST_DEFAULT_ANALYZERS=bandit \ + --env SAST_BRAKEMAN_LEVEL \ + --env SAST_GOSEC_LEVEL \ + --env SAST_FLAWFINDER_LEVEL \ + --env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ + --env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ + --env SAST_RUN_ANALYZER_TIMEOUT \ + --volume \"$PWD:/code\" \ + --volume /var/run/docker.sock:/var/run/docker.sock \ + \"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION\" /app/bin/run services/register + dependencies: [] + artifacts: + reports: + sast: gl-sast-report.json tags: - - docker + - docker-in-docker #ci_in_staging: # stage: ci_in_staging -- GitLab From 72aa0e4c4ef4c14ac5af915d4a023cb62093a554 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 16:43:09 +0200 Subject: [PATCH 134/392] rules --- capif/.gitlab-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index a9ebed0..4e92a3d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -138,6 +138,10 @@ merge_request_staging_into_main: test: stage: main_security + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never script: - | pip install -U pytest @@ -154,6 +158,10 @@ sast: allow_failure: true services: - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never script: - export SAST_VERSION=${SP_VERSION:-$(echo \"$CI_SERVER_VERSION\" | sed 's/^\\([0-9]*\\)\\.\\([0-9]*\\).*/\\1-\\2-stable/')} - | -- GitLab From 72484662a325e00dd76cb8896f61997c258372a8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 17:16:56 +0200 Subject: [PATCH 135/392] SAST_EXCLUDED_ANALYZERS --- capif/.gitlab-ci.yml | 17 ++--------------- 1 file changed, 2 insertions(+), 15 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 4e92a3d..235a4e4 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -136,20 +136,6 @@ merge_request_staging_into_main: # - docker -test: - stage: main_security - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - script: - - | - pip install -U pytest - pytest capif/services/register - tags: - - shell - - sast: stage: main_security variables: @@ -176,9 +162,10 @@ sast: --env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ --env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ --env SAST_RUN_ANALYZER_TIMEOUT \ + --env SAST_EXCLUDED_ANALYZERS=nodejs-scan \ --volume \"$PWD:/code\" \ --volume /var/run/docker.sock:/var/run/docker.sock \ - \"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION\" /app/bin/run services/register + \"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION\" /app/bin/run capif/services/register/register_service dependencies: [] artifacts: reports: -- GitLab From 058e77776ebd4c8e0f4b3bec8089014b1db8856a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 17:33:19 +0200 Subject: [PATCH 136/392] ignore nodejs-scan-sast --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 235a4e4..823191d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -173,6 +173,7 @@ sast: tags: - docker-in-docker +.nodejs-scan-sast: {} #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 6a01749c6577ee5b08ee3e8f31fe225720a13a23 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 17:39:02 +0200 Subject: [PATCH 137/392] variables --- capif/.gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 823191d..b29037a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -141,6 +141,8 @@ sast: variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 + SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" + SAST_DEFAULT_ANALYZERS: bandit allow_failure: true services: - docker:24.0.5-dind @@ -155,14 +157,13 @@ sast: --env SAST_ANALYZER_IMAGES \ --env SAST_ANALYZER_IMAGE_PREFIX \ --env SAST_ANALYZER_IMAGE_TAG \ - --env SAST_DEFAULT_ANALYZERS=bandit \ + --env SAST_DEFAULT_ANALYZERS \ --env SAST_BRAKEMAN_LEVEL \ --env SAST_GOSEC_LEVEL \ --env SAST_FLAWFINDER_LEVEL \ --env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ --env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ --env SAST_RUN_ANALYZER_TIMEOUT \ - --env SAST_EXCLUDED_ANALYZERS=nodejs-scan \ --volume \"$PWD:/code\" \ --volume /var/run/docker.sock:/var/run/docker.sock \ \"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION\" /app/bin/run capif/services/register/register_service -- GitLab From 9240099ea0332d7a68a7a6d4541c2e06c38f0f3f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 17:39:21 +0200 Subject: [PATCH 138/392] job nodejs ignored --- capif/.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b29037a..bfd3b26 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -174,7 +174,6 @@ sast: tags: - docker-in-docker -.nodejs-scan-sast: {} #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 1a0cb23548ed17c1aaf09b19f6fe3bc1d507acc9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 17:47:29 +0200 Subject: [PATCH 139/392] bandit --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index bfd3b26..29f7475 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -136,7 +136,7 @@ merge_request_staging_into_main: # - docker -sast: +main_sast: stage: main_security variables: # DOCKER_DRIVER: overlay2 -- GitLab From 74eba925938159cb3e18c606ce750de1984bb689 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 4 Apr 2024 18:04:14 +0200 Subject: [PATCH 140/392] test --- capif/.gitlab-ci.yml | 61 ++++++++++++++++++++++++++++---------------- 1 file changed, 39 insertions(+), 22 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 29f7475..f8e7f8b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -136,7 +136,45 @@ merge_request_staging_into_main: # - docker -main_sast: +#sast: +# stage: main_security +# variables: +## DOCKER_DRIVER: overlay2 +# DOCKER_HOST: tcp://docker:2375 +# SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" +# SAST_DEFAULT_ANALYZERS: bandit +# allow_failure: true +# services: +# - docker:24.0.5-dind +# rules: +# - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' +# when: always +# - when: never +# script: +# - export SAST_VERSION=${SP_VERSION:-$(echo \"$CI_SERVER_VERSION\" | sed 's/^\\([0-9]*\\)\\.\\([0-9]*\\).*/\\1-\\2-stable/')} +# - | +# docker run \ +# --env SAST_ANALYZER_IMAGES \ +# --env SAST_ANALYZER_IMAGE_PREFIX \ +# --env SAST_ANALYZER_IMAGE_TAG \ +# --env SAST_DEFAULT_ANALYZERS \ +# --env SAST_BRAKEMAN_LEVEL \ +# --env SAST_GOSEC_LEVEL \ +# --env SAST_FLAWFINDER_LEVEL \ +# --env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ +# --env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ +# --env SAST_RUN_ANALYZER_TIMEOUT \ +# --volume \"$PWD:/code\" \ +# --volume /var/run/docker.sock:/var/run/docker.sock \ +# \"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION\" /app/bin/run capif/services/register/register_service +# dependencies: [] +# artifacts: +# reports: +# sast: gl-sast-report.json +# tags: +# - docker-in-docker + +semgrep-sast: stage: main_security variables: # DOCKER_DRIVER: overlay2 @@ -150,27 +188,6 @@ main_sast: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' when: always - when: never - script: - - export SAST_VERSION=${SP_VERSION:-$(echo \"$CI_SERVER_VERSION\" | sed 's/^\\([0-9]*\\)\\.\\([0-9]*\\).*/\\1-\\2-stable/')} - - | - docker run \ - --env SAST_ANALYZER_IMAGES \ - --env SAST_ANALYZER_IMAGE_PREFIX \ - --env SAST_ANALYZER_IMAGE_TAG \ - --env SAST_DEFAULT_ANALYZERS \ - --env SAST_BRAKEMAN_LEVEL \ - --env SAST_GOSEC_LEVEL \ - --env SAST_FLAWFINDER_LEVEL \ - --env SAST_DOCKER_CLIENT_NEGOTIATION_TIMEOUT \ - --env SAST_PULL_ANALYZER_IMAGE_TIMEOUT \ - --env SAST_RUN_ANALYZER_TIMEOUT \ - --volume \"$PWD:/code\" \ - --volume /var/run/docker.sock:/var/run/docker.sock \ - \"registry.gitlab.com/gitlab-org/security-products/sast:$SAST_VERSION\" /app/bin/run capif/services/register/register_service - dependencies: [] - artifacts: - reports: - sast: gl-sast-report.json tags: - docker-in-docker -- GitLab From 3f948250ba372005f0e7851aac9de83bdc022bcc Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 10:31:55 +0200 Subject: [PATCH 141/392] SAST_EXCLUDED_ANALYZERS: --- capif/.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f8e7f8b..e0c8797 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -179,7 +179,8 @@ semgrep-sast: variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 - SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" +# SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" + SAST_EXCLUDED_ANALYZERS: "nodejs-scan" SAST_DEFAULT_ANALYZERS: bandit allow_failure: true services: -- GitLab From 373c319448742e1fc59f6a40bb1e8a32f25c87b2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 10:36:23 +0200 Subject: [PATCH 142/392] kubesec-sast --- capif/.gitlab-ci.yml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e0c8797..746272a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -192,6 +192,23 @@ semgrep-sast: tags: - docker-in-docker +kubesec-sast: + stage: main_security + variables: +# DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 + SAST_EXCLUDED_ANALYZERS: "nodejs-scan" + SCAN_KUBERNETES_MANIFESTS: "true" + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 1ca8694a3a429294e551b80eb0d47610a91a5026 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 10:44:17 +0200 Subject: [PATCH 143/392] nodejs-scan-sast --- capif/.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 746272a..9bc7b86 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -174,6 +174,8 @@ merge_request_staging_into_main: # tags: # - docker-in-docker +.nodejs-scan-sast: {} + semgrep-sast: stage: main_security variables: -- GitLab From cd1061c09654b6bb7621b6f888cd81a67f385129 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 11:01:47 +0200 Subject: [PATCH 144/392] gemnasium-python-dependency_scanning --- capif/.gitlab-ci.yml | 20 ++++++++++++++++---- 1 file changed, 16 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9bc7b86..c894db0 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -28,6 +28,7 @@ variables: CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "true" PROJECT_ID: "294" + SAST_EXCLUDED_ANALYZERS: "nodejs-scan" .staging_common: &staging_common only: @@ -89,6 +90,7 @@ dev_cancel_previous_action: include: - template: 'Jobs/SAST.gitlab-ci.yml' + - template: 'Jobs/Dependency-Scanning.gitlab-ci.yml' - project: 'ocf/pipeline-scripts' ref: cicd-capif file: @@ -174,15 +176,12 @@ merge_request_staging_into_main: # tags: # - docker-in-docker -.nodejs-scan-sast: {} - semgrep-sast: stage: main_security variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 # SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" - SAST_EXCLUDED_ANALYZERS: "nodejs-scan" SAST_DEFAULT_ANALYZERS: bandit allow_failure: true services: @@ -199,7 +198,6 @@ kubesec-sast: variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 - SAST_EXCLUDED_ANALYZERS: "nodejs-scan" SCAN_KUBERNETES_MANIFESTS: "true" allow_failure: true services: @@ -211,6 +209,20 @@ kubesec-sast: tags: - docker-in-docker +gemnasium-python-dependency_scanning: + stage: main_security + variables: + DS_ANALYZER_NAME: "gemnasium-python" + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 1c4ef9793a6667dfb05271495064d61bd488d3bb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 11:50:35 +0200 Subject: [PATCH 145/392] container_scanning_nginx --- capif/.gitlab-ci.yml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index c894db0..513077c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -29,6 +29,9 @@ variables: CI_DEBUG_TRACE: "true" PROJECT_ID: "294" SAST_EXCLUDED_ANALYZERS: "nodejs-scan" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .staging_common: &staging_common only: @@ -91,6 +94,7 @@ dev_cancel_previous_action: include: - template: 'Jobs/SAST.gitlab-ci.yml' - template: 'Jobs/Dependency-Scanning.gitlab-ci.yml' + - template: 'Jobs/Container-Scanning.gitlab-ci.yml' - project: 'ocf/pipeline-scripts' ref: cicd-capif file: @@ -223,6 +227,28 @@ gemnasium-python-dependency_scanning: tags: - docker-in-docker +container_scanning_nginx: + stage: main_security + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" +# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + variables: +# CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA + CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + CS_DOCKERFILE_PATH: capif/services/nginx/ + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From b5d18fa7961dc839a5571deb18f555a23035a02f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 11:51:20 +0200 Subject: [PATCH 146/392] before_script --- capif/.gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 513077c..eeaa72d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -229,9 +229,7 @@ gemnasium-python-dependency_scanning: container_scanning_nginx: stage: main_security - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" +# before_script: # - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY variables: # CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA -- GitLab From fe4a2353b97bba826b7fcb05647f39a5f2cb68ac Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 11:52:40 +0200 Subject: [PATCH 147/392] container_scanning --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index eeaa72d..f21d2e0 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -227,7 +227,7 @@ gemnasium-python-dependency_scanning: tags: - docker-in-docker -container_scanning_nginx: +container_scanning: stage: main_security # before_script: # - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY -- GitLab From c84d003b8a30d261fd29572391ed915deaccddf2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 11:58:42 +0200 Subject: [PATCH 148/392] container_scanning_nginx --- capif/.gitlab-ci.yml | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f21d2e0..e7c0db4 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -227,10 +227,32 @@ gemnasium-python-dependency_scanning: tags: - docker-in-docker -container_scanning: +#container_scanning: +# stage: main_security +## before_script: +## - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY +# variables: +## CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA +# CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# CS_DOCKERFILE_PATH: capif/services/nginx/ +# allow_failure: true +# services: +# - docker:24.0.5-dind +# rules: +# - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' +# when: always +# - when: never +# tags: +# - docker-in-docker + +container_scanning_nginx: stage: main_security -# before_script: -# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + extends: .container_scanning variables: # CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG -- GitLab From b812e266bc66741d593321ef260edbb970e132d0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:03:27 +0200 Subject: [PATCH 149/392] extends: container_scanning --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e7c0db4..25722e6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -252,7 +252,7 @@ container_scanning_nginx: before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - extends: .container_scanning + extends: container_scanning variables: # CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG -- GitLab From d18ad377a7b369b2eabdf9da7ea795bdb09f49ab Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:09:35 +0200 Subject: [PATCH 150/392] CS_DOCKERFILE_PATH --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 25722e6..497aa0d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -258,7 +258,7 @@ container_scanning_nginx: CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - CS_DOCKERFILE_PATH: capif/services/nginx/ + CS_DOCKERFILE_PATH: services/nginx/ allow_failure: true services: - docker:24.0.5-dind -- GitLab From 60534ad83df00ce3d4776f8494028e8c586ed2cc Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:15:29 +0200 Subject: [PATCH 151/392] ls -lrta --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 497aa0d..8dffcfb 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -252,6 +252,7 @@ container_scanning_nginx: before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" + - ls -lrta extends: container_scanning variables: # CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA -- GitLab From 16e2bc1cb081522b6d250a13558c84a0ac487261 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:24:01 +0200 Subject: [PATCH 152/392] CS_DEFAULT_BRANCH_IMAGE --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8dffcfb..fa7df55 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -255,11 +255,11 @@ container_scanning_nginx: - ls -lrta extends: container_scanning variables: -# CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA + CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - CS_DOCKERFILE_PATH: services/nginx/ +# CS_DOCKERFILE_PATH: services/nginx/ allow_failure: true services: - docker:24.0.5-dind -- GitLab From 247626008b42d2349ccb54bc85c8021ae459b72a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:24:33 +0200 Subject: [PATCH 153/392] # CS_DOCKERFILE_PATH: --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index fa7df55..54ca91a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -255,7 +255,7 @@ container_scanning_nginx: - ls -lrta extends: container_scanning variables: - CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA +# CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -- GitLab From a1c5af1a0925cb5b6de87741ca5d76936d8566bf Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:45:31 +0200 Subject: [PATCH 154/392] CI_IMAGE: --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 54ca91a..2dbec48 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -256,7 +256,7 @@ container_scanning_nginx: extends: container_scanning variables: # CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA - CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY # CS_DOCKERFILE_PATH: services/nginx/ -- GitLab From 542d4de2a31afed1eddcd1524b9d5054383196b2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 12:50:32 +0200 Subject: [PATCH 155/392] CS_DEFAULT_BRANCH_IMAGE: --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 2dbec48..3d93b0f 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -255,7 +255,7 @@ container_scanning_nginx: - ls -lrta extends: container_scanning variables: -# CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA + CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -- GitLab From a312e97ee5f67e61d66b8ecd950f6db8de320d8e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 13:06:03 +0200 Subject: [PATCH 156/392] CS_IMAGE --- capif/.gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 3d93b0f..5155715 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -252,11 +252,12 @@ container_scanning_nginx: before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - ls -lrta extends: container_scanning variables: - CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx - CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY # CS_DOCKERFILE_PATH: services/nginx/ -- GitLab From d4dca0c61c00d2c34649bc7c0bbac75476260724 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 13:11:18 +0200 Subject: [PATCH 157/392] docker login --- capif/.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 5155715..28645f6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -254,13 +254,14 @@ container_scanning_nginx: - echo "TMP_PWD=$TMP_PWD" - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - ls -lrta + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY extends: container_scanning variables: CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# CS_DOCKERFILE_PATH: services/nginx/ + CS_DOCKERFILE_PATH: capif/services/nginx/ allow_failure: true services: - docker:24.0.5-dind -- GitLab From cbb981a06f783770cddbf8959ca287c8022ba777 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 13:24:51 +0200 Subject: [PATCH 158/392] no docker login --- capif/.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 28645f6..f666812 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -254,7 +254,6 @@ container_scanning_nginx: - echo "TMP_PWD=$TMP_PWD" - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - ls -lrta - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY extends: container_scanning variables: CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" -- GitLab From f4fde8fecb7cb2537d811a37d7cdbe932728b654 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 13:51:34 +0200 Subject: [PATCH 159/392] SECURE_LOG_LEVEL --- capif/.gitlab-ci.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f666812..f6cd6f3 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -256,11 +256,12 @@ container_scanning_nginx: - ls -lrta extends: container_scanning variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx" + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY CS_DOCKERFILE_PATH: capif/services/nginx/ + SECURE_LOG_LEVEL: debug allow_failure: true services: - docker:24.0.5-dind -- GitLab From 2eb6403d1f7c9c2460b10d40b9868ae5b26b665f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 14:02:49 +0200 Subject: [PATCH 160/392] $CI_COMMIT_REF_SLUG --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f6cd6f3..8c04a8e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -256,8 +256,8 @@ container_scanning_nginx: - ls -lrta extends: container_scanning variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest" + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY CS_DOCKERFILE_PATH: capif/services/nginx/ -- GitLab From 5043baa959ca47459e66d98a994308f1d0ca9bcd Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 14:18:48 +0200 Subject: [PATCH 161/392] # CS_DOCKERFILE_PATH: --- capif/.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8c04a8e..0dc8b43 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -260,7 +260,8 @@ container_scanning_nginx: CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - CS_DOCKERFILE_PATH: capif/services/nginx/ +# GIT_STRATEGY: fetch +# CS_DOCKERFILE_PATH: capif/services/nginx/ SECURE_LOG_LEVEL: debug allow_failure: true services: -- GitLab From 7ca990ddda13e4e92b5cff39e6b21fb1f3d6ffa4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Apr 2024 15:12:41 +0200 Subject: [PATCH 162/392] next steps --- capif/.gitlab-ci.yml | 27 +++++++-------------------- 1 file changed, 7 insertions(+), 20 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0dc8b43..7878e56 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -227,26 +227,6 @@ gemnasium-python-dependency_scanning: tags: - docker-in-docker -#container_scanning: -# stage: main_security -## before_script: -## - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY -# variables: -## CS_DEFAULT_BRANCH_IMAGE: $CI_REGISTRY_IMAGE/$CI_DEFAULT_BRANCH:$CI_COMMIT_SHA -# CI_IMAGE: $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# CS_DOCKERFILE_PATH: capif/services/nginx/ -# allow_failure: true -# services: -# - docker:24.0.5-dind -# rules: -# - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' -# when: always -# - when: never -# tags: -# - docker-in-docker - container_scanning_nginx: stage: main_security before_script: @@ -273,6 +253,13 @@ container_scanning_nginx: tags: - docker-in-docker +# now to do the same to rest of images. + + + + + + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 05fb847420b5f6742417e537278d16bc16484561 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 11 Apr 2024 15:55:08 +0200 Subject: [PATCH 163/392] container_scanning_register --- capif/.gitlab-ci.yml | 24 +++++++++++++++++++++++- 1 file changed, 23 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 7878e56..34fc1cb 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,6 +1,7 @@ stages: - test # to Security and Compliance gitLab - main_security + - main_container_scanning - sast - merge_request_staging_into_main - staging_cancel_previous_action @@ -253,7 +254,28 @@ container_scanning_nginx: tags: - docker-in-docker -# now to do the same to rest of images. +container_scanning_register: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker -- GitLab From efb61eb984a4858e77c477ac247cefe67c90b238 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 11 Apr 2024 16:16:50 +0200 Subject: [PATCH 164/392] cvs_ocf_access_control_policy_api --- capif/.gitlab-ci.yml | 29 +++++++++++++++++++++++++---- 1 file changed, 25 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 34fc1cb..34b5d86 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -228,8 +228,8 @@ gemnasium-python-dependency_scanning: tags: - docker-in-docker -container_scanning_nginx: - stage: main_security +cvs_nginx: + stage: main_container_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -254,7 +254,7 @@ container_scanning_nginx: tags: - docker-in-docker -container_scanning_register: +cvs_register: stage: main_container_scanning before_script: - export TMP_PWD=$PWD @@ -277,7 +277,28 @@ container_scanning_register: tags: - docker-in-docker - +cvs_ocf_access_control_policy_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker -- GitLab From 7931723a08fc49f8d1cb0c546a6d7bc5c560d941 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 11 Apr 2024 16:30:51 +0200 Subject: [PATCH 165/392] main_security --- capif/.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 34b5d86..32b8750 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -229,7 +229,7 @@ gemnasium-python-dependency_scanning: - docker-in-docker cvs_nginx: - stage: main_container_scanning + stage: main_security before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -255,7 +255,7 @@ cvs_nginx: - docker-in-docker cvs_register: - stage: main_container_scanning + stage: main_security before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -278,7 +278,7 @@ cvs_register: - docker-in-docker cvs_ocf_access_control_policy_api: - stage: main_container_scanning + stage: main_security before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 0aa85d2587abe6db138f44cda1562dc3a2d1e05b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 11 Apr 2024 16:47:29 +0200 Subject: [PATCH 166/392] cvs_ocf_api_invoker_management_api --- capif/.gitlab-ci.yml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 32b8750..d746343 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -300,6 +300,28 @@ cvs_ocf_access_control_policy_api: tags: - docker-in-docker +cvs_ocf_api_invoker_management_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker -- GitLab From f2b23b93c5e10133698ebf32f6d56f15108423a4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 11 Apr 2024 17:12:32 +0200 Subject: [PATCH 167/392] cvs_ocf_api_provider_management_api --- capif/.gitlab-ci.yml | 27 ++++++++++++++++++++++++--- 1 file changed, 24 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index d746343..e8e9171 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -255,7 +255,7 @@ cvs_nginx: - docker-in-docker cvs_register: - stage: main_security + stage: main_container_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -278,7 +278,7 @@ cvs_register: - docker-in-docker cvs_ocf_access_control_policy_api: - stage: main_security + stage: main_container_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -323,7 +323,28 @@ cvs_ocf_api_invoker_management_api: tags: - docker-in-docker - +cvs_ocf_api_provider_management_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker #ci_in_staging: # stage: ci_in_staging -- GitLab From fe906eec85a966db2fecb5fe0e46717ff017a702 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 12:35:47 +0200 Subject: [PATCH 168/392] cvs --- capif/.gitlab-ci.yml | 184 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 184 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e8e9171..b2f2a30 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -346,6 +346,190 @@ cvs_ocf_api_provider_management_api: tags: - docker-in-docker +cvs_ocf_auditing_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_ocf_discover_service_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_ocf_events_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_ocf_logging_api_invocation_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_ocf_publish_service_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_ocf_routing_info_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_ocf_security_api: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + +cvs_vault: + stage: main_container_scanning + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From 96fcb097b5c72f52d6ee228075aee54ccff0667e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 12:50:10 +0200 Subject: [PATCH 169/392] main_serect_detection --- capif/.gitlab-ci.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b2f2a30..33d2478 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -96,6 +96,7 @@ include: - template: 'Jobs/SAST.gitlab-ci.yml' - template: 'Jobs/Dependency-Scanning.gitlab-ci.yml' - template: 'Jobs/Container-Scanning.gitlab-ci.yml' + - template: 'Secret-Detection.gitlab-ci.yml' - project: 'ocf/pipeline-scripts' ref: cicd-capif file: @@ -228,6 +229,21 @@ gemnasium-python-dependency_scanning: tags: - docker-in-docker +main_serect_detection: + stage: main_security + extends: secret_detection + variables: + SECRET_DETECTION_HISTORIC_SCAN: "true" + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + cvs_nginx: stage: main_security before_script: -- GitLab From 530ab5a8e2564bc55911d1c344b3a27df993c816 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 12:51:07 +0200 Subject: [PATCH 170/392] main_container_scanning --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 33d2478..4cf7570 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -245,7 +245,7 @@ main_serect_detection: - docker-in-docker cvs_nginx: - stage: main_security + stage: main_container_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From ef3d77e7386a622453696810c9d702806ab6a45e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 13:11:49 +0200 Subject: [PATCH 171/392] kubesec-sast --- capif/.gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 4cf7570..089c15e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -201,10 +201,16 @@ semgrep-sast: kubesec-sast: stage: main_security + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - ls -lrta + - helm dependency build capif/helm/capif/ variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 SCAN_KUBERNETES_MANIFESTS: "true" + KUBESEC_HELM_CHARTS_PATH: capif/helm/capif/ allow_failure: true services: - docker:24.0.5-dind -- GitLab From 2ae534ba075b55e6acbd587721d068b7c5351128 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 13:16:05 +0200 Subject: [PATCH 172/392] kubesec-sast --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 089c15e..b9a1c65 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -205,12 +205,12 @@ kubesec-sast: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - ls -lrta - - helm dependency build capif/helm/capif/ + - helm dependency build helm/capif/ variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 SCAN_KUBERNETES_MANIFESTS: "true" - KUBESEC_HELM_CHARTS_PATH: capif/helm/capif/ + KUBESEC_HELM_CHARTS_PATH: helm/capif/ allow_failure: true services: - docker:24.0.5-dind -- GitLab From 147a2116f76c63c22cb91b32a11c7677f5104194 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 13:20:15 +0200 Subject: [PATCH 173/392] needs: ["main_security"] --- capif/.gitlab-ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b9a1c65..99d6e5e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -252,6 +252,7 @@ main_serect_detection: cvs_nginx: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -278,6 +279,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -301,6 +303,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -324,6 +327,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -347,6 +351,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -370,6 +375,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -393,6 +399,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -416,6 +423,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -439,6 +447,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -462,6 +471,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -485,6 +495,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -508,6 +519,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -531,6 +543,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning + needs: ["main_security"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 730901bd3da6d3278f32f88c04322236dc1dfde0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 13:58:00 +0200 Subject: [PATCH 174/392] main_cancel_previous_action --- capif/.gitlab-ci.yml | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 99d6e5e..e18f56e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -34,6 +34,16 @@ variables: CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + +.main_common: &main_common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "OCF16-first-steps-on-ci-at-gitlab-repository" + tags: + - shell + .staging_common: &staging_common only: - merge_requests @@ -47,6 +57,27 @@ variables: tags: - shell +main_cancel_previous_action: + stage: staging_cancel_previous_action + script: + - | + if [[ -n "$CI_JOB_TOKEN" ]]; then + echo "Checking for running jobs in the same pipeline..." + jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") + for job in $(echo "$jobs" | jq -r '.[] | @base64'); do + _jq() { + echo ${job} | base64 --decode | jq -r ${1} + } + status=$(_jq '.status') + id=$(_jq '.id') + if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then + echo "Cancelling job $id" + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" + fi + done + fi + <<: *main_common + staging_cancel_previous_action: stage: staging_cancel_previous_action script: -- GitLab From 3132d129aaa90d188502efdf0711deb1e90cbdc1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 13:59:44 +0200 Subject: [PATCH 175/392] main_serect_detection --- capif/.gitlab-ci.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e18f56e..1d70a4b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -283,7 +283,7 @@ main_serect_detection: cvs_nginx: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -310,7 +310,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -334,7 +334,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -358,7 +358,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -382,7 +382,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -406,7 +406,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -430,7 +430,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -454,7 +454,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -478,7 +478,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -502,7 +502,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -526,7 +526,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -550,7 +550,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -574,7 +574,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning - needs: ["main_security"] + needs: ["main_serect_detection"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 8bd94c46e3014e4baff00863634b8453ee597476 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:13:16 +0200 Subject: [PATCH 176/392] main_sast --- capif/.gitlab-ci.yml | 42 +++++++++++++++++++++++++++++++----------- 1 file changed, 31 insertions(+), 11 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 1d70a4b..d070a43 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,6 +1,6 @@ stages: - - test # to Security and Compliance gitLab - - main_security +# - test # to Security and Compliance gitLab + - main_sast - main_container_scanning - sast - merge_request_staging_into_main @@ -163,7 +163,7 @@ merge_request_staging_into_main: # variables: # SAST_DEFAULT_ANALYZERS: "bandit" # to sast # CI_DEBUG_TRACE: "true" -# stage: main_security +# stage: main_sast # rules: # - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' # when: always @@ -176,7 +176,7 @@ merge_request_staging_into_main: #sast: -# stage: main_security +# stage: main_sast # variables: ## DOCKER_DRIVER: overlay2 # DOCKER_HOST: tcp://docker:2375 @@ -213,8 +213,26 @@ merge_request_staging_into_main: # tags: # - docker-in-docker -semgrep-sast: - stage: main_security +#semgrep-sast: +# stage: main_sast +# variables: +## DOCKER_DRIVER: overlay2 +# DOCKER_HOST: tcp://docker:2375 +## SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" +# SAST_DEFAULT_ANALYZERS: bandit +# allow_failure: true +# services: +# - docker:24.0.5-dind +# rules: +# - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' +# when: always +# - when: never +# tags: +# - docker-in-docker + +main_semgrep_sast: + stage: main_sast + extends: semgrep-sast variables: # DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://docker:2375 @@ -230,8 +248,9 @@ semgrep-sast: tags: - docker-in-docker -kubesec-sast: - stage: main_security +main_kubesec_sast: + stage: main_sast + extends: kubesec-sast before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -252,8 +271,9 @@ kubesec-sast: tags: - docker-in-docker -gemnasium-python-dependency_scanning: - stage: main_security +main_gemnasium_python_dependency_scanning: + stage: main_sast + extends: gemnasium-python-dependency_scanning variables: DS_ANALYZER_NAME: "gemnasium-python" allow_failure: true @@ -267,7 +287,7 @@ gemnasium-python-dependency_scanning: - docker-in-docker main_serect_detection: - stage: main_security + stage: main_sast extends: secret_detection variables: SECRET_DETECTION_HISTORIC_SCAN: "true" -- GitLab From 39cc01b2a2cda6dd73c60ccaf8aa0c9da91aeba3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:14:40 +0200 Subject: [PATCH 177/392] main_security --- capif/.gitlab-ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index d070a43..722f086 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,6 +1,6 @@ stages: # - test # to Security and Compliance gitLab - - main_sast + - main_security - main_container_scanning - sast - merge_request_staging_into_main @@ -163,7 +163,7 @@ merge_request_staging_into_main: # variables: # SAST_DEFAULT_ANALYZERS: "bandit" # to sast # CI_DEBUG_TRACE: "true" -# stage: main_sast +# stage: main_security # rules: # - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' # when: always @@ -176,7 +176,7 @@ merge_request_staging_into_main: #sast: -# stage: main_sast +# stage: main_security # variables: ## DOCKER_DRIVER: overlay2 # DOCKER_HOST: tcp://docker:2375 @@ -214,7 +214,7 @@ merge_request_staging_into_main: # - docker-in-docker #semgrep-sast: -# stage: main_sast +# stage: main_security # variables: ## DOCKER_DRIVER: overlay2 # DOCKER_HOST: tcp://docker:2375 @@ -231,7 +231,7 @@ merge_request_staging_into_main: # - docker-in-docker main_semgrep_sast: - stage: main_sast + stage: main_security extends: semgrep-sast variables: # DOCKER_DRIVER: overlay2 @@ -249,7 +249,7 @@ main_semgrep_sast: - docker-in-docker main_kubesec_sast: - stage: main_sast + stage: main_security extends: kubesec-sast before_script: - export TMP_PWD=$PWD @@ -272,7 +272,7 @@ main_kubesec_sast: - docker-in-docker main_gemnasium_python_dependency_scanning: - stage: main_sast + stage: main_security extends: gemnasium-python-dependency_scanning variables: DS_ANALYZER_NAME: "gemnasium-python" @@ -287,7 +287,7 @@ main_gemnasium_python_dependency_scanning: - docker-in-docker main_serect_detection: - stage: main_sast + stage: main_security extends: secret_detection variables: SECRET_DETECTION_HISTORIC_SCAN: "true" -- GitLab From 2c479e7d9af418eede0870ad393cb63912ec39f9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:15:39 +0200 Subject: [PATCH 178/392] main_sast --- capif/.gitlab-ci.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 722f086..6294584 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,6 +1,6 @@ stages: -# - test # to Security and Compliance gitLab - - main_security + - test # to Security and Compliance gitLab + - main_sast - main_container_scanning - sast - merge_request_staging_into_main @@ -163,7 +163,7 @@ merge_request_staging_into_main: # variables: # SAST_DEFAULT_ANALYZERS: "bandit" # to sast # CI_DEBUG_TRACE: "true" -# stage: main_security +# stage: main_sast # rules: # - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' # when: always @@ -176,7 +176,7 @@ merge_request_staging_into_main: #sast: -# stage: main_security +# stage: main_sast # variables: ## DOCKER_DRIVER: overlay2 # DOCKER_HOST: tcp://docker:2375 @@ -214,7 +214,7 @@ merge_request_staging_into_main: # - docker-in-docker #semgrep-sast: -# stage: main_security +# stage: main_sast # variables: ## DOCKER_DRIVER: overlay2 # DOCKER_HOST: tcp://docker:2375 @@ -231,7 +231,7 @@ merge_request_staging_into_main: # - docker-in-docker main_semgrep_sast: - stage: main_security + stage: main_sast extends: semgrep-sast variables: # DOCKER_DRIVER: overlay2 @@ -249,7 +249,7 @@ main_semgrep_sast: - docker-in-docker main_kubesec_sast: - stage: main_security + stage: main_sast extends: kubesec-sast before_script: - export TMP_PWD=$PWD @@ -272,7 +272,7 @@ main_kubesec_sast: - docker-in-docker main_gemnasium_python_dependency_scanning: - stage: main_security + stage: main_sast extends: gemnasium-python-dependency_scanning variables: DS_ANALYZER_NAME: "gemnasium-python" @@ -287,7 +287,7 @@ main_gemnasium_python_dependency_scanning: - docker-in-docker main_serect_detection: - stage: main_security + stage: main_sast extends: secret_detection variables: SECRET_DETECTION_HISTORIC_SCAN: "true" -- GitLab From 0fa1eb3996eb92f79afe6530679b61edc93e0dfa Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:34:24 +0200 Subject: [PATCH 179/392] semgrep-sast --- capif/.gitlab-ci.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 6294584..935c467 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -230,6 +230,12 @@ merge_request_staging_into_main: # tags: # - docker-in-docker +semgrep-sast: + stage: test + before_script: + - echo " ----- not run test stage -----" + when: manual + main_semgrep_sast: stage: main_sast extends: semgrep-sast -- GitLab From 99b3eb20f1a6297faa5f9fb4d6f0ed5eac90bc29 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:43:40 +0200 Subject: [PATCH 180/392] semgrep-sast when never --- capif/.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 935c467..9c5e450 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -234,7 +234,8 @@ semgrep-sast: stage: test before_script: - echo " ----- not run test stage -----" - when: manual + rules: + - when: never main_semgrep_sast: stage: main_sast @@ -249,6 +250,7 @@ main_semgrep_sast: - docker:24.0.5-dind rules: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' +# - if: '$CI_COMMIT_REF_NAME == "staging"' # must be staging when staging into main MR when: always - when: never tags: -- GitLab From 320621e8503a2a3bad360f4629265ad51333cca0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:46:00 +0200 Subject: [PATCH 181/392] stage test never run --- capif/.gitlab-ci.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9c5e450..8377a3b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -237,6 +237,27 @@ semgrep-sast: rules: - when: never +gemnasium-python-dependency_scanning: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + +secret_detection: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + +container_scanning: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + main_semgrep_sast: stage: main_sast extends: semgrep-sast -- GitLab From 495576d73a13e4d64c8e2013774f30ee9b167e4f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 12 Apr 2024 14:53:31 +0200 Subject: [PATCH 182/392] semgrep-sast --- capif/.gitlab-ci.yml | 17 ----------------- 1 file changed, 17 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8377a3b..2967dac 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -213,23 +213,6 @@ merge_request_staging_into_main: # tags: # - docker-in-docker -#semgrep-sast: -# stage: main_sast -# variables: -## DOCKER_DRIVER: overlay2 -# DOCKER_HOST: tcp://docker:2375 -## SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" -# SAST_DEFAULT_ANALYZERS: bandit -# allow_failure: true -# services: -# - docker:24.0.5-dind -# rules: -# - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' -# when: always -# - when: never -# tags: -# - docker-in-docker - semgrep-sast: stage: test before_script: -- GitLab From a050d30d1d0b9dc372daed793f6334f6b75686f8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:12:13 +0200 Subject: [PATCH 183/392] deploy ocf main & >>: main_dnd --- capif/.gitlab-ci.yml | 194 ++++---------------- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 73 ++++++++ 2 files changed, 112 insertions(+), 155 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 2967dac..9dc461d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,6 +4,7 @@ stages: - main_container_scanning - sast - merge_request_staging_into_main + - testing - staging_cancel_previous_action - dev_cancel_previous_action # - staging_pulling_repo @@ -18,6 +19,8 @@ stages: - dev_linting_code - dev_linting_docker - dev_build_and_push + - deploy_ocf_main + - delete_ocf_main - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev @@ -44,6 +47,17 @@ variables: tags: - shell +.main_dnd: &main_dnd + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never + tags: + - docker-in-docker + .staging_common: &staging_common only: - merge_requests @@ -249,16 +263,7 @@ main_semgrep_sast: DOCKER_HOST: tcp://docker:2375 # SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" SAST_DEFAULT_ANALYZERS: bandit - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' -# - if: '$CI_COMMIT_REF_NAME == "staging"' # must be staging when staging into main MR - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd main_kubesec_sast: stage: main_sast @@ -273,45 +278,21 @@ main_kubesec_sast: DOCKER_HOST: tcp://docker:2375 SCAN_KUBERNETES_MANIFESTS: "true" KUBESEC_HELM_CHARTS_PATH: helm/capif/ - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd main_gemnasium_python_dependency_scanning: stage: main_sast extends: gemnasium-python-dependency_scanning variables: DS_ANALYZER_NAME: "gemnasium-python" - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd main_serect_detection: stage: main_sast extends: secret_detection variables: SECRET_DETECTION_HISTORIC_SCAN: "true" - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_nginx: stage: main_container_scanning @@ -330,15 +311,7 @@ cvs_nginx: # GIT_STRATEGY: fetch # CS_DOCKERFILE_PATH: capif/services/nginx/ SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_register: stage: main_container_scanning @@ -354,15 +327,7 @@ cvs_register: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_access_control_policy_api: stage: main_container_scanning @@ -378,15 +343,7 @@ cvs_ocf_access_control_policy_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_api_invoker_management_api: stage: main_container_scanning @@ -402,15 +359,7 @@ cvs_ocf_api_invoker_management_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_api_provider_management_api: stage: main_container_scanning @@ -426,15 +375,7 @@ cvs_ocf_api_provider_management_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_auditing_api: stage: main_container_scanning @@ -450,15 +391,7 @@ cvs_ocf_auditing_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_discover_service_api: stage: main_container_scanning @@ -474,15 +407,7 @@ cvs_ocf_discover_service_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_events_api: stage: main_container_scanning @@ -498,15 +423,7 @@ cvs_ocf_events_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_logging_api_invocation_api: stage: main_container_scanning @@ -522,15 +439,7 @@ cvs_ocf_logging_api_invocation_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_publish_service_api: stage: main_container_scanning @@ -546,15 +455,7 @@ cvs_ocf_publish_service_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_routing_info_api: stage: main_container_scanning @@ -570,15 +471,7 @@ cvs_ocf_routing_info_api: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_ocf_security_api: stage: main_container_scanning @@ -593,16 +486,7 @@ cvs_ocf_security_api: CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd cvs_vault: stage: main_container_scanning @@ -618,15 +502,15 @@ cvs_vault: CS_REGISTRY_USER: $CI_REGISTRY_USER CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY SECURE_LOG_LEVEL: debug - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' - when: always - - when: never - tags: - - docker-in-docker + <<: *main_dnd + +robot_framework_testing: + needs: ["deploy_ocf_main"] + stage: testing + script: + - | + echo "------ Robot Framework Testing ------" + <<: *main_common #ci_in_staging: # stage: ci_in_staging diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 880cf03..50c34bd 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -1,4 +1,6 @@ stages: + - deploy_ocf_main + - delete_ocf_main - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev @@ -14,6 +16,15 @@ variables: IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG +.main_common: &main_common + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" + tags: + - shell + .staging_common: &staging_common only: - merge_requests @@ -27,6 +38,68 @@ variables: tags: - shell +deploy_ocf_main: + stage: deploy_ocf_main + <<: *main_common + environment: + name: review/main + url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + on_stop: delete_ocf_main + auto_stop_in: 3 day +# rules: +# - if: $CI_COMMIT_BRANCH == "staging" +# when: never +# - if: $CI_COMMIT_BRANCH == "main" + script: +# - echo "### git clone OCF repo ###" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + + +delete_ocf_main: + stage: delete_ocf_main + <<: *main_common + script: + - echo "### deleting environment $NAMESPACE_STAGING###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/staging + action: stop + deploy_ocf_staging: stage: deploy_ocf_staging <<: *staging_common -- GitLab From 0b9bac5f4b3b88f161f63f727fd0aea424229158 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:25:30 +0200 Subject: [PATCH 184/392] deploy_ocf_main --- capif/.gitlab-ci.yml | 102 +++++++++++++++++--- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +- capif/templates/ci_staging.gitlab-ci.yml | 5 - 3 files changed, 94 insertions(+), 19 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9dc461d..38e59bf 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,6 +5,7 @@ stages: - sast - merge_request_staging_into_main - testing + - main_build_and_push - staging_cancel_previous_action - dev_cancel_previous_action # - staging_pulling_repo @@ -294,9 +295,84 @@ main_serect_detection: SECRET_DETECTION_HISTORIC_SCAN: "true" <<: *main_dnd +main_build_and_push: + needs: ["main_serect_detection"] + stage: main_build_and_push + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY + <<: *main_common + cvs_nginx: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -315,7 +391,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -331,7 +407,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -347,7 +423,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -363,7 +439,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -379,7 +455,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -395,7 +471,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -411,7 +487,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -427,7 +503,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -443,7 +519,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -459,7 +535,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -475,7 +551,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -490,7 +566,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning - needs: ["main_serect_detection"] + needs: ["main_build_and_push"] before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 50c34bd..a33598a 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -21,7 +21,8 @@ variables: - merge_requests except: variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" +# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "stagin" tags: - shell @@ -40,6 +41,9 @@ variables: deploy_ocf_main: stage: deploy_ocf_main + needs: + - cvs_nginx + - cvs_register <<: *main_common environment: name: review/main diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 849b27c..0c6e511 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -181,11 +181,6 @@ staging_build_and_push: script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - - echo "### build and push capif-client image###" - - cd services/capif-client/ - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From 06cccbeff2b04d772e13c7107cb156ed00fa474e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:26:30 +0200 Subject: [PATCH 185/392] environment ocf_main --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index a33598a..4b3e065 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -101,7 +101,7 @@ delete_ocf_main: # - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: - name: review/staging + name: review/mains action: stop deploy_ocf_staging: -- GitLab From 1892b111206069f8ae01216e269e6a188f8e3d18 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:27:45 +0200 Subject: [PATCH 186/392] name: review/main --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 4b3e065..7fc77f6 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -101,7 +101,7 @@ delete_ocf_main: # - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: - name: review/mains + name: review/main action: stop deploy_ocf_staging: -- GitLab From c09dc91937c641856f9435520173023bd2e79f69 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:31:02 +0200 Subject: [PATCH 187/392] needs main_build_and_push --- capif/.gitlab-ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 38e59bf..c61072b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -288,7 +288,7 @@ main_gemnasium_python_dependency_scanning: DS_ANALYZER_NAME: "gemnasium-python" <<: *main_dnd -main_serect_detection: +main_secret_detection: stage: main_sast extends: secret_detection variables: @@ -296,7 +296,11 @@ main_serect_detection: <<: *main_dnd main_build_and_push: - needs: ["main_serect_detection"] + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection stage: main_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 109f09164c23ee3c70123560d85ea3731de0d601 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:36:44 +0200 Subject: [PATCH 188/392] main_common --- capif/.gitlab-ci.yml | 18 +++++++++++++----- 1 file changed, 13 insertions(+), 5 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index c61072b..9572b34 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -40,12 +40,20 @@ variables: .main_common: &main_common - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "OCF16-first-steps-on-ci-at-gitlab-repository" +# only: +# - merge_requests +# except: +# variables: +# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "OCF16-first-steps-on-ci-at-gitlab-repository" + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + when: always + - when: never tags: + - docker-in-docker - shell .main_dnd: &main_dnd -- GitLab From e08a7ec846eee69bd698f39d03df8fa58ed8b342 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:52:06 +0200 Subject: [PATCH 189/392] test --- capif/.gitlab-ci.yml | 418 +++++++++++++++++++++---------------------- 1 file changed, 209 insertions(+), 209 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9572b34..84a1f21 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -382,215 +382,215 @@ main_build_and_push: - docker logout $CI_REGISTRY <<: *main_common -cvs_nginx: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - ls -lrta - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# GIT_STRATEGY: fetch -# CS_DOCKERFILE_PATH: capif/services/nginx/ - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_register: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_access_control_policy_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_api_invoker_management_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_api_provider_management_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_auditing_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_discover_service_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_events_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_logging_api_invocation_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_publish_service_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_routing_info_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd - -cvs_ocf_security_api: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - <<: *main_dnd - -cvs_vault: - stage: main_container_scanning - needs: ["main_build_and_push"] - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY - SECURE_LOG_LEVEL: debug - <<: *main_dnd +#cvs_nginx: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# - ls -lrta +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +## GIT_STRATEGY: fetch +## CS_DOCKERFILE_PATH: capif/services/nginx/ +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_register: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_access_control_policy_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_api_invoker_management_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_api_provider_management_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_auditing_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_discover_service_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_events_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_logging_api_invocation_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_publish_service_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_routing_info_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd +# +#cvs_ocf_security_api: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# <<: *main_dnd +# +#cvs_vault: +# stage: main_container_scanning +# needs: ["main_build_and_push"] +# before_script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git +# extends: container_scanning +# variables: +# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" +# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" +# CS_REGISTRY_USER: $CI_REGISTRY_USER +# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# SECURE_LOG_LEVEL: debug +# <<: *main_dnd robot_framework_testing: needs: ["deploy_ocf_main"] -- GitLab From 5a951ac528caabd9d2c7c6a58159d0da4536b66a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:53:23 +0200 Subject: [PATCH 190/392] main_build_and_push --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 7fc77f6..24661f4 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -42,8 +42,7 @@ variables: deploy_ocf_main: stage: deploy_ocf_main needs: - - cvs_nginx - - cvs_register + - main_build_and_push <<: *main_common environment: name: review/main -- GitLab From 7b6d0de74cfe106e7bfe57960e0a4ca3adb19298 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:55:30 +0200 Subject: [PATCH 191/392] deploy_ocf_main --- capif/.gitlab-ci.yml | 63 ++++++++++++++++++++ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 66 --------------------- 2 files changed, 63 insertions(+), 66 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 84a1f21..7e45414 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -592,6 +592,69 @@ main_build_and_push: # SECURE_LOG_LEVEL: debug # <<: *main_dnd +deploy_ocf_main: + stage: deploy_ocf_main + needs: + - main_build_and_push + <<: *main_common + environment: + name: review/main + url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + on_stop: delete_ocf_main + auto_stop_in: 3 day +# rules: +# - if: $CI_COMMIT_BRANCH == "staging" +# when: never +# - if: $CI_COMMIT_BRANCH == "main" + script: +# - echo "### git clone OCF repo ###" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + + +delete_ocf_main: + stage: delete_ocf_main + <<: *main_common + script: + - echo "### deleting environment $NAMESPACE_STAGING###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/main + action: stop robot_framework_testing: needs: ["deploy_ocf_main"] stage: testing diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 24661f4..ed9eb28 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -1,6 +1,4 @@ stages: - - deploy_ocf_main - - delete_ocf_main - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev @@ -39,70 +37,6 @@ variables: tags: - shell -deploy_ocf_main: - stage: deploy_ocf_main - needs: - - main_build_and_push - <<: *main_common - environment: - name: review/main - url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING - on_stop: delete_ocf_main - auto_stop_in: 3 day -# rules: -# - if: $CI_COMMIT_BRANCH == "staging" -# when: never -# - if: $CI_COMMIT_BRANCH == "main" - script: -# - echo "### git clone OCF repo ###" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig - - -delete_ocf_main: - stage: delete_ocf_main - <<: *main_common - script: - - echo "### deleting environment $NAMESPACE_STAGING###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig - when: manual - environment: - name: review/main - action: stop - deploy_ocf_staging: stage: deploy_ocf_staging <<: *staging_common -- GitLab From 122a32134037575d0efaff88e004c5e45b18d9fb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:56:37 +0200 Subject: [PATCH 192/392] deploy_ocf_main --- capif/.gitlab-ci.yml | 63 ------------------- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 68 ++++++++++++++++++++- 2 files changed, 67 insertions(+), 64 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 7e45414..84a1f21 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -592,69 +592,6 @@ main_build_and_push: # SECURE_LOG_LEVEL: debug # <<: *main_dnd -deploy_ocf_main: - stage: deploy_ocf_main - needs: - - main_build_and_push - <<: *main_common - environment: - name: review/main - url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING - on_stop: delete_ocf_main - auto_stop_in: 3 day -# rules: -# - if: $CI_COMMIT_BRANCH == "staging" -# when: never -# - if: $CI_COMMIT_BRANCH == "main" - script: -# - echo "### git clone OCF repo ###" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig - - -delete_ocf_main: - stage: delete_ocf_main - <<: *main_common - script: - - echo "### deleting environment $NAMESPACE_STAGING###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig - when: manual - environment: - name: review/main - action: stop robot_framework_testing: needs: ["deploy_ocf_main"] stage: testing diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ed9eb28..07c72b1 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -1,4 +1,6 @@ stages: + - deploy_ocf_main + - delete_ocf_main - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev @@ -20,7 +22,7 @@ variables: except: variables: # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "stagin" + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell @@ -37,6 +39,70 @@ variables: tags: - shell +deploy_ocf_main: + stage: deploy_ocf_main + needs: + - main_build_and_push + <<: *main_common + environment: + name: review/main + url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + on_stop: delete_ocf_main + auto_stop_in: 3 day +# rules: +# - if: $CI_COMMIT_BRANCH == "staging" +# when: never +# - if: $CI_COMMIT_BRANCH == "main" + script: +# - echo "### git clone OCF repo ###" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + + +delete_ocf_main: + stage: delete_ocf_main + <<: *main_common + script: + - echo "### deleting environment $NAMESPACE_STAGING###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/main + action: stop + deploy_ocf_staging: stage: deploy_ocf_staging <<: *staging_common -- GitLab From 11518c9c743e193180e564835d402651bcea809c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 11:58:16 +0200 Subject: [PATCH 193/392] ocf_main --- capif/.gitlab-ci.yml | 64 ++++++++++++++++++++ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 66 --------------------- 2 files changed, 64 insertions(+), 66 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 84a1f21..04888cd 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -592,6 +592,70 @@ main_build_and_push: # SECURE_LOG_LEVEL: debug # <<: *main_dnd +deploy_ocf_main: + stage: deploy_ocf_main + needs: + - main_build_and_push + <<: *main_common + environment: + name: review/main + url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + on_stop: delete_ocf_main + auto_stop_in: 3 day +# rules: +# - if: $CI_COMMIT_BRANCH == "staging" +# when: never +# - if: $CI_COMMIT_BRANCH == "main" + script: +# - echo "### git clone OCF repo ###" +# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - echo "### install helm###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig + +delete_ocf_main: + stage: delete_ocf_main + <<: *main_common + script: + - echo "### deleting environment $NAMESPACE_STAGING###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig + when: manual + environment: + name: review/main + action: stop + + robot_framework_testing: needs: ["deploy_ocf_main"] stage: testing diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 07c72b1..5ccb518 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -1,6 +1,4 @@ stages: - - deploy_ocf_main - - delete_ocf_main - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev @@ -39,70 +37,6 @@ variables: tags: - shell -deploy_ocf_main: - stage: deploy_ocf_main - needs: - - main_build_and_push - <<: *main_common - environment: - name: review/main - url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING - on_stop: delete_ocf_main - auto_stop_in: 3 day -# rules: -# - if: $CI_COMMIT_BRANCH == "staging" -# when: never -# - if: $CI_COMMIT_BRANCH == "main" - script: -# - echo "### git clone OCF repo ###" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig - - -delete_ocf_main: - stage: delete_ocf_main - <<: *main_common - script: - - echo "### deleting environment $NAMESPACE_STAGING###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig - when: manual - environment: - name: review/main - action: stop - deploy_ocf_staging: stage: deploy_ocf_staging <<: *staging_common -- GitLab From 5f8669fa96f63667dcc15747f69027e83cd50ffb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:16:59 +0200 Subject: [PATCH 194/392] test --- capif/.gitlab-ci.yml | 161 +++++++++++++++++++++---------------------- 1 file changed, 79 insertions(+), 82 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 04888cd..6b88b88 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -46,14 +46,11 @@ variables: # variables: # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "OCF16-first-steps-on-ci-at-gitlab-repository" allow_failure: true - services: - - docker:24.0.5-dind rules: - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' when: always - when: never tags: - - docker-in-docker - shell .main_dnd: &main_dnd @@ -303,84 +300,84 @@ main_secret_detection: SECRET_DETECTION_HISTORIC_SCAN: "true" <<: *main_dnd -main_build_and_push: - needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection - stage: main_build_and_push - script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - echo "----------------------------------------------------" - - echo "### build and push nginx image###" - - cd $TMP_PWD/services/nginx/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push register image###" - - cd $TMP_PWD/services/register/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Auditing_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Events_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Security_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push vault image###" - - cd $TMP_PWD/services/vault/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY - <<: *main_common +#main_build_and_push: +# needs: +# - main_semgrep_sast +# - main_kubesec_sast +# - main_gemnasium_python_dependency_scanning +# - main_secret_detection +# stage: main_build_and_push +# script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - echo "----------------------------------------------------" +# - echo "### build and push nginx image###" +# - cd $TMP_PWD/services/nginx/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push register image###" +# - cd $TMP_PWD/services/register/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Auditing_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Events_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Security_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push vault image###" +# - cd $TMP_PWD/services/vault/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - docker logout $CI_REGISTRY +# <<: *main_common #cvs_nginx: # stage: main_container_scanning @@ -595,7 +592,7 @@ main_build_and_push: deploy_ocf_main: stage: deploy_ocf_main needs: - - main_build_and_push + - main_secret_detection <<: *main_common environment: name: review/main -- GitLab From 5f39f427096e6f6671eafde9558303f1e5f824c1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:18:17 +0200 Subject: [PATCH 195/392] test --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 6b88b88..76225be 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -654,7 +654,7 @@ delete_ocf_main: robot_framework_testing: - needs: ["deploy_ocf_main"] +# needs: ["deploy_ocf_main"] stage: testing script: - | -- GitLab From b8f3cd0d9bf10313fa36f728e12d5bb03273c3ac Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:40:02 +0200 Subject: [PATCH 196/392] ofc_main --- capif/.gitlab-ci.yml | 642 ++++++++++++++++++++++++------------------- 1 file changed, 352 insertions(+), 290 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 76225be..1ff7a0b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -300,299 +300,361 @@ main_secret_detection: SECRET_DETECTION_HISTORIC_SCAN: "true" <<: *main_dnd -#main_build_and_push: -# needs: -# - main_semgrep_sast -# - main_kubesec_sast -# - main_gemnasium_python_dependency_scanning -# - main_secret_detection -# stage: main_build_and_push -# script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - echo "----------------------------------------------------" -# - echo "### build and push nginx image###" -# - cd $TMP_PWD/services/nginx/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push register image###" -# - cd $TMP_PWD/services/register/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Auditing_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Events_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Security_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - echo "### build and push vault image###" -# - cd $TMP_PWD/services/vault/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG -# - echo "----------------------------------------------------" -# - docker logout $CI_REGISTRY -# <<: *main_common - -#cvs_nginx: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# - ls -lrta -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -## GIT_STRATEGY: fetch -## CS_DOCKERFILE_PATH: capif/services/nginx/ -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_register: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_access_control_policy_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_api_invoker_management_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_api_provider_management_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_auditing_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_discover_service_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_events_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_logging_api_invocation_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_publish_service_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_routing_info_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd -# -#cvs_ocf_security_api: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# <<: *main_dnd -# -#cvs_vault: -# stage: main_container_scanning -# needs: ["main_build_and_push"] -# before_script: -# - export TMP_PWD=$PWD -# - echo "TMP_PWD=$TMP_PWD" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# extends: container_scanning -# variables: -# CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" -# CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" -# CS_REGISTRY_USER: $CI_REGISTRY_USER -# CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# SECURE_LOG_LEVEL: debug -# <<: *main_dnd +cvs_nginx: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - ls -lrta + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# GIT_STRATEGY: fetch +# CS_DOCKERFILE_PATH: capif/services/nginx/ + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_register: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_access_control_policy_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_api_invoker_management_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_api_provider_management_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_auditing_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_discover_service_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_events_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_logging_api_invocation_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_publish_service_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_routing_info_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +cvs_ocf_security_api: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + <<: *main_dnd + +cvs_vault: + stage: main_container_scanning + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + +main_build_and_push: + needs: + - cvs_nginx + - cvs_register + - cvs_ocf_access_control_policy_api + - cvs_ocf_api_invoker_management_api + - cvs_ocf_api_provider_management_api + - cvs_ocf_auditing_api + - cvs_ocf_discover_service_api + - cvs_ocf_events_api + - cvs_ocf_logging_api_invocation_api + - cvs_ocf_publish_service_api + - cvs_ocf_routing_info_api + - cvs_ocf_security_api + - cvs_vault + stage: main_build_and_push + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY + <<: *main_common + deploy_ocf_main: stage: deploy_ocf_main needs: - - main_secret_detection + - main_build_and_push <<: *main_common environment: name: review/main @@ -654,7 +716,7 @@ delete_ocf_main: robot_framework_testing: -# needs: ["deploy_ocf_main"] + needs: ["deploy_ocf_main"] stage: testing script: - | -- GitLab From 6ce8e9829d785025e66b7bf222395d277a18f8ad Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:41:16 +0200 Subject: [PATCH 197/392] robot_framework_testing --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 1ff7a0b..8b54a8d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,7 +4,7 @@ stages: - main_container_scanning - sast - merge_request_staging_into_main - - testing + - robot_framework_testing - main_build_and_push - staging_cancel_previous_action - dev_cancel_previous_action @@ -717,7 +717,7 @@ delete_ocf_main: robot_framework_testing: needs: ["deploy_ocf_main"] - stage: testing + stage: robot_framework_testing script: - | echo "------ Robot Framework Testing ------" -- GitLab From 57475681badac1b76108592f03e6eb8e0e0c764c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:42:18 +0200 Subject: [PATCH 198/392] test --- capif/.gitlab-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8b54a8d..227caba 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -715,13 +715,13 @@ delete_ocf_main: action: stop -robot_framework_testing: - needs: ["deploy_ocf_main"] - stage: robot_framework_testing - script: - - | - echo "------ Robot Framework Testing ------" - <<: *main_common +#robot_framework_testing: +# needs: ["deploy_ocf_main"] +# stage: robot_framework_testing +# script: +# - | +# echo "------ Robot Framework Testing ------" +# <<: *main_common #ci_in_staging: # stage: ci_in_staging -- GitLab From 957547018704a667857a3b0b09faf100fb685384 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:47:17 +0200 Subject: [PATCH 199/392] post_rf --- capif/.gitlab-ci.yml | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 227caba..f1d1b83 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,7 +4,7 @@ stages: - main_container_scanning - sast - merge_request_staging_into_main - - robot_framework_testing + - post_rf - main_build_and_push - staging_cancel_previous_action - dev_cancel_previous_action @@ -715,13 +715,13 @@ delete_ocf_main: action: stop -#robot_framework_testing: -# needs: ["deploy_ocf_main"] -# stage: robot_framework_testing -# script: -# - | -# echo "------ Robot Framework Testing ------" -# <<: *main_common +post_rf: + needs: ["deploy_ocf_main"] + stage: post_rf + script: + - | + echo "------ Robot Framework Testing ------" + <<: *main_common #ci_in_staging: # stage: ci_in_staging -- GitLab From e2b288db3ae428543edcdc7ed321821448dfb945 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:49:50 +0200 Subject: [PATCH 200/392] post_rf --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f1d1b83..f91b179 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -716,7 +716,7 @@ delete_ocf_main: post_rf: - needs: ["deploy_ocf_main"] + needs: ["main_build_and_push"] stage: post_rf script: - | -- GitLab From e17824dccee0fd24f3ef35626868d013e6502543 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:51:04 +0200 Subject: [PATCH 201/392] test --- capif/.gitlab-ci.yml | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index f91b179..7663f43 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -651,6 +651,14 @@ main_build_and_push: <<: *main_common +post_rf: + needs: ["main_build_and_push"] + stage: post_rf + script: + - | + echo "------ Robot Framework Testing ------" + <<: *main_common + deploy_ocf_main: stage: deploy_ocf_main needs: @@ -714,15 +722,6 @@ delete_ocf_main: name: review/main action: stop - -post_rf: - needs: ["main_build_and_push"] - stage: post_rf - script: - - | - echo "------ Robot Framework Testing ------" - <<: *main_common - #ci_in_staging: # stage: ci_in_staging # script: -- GitLab From cf0b6f93445ed3da11942f47d12074dbcb48b2e8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:52:40 +0200 Subject: [PATCH 202/392] new_rf --- capif/.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 7663f43..c03dc1d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,7 +4,7 @@ stages: - main_container_scanning - sast - merge_request_staging_into_main - - post_rf + - new_rf - main_build_and_push - staging_cancel_previous_action - dev_cancel_previous_action @@ -651,9 +651,9 @@ main_build_and_push: <<: *main_common -post_rf: +new_rf: needs: ["main_build_and_push"] - stage: post_rf + stage: new_rf script: - | echo "------ Robot Framework Testing ------" -- GitLab From 089ebcc630f0bf642f2258712a7de8c842ca4ecb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:54:18 +0200 Subject: [PATCH 203/392] stages --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index c03dc1d..1179d78 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,8 +4,8 @@ stages: - main_container_scanning - sast - merge_request_staging_into_main - - new_rf - main_build_and_push + - new_rf - staging_cancel_previous_action - dev_cancel_previous_action # - staging_pulling_repo -- GitLab From d5b2c0c3d2efbb35c298753e20420425b95df393 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:56:45 +0200 Subject: [PATCH 204/392] - main_rf_testing --- capif/.gitlab-ci.yml | 19 +++++++++---------- 1 file changed, 9 insertions(+), 10 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 1179d78..31ce2bc 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,7 +5,6 @@ stages: - sast - merge_request_staging_into_main - main_build_and_push - - new_rf - staging_cancel_previous_action - dev_cancel_previous_action # - staging_pulling_repo @@ -21,6 +20,7 @@ stages: - dev_linting_docker - dev_build_and_push - deploy_ocf_main + - main_rf_testing - delete_ocf_main - deploy_ocf_staging - delete_ocf_staging @@ -650,15 +650,6 @@ main_build_and_push: - docker logout $CI_REGISTRY <<: *main_common - -new_rf: - needs: ["main_build_and_push"] - stage: new_rf - script: - - | - echo "------ Robot Framework Testing ------" - <<: *main_common - deploy_ocf_main: stage: deploy_ocf_main needs: @@ -711,6 +702,14 @@ deploy_ocf_main: # --wait --timeout=10m \ # --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig +main_rf_testing: + needs: ["main_build_and_push"] + stage: main_rf_testing + script: + - | + echo "------ Robot Framework Testing ------" + <<: *main_common + delete_ocf_main: stage: delete_ocf_main <<: *main_common -- GitLab From 760332b42aad2ce29baeb8dba0c62d7159768638 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 12:58:10 +0200 Subject: [PATCH 205/392] needs: ["deploy_ocf_main"] --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 31ce2bc..7647dbc 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -703,7 +703,7 @@ deploy_ocf_main: # --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig main_rf_testing: - needs: ["main_build_and_push"] + needs: ["deploy_ocf_main"] stage: main_rf_testing script: - | -- GitLab From 6709663bb28ace8f509574a1320c3fda199c2f4d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 13:35:41 +0200 Subject: [PATCH 206/392] before_script in main_build_and_push --- capif/.gitlab-ci.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 7647dbc..526e26c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -563,6 +563,14 @@ cvs_vault: <<: *main_dnd main_build_and_push: + stage: main_build_and_push + variables: + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + before_script: + - echo "--- Login to Docker registry ---" + docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY needs: - cvs_nginx - cvs_register @@ -577,7 +585,6 @@ main_build_and_push: - cvs_ocf_routing_info_api - cvs_ocf_security_api - cvs_vault - stage: main_build_and_push script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 84452a8449cce94f062cf1473e0e02993b32aab4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 14:24:58 +0200 Subject: [PATCH 207/392] docker login --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 526e26c..bebf4f5 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -570,7 +570,7 @@ main_build_and_push: CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY before_script: - echo "--- Login to Docker registry ---" - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY needs: - cvs_nginx - cvs_register -- GitLab From 860161708688d5434f0737e4d5ae0d064eb428e6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 14:25:23 +0200 Subject: [PATCH 208/392] space --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index bebf4f5..a2473c6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -570,7 +570,7 @@ main_build_and_push: CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY before_script: - echo "--- Login to Docker registry ---" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY needs: - cvs_nginx - cvs_register -- GitLab From 36a37dd71b7357d2da43e96d8a6509f3ae32a031 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 14:49:42 +0200 Subject: [PATCH 209/392] staging_semgrep_sast --- capif/templates/ci_staging.gitlab-ci.yml | 33 ++++++++++++++++++++---- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 0c6e511..d94147a 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -1,5 +1,6 @@ stages: # - staging_pulling_repo + - test - staging_secrets_in_repo - staging_linting_code - staging_linting_docker @@ -22,6 +23,18 @@ variables: tags: - shell +.staging_dnd: &staging_dnd + allow_failure: true + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + services: + - docker:24.0.5-dind + tags: + - docker-in-docker + #staging_pulling_repo: # stage: staging_pulling_repo # script: @@ -159,13 +172,23 @@ staging_cvs: expire_in: "1 week" <<: *staging_common -staging_sast: +semgrep-sast: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + +staging_semgrep_sast: needs: ["staging_linting_docker"] stage: staging_security - script: - - | - echo "------ Static Application Security Testing ------" - <<: *staging_common + extends: semgrep-sast + variables: +# DOCKER_DRIVER: overlay2 + DOCKER_HOST: tcp://docker:2375 +# SAST_EXCLUDED_ANALYZERS: "nodejs-scan-sast" + SAST_DEFAULT_ANALYZERS: bandit + <<: *staging_dnd staging_sca: needs: ["staging_linting_docker"] -- GitLab From 474027728d510d588acaddade83d10ac2d390b42 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 14:51:30 +0200 Subject: [PATCH 210/392] rules --- capif/templates/ci_staging.gitlab-ci.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index d94147a..f3191d5 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -25,11 +25,10 @@ variables: .staging_dnd: &staging_dnd allow_failure: true - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: always + - when: never services: - docker:24.0.5-dind tags: -- GitLab From 2ad6a2bb3cd18e6323ec074c1118e8903cd75950 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 14:55:44 +0200 Subject: [PATCH 211/392] CI_MERGE_REQUEST_TARGET_BRANCH_NAME --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index f3191d5..c85661f 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -26,7 +26,7 @@ variables: .staging_dnd: &staging_dnd allow_failure: true rules: - - if: '$CI_COMMIT_REF_NAME == "staging"' + - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "staging"' when: always - when: never services: -- GitLab From 24ec7b8bc6180ad947b22c03a203e512674beebf Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 15:32:18 +0200 Subject: [PATCH 212/392] staging_gemnasium_python_sca --- capif/templates/ci_staging.gitlab-ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index c85661f..e308d4e 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -189,13 +189,13 @@ staging_semgrep_sast: SAST_DEFAULT_ANALYZERS: bandit <<: *staging_dnd -staging_sca: +staging_gemnasium_python_sca: needs: ["staging_linting_docker"] stage: staging_security - script: - - | - echo "------ Software Composition Analysis ------" - <<: *staging_common + extends: gemnasium-python-dependency_scanning + variables: + DS_ANALYZER_NAME: "gemnasium-python" + <<: *staging_dnd staging_build_and_push: needs: ["staging_sca"] -- GitLab From b6b3825f49add5cb682f680ce420d713b2e03535 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 15:33:42 +0200 Subject: [PATCH 213/392] staging_gemnasium_python_sca --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index e308d4e..608676b 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -198,7 +198,7 @@ staging_gemnasium_python_sca: <<: *staging_dnd staging_build_and_push: - needs: ["staging_sca"] + needs: ["staging_gemnasium_python_sca"] stage: staging_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 612167633745350f98c2a7ef3f142dd7189d0cb8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 15:36:53 +0200 Subject: [PATCH 214/392] gemnasium-python-dependency_scanning not run --- capif/templates/ci_staging.gitlab-ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 608676b..012a413 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -189,6 +189,13 @@ staging_semgrep_sast: SAST_DEFAULT_ANALYZERS: bandit <<: *staging_dnd +gemnasium-python-dependency_scanning: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + staging_gemnasium_python_sca: needs: ["staging_linting_docker"] stage: staging_security -- GitLab From c6595bf1fc0c419d2a57c68f8c50aae27bff0498 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 15:39:07 +0200 Subject: [PATCH 215/392] staging_grype_cvs --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 012a413..6b0a351 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -105,7 +105,7 @@ staging_linting_docker: <<: *staging_common -staging_cvs: +staging_grype_cvs: needs: ["staging_linting_docker"] stage: staging_security script: -- GitLab From 1996c1962808ea22241f9ed0fad54c1233ca784f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 15:39:30 +0200 Subject: [PATCH 216/392] # to Security and Compliance gitLab --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 6b0a351..04e298c 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -1,6 +1,6 @@ stages: # - staging_pulling_repo - - test + - test # to Security and Compliance gitLab - staging_secrets_in_repo - staging_linting_code - staging_linting_docker -- GitLab From ac0c62a35a6c374e06404adc7522a7056ade8d30 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 15:44:52 +0200 Subject: [PATCH 217/392] staging_build_and_push --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 5ccb518..b46c5e7 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -39,6 +39,8 @@ variables: deploy_ocf_staging: stage: deploy_ocf_staging + needs: + - staging_build_and_push <<: *staging_common environment: name: review/staging -- GitLab From eb78aec4a968391141a620fa43643562e04fbff1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:00:04 +0200 Subject: [PATCH 218/392] dev_build_and_push --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index b46c5e7..a4936d0 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -104,6 +104,8 @@ delete_ocf_staging: ## dev ### deploy_ocf_dev: stage: deploy_ocf_dev + needs: + - dev_build_and_push <<: *dev_common environment: name: review/$CI_COMMIT_REF_SLUG -- GitLab From 9f9d73526b18587a53f027dca1aa2e17dd0f713f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:03:49 +0200 Subject: [PATCH 219/392] main_cancel_previous_action --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index a2473c6..27f0e2f 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,6 +5,7 @@ stages: - sast - merge_request_staging_into_main - main_build_and_push + - main_cancel_previous_action - staging_cancel_previous_action - dev_cancel_previous_action # - staging_pulling_repo -- GitLab From cb0f4c1f978d584aa7d15fb82d9aa1b4f98e0f85 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:10:36 +0200 Subject: [PATCH 220/392] stages --- capif/.gitlab-ci.yml | 48 +++++++++++++++++++++++++++++++------------- 1 file changed, 34 insertions(+), 14 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 27f0e2f..1365af3 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,32 +1,52 @@ stages: - - test # to Security and Compliance gitLab + - main_cancel_previous_action + - test - main_sast - main_container_scanning - - sast - - merge_request_staging_into_main - main_build_and_push - - main_cancel_previous_action - - staging_cancel_previous_action - - dev_cancel_previous_action -# - staging_pulling_repo + - deploy_ocf_main + - delete_ocf_main - staging_secrets_in_repo - staging_linting_code - staging_linting_docker - staging_security - staging_build_and_push - - staging_unit_tests -# - dev_pulling_repo + - deploy_ocf_staging + - delete_ocf_staging - dev_secrets_in_repo - dev_linting_code - dev_linting_docker - dev_build_and_push - - deploy_ocf_main - - main_rf_testing - - delete_ocf_main - - deploy_ocf_staging - - delete_ocf_staging - deploy_ocf_dev - delete_ocf_dev +# - test # to Security and Compliance gitLab +# - main_sast +# - main_container_scanning +# - sast +# - merge_request_staging_into_main +# - main_build_and_push +# - main_cancel_previous_action +# - staging_cancel_previous_action +# - dev_cancel_previous_action +## - staging_pulling_repo +# - staging_secrets_in_repo +# - staging_linting_code +# - staging_linting_docker +# - staging_security +# - staging_build_and_push +# - staging_unit_tests +## - dev_pulling_repo +# - dev_secrets_in_repo +# - dev_linting_code +# - dev_linting_docker +# - dev_build_and_push +# - deploy_ocf_main +# - main_rf_testing +# - delete_ocf_main +# - deploy_ocf_staging +# - delete_ocf_staging +# - deploy_ocf_dev +# - delete_ocf_dev variables: -- GitLab From 735babfe0f9f6dd366fa1fde7411ead5502cdc62 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:12:05 +0200 Subject: [PATCH 221/392] staging_unit_tests --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 1365af3..a943865 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -9,6 +9,7 @@ stages: - staging_secrets_in_repo - staging_linting_code - staging_linting_docker + - staging_unit_tests - staging_security - staging_build_and_push - deploy_ocf_staging -- GitLab From 7c707e77d9db1ff6ffe34e7b22855e8ed751dc24 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:13:39 +0200 Subject: [PATCH 222/392] cancel_previous_action --- capif/.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index a943865..22f7160 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -6,6 +6,7 @@ stages: - main_build_and_push - deploy_ocf_main - delete_ocf_main + - staging_cancel_previous_action - staging_secrets_in_repo - staging_linting_code - staging_linting_docker @@ -100,7 +101,7 @@ variables: - shell main_cancel_previous_action: - stage: staging_cancel_previous_action + stage: main_cancel_previous_action script: - | if [[ -n "$CI_JOB_TOKEN" ]]; then -- GitLab From a252cacb280139a3a3b756f4123a263e4ecf3ca3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:14:49 +0200 Subject: [PATCH 223/392] dev_cancel_previous_action --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 22f7160..442ddcb 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -15,6 +15,7 @@ stages: - staging_build_and_push - deploy_ocf_staging - delete_ocf_staging + - dev_cancel_previous_action - dev_secrets_in_repo - dev_linting_code - dev_linting_docker -- GitLab From 7140f8b16e18cb5412dac93506fe7ba929898ef6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:16:49 +0200 Subject: [PATCH 224/392] merge_request_staging_into_main --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 442ddcb..aea9f65 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -7,6 +7,7 @@ stages: - deploy_ocf_main - delete_ocf_main - staging_cancel_previous_action + - merge_request_staging_into_main - staging_secrets_in_repo - staging_linting_code - staging_linting_docker -- GitLab From 35ff4247d2eb3c1ccf3fa0c1c91428bdf8a59234 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:17:37 +0200 Subject: [PATCH 225/392] main_rf_testing --- capif/.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index aea9f65..0998d95 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,6 +5,7 @@ stages: - main_container_scanning - main_build_and_push - deploy_ocf_main + - main_rf_testing - delete_ocf_main - staging_cancel_previous_action - merge_request_staging_into_main -- GitLab From de78c668eceff6a1b59ebcc0361f9518e01f7c56 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:29:27 +0200 Subject: [PATCH 226/392] pipeline dev --- capif/.gitlab-ci.yml | 7 +++---- capif/templates/ci_dev.gitlab-ci.yml | 14 +++++++------- 2 files changed, 10 insertions(+), 11 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0998d95..ebbf2c6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -17,10 +17,9 @@ stages: - staging_build_and_push - deploy_ocf_staging - delete_ocf_staging - - dev_cancel_previous_action + - dev_pre_pipeline - dev_secrets_in_repo - - dev_linting_code - - dev_linting_docker + - dev_linting - dev_build_and_push - deploy_ocf_dev - delete_ocf_dev @@ -146,7 +145,7 @@ staging_cancel_previous_action: <<: *staging_common dev_cancel_previous_action: - stage: dev_cancel_previous_action + stage: dev_pre_pipeline script: - | echo "### cancel previous actions in dev branchc ###" diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index f15b99e..9e806f1 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -1,8 +1,7 @@ stages: # - dev_pulling_repo - dev_secrets_in_repo - - dev_linting_code - - dev_linting_docker + - dev_linting - dev_build_and_push variables: @@ -24,6 +23,8 @@ variables: # <<: *dev_common dev_secrets_in_repo: + needs: + - dev_pre_pipeline stage: dev_secrets_in_repo script: - | @@ -35,7 +36,7 @@ dev_secrets_in_repo: # define the process to do linting code: Sonarque, ruff? dev_linting_code: - stage: dev_linting_code + stage: dev_linting script: - | echo "###ruff checks###" @@ -45,7 +46,7 @@ dev_linting_code: <<: *dev_common dev_linting_docker: - stage: dev_linting_docker + stage: dev_linting script: - | # Download hadolint binary @@ -82,12 +83,11 @@ dev_linting_docker: # reports: # codequality: # - docker-lint.json -# interruptible: true - needs: ["dev_linting_code"] +# interruptible: true <<: *dev_common dev_build_and_push: - needs: ["dev_linting_docker"] + needs: ["dev_linting"] stage: dev_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 80a7717a556ad6f3b0f6656afb9244e0a384d45b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:30:36 +0200 Subject: [PATCH 227/392] dev_pre_pipeline --- capif/templates/ci_dev.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 9e806f1..7975c33 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -1,5 +1,6 @@ stages: # - dev_pulling_repo + - dev_pre_pipeline - dev_secrets_in_repo - dev_linting - dev_build_and_push -- GitLab From 373cb2ba8da1c488508559bc85241be5d15c2251 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:33:22 +0200 Subject: [PATCH 228/392] dev_cancel_previous_action --- capif/.gitlab-ci.yml | 46 ++++++++++++++-------------- capif/templates/ci_dev.gitlab-ci.yml | 24 +++++++++++++++ 2 files changed, 47 insertions(+), 23 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index ebbf2c6..85a72b4 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -144,29 +144,29 @@ staging_cancel_previous_action: fi <<: *staging_common -dev_cancel_previous_action: - stage: dev_pre_pipeline - script: - - | - echo "### cancel previous actions in dev branchc ###" - if [[ -n "$CI_JOB_TOKEN" ]]; then - echo "Checking for running jobs in the same pipeline..." - jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") - for job in $(echo "$jobs" | jq -r '.[] | @base64'); do - _jq() { - echo ${job} | base64 --decode | jq -r ${1} - } - status=$(_jq '.status') - id=$(_jq '.id') - if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then - echo "Cancelling job $id" - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" - fi - done - fi - rules: - - if: $CI_COMMIT_BRANCH - <<: *dev_common +#dev_cancel_previous_action: +# stage: dev_pre_pipeline +# script: +# - | +# echo "### cancel previous actions in dev branchc ###" +# if [[ -n "$CI_JOB_TOKEN" ]]; then +# echo "Checking for running jobs in the same pipeline..." +# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") +# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do +# _jq() { +# echo ${job} | base64 --decode | jq -r ${1} +# } +# status=$(_jq '.status') +# id=$(_jq '.id') +# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then +# echo "Cancelling job $id" +# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" +# fi +# done +# fi +# rules: +# - if: $CI_COMMIT_BRANCH +# <<: *dev_common include: - template: 'Jobs/SAST.gitlab-ci.yml' diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 7975c33..eb3bd88 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -23,6 +23,30 @@ variables: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git # <<: *dev_common +dev_cancel_previous_action: + stage: dev_pre_pipeline + script: + - | + echo "### cancel previous actions in dev branchc ###" + if [[ -n "$CI_JOB_TOKEN" ]]; then + echo "Checking for running jobs in the same pipeline..." + jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") + for job in $(echo "$jobs" | jq -r '.[] | @base64'); do + _jq() { + echo ${job} | base64 --decode | jq -r ${1} + } + status=$(_jq '.status') + id=$(_jq '.id') + if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then + echo "Cancelling job $id" + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" + fi + done + fi + rules: + - if: $CI_COMMIT_BRANCH + <<: *dev_common + dev_secrets_in_repo: needs: - dev_pre_pipeline -- GitLab From 431391bf22753e68e0b1e84fc13fe22c34c9e1a4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 15 Apr 2024 16:37:06 +0200 Subject: [PATCH 229/392] needs dev --- capif/templates/ci_dev.gitlab-ci.yml | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index eb3bd88..38e09eb 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -49,7 +49,7 @@ dev_cancel_previous_action: dev_secrets_in_repo: needs: - - dev_pre_pipeline + - dev_cancel_previous_action stage: dev_secrets_in_repo script: - | @@ -112,7 +112,9 @@ dev_linting_docker: <<: *dev_common dev_build_and_push: - needs: ["dev_linting"] + needs: + - dev_linting_code + - dev_linting_docker stage: dev_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 633c2cf8dc09f5c29ca0925cceefc889d818e9c2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 16 Apr 2024 09:13:27 +0200 Subject: [PATCH 230/392] staging pipeline --- capif/.gitlab-ci.yml | 68 ++++++++---------------- capif/templates/ci_staging.gitlab-ci.yml | 54 +++++++++++++++---- 2 files changed, 68 insertions(+), 54 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 85a72b4..1814f7a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,5 +1,6 @@ stages: - main_cancel_previous_action + - merge_request_staging_into_main - test - main_sast - main_container_scanning @@ -7,11 +8,9 @@ stages: - deploy_ocf_main - main_rf_testing - delete_ocf_main - - staging_cancel_previous_action - - merge_request_staging_into_main + - staging_pre_pipeline - staging_secrets_in_repo - - staging_linting_code - - staging_linting_docker + - staging_linting - staging_unit_tests - staging_security - staging_build_and_push @@ -123,26 +122,27 @@ main_cancel_previous_action: fi <<: *main_common -staging_cancel_previous_action: - stage: staging_cancel_previous_action +merge_request_staging_into_main: + stage: merge_request_staging_into_main script: - - | - if [[ -n "$CI_JOB_TOKEN" ]]; then - echo "Checking for running jobs in the same pipeline..." - jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") - for job in $(echo "$jobs" | jq -r '.[] | @base64'); do - _jq() { - echo ${job} | base64 --decode | jq -r ${1} - } - status=$(_jq '.status') - id=$(_jq '.id') - if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then - echo "Cancelling job $id" - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" - fi - done - fi - <<: *staging_common + - > + if [ "$CI_COMMIT_REF_NAME" == "staging" ]; then + # Variables + SOURCE_BRANCH="staging" + TARGET_BRANCH="main" + TITLE="Merge staging into main created by GitLab CICD" + + # Create Merge Request + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ + --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ + "$GITLAB_API/projects/$PROJECT_ID/merge_requests" + else + echo "Nothing to do" + fi + only: + - staging + tags: + - shell #dev_cancel_previous_action: # stage: dev_pre_pipeline @@ -182,28 +182,6 @@ include: - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' # - 'capif/templates/ci_main.gitlab-ci.yml' - - -merge_request_staging_into_main: - stage: merge_request_staging_into_main - script: - - > - if [ "$CI_COMMIT_REF_NAME" == "staging" ]; then - # Variables - SOURCE_BRANCH="staging" - TARGET_BRANCH="main" - TITLE="Merge staging into main created by GitLab CICD" - - # Create Merge Request - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ - --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ - "$GITLAB_API/projects/$PROJECT_ID/merge_requests" - else - echo "Nothing to do" - fi - only: - - staging - #sast: # variables: # SAST_DEFAULT_ANALYZERS: "bandit" # to sast diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 04e298c..9f363c4 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -1,9 +1,10 @@ stages: # - staging_pulling_repo - test # to Security and Compliance gitLab + - staging_pre_pipeline - staging_secrets_in_repo - - staging_linting_code - - staging_linting_docker + - staging_linting + - staging_unit_tests - staging_security - staging_build_and_push @@ -40,6 +41,27 @@ variables: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git # <<: *staging_common +staging_cancel_previous_action: + stage: staging_pre_pipeline + script: + - | + if [[ -n "$CI_JOB_TOKEN" ]]; then + echo "Checking for running jobs in the same pipeline..." + jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") + for job in $(echo "$jobs" | jq -r '.[] | @base64'); do + _jq() { + echo ${job} | base64 --decode | jq -r ${1} + } + status=$(_jq '.status') + id=$(_jq '.id') + if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then + echo "Cancelling job $id" + curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" + fi + done + fi + <<: *staging_common + staging_secrets_in_repo: stage: staging_secrets_in_repo script: @@ -47,12 +69,13 @@ staging_secrets_in_repo: pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 -# needs: ["staging_pulling_repo"] + needs: + - staging_cancel_previous_action <<: *staging_common # define the process to do linting code: Sonarque, ruff? staging_linting_code: - stage: staging_linting_code + stage: staging_linting script: - | echo "###ruff checks###" @@ -62,7 +85,7 @@ staging_linting_code: <<: *staging_common staging_linting_docker: - stage: staging_linting_docker + stage: staging_linting script: - | # Download hadolint binary @@ -104,9 +127,17 @@ staging_linting_docker: needs: ["staging_linting_code"] <<: *staging_common +staging_unit_tests: + stage: staging_unit_tests + script: + - | + echo "------- Unit Tests -------" + <<: *staging_common + staging_grype_cvs: - needs: ["staging_linting_docker"] + needs: + - staging_unit_tests stage: staging_security script: - | @@ -179,7 +210,8 @@ semgrep-sast: - when: never staging_semgrep_sast: - needs: ["staging_linting_docker"] + needs: + - staging_unit_tests stage: staging_security extends: semgrep-sast variables: @@ -197,7 +229,8 @@ gemnasium-python-dependency_scanning: - when: never staging_gemnasium_python_sca: - needs: ["staging_linting_docker"] + needs: + - staging_unit_tests stage: staging_security extends: gemnasium-python-dependency_scanning variables: @@ -205,7 +238,10 @@ staging_gemnasium_python_sca: <<: *staging_dnd staging_build_and_push: - needs: ["staging_gemnasium_python_sca"] + needs: + - staging_gemnasium_python_sca + - staging_semgrep_sast + - staging_grype_cvs stage: staging_build_and_push script: - export TMP_PWD=$PWD -- GitLab From 2cbb88c6c1940cc02d438ee550ed604ab93f4c38 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 16 Apr 2024 09:16:05 +0200 Subject: [PATCH 231/392] needs --- capif/templates/ci_staging.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 9f363c4..612a433 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -124,7 +124,6 @@ staging_linting_docker: # codequality: # - docker-lint.json # interruptible: true - needs: ["staging_linting_code"] <<: *staging_common staging_unit_tests: -- GitLab From a18aebf5d2314e5d34eae03ef5bf674ae367d5cf Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 16 Apr 2024 15:09:11 +0200 Subject: [PATCH 232/392] main pipeline --- capif/.gitlab-ci.yml | 63 ++++++++------------------------------------ 1 file changed, 11 insertions(+), 52 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 1814f7a..e7e1083 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -1,5 +1,5 @@ stages: - - main_cancel_previous_action + - main_pre_pipeline - merge_request_staging_into_main - test - main_sast @@ -22,34 +22,6 @@ stages: - dev_build_and_push - deploy_ocf_dev - delete_ocf_dev -# - test # to Security and Compliance gitLab -# - main_sast -# - main_container_scanning -# - sast -# - merge_request_staging_into_main -# - main_build_and_push -# - main_cancel_previous_action -# - staging_cancel_previous_action -# - dev_cancel_previous_action -## - staging_pulling_repo -# - staging_secrets_in_repo -# - staging_linting_code -# - staging_linting_docker -# - staging_security -# - staging_build_and_push -# - staging_unit_tests -## - dev_pulling_repo -# - dev_secrets_in_repo -# - dev_linting_code -# - dev_linting_docker -# - dev_build_and_push -# - deploy_ocf_main -# - main_rf_testing -# - delete_ocf_main -# - deploy_ocf_staging -# - delete_ocf_staging -# - deploy_ocf_dev -# - delete_ocf_dev variables: @@ -102,7 +74,7 @@ variables: - shell main_cancel_previous_action: - stage: main_cancel_previous_action + stage: main_pre_pipeline script: - | if [[ -n "$CI_JOB_TOKEN" ]]; then @@ -265,6 +237,8 @@ container_scanning: - when: never main_semgrep_sast: + needs: + - main_pre_pipeline stage: main_sast extends: semgrep-sast variables: @@ -275,6 +249,8 @@ main_semgrep_sast: <<: *main_dnd main_kubesec_sast: + needs: + - main_pre_pipeline stage: main_sast extends: kubesec-sast before_script: @@ -290,6 +266,8 @@ main_kubesec_sast: <<: *main_dnd main_gemnasium_python_dependency_scanning: + needs: + - main_pre_pipeline stage: main_sast extends: gemnasium-python-dependency_scanning variables: @@ -297,6 +275,8 @@ main_gemnasium_python_dependency_scanning: <<: *main_dnd main_secret_detection: + needs: + - main_pre_pipeline stage: main_sast extends: secret_detection variables: @@ -729,25 +709,4 @@ delete_ocf_main: when: manual environment: name: review/main - action: stop - -#ci_in_staging: -# stage: ci_in_staging -# script: -# - echo "Define the ci_in_staging job here" -# needs: ["workflow_ci"] -# <<: *staging_common -# -#ci_deploy_in_staging: -# stage: ci_deploy_in_staging -# script: -# - echo "Define the ci_deploy_in_staging job here" -# needs: ["ci_in_staging"] -# <<: *staging_common -# -#cleaning_in_staging: -# stage: cleaning_in_staging -# script: -# - echo "Define the cleaning_in_staging job here" -# needs: ["ci_deploy_in_staging"] -# <<: *staging_common + action: stop \ No newline at end of file -- GitLab From f955b3d226370877c34866d0d1b5b96531d1e04b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 16 Apr 2024 15:11:14 +0200 Subject: [PATCH 233/392] main_cancel_previous_action --- capif/.gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index e7e1083..6921210 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -238,7 +238,7 @@ container_scanning: main_semgrep_sast: needs: - - main_pre_pipeline + - main_cancel_previous_action stage: main_sast extends: semgrep-sast variables: @@ -250,7 +250,7 @@ main_semgrep_sast: main_kubesec_sast: needs: - - main_pre_pipeline + - main_cancel_previous_action stage: main_sast extends: kubesec-sast before_script: @@ -267,7 +267,7 @@ main_kubesec_sast: main_gemnasium_python_dependency_scanning: needs: - - main_pre_pipeline + - main_cancel_previous_action stage: main_sast extends: gemnasium-python-dependency_scanning variables: @@ -276,7 +276,7 @@ main_gemnasium_python_dependency_scanning: main_secret_detection: needs: - - main_pre_pipeline + - main_cancel_previous_action stage: main_sast extends: secret_detection variables: -- GitLab From 22d9bb6a403fb939af7edd33d3d1f9e1ab870272 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 16 Apr 2024 15:13:45 +0200 Subject: [PATCH 234/392] staging_unit_tests --- capif/templates/ci_staging.gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 612a433..fad7eb8 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -127,6 +127,9 @@ staging_linting_docker: <<: *staging_common staging_unit_tests: + needs: + - staging_linting_code + - staging_linting_docker stage: staging_unit_tests script: - | -- GitLab From 451be43b8f86d3c710f37752a16817408c8abc32 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 17 Apr 2024 10:07:31 +0200 Subject: [PATCH 235/392] cd release deploy --- .../templates/cd-deploy-release.gitlab-ci.yml | 64 +++++++++++++++++++ 1 file changed, 64 insertions(+) create mode 100644 capif/templates/cd-deploy-release.gitlab-ci.yml diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml new file mode 100644 index 0000000..b72fb6b --- /dev/null +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -0,0 +1,64 @@ +stages: + - deploy_ocf_prod + +variables: + CI_JOB_TOKEN: $CI_JOB_TOKEN + CI_DEBUG_TRACE: "false" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + INGRESS: "10.43.32.232" + NAMESPACE_PROD: "ocf-prod" + DOMAIN_PROD: prod.int + IMAGE_TAG_PROD: $CI_COMMIT_REF_SLUG + +# it will only run when a new tag that starts with ‘release-’ is pushed +# to the repository. +.release_common: &relase_common + only: + - /^release-.*$/ + tags: + - shell + +deploy_ocf_staging: + stage: deploy_ocf_staging + <<: *relase_common + environment: + name: review/production + url: https://$NAMESPACE_PROD.$DOMAIN_PROD + script: + - echo "------ A release has been created! -------" + - echo "### install helm###" + - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - ./get_helm.sh +# - helm version +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin +# - kubectl version --output=yaml +# - echo "### setting kubeconfig###" +# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig +# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig +# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - echo "### install yq###" +# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 +# - sudo chmod a+x /usr/local/bin/yq +# - yq --version +# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml +# - cat helm/capif/Chart.yaml +# - echo "### download dependencies###" +# - helm dependency build helm/capif +# - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ +# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set monitoring.prometheus.enable="" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ +# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m \ +# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig \ No newline at end of file -- GitLab From 62196bb5b1273a54ae7702cdc09d80161d4d6f7e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 17 Apr 2024 10:12:55 +0200 Subject: [PATCH 236/392] cd-deploy-release --- capif/.gitlab-ci.yml | 2 ++ capif/templates/cd-deploy-release.gitlab-ci.yml | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 6921210..946c32c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -22,6 +22,7 @@ stages: - dev_build_and_push - deploy_ocf_dev - delete_ocf_dev + - deploy_ocf_prod variables: @@ -152,6 +153,7 @@ include: - 'capif/templates/ci_dev.gitlab-ci.yml' - 'capif/templates/ci_unit_test.gitlab-ci.yml' - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' + - 'capif/templates&cd-deploy-release.gitlab-ci.yml' # - 'capif/templates/ci_main.gitlab-ci.yml' #sast: diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index b72fb6b..98f3f04 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -20,8 +20,8 @@ variables: tags: - shell -deploy_ocf_staging: - stage: deploy_ocf_staging +deploy_ocf_prod: + stage: deploy_ocf_prod <<: *relase_common environment: name: review/production -- GitLab From cdba02c5961a25ba1f04a80de9b96448ed5d856b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 17 Apr 2024 10:13:54 +0200 Subject: [PATCH 237/392] deploy-release --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 946c32c..a7ea0f2 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -153,7 +153,7 @@ include: - 'capif/templates/ci_dev.gitlab-ci.yml' - 'capif/templates/ci_unit_test.gitlab-ci.yml' - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' - - 'capif/templates&cd-deploy-release.gitlab-ci.yml' + - 'capif/templates/cd-deploy-release.gitlab-ci.yml' # - 'capif/templates/ci_main.gitlab-ci.yml' #sast: -- GitLab From 9ee75ed4a7e8b0ba59b10270b29585a60ca2a512 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 17 Apr 2024 10:46:15 +0200 Subject: [PATCH 238/392] rules in cd release --- capif/templates/cd-deploy-release.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index 98f3f04..ab221cc 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -15,8 +15,8 @@ variables: # it will only run when a new tag that starts with ‘release-’ is pushed # to the repository. .release_common: &relase_common - only: - - /^release-.*$/ + rules: + - if: '$CI_COMMIT_TAG =~ /^.*-release$/' tags: - shell -- GitLab From be26054b6538f16436325cb1a5917a69beae0259 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 17 Apr 2024 11:01:55 +0200 Subject: [PATCH 239/392] rules --- capif/templates/cd-deploy-release.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index ab221cc..429b450 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -16,7 +16,8 @@ variables: # to the repository. .release_common: &relase_common rules: - - if: '$CI_COMMIT_TAG =~ /^.*-release$/' +# - if: '$CI_COMMIT_TAG =~ /^.*-release$/' + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' tags: - shell -- GitLab From 2bc94c3044f906340ae2aee86df7df36fbd0ff94 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 17 Apr 2024 15:16:44 +0200 Subject: [PATCH 240/392] ocf release cd --- capif/templates/cd-deploy-release.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index 429b450..7902c77 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -12,7 +12,7 @@ variables: DOMAIN_PROD: prod.int IMAGE_TAG_PROD: $CI_COMMIT_REF_SLUG -# it will only run when a new tag that starts with ‘release-’ is pushed +# it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed # to the repository. .release_common: &relase_common rules: -- GitLab From 5bbc88abb59e1a35b89ea1c717c71b81810215ff Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 25 Apr 2024 10:00:59 +0200 Subject: [PATCH 241/392] kubectl cluster --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 17 +++++++++-------- 1 file changed, 9 insertions(+), 8 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index a4936d0..29f9150 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -124,14 +124,15 @@ deploy_ocf_dev: - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" + - ./get_helm.sh + - helm version + - echo "### install kubectl###" + - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + - chmod +x kubectl + - sudo mv kubectl /usr/local/bin + - kubectl version --output=yaml + - echo "### setting kubeconfig###" + - kubectl cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig # - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -- GitLab From a5e9adb13be92425cf397ea3d267a9e63937dc1c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 25 Apr 2024 10:44:16 +0200 Subject: [PATCH 242/392] kubectl staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 29f9150..5fecad4 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -56,15 +56,16 @@ deploy_ocf_staging: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" + - chmod 700 get_helm.sh + - ./get_helm.sh + - helm version + - echo "### install kubectl###" + - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" + - chmod +x kubectl + - sudo mv kubectl /usr/local/bin + - kubectl version --output=yaml + - echo "### setting kubeconfig###" + - kubectl cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig # - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -- GitLab From 15d4aec1fe2283b4c0cf7298142043126a7cd604 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 25 Apr 2024 10:47:15 +0200 Subject: [PATCH 243/392] sudo ./get_helm.sh --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 5fecad4..ee0cd2a 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -57,7 +57,7 @@ deploy_ocf_staging: - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - - ./get_helm.sh + - sudo ./get_helm.sh - helm version - echo "### install kubectl###" - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" @@ -125,7 +125,7 @@ deploy_ocf_dev: - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - chmod 700 get_helm.sh - - ./get_helm.sh + - sudo ./get_helm.sh - helm version - echo "### install kubectl###" - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -- GitLab From e3b17c279e04add593076f8e17b5e78520ccb9b4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 26 Apr 2024 10:48:17 +0200 Subject: [PATCH 244/392] no install kubectl and helm --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 32 +++++++++---------- .../templates/cd-deploy-release.gitlab-ci.yml | 2 +- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ee0cd2a..3bf5d65 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -54,15 +54,15 @@ deploy_ocf_staging: script: # - echo "### git clone OCF repo ###" # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - - chmod 700 get_helm.sh - - sudo ./get_helm.sh +# - echo "### install helm###" +# - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - sudo ./get_helm.sh - helm version - - echo "### install kubectl###" - - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - - chmod +x kubectl - - sudo mv kubectl /usr/local/bin +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - kubectl cluster-info @@ -122,15 +122,15 @@ deploy_ocf_dev: script: # - echo "### git clone OCF repo###" # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - - chmod 700 get_helm.sh - - sudo ./get_helm.sh +# - echo "### install helm###" +# - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - chmod 700 get_helm.sh +# - sudo ./get_helm.sh - helm version - - echo "### install kubectl###" - - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" - - chmod +x kubectl - - sudo mv kubectl /usr/local/bin +# - echo "### install kubectl###" +# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" +# - chmod +x kubectl +# - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - kubectl cluster-info diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index 7902c77..dd4bb4c 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -30,7 +30,7 @@ deploy_ocf_prod: script: - echo "------ A release has been created! -------" - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 +# - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 # - chmod 700 get_helm.sh # - ./get_helm.sh # - helm version -- GitLab From 73f01d52e5bec9f57aaa0b2199556cc709d371a6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 26 Apr 2024 12:16:34 +0200 Subject: [PATCH 245/392] sudo pip install --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- capif/templates/ci_main.gitlab-ci.yml | 2 +- capif/templates/ci_staging.gitlab-ci.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 38e09eb..fcfd5a4 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -53,7 +53,7 @@ dev_secrets_in_repo: stage: dev_secrets_in_repo script: - | - pip install trufflehog + sudo pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] @@ -65,7 +65,7 @@ dev_linting_code: script: - | echo "###ruff checks###" - pip install ruff + sudo pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["dev_secrets_in_repo"] <<: *dev_common diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml index ce020a8..31084ab 100644 --- a/capif/templates/ci_main.gitlab-ci.yml +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -26,7 +26,7 @@ main_secrets_in_repo: stage: main_secrets_in_repo script: - | - pip install trufflehog + sudo pip install trufflehog cd ../ #trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 <<: *main_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index fad7eb8..91daa4f 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -66,7 +66,7 @@ staging_secrets_in_repo: stage: staging_secrets_in_repo script: - | - pip install trufflehog + sudo pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 needs: @@ -79,7 +79,7 @@ staging_linting_code: script: - | echo "###ruff checks###" - pip install ruff + sudo pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["staging_secrets_in_repo"] <<: *staging_common -- GitLab From 2295a22e66aee425496b10deb37eef993fcff963 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 26 Apr 2024 13:49:37 +0200 Subject: [PATCH 246/392] no sudo pip install --- capif/templates/ci_dev.gitlab-ci.yml | 4 ++-- capif/templates/ci_main.gitlab-ci.yml | 2 +- capif/templates/ci_staging.gitlab-ci.yml | 4 ++-- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index fcfd5a4..38e09eb 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -53,7 +53,7 @@ dev_secrets_in_repo: stage: dev_secrets_in_repo script: - | - sudo pip install trufflehog + pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 # needs: ["dev_pulling_repo"] @@ -65,7 +65,7 @@ dev_linting_code: script: - | echo "###ruff checks###" - sudo pip install ruff + pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["dev_secrets_in_repo"] <<: *dev_common diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml index 31084ab..ce020a8 100644 --- a/capif/templates/ci_main.gitlab-ci.yml +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -26,7 +26,7 @@ main_secrets_in_repo: stage: main_secrets_in_repo script: - | - sudo pip install trufflehog + pip install trufflehog cd ../ #trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 <<: *main_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 91daa4f..fad7eb8 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -66,7 +66,7 @@ staging_secrets_in_repo: stage: staging_secrets_in_repo script: - | - sudo pip install trufflehog + pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 needs: @@ -79,7 +79,7 @@ staging_linting_code: script: - | echo "###ruff checks###" - sudo pip install ruff + pip install ruff ruff check --config cicd/ruff.toml . || true needs: ["staging_secrets_in_repo"] <<: *staging_common -- GitLab From ffbf8a030c1af36003ee2a2ac21f70f5ec91558c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 26 Apr 2024 14:21:58 +0200 Subject: [PATCH 247/392] kubectl --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 8 ++++---- capif/templates/cd-deploy-release.gitlab-ci.yml | 2 +- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 3bf5d65..1ae6ba4 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -65,10 +65,10 @@ deploy_ocf_staging: # - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - - kubectl cluster-info + - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working # - echo "### install yq###" # - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 # - sudo chmod a+x /usr/local/bin/yq @@ -133,10 +133,10 @@ deploy_ocf_dev: # - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - - kubectl cluster-info + - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working # - echo "### install yq###" # - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 # - sudo chmod a+x /usr/local/bin/yq diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index dd4bb4c..26e130d 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -42,7 +42,7 @@ deploy_ocf_prod: # - echo "### setting kubeconfig###" # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working +# - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working # - echo "### install yq###" # - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 # - sudo chmod a+x /usr/local/bin/yq -- GitLab From 7f59890c96d5879e82b0f6ddf3f63e74750ba66a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 09:02:30 +0200 Subject: [PATCH 248/392] whoami --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 1ae6ba4..4dc1616 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -65,6 +65,7 @@ deploy_ocf_staging: # - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" + - whoami - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -- GitLab From c49c555da3ef0589d1883532cf54c2e6ac07cea3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 10:25:46 +0200 Subject: [PATCH 249/392] whois --- capif/.gitlab-ci.yml | 1 + capif/templates/cd-deploy-ocf.gitlab-ci.yml | 1 + 2 files changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index a7ea0f2..b2497f5 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -661,6 +661,7 @@ deploy_ocf_main: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - echo "### install helm###" - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 + - whoami # - chmod 700 get_helm.sh # - ./get_helm.sh # - helm version diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 4dc1616..0334b85 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -58,6 +58,7 @@ deploy_ocf_staging: # - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 # - chmod 700 get_helm.sh # - sudo ./get_helm.sh + - whoami - helm version # - echo "### install kubectl###" # - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -- GitLab From 8a77a1ab11e0edd54c29c0d31bd38c8d7e8a8a5f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 10:33:39 +0200 Subject: [PATCH 250/392] commented cancel_previous_action job --- capif/templates/ci_dev.gitlab-ci.yml | 30 +++++++++++------------ capif/templates/ci_staging.gitlab-ci.yml | 31 ++++++++++++------------ 2 files changed, 31 insertions(+), 30 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 38e09eb..25d25d9 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -28,21 +28,21 @@ dev_cancel_previous_action: script: - | echo "### cancel previous actions in dev branchc ###" - if [[ -n "$CI_JOB_TOKEN" ]]; then - echo "Checking for running jobs in the same pipeline..." - jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") - for job in $(echo "$jobs" | jq -r '.[] | @base64'); do - _jq() { - echo ${job} | base64 --decode | jq -r ${1} - } - status=$(_jq '.status') - id=$(_jq '.id') - if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then - echo "Cancelling job $id" - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" - fi - done - fi +# if [[ -n "$CI_JOB_TOKEN" ]]; then +# echo "Checking for running jobs in the same pipeline..." +# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") +# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do +# _jq() { +# echo ${job} | base64 --decode | jq -r ${1} +# } +# status=$(_jq '.status') +# id=$(_jq '.id') +# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then +# echo "Cancelling job $id" +# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" +# fi +# done +# fi rules: - if: $CI_COMMIT_BRANCH <<: *dev_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index fad7eb8..4ea7841 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -45,21 +45,22 @@ staging_cancel_previous_action: stage: staging_pre_pipeline script: - | - if [[ -n "$CI_JOB_TOKEN" ]]; then - echo "Checking for running jobs in the same pipeline..." - jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") - for job in $(echo "$jobs" | jq -r '.[] | @base64'); do - _jq() { - echo ${job} | base64 --decode | jq -r ${1} - } - status=$(_jq '.status') - id=$(_jq '.id') - if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then - echo "Cancelling job $id" - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" - fi - done - fi + echo "### cancel previous actions in dev branchc ###" +# if [[ -n "$CI_JOB_TOKEN" ]]; then +# echo "Checking for running jobs in the same pipeline..." +# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") +# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do +# _jq() { +# echo ${job} | base64 --decode | jq -r ${1} +# } +# status=$(_jq '.status') +# id=$(_jq '.id') +# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then +# echo "Cancelling job $id" +# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" +# fi +# done +# fi <<: *staging_common staging_secrets_in_repo: -- GitLab From 12fb179479d177c0ef2c9dce8afe5dd2190b032a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 11:01:27 +0200 Subject: [PATCH 251/392] no file rke2.yaml --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 0334b85..f0e4b65 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -67,7 +67,7 @@ deploy_ocf_staging: - kubectl version --output=yaml - echo "### setting kubeconfig###" - whoami - - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info + - kubectl cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig # - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working @@ -135,7 +135,7 @@ deploy_ocf_dev: # - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info + - kubectl cluster-info # - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig # - kubectl get nodes --kubeconfig ~/cluster.kubeconfig # - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -- GitLab From 5fa3d1f58a2671aa6742e6e46c96cd5094de09ba Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 11:39:05 +0200 Subject: [PATCH 252/392] helm jobs --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 14 +++----------- 1 file changed, 3 insertions(+), 11 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f0e4b65..f239b60 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -60,21 +60,13 @@ deploy_ocf_staging: # - sudo ./get_helm.sh - whoami - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - whoami - kubectl cluster-info -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version + - yq --version + - ls -rtt helm/capif + - cat /helm/capif/Chart.yaml # - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml # - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml # - cat helm/capif/Chart.yaml -- GitLab From dddda1274b93953dc48f90423f6335e6069328d3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 16:08:02 +0200 Subject: [PATCH 253/392] helm parameters --- capif/.gitlab-ci.yml | 57 ++++++------ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 88 +++++++++---------- .../templates/cd-deploy-release.gitlab-ci.yml | 54 +++++------- 3 files changed, 91 insertions(+), 108 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b2497f5..5216ad3 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -644,6 +644,9 @@ main_build_and_push: deploy_ocf_main: stage: deploy_ocf_main + variables: + DOMAIN_PRE_PROD: pre-prod.int + IMAGE_TAG_PRE_PROD: $CI_COMMIT_REF_SLUG needs: - main_build_and_push <<: *main_common @@ -657,43 +660,33 @@ deploy_ocf_main: # when: never # - if: $CI_COMMIT_BRANCH == "main" script: -# - echo "### git clone OCF repo ###" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - echo "### install helm###" - - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 - - whoami -# - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif + - helm version + - kubectl cluster-info + - yq --version + - cat helm/capif/Chart.yaml + - yq e -i '.version = "$IMAGE_TAG_PRE_PROD"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG_PRE_PROD"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies###" + - helm dependency build helm/capif # - echo "### updating capif###" # - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ +# - helm upgrade --install -n $NAMESPACE_PRE_PROD ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_PRE_PROD \ +# --set nginx.nginx.env.registerHostname=register.$DOMAIN_PRE_PROD \ +# --set monitoring.prometheus.ingress.hosts[0].host=prometheus.$DOMAIN_PROD \ +# --set monitoring.prometheus.ingress.hosts[0].paths[0].path=/ \ +# --set monitoring.prometheus.ingress.hosts[0].paths[0].pathType=Prefix \ # --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig +# --set backOffice.frontend.env.grafanaUrl=http://grafana.$DOMAIN_PROD \ +# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ +# --set parametersVault.env.vaultPort=$VAULT_PORT \ +# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --wait --timeout=10m --atomic \ +# --create-namespace main_rf_testing: needs: ["deploy_ocf_main"] diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f239b60..28e2543 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -5,14 +5,17 @@ stages: - delete_ocf_dev variables: - INGRESS: "10.43.32.232" - NAMESPACE_DEV: "ocf-dev-$CI_JOB_USER" + NAMESPACE_DEV: "ocf-dev-$CI_PROJECT_PATH_SLUG" NAMESPACE_STAGING: "ocf-staging" DOMAIN_STAGING: staging.int - DOAMIN_DEV: developer.int + DOMAIN_DEV: developer.int + DOMAIN_PROD: prod.int CI_JOB_TOKEN: $CI_JOB_TOKEN IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG + VAULT_HOSTNAME: $VAULT_HOSTNAME + VAULT_PORT: $VAULT_PORT + VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN .main_common: &main_common only: @@ -66,23 +69,30 @@ deploy_ocf_staging: - kubectl cluster-info - yq --version - ls -rtt helm/capif - - cat /helm/capif/Chart.yaml -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true + - cat helm/capif/Chart.yaml + - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies###" + - helm dependency build helm/capif + - echo "### updating capif###" +# - helm uninstall -n $NAMESPACE_STAGING ocf-staging --kubeconfig ~/cluster.kubeconfig || true # - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ # --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ +# --set nginx.nginx.env.registerHostname=register.$DOMAIN_STAGING \ +# --set monitoring.prometheus.ingress.hosts[0].host=prometheus.$DOMAIN_PROD \ +# --set monitoring.prometheus.ingress.hosts[0].paths[0].path=/ \ +# --set monitoring.prometheus.ingress.hosts[0].paths[0].pathType=Prefix \ # --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig +# --set backOffice.frontend.env.grafanaUrl=http://grafana.$DOMAIN_PROD \ +# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ +# --set parametersVault.env.vaultPort=$VAULT_PORT \ +# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --wait --timeout=10m --atomic \ +# --create-namespace delete_ocf_staging: @@ -90,7 +100,7 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig +# - helm uninstall -n $NAMESPACE_STAGING ocf-staging when: manual environment: name: review/staging @@ -114,50 +124,38 @@ deploy_ocf_dev: # when: never # - if: $CI_COMMIT_BRANCH script: -# - echo "### git clone OCF repo###" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# - echo "### install helm###" -# - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - sudo ./get_helm.sh - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin - kubectl version --output=yaml - echo "### setting kubeconfig###" - kubectl cluster-info -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif + - yq --version + - cat helm/capif/Chart.yaml + - yq e -i '.version = "$IMAGE_TAG_DEV"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG_DEV"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies###" + - helm dependency build helm/capif # - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ +# - helm uninstall -n $NAMESPACE_DEV ocf-dev --kubeconfig ~/cluster.kubeconfig || true +# - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif-CI_PROJECT_PATH_SLUG.$DOMAIN_DEV \ +# --set nginx.nginx.env.registerHostname=register-CI_PROJECT_PATH_SLUG.$DOMAIN_DEV # --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ +# --set parametersVault.env.vaultPort=$VAULT_PORT \ +# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ # --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig +# --create-NAMESPACE_STAGING --atomic delete_ocf_dev: stage: delete_ocf_dev <<: *staging_common script: - echo "### deleting environment $NAMESPACE_DEV###" -# - helm uninstall -n $NAMESPACE_DEV ocf --kubeconfig ~/cluster.kubeconfig +# - helm uninstall -n $NAMESPACE_DEV ocf-dev when: manual environment: name: review/$CI_COMMIT_REF_SLUG diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index 26e130d..5ef4dbf 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -7,7 +7,6 @@ variables: CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY - INGRESS: "10.43.32.232" NAMESPACE_PROD: "ocf-prod" DOMAIN_PROD: prod.int IMAGE_TAG_PROD: $CI_COMMIT_REF_SLUG @@ -30,36 +29,29 @@ deploy_ocf_prod: script: - echo "------ A release has been created! -------" - echo "### install helm###" -# - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - ./get_helm.sh -# - helm version -# - echo "### install kubectl###" -# - curl -LO "https://dl.k8s.io/release/$(curl -L -s https://dl.k8s.io/release/stable.txt)/bin/linux/amd64/kubectl" -# - chmod +x kubectl -# - sudo mv kubectl /usr/local/bin -# - kubectl version --output=yaml -# - echo "### setting kubeconfig###" -# - echo $KUBECONFIG | base64 -d > ~/cluster.kubeconfig -# - kubectl get nodes --kubeconfig ~/cluster.kubeconfig -# - kubectl --kubeconfig /etc/rancher/rke2/rke2.yaml cluster-info --kubeconfig ~/cluster.kubeconfig #comment that when is working -# - echo "### install yq###" -# - sudo wget -qO /usr/local/bin/yq https://github.com/mikefarah/yq/releases/latest/download/yq_linux_amd64 -# - sudo chmod a+x /usr/local/bin/yq -# - yq --version -# - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml -# - cat helm/capif/Chart.yaml -# - echo "### download dependencies###" -# - helm dependency build helm/capif + - helm version + - kubectl cluster-info + - yq --version + - cat helm/capif/Chart.yaml + - yq e -i '.version = "$IMAGE_TAG_PROD"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$IMAGE_TAG_PROD"' helm/capif/Chart.yaml + - cat helm/capif/Chart.yaml + - echo "### download dependencies###" + - helm dependency build helm/capif # - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set ingress_ip.oneke="$INGRESS" --atomic \ -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_STAGING" \ +# - helm upgrade --install -n $NAMESPACE_PRE_PROD ocf helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_PROD \ +# --set nginx.nginx.env.registerHostname=register.$DOMAIN_PROD \ +# --set monitoring.prometheus.ingress.hosts[0].host=prometheus.$DOMAIN_PROD \ +# --set monitoring.prometheus.ingress.hosts[0].paths[0].path=/ \ +# --set monitoring.prometheus.ingress.hosts[0].paths[0].pathType=Prefix \ +# --set monitoring.prometheus.enable="true" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --kubeconfig ~/cluster.kubeconfig \ No newline at end of file +# --set backOffice.frontend.env.grafanaUrl=http://grafana.$DOMAIN_PROD \ +# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ +# --set parametersVault.env.vaultPort=$VAULT_PORT \ +# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --wait --timeout=10m --atomic \ +# --create-namespace \ No newline at end of file -- GitLab From 2a6780aef43ab7933d67206e6c894da4391c2867 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 16:27:05 +0200 Subject: [PATCH 254/392] IMAGE_TAG --- capif/.gitlab-ci.yml | 5 ++--- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 10 ++++------ 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 5216ad3..26fbab9 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -646,7 +646,6 @@ deploy_ocf_main: stage: deploy_ocf_main variables: DOMAIN_PRE_PROD: pre-prod.int - IMAGE_TAG_PRE_PROD: $CI_COMMIT_REF_SLUG needs: - main_build_and_push <<: *main_common @@ -664,8 +663,8 @@ deploy_ocf_main: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i '.version = "$IMAGE_TAG_PRE_PROD"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG_PRE_PROD"' helm/capif/Chart.yaml + - yq e -i '.version = "$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 28e2543..97342f7 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -11,8 +11,6 @@ variables: DOMAIN_DEV: developer.int DOMAIN_PROD: prod.int CI_JOB_TOKEN: $CI_JOB_TOKEN - IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG - IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG VAULT_HOSTNAME: $VAULT_HOSTNAME VAULT_PORT: $VAULT_PORT VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN @@ -70,8 +68,8 @@ deploy_ocf_staging: - yq --version - ls -rtt helm/capif - cat helm/capif/Chart.yaml - - yq e -i '.version = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG_STAGING"' helm/capif/Chart.yaml + - yq e -i '.version = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif @@ -130,8 +128,8 @@ deploy_ocf_dev: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i '.version = "$IMAGE_TAG_DEV"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG_DEV"' helm/capif/Chart.yaml + - yq e -i '.version = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml + - yq e -i '.appVersion = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif -- GitLab From 66dd41e07c264f9dfd2242ce0175fd4f499f02e0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 16:42:56 +0200 Subject: [PATCH 255/392] yq e -i --- capif/.gitlab-ci.yml | 5 +++-- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 10 ++++++---- capif/templates/cd-deploy-release.gitlab-ci.yml | 4 ++-- 3 files changed, 11 insertions(+), 8 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 26fbab9..62c04b8 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -646,6 +646,7 @@ deploy_ocf_main: stage: deploy_ocf_main variables: DOMAIN_PRE_PROD: pre-prod.int + IMAGE_TAG_PRE_PROD: $CI_COMMIT_REF_SLUG needs: - main_build_and_push <<: *main_common @@ -663,8 +664,8 @@ deploy_ocf_main: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i '.version = "$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml + - yq e -i ".version = "\$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = "\$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 97342f7..786ab41 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -11,6 +11,8 @@ variables: DOMAIN_DEV: developer.int DOMAIN_PROD: prod.int CI_JOB_TOKEN: $CI_JOB_TOKEN + IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG + IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG VAULT_HOSTNAME: $VAULT_HOSTNAME VAULT_PORT: $VAULT_PORT VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN @@ -68,8 +70,8 @@ deploy_ocf_staging: - yq --version - ls -rtt helm/capif - cat helm/capif/Chart.yaml - - yq e -i '.version = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml + - yq e -i ".version = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = "\$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif @@ -128,8 +130,8 @@ deploy_ocf_dev: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i '.version = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$$CI_COMMIT_REF_SLUG"' helm/capif/Chart.yaml + - yq e -i ".version = "\$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = "\$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index 5ef4dbf..a6918b3 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -33,8 +33,8 @@ deploy_ocf_prod: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i '.version = "$IMAGE_TAG_PROD"' helm/capif/Chart.yaml - - yq e -i '.appVersion = "$IMAGE_TAG_PROD"' helm/capif/Chart.yaml + - yq e -i ".version = "\$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = "\$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif -- GitLab From ec0b8c2a112a6ca41b073be4c55b7254f7d8fdb1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 16:58:03 +0200 Subject: [PATCH 256/392] yq e -i --- capif/.gitlab-ci.yml | 3 +-- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 ++---- capif/templates/cd-deploy-release.gitlab-ci.yml | 3 +-- 3 files changed, 4 insertions(+), 8 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 62c04b8..945d3d2 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -664,8 +664,7 @@ deploy_ocf_main: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i ".version = "\$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml - - yq e -i ".appVersion = "\$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml + - yq e -i ".version = \"$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 786ab41..ba6ae07 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -70,8 +70,7 @@ deploy_ocf_staging: - yq --version - ls -rtt helm/capif - cat helm/capif/Chart.yaml - - yq e -i ".version = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml - - yq e -i ".appVersion = "\$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml + - yq e -i ".version = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif @@ -130,8 +129,7 @@ deploy_ocf_dev: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i ".version = "\$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml - - yq e -i ".appVersion = "\$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml + - yq e -i ".version = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index a6918b3..32deca6 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -33,8 +33,7 @@ deploy_ocf_prod: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i ".version = "\$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml - - yq e -i ".appVersion = "\$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml + - yq e -i ".version = \"$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif -- GitLab From ef7c3547c72b35ac086b451a2de2059657314e75 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 29 Apr 2024 17:09:01 +0200 Subject: [PATCH 257/392] appVersion --- capif/.gitlab-ci.yml | 2 +- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- capif/templates/cd-deploy-release.gitlab-ci.yml | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 945d3d2..0d7d648 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -664,7 +664,7 @@ deploy_ocf_main: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i ".version = \"$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = \"$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ba6ae07..d212485 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -70,7 +70,7 @@ deploy_ocf_staging: - yq --version - ls -rtt helm/capif - cat helm/capif/Chart.yaml - - yq e -i ".version = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif @@ -129,7 +129,7 @@ deploy_ocf_dev: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i ".version = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml index 32deca6..14376ac 100644 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cd-deploy-release.gitlab-ci.yml @@ -33,7 +33,7 @@ deploy_ocf_prod: - kubectl cluster-info - yq --version - cat helm/capif/Chart.yaml - - yq e -i ".version = \"$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml && yq e -i ".appVersion = \"$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml + - yq e -i ".appVersion = \"$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif -- GitLab From 8997a32448e36f5a34a316af874cb20d590c0730 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 30 Apr 2024 11:15:12 +0200 Subject: [PATCH 258/392] no previous_action in CICD --- capif/.gitlab-ci.yml | 56 ++++++++++++------------ capif/templates/ci_dev.gitlab-ci.yml | 20 ++++----- capif/templates/ci_staging.gitlab-ci.yml | 16 +++---- 3 files changed, 46 insertions(+), 46 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0d7d648..397b06c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -74,26 +74,26 @@ variables: tags: - shell -main_cancel_previous_action: - stage: main_pre_pipeline - script: - - | - if [[ -n "$CI_JOB_TOKEN" ]]; then - echo "Checking for running jobs in the same pipeline..." - jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") - for job in $(echo "$jobs" | jq -r '.[] | @base64'); do - _jq() { - echo ${job} | base64 --decode | jq -r ${1} - } - status=$(_jq '.status') - id=$(_jq '.id') - if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then - echo "Cancelling job $id" - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" - fi - done - fi - <<: *main_common +#main_cancel_previous_action: +# stage: main_pre_pipeline +# script: +# - | +# if [[ -n "$CI_JOB_TOKEN" ]]; then +# echo "Checking for running jobs in the same pipeline..." +# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") +# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do +# _jq() { +# echo ${job} | base64 --decode | jq -r ${1} +# } +# status=$(_jq '.status') +# id=$(_jq '.id') +# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then +# echo "Cancelling job $id" +# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" +# fi +# done +# fi +# <<: *main_common merge_request_staging_into_main: stage: merge_request_staging_into_main @@ -239,8 +239,8 @@ container_scanning: - when: never main_semgrep_sast: - needs: - - main_cancel_previous_action +# needs: +# - main_cancel_previous_action stage: main_sast extends: semgrep-sast variables: @@ -251,8 +251,8 @@ main_semgrep_sast: <<: *main_dnd main_kubesec_sast: - needs: - - main_cancel_previous_action +# needs: +# - main_cancel_previous_action stage: main_sast extends: kubesec-sast before_script: @@ -268,8 +268,8 @@ main_kubesec_sast: <<: *main_dnd main_gemnasium_python_dependency_scanning: - needs: - - main_cancel_previous_action +# needs: +# - main_cancel_previous_action stage: main_sast extends: gemnasium-python-dependency_scanning variables: @@ -277,8 +277,8 @@ main_gemnasium_python_dependency_scanning: <<: *main_dnd main_secret_detection: - needs: - - main_cancel_previous_action +# needs: +# - main_cancel_previous_action stage: main_sast extends: secret_detection variables: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 25d25d9..c51fa0e 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -23,11 +23,11 @@ variables: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git # <<: *dev_common -dev_cancel_previous_action: - stage: dev_pre_pipeline - script: - - | - echo "### cancel previous actions in dev branchc ###" +#dev_cancel_previous_action: +# stage: dev_pre_pipeline +# script: +# - | +# echo "### cancel previous actions in dev branchc ###" # if [[ -n "$CI_JOB_TOKEN" ]]; then # echo "Checking for running jobs in the same pipeline..." # jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") @@ -43,13 +43,13 @@ dev_cancel_previous_action: # fi # done # fi - rules: - - if: $CI_COMMIT_BRANCH - <<: *dev_common +# rules: +# - if: $CI_COMMIT_BRANCH +# <<: *dev_common dev_secrets_in_repo: - needs: - - dev_cancel_previous_action +# needs: +# - dev_cancel_previous_action stage: dev_secrets_in_repo script: - | diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 4ea7841..f6952ae 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -41,11 +41,11 @@ variables: # - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git # <<: *staging_common -staging_cancel_previous_action: - stage: staging_pre_pipeline - script: - - | - echo "### cancel previous actions in dev branchc ###" +#staging_cancel_previous_action: +# stage: staging_pre_pipeline +# script: +# - | +# echo "### cancel previous actions in dev branchc ###" # if [[ -n "$CI_JOB_TOKEN" ]]; then # echo "Checking for running jobs in the same pipeline..." # jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") @@ -61,7 +61,7 @@ staging_cancel_previous_action: # fi # done # fi - <<: *staging_common +# <<: *staging_common staging_secrets_in_repo: stage: staging_secrets_in_repo @@ -70,8 +70,8 @@ staging_secrets_in_repo: pip install trufflehog cd ../ trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 - needs: - - staging_cancel_previous_action +# needs: +# - staging_cancel_previous_action <<: *staging_common # define the process to do linting code: Sonarque, ruff? -- GitLab From cb62beb6fc9d698d6f208eaf0d834b8ac2f057dd Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 22 May 2024 12:31:21 +0200 Subject: [PATCH 259/392] docker login in staging branch and delete build/pust to capif-client --- capif/templates/ci_dev.gitlab-ci.yml | 10 ++++++---- capif/templates/ci_staging.gitlab-ci.yml | 7 +++++++ 2 files changed, 13 insertions(+), 4 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index c51fa0e..c32ff81 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -119,11 +119,8 @@ dev_build_and_push: script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - - echo "### build and push capif-client image###" - - cd services/capif-client/ + - echo "### docker login###" - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ @@ -190,5 +187,10 @@ dev_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push helper image###" + - cd $TMP_PWD/services/helper/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *dev_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index f6952ae..e5ec93b 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -249,6 +249,8 @@ staging_build_and_push: script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" + - echo "### docker login###" + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ @@ -315,5 +317,10 @@ staging_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push helper image###" + - cd $TMP_PWD/services/helper/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *staging_common -- GitLab From b9e7b81744466b4e2db83942acc8db2236b695b2 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 22 May 2024 16:11:08 +0200 Subject: [PATCH 260/392] ocf deploy in develop --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 56 +++++++++++---------- 1 file changed, 29 insertions(+), 27 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d212485..96af608 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -47,7 +47,7 @@ deploy_ocf_staging: <<: *staging_common environment: name: review/staging - url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + url: https://capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING on_stop: delete_ocf_staging auto_stop_in: 3 day # rules: @@ -75,23 +75,22 @@ deploy_ocf_staging: - echo "### download dependencies###" - helm dependency build helm/capif - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf-staging --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_STAGING \ -# --set nginx.nginx.env.registerHostname=register.$DOMAIN_STAGING \ -# --set monitoring.prometheus.ingress.hosts[0].host=prometheus.$DOMAIN_PROD \ -# --set monitoring.prometheus.ingress.hosts[0].paths[0].path=/ \ -# --set monitoring.prometheus.ingress.hosts[0].paths[0].pathType=Prefix \ +# - helm uninstall -n $NAMESPACE_STAGING ocf-staging || true +# - helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ +# --set nginx.nginx.env.capifHostname=capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING \ +# --set nginx.nginx.env.registerHostname=register-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING \ # --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set backOffice.frontend.env.grafanaUrl=http://grafana.$DOMAIN_PROD \ +# --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ +# --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ # --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ # --set parametersVault.env.vaultPort=$VAULT_PORT \ # --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --wait --timeout=10m --atomic \ -# --create-namespace +# --set ingress.ip=10.43.107.132 \ +# --wait --timeout=10m \ +# --create-namespace --atomic delete_ocf_staging: @@ -113,7 +112,7 @@ deploy_ocf_dev: <<: *dev_common environment: name: review/$CI_COMMIT_REF_SLUG - url: https://$NAMESPACE_DEV.$DOMAIN_DEV + url: https://capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_DEV on_stop: delete_ocf_dev auto_stop_in: 3 day # rules: @@ -133,20 +132,23 @@ deploy_ocf_dev: - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_DEV ocf-dev --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif-CI_PROJECT_PATH_SLUG.$DOMAIN_DEV \ -# --set nginx.nginx.env.registerHostname=register-CI_PROJECT_PATH_SLUG.$DOMAIN_DEV -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ -# --set parametersVault.env.vaultPort=$VAULT_PORT \ -# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --wait --timeout=10m \ -# --create-NAMESPACE_STAGING --atomic + - echo "### updating capif###" + - helm uninstall -n $NAMESPACE_DEV ocf-developer || true + - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ + --set nginx.nginx.env.capifHostname=capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_DEV \ + --set nginx.nginx.env.registerHostname=register-$CI_PROJECT_PATH_SLUG.$DOMAIN_DEV \ + --set monitoring.prometheus.enable="" \ + --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_PROJECT_PATH_SLUG.$DOMAIN_PROD" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ + --set parametersVault.env.vaultPort=$VAULT_PORT \ + --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ingress.ip=10.43.107.132 \ + --wait --timeout=10m \ + --create-namespace --atomic delete_ocf_dev: stage: delete_ocf_dev -- GitLab From b6c82a8471f56b2ce67cdefb17c8c7d5bb467d87 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 22 May 2024 16:45:02 +0200 Subject: [PATCH 261/392] CI_PROJECT_PATH_SLUG --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 96af608..f62582f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -5,7 +5,7 @@ stages: - delete_ocf_dev variables: - NAMESPACE_DEV: "ocf-dev-$CI_PROJECT_PATH_SLUG" + NAMESPACE_DEV: "ocf-dev-$CI_ENVIRONMENT_SLUG" NAMESPACE_STAGING: "ocf-staging" DOMAIN_STAGING: staging.int DOMAIN_DEV: developer.int @@ -47,7 +47,7 @@ deploy_ocf_staging: <<: *staging_common environment: name: review/staging - url: https://capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING + url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING on_stop: delete_ocf_staging auto_stop_in: 3 day # rules: @@ -77,10 +77,10 @@ deploy_ocf_staging: - echo "### updating capif###" # - helm uninstall -n $NAMESPACE_STAGING ocf-staging || true # - helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING \ -# --set nginx.nginx.env.registerHostname=register-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING \ +# --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ +# --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ # --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_PROJECT_PATH_SLUG.$DOMAIN_STAGING" \ +# --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ # --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ # --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ @@ -112,7 +112,7 @@ deploy_ocf_dev: <<: *dev_common environment: name: review/$CI_COMMIT_REF_SLUG - url: https://capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_DEV + url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV on_stop: delete_ocf_dev auto_stop_in: 3 day # rules: @@ -135,10 +135,10 @@ deploy_ocf_dev: - echo "### updating capif###" - helm uninstall -n $NAMESPACE_DEV ocf-developer || true - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ - --set nginx.nginx.env.capifHostname=capif-$CI_PROJECT_PATH_SLUG.$DOMAIN_DEV \ - --set nginx.nginx.env.registerHostname=register-$CI_PROJECT_PATH_SLUG.$DOMAIN_DEV \ + --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.prometheus.enable="" \ - --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_PROJECT_PATH_SLUG.$DOMAIN_PROD" \ + --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_PROD" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ -- GitLab From 1d900038695e163528b165326f54603bb38c3bc1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 22 May 2024 17:14:20 +0200 Subject: [PATCH 262/392] no prometheus option --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f62582f..34aa9e5 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -137,7 +137,6 @@ deploy_ocf_dev: - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set monitoring.prometheus.enable="" \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_PROD" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -- GitLab From db9296866b71953f0e05a78eb6ec50c0f883592d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 09:30:32 +0200 Subject: [PATCH 263/392] no atomic in helm --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 34aa9e5..eb298fe 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -147,7 +147,7 @@ deploy_ocf_dev: --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ --wait --timeout=10m \ - --create-namespace --atomic + --create-namespace delete_ocf_dev: stage: delete_ocf_dev -- GitLab From c4d0b311063e3bc13cf47ac0c511729174eb4b77 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 09:40:27 +0200 Subject: [PATCH 264/392] helm command --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index eb298fe..6ff2073 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -134,9 +134,7 @@ deploy_ocf_dev: - helm dependency build helm/capif - echo "### updating capif###" - helm uninstall -n $NAMESPACE_DEV ocf-developer || true - - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ - --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_PROD" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -- GitLab From db879311dcf036b4d1f58ccbc3211b4e9711d455 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 09:54:30 +0200 Subject: [PATCH 265/392] helm command --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 32 +++++++++++---------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6ff2073..9c88d30 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -122,19 +122,22 @@ deploy_ocf_dev: # when: never # - if: $CI_COMMIT_BRANCH script: - - helm version - - kubectl version --output=yaml - - echo "### setting kubeconfig###" - - kubectl cluster-info - - yq --version - - cat helm/capif/Chart.yaml - - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies###" - - helm dependency build helm/capif - - echo "### updating capif###" - - helm uninstall -n $NAMESPACE_DEV ocf-developer || true - - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + - | + helm version + kubectl version --output=yaml + echo "### setting kubeconfig###" + kubectl cluster-info + yq --version + cat helm/capif/Chart.yaml + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml + cat helm/capif/Chart.yaml + echo "### download dependencies###" + helm dependency build helm/capif + echo "### updating capif###" + helm uninstall -n $NAMESPACE_DEV ocf-developer || true + helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ + --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_PROD" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ @@ -144,8 +147,7 @@ deploy_ocf_dev: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --wait --timeout=10m \ - --create-namespace + --wait --timeout=10m --create-namespace delete_ocf_dev: stage: delete_ocf_dev -- GitLab From 3d57232e632331d7564725be4aa96043267037a6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 10:34:06 +0200 Subject: [PATCH 266/392] adding image.repository in helm command --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 9c88d30..160f45a 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -16,6 +16,7 @@ variables: VAULT_HOSTNAME: $VAULT_HOSTNAME VAULT_PORT: $VAULT_PORT VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN + CI_REGISTRY: $CI_REGISTRY .main_common: &main_common only: @@ -136,6 +137,18 @@ deploy_ocf_dev: echo "### updating capif###" helm uninstall -n $NAMESPACE_DEV ocf-developer || true helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG \ + --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG \ + --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG \ + --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG \ + --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG \ + --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG \ + --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG \ + --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG \ + --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG \ + --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG \ + --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG \ + --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG \ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_PROD" \ -- GitLab From 9f5f3f636e2ec2f95cf0142ea68d7d95b3aa488e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 11:04:53 +0200 Subject: [PATCH 267/392] not helm uninstall command --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 160f45a..b98a8f2 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -135,7 +135,7 @@ deploy_ocf_dev: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm uninstall -n $NAMESPACE_DEV ocf-developer || true + ## helm uninstall -n $NAMESPACE_DEV ocf-developer || true helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG \ -- GitLab From 118799de248ac6c5a4fcdc983ca4ee355bdbdb2a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 12:58:49 +0200 Subject: [PATCH 268/392] DOMAIN_DEV --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index b98a8f2..6fcf0d0 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -151,7 +151,7 @@ deploy_ocf_dev: --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG \ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_PROD" \ + --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ -- GitLab From c9caf02a392d2fe10eedf5bf0bbd2354113f2ae7 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 13:19:50 +0200 Subject: [PATCH 269/392] helm update --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 26 ++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6fcf0d0..efccd85 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -136,19 +136,7 @@ deploy_ocf_dev: helm dependency build helm/capif echo "### updating capif###" ## helm uninstall -n $NAMESPACE_DEV ocf-developer || true - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG \ - --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG \ - --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG \ - --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG \ - --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG \ - --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG \ - --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG \ - --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG \ - --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG \ - --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG \ - --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG \ - --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG \ + helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ @@ -160,6 +148,18 @@ deploy_ocf_dev: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG \ + --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG \ + --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG \ + --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG \ + --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG \ + --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG \ + --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG \ + --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG \ + --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG \ + --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG \ + --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG \ + --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG \ --wait --timeout=10m --create-namespace delete_ocf_dev: -- GitLab From 21e9658c8fcda06d2bcabe3062f12c00da04a522 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 14:08:26 +0200 Subject: [PATCH 270/392] ### --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index efccd85..56699e8 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -135,9 +135,7 @@ deploy_ocf_dev: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - ## helm uninstall -n $NAMESPACE_DEV ocf-developer || true - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ - --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -- GitLab From de63bfb62a8cda6c39819227237ace1936451b9f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 14:16:06 +0200 Subject: [PATCH 271/392] helm command --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 56699e8..15ea5ec 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -157,8 +157,7 @@ deploy_ocf_dev: --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG \ --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG \ --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG \ - --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG \ - --wait --timeout=10m --create-namespace + --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace delete_ocf_dev: stage: delete_ocf_dev -- GitLab From 236f04514fd653a681c1a89dff1f268abb3b943d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 14:36:57 +0200 Subject: [PATCH 272/392] image.tag --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 36 ++++++++++++++------- 1 file changed, 24 insertions(+), 12 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 15ea5ec..6076cee 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -146,18 +146,30 @@ deploy_ocf_dev: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG \ - --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG \ - --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG \ - --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG \ - --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG \ - --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG \ - --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG \ - --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG \ - --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG \ - --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG \ - --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG \ - --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ + --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ + --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ + --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ + --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \ + --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ + --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \ + --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ + --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \ + --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ + --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \ + --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ + --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \ + --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ + --set register.register.image.tag=$CI_COMMIT_REF_SLUG \ + --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ + --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \ + --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ + --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ + --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ + --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ + --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace delete_ocf_dev: stage: delete_ocf_dev -- GitLab From e9e6a7574b455090f27c83ae30b02bcaabfe4195 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 23 May 2024 14:47:34 +0200 Subject: [PATCH 273/392] nginx.nginx.image --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6076cee..bb9675a 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -169,7 +169,9 @@ deploy_ocf_dev: --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ - --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace + --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ + --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace delete_ocf_dev: stage: delete_ocf_dev -- GitLab From a330333c3e64113cd2b5c84f8f4ebbc64c05aceb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 11:33:38 +0200 Subject: [PATCH 274/392] ocf deploy staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 58 ++++++++++++++------- 1 file changed, 39 insertions(+), 19 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index bb9675a..664c8f3 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -75,24 +75,44 @@ deploy_ocf_staging: - cat helm/capif/Chart.yaml - echo "### download dependencies###" - helm dependency build helm/capif - - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf-staging || true -# - helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ -# --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ -# --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ -# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ -# --set parametersVault.env.vaultPort=$VAULT_PORT \ -# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ingress.ip=10.43.107.132 \ -# --wait --timeout=10m \ -# --create-namespace --atomic - + echo "### updating capif###" + helm upgrade --install -n NAMESPACE_DEV ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ + --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ + --set parametersVault.env.vaultPort=$VAULT_PORT \ + --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ingress.ip=10.43.107.132 \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ + --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ + --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ + --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ + --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \ + --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ + --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \ + --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ + --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \ + --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ + --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \ + --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ + --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \ + --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ + --set register.register.image.tag=$CI_COMMIT_REF_SLUG \ + --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ + --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \ + --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ + --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ + --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ + --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ + --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ + --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace delete_ocf_staging: stage: delete_ocf_staging @@ -178,7 +198,7 @@ delete_ocf_dev: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_DEV###" -# - helm uninstall -n $NAMESPACE_DEV ocf-dev + - helm uninstall -n $NAMESPACE_DEV ocf-developer when: manual environment: name: review/$CI_COMMIT_REF_SLUG -- GitLab From 780f7288c59ad875165574d80eab1b65cfa4507b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 11:48:30 +0200 Subject: [PATCH 275/392] ocf-deploy script staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 32 +++++++++------------ 1 file changed, 13 insertions(+), 19 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 664c8f3..556d233 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -56,25 +56,19 @@ deploy_ocf_staging: # when: never # - if: $CI_COMMIT_BRANCH == "staging" script: -# - echo "### git clone OCF repo ###" -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# - echo "### install helm###" -# - curl -fsSL -o get_helm.sh https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 -# - chmod 700 get_helm.sh -# - sudo ./get_helm.sh - - whoami - - helm version - - kubectl version --output=yaml - - echo "### setting kubeconfig###" - - whoami - - kubectl cluster-info - - yq --version - - ls -rtt helm/capif - - cat helm/capif/Chart.yaml - - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies###" - - helm dependency build helm/capif + - | + helm version + kubectl version --output=yaml + echo "### setting kubeconfig###" + whoami + kubectl cluster-info + yq --version + ls -rtt helm/capif + cat helm/capif/Chart.yaml + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml + cat helm/capif/Chart.yaml + echo "### download dependencies###" + helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n NAMESPACE_DEV ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ -- GitLab From 15022bd681cd5d2d2256867633fc707b9a6aa397 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 11:57:08 +0200 Subject: [PATCH 276/392] CI_COMMIT_REF_SLUG --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 556d233..d051f67 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -70,9 +70,9 @@ deploy_ocf_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n NAMESPACE_DEV ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ - --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING" \ + helm upgrade --install -n $NAMESPACE_DEV ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set nginx.nginx.env.registerHostname=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ -- GitLab From 4230cc320bcdf7cf32e53166e8b81b0b10731604 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 12:54:03 +0200 Subject: [PATCH 277/392] deploy oficial staging --- capif/.gitlab-ci.yml | 22 ++--- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 87 ++++++++++++++---- capif/templates/ci_staging.gitlab-ci.yml | 97 +++++++++++++++++++-- 3 files changed, 175 insertions(+), 31 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 397b06c..12fdf28 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -61,18 +61,18 @@ variables: tags: - docker-in-docker -.staging_common: &staging_common - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" - tags: - - shell +#.staging_common: &staging_common +# only: +# - merge_requests +# except: +# variables: +# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" +# tags: +# - shell# -.dev_common: &dev_common - tags: - - shell +#.dev_common: &dev_common +# tags: +# - shell #main_cancel_previous_action: # stage: main_pre_pipeline diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d051f67..66bb812 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -1,4 +1,5 @@ stages: + - deploy_ocf_oficial_staging - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev @@ -18,43 +19,37 @@ variables: VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN CI_REGISTRY: $CI_REGISTRY -.main_common: &main_common +.staging_common: &staging_common only: - merge_requests except: variables: -# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell -.staging_common: &staging_common - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" +.staging_post_mr: &staging_post_mr tags: - shell + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' .dev_common: &dev_common tags: - shell + +## staging before mr ### deploy_ocf_staging: stage: deploy_ocf_staging needs: - staging_build_and_push <<: *staging_common environment: - name: review/staging + name: review/dev_to_staging url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING on_stop: delete_ocf_staging auto_stop_in: 3 day -# rules: -# - if: $CI_COMMIT_BRANCH == "main" -# when: never -# - if: $CI_COMMIT_BRANCH == "staging" script: - | helm version @@ -113,12 +108,74 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" -# - helm uninstall -n $NAMESPACE_STAGING ocf-staging + - helm uninstall -n $NAMESPACE_DEV ocf-staging when: manual environment: - name: review/staging + name: review/dev_to_staging action: stop +### staging branch merged ### +deploy_ocf_oficial_staging: + stage: deploy_ocf_oficial_staging + needs: + - staging_build_and_push_mr + <<: *staging_common + environment: + name: review/oficial-staging + url: https://capif-staging.$DOMAIN_STAGING + script: + - | + helm version + kubectl version --output=yaml + echo "### setting kubeconfig###" + whoami + kubectl cluster-info + yq --version + ls -rtt helm/capif + cat helm/capif/Chart.yaml + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml + cat helm/capif/Chart.yaml + echo "### download dependencies###" + helm dependency build helm/capif + echo "### updating capif###" + helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set nginx.nginx.env.registerHostname=register-staging.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].host="grafana-staging.$DOMAIN_STAGING" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ + --set parametersVault.env.vaultPort=$VAULT_PORT \ + --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ingress.ip=10.43.107.132 \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ + --set accessControlPolicy.image.tag=staging \ + --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ + --set apiInvocationLogs.apiInvocationLogs.image.tag=staging \ + --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ + --set apiInvokerManagement.apiInvokerManagement.image.tag=staging \ + --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ + --set apiProviderManagement.apiProviderManagement.image.tag=staging \ + --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ + --set capifEvents.capifEvents.image.tag=staging \ + --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ + --set capifRoutingInfo.capifRoutingInfo.image.tag=staging \ + --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ + --set capifSecurity.capifSecurity.image.tag=staging \ + --set register.register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ + --set register.register.image.tag=staging \ + --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ + --set logs.logs.image.tag=staging \ + --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ + --set nignx.nginx.image.tag=staging \ + --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ + --set publishedApis.publishedApis.image.tag=staging \ + --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ + --set serviceApis.serviceApis.image.tag=staging \ + --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ + --set nginx.nginx.image.tag=staging --wait --timeout=10m --create-namespace + ## dev ### deploy_ocf_dev: stage: deploy_ocf_dev diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index e5ec93b..c4f69dc 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -7,6 +7,7 @@ stages: - staging_unit_tests - staging_security - staging_build_and_push + - staging_build_and_push_mr variables: CI_JOB_TOKEN: $CI_JOB_TOKEN @@ -16,14 +17,18 @@ variables: CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .staging_common: &staging_common - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" + rules: + - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "staging"' tags: - shell +.staging_mr: &staging_mr + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' + tags: + - shell + + .staging_dnd: &staging_dnd allow_failure: true rules: @@ -324,3 +329,85 @@ staging_build_and_push: - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *staging_common + +### staging branch merged ### +staging_build_and_push_mr: + stage: staging_build_and_push_mr + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "### docker login###" + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/nginx:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/nginx:staging + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/register:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/register:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-auditing-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-auditing-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-events-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-events-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api:staging + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/ocf-security-api:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/ocf-security-api:staging + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/vault:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/vault:staging + - echo "----------------------------------------------------" + - echo "### build and push helper image###" + - cd $TMP_PWD/services/helper/ + - docker build -t $CI_REGISTRY/ocf/capif/staging/helper:staging . + - docker push $CI_REGISTRY/ocf/capif/staging/helper:staging + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY + <<: *staging_mr \ No newline at end of file -- GitLab From 9513b98f418d0ea6c3ba037a8a63a623b6f3f02d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 12:58:53 +0200 Subject: [PATCH 278/392] staging_post_mr --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 ++- capif/templates/ci_staging.gitlab-ci.yml | 8 ++------ 2 files changed, 4 insertions(+), 7 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 66bb812..52f56bf 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -33,6 +33,7 @@ variables: - shell rules: - if: '$CI_COMMIT_REF_NAME == "staging"' + when: always .dev_common: &dev_common tags: @@ -119,7 +120,7 @@ deploy_ocf_oficial_staging: stage: deploy_ocf_oficial_staging needs: - staging_build_and_push_mr - <<: *staging_common + <<: *staging_post_mr environment: name: review/oficial-staging url: https://capif-staging.$DOMAIN_STAGING diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index c4f69dc..e59f13f 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -19,12 +19,14 @@ variables: .staging_common: &staging_common rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "staging"' + when: always tags: - shell .staging_mr: &staging_mr rules: - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' + when: always tags: - shell @@ -40,12 +42,6 @@ variables: tags: - docker-in-docker -#staging_pulling_repo: -# stage: staging_pulling_repo -# script: -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# <<: *staging_common - #staging_cancel_previous_action: # stage: staging_pre_pipeline # script: -- GitLab From 5a48b20a9cf1497bcc21f61dd834c7a6d299a32b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 13:02:10 +0200 Subject: [PATCH 279/392] rules --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 11 +++-------- capif/templates/ci_staging.gitlab-ci.yml | 22 +++++++++------------ 2 files changed, 12 insertions(+), 21 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 52f56bf..3486956 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -28,13 +28,6 @@ variables: tags: - shell -.staging_post_mr: &staging_post_mr - tags: - - shell - rules: - - if: '$CI_COMMIT_REF_NAME == "staging"' - when: always - .dev_common: &dev_common tags: - shell @@ -118,9 +111,11 @@ delete_ocf_staging: ### staging branch merged ### deploy_ocf_oficial_staging: stage: deploy_ocf_oficial_staging + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: always needs: - staging_build_and_push_mr - <<: *staging_post_mr environment: name: review/oficial-staging url: https://capif-staging.$DOMAIN_STAGING diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index e59f13f..c15dd55 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -17,20 +17,14 @@ variables: CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .staging_common: &staging_common - rules: - - if: '$CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "staging"' - when: always + only: + - merge_requests + except: + variables: + - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell -.staging_mr: &staging_mr - rules: - - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' - when: always - tags: - - shell - - .staging_dnd: &staging_dnd allow_failure: true rules: @@ -329,6 +323,9 @@ staging_build_and_push: ### staging branch merged ### staging_build_and_push_mr: stage: staging_build_and_push_mr + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' + when: always script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -405,5 +402,4 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/staging/helper:staging . - docker push $CI_REGISTRY/ocf/capif/staging/helper:staging - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY - <<: *staging_mr \ No newline at end of file + - docker logout $CI_REGISTRY \ No newline at end of file -- GitLab From c2d16b630b384c579c8a6b902bc9383c867a952d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 13:03:31 +0200 Subject: [PATCH 280/392] deploy_ocf_oficial_staging --- capif/.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 12fdf28..b74c225 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -14,7 +14,9 @@ stages: - staging_unit_tests - staging_security - staging_build_and_push + - staging_build_and_push_mr - deploy_ocf_staging + - deploy_ocf_oficial_staging - delete_ocf_staging - dev_pre_pipeline - dev_secrets_in_repo -- GitLab From be8be81d101d5021446f198799f3f2bcb410f113 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 13:44:38 +0200 Subject: [PATCH 281/392] atomic --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 3486956..550f80b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -95,7 +95,7 @@ deploy_ocf_staging: --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace + --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: stage: delete_ocf_staging @@ -238,7 +238,7 @@ deploy_ocf_dev: --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace + --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: stage: delete_ocf_dev -- GitLab From c47e3aa172069497d8d5936b184c7cefd28dcf6c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 15:12:20 +0200 Subject: [PATCH 282/392] testing deploy_ocf_oficial_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 7 ++++--- capif/templates/ci_staging.gitlab-ci.yml | 9 +++++---- 2 files changed, 9 insertions(+), 7 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 550f80b..6f54b47 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -111,9 +111,10 @@ delete_ocf_staging: ### staging branch merged ### deploy_ocf_oficial_staging: stage: deploy_ocf_oficial_staging - rules: - - if: '$CI_COMMIT_REF_NAME == "staging"' - when: always + <<: *staging_common +# rules: +# - if: '$CI_COMMIT_REF_NAME == "staging"' +# when: always needs: - staging_build_and_push_mr environment: diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index c15dd55..4bedac9 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -323,9 +323,9 @@ staging_build_and_push: ### staging branch merged ### staging_build_and_push_mr: stage: staging_build_and_push_mr - rules: - - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' - when: always +# rules: +# - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' +# when: always script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -402,4 +402,5 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/staging/helper:staging . - docker push $CI_REGISTRY/ocf/capif/staging/helper:staging - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY \ No newline at end of file + - docker logout $CI_REGISTRY + <<: *staging_common \ No newline at end of file -- GitLab From faf2c333aab225f27e5f600a2fcba2dfe102786c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 27 May 2024 15:46:43 +0200 Subject: [PATCH 283/392] $CI_COMMIT_REF_SLUG --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6f54b47..f33038e 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -59,7 +59,7 @@ deploy_ocf_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + helm upgrade --install -n $NAMESPACE_DEV ocf-staging-$CI_COMMIT_REF_SLUG helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set nginx.nginx.env.registerHostname=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ @@ -102,7 +102,7 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" - - helm uninstall -n $NAMESPACE_DEV ocf-staging + - helm uninstall -n $NAMESPACE_DEV ocf-staging-$CI_COMMIT_REF_SLUG when: manual environment: name: review/dev_to_staging @@ -130,7 +130,7 @@ deploy_ocf_oficial_staging: yq --version ls -rtt helm/capif cat helm/capif/Chart.yaml - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml + yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif -- GitLab From 3983f36386ecc4c9caaf04e6aa7050f7d7ec73b4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 3 Jun 2024 14:35:45 +0200 Subject: [PATCH 284/392] ocf-pre-staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f33038e..452f8f8 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -59,7 +59,7 @@ deploy_ocf_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-staging-$CI_COMMIT_REF_SLUG helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set nginx.nginx.env.registerHostname=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -- GitLab From 53c3277b1d53abd18ce56a991ed4e3871470e797 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 12:32:24 +0200 Subject: [PATCH 285/392] adding helper in ocf-dev --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 452f8f8..a48b77b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -239,7 +239,14 @@ deploy_ocf_dev: --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace --atomic + --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ + --set helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ + --set helper.image.tag=$CI_COMMIT_REF_SLUG \ + --set helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set helper.env.vaultPort=$VAULT_PORT \ + --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set helper.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: stage: delete_ocf_dev -- GitLab From bb376cf648a00e819b376c5b73b37301b3bd457f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 12:37:47 +0200 Subject: [PATCH 286/392] chart helper --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index a48b77b..c707fa9 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -197,9 +197,13 @@ deploy_ocf_dev: echo "### setting kubeconfig###" kubectl cluster-info yq --version + ### Chart main ocf### cat helm/capif/Chart.yaml yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml + ### Chart helper### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/helper/Chart.yaml + cat helm/capif/charts/helper/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" -- GitLab From db983a5abf5ab1fcdbec808cfd015fc877d0233f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 14:18:23 +0200 Subject: [PATCH 287/392] ocf helpers in staging and pre-staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 24 +++++++++++++++++++-- 1 file changed, 22 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index c707fa9..ebc2f69 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -56,6 +56,9 @@ deploy_ocf_staging: cat helm/capif/Chart.yaml yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml + ### Chart helper### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/helper/Chart.yaml + cat helm/capif/charts/helper/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" @@ -95,7 +98,14 @@ deploy_ocf_staging: --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace --atomic + --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ + --set helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ + --set helper.image.tag=$CI_COMMIT_REF_SLUG\ + --set helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set helper.env.vaultPort=$VAULT_PORT \ + --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set helper.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: stage: delete_ocf_staging @@ -132,6 +142,9 @@ deploy_ocf_oficial_staging: cat helm/capif/Chart.yaml yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml + ### Chart helper### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/helper/Chart.yaml + cat helm/capif/charts/helper/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" @@ -171,7 +184,14 @@ deploy_ocf_oficial_staging: --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=staging \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ - --set nginx.nginx.image.tag=staging --wait --timeout=10m --create-namespace + --set nginx.nginx.image.tag=staging \ + --set helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \ + --set helper.image.tag=staging\ + --set helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set helper.env.vaultPort=$VAULT_PORT \ + --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --wait --timeout=10m --create-namespace ## dev ### deploy_ocf_dev: -- GitLab From 8e59dfeecdc2f619cbdf3b5cb4b4db6981c0aa15 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 15:19:44 +0200 Subject: [PATCH 288/392] \ --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ebc2f69..edadb72 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -100,7 +100,7 @@ deploy_ocf_staging: --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ - --set helper.image.tag=$CI_COMMIT_REF_SLUG\ + --set helper.image.tag=$CI_COMMIT_REF_SLUG \ --set helper.env.vaultHostname=$VAULT_HOSTNAME \ --set helper.env.vaultPort=$VAULT_PORT \ --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -- GitLab From 356ed1a71a91a15f33c4bf29b65d04b84e587dd6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 15:21:13 +0200 Subject: [PATCH 289/392] \ --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index edadb72..1e8e577 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -186,7 +186,7 @@ deploy_ocf_oficial_staging: --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ --set nginx.nginx.image.tag=staging \ --set helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \ - --set helper.image.tag=staging\ + --set helper.image.tag=staging \ --set helper.env.vaultHostname=$VAULT_HOSTNAME \ --set helper.env.vaultPort=$VAULT_PORT \ --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -- GitLab From 872bff9f4b7ab6e343f5637c7f4d713c6a8a2e53 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 15:40:33 +0200 Subject: [PATCH 290/392] deploy_ocf_oficial_staging rule --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 1e8e577..d1cf45d 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -121,10 +121,10 @@ delete_ocf_staging: ### staging branch merged ### deploy_ocf_oficial_staging: stage: deploy_ocf_oficial_staging - <<: *staging_common -# rules: -# - if: '$CI_COMMIT_REF_NAME == "staging"' -# when: always +# <<: *staging_common + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: always needs: - staging_build_and_push_mr environment: -- GitLab From e11bf42d60eb6071da30bbace64fd51b212b923d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 4 Jun 2024 15:48:03 +0200 Subject: [PATCH 291/392] staging_build_and_push_mr --- capif/templates/ci_staging.gitlab-ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 4bedac9..b6d15c6 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -323,9 +323,10 @@ staging_build_and_push: ### staging branch merged ### staging_build_and_push_mr: stage: staging_build_and_push_mr -# rules: -# - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' -# when: always +# <<: *staging_common + rules: + - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' + when: always script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -402,5 +403,4 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/staging/helper:staging . - docker push $CI_REGISTRY/ocf/capif/staging/helper:staging - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY - <<: *staging_common \ No newline at end of file + - docker logout $CI_REGISTRY \ No newline at end of file -- GitLab From f9e7936cb1188d35e3a381e9de207c0a635024b4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 5 Jun 2024 16:56:38 +0200 Subject: [PATCH 292/392] access-control-policy --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d1cf45d..bb82686 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -73,8 +73,10 @@ deploy_ocf_staging: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ - --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ + --set access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ + --set access-control-policy.image.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set access-control-policy.env.monitoring="true" \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ @@ -159,8 +161,10 @@ deploy_ocf_oficial_staging: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ - --set accessControlPolicy.image.tag=staging \ + --set access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ + --set access-control-policy.image.tag=staging \ + --set access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set access-control-policy.env.monitoring="true" \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=staging \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ @@ -238,8 +242,10 @@ deploy_ocf_dev: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ - --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ + --set access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ + --set access-control-policy.image.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set access-control-policy.env.monitoring="true" \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ -- GitLab From 4a67eda7f28a2bee201a997c9680acd3a3b8fccd Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 5 Jun 2024 17:12:58 +0200 Subject: [PATCH 293/392] accessControlPolicy --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 18 ++++++------------ 1 file changed, 6 insertions(+), 12 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index bb82686..d1cf45d 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -73,10 +73,8 @@ deploy_ocf_staging: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ - --set access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set access-control-policy.image.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ - --set access-control-policy.env.monitoring="true" \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ @@ -161,10 +159,8 @@ deploy_ocf_oficial_staging: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ - --set access-control-policy.image.tag=staging \ - --set access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ - --set access-control-policy.env.monitoring="true" \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ + --set accessControlPolicy.image.tag=staging \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=staging \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ @@ -242,10 +238,8 @@ deploy_ocf_dev: --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ - --set access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ - --set access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set access-control-policy.image.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set access-control-policy.env.monitoring="true" \ + --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ -- GitLab From 9ef4de1e25532e2b4221a1408e35e2cbb5e76c08 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 10 Jun 2024 12:00:40 +0200 Subject: [PATCH 294/392] delete capif-client of CICD --- capif/templates/ci_dev.gitlab-ci.yml | 2 +- capif/templates/ci_main.gitlab-ci.yml | 9 ++------- capif/templates/ci_staging.gitlab-ci.yml | 4 ++-- 3 files changed, 5 insertions(+), 10 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index c32ff81..e2fe2eb 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -88,7 +88,7 @@ dev_linting_docker: ../hadolint --version # Array of service names - SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml index ce020a8..556a3b7 100644 --- a/capif/templates/ci_main.gitlab-ci.yml +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -60,7 +60,7 @@ main_linting_docker: ../hadolint --version # Array of service names - SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") @@ -112,7 +112,7 @@ main_cvs: echo "TMP_PWD=$TMP_PWD" # Array of image names - IMAGE_NAMES=("capif-client" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") @@ -158,11 +158,6 @@ main_build_and_push: script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - - echo "### build and push capif-client image###" -# - cd services/capif-client/ -# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/capif-client:latest # - echo "----------------------------------------------------" # - echo "### build and push nginx image###" # - cd $TMP_PWD/services/nginx/ diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index b6d15c6..c7dff70 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -98,7 +98,7 @@ staging_linting_docker: ../hadolint --version # Array of service names - SERVICES=("capif-client" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") @@ -160,7 +160,7 @@ staging_grype_cvs: echo "TMP_PWD=$TMP_PWD" # Array of image names - IMAGE_NAMES=("capif-client" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") -- GitLab From 7e90b22fe13d7568b33ea17bd5d56367df683ba4 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 11 Jun 2024 11:47:22 +0200 Subject: [PATCH 295/392] build and push mock-server image --- capif/.gitlab-ci.yml | 5 +++++ capif/templates/ci_dev.gitlab-ci.yml | 5 +++++ capif/templates/ci_staging.gitlab-ci.yml | 10 ++++++++++ 3 files changed, 20 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b74c225..96b1c95 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -641,6 +641,11 @@ main_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock-server/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *main_common diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index e2fe2eb..ef23a92 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -192,5 +192,10 @@ dev_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock-server/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *dev_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index c7dff70..8294d99 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -317,6 +317,11 @@ staging_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock-server/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *staging_common @@ -403,4 +408,9 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/staging/helper:staging . - docker push $CI_REGISTRY/ocf/capif/staging/helper:staging - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock-server/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY \ No newline at end of file -- GitLab From ba6638a26403c1039b173d1b0a678b562bdb9389 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 13 Jun 2024 17:46:06 +0200 Subject: [PATCH 296/392] refactoring ocf helm --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 365 +++++++++++++------- 1 file changed, 244 insertions(+), 121 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d1cf45d..32b431b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -62,49 +62,90 @@ deploy_ocf_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ - --set nginx.nginx.env.registerHostname=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ + --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ - --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ - --set parametersVault.env.vaultPort=$VAULT_PORT \ - --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ - --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ - --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ - --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ - --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ - --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \ - --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ - --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \ - --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ - --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \ - --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ - --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \ - --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ - --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \ - --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ - --set register.register.image.tag=$CI_COMMIT_REF_SLUG \ - --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ - --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \ - --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ - --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ - --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ - --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ - --set helper.image.tag=$CI_COMMIT_REF_SLUG \ - --set helper.env.vaultHostname=$VAULT_HOSTNAME \ - --set helper.env.vaultPort=$VAULT_PORT \ - --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set helper.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-access-control-policy.monitoring="true" \ + --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ + --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-api-invocation-logs.env.monitoring="true" \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ + --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ + --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ + --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-events.env.monitoring="true" \ + --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ + --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-routing-info.env.monitoring="true" \ + --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ + --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-security.env.monitoring="true" \ + --set ocf-security.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-security.env.vaultPort=$VAULT_PORT \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ + --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultPort=$VAULT_PORT \ + --set ocf-register.env.mongoHost=mongo-register \ + --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.ingress.enabled=true \ + --set ocf-register.ingress.hosts[0].host=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-register.ingress.hosts[0].paths[0].path="/" \ + --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ + --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ + --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ + --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-discover-service-api.env.monitoring="true" \ + --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ + --set nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ + --set nginx.env.vaultPort=$VAULT_PORT \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.ingress.enabled=true \ + --set nginx.ingress.hosts[0].host=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set nginx.ingress.hosts[0].paths[0].path="/" \ + --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ + --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-helper.env.vaultPort=$VAULT_PORT \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ + --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ + --set mock-server.ingress.enabled=true \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set mock-server.ingress.hosts[0].paths[0].path="/" \ + --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: @@ -148,50 +189,91 @@ deploy_ocf_oficial_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ - --set nginx.nginx.env.registerHostname=register-staging.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].host="grafana-staging.$DOMAIN_STAGING" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + helm upgrade --install -n $NAMESPACE_STAGING ocf-developer helm/capif/ \ + --set monitoring.grafana.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ - --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ - --set parametersVault.env.vaultPort=$VAULT_PORT \ - --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ - --set accessControlPolicy.image.tag=staging \ - --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ - --set apiInvocationLogs.apiInvocationLogs.image.tag=staging \ - --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ - --set apiInvokerManagement.apiInvokerManagement.image.tag=staging \ - --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ - --set apiProviderManagement.apiProviderManagement.image.tag=staging \ - --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ - --set capifEvents.capifEvents.image.tag=staging \ - --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ - --set capifRoutingInfo.capifRoutingInfo.image.tag=staging \ - --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ - --set capifSecurity.capifSecurity.image.tag=staging \ - --set register.register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ - --set register.register.image.tag=staging \ - --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ - --set logs.logs.image.tag=staging \ - --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ - --set nignx.nginx.image.tag=staging \ - --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ - --set publishedApis.publishedApis.image.tag=staging \ - --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ - --set serviceApis.serviceApis.image.tag=staging \ - --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ - --set nginx.nginx.image.tag=staging \ - --set helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \ - --set helper.image.tag=staging \ - --set helper.env.vaultHostname=$VAULT_HOSTNAME \ - --set helper.env.vaultPort=$VAULT_PORT \ - --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ - --wait --timeout=10m --create-namespace + --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ + --set ocf-access-control-policy.image.tag=staging \ + --set ocf-access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set ocf-access-control-policy.monitoring="true" \ + --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ + --set ocf-api-invocation-logs.image.tag=staging \ + --set ocf-api-invocation-logs.env.monitoring="true" \ + --set ocf-api-invocation-logs.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ + --set ocf-api-invoker-management.image.tag=staging \ + --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ + --set ocf-api-provider-management.image.tag=staging \ + --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ + --set ocf-events.image.tag=staging \ + --set ocf-events.env.monitoring="true" \ + --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ + --set ocf-routing-info.image.tag=staging \ + --set ocf-routing-info.env.monitoring="true" \ + --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ + --set ocf-security.image.tag=staging \ + --set ocf-security.env.monitoring="true" \ + --set ocf-security.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-security.env.vaultPort=$VAULT_PORT \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ + --set ocf-register.image.tag=staging \ + --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultPort=$VAULT_PORT \ + --set ocf-register.env.mongoHost=mongo-register \ + --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.ingress.enabled=true \ + --set ocf-register.ingress.hosts[0].host=register-staging.$DOMAIN_STAGING \ + --set ocf-register.ingress.hosts[0].paths[0].path="/" \ + --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ + --set ocf-auditing-api-logs.image.tag=staging \ + --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ + --set ocf-publish-service-api.image.tag=staging \ + --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ + --set ocf-discover-service-api.image.tag=staging \ + --set ocf-discover-service-api.env.monitoring="true" \ + --set nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ + --set nginx.image.tag=staging \ + --set nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ + --set nginx.env.vaultPort=$VAULT_PORT \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.ingress.enabled=true \ + --set nginx.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ + --set nginx.ingress.hosts[0].paths[0].path="/" \ + --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \ + --set ocf-helper.image.tag=staging \ + --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-helper.env.vaultPort=$VAULT_PORT \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \ + --set mock-server.image.tag=staging \ + --set mock-server.ingress.enabled=true \ + --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \ + --set mock-server.ingress.hosts[0].paths[0].path="/" \ + --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --wait --timeout=10m --create-namespace --atomic ## dev ### deploy_ocf_dev: @@ -227,49 +309,90 @@ deploy_ocf_dev: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ + helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ + --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ - --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ - --set parametersVault.env.vaultPort=$VAULT_PORT \ - --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ingress.ip=10.43.107.132 \ - --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ - --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ - --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ - --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ - --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ - --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \ - --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ - --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \ - --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ - --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \ - --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ - --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \ - --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ - --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \ - --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ - --set register.register.image.tag=$CI_COMMIT_REF_SLUG \ - --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ - --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \ - --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ - --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ - --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ - --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ - --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ - --set helper.image.tag=$CI_COMMIT_REF_SLUG \ - --set helper.env.vaultHostname=$VAULT_HOSTNAME \ - --set helper.env.vaultPort=$VAULT_PORT \ - --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set helper.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-access-control-policy.monitoring="true" \ + --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ + --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-api-invocation-logs.env.monitoring="true" \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ + --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ + --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ + --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-events.env.monitoring="true" \ + --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ + --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-routing-info.env.monitoring="true" \ + --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ + --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-security.env.monitoring="true" \ + --set ocf-security.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-security.env.vaultPort=$VAULT_PORT \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ + --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultPort=$VAULT_PORT \ + --set ocf-register.env.mongoHost=mongo-register \ + --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.ingress.enabled=true \ + --set ocf-register.ingress.hosts[0].host=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-register.ingress.hosts[0].paths[0].path="/" \ + --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ + --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ + --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ + --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-discover-service-api.env.monitoring="true" \ + --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ + --set nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ + --set nginx.env.vaultPort=$VAULT_PORT \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.ingress.enabled=true \ + --set nginx.ingress.hosts[0].host=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set nginx.ingress.hosts[0].paths[0].path="/" \ + --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ + --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ + --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-helper.env.vaultPort=$VAULT_PORT \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ + --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ + --set mock-server.ingress.enabled=true \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set mock-server.ingress.hosts[0].paths[0].path="/" \ + --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: -- GitLab From f0a5ca0685a98a37523bbfd4d301e2a9e2db425a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 13 Jun 2024 18:01:25 +0200 Subject: [PATCH 297/392] mock_server --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 2 +- capif/templates/ci_staging.gitlab-ci.yml | 4 ++-- 3 files changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 96b1c95..9d8403c 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -642,7 +642,7 @@ main_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push mock-server image###" - - cd $TMP_PWD/services/mock-server/ + - cd $TMP_PWD/services/mock_server/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index ef23a92..ee2af58 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -193,7 +193,7 @@ dev_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push mock-server image###" - - cd $TMP_PWD/services/mock-server/ + - cd $TMP_PWD/services/mock_server/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 8294d99..4d8358a 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -318,7 +318,7 @@ staging_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - echo "### build and push mock-server image###" - - cd $TMP_PWD/services/mock-server/ + - cd $TMP_PWD/services/mock_server/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" @@ -409,7 +409,7 @@ staging_build_and_push_mr: - docker push $CI_REGISTRY/ocf/capif/staging/helper:staging - echo "----------------------------------------------------" - echo "### build and push mock-server image###" - - cd $TMP_PWD/services/mock-server/ + - cd $TMP_PWD/services/mock_server/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" -- GitLab From 7d6eb42dc93ce654d3f8652bde82993b4d7892b1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 13 Jun 2024 18:17:52 +0200 Subject: [PATCH 298/392] appVersion --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 99 +++++++++++++++++++-- 1 file changed, 90 insertions(+), 9 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 32b431b..771f4c8 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -56,9 +56,36 @@ deploy_ocf_staging: cat helm/capif/Chart.yaml yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml - ### Chart helper### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/helper/Chart.yaml - cat helm/capif/charts/helper/Chart.yaml + + ### Chart mock-server### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/mock-server/Chart.yaml + ### Chart nginx### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/nginx/Chart.yaml + ### Chart ocf-access-control-policy### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-access-control-policy/Chart.yaml + ### Chart ocf-api-invocation-logs### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-api-invocation-logs/Chart.yaml + ### Chart ocf-api-invoker-management### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-api-invoker-management/Chart.yaml + ### Chart ocf-api-provider-management### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-api-provider-management/Chart.yaml + ### Chart ocf-auditing-api-logs### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-auditing-api-logs/Chart.yaml + ### Chart ocf-discover-service-api### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-discover-service-api/Chart.yaml + ### Chart ocf-events### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-events/Chart.yaml + ### Chart ocf-helper### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/oocf-helper/Chart.yaml + ### Chart ocf-publish-service-api### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml + ### Chart ocf-register### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-register/Chart.yaml + ### Chart ocf-routing-info### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-routing-info/Chart.yaml + ### Chart ocf-security### + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-security/Chart.yaml + echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" @@ -183,9 +210,36 @@ deploy_ocf_oficial_staging: cat helm/capif/Chart.yaml yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml - ### Chart helper### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/helper/Chart.yaml - cat helm/capif/charts/helper/Chart.yaml + + ### Chart mock-server### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/mock-server/Chart.yaml + ### Chart nginx### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/nginx/Chart.yaml + ### Chart ocf-access-control-policy### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-access-control-policy/Chart.yaml + ### Chart ocf-api-invocation-logs### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-api-invocation-logs/Chart.yaml + ### Chart ocf-api-invoker-management### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-api-invoker-management/Chart.yaml + ### Chart ocf-api-provider-management### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-api-provider-management/Chart.yaml + ### Chart ocf-auditing-api-logs### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-auditing-api-logs/Chart.yaml + ### Chart ocf-discover-service-api### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-discover-service-api/Chart.yaml + ### Chart ocf-events### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-events/Chart.yaml + ### Chart ocf-helper### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/oocf-helper/Chart.yaml + ### Chart ocf-publish-service-api### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml + ### Chart ocf-register### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-register/Chart.yaml + ### Chart ocf-routing-info### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-routing-info/Chart.yaml + ### Chart ocf-security### + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-security/Chart.yaml + echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" @@ -303,9 +357,36 @@ deploy_ocf_dev: cat helm/capif/Chart.yaml yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml - ### Chart helper### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/helper/Chart.yaml - cat helm/capif/charts/helper/Chart.yaml + + ### Chart mock-server### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/mock-server/Chart.yaml + ### Chart nginx### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/nginx/Chart.yaml + ### Chart ocf-access-control-policy### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-access-control-policy/Chart.yaml + ### Chart ocf-api-invocation-logs### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-api-invocation-logs/Chart.yaml + ### Chart ocf-api-invoker-management### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-api-invoker-management/Chart.yaml + ### Chart ocf-api-provider-management### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-api-provider-management/Chart.yaml + ### Chart ocf-auditing-api-logs### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-auditing-api-logs/Chart.yaml + ### Chart ocf-discover-service-api### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-discover-service-api/Chart.yaml + ### Chart ocf-events### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-events/Chart.yaml + ### Chart ocf-helper### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/oocf-helper/Chart.yaml + ### Chart ocf-publish-service-api### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml + ### Chart ocf-register### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-register/Chart.yaml + ### Chart ocf-routing-info### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-routing-info/Chart.yaml + ### Chart ocf-security### + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-security/Chart.yaml + echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" -- GitLab From afe814d40ff7ddd59428ff6edd97e1b89554b9ae Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 13 Jun 2024 18:19:55 +0200 Subject: [PATCH 299/392] ocf-helper --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 771f4c8..0bc488a 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -76,7 +76,7 @@ deploy_ocf_staging: ### Chart ocf-events### yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-events/Chart.yaml ### Chart ocf-helper### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/oocf-helper/Chart.yaml + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-helper/Chart.yaml ### Chart ocf-publish-service-api### yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml ### Chart ocf-register### @@ -230,7 +230,7 @@ deploy_ocf_oficial_staging: ### Chart ocf-events### yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-events/Chart.yaml ### Chart ocf-helper### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/oocf-helper/Chart.yaml + yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-helper/Chart.yaml ### Chart ocf-publish-service-api### yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml ### Chart ocf-register### @@ -377,7 +377,7 @@ deploy_ocf_dev: ### Chart ocf-events### yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-events/Chart.yaml ### Chart ocf-helper### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/oocf-helper/Chart.yaml + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-helper/Chart.yaml ### Chart ocf-publish-service-api### yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml ### Chart ocf-register### -- GitLab From e66e6cdcf81057f3b4b4b9458ee763d9475a186f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 13 Jun 2024 18:23:35 +0200 Subject: [PATCH 300/392] monitoring.grafana --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 0bc488a..4d2674f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -91,7 +91,7 @@ deploy_ocf_staging: echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ @@ -245,7 +245,7 @@ deploy_ocf_oficial_staging: echo "### updating capif###" helm upgrade --install -n $NAMESPACE_STAGING ocf-developer helm/capif/ \ --set monitoring.grafana.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ @@ -390,9 +390,9 @@ deploy_ocf_dev: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ + helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" + --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ -- GitLab From de55814d18d42b06e61fbe57a4f0838d8c17d0eb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 10:20:59 +0200 Subject: [PATCH 301/392] helm upgrade --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 4d2674f..16512c7 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -390,7 +390,7 @@ deploy_ocf_dev: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ + helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -- GitLab From f35da603dd2559894a3893f19d4a9b6b6acee85f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 10:37:28 +0200 Subject: [PATCH 302/392] <<: *dev_common --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 16512c7..ca03683 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -478,7 +478,7 @@ deploy_ocf_dev: delete_ocf_dev: stage: delete_ocf_dev - <<: *staging_common + <<: *dev_common script: - echo "### deleting environment $NAMESPACE_DEV###" - helm uninstall -n $NAMESPACE_DEV ocf-developer -- GitLab From 96f98371c5ff8fb982d5022ef071ad19cfa01615 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 10:47:46 +0200 Subject: [PATCH 303/392] ocf-pre-staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ca03683..3abdc0f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -180,7 +180,7 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" - - helm uninstall -n $NAMESPACE_DEV ocf-staging-$CI_COMMIT_REF_SLUG + - helm uninstall -n $NAMESPACE_DEV ocf-pre-staging when: manual environment: name: review/dev_to_staging -- GitLab From 259cc680ec09df4ef9be14f476468ec5f8f87306 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 10:47:56 +0200 Subject: [PATCH 304/392] ocf-pre-staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 3abdc0f..fcf608b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -180,7 +180,7 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" - - helm uninstall -n $NAMESPACE_DEV ocf-pre-staging + - helm uninstall -n $NAMESPACE_DEV ocf-pre-staging when: manual environment: name: review/dev_to_staging -- GitLab From e1a3c1e32a4076e6fdc5da6c0d2dd73ddb585554 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 11:53:09 +0200 Subject: [PATCH 305/392] ocf-register.env.capifHostname= --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index fcf608b..47d1423 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -138,6 +138,7 @@ deploy_ocf_staging: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set ocf-register.ingress.enabled=true \ --set ocf-register.ingress.hosts[0].host=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ @@ -292,6 +293,7 @@ deploy_ocf_oficial_staging: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-register.ingress.enabled=true \ --set ocf-register.ingress.hosts[0].host=register-staging.$DOMAIN_STAGING \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ @@ -439,6 +441,7 @@ deploy_ocf_dev: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set ocf-register.ingress.enabled=true \ --set ocf-register.ingress.hosts[0].host=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ -- GitLab From 59d50bf3a8238fa56cbc6bb2c570f0398faf87b6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 12:08:27 +0200 Subject: [PATCH 306/392] ocf-mon- --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 47d1423..e0bbbc4 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -90,7 +90,7 @@ deploy_ocf_staging: helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ - --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ @@ -245,7 +245,7 @@ deploy_ocf_oficial_staging: helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_STAGING ocf-developer helm/capif/ \ - --set monitoring.grafana.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ + --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ @@ -393,7 +393,7 @@ deploy_ocf_dev: helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ - --set monitoring.grafana.ingress.hosts[0].host=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ -- GitLab From 477408d1990fe295588bdc1523ca3e2d87f88322 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 12:21:17 +0200 Subject: [PATCH 307/392] ocf-pre-staging env ocf-register --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index e0bbbc4..50f32d0 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -138,7 +138,7 @@ deploy_ocf_staging: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-register.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set ocf-register.ingress.enabled=true \ --set ocf-register.ingress.hosts[0].host=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ -- GitLab From 70a2d596b24f678803416fb3a0ef3263a52de69c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 12:33:42 +0200 Subject: [PATCH 308/392] ocf-staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 50f32d0..82dda37 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -244,7 +244,7 @@ deploy_ocf_oficial_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_STAGING ocf-developer helm/capif/ \ + helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -- GitLab From d05bbd22620ec23034464464b8db7f98505873e5 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 12:49:52 +0200 Subject: [PATCH 309/392] appVersion --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 116 ++++++-------------- 1 file changed, 32 insertions(+), 84 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 82dda37..7efa650 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -57,34 +57,16 @@ deploy_ocf_staging: yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml - ### Chart mock-server### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/mock-server/Chart.yaml - ### Chart nginx### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/nginx/Chart.yaml - ### Chart ocf-access-control-policy### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-access-control-policy/Chart.yaml - ### Chart ocf-api-invocation-logs### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-api-invocation-logs/Chart.yaml - ### Chart ocf-api-invoker-management### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-api-invoker-management/Chart.yaml - ### Chart ocf-api-provider-management### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-api-provider-management/Chart.yaml - ### Chart ocf-auditing-api-logs### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-auditing-api-logs/Chart.yaml - ### Chart ocf-discover-service-api### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-discover-service-api/Chart.yaml - ### Chart ocf-events### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-events/Chart.yaml - ### Chart ocf-helper### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-helper/Chart.yaml - ### Chart ocf-publish-service-api### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml - ### Chart ocf-register### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-register/Chart.yaml - ### Chart ocf-routing-info### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-routing-info/Chart.yaml - ### Chart ocf-security### - yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/charts/ocf-security/Chart.yaml + charts=("mock-server" "nginx" "ocf-access-control-policy" + "ocf-api-invocation-logs" "ocf-api-invoker-management" + "ocf-api-provider-management" "ocf-auditing-api-logs" + "ocf-discover-service-api" "ocf-events" "ocf-helper" + "ocf-publish-service-api" "ocf-register" "ocf-routing-info" + "ocf-security") + + for chart in "${charts[@]}"; do + yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" "helm/capif/charts/$chart/Chart.yaml" + done echo "### download dependencies###" helm dependency build helm/capif @@ -212,34 +194,17 @@ deploy_ocf_oficial_staging: yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml - ### Chart mock-server### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/mock-server/Chart.yaml - ### Chart nginx### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/nginx/Chart.yaml - ### Chart ocf-access-control-policy### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-access-control-policy/Chart.yaml - ### Chart ocf-api-invocation-logs### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-api-invocation-logs/Chart.yaml - ### Chart ocf-api-invoker-management### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-api-invoker-management/Chart.yaml - ### Chart ocf-api-provider-management### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-api-provider-management/Chart.yaml - ### Chart ocf-auditing-api-logs### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-auditing-api-logs/Chart.yaml - ### Chart ocf-discover-service-api### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-discover-service-api/Chart.yaml - ### Chart ocf-events### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-events/Chart.yaml - ### Chart ocf-helper### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-helper/Chart.yaml - ### Chart ocf-publish-service-api### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml - ### Chart ocf-register### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-register/Chart.yaml - ### Chart ocf-routing-info### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-routing-info/Chart.yaml - ### Chart ocf-security### - yq e -i ".appVersion = \"staging\"" helm/capif/charts/ocf-security/Chart.yaml + charts=("mock-server" "nginx" "ocf-access-control-policy" + "ocf-api-invocation-logs" "ocf-api-invoker-management" + "ocf-api-provider-management" "ocf-auditing-api-logs" + "ocf-discover-service-api" "ocf-events" "ocf-helper" + "ocf-publish-service-api" "ocf-register" "ocf-routing-info" + "ocf-security") + + for chart in "${charts[@]}"; do + yq e -i ".appVersion = \"staging\"" "helm/capif/charts/$chart/Chart.yaml" + done + echo "### download dependencies###" helm dependency build helm/capif @@ -360,34 +325,17 @@ deploy_ocf_dev: yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml - ### Chart mock-server### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/mock-server/Chart.yaml - ### Chart nginx### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/nginx/Chart.yaml - ### Chart ocf-access-control-policy### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-access-control-policy/Chart.yaml - ### Chart ocf-api-invocation-logs### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-api-invocation-logs/Chart.yaml - ### Chart ocf-api-invoker-management### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-api-invoker-management/Chart.yaml - ### Chart ocf-api-provider-management### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-api-provider-management/Chart.yaml - ### Chart ocf-auditing-api-logs### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-auditing-api-logs/Chart.yaml - ### Chart ocf-discover-service-api### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-discover-service-api/Chart.yaml - ### Chart ocf-events### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-events/Chart.yaml - ### Chart ocf-helper### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-helper/Chart.yaml - ### Chart ocf-publish-service-api### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-publish-service-api/Chart.yaml - ### Chart ocf-register### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-register/Chart.yaml - ### Chart ocf-routing-info### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-routing-info/Chart.yaml - ### Chart ocf-security### - yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/charts/ocf-security/Chart.yaml + charts=("mock-server" "nginx" "ocf-access-control-policy" + "ocf-api-invocation-logs" "ocf-api-invoker-management" + "ocf-api-provider-management" "ocf-auditing-api-logs" + "ocf-discover-service-api" "ocf-events" "ocf-helper" + "ocf-publish-service-api" "ocf-register" "ocf-routing-info" + "ocf-security") + + for chart in "${charts[@]}"; do + yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" "helm/capif/charts/$chart/Chart.yaml" + done + echo "### download dependencies###" helm dependency build helm/capif -- GitLab From 3aa012d6ab9f28d541d53a28418ef269fb00ad75 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 14 Jun 2024 12:50:51 +0200 Subject: [PATCH 310/392] deploy_ocf_oficial_staging tags shell --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 7efa650..d739e5b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -178,6 +178,8 @@ deploy_ocf_oficial_staging: when: always needs: - staging_build_and_push_mr + tags: + - shell environment: name: review/oficial-staging url: https://capif-staging.$DOMAIN_STAGING -- GitLab From 6e50cce933c81e8200c0dac92959158ee043cb83 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 19 Jun 2024 08:59:47 +0200 Subject: [PATCH 311/392] exposing mongo-express --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 24 +++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d739e5b..f1ba277 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -156,6 +156,14 @@ deploy_ocf_staging: --set mock-server.ingress.hosts[0].host=mock-server-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.ingress.enabled=true \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ + --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.ingress.enabled=true \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ + --set mongo-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: @@ -296,6 +304,14 @@ deploy_ocf_oficial_staging: --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.ingress.enabled=true \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ + --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.ingress.enabled=true \ + --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ + --set mongo-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic ## dev ### @@ -427,6 +443,14 @@ deploy_ocf_dev: --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.ingress.enabled=true \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ + --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.ingress.enabled=true \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ + --set mongo-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: -- GitLab From e29dfe99a2e89c035956a2cf7fae6d38cb0c7b8b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 25 Jun 2024 09:08:55 +0200 Subject: [PATCH 312/392] enabled option --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 27 +++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f1ba277..63ff0cd 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -72,11 +72,17 @@ deploy_ocf_staging: helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ + --set grafana.enabled=true \ + --set grafana.ingress.enabled=true \ --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set fluentbit.enabled=true \ + --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set otelcollector.enabled=true \ + --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ @@ -150,16 +156,19 @@ deploy_ocf_staging: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ @@ -220,11 +229,17 @@ deploy_ocf_oficial_staging: helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ + --set grafana.enabled=true \ + --set grafana.ingress.enabled=true \ --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set fluentbit.enabled=true \ + --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set otelcollector.enabled=true \ + --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=staging \ --set ocf-access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ @@ -298,16 +313,19 @@ deploy_ocf_oficial_staging: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \ --set mock-server.image.tag=staging \ --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ @@ -359,11 +377,17 @@ deploy_ocf_dev: helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ + --set grafana.enabled=true \ + --set grafana.ingress.enabled=true \ --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set fluentbit.enabled=true \ + --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set otelcollector.enabled=true \ + --set otelcollector.configMap.tempoEndpoint=ocf-developer-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ @@ -437,16 +461,19 @@ deploy_ocf_dev: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ -- GitLab From ea502967ae01c8d34e14c11260a00fc03daed1ec Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 25 Jun 2024 09:29:50 +0200 Subject: [PATCH 313/392] typing deleted --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 63ff0cd..6918c4f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -79,7 +79,7 @@ deploy_ocf_staging: --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set fluentbit.enabled=true \ - --set loki.enabled=true \ + --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set otelcollector.enabled=true \ --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ -- GitLab From 85c71109911efe32757e25d6cdd762e2a7c7eaf0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 25 Jun 2024 09:34:34 +0200 Subject: [PATCH 314/392] deleting typing --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6918c4f..1b616ad 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -82,7 +82,7 @@ deploy_ocf_staging: --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set otelcollector.enabled=true \ - --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ + --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ -- GitLab From f0909e4f42355bacea4ebaff129903cd8bace743 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 25 Jun 2024 09:39:57 +0200 Subject: [PATCH 315/392] deleting typing --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 1b616ad..ef845eb 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -156,19 +156,19 @@ deploy_ocf_staging: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ - --set mock-server.enabled=true \ + --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set mongo-register-express.enabled=true \ + --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set mongo-express.enabled=true \ + --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ -- GitLab From 43d042081a3e3cd7df0c47bfb6910e1c92c949fc Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 25 Jun 2024 11:30:51 +0200 Subject: [PATCH 316/392] grafana --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 27 ++++++++++++--------- 1 file changed, 15 insertions(+), 12 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ef845eb..ae9ea7d 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -74,10 +74,11 @@ deploy_ocf_staging: helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set grafana.ingress.hosts[0].paths[0].path="/" \ + --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ + --set grafana.env.tempoUrl="http://ocf-pre-staging-tempo:3100" \ --set fluentbit.enabled=true \ --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ @@ -231,10 +232,11 @@ deploy_ocf_oficial_staging: helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ + --set grafana.ingress.hosts[0].paths[0].path="/" \ + --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ + --set grafana.env.tempoUrl="http://ocf-staging-tempo:3100" \ --set fluentbit.enabled=true \ --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ @@ -379,10 +381,11 @@ deploy_ocf_dev: helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set monitoring.grafana.ingress.hosts[0].host=ocf-mon-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ - --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ - --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set grafana.ingress.hosts[0].paths[0].path="/" \ + --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ + --set grafana.env.tempoUrl="http://ocf-developer-tempo:3100" \ --set fluentbit.enabled=true \ --set loki.enabled=true \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ -- GitLab From 59c2c20ff351531147b1758578e8036ce4c795e9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 26 Jun 2024 13:52:12 +0200 Subject: [PATCH 317/392] ocf.develop and ocf.validation --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ae9ea7d..bac1d62 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -8,8 +8,8 @@ stages: variables: NAMESPACE_DEV: "ocf-dev-$CI_ENVIRONMENT_SLUG" NAMESPACE_STAGING: "ocf-staging" - DOMAIN_STAGING: staging.int - DOMAIN_DEV: developer.int + DOMAIN_STAGING: ocf.validation + DOMAIN_DEV: ocf.develop DOMAIN_PROD: prod.int CI_JOB_TOKEN: $CI_JOB_TOKEN IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG -- GitLab From bf5fa876d65977c874f0fb08cb7db1d07fdba4d1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 28 Jun 2024 16:38:14 +0200 Subject: [PATCH 318/392] staging to main trigger --- capif/.gitlab-ci.yml | 221 ++++++++++++++------ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 81 ++++--- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 3 files changed, 217 insertions(+), 87 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9d8403c..b030ec8 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -46,7 +46,7 @@ variables: # - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "OCF16-first-steps-on-ci-at-gitlab-repository" allow_failure: true rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + - if: '$CI_COMMIT_REF_NAME == "main"' when: always - when: never tags: @@ -57,18 +57,18 @@ variables: services: - docker:24.0.5-dind rules: - - if: '$CI_COMMIT_REF_NAME == "OCF16-first-steps-on-ci-at-gitlab-repository"' + - if: '$CI_COMMIT_REF_NAME == "main"' when: always - when: never tags: - docker-in-docker -#.staging_common: &staging_common +#.main_common: &main_common # only: # - merge_requests # except: # variables: -# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" +# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" # tags: # - shell# @@ -97,27 +97,27 @@ variables: # fi # <<: *main_common -merge_request_staging_into_main: - stage: merge_request_staging_into_main - script: - - > - if [ "$CI_COMMIT_REF_NAME" == "staging" ]; then - # Variables - SOURCE_BRANCH="staging" - TARGET_BRANCH="main" - TITLE="Merge staging into main created by GitLab CICD" - - # Create Merge Request - curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ - --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ - "$GITLAB_API/projects/$PROJECT_ID/merge_requests" - else - echo "Nothing to do" - fi - only: - - staging - tags: - - shell +#merge_request_main_into_main: +# stage: merge_request_main_into_main +# script: +# - > +# if [ "$CI_COMMIT_REF_NAME" == "main" ]; then +# # Variables +# SOURCE_BRANCH="main" +# TARGET_BRANCH="main" +# TITLE="Merge main into main created by GitLab CICD" +# +# # Create Merge Request +# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ +# --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ +# "$GITLAB_API/projects/$PROJECT_ID/merge_requests" +# else +# echo "Nothing to do" +# fi +# only: +# - main +# tags: +# - shell #dev_cancel_previous_action: # stage: dev_pre_pipeline @@ -652,47 +652,148 @@ main_build_and_push: deploy_ocf_main: stage: deploy_ocf_main variables: - DOMAIN_PRE_PROD: pre-prod.int - IMAGE_TAG_PRE_PROD: $CI_COMMIT_REF_SLUG + DOMAIN_PRE_PROD: ocf.pre-production + NAMESPACE_PRE_PROD: ocf-main needs: - main_build_and_push <<: *main_common environment: name: review/main - url: https://$NAMESPACE_STAGING.$DOMAIN_STAGING + url: https://$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD on_stop: delete_ocf_main auto_stop_in: 3 day -# rules: -# - if: $CI_COMMIT_BRANCH == "staging" -# when: never -# - if: $CI_COMMIT_BRANCH == "main" script: - - helm version - - kubectl cluster-info - - yq --version - - cat helm/capif/Chart.yaml - - yq e -i ".appVersion = \"$IMAGE_TAG_PRE_PROD\"" helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies###" - - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig || true -# - helm upgrade --install -n $NAMESPACE_PRE_PROD ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_PRE_PROD \ -# --set nginx.nginx.env.registerHostname=register.$DOMAIN_PRE_PROD \ -# --set monitoring.prometheus.ingress.hosts[0].host=prometheus.$DOMAIN_PROD \ -# --set monitoring.prometheus.ingress.hosts[0].paths[0].path=/ \ -# --set monitoring.prometheus.ingress.hosts[0].paths[0].pathType=Prefix \ -# --set monitoring.prometheus.enable="" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set backOffice.frontend.env.grafanaUrl=http://grafana.$DOMAIN_PROD \ -# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ -# --set parametersVault.env.vaultPort=$VAULT_PORT \ -# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --wait --timeout=10m --atomic \ -# --create-namespace + - | + helm version + kubectl version --output=yaml + echo "### setting kubeconfig###" + whoami + kubectl cluster-info + yq --version + ls -rtt helm/capif + cat helm/capif/Chart.yaml + yq e -i ".appVersion = \"main\"" helm/capif/Chart.yaml + cat helm/capif/Chart.yaml + + charts=("mock-server" "nginx" "ocf-access-control-policy" + "ocf-api-invocation-logs" "ocf-api-invoker-management" + "ocf-api-provider-management" "ocf-auditing-api-logs" + "ocf-discover-service-api" "ocf-events" "ocf-helper" + "ocf-publish-service-api" "ocf-register" "ocf-routing-info" + "ocf-security") + + for chart in "${charts[@]}"; do + yq e -i ".appVersion = \"main\"" "helm/capif/charts/$chart/Chart.yaml" + done + + + echo "### download dependencies###" + helm dependency build helm/capif + echo "### updating capif###" + helm upgrade --install -n $NAMESPACE_PRE_PROD ocf-main helm/capif/ \ + --set grafana.enabled=true \ + --set grafana.ingress.enabled=true \ + --set grafana.ingress.hosts[0].host=ocf-mon-main.$DOMAIN_PRE_PROD \ + --set grafana.ingress.hosts[0].paths[0].path="/" \ + --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ + --set grafana.env.tempoUrl="http://ocf-main-tempo:3100" \ + --set fluentbit.enabled=true \ + --set loki.enabled=true \ + --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ + --set otelcollector.enabled=true \ + --set otelcollector.configMap.tempoEndpoint=ocf-main-tempo:4317 \ + --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-access-control-policy-api \ + --set ocf-access-control-policy.image.tag=main \ + --set ocf-access-control-policy.image.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-access-control-policy.monitoring="true" \ + --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-logging-api-invocation-api \ + --set ocf-api-invocation-logs.image.tag=main \ + --set ocf-api-invocation-logs.env.monitoring="true" \ + --set ocf-api-invocation-logs.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-invoker-management-api \ + --set ocf-api-invoker-management.image.tag=main \ + --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-provider-management-api \ + --set ocf-api-provider-management.image.tag=main \ + --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-events-api \ + --set ocf-events.image.tag=main \ + --set ocf-events.env.monitoring="true" \ + --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-routing-info-api \ + --set ocf-routing-info.image.tag=main \ + --set ocf-routing-info.env.monitoring="true" \ + --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-security-api \ + --set ocf-security.image.tag=main \ + --set ocf-security.env.monitoring="true" \ + --set ocf-security.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-security.env.vaultPort=$VAULT_PORT \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/main/register \ + --set ocf-register.image.tag=main \ + --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultPort=$VAULT_PORT \ + --set ocf-register.env.mongoHost=mongo-register \ + --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-register.ingress.enabled=true \ + --set ocf-register.ingress.hosts[0].host=register-main.$DOMAIN_PRE_PROD \ + --set ocf-register.ingress.hosts[0].paths[0].path="/" \ + --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-auditing-api \ + --set ocf-auditing-api-logs.image.tag=main \ + --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-publish-service-api \ + --set ocf-publish-service-api.image.tag=main \ + --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-discover-service-api \ + --set ocf-discover-service-api.image.tag=main \ + --set ocf-discover-service-api.env.monitoring="true" \ + --set nginx.image.repository=$CI_REGISTRY/ocf/capif/main/nginx \ + --set nginx.image.tag=main \ + --set nginx.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ + --set nginx.env.vaultPort=$VAULT_PORT \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.ingress.enabled=true \ + --set nginx.ingress.hosts[0].host=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set nginx.ingress.hosts[0].paths[0].path="/" \ + --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/main/helper \ + --set ocf-helper.image.tag=main \ + --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-helper.env.vaultPort=$VAULT_PORT \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set mock-server.enabled=true \ + --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/main/mock-server \ + --set mock-server.image.tag=main \ + --set mock-server.ingress.enabled=true \ + --set mock-server.ingress.hosts[0].host=mock-server-main.$DOMAIN_PRE_PROD \ + --set mock-server.ingress.hosts[0].paths[0].path="/" \ + --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.enabled=true \ + --set mongo-register-express.ingress.enabled=true \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-main.$DOMAIN_PRE_PROD" \ + --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.enabled=true \ + --set mongo-express.ingress.enabled=true \ + --set mongo-express.ingress.hosts[0].host="mongo-express-main.$DOMAIN_PRE_PROD" \ + --set mongo-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --wait --timeout=10m --create-namespace --atomic main_rf_testing: needs: ["deploy_ocf_main"] @@ -706,8 +807,8 @@ delete_ocf_main: stage: delete_ocf_main <<: *main_common script: - - echo "### deleting environment $NAMESPACE_STAGING###" -# - helm uninstall -n $NAMESPACE_STAGING ocf --kubeconfig ~/cluster.kubeconfig + - echo "### deleting environment $NAMESPACE_main###" +# - helm uninstall -n $NAMESPACE_main ocf --kubeconfig ~/cluster.kubeconfig when: manual environment: name: review/main diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index bac1d62..6ea3684 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -34,14 +34,27 @@ variables: ## staging before mr ### + +prep_ocf_cd_staging: + stage: deploy_ocf_staging + <<: *staging_common + script: + - | + echo "### filtering name ###" + echo $(echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt + artifacts: + paths: + - cd_env_endpoint.txt + deploy_ocf_staging: stage: deploy_ocf_staging needs: - staging_build_and_push + - prep_ocf_cd_staging <<: *staging_common environment: name: review/dev_to_staging - url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING + url: https://capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING on_stop: delete_ocf_staging auto_stop_in: 3 day script: @@ -67,6 +80,8 @@ deploy_ocf_staging: for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" "helm/capif/charts/$chart/Chart.yaml" done + + export CI_ENV_ENDPOINT=$(cat cd_env_endpoint.txt) echo "### download dependencies###" helm dependency build helm/capif @@ -74,7 +89,7 @@ deploy_ocf_staging: helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set grafana.ingress.hosts[0].host=ocf-mon-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set grafana.ingress.hosts[0].paths[0].path="/" \ --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ @@ -86,12 +101,12 @@ deploy_ocf_staging: --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ - --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -116,7 +131,7 @@ deploy_ocf_staging: --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ - --set ocf-security.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -127,9 +142,9 @@ deploy_ocf_staging: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-register.ingress.enabled=true \ - --set ocf-register.ingress.hosts[0].host=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ @@ -143,12 +158,12 @@ deploy_ocf_staging: --set ocf-discover-service-api.env.monitoring="true" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ - --set nginx.ingress.hosts[0].host=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ @@ -156,22 +171,22 @@ deploy_ocf_staging: --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-helper.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ - --set mock-server.ingress.hosts[0].host=mock-server-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ - --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_STAGING" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ - --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic @@ -335,14 +350,27 @@ deploy_ocf_oficial_staging: --wait --timeout=10m --create-namespace --atomic ## dev ### + +prep_ocf_cd_dev: + stage: deploy_ocf_dev + <<: *dev_common + script: + - | + echo "### filtering name ###" + echo $(echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt + artifacts: + paths: + - cd_env_endpoint.txt + deploy_ocf_dev: stage: deploy_ocf_dev needs: - dev_build_and_push + - prep_ocf_cd_dev <<: *dev_common environment: name: review/$CI_COMMIT_REF_SLUG - url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV + url: https://capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV on_stop: delete_ocf_dev auto_stop_in: 3 day # rules: @@ -374,6 +402,7 @@ deploy_ocf_dev: yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" "helm/capif/charts/$chart/Chart.yaml" done + export CI_ENV_ENDPOINT=$(cat cd_env_endpoint.txt) echo "### download dependencies###" helm dependency build helm/capif @@ -381,7 +410,7 @@ deploy_ocf_dev: helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set grafana.ingress.hosts[0].paths[0].path="/" \ --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ @@ -393,12 +422,12 @@ deploy_ocf_dev: --set otelcollector.configMap.tempoEndpoint=ocf-developer-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ - --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -423,7 +452,7 @@ deploy_ocf_dev: --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ - --set ocf-security.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -434,9 +463,9 @@ deploy_ocf_dev: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-register.ingress.enabled=true \ - --set ocf-register.ingress.hosts[0].host=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ @@ -450,12 +479,12 @@ deploy_ocf_dev: --set ocf-discover-service-api.env.monitoring="true" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ - --set nginx.ingress.hosts[0].host=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ @@ -463,22 +492,22 @@ deploy_ocf_dev: --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-helper.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ - --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ - --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ - --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 4d8358a..a5e68b4 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -330,7 +330,7 @@ staging_build_and_push_mr: stage: staging_build_and_push_mr # <<: *staging_common rules: - - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == "staging"' + - if: '$CI_COMMIT_REF_NAME == "staging"' when: always script: - export TMP_PWD=$PWD -- GitLab From b6dd0ccd7f60ba21486456475e13d88065674a89 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 28 Jun 2024 16:59:28 +0200 Subject: [PATCH 319/392] test --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6ea3684..5341d1b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -357,6 +357,8 @@ prep_ocf_cd_dev: script: - | echo "### filtering name ###" + echo $CI_ENVIRONMENT_SLUG + echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev echo $(echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt artifacts: paths: -- GitLab From 84dc40e74a7c2374421f69ac6bce8cb08a4040b9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 28 Jun 2024 17:13:33 +0200 Subject: [PATCH 320/392] CD_ENV_NAME --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 5341d1b..be23560 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -357,9 +357,11 @@ prep_ocf_cd_dev: script: - | echo "### filtering name ###" - echo $CI_ENVIRONMENT_SLUG - echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev - echo $(echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt + echo $CI_COMMIT_REF_SLUG + CD_ENV_NAME=${CI_COMMIT_REF_SLUG//-/} + echo $CD_ENV_NAME + echo $CD_ENV_NAME | rev | cut -c 1-6 | rev + echo $(echo $CD_ENV_NAME | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt artifacts: paths: - cd_env_endpoint.txt -- GitLab From 8bd734356b4df8113c6cec906e83ee0ff512e40d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 28 Jun 2024 17:21:05 +0200 Subject: [PATCH 321/392] prep_ocf_cd_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index be23560..6eaf5ab 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -41,7 +41,11 @@ prep_ocf_cd_staging: script: - | echo "### filtering name ###" - echo $(echo $CI_ENVIRONMENT_SLUG | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt + echo $CI_COMMIT_REF_SLUG + CD_ENV_NAME=${CI_COMMIT_REF_SLUG//-/} + echo $CD_ENV_NAME + echo $CD_ENV_NAME | rev | cut -c 1-6 | rev + echo $(echo $CD_ENV_NAME | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt artifacts: paths: - cd_env_endpoint.txt -- GitLab From e9719e37105dd6ab9d13584eb2fd4753608e9640 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 28 Jun 2024 18:07:11 +0200 Subject: [PATCH 322/392] logLevel ocf core --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 26 +++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6eaf5ab..6d908df 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -107,6 +107,7 @@ deploy_ocf_staging: --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-access-control-policy.monitoring="true" \ + --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ @@ -114,24 +115,29 @@ deploy_ocf_staging: --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invocation-logs.env.logLevel="INFO" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.env.logLevel="INFO" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.env.logLevel="INFO" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.logLevel="INFO" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-routing-info.env.monitoring="true" \ + --set ocf-routing-info.env.logLevel="INFO" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ @@ -139,6 +145,7 @@ deploy_ocf_staging: --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-security.env.logLevel="INFO" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ @@ -151,15 +158,19 @@ deploy_ocf_staging: --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-register.env.logLevel="INFO" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-auditing-api-logs.env.logLevel="INFO" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.logLevel="INFO" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-discover-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.env.logLevel="INFO" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ @@ -176,6 +187,7 @@ deploy_ocf_staging: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ @@ -183,6 +195,7 @@ deploy_ocf_staging: --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mock-server.env.logLevel="INFO" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_STAGING" \ @@ -432,6 +445,7 @@ deploy_ocf_dev: --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ + --set ocf-access-control-policy.env.logLevel="DEBUG" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ @@ -439,24 +453,29 @@ deploy_ocf_dev: --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invocation-logs.env.logLevel="DEBUG" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-provider-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.logLevel="DEBUG" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-routing-info.env.monitoring="true" \ + --set ocf-routing-info.env.logLevel="DEBUG" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ @@ -464,6 +483,7 @@ deploy_ocf_dev: --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-security.env.logLevel="DEBUG" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ @@ -476,15 +496,19 @@ deploy_ocf_dev: --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-register.env.logLevel="DEBUG" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-auditing-api-logs.env.logLevel="DEBUG" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.logLevel="DEBUG" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-discover-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.env.logLevel="DEBUG" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ @@ -501,6 +525,7 @@ deploy_ocf_dev: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-helper.env.logLevel="DEBUG" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ @@ -508,6 +533,7 @@ deploy_ocf_dev: --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mock-server.env.logLevel="DEBUG" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ -- GitLab From 46d97bf8eac4be6109ecf7fa089fec525f01f709 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 28 Jun 2024 18:08:33 +0200 Subject: [PATCH 323/392] mock-server in main false --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index b030ec8..5cf7dcb 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -776,10 +776,10 @@ deploy_ocf_main: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ - --set mock-server.enabled=true \ + --set mock-server.enabled=false \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/main/mock-server \ --set mock-server.image.tag=main \ - --set mock-server.ingress.enabled=true \ + --set mock-server.ingress.enabled=false \ --set mock-server.ingress.hosts[0].host=mock-server-main.$DOMAIN_PRE_PROD \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ -- GitLab From da9a470a089af34e8cffd8c39a7154d6e3cf7d0f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 08:50:36 +0200 Subject: [PATCH 324/392] ngin.env.logLevel --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6d908df..22fbf89 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -181,6 +181,7 @@ deploy_ocf_staging: --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set nginx.env.logLeve="info" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ @@ -519,6 +520,7 @@ deploy_ocf_dev: --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ngin.env.logLevel="debug" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ -- GitLab From 8c365f8ec82c7251a2d9c982389b74ca339f1152 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 09:08:02 +0200 Subject: [PATCH 325/392] tags: - shell --- capif/templates/ci_staging.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index a5e68b4..68086b7 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -332,6 +332,8 @@ staging_build_and_push_mr: rules: - if: '$CI_COMMIT_REF_NAME == "staging"' when: always + tags: + - shell script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 6033e164c541ab78bb1fa789a095504350ff009f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 09:26:24 +0200 Subject: [PATCH 326/392] nginx.env.loglevel --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 22fbf89..adf1dac 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -181,7 +181,7 @@ deploy_ocf_staging: --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set nginx.env.logLeve="info" \ + --set nginx.env.logLevel="info" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ @@ -520,7 +520,7 @@ deploy_ocf_dev: --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set ngin.env.logLevel="debug" \ + --set nginx.env.logLevel="debug" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ -- GitLab From 7607c26e19b6569c578bf6ac13c671af19b81c84 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 13:09:14 +0200 Subject: [PATCH 327/392] cicd-deploy-release.gitlab-ci.yml --- capif/.gitlab-ci.yml | 3 +- .../templates/cd-deploy-release.gitlab-ci.yml | 56 ---- .../cicd-deploy-release.gitlab-ci.yml | 251 ++++++++++++++++++ 3 files changed, 253 insertions(+), 57 deletions(-) delete mode 100644 capif/templates/cd-deploy-release.gitlab-ci.yml create mode 100644 capif/templates/cicd-deploy-release.gitlab-ci.yml diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 5cf7dcb..db6dcf5 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -24,6 +24,7 @@ stages: - dev_build_and_push - deploy_ocf_dev - delete_ocf_dev + - prod_build_and_push - deploy_ocf_prod @@ -155,7 +156,7 @@ include: - 'capif/templates/ci_dev.gitlab-ci.yml' - 'capif/templates/ci_unit_test.gitlab-ci.yml' - 'capif/templates/cd-deploy-ocf.gitlab-ci.yml' - - 'capif/templates/cd-deploy-release.gitlab-ci.yml' + - 'capif/templates/cicd-deploy-release.gitlab-ci.yml' # - 'capif/templates/ci_main.gitlab-ci.yml' #sast: diff --git a/capif/templates/cd-deploy-release.gitlab-ci.yml b/capif/templates/cd-deploy-release.gitlab-ci.yml deleted file mode 100644 index 14376ac..0000000 --- a/capif/templates/cd-deploy-release.gitlab-ci.yml +++ /dev/null @@ -1,56 +0,0 @@ -stages: - - deploy_ocf_prod - -variables: - CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "false" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY - NAMESPACE_PROD: "ocf-prod" - DOMAIN_PROD: prod.int - IMAGE_TAG_PROD: $CI_COMMIT_REF_SLUG - -# it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed -# to the repository. -.release_common: &relase_common - rules: -# - if: '$CI_COMMIT_TAG =~ /^.*-release$/' - - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' - tags: - - shell - -deploy_ocf_prod: - stage: deploy_ocf_prod - <<: *relase_common - environment: - name: review/production - url: https://$NAMESPACE_PROD.$DOMAIN_PROD - script: - - echo "------ A release has been created! -------" - - echo "### install helm###" - - helm version - - kubectl cluster-info - - yq --version - - cat helm/capif/Chart.yaml - - yq e -i ".appVersion = \"$IMAGE_TAG_PROD\"" helm/capif/Chart.yaml - - cat helm/capif/Chart.yaml - - echo "### download dependencies###" - - helm dependency build helm/capif -# - echo "### updating capif###" -# - helm upgrade --install -n $NAMESPACE_PRE_PROD ocf helm/capif/ \ -# --set nginx.nginx.env.capifHostname=capif.$DOMAIN_PROD \ -# --set nginx.nginx.env.registerHostname=register.$DOMAIN_PROD \ -# --set monitoring.prometheus.ingress.hosts[0].host=prometheus.$DOMAIN_PROD \ -# --set monitoring.prometheus.ingress.hosts[0].paths[0].path=/ \ -# --set monitoring.prometheus.ingress.hosts[0].paths[0].pathType=Prefix \ -# --set monitoring.prometheus.enable="true" \ -# --set monitoring.grafana.ingress.hosts[0].host="grafana.$DOMAIN_PROD" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ -# --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set backOffice.frontend.env.grafanaUrl=http://grafana.$DOMAIN_PROD \ -# --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ -# --set parametersVault.env.vaultPort=$VAULT_PORT \ -# --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --wait --timeout=10m --atomic \ -# --create-namespace \ No newline at end of file diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml new file mode 100644 index 0000000..bc60b21 --- /dev/null +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -0,0 +1,251 @@ +stages: + - prod_build_and_push + - deploy_ocf_prod + +variables: + CI_JOB_TOKEN: $CI_JOB_TOKEN + CI_DEBUG_TRACE: "false" + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + NAMESPACE_PROD: "ocf-prod" + DOMAIN_PROD: prod.int + PATH_PROD: prod + +# it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed +# to the repository. +.release_common: &relase_common + rules: +# - if: '$CI_COMMIT_TAG =~ /^.*-release$/' + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + tags: + - shell + +prod_build_and_push: + stage: prod_build_and_push + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "### docker login###" + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/vault:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/vault:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push helper image###" + - cd $TMP_PWD/services/helper/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/helper:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/helper:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock_server/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$$CI_COMMIT_TAG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY + <<: *release_common + + +#deploy_ocf_prod: +# stage: deploy_ocf_prod +# needs: +# - prod_build_and_push +# <<: *relase_common +# environment: +# name: review/production +# url: https://$NAMESPACE_PROD.$DOMAIN_PROD +# script: +# - | +# echo "------ A release has been created! -------" +# helm version +# kubectl version --output=yaml +# echo "### setting kubeconfig###" +# whoami +# kubectl cluster-info +# yq --version +# ls -rtt helm/capif +# cat helm/capif/Chart.yaml +# yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml +# cat helm/capif/Chart.yaml +# +# charts=("mock-server" "nginx" "ocf-access-control-policy" +# "ocf-api-invocation-logs" "ocf-api-invoker-management" +# "ocf-api-provider-management" "ocf-auditing-api-logs" +# "ocf-discover-service-api" "ocf-events" "ocf-helper" +# "ocf-publish-service-api" "ocf-register" "ocf-routing-info" +# "ocf-security") +# +# for chart in "${charts[@]}"; do +# yq e -i ".appVersion = \"staging\"" "helm/capif/charts/$chart/Chart.yaml" +# done +# +# +# echo "### download dependencies###" +# helm dependency build helm/capif +# echo "### updating capif###" +# helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ +# --set grafana.enabled=true \ +# --set grafana.ingress.enabled=true \ +# --set grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ +# --set grafana.ingress.hosts[0].paths[0].path="/" \ +# --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ +# --set grafana.env.tempoUrl="http://ocf-staging-tempo:3100" \ +# --set fluentbit.enabled=true \ +# --set loki.enabled=true \ +# --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ +# --set otelcollector.enabled=true \ +# --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \ +# --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ +# --set ocf-access-control-policy.image.tag=staging \ +# --set ocf-access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set ocf-access-control-policy.monitoring="true" \ +# --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ +# --set ocf-api-invocation-logs.image.tag=staging \ +# --set ocf-api-invocation-logs.env.monitoring="true" \ +# --set ocf-api-invocation-logs.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ +# --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ +# --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ +# --set ocf-api-invoker-management.image.tag=staging \ +# --set ocf-api-invoker-management.env.monitoring="true" \ +# --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ +# --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ +# --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ +# --set ocf-api-provider-management.image.tag=staging \ +# --set ocf-api-provider-management.env.monitoring="true" \ +# --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ +# --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ +# --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ +# --set ocf-events.image.tag=staging \ +# --set ocf-events.env.monitoring="true" \ +# --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ +# --set ocf-routing-info.image.tag=staging \ +# --set ocf-routing-info.env.monitoring="true" \ +# --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ +# --set ocf-security.image.tag=staging \ +# --set ocf-security.env.monitoring="true" \ +# --set ocf-security.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ +# --set ocf-security.env.vaultPort=$VAULT_PORT \ +# --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ +# --set ocf-register.image.tag=staging \ +# --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ +# --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set ocf-register.env.vaultPort=$VAULT_PORT \ +# --set ocf-register.env.mongoHost=mongo-register \ +# --set ocf-register.env.mongoPort=27017 \ +# --set ocf-register.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set ocf-register.ingress.enabled=true \ +# --set ocf-register.ingress.hosts[0].host=register-staging.$DOMAIN_STAGING \ +# --set ocf-register.ingress.hosts[0].paths[0].path="/" \ +# --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ +# --set ocf-auditing-api-logs.image.tag=staging \ +# --set ocf-auditing-api-logs.env.monitoring="true" \ +# --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ +# --set ocf-publish-service-api.image.tag=staging \ +# --set ocf-publish-service-api.env.monitoring="true" \ +# --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ +# --set ocf-discover-service-api.image.tag=staging \ +# --set ocf-discover-service-api.env.monitoring="true" \ +# --set nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ +# --set nginx.image.tag=staging \ +# --set nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ +# --set nginx.env.vaultPort=$VAULT_PORT \ +# --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set nginx.ingress.enabled=true \ +# --set nginx.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ +# --set nginx.ingress.hosts[0].paths[0].path="/" \ +# --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \ +# --set ocf-helper.image.tag=staging \ +# --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ +# --set ocf-helper.env.vaultPort=$VAULT_PORT \ +# --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ +# --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set mock-server.enabled=true \ +# --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \ +# --set mock-server.image.tag=staging \ +# --set mock-server.ingress.enabled=true \ +# --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \ +# --set mock-server.ingress.hosts[0].paths[0].path="/" \ +# --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --set mongo-register-express.enabled=true \ +# --set mongo-register-express.ingress.enabled=true \ +# --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ +# --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ +# --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --set mongo-express.enabled=true \ +# --set mongo-express.ingress.enabled=true \ +# --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ +# --set mongo-express.ingress.hosts[0].paths[0].path="/" \ +# --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ +# --wait --timeout=10m --create-namespace --atomic \ No newline at end of file -- GitLab From 2784eb5c7b4e85e5a2d16729516dd034500840f9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 13:15:15 +0200 Subject: [PATCH 328/392] $CI_COMMIT_TAG --- .../cicd-deploy-release.gitlab-ci.yml | 75 ++++++++++--------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index bc60b21..e66d495 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -14,15 +14,19 @@ variables: # it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed # to the repository. -.release_common: &relase_common +#.release_common: &relase_common +# rules: +## - if: '$CI_COMMIT_TAG =~ /^.*-release$/' +# - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' +# tags: +# - shell + +prod_build_and_push: + stage: prod_build_and_push rules: -# - if: '$CI_COMMIT_TAG =~ /^.*-release$/' - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' tags: - shell - -prod_build_and_push: - stage: prod_build_and_push script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -31,81 +35,80 @@ prod_build_and_push: - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/nginx:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push register image###" - cd $TMP_PWD/services/register/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/register:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Auditing_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Events_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push TS29222_CAPIF_Security_API image###" - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push vault image###" - cd $TMP_PWD/services/vault/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/vault:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/vault:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/vault:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/vault:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push helper image###" - cd $TMP_PWD/services/helper/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/helper:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/helper:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/helper:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/helper:$CI_COMMIT_TAG - echo "----------------------------------------------------" - echo "### build and push mock-server image###" - cd $TMP_PWD/services/mock_server/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY - <<: *release_common #deploy_ocf_prod: -- GitLab From b7c13ece4fe60ca842dee62c002b2aa17ed81a5b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 13:31:42 +0200 Subject: [PATCH 329/392] rules --- capif/templates/ci_dev.gitlab-ci.yml | 20 +++++++++++++++++++ .../cicd-deploy-release.gitlab-ci.yml | 2 ++ 2 files changed, 22 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index ee2af58..6916725 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -51,6 +51,11 @@ dev_secrets_in_repo: # needs: # - dev_cancel_previous_action stage: dev_secrets_in_repo + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never + - if: '$CI_COMMIT_REF_NAME == "main"' + when: never script: - | pip install trufflehog @@ -62,6 +67,11 @@ dev_secrets_in_repo: # define the process to do linting code: Sonarque, ruff? dev_linting_code: stage: dev_linting + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never + - if: '$CI_COMMIT_REF_NAME == "main"' + when: never script: - | echo "###ruff checks###" @@ -72,6 +82,11 @@ dev_linting_code: dev_linting_docker: stage: dev_linting + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never + - if: '$CI_COMMIT_REF_NAME == "main"' + when: never script: - | # Download hadolint binary @@ -112,6 +127,11 @@ dev_linting_docker: <<: *dev_common dev_build_and_push: + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never + - if: '$CI_COMMIT_REF_NAME == "main"' + when: never needs: - dev_linting_code - dev_linting_docker diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index e66d495..5b98508 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -25,6 +25,8 @@ prod_build_and_push: stage: prod_build_and_push rules: - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: always + - when: never tags: - shell script: -- GitLab From fdb714d5c041b4c7dec29dfa5cc78686a1f111f5 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 13:33:04 +0200 Subject: [PATCH 330/392] dev_common --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index adf1dac..a9b6858 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -29,6 +29,11 @@ variables: - shell .dev_common: &dev_common + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never + - if: '$CI_COMMIT_REF_NAME == "main"' + when: never tags: - shell -- GitLab From 1ac7931fa16559d5f227caa6362b0b31cc53200e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 1 Jul 2024 13:53:28 +0200 Subject: [PATCH 331/392] capif-main --- capif/.gitlab-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index db6dcf5..843cf2e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -706,12 +706,12 @@ deploy_ocf_main: --set otelcollector.configMap.tempoEndpoint=ocf-main-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=main \ - --set ocf-access-control-policy.image.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-access-control-policy.image.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=main \ --set ocf-api-invocation-logs.env.monitoring="true" \ - --set ocf-api-invocation-logs.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-api-invocation-logs.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -736,7 +736,7 @@ deploy_ocf_main: --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-security-api \ --set ocf-security.image.tag=main \ --set ocf-security.env.monitoring="true" \ - --set ocf-security.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-security.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -747,7 +747,7 @@ deploy_ocf_main: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-register.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-register.ingress.enabled=true \ --set ocf-register.ingress.hosts[0].host=register-main.$DOMAIN_PRE_PROD \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ @@ -763,12 +763,12 @@ deploy_ocf_main: --set ocf-discover-service-api.env.monitoring="true" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/main/nginx \ --set nginx.image.tag=main \ - --set nginx.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set nginx.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ - --set nginx.ingress.hosts[0].host=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set nginx.ingress.hosts[0].host=capif-main.$DOMAIN_PRE_PROD \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/main/helper \ @@ -776,7 +776,7 @@ deploy_ocf_main: --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-helper.env.capifHostname=$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD \ + --set ocf-helper.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set mock-server.enabled=false \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/main/mock-server \ --set mock-server.image.tag=main \ -- GitLab From e90f279f3e471984a761460ad3138e7f5d5ca7c1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Jul 2024 12:37:03 +0200 Subject: [PATCH 332/392] - when: always --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 +++ capif/templates/ci_dev.gitlab-ci.yml | 12 ++++++++++++ 2 files changed, 15 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index a9b6858..4cab7c3 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -34,6 +34,9 @@ variables: when: never - if: '$CI_COMMIT_REF_NAME == "main"' when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always tags: - shell diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 6916725..95771ec 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -56,6 +56,9 @@ dev_secrets_in_repo: when: never - if: '$CI_COMMIT_REF_NAME == "main"' when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always script: - | pip install trufflehog @@ -72,6 +75,9 @@ dev_linting_code: when: never - if: '$CI_COMMIT_REF_NAME == "main"' when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always script: - | echo "###ruff checks###" @@ -87,6 +93,9 @@ dev_linting_docker: when: never - if: '$CI_COMMIT_REF_NAME == "main"' when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always script: - | # Download hadolint binary @@ -132,6 +141,9 @@ dev_build_and_push: when: never - if: '$CI_COMMIT_REF_NAME == "main"' when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always needs: - dev_linting_code - dev_linting_docker -- GitLab From 2800c629f092d2e54b98f3ce5811135243fb699a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 5 Jul 2024 14:48:06 +0200 Subject: [PATCH 333/392] delete_ocf_dev --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 4cab7c3..95b487c 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -558,7 +558,8 @@ deploy_ocf_dev: delete_ocf_dev: stage: delete_ocf_dev - <<: *dev_common + tags: + - shell script: - echo "### deleting environment $NAMESPACE_DEV###" - helm uninstall -n $NAMESPACE_DEV ocf-developer -- GitLab From 9c63618eb4cd795ade940e7824a491a485066796 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 10 Sep 2024 14:52:34 +0200 Subject: [PATCH 334/392] kubectl delete ns --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 95b487c..0bce6e7 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -223,6 +223,7 @@ delete_ocf_staging: script: - echo "### deleting environment $NAMESPACE_STAGING###" - helm uninstall -n $NAMESPACE_DEV ocf-pre-staging + - kubectl delete ns $NAMESPACE_DEV --force when: manual environment: name: review/dev_to_staging @@ -563,6 +564,7 @@ delete_ocf_dev: script: - echo "### deleting environment $NAMESPACE_DEV###" - helm uninstall -n $NAMESPACE_DEV ocf-developer + - kubectl delete ns $NAMESPACE_DEV --force when: manual environment: name: review/$CI_COMMIT_REF_SLUG -- GitLab From 5515af4a4b29fe4f8b83d315b3ed9c4164dcbda0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 12:40:45 +0200 Subject: [PATCH 335/392] test connection cluster prod --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 0bce6e7..6e1f7ef 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -389,6 +389,10 @@ prep_ocf_cd_dev: echo $CD_ENV_NAME echo $CD_ENV_NAME | rev | cut -c 1-6 | rev echo $(echo $CD_ENV_NAME | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt + + echo "--- cluster production ---" + echo "$KUBECONFIG_PROD" > cluster_ocf_prod.kubeconfig + kubectl --kubeconfig $(pwd)/cluster_ocf_prod.kubeconfig cluster-info artifacts: paths: - cd_env_endpoint.txt -- GitLab From dc74c7f232267ee20c4737e5d3beb247634447aa Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 13:21:26 +0200 Subject: [PATCH 336/392] gemnasium-dependency_scanning --- capif/.gitlab-ci.yml | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 843cf2e..c5ab720 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -227,6 +227,13 @@ gemnasium-python-dependency_scanning: rules: - when: never +gemnasium-dependency_scanning: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + secret_detection: stage: test before_script: -- GitLab From be4e62d360da8f6abfe4ced385739e1e6b6dd142 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 13:49:27 +0200 Subject: [PATCH 337/392] cluster production test --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6e1f7ef..fd1a04b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -390,9 +390,13 @@ prep_ocf_cd_dev: echo $CD_ENV_NAME | rev | cut -c 1-6 | rev echo $(echo $CD_ENV_NAME | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt - echo "--- cluster production ---" - echo "$KUBECONFIG_PROD" > cluster_ocf_prod.kubeconfig - kubectl --kubeconfig $(pwd)/cluster_ocf_prod.kubeconfig cluster-info + echo "--- cluster production ---" + export KUBECONFIG=$KUBECONFIG_PROD + kubectl cluster-info + + echo "--- cluster dev ---" + export KUBECONFIG=$KUBECONFIG + kubectl cluster-info artifacts: paths: - cd_env_endpoint.txt -- GitLab From 99c64dd759449dc65263c9fd902d069ae3c61417 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 14:24:52 +0200 Subject: [PATCH 338/392] trying deploy something in cluster-prod from cicd --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index fd1a04b..290c87a 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -394,9 +394,9 @@ prep_ocf_cd_dev: export KUBECONFIG=$KUBECONFIG_PROD kubectl cluster-info - echo "--- cluster dev ---" - export KUBECONFIG=$KUBECONFIG - kubectl cluster-info + #echo "--- cluster dev ---" + #export KUBECONFIG=$KUBECONFIG + #kubectl cluster-info artifacts: paths: - cd_env_endpoint.txt @@ -470,14 +470,14 @@ deploy_ocf_dev: --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-invocation-logs.env.logLevel="DEBUG" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-invoker-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ @@ -485,7 +485,7 @@ deploy_ocf_dev: --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ @@ -500,12 +500,12 @@ deploy_ocf_dev: --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ - --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-security.env.logLevel="DEBUG" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ - --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ @@ -532,7 +532,7 @@ deploy_ocf_dev: --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ - --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set nginx.ingress.enabled=true \ --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ @@ -542,7 +542,7 @@ deploy_ocf_dev: --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ - --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-helper.env.logLevel="DEBUG" \ --set mock-server.enabled=true \ -- GitLab From fa8d5b8beb4b671dfd33dac4dd1df47f5dc86061 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 14:28:32 +0200 Subject: [PATCH 339/392] again --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 290c87a..6eea9d3 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -389,20 +389,16 @@ prep_ocf_cd_dev: echo $CD_ENV_NAME echo $CD_ENV_NAME | rev | cut -c 1-6 | rev echo $(echo $CD_ENV_NAME | rev | cut -c 1-6 | rev) > cd_env_endpoint.txt - - echo "--- cluster production ---" - export KUBECONFIG=$KUBECONFIG_PROD - kubectl cluster-info - - #echo "--- cluster dev ---" - #export KUBECONFIG=$KUBECONFIG - #kubectl cluster-info artifacts: paths: - cd_env_endpoint.txt deploy_ocf_dev: stage: deploy_ocf_dev + before_script: + - echo "--- cluster production ---" + - export KUBECONFIG=$KUBECONFIG_PROD + - kubectl cluster-info needs: - dev_build_and_push - prep_ocf_cd_dev -- GitLab From a080e1a5e172d5507951e782efab5040fdb22e2a Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 14:39:16 +0200 Subject: [PATCH 340/392] trying deploying ocf staging before mr in cluster prod --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 36 ++++++++++----------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 6eea9d3..588cab6 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -60,6 +60,10 @@ prep_ocf_cd_staging: deploy_ocf_staging: stage: deploy_ocf_staging + before_script: + - echo "--- cluster production ---" + - export KUBECONFIG=$KUBECONFIG_PROD + - kubectl cluster-info needs: - staging_build_and_push - prep_ocf_cd_staging @@ -122,21 +126,21 @@ deploy_ocf_staging: --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-invocation-logs.env.logLevel="INFO" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-invoker-management.env.logLevel="INFO" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-provider-management.env.logLevel="INFO" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ @@ -152,12 +156,12 @@ deploy_ocf_staging: --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ - --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-security.env.logLevel="INFO" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ - --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ @@ -184,7 +188,7 @@ deploy_ocf_staging: --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ - --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set nginx.ingress.enabled=true \ --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.ingress.hosts[0].paths[0].path="/" \ @@ -194,7 +198,7 @@ deploy_ocf_staging: --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ - --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ @@ -395,10 +399,6 @@ prep_ocf_cd_dev: deploy_ocf_dev: stage: deploy_ocf_dev - before_script: - - echo "--- cluster production ---" - - export KUBECONFIG=$KUBECONFIG_PROD - - kubectl cluster-info needs: - dev_build_and_push - prep_ocf_cd_dev @@ -466,14 +466,14 @@ deploy_ocf_dev: --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-invocation-logs.env.logLevel="DEBUG" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-invoker-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ @@ -481,7 +481,7 @@ deploy_ocf_dev: --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ @@ -496,12 +496,12 @@ deploy_ocf_dev: --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ - --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-security.env.logLevel="DEBUG" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ - --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ @@ -528,7 +528,7 @@ deploy_ocf_dev: --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ - --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ @@ -538,7 +538,7 @@ deploy_ocf_dev: --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ - --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-helper.env.logLevel="DEBUG" \ --set mock-server.enabled=true \ -- GitLab From bb6ec39f1006b90bb0a765a96636e601e8846da3 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 15:01:39 +0200 Subject: [PATCH 341/392] trying to deploy ocf in validation env in cluster prod --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 36 ++++++++++----------- 1 file changed, 18 insertions(+), 18 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 588cab6..f723ac2 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -60,10 +60,6 @@ prep_ocf_cd_staging: deploy_ocf_staging: stage: deploy_ocf_staging - before_script: - - echo "--- cluster production ---" - - export KUBECONFIG=$KUBECONFIG_PROD - - kubectl cluster-info needs: - staging_build_and_push - prep_ocf_cd_staging @@ -126,21 +122,21 @@ deploy_ocf_staging: --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-invocation-logs.env.logLevel="INFO" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-invoker-management.env.logLevel="INFO" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-api-provider-management.env.logLevel="INFO" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ @@ -156,12 +152,12 @@ deploy_ocf_staging: --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ - --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-security.env.logLevel="INFO" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ - --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ @@ -188,7 +184,7 @@ deploy_ocf_staging: --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ - --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set nginx.ingress.hosts[0].paths[0].path="/" \ @@ -198,7 +194,7 @@ deploy_ocf_staging: --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ - --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ @@ -236,6 +232,10 @@ delete_ocf_staging: ### staging branch merged ### deploy_ocf_oficial_staging: stage: deploy_ocf_oficial_staging + before_script: + - echo "--- cluster production ---" + - export KUBECONFIG=$KUBECONFIG_PROD + - kubectl cluster-info # <<: *staging_common rules: - if: '$CI_COMMIT_REF_NAME == "staging"' @@ -298,19 +298,19 @@ deploy_ocf_oficial_staging: --set ocf-api-invocation-logs.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=staging \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=staging \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ --set ocf-events.image.tag=staging \ --set ocf-events.env.monitoring="true" \ @@ -323,11 +323,11 @@ deploy_ocf_oficial_staging: --set ocf-security.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ - --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ --set ocf-register.image.tag=staging \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ - --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ @@ -350,7 +350,7 @@ deploy_ocf_oficial_staging: --set nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ - --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set nginx.ingress.enabled=true \ --set nginx.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ --set nginx.ingress.hosts[0].paths[0].path="/" \ @@ -359,7 +359,7 @@ deploy_ocf_oficial_staging: --set ocf-helper.image.tag=staging \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ - --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \ -- GitLab From 84fa82822c332ffe9692a6582811299845d3c84c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 11 Sep 2024 15:18:29 +0200 Subject: [PATCH 342/392] delete_ocf_dev --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f723ac2..be4a394 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -563,6 +563,7 @@ deploy_ocf_dev: delete_ocf_dev: stage: delete_ocf_dev + <<: *dev_common tags: - shell script: -- GitLab From 84de77df539247fb281c923583eeb4550df75a4f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 11:33:19 +0200 Subject: [PATCH 343/392] testing cvs_nginx --- capif/.gitlab-ci.yml | 275 +++++++---------------- capif/templates/ci_main.gitlab-ci.yml | 193 ++++++++++------ capif/templates/ci_staging.gitlab-ci.yml | 24 +- 3 files changed, 227 insertions(+), 265 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index c5ab720..dc50b9e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,6 +4,7 @@ stages: - test - main_sast - main_container_scanning + - staging_container_scanning # DELETE - main_build_and_push - deploy_ocf_main - main_rf_testing @@ -64,86 +65,6 @@ variables: tags: - docker-in-docker -#.main_common: &main_common -# only: -# - merge_requests -# except: -# variables: -# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" -# tags: -# - shell# - -#.dev_common: &dev_common -# tags: -# - shell - -#main_cancel_previous_action: -# stage: main_pre_pipeline -# script: -# - | -# if [[ -n "$CI_JOB_TOKEN" ]]; then -# echo "Checking for running jobs in the same pipeline..." -# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") -# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do -# _jq() { -# echo ${job} | base64 --decode | jq -r ${1} -# } -# status=$(_jq '.status') -# id=$(_jq '.id') -# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then -# echo "Cancelling job $id" -# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" -# fi -# done -# fi -# <<: *main_common - -#merge_request_main_into_main: -# stage: merge_request_main_into_main -# script: -# - > -# if [ "$CI_COMMIT_REF_NAME" == "main" ]; then -# # Variables -# SOURCE_BRANCH="main" -# TARGET_BRANCH="main" -# TITLE="Merge main into main created by GitLab CICD" -# -# # Create Merge Request -# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" \ -# --data "source_branch=$SOURCE_BRANCH&target_branch=$TARGET_BRANCH&title=$TITLE" \ -# "$GITLAB_API/projects/$PROJECT_ID/merge_requests" -# else -# echo "Nothing to do" -# fi -# only: -# - main -# tags: -# - shell - -#dev_cancel_previous_action: -# stage: dev_pre_pipeline -# script: -# - | -# echo "### cancel previous actions in dev branchc ###" -# if [[ -n "$CI_JOB_TOKEN" ]]; then -# echo "Checking for running jobs in the same pipeline..." -# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") -# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do -# _jq() { -# echo ${job} | base64 --decode | jq -r ${1} -# } -# status=$(_jq '.status') -# id=$(_jq '.id') -# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then -# echo "Cancelling job $id" -# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" -# fi -# done -# fi -# rules: -# - if: $CI_COMMIT_BRANCH -# <<: *dev_common - include: - template: 'Jobs/SAST.gitlab-ci.yml' - template: 'Jobs/Dependency-Scanning.gitlab-ci.yml' @@ -298,10 +219,7 @@ main_secret_detection: cvs_nginx: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -321,10 +239,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -341,10 +256,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -361,10 +273,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -381,10 +290,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -401,10 +307,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -421,10 +324,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -441,10 +341,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -461,10 +358,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -481,10 +375,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -501,10 +392,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -521,10 +409,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -540,10 +425,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection + - main_build_and_pushependency_scanning before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -559,27 +441,17 @@ cvs_vault: main_build_and_push: stage: main_build_and_push + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection variables: CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY before_script: - - echo "--- Login to Docker registry ---" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - needs: - - cvs_nginx - - cvs_register - - cvs_ocf_access_control_policy_api - - cvs_ocf_api_invoker_management_api - - cvs_ocf_api_provider_management_api - - cvs_ocf_auditing_api - - cvs_ocf_discover_service_api - - cvs_ocf_events_api - - cvs_ocf_logging_api_invocation_api - - cvs_ocf_publish_service_api - - cvs_ocf_routing_info_api - - cvs_ocf_security_api - - cvs_vault + - echo "--- Login to Docker registry --- - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -659,17 +531,31 @@ main_build_and_push: deploy_ocf_main: stage: deploy_ocf_main + before_script: + - echo "--- cluster production ---" + - export KUBECONFIG=$KUBECONFIG_PROD + - kubectl cluster-info variables: DOMAIN_PRE_PROD: ocf.pre-production NAMESPACE_PRE_PROD: ocf-main needs: - - main_build_and_push + - cvs_nginx + - cvs_register + - cvs_ocf_access_control_policy_api + - cvs_ocf_api_invoker_management_api + - cvs_ocf_api_provider_management_api + - cvs_ocf_auditing_api + - cvs_ocf_discover_service_api + - cvs_ocf_events_api + - cvs_ocf_logging_api_invocation_api + - cvs_ocf_publish_service_api + - cvs_ocf_routing_info_api + - cvs_ocf_security_api + - cvs_vault <<: *main_common environment: name: review/main url: https://$NAMESPACE_PRE_PROD.$DOMAIN_PRE_PROD - on_stop: delete_ocf_main - auto_stop_in: 3 day script: - | helm version @@ -711,44 +597,51 @@ deploy_ocf_main: --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set otelcollector.enabled=true \ --set otelcollector.configMap.tempoEndpoint=ocf-main-tempo:4317 \ - --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-access-control-policy-api \ - --set ocf-access-control-policy.image.tag=main \ + --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ + --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.image.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-access-control-policy.monitoring="true" \ - --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-logging-api-invocation-api \ - --set ocf-api-invocation-logs.image.tag=main \ + --set ocf-access-control-policy.env.logLevel="INFO" \ + --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ + --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ --set ocf-api-invocation-logs.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-invoker-management-api \ - --set ocf-api-invoker-management.image.tag=main \ + --set ocf-api-invocation-logs.env.logLevel="INFO" \ + --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ + --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-api-provider-management-api \ - --set ocf-api-provider-management.image.tag=main \ + --set ocf-api-invoker-management.env.logLevel="INFO" \ + --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ + --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-events-api \ - --set ocf-events.image.tag=main \ + --set ocf-api-provider-management.env.logLevel="INFO" \ + --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ + --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ - --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-routing-info-api \ - --set ocf-routing-info.image.tag=main \ + --set ocf-events.env.logLevel="INFO" \ + --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ + --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-routing-info.env.monitoring="true" \ - --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-security-api \ - --set ocf-security.image.tag=main \ + --set ocf-routing-info.env.logLevel="INFO" \ + --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ + --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ --set ocf-security.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/main/register \ - --set ocf-register.image.tag=main \ + --set ocf-security.env.logLevel="INFO" \ + --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ + --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-register.env.vaultPort=$VAULT_PORT \ @@ -759,17 +652,21 @@ deploy_ocf_main: --set ocf-register.ingress.hosts[0].host=register-main.$DOMAIN_PRE_PROD \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-auditing-api \ - --set ocf-auditing-api-logs.image.tag=main \ + --set ocf-register.env.logLevel="INFO" \ + --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ + --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-auditing-api-logs.env.monitoring="true" \ - --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-publish-service-api \ - --set ocf-publish-service-api.image.tag=main \ + --set ocf-auditing-api-logs.env.logLevel="INFO" \ + --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ + --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ - --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/main/ocf-discover-service-api \ - --set ocf-discover-service-api.image.tag=main \ + --set ocf-publish-service-api.env.logLevel="INFO" \ + --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ + --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-discover-service-api.env.monitoring="true" \ - --set nginx.image.repository=$CI_REGISTRY/ocf/capif/main/nginx \ - --set nginx.image.tag=main \ + --set ocf-discover-service-api.env.logLevel="INFO" \ + --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ + --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ @@ -778,19 +675,22 @@ deploy_ocf_main: --set nginx.ingress.hosts[0].host=capif-main.$DOMAIN_PRE_PROD \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/main/helper \ - --set ocf-helper.image.tag=main \ + --set nginx.env.logLevel="info" \ + --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ + --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ - --set mock-server.enabled=false \ - --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/main/mock-server \ - --set mock-server.image.tag=main \ - --set mock-server.ingress.enabled=false \ + --set ocf-helper.env.logLevel="INFO" \ + --set mock-server.enabled=true \ + --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ + --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ + --set mock-server.ingress.enabled=true \ --set mock-server.ingress.hosts[0].host=mock-server-main.$DOMAIN_PRE_PROD \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mock-server.env.logLevel="INFO" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-main.$DOMAIN_PRE_PROD" \ @@ -809,15 +709,4 @@ main_rf_testing: script: - | echo "------ Robot Framework Testing ------" - <<: *main_common - -delete_ocf_main: - stage: delete_ocf_main - <<: *main_common - script: - - echo "### deleting environment $NAMESPACE_main###" -# - helm uninstall -n $NAMESPACE_main ocf --kubeconfig ~/cluster.kubeconfig - when: manual - environment: - name: review/main - action: stop \ No newline at end of file + <<: *main_common \ No newline at end of file diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml index 556a3b7..45e63f4 100644 --- a/capif/templates/ci_main.gitlab-ci.yml +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -22,13 +22,24 @@ variables: tags: - shell +.main_dnd: &main_dnd + allow_failure: true + rules: + - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' + when: always + - when: never + services: + - docker:24.0.5-dind + tags: + - docker-in-docker + main_secrets_in_repo: stage: main_secrets_in_repo script: - | pip install trufflehog cd ../ - #trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 + trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 <<: *main_common # define the process to do linting code: Sonarque, ruff? @@ -37,8 +48,8 @@ main_linting_code: script: - | echo "###ruff checks###" - #pip install ruff - #ruff check --config cicd/ruff.toml . || true + pip install ruff + ruff check --config cicd/ruff.toml . || true needs: ["main_secrets_in_repo"] <<: *main_common @@ -70,7 +81,7 @@ main_linting_docker: echo "### $SERVICE ###" # Run hadolint on Dockerfile - #../hadolint services/$SERVICE/Dockerfile || true + ../hadolint services/$SERVICE/Dockerfile || true echo "----------------------------------------------------" done @@ -152,77 +163,117 @@ main_cvs: expire_in: "1 week" <<: *main_common +main_semgrep_sast: + needs: + - main_linting_code + - main_linting_docker + stage: main_security + extends: semgrep-sast + variables: + DOCKER_HOST: tcp://docker:2375 + SAST_DEFAULT_ANALYZERS: bandit + <<: *main_dnd + +gemnasium-python-dependency_scanning: + stage: test + before_script: + - echo " ----- not run test stage -----" + rules: + - when: never + +main_gemnasium_python_sca: + needs: + - main_linting_code + - main_linting_docker + stage: staging_security + extends: gemnasium-python-dependency_scanning + variables: + DS_ANALYZER_NAME: "gemnasium-python" + <<: *main_dnd + main_build_and_push: needs: ["main_security"] stage: main_build_and_push script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -# - echo "----------------------------------------------------" -# - echo "### build and push nginx image###" -# - cd $TMP_PWD/services/nginx/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:latest -# - echo "----------------------------------------------------" -# - echo "### build and push register image###" -# - cd $TMP_PWD/services/register/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Auditing_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Events_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push TS29222_CAPIF_Security_API image###" -# - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:latest -# - echo "----------------------------------------------------" -# - echo "### build and push vault image###" -# - cd $TMP_PWD/services/vault/ -# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:latest . -# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:latest -# - echo "----------------------------------------------------" -# - docker logout $CI_REGISTRY + - echo "### docker login###" + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push helper image###" + - cd $TMP_PWD/services/helper/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock_server/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY <<: *main_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 68086b7..71576f6 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -8,6 +8,7 @@ stages: - staging_security - staging_build_and_push - staging_build_and_push_mr + - staging_container_scanning # DELETE variables: CI_JOB_TOKEN: $CI_JOB_TOKEN @@ -415,4 +416,25 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY \ No newline at end of file + - docker logout $CI_REGISTRY + + +cvs_nginx: + stage: staging_container_scanning + needs: + - staging_unit_tests + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - ls -lrta + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# GIT_STRATEGY: fetch +# CS_DOCKERFILE_PATH: capif/services/nginx/ + SECURE_LOG_LEVEL: debug + <<: *staging_dnd \ No newline at end of file -- GitLab From 993f040b77b720791239f0f9000203b307b70ed8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 11:44:19 +0200 Subject: [PATCH 344/392] cvs_nginx in dev --- capif/.gitlab-ci.yml | 2 +- capif/templates/ci_dev.gitlab-ci.yml | 63 ++++++++++++------------ capif/templates/ci_staging.gitlab-ci.yml | 24 +-------- 3 files changed, 34 insertions(+), 55 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index dc50b9e..8f17d2d 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -4,7 +4,7 @@ stages: - test - main_sast - main_container_scanning - - staging_container_scanning # DELETE + - dev_container_scanning # DELETE - main_build_and_push - deploy_ocf_main - main_rf_testing diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 95771ec..bf950ca 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -4,6 +4,7 @@ stages: - dev_secrets_in_repo - dev_linting - dev_build_and_push + - dev_container_scanning # DELETE variables: CI_JOB_TOKEN: $CI_JOB_TOKEN @@ -17,39 +18,18 @@ variables: tags: - shell -#dev_pulling_repo: -# stage: dev_pulling_repo -# script: -# - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git -# <<: *dev_common - -#dev_cancel_previous_action: -# stage: dev_pre_pipeline -# script: -# - | -# echo "### cancel previous actions in dev branchc ###" -# if [[ -n "$CI_JOB_TOKEN" ]]; then -# echo "Checking for running jobs in the same pipeline..." -# jobs=$(curl --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/pipelines/$CI_PIPELINE_ID/jobs") -# for job in $(echo "$jobs" | jq -r '.[] | @base64'); do -# _jq() { -# echo ${job} | base64 --decode | jq -r ${1} -# } -# status=$(_jq '.status') -# id=$(_jq '.id') -# if [[ "$status" == "running" ]] && [[ "$id" != "$CI_JOB_ID" ]]; then -# echo "Cancelling job $id" -# curl --request POST --header "PRIVATE-TOKEN: $CI_JOB_TOKEN" "$GITLAB_API/projects/$CI_PROJECT_ID/jobs/$id/cancel" -# fi -# done -# fi -# rules: -# - if: $CI_COMMIT_BRANCH -# <<: *dev_common +.dev_dnd: &dev_dnd + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "main"' + when: always + - when: never + tags: + - docker-in-docker dev_secrets_in_repo: -# needs: -# - dev_cancel_previous_action stage: dev_secrets_in_repo rules: - if: '$CI_COMMIT_REF_NAME == "staging"' @@ -231,3 +211,24 @@ dev_build_and_push: - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *dev_common + + +cvs_nginx: + stage: dev_container_scanning + needs: + - dev_build_and_push + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - ls -lrta + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# GIT_STRATEGY: fetch +# CS_DOCKERFILE_PATH: capif/services/nginx/ + SECURE_LOG_LEVEL: debug + <<: *dev_dnd \ No newline at end of file diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 71576f6..68086b7 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -8,7 +8,6 @@ stages: - staging_security - staging_build_and_push - staging_build_and_push_mr - - staging_container_scanning # DELETE variables: CI_JOB_TOKEN: $CI_JOB_TOKEN @@ -416,25 +415,4 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY - - -cvs_nginx: - stage: staging_container_scanning - needs: - - staging_unit_tests - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - ls -lrta - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# GIT_STRATEGY: fetch -# CS_DOCKERFILE_PATH: capif/services/nginx/ - SECURE_LOG_LEVEL: debug - <<: *staging_dnd \ No newline at end of file + - docker logout $CI_REGISTRY \ No newline at end of file -- GitLab From 8843fab8661ed6022371dc5160f93e270acb3016 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 12:20:30 +0200 Subject: [PATCH 345/392] main_build_and_push --- capif/.gitlab-ci.yml | 26 +++++++++++++------------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 8f17d2d..3884364 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -219,7 +219,7 @@ main_secret_detection: cvs_nginx: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -239,7 +239,7 @@ cvs_nginx: cvs_register: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -256,7 +256,7 @@ cvs_register: cvs_ocf_access_control_policy_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -273,7 +273,7 @@ cvs_ocf_access_control_policy_api: cvs_ocf_api_invoker_management_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -290,7 +290,7 @@ cvs_ocf_api_invoker_management_api: cvs_ocf_api_provider_management_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -307,7 +307,7 @@ cvs_ocf_api_provider_management_api: cvs_ocf_auditing_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -324,7 +324,7 @@ cvs_ocf_auditing_api: cvs_ocf_discover_service_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -341,7 +341,7 @@ cvs_ocf_discover_service_api: cvs_ocf_events_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -358,7 +358,7 @@ cvs_ocf_events_api: cvs_ocf_logging_api_invocation_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -375,7 +375,7 @@ cvs_ocf_logging_api_invocation_api: cvs_ocf_publish_service_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -392,7 +392,7 @@ cvs_ocf_publish_service_api: cvs_ocf_routing_info_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -409,7 +409,7 @@ cvs_ocf_routing_info_api: cvs_ocf_security_api: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" @@ -425,7 +425,7 @@ cvs_ocf_security_api: cvs_vault: stage: main_container_scanning needs: - - main_build_and_pushependency_scanning + - main_build_and_push before_script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" -- GitLab From 8d10044bc291fefd88981efdcd109e17136917ea Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 12:29:45 +0200 Subject: [PATCH 346/392] commented --- capif/templates/ci_main.gitlab-ci.yml | 556 +++++++++++++------------- 1 file changed, 278 insertions(+), 278 deletions(-) diff --git a/capif/templates/ci_main.gitlab-ci.yml b/capif/templates/ci_main.gitlab-ci.yml index 45e63f4..3390796 100644 --- a/capif/templates/ci_main.gitlab-ci.yml +++ b/capif/templates/ci_main.gitlab-ci.yml @@ -1,279 +1,279 @@ -stages: -# - main_pulling_repo - - main_secrets_in_repo - - main_linting_code - - main_linting_docker - - main_security - - main_build_and_push - -variables: - CI_JOB_TOKEN: $CI_JOB_TOKEN - CI_DEBUG_TRACE: "false" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY - -.main_common: &main_common - only: - - merge_requests - except: - variables: - - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" - tags: - - shell - -.main_dnd: &main_dnd - allow_failure: true - rules: - - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' - when: always - - when: never - services: - - docker:24.0.5-dind - tags: - - docker-in-docker - -main_secrets_in_repo: - stage: main_secrets_in_repo - script: - - | - pip install trufflehog - cd ../ - trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 - <<: *main_common - -# define the process to do linting code: Sonarque, ruff? -main_linting_code: - stage: main_linting_code - script: - - | - echo "###ruff checks###" - pip install ruff - ruff check --config cicd/ruff.toml . || true - needs: ["main_secrets_in_repo"] - <<: *main_common - -main_linting_docker: - stage: main_linting_docker - script: - - | - # Download hadolint binary - wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint - - # Make it executable - chmod +x hadolint - - # Move it to your binaries folder - mv hadolint ../ - - # Verify the installation - echo "### hadolint version ###" - ../hadolint --version - - # Array of service names - SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" - "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" - "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" - "vault") - - # Loop over service names - for SERVICE in "${SERVICES[@]}"; do - echo "### $SERVICE ###" - - # Run hadolint on Dockerfile - ../hadolint services/$SERVICE/Dockerfile || true - - echo "----------------------------------------------------" - done - +#stages: +## - main_pulling_repo +# - main_secrets_in_repo +# - main_linting_code +# - main_linting_docker +# - main_security +# - main_build_and_push +# +#variables: +# CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_DEBUG_TRACE: "false" +# CI_REGISTRY_USER: $CI_REGISTRY_USER +# CI_REGISTRY: $CI_REGISTRY +# CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY +# +#.main_common: &main_common +# only: +# - merge_requests +# except: +# variables: +# - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "main" +# tags: +# - shell +# +#.main_dnd: &main_dnd +# allow_failure: true +# rules: +# - if: '$CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "main"' +# when: always +# - when: never +# services: +# - docker:24.0.5-dind +# tags: +# - docker-in-docker +# +#main_secrets_in_repo: +# stage: main_secrets_in_repo +# script: +# - | +# pip install trufflehog +# cd ../ +# trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5 +# <<: *main_common +# +## define the process to do linting code: Sonarque, ruff? +#main_linting_code: +# stage: main_linting_code +# script: +# - | +# echo "###ruff checks###" +# pip install ruff +# ruff check --config cicd/ruff.toml . || true +# needs: ["main_secrets_in_repo"] +# <<: *main_common +# +#main_linting_docker: +# stage: main_linting_docker +# script: +# - | +# # Download hadolint binary +# wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint +# +# # Make it executable +# chmod +x hadolint +# +# # Move it to your binaries folder +# mv hadolint ../ +# +# # Verify the installation +# echo "### hadolint version ###" +# ../hadolint --version +# +# # Array of service names +# SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" +# "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" +# "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" +# "vault") +# +# # Loop over service names +# for SERVICE in "${SERVICES[@]}"; do +# echo "### $SERVICE ###" +# +# # Run hadolint on Dockerfile +# ../hadolint services/$SERVICE/Dockerfile || true +# +# echo "----------------------------------------------------" +# done +# +## artifacts: +## name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" +## when: always +## reports: +## codequality: +## - docker-lint.json +## interruptible: true +# needs: ["main_linting_code"] +# <<: *main_common +# +# +#main_cvs: +# needs: ["main_linting_docker"] +# stage: main_security +# script: +# - | +# # Install grype +# curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ +# +# # Print grype version +# echo "### grype version###" +# ../grype version +# +# # Create output directory if it doesn't exist +# DIRECTORY=./grype-outputs +# if [ ! -d "$DIRECTORY" ]; then +# mkdir $DIRECTORY +# echo "Directory created" +# else +# echo "Directory already exists" +# fi +# +# # Save current directory +# export TMP_PWD=$PWD +# echo "TMP_PWD=$TMP_PWD" +# +# # Array of image names +# IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" +# "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" +# "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" +# "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") +# +# # Loop over image names +# for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do +# # Convert SERVICE to lowercase +# IMAGE_LOWER=${IMAGE_NAME,,} +# +# echo "---- variable ----" +# echo "### build and push $IMAGE_NAME image###" +# +# # Navigate to service directory +# cd services/$IMAGE_NAME/ +# +# # Login to Docker registry +# docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY +# +# # Build Docker image +# docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . +# +# # Navigate back to original directory +# cd $TMP_PWD +# +# echo "### Container Vulnerability Scanning $IMAGE_NAME###" +# +# # Scan Docker image with grype and save output to file +# #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt +# +# echo "----------------------------------------------------" +# done # artifacts: -# name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG" -# when: always -# reports: -# codequality: -# - docker-lint.json -# interruptible: true - needs: ["main_linting_code"] - <<: *main_common - - -main_cvs: - needs: ["main_linting_docker"] - stage: main_security - script: - - | - # Install grype - curl -sSfL https://raw.githubusercontent.com/anchore/grype/main/install.sh | sh -s -- -b ../ - - # Print grype version - echo "### grype version###" - ../grype version - - # Create output directory if it doesn't exist - DIRECTORY=./grype-outputs - if [ ! -d "$DIRECTORY" ]; then - mkdir $DIRECTORY - echo "Directory created" - else - echo "Directory already exists" - fi - - # Save current directory - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - - # Array of image names - IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" - "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" - "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" - "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") - - # Loop over image names - for IMAGE_NAME in "${IMAGE_NAMES[@]}"; do - # Convert SERVICE to lowercase - IMAGE_LOWER=${IMAGE_NAME,,} - - echo "---- variable ----" - echo "### build and push $IMAGE_NAME image###" - - # Navigate to service directory - cd services/$IMAGE_NAME/ - - # Login to Docker registry - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - # Build Docker image - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest . - - # Navigate back to original directory - cd $TMP_PWD - - echo "### Container Vulnerability Scanning $IMAGE_NAME###" - - # Scan Docker image with grype and save output to file - #../grype $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:latest --scope all-layers > ./grype-outputs/grype_$IMAGE_NAME-latest.txt - - echo "----------------------------------------------------" - done - artifacts: - untracked: false - paths: - - ./grype-outputs/*.txt - when: on_success - expire_in: "1 week" - <<: *main_common - -main_semgrep_sast: - needs: - - main_linting_code - - main_linting_docker - stage: main_security - extends: semgrep-sast - variables: - DOCKER_HOST: tcp://docker:2375 - SAST_DEFAULT_ANALYZERS: bandit - <<: *main_dnd - -gemnasium-python-dependency_scanning: - stage: test - before_script: - - echo " ----- not run test stage -----" - rules: - - when: never - -main_gemnasium_python_sca: - needs: - - main_linting_code - - main_linting_docker - stage: staging_security - extends: gemnasium-python-dependency_scanning - variables: - DS_ANALYZER_NAME: "gemnasium-python" - <<: *main_dnd - -main_build_and_push: - needs: ["main_security"] - stage: main_build_and_push - script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - - echo "----------------------------------------------------" - - echo "### build and push nginx image###" - - cd $TMP_PWD/services/nginx/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push register image###" - - cd $TMP_PWD/services/register/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Auditing_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Events_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Security_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push vault image###" - - cd $TMP_PWD/services/vault/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push helper image###" - - cd $TMP_PWD/services/helper/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push mock-server image###" - - cd $TMP_PWD/services/mock_server/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY - <<: *main_common +# untracked: false +# paths: +# - ./grype-outputs/*.txt +# when: on_success +# expire_in: "1 week" +# <<: *main_common +# +#main_semgrep_sast: +# needs: +# - main_linting_code +# - main_linting_docker +# stage: main_security +# extends: semgrep-sast +# variables: +# DOCKER_HOST: tcp://docker:2375 +# SAST_DEFAULT_ANALYZERS: bandit +# <<: *main_dnd +# +#gemnasium-python-dependency_scanning: +# stage: test +# before_script: +# - echo " ----- not run test stage -----" +# rules: +# - when: never +# +#main_gemnasium_python_sca: +# needs: +# - main_linting_code +# - main_linting_docker +# stage: staging_security +# extends: gemnasium-python-dependency_scanning +# variables: +# DS_ANALYZER_NAME: "gemnasium-python" +# <<: *main_dnd +# +#main_build_and_push: +# needs: ["main_security"] +# stage: main_build_and_push +# script: +# - export TMP_PWD=$PWD +# - echo "TMP_PWD=$TMP_PWD" +# - echo "### docker login###" +# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY +# - echo "----------------------------------------------------" +# - echo "### build and push nginx image###" +# - cd $TMP_PWD/services/nginx/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push register image###" +# - cd $TMP_PWD/services/register/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Auditing_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Events_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push TS29222_CAPIF_Security_API image###" +# - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push vault image###" +# - cd $TMP_PWD/services/vault/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push helper image###" +# - cd $TMP_PWD/services/helper/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - echo "### build and push mock-server image###" +# - cd $TMP_PWD/services/mock_server/ +# - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . +# - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG +# - echo "----------------------------------------------------" +# - docker logout $CI_REGISTRY +# <<: *main_common -- GitLab From 10d480ed0fdf017748c4d3529ecb7a599274e3ca Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 12:40:30 +0200 Subject: [PATCH 347/392] main_build_and_push --- capif/.gitlab-ci.yml | 180 +++++++++++++++++++++---------------------- 1 file changed, 90 insertions(+), 90 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 3884364..21fdfcd 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -216,6 +216,96 @@ main_secret_detection: SECRET_DETECTION_HISTORIC_SCAN: "true" <<: *main_dnd +main_build_and_push: + stage: main_build_and_push + needs: + - main_semgrep_sast + - main_kubesec_sast + - main_gemnasium_python_dependency_scanning + - main_secret_detection + variables: + CI_REGISTRY_USER: $CI_REGISTRY_USER + CI_REGISTRY: $CI_REGISTRY + CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY + before_script: + - echo "--- Login to Docker registry --- - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - echo "----------------------------------------------------" + - echo "### build and push nginx image###" + - cd $TMP_PWD/services/nginx/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push register image###" + - cd $TMP_PWD/services/register/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Auditing_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Events_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push TS29222_CAPIF_Security_API image###" + - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push vault image###" + - cd $TMP_PWD/services/vault/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - echo "### build and push mock-server image###" + - cd $TMP_PWD/services/mock_server/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY + <<: *main_common + cvs_nginx: stage: main_container_scanning needs: @@ -439,96 +529,6 @@ cvs_vault: SECURE_LOG_LEVEL: debug <<: *main_dnd -main_build_and_push: - stage: main_build_and_push - needs: - - main_semgrep_sast - - main_kubesec_sast - - main_gemnasium_python_dependency_scanning - - main_secret_detection - variables: - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY - before_script: - - echo "--- Login to Docker registry --- - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - echo "----------------------------------------------------" - - echo "### build and push nginx image###" - - cd $TMP_PWD/services/nginx/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push register image###" - - cd $TMP_PWD/services/register/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Auditing_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Discover_Service_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Events_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Publish_Service_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Routing_Info_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push TS29222_CAPIF_Security_API image###" - - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push vault image###" - - cd $TMP_PWD/services/vault/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - echo "### build and push mock-server image###" - - cd $TMP_PWD/services/mock_server/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - - echo "----------------------------------------------------" - - docker logout $CI_REGISTRY - <<: *main_common - deploy_ocf_main: stage: deploy_ocf_main before_script: -- GitLab From 3dddda1a759ebd4f0aecf4aa7507afdf8c749abb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 12:53:26 +0200 Subject: [PATCH 348/392] main_build_and_push --- capif/.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 21fdfcd..9999db0 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -227,11 +227,11 @@ main_build_and_push: CI_REGISTRY_USER: $CI_REGISTRY_USER CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY - before_script: - - echo "--- Login to Docker registry --- - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY script: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" + - echo "### docker login###" + - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From f8ed517e6e51808514ab4f4c0501d4c8d06d9ddd Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 12:56:35 +0200 Subject: [PATCH 349/392] - main_build_and_push --- capif/.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 9999db0..0094029 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -3,9 +3,9 @@ stages: - merge_request_staging_into_main - test - main_sast + - main_build_and_push - main_container_scanning - dev_container_scanning # DELETE - - main_build_and_push - deploy_ocf_main - main_rf_testing - delete_ocf_main -- GitLab From 7a5249128b91344c66bd46d2e97fea3268b614f9 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 12:58:01 +0200 Subject: [PATCH 350/392] dev_dnd --- capif/templates/ci_dev.gitlab-ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index bf950ca..ab6b15b 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -23,9 +23,13 @@ variables: services: - docker:24.0.5-dind rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never - if: '$CI_COMMIT_REF_NAME == "main"' - when: always - - when: never + when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always tags: - docker-in-docker -- GitLab From 7b77107077fd311f6b0771ee50aa06be1ed10829 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 13:07:39 +0200 Subject: [PATCH 351/392] dev_container_scanning --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 38 +++++++++++++++++++- capif/templates/ci_dev.gitlab-ci.yml | 39 +-------------------- 2 files changed, 38 insertions(+), 39 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index be4a394..1009f87 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -4,6 +4,7 @@ stages: - delete_ocf_staging - deploy_ocf_dev - delete_ocf_dev + - dev_container_scanning variables: NAMESPACE_DEV: "ocf-dev-$CI_ENVIRONMENT_SLUG" @@ -40,6 +41,21 @@ variables: tags: - shell +.dev_dnd: &dev_dnd + allow_failure: true + services: + - docker:24.0.5-dind + rules: + - if: '$CI_COMMIT_REF_NAME == "staging"' + when: never + - if: '$CI_COMMIT_REF_NAME == "main"' + when: never + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + when: never + - when: always + tags: + - docker-in-docker + ## staging before mr ### @@ -573,4 +589,24 @@ delete_ocf_dev: when: manual environment: name: review/$CI_COMMIT_REF_SLUG - action: stop \ No newline at end of file + action: stop + +cvs_nginx: + stage: dev_container_scanning + needs: + - deploy_ocf_dev + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + - ls -lrta + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY +# GIT_STRATEGY: fetch +# CS_DOCKERFILE_PATH: capif/services/nginx/ + SECURE_LOG_LEVEL: debug + <<: *dev_dnd \ No newline at end of file diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index ab6b15b..7b877b2 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -4,7 +4,6 @@ stages: - dev_secrets_in_repo - dev_linting - dev_build_and_push - - dev_container_scanning # DELETE variables: CI_JOB_TOKEN: $CI_JOB_TOKEN @@ -18,21 +17,6 @@ variables: tags: - shell -.dev_dnd: &dev_dnd - allow_failure: true - services: - - docker:24.0.5-dind - rules: - - if: '$CI_COMMIT_REF_NAME == "staging"' - when: never - - if: '$CI_COMMIT_REF_NAME == "main"' - when: never - - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' - when: never - - when: always - tags: - - docker-in-docker - dev_secrets_in_repo: stage: dev_secrets_in_repo rules: @@ -214,25 +198,4 @@ dev_build_and_push: - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY - <<: *dev_common - - -cvs_nginx: - stage: dev_container_scanning - needs: - - dev_build_and_push - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - ls -lrta - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# GIT_STRATEGY: fetch -# CS_DOCKERFILE_PATH: capif/services/nginx/ - SECURE_LOG_LEVEL: debug - <<: *dev_dnd \ No newline at end of file + <<: *dev_common \ No newline at end of file -- GitLab From 0711cbca55cb156ed26b6d4df1af53c24390a9ec Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 13:09:46 +0200 Subject: [PATCH 352/392] dev_container_scanning --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 23 +-------------------- 1 file changed, 1 insertion(+), 22 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 1009f87..128ba3b 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -4,7 +4,6 @@ stages: - delete_ocf_staging - deploy_ocf_dev - delete_ocf_dev - - dev_container_scanning variables: NAMESPACE_DEV: "ocf-dev-$CI_ENVIRONMENT_SLUG" @@ -589,24 +588,4 @@ delete_ocf_dev: when: manual environment: name: review/$CI_COMMIT_REF_SLUG - action: stop - -cvs_nginx: - stage: dev_container_scanning - needs: - - deploy_ocf_dev - before_script: - - export TMP_PWD=$PWD - - echo "TMP_PWD=$TMP_PWD" - - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git - - ls -lrta - extends: container_scanning - variables: - CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG" - CS_REGISTRY_USER: $CI_REGISTRY_USER - CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY -# GIT_STRATEGY: fetch -# CS_DOCKERFILE_PATH: capif/services/nginx/ - SECURE_LOG_LEVEL: debug - <<: *dev_dnd \ No newline at end of file + action: stop \ No newline at end of file -- GitLab From 82ccff5aeb7d8ead0cf278e17cb255ec85f77c9f Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 13 Sep 2024 13:09:57 +0200 Subject: [PATCH 353/392] dev_container_scanning --- capif/.gitlab-ci.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0094029..c521998 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -5,7 +5,6 @@ stages: - main_sast - main_build_and_push - main_container_scanning - - dev_container_scanning # DELETE - deploy_ocf_main - main_rf_testing - delete_ocf_main -- GitLab From bd8a4e18e5d4dfddfeb49a66548edf54ef098724 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 11 Oct 2024 15:04:09 +0200 Subject: [PATCH 354/392] env in merge dev->staging using DOMAIN_DEV --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 26 ++++++++++----------- 1 file changed, 13 insertions(+), 13 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 128ba3b..ab6d755 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -81,7 +81,7 @@ deploy_ocf_staging: <<: *staging_common environment: name: review/dev_to_staging - url: https://capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING + url: https://capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV on_stop: delete_ocf_staging auto_stop_in: 3 day script: @@ -116,7 +116,7 @@ deploy_ocf_staging: helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set grafana.ingress.hosts[0].paths[0].path="/" \ --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ @@ -128,13 +128,13 @@ deploy_ocf_staging: --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ - --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -164,7 +164,7 @@ deploy_ocf_staging: --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ - --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -176,9 +176,9 @@ deploy_ocf_staging: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-register.ingress.enabled=true \ - --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-register.env.logLevel="INFO" \ @@ -196,12 +196,12 @@ deploy_ocf_staging: --set ocf-discover-service-api.env.logLevel="INFO" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ - --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set nginx.env.logLevel="info" \ @@ -210,24 +210,24 @@ deploy_ocf_staging: --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ - --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_STAGING \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="INFO" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ - --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_STAGING" \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ - --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT.$DOMAIN_STAGING" \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic -- GitLab From 8b31fa2d48b2d0a74da2d24312e0016c3e6837bb Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 15:30:04 +0100 Subject: [PATCH 355/392] NAMESPACE_DEV_TO_STAGING --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ab6d755..5ef952f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -109,11 +109,12 @@ deploy_ocf_staging: done export CI_ENV_ENDPOINT=$(cat cd_env_endpoint.txt) + export NAMESPACE_DEV_TO_STAGING=$(echo $CI_ENV_ENDPOINT) echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ \ + helm upgrade --install -n $NAMESPACE_DEV_TO_STAGING ocf-pre-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ @@ -237,8 +238,8 @@ delete_ocf_staging: <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" - - helm uninstall -n $NAMESPACE_DEV ocf-pre-staging - - kubectl delete ns $NAMESPACE_DEV --force + - helm uninstall -n $NAMESPACE_DEV_TO_STAGING ocf-pre-staging + - kubectl delete ns $NAMESPACE_DEV_TO_STAGING --force when: manual environment: name: review/dev_to_staging -- GitLab From a46aab3d854a7967157f75ed4246371b516d71ad Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 15:48:42 +0100 Subject: [PATCH 356/392] delete_ocf_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 5ef952f..c336997 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -114,7 +114,7 @@ deploy_ocf_staging: echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" - helm upgrade --install -n $NAMESPACE_DEV_TO_STAGING ocf-pre-staging helm/capif/ \ + helm upgrade --install -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ @@ -235,12 +235,14 @@ deploy_ocf_staging: delete_ocf_staging: stage: delete_ocf_staging + needs: + - prep_ocf_cd_staging <<: *staging_common script: - - echo "### deleting environment $NAMESPACE_STAGING###" - - helm uninstall -n $NAMESPACE_DEV_TO_STAGING ocf-pre-staging - - kubectl delete ns $NAMESPACE_DEV_TO_STAGING --force - when: manual + - export NAMESPACE_DEV_TO_STAGING=$(cat cd_env_endpoint.txt) + - echo "### deleting environment $NAMESPACE_DEV_TO_STAGING###" + - helm uninstall -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging + - kubectl delete ns $NAMESPACE_DEV_TO_STAGING-mr environment: name: review/dev_to_staging action: stop -- GitLab From 5e67e725804c902fb12a10ea820eeba62ee8e707 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 16:09:11 +0100 Subject: [PATCH 357/392] helm uninstall --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index c336997..d5ea5fe 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -241,7 +241,7 @@ delete_ocf_staging: script: - export NAMESPACE_DEV_TO_STAGING=$(cat cd_env_endpoint.txt) - echo "### deleting environment $NAMESPACE_DEV_TO_STAGING###" - - helm uninstall -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging + #- helm uninstall -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging - kubectl delete ns $NAMESPACE_DEV_TO_STAGING-mr environment: name: review/dev_to_staging -- GitLab From 11657160d913057fbb6a88abf38ccc2e0fcda7e1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 16:26:17 +0100 Subject: [PATCH 358/392] $CI_ENV_ENDPOINT-dev and $CI_ENV_ENDPOINT-mr --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 52 ++++++++++----------- 1 file changed, 26 insertions(+), 26 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d5ea5fe..fc0e1fd 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -81,7 +81,7 @@ deploy_ocf_staging: <<: *staging_common environment: name: review/dev_to_staging - url: https://capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV + url: https://capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV on_stop: delete_ocf_staging auto_stop_in: 3 day script: @@ -117,7 +117,7 @@ deploy_ocf_staging: helm upgrade --install -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set grafana.ingress.hosts[0].paths[0].path="/" \ --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ @@ -129,13 +129,13 @@ deploy_ocf_staging: --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ - --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -165,7 +165,7 @@ deploy_ocf_staging: --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ - --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -177,9 +177,9 @@ deploy_ocf_staging: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-register.ingress.enabled=true \ - --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-register.env.logLevel="INFO" \ @@ -197,12 +197,12 @@ deploy_ocf_staging: --set ocf-discover-service-api.env.logLevel="INFO" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ - --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set nginx.env.logLevel="info" \ @@ -211,24 +211,24 @@ deploy_ocf_staging: --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ - --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="INFO" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ - --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ - --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic @@ -423,7 +423,7 @@ deploy_ocf_dev: <<: *dev_common environment: name: review/$CI_COMMIT_REF_SLUG - url: https://capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV + url: https://capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV on_stop: delete_ocf_dev auto_stop_in: 3 day # rules: @@ -463,7 +463,7 @@ deploy_ocf_dev: helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ \ --set grafana.enabled=true \ --set grafana.ingress.enabled=true \ - --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set grafana.ingress.hosts[0].host=ocf-mon-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set grafana.ingress.hosts[0].paths[0].path="/" \ --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ @@ -475,13 +475,13 @@ deploy_ocf_dev: --set otelcollector.configMap.tempoEndpoint=ocf-developer-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-access-control-policy.env.logLevel="DEBUG" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ - --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-api-invocation-logs.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -511,7 +511,7 @@ deploy_ocf_dev: --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ - --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-security.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -523,9 +523,9 @@ deploy_ocf_dev: --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ - --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-register.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-register.ingress.enabled=true \ - --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ --set ocf-register.env.logLevel="DEBUG" \ @@ -543,12 +543,12 @@ deploy_ocf_dev: --set ocf-discover-service-api.env.logLevel="DEBUG" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ - --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set nginx.ingress.enabled=true \ - --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set nginx.ingress.hosts[0].host=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set nginx.ingress.hosts[0].paths[0].path="/" \ --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ --set nginx.env.logLevel="debug" \ @@ -557,24 +557,24 @@ deploy_ocf_dev: --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-helper.env.logLevel="DEBUG" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ --set mock-server.ingress.enabled=true \ - --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT.$DOMAIN_DEV \ + --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ - --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.ingress.enabled=true \ - --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT.$DOMAIN_DEV" \ + --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --wait --timeout=10m --create-namespace --atomic -- GitLab From 841ff15ba86ac2b8495e368d8a6fed2366b91399 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 16:53:11 +0100 Subject: [PATCH 359/392] when: manual delete_ocf_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index fc0e1fd..2919b9f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -241,8 +241,9 @@ delete_ocf_staging: script: - export NAMESPACE_DEV_TO_STAGING=$(cat cd_env_endpoint.txt) - echo "### deleting environment $NAMESPACE_DEV_TO_STAGING###" - #- helm uninstall -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging + - helm uninstall -n $NAMESPACE_DEV_TO_STAGING-mr ocf-pre-staging - kubectl delete ns $NAMESPACE_DEV_TO_STAGING-mr + when: manual environment: name: review/dev_to_staging action: stop -- GitLab From 2e85a830e6b1334f1c45ed131b49a47ab81581ee Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 17:23:29 +0100 Subject: [PATCH 360/392] environment: review/dev_to_staging/$NAMESPACE_DEV_TO_STAGING-mr --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 2919b9f..7581762 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -80,7 +80,7 @@ deploy_ocf_staging: - prep_ocf_cd_staging <<: *staging_common environment: - name: review/dev_to_staging + name: review/dev_to_staging/$NAMESPACE_DEV_TO_STAGING-mr url: https://capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV on_stop: delete_ocf_staging auto_stop_in: 3 day -- GitLab From fc0ae6394adaeb965967e60eaf97dcb464b30238 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 17:25:51 +0100 Subject: [PATCH 361/392] environment: review/dev_to_staging/$NAMESPACE_DEV_TO_STAGING-mr delete_ocf_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 7581762..db7eefc 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -245,7 +245,7 @@ delete_ocf_staging: - kubectl delete ns $NAMESPACE_DEV_TO_STAGING-mr when: manual environment: - name: review/dev_to_staging + name: review/dev_to_staging/$NAMESPACE_DEV_TO_STAGING-mr action: stop ### staging branch merged ### -- GitLab From 0e9124e48355e613285d8b8932a8503e0fa7b035 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 27 Nov 2024 17:37:46 +0100 Subject: [PATCH 362/392] name: review/dev_to_staging/$CI_COMMIT_REF_SLUG --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index db7eefc..2b07991 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -80,7 +80,7 @@ deploy_ocf_staging: - prep_ocf_cd_staging <<: *staging_common environment: - name: review/dev_to_staging/$NAMESPACE_DEV_TO_STAGING-mr + name: review/dev_to_staging/$CI_COMMIT_REF_SLUG url: https://capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV on_stop: delete_ocf_staging auto_stop_in: 3 day @@ -245,7 +245,7 @@ delete_ocf_staging: - kubectl delete ns $NAMESPACE_DEV_TO_STAGING-mr when: manual environment: - name: review/dev_to_staging/$NAMESPACE_DEV_TO_STAGING-mr + name: review/dev_to_staging/$CI_COMMIT_REF_SLUG action: stop ### staging branch merged ### -- GitLab From 5f8a8e4293e4a766ffab07903e8d8b6e651eac6c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 28 Nov 2024 08:44:07 +0100 Subject: [PATCH 363/392] dev_common --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 2b07991..d41a760 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -36,6 +36,8 @@ variables: when: never - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' when: never + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + when: never - when: always tags: - shell -- GitLab From 86ef1930bd3bc255bec8ed81332e64361512dc11 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Thu, 28 Nov 2024 08:47:16 +0100 Subject: [PATCH 364/392] dev_common in ci --- capif/templates/ci_dev.gitlab-ci.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 7b877b2..3edbc00 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -26,6 +26,8 @@ dev_secrets_in_repo: when: never - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' when: never + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + when: never - when: always script: - | @@ -45,6 +47,8 @@ dev_linting_code: when: never - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' when: never + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + when: never - when: always script: - | @@ -63,6 +67,8 @@ dev_linting_docker: when: never - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' when: never + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + when: never - when: always script: - | @@ -111,6 +117,8 @@ dev_build_and_push: when: never - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' when: never + - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' + when: never - when: always needs: - dev_linting_code -- GitLab From acb6564f056ad8cefde8fc340f971b054ed1bf4b Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 13 Jan 2025 15:22:43 +0100 Subject: [PATCH 365/392] test CAPIF_DOCKER_REGISTRY -> CI_JOB_TOKEN --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 68086b7..48af42f 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -245,7 +245,7 @@ staging_build_and_push: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - docker login --username $CI_REGISTRY_USER --password $CI_JOB_TOKEN $CI_REGISTRY - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From 4cebd675427caa7846eec488c0e71d7418855be8 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 13 Jan 2025 16:01:05 +0100 Subject: [PATCH 366/392] refactor: update docker login command to use password-stdin for security --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 48af42f..b34f0b0 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -245,7 +245,7 @@ staging_build_and_push: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CI_JOB_TOKEN $CI_REGISTRY + - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From 1e63af9e33108751d1961e364e935a91616881c6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 13 Jan 2025 16:51:04 +0100 Subject: [PATCH 367/392] refactor: update docker login command to use CI_JOB_TOKEN for improved security --- capif/templates/ci_dev.gitlab-ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 3edbc00..df5ce9d 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -128,7 +128,8 @@ dev_build_and_push: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY +# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From 329a570e44b276f14b1e631d421de0f2533d409d Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 15 Jan 2025 08:20:23 +0100 Subject: [PATCH 368/392] refactor: comment out unused CI variables in ci_dev.gitlab-ci.yml --- capif/templates/ci_dev.gitlab-ci.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index df5ce9d..3f6825a 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -6,11 +6,11 @@ stages: - dev_build_and_push variables: - CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY +# CI_REGISTRY_USER: $CI_REGISTRY_USER +# CI_REGISTRY: $CI_REGISTRY +# CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .dev_common: &dev_common -- GitLab From 0dfabce2d74eb0e01d6b1bc5a4cc34e12f653f08 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 15 Jan 2025 13:22:01 +0100 Subject: [PATCH 369/392] refactor: comment out unused CI variables and update docker login command for security --- capif/.gitlab-ci.yml | 10 +++++----- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 4 ++-- capif/templates/ci_dev.gitlab-ci.yml | 1 - capif/templates/ci_staging.gitlab-ci.yml | 8 ++++---- capif/templates/ci_unit_test.gitlab-ci.yml | 8 ++++---- capif/templates/cicd-deploy-release.gitlab-ci.yml | 8 ++++---- 6 files changed, 19 insertions(+), 20 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index c521998..7c6935a 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -30,13 +30,13 @@ stages: variables: GITLAB_API: "https://labs.etsi.org/api/v4" - CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "true" PROJECT_ID: "294" SAST_EXCLUDED_ANALYZERS: "nodejs-scan" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY +# CI_REGISTRY_USER: $CI_REGISTRY_USER +# CI_REGISTRY: $CI_REGISTRY +# CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .main_common: &main_common @@ -230,7 +230,7 @@ main_build_and_push: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index d41a760..b715118 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -11,13 +11,13 @@ variables: DOMAIN_STAGING: ocf.validation DOMAIN_DEV: ocf.develop DOMAIN_PROD: prod.int - CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_JOB_TOKEN: $CI_JOB_TOKEN IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG VAULT_HOSTNAME: $VAULT_HOSTNAME VAULT_PORT: $VAULT_PORT VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN - CI_REGISTRY: $CI_REGISTRY +# CI_REGISTRY: $CI_REGISTRY .staging_common: &staging_common only: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 3f6825a..40b392c 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -128,7 +128,6 @@ dev_build_and_push: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" -# - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin - echo "----------------------------------------------------" - echo "### build and push nginx image###" diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index b34f0b0..0c39c89 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -10,11 +10,11 @@ stages: - staging_build_and_push_mr variables: - CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY +# CI_REGISTRY_USER: $CI_REGISTRY_USER +# CI_REGISTRY: $CI_REGISTRY +# CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .staging_common: &staging_common only: diff --git a/capif/templates/ci_unit_test.gitlab-ci.yml b/capif/templates/ci_unit_test.gitlab-ci.yml index 32f606f..74288a5 100644 --- a/capif/templates/ci_unit_test.gitlab-ci.yml +++ b/capif/templates/ci_unit_test.gitlab-ci.yml @@ -2,11 +2,11 @@ stages: - staging_unit_tests variables: - CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY - CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY +# CI_REGISTRY_USER: $CI_REGISTRY_USER +# CI_REGISTRY: $CI_REGISTRY +# CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY .staging_common: &staging_common only: diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 5b98508..9408eb8 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -3,10 +3,10 @@ stages: - deploy_ocf_prod variables: - CI_JOB_TOKEN: $CI_JOB_TOKEN +# CI_JOB_TOKEN: $CI_JOB_TOKEN CI_DEBUG_TRACE: "false" - CI_REGISTRY_USER: $CI_REGISTRY_USER - CI_REGISTRY: $CI_REGISTRY +# CI_REGISTRY_USER: $CI_REGISTRY_USER +# CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY NAMESPACE_PROD: "ocf-prod" DOMAIN_PROD: prod.int @@ -33,7 +33,7 @@ prod_build_and_push: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From f54f48b76cf82308c617a385e82f234e609b9f2c Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 15 Jan 2025 13:30:44 +0100 Subject: [PATCH 370/392] refactor: update docker login command in ci_staging.gitlab-ci.yml to use password-stdin for security --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 0c39c89..94209bf 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -177,7 +177,7 @@ staging_grype_cvs: cd services/$IMAGE_NAME/ # Login to Docker registry - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin # Build Docker image docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/$IMAGE_LOWER:$CI_COMMIT_REF_SLUG . -- GitLab From 9ba64b5140eae22866ebffdb924f75407104d3de Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Wed, 15 Jan 2025 15:05:03 +0100 Subject: [PATCH 371/392] refactor: update docker login command in ci_staging.gitlab-ci.yml to use password-stdin for improved security --- capif/templates/ci_staging.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 94209bf..fafbc45 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -338,7 +338,7 @@ staging_build_and_push_mr: - export TMP_PWD=$PWD - echo "TMP_PWD=$TMP_PWD" - echo "### docker login###" - - docker login --username $CI_REGISTRY_USER --password $CAPIF_DOCKER_REGISTRY $CI_REGISTRY + - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin - echo "----------------------------------------------------" - echo "### build and push nginx image###" - cd $TMP_PWD/services/nginx/ -- GitLab From bc0846d7ba6bcc2813409594ca97434950f3cf44 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 11:50:59 +0100 Subject: [PATCH 372/392] refactor: update capifHostname environment variable references in CD configuration files --- capif/.gitlab-ci.yml | 6 +++++- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 +++++- capif/templates/cicd-deploy-release.gitlab-ci.yml | 6 +++++- 3 files changed, 15 insertions(+), 3 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 7c6935a..0f8e33b 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -598,7 +598,7 @@ deploy_ocf_main: --set otelcollector.configMap.tempoEndpoint=ocf-main-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ + --set ocf-access-control-policy.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ @@ -612,6 +612,7 @@ deploy_ocf_main: --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -619,6 +620,7 @@ deploy_ocf_main: --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -626,6 +628,7 @@ deploy_ocf_main: --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-events.env.logLevel="INFO" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ @@ -659,6 +662,7 @@ deploy_ocf_main: --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-publish-service-api.env.logLevel="INFO" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index b715118..8530d1f 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -131,7 +131,7 @@ deploy_ocf_staging: --set otelcollector.configMap.tempoEndpoint=ocf-pre-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ + --set ocf-access-control-policy.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-access-control-policy.env.logLevel="INFO" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ @@ -145,6 +145,7 @@ deploy_ocf_staging: --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -152,6 +153,7 @@ deploy_ocf_staging: --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -159,6 +161,7 @@ deploy_ocf_staging: --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-events.env.logLevel="INFO" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ @@ -192,6 +195,7 @@ deploy_ocf_staging: --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-publish-service-api.env.logLevel="INFO" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 9408eb8..eb36b71 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -165,7 +165,7 @@ prod_build_and_push: # --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \ # --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ # --set ocf-access-control-policy.image.tag=staging \ -# --set ocf-access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ +# --set ocf-access-control-policy.env.capifHostname=capif-staging.$DOMAIN_STAGING \ # --set ocf-access-control-policy.monitoring="true" \ # --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ # --set ocf-api-invocation-logs.image.tag=staging \ @@ -177,18 +177,21 @@ prod_build_and_push: # --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ # --set ocf-api-invoker-management.image.tag=staging \ # --set ocf-api-invoker-management.env.monitoring="true" \ +# --set ocf-api-invoker-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ # --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ # --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ # --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ # --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ # --set ocf-api-provider-management.image.tag=staging \ # --set ocf-api-provider-management.env.monitoring="true" \ +# --set ocf-api-provider-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ # --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ # --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ # --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ # --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ # --set ocf-events.image.tag=staging \ # --set ocf-events.env.monitoring="true" \ +# --set ocf-events.env.capifHostname=capif-staging.$DOMAIN_STAGING \ # --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ # --set ocf-routing-info.image.tag=staging \ # --set ocf-routing-info.env.monitoring="true" \ @@ -217,6 +220,7 @@ prod_build_and_push: # --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ # --set ocf-publish-service-api.image.tag=staging \ # --set ocf-publish-service-api.env.monitoring="true" \ +# --set ocf-publish-service-api.env.capifHostname=capif-staging.$DOMAIN_STAGING \ # --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ # --set ocf-discover-service-api.image.tag=staging \ # --set ocf-discover-service-api.env.monitoring="true" \ -- GitLab From c56615122dd6febda4f1ae381edcaf27498e1a63 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 12:03:12 +0100 Subject: [PATCH 373/392] refactor: update capifHostname references in deployment configurations for consistency --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 8530d1f..87df4b4 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -315,7 +315,7 @@ deploy_ocf_oficial_staging: --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=staging \ - --set ocf-access-control-policy.image.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set ocf-access-control-policy.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=staging \ @@ -327,18 +327,21 @@ deploy_ocf_oficial_staging: --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=staging \ --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=staging \ --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ --set ocf-events.image.tag=staging \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ --set ocf-routing-info.image.tag=staging \ --set ocf-routing-info.env.monitoring="true" \ @@ -366,6 +369,7 @@ deploy_ocf_oficial_staging: --set ocf-auditing-api-logs.env.monitoring="true" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=staging \ + --set ocf-publish-service-api.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-publish-service-api.env.monitoring="true" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=staging \ @@ -482,7 +486,7 @@ deploy_ocf_dev: --set otelcollector.configMap.tempoEndpoint=ocf-developer-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ - --set ocf-access-control-policy.image.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ + --set ocf-access-control-policy.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-access-control-policy.env.logLevel="DEBUG" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ @@ -496,6 +500,7 @@ deploy_ocf_dev: --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ @@ -503,6 +508,7 @@ deploy_ocf_dev: --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ @@ -510,6 +516,7 @@ deploy_ocf_dev: --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-events.env.logLevel="DEBUG" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ @@ -543,6 +550,7 @@ deploy_ocf_dev: --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.capifHostname=capif-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV \ --set ocf-publish-service-api.env.logLevel="DEBUG" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ -- GitLab From 8a697b1ce819635a05b884cb61bd8537a2280a06 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 13:27:34 +0100 Subject: [PATCH 374/392] refactor: change log level from INFO to DEBUG in deployment configurations for improved debugging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 38 ++++++++++++++------- 1 file changed, 25 insertions(+), 13 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 87df4b4..ee69314 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -133,7 +133,7 @@ deploy_ocf_staging: --set ocf-access-control-policy.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-access-control-policy.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-access-control-policy.monitoring="true" \ - --set ocf-access-control-policy.env.logLevel="INFO" \ + --set ocf-access-control-policy.env.logLevel="DEBUG" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invocation-logs.env.monitoring="true" \ @@ -141,7 +141,7 @@ deploy_ocf_staging: --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-api-invocation-logs.env.logLevel="INFO" \ + --set ocf-api-invocation-logs.env.logLevel="DEBUG" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-invoker-management.env.monitoring="true" \ @@ -149,7 +149,7 @@ deploy_ocf_staging: --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-api-invoker-management.env.logLevel="INFO" \ + --set ocf-api-invoker-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-api-provider-management.env.monitoring="true" \ @@ -157,16 +157,16 @@ deploy_ocf_staging: --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-api-provider-management.env.logLevel="INFO" \ + --set ocf-api-provider-management.env.logLevel="DEBUG" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-events.env.monitoring="true" \ --set ocf-events.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ - --set ocf-events.env.logLevel="INFO" \ + --set ocf-events.env.logLevel="DEBUG" \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set ocf-routing-info.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-routing-info.env.monitoring="true" \ - --set ocf-routing-info.env.logLevel="INFO" \ + --set ocf-routing-info.env.logLevel="DEBUG" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set ocf-security.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-security.env.monitoring="true" \ @@ -174,7 +174,7 @@ deploy_ocf_staging: --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ - --set ocf-security.env.logLevel="INFO" \ + --set ocf-security.env.logLevel="DEBUG" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ @@ -187,20 +187,20 @@ deploy_ocf_staging: --set ocf-register.ingress.hosts[0].host=register-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set ocf-register.ingress.hosts[0].paths[0].path="/" \ --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set ocf-register.env.logLevel="INFO" \ + --set ocf-register.env.logLevel="DEBUG" \ --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-auditing-api-logs.env.monitoring="true" \ - --set ocf-auditing-api-logs.env.logLevel="INFO" \ + --set ocf-auditing-api-logs.env.logLevel="DEBUG" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-publish-service-api.env.monitoring="true" \ --set ocf-publish-service-api.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ - --set ocf-publish-service-api.env.logLevel="INFO" \ + --set ocf-publish-service-api.env.logLevel="DEBUG" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-discover-service-api.env.monitoring="true" \ - --set ocf-discover-service-api.env.logLevel="INFO" \ + --set ocf-discover-service-api.env.logLevel="DEBUG" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ @@ -218,7 +218,7 @@ deploy_ocf_staging: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ocf-helper.env.capifHostname=capif-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ - --set ocf-helper.env.logLevel="INFO" \ + --set ocf-helper.env.logLevel="DEBUG" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server \ --set mock-server.image.tag=$CI_COMMIT_REF_SLUG \ @@ -226,7 +226,7 @@ deploy_ocf_staging: --set mock-server.ingress.hosts[0].host=mock-server-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ - --set mock-server.env.logLevel="INFO" \ + --set mock-server.env.logLevel="DEBUG" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV" \ @@ -315,11 +315,13 @@ deploy_ocf_oficial_staging: --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \ --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ --set ocf-access-control-policy.image.tag=staging \ + --set ocf-access-control-policy.env.logLevel="DEBUG" \ --set ocf-access-control-policy.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-access-control-policy.monitoring="true" \ --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ --set ocf-api-invocation-logs.image.tag=staging \ --set ocf-api-invocation-logs.env.monitoring="true" \ + --set ocf-api-invocation-logs.env.logLevel="DEBUG" \ --set ocf-api-invocation-logs.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ @@ -327,6 +329,7 @@ deploy_ocf_oficial_staging: --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=staging \ --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.logLevel="DEBUG" \ --set ocf-api-invoker-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ @@ -334,6 +337,7 @@ deploy_ocf_oficial_staging: --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=staging \ --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.logLevel="DEBUG" \ --set ocf-api-provider-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ @@ -341,12 +345,14 @@ deploy_ocf_oficial_staging: --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ --set ocf-events.image.tag=staging \ --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.logLevel="DEBUG" \ --set ocf-events.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ --set ocf-routing-info.image.tag=staging \ --set ocf-routing-info.env.monitoring="true" \ --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ --set ocf-security.image.tag=staging \ + --set ocf-security.env.logLevel="DEBUG" \ --set ocf-security.env.monitoring="true" \ --set ocf-security.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ @@ -354,6 +360,7 @@ deploy_ocf_oficial_staging: --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ --set ocf-register.image.tag=staging \ + --set ocf-register.env.logLevel="DEBUG" \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-register.env.vaultPort=$VAULT_PORT \ @@ -367,13 +374,16 @@ deploy_ocf_oficial_staging: --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ --set ocf-auditing-api-logs.image.tag=staging \ --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-auditing-api-logs.env.logLevel="DEBUG" \ --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ --set ocf-publish-service-api.image.tag=staging \ --set ocf-publish-service-api.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.logLevel="DEBUG" \ --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ --set ocf-discover-service-api.image.tag=staging \ --set ocf-discover-service-api.env.monitoring="true" \ + --set ocf-discover-service-api.env.logLevel="DEBUG" \ --set nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ --set nginx.image.tag=staging \ --set nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ @@ -390,6 +400,7 @@ deploy_ocf_oficial_staging: --set ocf-helper.env.vaultPort=$VAULT_PORT \ --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ + --set ocf-helper.env.logLevel="DEBUG" \ --set mock-server.enabled=true \ --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \ --set mock-server.image.tag=staging \ @@ -397,6 +408,7 @@ deploy_ocf_oficial_staging: --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mock-server.env.logLevel="DEBUG" \ --set mongo-register-express.enabled=true \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ -- GitLab From 4d4642bff9f1688388cf2a799bf2cb7674fdb84e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 15:34:06 +0100 Subject: [PATCH 375/392] refactor: improve security by updating docker login command in ci_staging.gitlab-ci.yml to use password-stdin - enabling pipeline releasing when tag --- .../cicd-deploy-release.gitlab-ci.yml | 304 +++++++++--------- 1 file changed, 152 insertions(+), 152 deletions(-) diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index eb36b71..919b2f1 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -9,17 +9,17 @@ variables: # CI_REGISTRY: $CI_REGISTRY CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY NAMESPACE_PROD: "ocf-prod" - DOMAIN_PROD: prod.int + DOMAIN_PROD: ocf.production PATH_PROD: prod # it will only run when a new tag that starts with ‘v{major.minor.patch}-release’ is pushed # to the repository. -#.release_common: &relase_common -# rules: -## - if: '$CI_COMMIT_TAG =~ /^.*-release$/' -# - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' -# tags: -# - shell +.release_common: &relase_common + rules: +# - if: '$CI_COMMIT_TAG =~ /^.*-release$/' + - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/' + tags: + - shell prod_build_and_push: stage: prod_build_and_push @@ -113,148 +113,148 @@ prod_build_and_push: - docker logout $CI_REGISTRY -#deploy_ocf_prod: -# stage: deploy_ocf_prod -# needs: -# - prod_build_and_push -# <<: *relase_common -# environment: -# name: review/production -# url: https://$NAMESPACE_PROD.$DOMAIN_PROD -# script: -# - | -# echo "------ A release has been created! -------" -# helm version -# kubectl version --output=yaml -# echo "### setting kubeconfig###" -# whoami -# kubectl cluster-info -# yq --version -# ls -rtt helm/capif -# cat helm/capif/Chart.yaml -# yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml -# cat helm/capif/Chart.yaml -# -# charts=("mock-server" "nginx" "ocf-access-control-policy" -# "ocf-api-invocation-logs" "ocf-api-invoker-management" -# "ocf-api-provider-management" "ocf-auditing-api-logs" -# "ocf-discover-service-api" "ocf-events" "ocf-helper" -# "ocf-publish-service-api" "ocf-register" "ocf-routing-info" -# "ocf-security") -# -# for chart in "${charts[@]}"; do -# yq e -i ".appVersion = \"staging\"" "helm/capif/charts/$chart/Chart.yaml" -# done -# -# -# echo "### download dependencies###" -# helm dependency build helm/capif -# echo "### updating capif###" -# helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ \ -# --set grafana.enabled=true \ -# --set grafana.ingress.enabled=true \ -# --set grafana.ingress.hosts[0].host=ocf-mon-staging.$DOMAIN_STAGING \ -# --set grafana.ingress.hosts[0].paths[0].path="/" \ -# --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set grafana.env.prometheusUrl=http://prometheus.ocf.pre-production \ -# --set grafana.env.tempoUrl="http://ocf-staging-tempo:3100" \ -# --set fluentbit.enabled=true \ -# --set loki.enabled=true \ -# --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ -# --set otelcollector.enabled=true \ -# --set otelcollector.configMap.tempoEndpoint=ocf-staging-tempo:4317 \ -# --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ -# --set ocf-access-control-policy.image.tag=staging \ -# --set ocf-access-control-policy.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-access-control-policy.monitoring="true" \ -# --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ -# --set ocf-api-invocation-logs.image.tag=staging \ -# --set ocf-api-invocation-logs.env.monitoring="true" \ -# --set ocf-api-invocation-logs.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ -# --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ -# --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ -# --set ocf-api-invoker-management.image.tag=staging \ -# --set ocf-api-invoker-management.env.monitoring="true" \ -# --set ocf-api-invoker-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ -# --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ -# --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ -# --set ocf-api-provider-management.image.tag=staging \ -# --set ocf-api-provider-management.env.monitoring="true" \ -# --set ocf-api-provider-management.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ -# --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ -# --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ -# --set ocf-events.image.tag=staging \ -# --set ocf-events.env.monitoring="true" \ -# --set ocf-events.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ -# --set ocf-routing-info.image.tag=staging \ -# --set ocf-routing-info.env.monitoring="true" \ -# --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ -# --set ocf-security.image.tag=staging \ -# --set ocf-security.env.monitoring="true" \ -# --set ocf-security.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ -# --set ocf-security.env.vaultPort=$VAULT_PORT \ -# --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ -# --set ocf-register.image.tag=staging \ -# --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ -# --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ocf-register.env.vaultPort=$VAULT_PORT \ -# --set ocf-register.env.mongoHost=mongo-register \ -# --set ocf-register.env.mongoPort=27017 \ -# --set ocf-register.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-register.ingress.enabled=true \ -# --set ocf-register.ingress.hosts[0].host=register-staging.$DOMAIN_STAGING \ -# --set ocf-register.ingress.hosts[0].paths[0].path="/" \ -# --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ -# --set ocf-auditing-api-logs.image.tag=staging \ -# --set ocf-auditing-api-logs.env.monitoring="true" \ -# --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ -# --set ocf-publish-service-api.image.tag=staging \ -# --set ocf-publish-service-api.env.monitoring="true" \ -# --set ocf-publish-service-api.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ -# --set ocf-discover-service-api.image.tag=staging \ -# --set ocf-discover-service-api.env.monitoring="true" \ -# --set nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ -# --set nginx.image.tag=staging \ -# --set nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ -# --set nginx.env.vaultPort=$VAULT_PORT \ -# --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set nginx.ingress.enabled=true \ -# --set nginx.ingress.hosts[0].host=capif-staging.$DOMAIN_STAGING \ -# --set nginx.ingress.hosts[0].paths[0].path="/" \ -# --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/staging/helper \ -# --set ocf-helper.image.tag=staging \ -# --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ -# --set ocf-helper.env.vaultPort=$VAULT_PORT \ -# --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ -# --set ocf-helper.env.capifHostname=capif-staging.$DOMAIN_STAGING \ -# --set mock-server.enabled=true \ -# --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/staging/mock-server \ -# --set mock-server.image.tag=staging \ -# --set mock-server.ingress.enabled=true \ -# --set mock-server.ingress.hosts[0].host=mock-server-staging.$DOMAIN_STAGING \ -# --set mock-server.ingress.hosts[0].paths[0].path="/" \ -# --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set mongo-register-express.enabled=true \ -# --set mongo-register-express.ingress.enabled=true \ -# --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ -# --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ -# --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --set mongo-express.enabled=true \ -# --set mongo-express.ingress.enabled=true \ -# --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ -# --set mongo-express.ingress.hosts[0].paths[0].path="/" \ -# --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ -# --wait --timeout=10m --create-namespace --atomic \ No newline at end of file +deploy_ocf_prod: + stage: deploy_ocf_prod + needs: + - prod_build_and_push + <<: *relase_common + environment: + name: review/production + url: https://$NAMESPACE_PROD.$DOMAIN_PROD + script: + - | + echo "------ A release has been created! -------" + helm version + kubectl version --output=yaml + echo "### setting kubeconfig###" + whoami + kubectl cluster-info + yq --version + ls -rtt helm/capif + cat helm/capif/Chart.yaml + yq e -i ".appVersion = \"prod\"" helm/capif/Chart.yaml + cat helm/capif/Chart.yaml + + charts=("mock-server" "nginx" "ocf-access-control-policy" + "ocf-api-invocation-logs" "ocf-api-invoker-management" + "ocf-api-provider-management" "ocf-auditing-api-logs" + "ocf-discover-service-api" "ocf-events" "ocf-helper" + "ocf-publish-service-api" "ocf-register" "ocf-routing-info" + "ocf-security") + + for chart in "${charts[@]}"; do + yq e -i ".appVersion = \"prod\"" "helm/capif/charts/$chart/Chart.yaml" + done + + + echo "### download dependencies###" + helm dependency build helm/capif + echo "### updating capif###" + helm upgrade --install -n $NAMESPACE_PROD ocf-prod helm/capif/ \ + --set grafana.enabled=true \ + --set grafana.ingress.enabled=true \ + --set grafana.ingress.hosts[0].host=ocf-mon-prod.$DOMAIN_PROD \ + --set grafana.ingress.hosts[0].paths[0].path="/" \ + --set grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set grafana.env.prometheusUrl=http://prometheus.$DOMAIN_PROD \ + --set grafana.env.tempoUrl="http://ocf-prod-tempo:3100" \ + --set fluentbit.enabled=true \ + --set loki.enabled=true \ + --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.$DOMAIN_PROD/api/v1/write \ + --set otelcollector.enabled=true \ + --set otelcollector.configMap.tempoEndpoint=ocf-prod-tempo:4317 \ + --set ocf-access-control-policy.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-access-control-policy-api \ + --set ocf-access-control-policy.image.tag=$CI_COMMIT_TAG \ + --set ocf-access-control-policy.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-access-control-policy.monitoring="true" \ + --set ocf-api-invocation-logs.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-logging-api-invocation-api \ + --set ocf-api-invocation-logs.image.tag=$CI_COMMIT_TAG \ + --set ocf-api-invocation-logs.env.monitoring="true" \ + --set ocf-api-invocation-logs.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-invoker-management-api \ + --set ocf-api-invoker-management.image.tag=$CI_COMMIT_TAG \ + --set ocf-api-invoker-management.env.monitoring="true" \ + --set ocf-api-invoker-management.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-api-provider-management-api \ + --set ocf-api-provider-management.image.tag=$CI_COMMIT_TAG \ + --set ocf-api-provider-management.env.monitoring="true" \ + --set ocf-api-provider-management.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-events-api \ + --set ocf-events.image.tag=$CI_COMMIT_TAG \ + --set ocf-events.env.monitoring="true" \ + --set ocf-events.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-routing-info.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-routing-info-api \ + --set ocf-routing-info.image.tag=$CI_COMMIT_TAG \ + --set ocf-routing-info.env.monitoring="true" \ + --set ocf-security.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-security-api \ + --set ocf-security.image.tag=$CI_COMMIT_TAG \ + --set ocf-security.env.monitoring="true" \ + --set ocf-security.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-security.env.vaultPort=$VAULT_PORT \ + --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/register \ + --set ocf-register.image.tag=$CI_COMMIT_TAG \ + --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-register.env.vaultPort=$VAULT_PORT \ + --set ocf-register.env.mongoHost=mongo-register \ + --set ocf-register.env.mongoPort=27017 \ + --set ocf-register.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-register.ingress.enabled=true \ + --set ocf-register.ingress.hosts[0].host=register-prod.$DOMAIN_PROD \ + --set ocf-register.ingress.hosts[0].paths[0].path="/" \ + --set ocf-register.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-auditing-api-logs.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-auditing-api \ + --set ocf-auditing-api-logs.image.tag=$CI_COMMIT_TAG \ + --set ocf-auditing-api-logs.env.monitoring="true" \ + --set ocf-publish-service-api.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-publish-service-api \ + --set ocf-publish-service-api.image.tag=$CI_COMMIT_TAG \ + --set ocf-publish-service-api.env.monitoring="true" \ + --set ocf-publish-service-api.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set ocf-discover-service-api.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/ocf-discover-service-api \ + --set ocf-discover-service-api.image.tag=$CI_COMMIT_TAG \ + --set ocf-discover-service-api.env.monitoring="true" \ + --set nginx.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/nginx \ + --set nginx.image.tag=$CI_COMMIT_TAG \ + --set nginx.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ + --set nginx.env.vaultPort=$VAULT_PORT \ + --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set nginx.ingress.enabled=true \ + --set nginx.ingress.hosts[0].host=capif-prod.$DOMAIN_PROD \ + --set nginx.ingress.hosts[0].paths[0].path="/" \ + --set nginx.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set ocf-helper.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/helper \ + --set ocf-helper.image.tag=$CI_COMMIT_TAG \ + --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ + --set ocf-helper.env.vaultPort=$VAULT_PORT \ + --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN_PROD \ + --set ocf-helper.env.capifHostname=capif-prod.$DOMAIN_PROD \ + --set mock-server.enabled=true \ + --set mock-server.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server \ + --set mock-server.image.tag=$CI_COMMIT_TAG \ + --set mock-server.ingress.enabled=true \ + --set mock-server.ingress.hosts[0].host=mock-server-prod.$DOMAIN_PROD \ + --set mock-server.ingress.hosts[0].paths[0].path="/" \ + --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-register-express.enabled=true \ + --set mongo-register-express.ingress.enabled=true \ + --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-prod.$DOMAIN_PROD" \ + --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo-express.enabled=true \ + --set mongo-express.ingress.enabled=true \ + --set mongo-express.ingress.hosts[0].host="mongo-express-prod.$DOMAIN_PROD" \ + --set mongo-express.ingress.hosts[0].paths[0].path="/" \ + --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --wait --timeout=10m --create-namespace --atomic \ No newline at end of file -- GitLab From 3283abd540d1cf97e84db56e4e732a921667ad09 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 16:10:21 +0100 Subject: [PATCH 376/392] refactor: add build and push steps for helper image in CI configuration --- capif/.gitlab-ci.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 0f8e33b..4405b8e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -297,6 +297,11 @@ main_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push helper image###" + - cd $TMP_PWD/services/helper/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - echo "### build and push mock-server image###" - cd $TMP_PWD/services/mock_server/ - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . -- GitLab From a5bdd78ce2f04af540bc6c6fdf633d082be0ada0 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 16:15:29 +0100 Subject: [PATCH 377/392] refactor: update vaultAccessToken references to use vaultHostnameProd for consistency --- capif/.gitlab-ci.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 4405b8e..d29cdd6 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -612,7 +612,7 @@ deploy_ocf_main: --set ocf-api-invocation-logs.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invocation-logs.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invocation-logs.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invocation-logs.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set ocf-api-invocation-logs.env.logLevel="INFO" \ --set ocf-api-invoker-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set ocf-api-invoker-management.image.tag=$CI_COMMIT_REF_SLUG \ @@ -620,7 +620,7 @@ deploy_ocf_main: --set ocf-api-invoker-management.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-invoker-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-invoker-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-invoker-management.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set ocf-api-invoker-management.env.logLevel="INFO" \ --set ocf-api-provider-management.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set ocf-api-provider-management.image.tag=$CI_COMMIT_REF_SLUG \ @@ -628,7 +628,7 @@ deploy_ocf_main: --set ocf-api-provider-management.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-api-provider-management.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-api-provider-management.env.vaultPort=$VAULT_PORT \ - --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-api-provider-management.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set ocf-api-provider-management.env.logLevel="INFO" \ --set ocf-events.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set ocf-events.image.tag=$CI_COMMIT_REF_SLUG \ @@ -645,12 +645,12 @@ deploy_ocf_main: --set ocf-security.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-security.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-security.env.vaultPort=$VAULT_PORT \ - --set ocf-security.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-security.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set ocf-security.env.logLevel="INFO" \ --set ocf-register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set ocf-register.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-register.env.vaultHostname=$VAULT_HOSTNAME \ - --set ocf-register.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-register.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set ocf-register.env.vaultPort=$VAULT_PORT \ --set ocf-register.env.mongoHost=mongo-register \ --set ocf-register.env.mongoPort=27017 \ @@ -678,7 +678,7 @@ deploy_ocf_main: --set nginx.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set nginx.env.vaultHostname=$VAULT_HOSTNAME \ --set nginx.env.vaultPort=$VAULT_PORT \ - --set nginx.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set nginx.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set nginx.ingress.enabled=true \ --set nginx.ingress.hosts[0].host=capif-main.$DOMAIN_PRE_PROD \ --set nginx.ingress.hosts[0].paths[0].path="/" \ @@ -688,7 +688,7 @@ deploy_ocf_main: --set ocf-helper.image.tag=$CI_COMMIT_REF_SLUG \ --set ocf-helper.env.vaultHostname=$VAULT_HOSTNAME \ --set ocf-helper.env.vaultPort=$VAULT_PORT \ - --set ocf-helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ + --set ocf-helper.env.vaultAccessToken=$VAULT_HOSTNAME_PROD \ --set ocf-helper.env.capifHostname=capif-main.$DOMAIN_PRE_PROD \ --set ocf-helper.env.logLevel="INFO" \ --set mock-server.enabled=true \ -- GitLab From f8eb7c91848f0a260ef453ab006ec506bf569287 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 16:28:17 +0100 Subject: [PATCH 378/392] refactor: add before_script to deploy_ocf_prod for cluster information logging --- capif/templates/cicd-deploy-release.gitlab-ci.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 919b2f1..27d51fb 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -115,6 +115,10 @@ prod_build_and_push: deploy_ocf_prod: stage: deploy_ocf_prod + before_script: + - echo "--- cluster production ---" + - export KUBECONFIG=$KUBECONFIG_PROD + - kubectl cluster-info needs: - prod_build_and_push <<: *relase_common -- GitLab From 02caec53ff8b58f56029c97fe0bd5a410a59a846 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 17 Jan 2025 16:35:41 +0100 Subject: [PATCH 379/392] refactor: update appVersion in Chart.yaml to use CI_COMMIT_TAG for dynamic versioning --- capif/templates/cicd-deploy-release.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 27d51fb..ca3e631 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -147,7 +147,7 @@ deploy_ocf_prod: "ocf-security") for chart in "${charts[@]}"; do - yq e -i ".appVersion = \"prod\"" "helm/capif/charts/$chart/Chart.yaml" + yq e -i ".appVersion = \"$CI_COMMIT_TAG\"" "helm/capif/charts/$chart/Chart.yaml" done -- GitLab From dd38a4ac068ec8d571d8dd1c868bcb8e1055c7aa Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 21 Feb 2025 11:32:54 +0100 Subject: [PATCH 380/392] refactor: update mongo and mongo-express image repositories and tags in CI configuration --- capif/.gitlab-ci.yml | 6 ++++++ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 18 ++++++++++++++++++ .../cicd-deploy-release.gitlab-ci.yml | 6 ++++++ 3 files changed, 30 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index d29cdd6..320e0b9 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -699,12 +699,18 @@ deploy_ocf_main: --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="INFO" \ + --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ + --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-main.$DOMAIN_PRE_PROD" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ + --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-main.$DOMAIN_PRE_PROD" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ee69314..5aa5e17 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -227,12 +227,18 @@ deploy_ocf_staging: --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ + --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ + --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ + --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ @@ -409,12 +415,18 @@ deploy_ocf_oficial_staging: --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ + --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ + --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ + --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ @@ -594,12 +606,18 @@ deploy_ocf_dev: --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ + --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ + --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ + --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index ca3e631..219e925 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -251,12 +251,18 @@ deploy_ocf_prod: --set mock-server.ingress.hosts[0].host=mock-server-prod.$DOMAIN_PROD \ --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ + --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-prod.$DOMAIN_PROD" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ + --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-prod.$DOMAIN_PROD" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ -- GitLab From 7cd29d3454c3f9473cebad9278161b17eeef3ade Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Fri, 21 Feb 2025 12:17:54 +0100 Subject: [PATCH 381/392] refactor: update Redis image repository and tag in CI configuration for all environments --- capif/.gitlab-ci.yml | 2 ++ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 6 ++++++ capif/templates/cicd-deploy-release.gitlab-ci.yml | 2 ++ 3 files changed, 10 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 320e0b9..5d558d4 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -715,6 +715,8 @@ deploy_ocf_main: --set mongo-express.ingress.hosts[0].host="mongo-express-main.$DOMAIN_PRE_PROD" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ + --set redis.image.tag=7.4.2-alpine \ --wait --timeout=10m --create-namespace --atomic main_rf_testing: diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 5aa5e17..c55ff67 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -243,6 +243,8 @@ deploy_ocf_staging: --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-mr.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ + --set redis.image.tag=7.4.2-alpine \ --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: @@ -431,6 +433,8 @@ deploy_ocf_oficial_staging: --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ + --set redis.image.tag=7.4.2-alpine \ --wait --timeout=10m --create-namespace --atomic ## dev ### @@ -622,6 +626,8 @@ deploy_ocf_dev: --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ + --set redis.image.tag=7.4.2-alpine \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 219e925..5da314a 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -267,4 +267,6 @@ deploy_ocf_prod: --set mongo-express.ingress.hosts[0].host="mongo-express-prod.$DOMAIN_PROD" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ + --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ + --set redis.image.tag=7.4.2-alpine \ --wait --timeout=10m --create-namespace --atomic \ No newline at end of file -- GitLab From 0f4d03c9bffecba83b8d6ffc3e096dda08151d5e Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 24 Feb 2025 12:49:40 +0100 Subject: [PATCH 382/392] refactor: fix line endings in GitLab CI configuration for mongo and mongo-express image tags --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 14 +++++++------- capif/templates/cicd-deploy-release.gitlab-ci.yml | 6 +++--- 2 files changed, 10 insertions(+), 10 deletions(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index c55ff67..b65ac74 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -228,7 +228,7 @@ deploy_ocf_staging: --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ - --set mongo.image.tag=6.0.2 \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ --set mongo-register-express.image.tag=1.0.0-alpha.4 \ @@ -418,17 +418,17 @@ deploy_ocf_oficial_staging: --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ - --set mongo.image.tag=6.0.2 \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ - --set mongo-register-express.image.tag=1.0.0-alpha.4 \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-staging.$DOMAIN_STAGING" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ - --set mongo-express.image.tag=1.0.0-alpha.4 \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-staging.$DOMAIN_STAGING" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ @@ -611,17 +611,17 @@ deploy_ocf_dev: --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mock-server.env.logLevel="DEBUG" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ - --set mongo.image.tag=6.0.2 \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ - --set mongo-register-express.image.tag=1.0.0-alpha.4 \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ - --set mongo-express.image.tag=1.0.0-alpha.4 \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-$CI_ENV_ENDPOINT-dev.$DOMAIN_DEV" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 5da314a..86ab372 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -252,17 +252,17 @@ deploy_ocf_prod: --set mock-server.ingress.hosts[0].paths[0].path="/" \ --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ - --set mongo.image.tag=6.0.2 \ + --set mongo.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ - --set mongo-register-express.image.tag=1.0.0-alpha.4 \ + --set mongo-register-express.image.tag=1.0.0-alpha.4 \ --set mongo-register-express.ingress.enabled=true \ --set mongo-register-express.ingress.hosts[0].host="mongo-express-register-prod.$DOMAIN_PROD" \ --set mongo-register-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-register-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo-express.enabled=true \ --set mongo-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ - --set mongo-express.image.tag=1.0.0-alpha.4 \ + --set mongo-express.image.tag=1.0.0-alpha.4 \ --set mongo-express.ingress.enabled=true \ --set mongo-express.ingress.hosts[0].host="mongo-express-prod.$DOMAIN_PROD" \ --set mongo-express.ingress.hosts[0].paths[0].path="/" \ -- GitLab From 4a1a3aab90c22f57feff748b6cf9c6817cc3de91 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 19 May 2025 16:56:18 +0200 Subject: [PATCH 383/392] refactor: add celery service to CI/CD pipeline and update related configurations --- capif/.gitlab-ci.yml | 25 ++++++++++++++++++- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 16 +++++++++--- capif/templates/ci_dev.gitlab-ci.yml | 11 +++++--- capif/templates/ci_staging.gitlab-ci.yml | 14 +++++++++-- .../cicd-deploy-release.gitlab-ci.yml | 7 +++++- 5 files changed, 63 insertions(+), 10 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 5d558d4..800b119 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -307,6 +307,11 @@ main_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push celery image###" + - cd $TMP_PWD/services/celery/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *main_common @@ -533,6 +538,23 @@ cvs_vault: SECURE_LOG_LEVEL: debug <<: *main_dnd +cvs_celery: + stage: main_container_scanning + needs: + - main_build_and_push + before_script: + - export TMP_PWD=$PWD + - echo "TMP_PWD=$TMP_PWD" + - git clone https://oauth2:${CI_JOB_TOKEN}@labs.etsi.org/rep/ocf/capif.git + extends: container_scanning + variables: + CS_DEFAULT_BRANCH_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG" + CS_IMAGE: "$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG" + CS_REGISTRY_USER: $CI_REGISTRY_USER + CS_REGISTRY_PASSWORD: $CAPIF_DOCKER_REGISTRY + SECURE_LOG_LEVEL: debug + <<: *main_dnd + deploy_ocf_main: stage: deploy_ocf_main before_script: @@ -556,6 +578,7 @@ deploy_ocf_main: - cvs_ocf_routing_info_api - cvs_ocf_security_api - cvs_vault + - cvs_celery <<: *main_common environment: name: review/main @@ -578,7 +601,7 @@ deploy_ocf_main: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security") + "ocf-security" "celery") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"main\"" "helm/capif/charts/$chart/Chart.yaml" diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index b65ac74..b771048 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -104,7 +104,7 @@ deploy_ocf_staging: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security") + "ocf-security" "celery") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" "helm/capif/charts/$chart/Chart.yaml" @@ -298,7 +298,7 @@ deploy_ocf_oficial_staging: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security") + "ocf-security" "celery") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"staging\"" "helm/capif/charts/$chart/Chart.yaml" @@ -488,7 +488,7 @@ deploy_ocf_dev: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security") + "ocf-security" "celery") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" "helm/capif/charts/$chart/Chart.yaml" @@ -628,6 +628,16 @@ deploy_ocf_dev: --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ --set redis.image.tag=7.4.2-alpine \ + --set celery-beat.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ + --set celery-beat.image.tag=$CI_COMMIT_REF_SLUG \ + --set celery-beat.env.celeryModel=beat \ + --set celery-beat.env.redisHost=redis \ + --set celery-beat.env.redisPort=6379 \ + --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ + --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ + --set celery-worker.env.celeryModel=worker \ + --set celery-worker.env.redisHost=redis \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: diff --git a/capif/templates/ci_dev.gitlab-ci.yml b/capif/templates/ci_dev.gitlab-ci.yml index 40b392c..baa82e6 100644 --- a/capif/templates/ci_dev.gitlab-ci.yml +++ b/capif/templates/ci_dev.gitlab-ci.yml @@ -86,10 +86,9 @@ dev_linting_docker: ../hadolint --version # Array of service names - SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + SERVICES=("celery" "vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" - "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" - "vault") + "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API") # Loop over service names for SERVICE in "${SERVICES[@]}"; do @@ -205,5 +204,11 @@ dev_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push celery image###" + - cd $TMP_PWD/services/celery/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" + - docker logout $CI_REGISTRY <<: *dev_common \ No newline at end of file diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index fafbc45..462105b 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -98,7 +98,7 @@ staging_linting_docker: ../hadolint --version # Array of service names - SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + SERVICES=("celery" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") @@ -160,7 +160,7 @@ staging_grype_cvs: echo "TMP_PWD=$TMP_PWD" # Array of image names - IMAGE_NAMES=("nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" + IMAGE_NAMES=("nginx" "celery" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API" "vault") @@ -322,6 +322,11 @@ staging_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push celery image###" + - cd $TMP_PWD/services/celery/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *staging_common @@ -415,4 +420,9 @@ staging_build_and_push_mr: - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" + - echo "### build and push celery image###" + - cd $TMP_PWD/services/celery/ + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY \ No newline at end of file diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 86ab372..e026a9c 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -110,6 +110,11 @@ prod_build_and_push: - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG . - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG - echo "----------------------------------------------------" + - echo "### build and push celery image###" + - cd $TMP_PWD/services/celery/ + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG + - echo "----------------------------------------------------" - docker logout $CI_REGISTRY @@ -144,7 +149,7 @@ deploy_ocf_prod: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security") + "ocf-security" "celery") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$CI_COMMIT_TAG\"" "helm/capif/charts/$chart/Chart.yaml" -- GitLab From d75bc9b60ff26d03f06652d0e865ab4cd20269c1 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 19 May 2025 17:11:17 +0200 Subject: [PATCH 384/392] refactor: add celery-beat and celery-worker to deploy_ocf_dev chart processing --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index b771048..ddcf113 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -488,7 +488,7 @@ deploy_ocf_dev: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security" "celery") + "ocf-security" "celery-beat" "celery-worker") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" "helm/capif/charts/$chart/Chart.yaml" -- GitLab From daf9785f15770cc23e72f712ccc4c7f904187669 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 19 May 2025 17:14:55 +0200 Subject: [PATCH 385/392] fix: correct line ending for redisPort in deploy_ocf_dev configuration --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index ddcf113..242d076 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -637,7 +637,7 @@ deploy_ocf_dev: --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHost=redis \ - --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: -- GitLab From 29d7c8d18344db4a9fc56307d16fa644a36f38da Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Mon, 19 May 2025 17:18:20 +0200 Subject: [PATCH 386/392] fix: correct line ending for redisPort in deploy_ocf_dev configuration --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 242d076..403f86e 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -637,7 +637,7 @@ deploy_ocf_dev: --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHost=redis \ - --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: -- GitLab From e0aeb54d2bceb3ce8bf57d5cc1d56a2cb2cdc552 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 20 May 2025 08:38:10 +0200 Subject: [PATCH 387/392] refactor: add celery-beat and celery-worker to deployment configurations --- capif/.gitlab-ci.yml | 12 +++++++++- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 24 +++++++++++++++++-- .../cicd-deploy-release.gitlab-ci.yml | 14 +++++++++-- 3 files changed, 45 insertions(+), 5 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 800b119..4075894 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -601,7 +601,7 @@ deploy_ocf_main: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security" "celery") + "ocf-security" "celery-beat" "celery-worker") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"main\"" "helm/capif/charts/$chart/Chart.yaml" @@ -740,6 +740,16 @@ deploy_ocf_main: --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ --set redis.image.tag=7.4.2-alpine \ + --set celery-beat.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ + --set celery-beat.image.tag=$CI_COMMIT_REF_SLUG \ + --set celery-beat.env.celeryModel=beat \ + --set celery-beat.env.redisHostname=redis \ + --set celery-beat.env.redisPort=6379 \ + --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ + --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ + --set celery-worker.env.celeryModel=worker \ + --set celery-worker.env.redisHostname=redis \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic main_rf_testing: diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 403f86e..f5f4adc 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -104,7 +104,7 @@ deploy_ocf_staging: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security" "celery") + "ocf-security" "celery-beat" "celery-worker") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" "helm/capif/charts/$chart/Chart.yaml" @@ -245,6 +245,16 @@ deploy_ocf_staging: --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ --set redis.image.tag=7.4.2-alpine \ + --set celery-beat.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ + --set celery-beat.image.tag=$CI_COMMIT_REF_SLUG \ + --set celery-beat.env.celeryModel=beat \ + --set celery-beat.env.redisHost=redis \ + --set celery-beat.env.redisPort=6379 \ + --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ + --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ + --set celery-worker.env.celeryModel=worker \ + --set celery-worker.env.redisHost=redis \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: @@ -298,7 +308,7 @@ deploy_ocf_oficial_staging: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security" "celery") + "ocf-security" "celery-beat" "celery-worker") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"staging\"" "helm/capif/charts/$chart/Chart.yaml" @@ -435,6 +445,16 @@ deploy_ocf_oficial_staging: --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ --set redis.image.tag=7.4.2-alpine \ + --set celery-beat.image.repository=$CI_REGISTRY/ocf/capif/staging/celery \ + --set celery-beat.image.tag=staging \ + --set celery-beat.env.celeryModel=beat \ + --set celery-beat.env.redisHost=redis \ + --set celery-beat.env.redisPort=6379 \ + --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/staging/celery \ + --set celery-worker.image.tag=staging \ + --set celery-worker.env.celeryModel=worker \ + --set celery-worker.env.redisHost=redis \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic ## dev ### diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index e026a9c..0790916 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -149,7 +149,7 @@ deploy_ocf_prod: "ocf-api-provider-management" "ocf-auditing-api-logs" "ocf-discover-service-api" "ocf-events" "ocf-helper" "ocf-publish-service-api" "ocf-register" "ocf-routing-info" - "ocf-security" "celery") + "ocf-security" "celery-beat" "celery-worker") for chart in "${charts[@]}"; do yq e -i ".appVersion = \"$CI_COMMIT_TAG\"" "helm/capif/charts/$chart/Chart.yaml" @@ -273,5 +273,15 @@ deploy_ocf_prod: --set mongo-express.ingress.hosts[0].paths[0].path="/" \ --set mongo-express.ingress.hosts[0].paths[0].pathType="Prefix" \ --set redis.image.repository=labs.etsi.org:5050/ocf/capif/redis \ - --set redis.image.tag=7.4.2-alpine \ + --set redis.image.tag=7.4.2-alpine \ + --set celery-beat.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/celery \ + --set celery-beat.image.tag=$CI_COMMIT_TAG \ + --set celery-beat.env.celeryModel=beat \ + --set celery-beat.env.redisHost=redis \ + --set celery-beat.env.redisPort=6379 \ + --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/celery \ + --set celery-worker.image.tag=$CI_COMMIT_TAG \ + --set celery-worker.env.celeryModel=worker \ + --set celery-worker.env.redisHost=redis \ + --set celery-worker.env.redisPort=6379 \ --wait --timeout=10m --create-namespace --atomic \ No newline at end of file -- GitLab From 890a4ac884ddd10c608f1ccf8900883cdd461084 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 20 May 2025 11:11:06 +0200 Subject: [PATCH 388/392] feat: add logLevel configuration for celery-beat and celery-worker in deploy_ocf_dev --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index f5f4adc..3a73820 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -653,11 +653,13 @@ deploy_ocf_dev: --set celery-beat.env.celeryModel=beat \ --set celery-beat.env.redisHost=redis \ --set celery-beat.env.redisPort=6379 \ + --set celery-beat.env.logLevel="DEBUG" \ --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHost=redis \ --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.logLevel="DEBUG" \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: -- GitLab From 7bdb0690df4b3d909c34aa767689b86beb0a3dc6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 20 May 2025 15:56:44 +0200 Subject: [PATCH 389/392] feat: add logLevel configuration for celery-beat and celery-worker in deployment templates --- capif/.gitlab-ci.yml | 2 ++ capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ capif/templates/cicd-deploy-release.gitlab-ci.yml | 2 ++ 3 files changed, 6 insertions(+) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 4075894..85f0c5e 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -745,11 +745,13 @@ deploy_ocf_main: --set celery-beat.env.celeryModel=beat \ --set celery-beat.env.redisHostname=redis \ --set celery-beat.env.redisPort=6379 \ + --set celery-beat.env.logLevel="DEBUG" \ --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHostname=redis \ --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.logLevel="DEBUG" \ --wait --timeout=10m --create-namespace --atomic main_rf_testing: diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 3a73820..2131034 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -450,11 +450,13 @@ deploy_ocf_oficial_staging: --set celery-beat.env.celeryModel=beat \ --set celery-beat.env.redisHost=redis \ --set celery-beat.env.redisPort=6379 \ + --set celery-beat.env.logLevel="DEBUG" \ --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/staging/celery \ --set celery-worker.image.tag=staging \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHost=redis \ --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.logLevel="DEBUG" \ --wait --timeout=10m --create-namespace --atomic ## dev ### diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 0790916..baa1eed 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -279,9 +279,11 @@ deploy_ocf_prod: --set celery-beat.env.celeryModel=beat \ --set celery-beat.env.redisHost=redis \ --set celery-beat.env.redisPort=6379 \ + --set celery-beat.env.logLevel="DEBUG" \ --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$PATH_PROD/celery \ --set celery-worker.image.tag=$CI_COMMIT_TAG \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHost=redis \ --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.logLevel="DEBUG" \ --wait --timeout=10m --create-namespace --atomic \ No newline at end of file -- GitLab From 7a6d3a0e9027aaeb2aeeda136aad433c36720ae6 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 20 May 2025 16:32:42 +0200 Subject: [PATCH 390/392] feat: add logLevel configuration for celery-beat and celery-worker in deploy_ocf_staging --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index 2131034..baa8f5c 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -250,11 +250,13 @@ deploy_ocf_staging: --set celery-beat.env.celeryModel=beat \ --set celery-beat.env.redisHost=redis \ --set celery-beat.env.redisPort=6379 \ + --set celery-beat.env.logLevel="DEBUG" \ --set celery-worker.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery \ --set celery-worker.image.tag=$CI_COMMIT_REF_SLUG \ --set celery-worker.env.celeryModel=worker \ --set celery-worker.env.redisHost=redis \ --set celery-worker.env.redisPort=6379 \ + --set celery-worker.env.logLevel="DEBUG" \ --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: -- GitLab From c1cf8eec5c28228c8da40975e833100d568b1819 Mon Sep 17 00:00:00 2001 From: andresanaya21 Date: Tue, 20 May 2025 16:42:43 +0200 Subject: [PATCH 391/392] feat: update docker image tags for celery in build and push stages --- capif/.gitlab-ci.yml | 4 ++-- capif/templates/ci_staging.gitlab-ci.yml | 8 ++++---- capif/templates/cicd-deploy-release.gitlab-ci.yml | 4 ++-- 3 files changed, 8 insertions(+), 8 deletions(-) diff --git a/capif/.gitlab-ci.yml b/capif/.gitlab-ci.yml index 85f0c5e..5114d23 100644 --- a/capif/.gitlab-ci.yml +++ b/capif/.gitlab-ci.yml @@ -309,8 +309,8 @@ main_build_and_push: - echo "----------------------------------------------------" - echo "### build and push celery image###" - cd $TMP_PWD/services/celery/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *main_common diff --git a/capif/templates/ci_staging.gitlab-ci.yml b/capif/templates/ci_staging.gitlab-ci.yml index 462105b..ff560e0 100644 --- a/capif/templates/ci_staging.gitlab-ci.yml +++ b/capif/templates/ci_staging.gitlab-ci.yml @@ -324,8 +324,8 @@ staging_build_and_push: - echo "----------------------------------------------------" - echo "### build and push celery image###" - cd $TMP_PWD/services/celery/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY <<: *staging_common @@ -422,7 +422,7 @@ staging_build_and_push_mr: - echo "----------------------------------------------------" - echo "### build and push celery image###" - cd $TMP_PWD/services/celery/ - - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG . - - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG + - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG . + - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/celery:$CI_COMMIT_REF_SLUG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY \ No newline at end of file diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index baa1eed..2771ec4 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -112,8 +112,8 @@ prod_build_and_push: - echo "----------------------------------------------------" - echo "### build and push celery image###" - cd $TMP_PWD/services/celery/ - - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG . - - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/mock-server:$CI_COMMIT_TAG + - docker build -t $CI_REGISTRY/ocf/capif/$PATH_PROD/celery:$CI_COMMIT_TAG . + - docker push $CI_REGISTRY/ocf/capif/$PATH_PROD/celery:$CI_COMMIT_TAG - echo "----------------------------------------------------" - docker logout $CI_REGISTRY -- GitLab From e2a6aa35755f087e0c3b64feb226e41c76c99fa5 Mon Sep 17 00:00:00 2001 From: Jorge Moratinos Salcines Date: Wed, 20 Aug 2025 11:03:17 +0200 Subject: [PATCH 392/392] Added images paths to busybox and mongo register --- capif/templates/cd-deploy-ocf.gitlab-ci.yml | 12 ++++++++++++ capif/templates/cicd-deploy-release.gitlab-ci.yml | 4 ++++ 2 files changed, 16 insertions(+) diff --git a/capif/templates/cd-deploy-ocf.gitlab-ci.yml b/capif/templates/cd-deploy-ocf.gitlab-ci.yml index baa8f5c..93de0e4 100644 --- a/capif/templates/cd-deploy-ocf.gitlab-ci.yml +++ b/capif/templates/cd-deploy-ocf.gitlab-ci.yml @@ -229,6 +229,10 @@ deploy_ocf_staging: --set mock-server.env.logLevel="DEBUG" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ --set mongo.image.tag=6.0.2 \ + --set mongo.busybox.repository=labs.etsi.org:5050/ocf/capif/busybox \ + --set mongo.busybox.tag=1.37.0 \ + --set mongo-register.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo-register.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ --set mongo-register-express.image.tag=1.0.0-alpha.4 \ @@ -431,6 +435,10 @@ deploy_ocf_oficial_staging: --set mock-server.env.logLevel="DEBUG" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ --set mongo.image.tag=6.0.2 \ + --set mongo.busybox.repository=labs.etsi.org:5050/ocf/capif/busybox \ + --set mongo.busybox.tag=1.37.0 \ + --set mongo-register.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo-register.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ --set mongo-register-express.image.tag=1.0.0-alpha.4 \ @@ -636,6 +644,10 @@ deploy_ocf_dev: --set mock-server.env.logLevel="DEBUG" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ --set mongo.image.tag=6.0.2 \ + --set mongo.busybox.repository=labs.etsi.org:5050/ocf/capif/busybox \ + --set mongo.busybox.tag=1.37.0 \ + --set mongo-register.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo-register.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ --set mongo-register-express.image.tag=1.0.0-alpha.4 \ diff --git a/capif/templates/cicd-deploy-release.gitlab-ci.yml b/capif/templates/cicd-deploy-release.gitlab-ci.yml index 2771ec4..c2fa433 100644 --- a/capif/templates/cicd-deploy-release.gitlab-ci.yml +++ b/capif/templates/cicd-deploy-release.gitlab-ci.yml @@ -258,6 +258,10 @@ deploy_ocf_prod: --set mock-server.ingress.hosts[0].paths[0].pathType="Prefix" \ --set mongo.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ --set mongo.image.tag=6.0.2 \ + --set mongo.busybox.repository=labs.etsi.org:5050/ocf/capif/busybox \ + --set mongo.busybox.tag=1.37.0 \ + --set mongo-register.image.repository=labs.etsi.org:5050/ocf/capif/mongo \ + --set mongo-register.image.tag=6.0.2 \ --set mongo-register-express.enabled=true \ --set mongo-register-express.image.repository=labs.etsi.org:5050/ocf/capif/mongo-express \ --set mongo-register-express.image.tag=1.0.0-alpha.4 \ -- GitLab