stages: - deploy_ocf_oficial_staging - deploy_ocf_staging - delete_ocf_staging - deploy_ocf_dev - delete_ocf_dev variables: NAMESPACE_DEV: "ocf-dev-$CI_ENVIRONMENT_SLUG" NAMESPACE_STAGING: "ocf-staging" DOMAIN_STAGING: staging.int DOMAIN_DEV: developer.int DOMAIN_PROD: prod.int CI_JOB_TOKEN: $CI_JOB_TOKEN IMAGE_TAG_DEV: $CI_COMMIT_REF_SLUG IMAGE_TAG_STAGING: $CI_COMMIT_REF_SLUG VAULT_HOSTNAME: $VAULT_HOSTNAME VAULT_PORT: $VAULT_PORT VAULT_ACCESS_TOKEN: $VAULT_ACCESS_TOKEN CI_REGISTRY: $CI_REGISTRY .staging_common: &staging_common only: - merge_requests except: variables: - $CI_MERGE_REQUEST_TARGET_BRANCH_NAME != "staging" tags: - shell .dev_common: &dev_common tags: - shell ## staging before mr ### deploy_ocf_staging: stage: deploy_ocf_staging needs: - staging_build_and_push <<: *staging_common environment: name: review/dev_to_staging url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_STAGING on_stop: delete_ocf_staging auto_stop_in: 3 day script: - | helm version kubectl version --output=yaml echo "### setting kubeconfig###" whoami kubectl cluster-info yq --version ls -rtt helm/capif cat helm/capif/Chart.yaml yq e -i ".appVersion = \"$IMAGE_TAG_STAGING\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-pre-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set nginx.nginx.env.registerHostname=register-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_COMMIT_REF_SLUG.$DOMAIN_STAGING" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \ --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \ --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \ --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \ --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \ --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set register.register.image.tag=$CI_COMMIT_REF_SLUG \ --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \ --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG --wait --timeout=10m --create-namespace --atomic delete_ocf_staging: stage: delete_ocf_staging <<: *staging_common script: - echo "### deleting environment $NAMESPACE_STAGING###" - helm uninstall -n $NAMESPACE_DEV ocf-staging-$CI_COMMIT_REF_SLUG when: manual environment: name: review/dev_to_staging action: stop ### staging branch merged ### deploy_ocf_oficial_staging: stage: deploy_ocf_oficial_staging <<: *staging_common # rules: # - if: '$CI_COMMIT_REF_NAME == "staging"' # when: always needs: - staging_build_and_push_mr environment: name: review/oficial-staging url: https://capif-staging.$DOMAIN_STAGING script: - | helm version kubectl version --output=yaml echo "### setting kubeconfig###" whoami kubectl cluster-info yq --version ls -rtt helm/capif cat helm/capif/Chart.yaml yq e -i ".appVersion = \"staging\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_STAGING ocf-staging helm/capif/ --set nginx.nginx.env.capifHostname=capif-staging.$DOMAIN_STAGING \ --set nginx.nginx.env.registerHostname=register-staging.$DOMAIN_STAGING \ --set monitoring.grafana.ingress.hosts[0].host="grafana-staging.$DOMAIN_STAGING" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-access-control-policy-api \ --set accessControlPolicy.image.tag=staging \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=staging \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-invoker-management-api \ --set apiInvokerManagement.apiInvokerManagement.image.tag=staging \ --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-api-provider-management-api \ --set apiProviderManagement.apiProviderManagement.image.tag=staging \ --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-events-api \ --set capifEvents.capifEvents.image.tag=staging \ --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-routing-info-api \ --set capifRoutingInfo.capifRoutingInfo.image.tag=staging \ --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-security-api \ --set capifSecurity.capifSecurity.image.tag=staging \ --set register.register.image.repository=$CI_REGISTRY/ocf/capif/staging/register \ --set register.register.image.tag=staging \ --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-auditing-api \ --set logs.logs.image.tag=staging \ --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ --set nignx.nginx.image.tag=staging \ --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-publish-service-api \ --set publishedApis.publishedApis.image.tag=staging \ --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/staging/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=staging \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/staging/nginx \ --set nginx.nginx.image.tag=staging --wait --timeout=10m --create-namespace ## dev ### deploy_ocf_dev: stage: deploy_ocf_dev needs: - dev_build_and_push <<: *dev_common environment: name: review/$CI_COMMIT_REF_SLUG url: https://capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV on_stop: delete_ocf_dev auto_stop_in: 3 day # rules: # - if: $CI_COMMIT_BRANCH == "main" # when: never # - if: $CI_COMMIT_BRANCH == "staging" # when: never # - if: $CI_COMMIT_BRANCH script: - | helm version kubectl version --output=yaml echo "### setting kubeconfig###" kubectl cluster-info yq --version cat helm/capif/Chart.yaml yq e -i ".appVersion = \"$IMAGE_TAG_DEV\"" helm/capif/Chart.yaml cat helm/capif/Chart.yaml echo "### download dependencies###" helm dependency build helm/capif echo "### updating capif###" helm upgrade --install -n $NAMESPACE_DEV ocf-developer helm/capif/ --set nginx.nginx.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set nginx.nginx.env.registerHostname=register-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --set monitoring.grafana.ingress.hosts[0].host="grafana-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV" \ --set monitoring.grafana.ingress.hosts[0].paths[0].path="/" \ --set monitoring.grafana.ingress.hosts[0].paths[0].pathType="Prefix" \ --set monitoring.grafana.env.prometheusURL=http://prometheus.ocf.pre-production \ --set tempo.tempo.metricsGenerator.remoteWriteUrl=http://prometheus.ocf.pre-production/api/v1/write \ --set parametersVault.env.vaultHostname=$VAULT_HOSTNAME \ --set parametersVault.env.vaultPort=$VAULT_PORT \ --set parametersVault.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set ingress.ip=10.43.107.132 \ --set accessControlPolicy.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api \ --set accessControlPolicy.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvocationLogs.apiInvocationLogs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api \ --set apiInvocationLogs.apiInvocationLogs.image.tag=$CI_COMMIT_REF_SLUG \ --set apiInvokerManagement.apiInvokerManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api \ --set apiInvokerManagement.apiInvokerManagement.image.tag=$CI_COMMIT_REF_SLUG \ --set apiProviderManagement.apiProviderManagement.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api \ --set apiProviderManagement.apiProviderManagement.image.tag=$CI_COMMIT_REF_SLUG \ --set capifEvents.capifEvents.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api \ --set capifEvents.capifEvents.image.tag=$CI_COMMIT_REF_SLUG \ --set capifRoutingInfo.capifRoutingInfo.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api \ --set capifRoutingInfo.capifRoutingInfo.image.tag=$CI_COMMIT_REF_SLUG \ --set capifSecurity.capifSecurity.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api \ --set capifSecurity.capifSecurity.image.tag=$CI_COMMIT_REF_SLUG \ --set register.register.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register \ --set register.register.image.tag=$CI_COMMIT_REF_SLUG \ --set logs.logs.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api \ --set logs.logs.image.tag=$CI_COMMIT_REF_SLUG \ --set nignx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nignx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set publishedApis.publishedApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api \ --set publishedApis.publishedApis.image.tag=$CI_COMMIT_REF_SLUG \ --set serviceApis.serviceApis.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api \ --set serviceApis.serviceApis.image.tag=$CI_COMMIT_REF_SLUG \ --set nginx.nginx.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx \ --set nginx.nginx.image.tag=$CI_COMMIT_REF_SLUG \ --set helper.image.repository=$CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper \ --set helper.image.tag=$CI_COMMIT_REF_SLUG \ --set helper.env.vaultHostname=$VAULT_HOSTNAME \ --set helper.env.vaultPort=$VAULT_PORT \ --set helper.env.vaultAccessToken=$VAULT_ACCESS_TOKEN \ --set helper.env.capifHostname=capif-$CI_ENVIRONMENT_SLUG.$DOMAIN_DEV \ --wait --timeout=10m --create-namespace --atomic delete_ocf_dev: stage: delete_ocf_dev <<: *staging_common script: - echo "### deleting environment $NAMESPACE_DEV###" - helm uninstall -n $NAMESPACE_DEV ocf-developer when: manual environment: name: review/$CI_COMMIT_REF_SLUG action: stop