-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
152 lines (137 loc) · 4.32 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
stages:
- test
- build
- deploy
- cleanup
variables:
CONTAINER_NAME: gcr.io/$PROJECT_ID/$EXPORTER_CR_SERVICE_NAME/$CI_COMMIT_BRANCH/$IMAGE_NAME:latest
before_script:
- echo $GCP_SA_KEY | base64 -d > sa.json
flake8:
image: python:3.9
stage: test
script:
- pip3 install flake8
- python -m flake8
mypy:
image: python:3.9
stage: test
script:
- pip install -r requirements.txt
- pip install -r test_requirements.txt
- pip install mypy
- mypy email_exporter
pytest:
stage: test
image: python:3.9
script:
- pip install -r requirements.txt
- pip install -r test_requirements.txt
- pytest --junitxml=report.xml
artifacts:
when: always
reports:
junit: report.xml
pytest-coverage:
stage: test
image: python:3.9
script:
- pip install -r requirements.txt
- pip install -r test_requirements.txt
- pip install pytest-cov
- pytest --cov=email_exporter/ tests/ --cov-fail-under=$MIN_TEST_COVERAGE
- coverage xml
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage.xml
allow_failure: true
build:
image: docker:latest
only:
refs:
- master
- main
services:
- docker:dind
stage: build
script:
# Login to Google Container Registry
- cat sa.json | docker login -u _json_key --password-stdin https://gcr.io
# Build and tag image for both GCR and Gitlab registries
- docker build --cache-from $CONTAINER_NAME -t $CONTAINER_NAME -t $IMAGE_NAME:latest .
# Push image to GCR
- docker push $CONTAINER_NAME
deploy-exporter:
image: google/cloud-sdk:latest
only:
refs:
- master
- main
stage: deploy
script:
# Authenticate with service account
- gcloud auth activate-service-account $GCP_SA_NAME --key-file sa.json
# Push container to Cloud Run
- >-
gcloud run deploy $EXPORTER_CR_SERVICE_NAME
--image $CONTAINER_NAME
--region $EXPORTER_CR_REGION
--project $PROJECT_ID
--no-allow-unauthenticated
--update-env-vars FINGERPRINT=$CI_COMMIT_SHORT_SHA,HEADER_SECRET=$HEADER_SECRET
deploy-feed:
image: google/cloud-sdk:latest
only:
refs:
- master
- main
stage: deploy
script:
# Authenticate with service account
- gcloud auth activate-service-account $GCP_SA_NAME --key-file sa.json
# Push container to Cloud Run
- >-
gcloud run deploy $FEED_CR_SERVICE_NAME
--image $CONTAINER_NAME
--region $FEED_CR_REGION
--project $PROJECT_ID
--allow-unauthenticated
--update-env-vars FINGERPRINT=$CI_COMMIT_SHORT_SHA,HEADER_SECRET=$HEADER_SECRET
verify-exporter:
image: google/cloud-sdk:latest
only:
refs:
- master
- main
stage: cleanup
script:
# Authenticate with service account
- gcloud auth activate-service-account $GCP_SA_NAME --key-file sa.json
# Find run endpoint, call the fingerprint path and check against expected commit signature
- "gcloud run services describe $EXPORTER_CR_SERVICE_NAME --region $EXPORTER_CR_REGION --project $PROJECT_ID --format=\"value(status.url)\" | sed 's/$/\\/fingerprint/'| xargs -n 1 curl -H \"Authorization: Bearer $(gcloud auth print-identity-token)\" -H \"X-API-SECRET: $HEADER_SECRET\" | grep \"$CI_COMMIT_SHORT_SHA\""
verify-feed:
image: google/cloud-sdk:latest
only:
refs:
- master
- main
stage: cleanup
script:
# Authenticate with service account
- gcloud auth activate-service-account $GCP_SA_NAME --key-file sa.json
# Find run endpoint, call the fingerprint path and check against expected commit signature
- "gcloud run services describe $FEED_CR_SERVICE_NAME --region $FEED_CR_REGION --project $PROJECT_ID --format=\"value(status.url)\" | sed 's/$/\\/fingerprint/'| xargs -n 1 curl -H \"Authorization: Bearer $(gcloud auth print-identity-token)\" -H \"X-API-SECRET: $HEADER_SECRET\" | grep \"$CI_COMMIT_SHORT_SHA\""
prune_containers:
image: google/cloud-sdk:latest
only:
refs:
- master
- main
stage: cleanup
script:
# Authenticate with service account
- gcloud auth activate-service-account $GCP_SA_NAME --key-file sa.json
# Delete older containers
- python3 ci/prune_containers.py $PROJECT_ID "$EXPORTER_CR_SERVICE_NAME:$EXPORTER_CR_REGION,$FEED_CR_SERVICE_NAME:$FEED_CR_REGION" $CONTAINER_NAME