-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
266 lines (246 loc) · 8.2 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
# Required secret repo vars:
# * DOCKER_GIT_CREDENTIALS - file with list of credentials - one per line. Used to clone private repos
# * TERRAFORM_DO_TOKEN - DigitalOcean token used by Terraform
# * TERRAFORM_BACKEND_B64 - secret configuration with backend configuration for remote storage. Example may be found in `.infra/terraform/backend.tf.example`. Encoded with base64
# * DOCKER_AUTH_CONFIG - docker config used for pushing to repos
# * DOCKER_TESTNET_PULL_TOKEN_LOGIN - docker login used for pulling testnet image
# * DOCKER_TESTNET_PULL_TOKEN_PASSWORD - docker password used for pulling testnet image
#
# Required variables during execution:
# - step: Start testnet
# variables:
# - TESTNET_NODES_B64 - base64 encoded `.infra/terraform/config_nodes.auto.tfvars` substitude. May be empty
# - TESTNET_CLIENTS_AMOUNT - amount of clients to generate
# - TESTNET_CLIENT_PASSWORD - password for generated clients
# - HERB_THRESHOLD_1 - HERB Threshold 1 used in `hd set-threshold` command
# - HERB_THRESHOLD_2 - HERB Threshold 2 used in `hd set-threshold` command
image: golang:1.13-alpine3.10
services:
- docker:dind
stages:
- lint
- verify
- unit_tests
- build
- publish
- start_testing
- provision_testing
- run_tests
- stop_testing
variables:
DOCKERHUB_URL: gitlab.fevlake.com:4567
IMAGE_NAME: dgaming/herb
before_script:
# Docker creds
- mkdir -p $HOME/.docker
- echo "${DOCKER_AUTH_CONFIG}" > $HOME/.docker/config.json
- chmod 600 $HOME/.docker/config.json
# GitHub private repos access (http://smartystreets.com/blog/2018/09/private-dependencies-in-docker-and-go - option 4)
- apk add git
- git config --global credential.helper store
- echo "${DOCKER_GIT_CREDENTIALS}" > $HOME/.git-credentials
# lint
Lint code:
stage: lint
image: golangci/golangci-lint:v1.21.0-alpine
allow_failure: true
script:
- golangci-lint run
- find . -name '*.go' -type f -not -path "./vendor*" -not -path "*.git*" | xargs gofmt -d -s
# verify
Ensure dependencies have not been modified:
stage: verify
allow_failure: false
script:
- GO111MODULE=on go mod verify
- GO111MODULE=on go mod vendor
- GO111MODULE=off
- chmod 0777 ./go.sum
- chmod -R 0777 ./vendor
artifacts:
when: on_success
expire_in: 1 day
paths:
- go.sum
- vendor
# tests
Run unit tests:
stage: unit_tests
allow_failure: true
dependencies:
- Ensure dependencies have not been modified
script:
- apk add bash ca-certificates libc-dev
- export GO111MODULE=on
- export PATH=/go/bin:$PATH
- export GOPATH=/go
- CGO_ENABLED=0 go test -mod vendor ${BUILD_FLAGS} ./cmd/dkgcli
- CGO_ENABLED=0 go test -mod vendor ${BUILD_FLAGS} ./cmd/hcli
- CGO_ENABLED=0 go test -mod vendor ${BUILD_FLAGS} ./cmd/hd
# build
Build binary:
stage: build
allow_failure: false
dependencies:
- Ensure dependencies have not been modified
script:
# basically taken from dockerfile, but Dockerfile does not support mounting of private data
- apk add bash ca-certificates libc-dev
- export GO111MODULE=on
- export PATH=/go/bin:$PATH
- export GOPATH=/go
- go build -mod vendor ${BUILD_FLAGS} -o dist/dkgcli ./cmd/dkgcli
- go build -mod vendor ${BUILD_FLAGS} -o dist/hcli ./cmd/hcli
- go build -mod vendor ${BUILD_FLAGS} -o dist/hd ./cmd/hd
artifacts:
when: on_success
expire_in: 1 day
paths:
- dist
# publish
Publish docker image:
stage: publish
image: docker:latest
allow_failure: false
dependencies:
- Build binary
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY || true
- docker build -t ${DOCKERHUB_URL}/${IMAGE_NAME}:latest -t ${DOCKERHUB_URL}/${IMAGE_NAME}:${CI_PIPELINE_ID} -f .infra/Dockerfile .
- docker push ${DOCKERHUB_URL}/${IMAGE_NAME}:latest
- docker push ${DOCKERHUB_URL}/${IMAGE_NAME}:${CI_PIPELINE_ID}
# start_testing
.terraform_create: &terraform_create_template
stage: start_testing
image:
name: hashicorp/terraform:0.12.13
entrypoint: [""]
allow_failure: false
when: manual
variables:
TESTNET_NODES_B64: ""
TESTNET_CLIENTS_AMOUNT: "3"
TESTNET_CLIENT_PASSWORD: alicealice
#HERB_THRESHOLD_1: "2"
#HERB_THRESHOLD_2: "2"
script:
- cd .infra/terraform
- echo ${TERRAFORM_BACKEND_B64} | base64 -d > backend.tf
- (if [ ! -z "$TESTNET_NODES_B64" ]; then
echo ${TESTNET_NODES_B64} | base64 -d > config_nodes.auto.tfvars;
fi)
# https://github.com/hashicorp/terraform/pull/20428
- terraform init -backend-config="key=$CI_ENVIRONMENT_SLUG/terraform.tfstate"
# Preparing ssh credentials
## Check if private ssh keys in outputs
- (if terraform output provisioner_ssh_key_private_b64 > /dev/null; then
terraform output provisioner_ssh_key_private_b64 | base64 -d > ../id_rsa && chmod 600 ../id_rsa;
else
ssh-keygen -b 4096 -t rsa -f -q -N "" -f ../id_rsa;
fi)
# Pass ssh keys as variables
- terraform apply -auto-approve -input=false -var provisioner_ssh_key_public="$(ssh-keygen -f ../id_rsa -y)" -var provisioner_ssh_key_private_b64="$(base64 ../id_rsa | tr -d '\n')" -var do_token=$TERRAFORM_DO_TOKEN -var env_name=$CI_ENVIRONMENT_SLUG -var testnet_clients_amount=$TESTNET_CLIENTS_AMOUNT -var testnet_client_password=$TESTNET_CLIENT_PASSWORD -var herb_threshold_1=$HERB_THRESHOLD_1 -var herb_threshold_2=$HERB_THRESHOLD_2
artifacts:
when: on_success
expire_in: 30 day
paths:
- .infra/ansible/hosts.yml
- .infra/id_rsa
(short) Start testnet:
<<: *terraform_create_template
environment:
name: short/$CI_COMMIT_REF_SLUG
on_stop: (short) Destroy testnet
(long) Start testnet:
<<: *terraform_create_template
environment:
name: long/$CI_COMMIT_REF_SLUG
on_stop: (long) Destroy testnet
# provision_testing
.provisioning: &provisioning_template
stage: provision_testing
image: cytopia/ansible:2.8-tools
allow_failure: false
variables:
ANSIBLE_HOST_KEY_CHECKING: "False"
script:
- apk add rsync
- mkdir ~/.ssh && chmod 700 ~/.ssh
- cp .infra/id_rsa ~/.ssh/id_rsa && chmod 600 ~/.ssh/id_rsa
- cd .infra/ansible
- ansible-playbook -i hosts.yml common.yml
- ansible-playbook -i hosts.yml docker.yml
- ansible-playbook -i hosts.yml prometheus.yml
- ansible-playbook -i hosts.yml testnet.yml -e testnet_image=$DOCKERHUB_URL/$IMAGE_NAME:$CI_PIPELINE_ID -e docker_testnet_pull_token_login=$DOCKER_TESTNET_PULL_TOKEN_LOGIN -e docker_testnet_pull_token_password=$DOCKER_TESTNET_PULL_TOKEN_PASSWORD
(short) Provision testnet:
<<: *provisioning_template
needs:
- (short) Start testnet
dependencies:
- (short) Start testnet
environment:
name: short/$CI_COMMIT_REF_SLUG
on_stop: (short) Destroy testnet
artifacts:
when: on_success
expire_in: 30 day
paths:
- .infra/ansible/fetch
(long) Provision testnet:
<<: *provisioning_template
needs:
- (long) Start testnet
dependencies:
- (long) Start testnet
environment:
name: long/$CI_COMMIT_REF_SLUG
on_stop: (long) Destroy testnet
artifacts:
when: on_success
expire_in: 30 day
paths:
- .infra/ansible/fetch
# run_tests
(short) Run tests:
stage: run_tests
image: cytopia/ansible:2.8-tools
allow_failure: true
needs:
- (short) Start testnet
- (short) Provision testnet
dependencies:
- (short) Start testnet
script:
- echo Add tests directives here
environment:
name: short/$CI_COMMIT_REF_SLUG
on_stop: (short) Destroy testnet
# stop_testing
.terraform_destroy: &terraform_destroy_template
stage: stop_testing
image:
name: hashicorp/terraform:0.12.13
entrypoint: [""]
allow_failure: false
when: manual
variables:
GIT_STRATEGY: none
script:
- cd .infra/terraform
- echo ${TERRAFORM_BACKEND_B64} | base64 -d > backend.tf
- terraform init -backend-config="key=$CI_ENVIRONMENT_SLUG/terraform.tfstate"
- terraform destroy -var do_token=$TERRAFORM_DO_TOKEN -auto-approve
(short) Destroy testnet:
<<: *terraform_destroy_template
needs:
- (short) Start testnet
environment:
name: short/$CI_COMMIT_REF_SLUG
action: stop
(long) Destroy testnet:
<<: *terraform_destroy_template
needs:
- (long) Start testnet
environment:
name: long/$CI_COMMIT_REF_SLUG
action: stop