Skip to content
Snippets Groups Projects
Commit 86701e81 authored by Cédric OLIVIER's avatar Cédric OLIVIER
Browse files

Merge branch 'feat/component' into 'master'

feat: migrate to CI/CD component

See merge request to-be-continuous/gcloud!53
parents bad5c989 59b4a6dc
No related branches found
No related tags found
No related merge requests found
......@@ -10,7 +10,7 @@ include:
file: '/templates/validation.yml'
- project: 'to-be-continuous/bash'
ref: '3.3'
file: 'templates/gitlab-ci-bash.yml'
file: '/templates/gitlab-ci-bash.yml'
- project: 'to-be-continuous/semantic-release'
ref: '3.7'
file: '/templates/gitlab-ci-semrel.yml'
......
This diff is collapsed.
......@@ -27,13 +27,13 @@ if [[ "$curVer" ]]; then
log_info "Bump version from \\e[33;1m${curVer}\\e[0m to \\e[33;1m${nextVer}\\e[0m (release type: $relType)..."
# replace in README
sed -e "s/ref: '$curVer'/ref: '$nextVer'/" README.md > README.md.next
sed -e "s/ref: *'$curVer'/ref: '$nextVer'/" -e "s/ref: *\"$curVer\”/ref: \”$nextVer\”/" -e "s/component: *\(.*\)@$curVer/component: \1@$nextVer/" README.md > README.md.next
mv -f README.md.next README.md
# replace in template and variants
for tmpl in templates/*.yml
do
sed -e "s/\"$curVer\"/\"$nextVer\"/" "$tmpl" > "$tmpl.next"
sed -e "s/command: *\[\"--service\", \"\(.*\)\", \"$curVer\"\]/command: [\"--service\", \"\1\", \"$nextVer\"]/" "$tmpl" > "$tmpl.next"
mv -f "$tmpl.next" "$tmpl"
done
else
......
......@@ -3,6 +3,8 @@
"description": "Deploy your application to the [Google Cloud](https://cloud.google.com/) platform",
"template_path": "templates/gitlab-ci-gcloud.yml",
"kind": "hosting",
"prefix": "gcp",
"is_component": true,
"variables": [
{
"name": "GCP_CLI_IMAGE",
......@@ -56,7 +58,7 @@
},
{
"name": "GCP_REVIEW_APP_NAME",
"description": "The application name for review env (only define if different from global)",
"description": "The application name for review env (only define to override default)",
"advanced": true
},
{
......@@ -72,7 +74,7 @@
},
{
"name": "GCP_REVIEW_KEY_FILE",
"description": "Service Account key file to authenticate on review env (only define if different from global)",
"description": "Service Account key file to authenticate on review env (only define to override default)",
"secret": true
}
]
......@@ -89,7 +91,7 @@
},
{
"name": "GCP_INTEG_APP_NAME",
"description": "The application name for integration env (only define if different from global)",
"description": "The application name for integration env (only define to override default)",
"advanced": true
},
{
......@@ -100,7 +102,7 @@
},
{
"name": "GCP_INTEG_KEY_FILE",
"description": "Service Account key file to authenticate on integration env (only define if different from global)",
"description": "Service Account key file to authenticate on integration env (only define to override default)",
"secret": true
}
]
......@@ -117,7 +119,7 @@
},
{
"name": "GCP_STAGING_APP_NAME",
"description": "The application name for staging env (only define if different from global)",
"description": "The application name for staging env (only define to override default)",
"advanced": true
},
{
......@@ -128,7 +130,7 @@
},
{
"name": "GCP_STAGING_KEY_FILE",
"description": "Service Account key file to authenticate on staging env (only define if different from global)",
"description": "Service Account key file to authenticate on staging env (only define to override default)",
"secret": true
}
]
......@@ -145,7 +147,7 @@
},
{
"name": "GCP_PROD_APP_NAME",
"description": "The application name for production env (only define if different from global)",
"description": "The application name for production env (only define to override default)",
"advanced": true
},
{
......@@ -163,7 +165,7 @@
},
{
"name": "GCP_PROD_KEY_FILE",
"description": "Service Account key file to authenticate on production env (only define if different from global)",
"description": "Service Account key file to authenticate on production env (only define to override default)",
"secret": true
}
]
......@@ -193,7 +195,7 @@
},
{
"name": "GCP_REVIEW_OIDC_PROVIDER",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment\n\n_(only define if different from global)_",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment\n\n_(only define to override default)_",
"advanced": true
},
{
......@@ -203,7 +205,7 @@
},
{
"name": "GCP_INTEG_OIDC_PROVIDER",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment\n\n_(only define if different from global)_",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment\n\n_(only define to override default)_",
"advanced": true
},
{
......@@ -213,7 +215,7 @@
},
{
"name": "GCP_STAGING_OIDC_PROVIDER",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment\n\n_(only define if different from global)_",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment\n\n_(only define to override default)_",
"advanced": true
},
{
......@@ -223,7 +225,7 @@
},
{
"name": "GCP_PROD_OIDC_PROVIDER",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment\n\n_(only define if different from global)_",
"description": "Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment\n\n_(only define to override default)_",
"advanced": true
},
{
......
logo.png

9.87 KiB | W: | H:

logo.png

12 KiB | W: | H:

logo.png
logo.png
logo.png
logo.png
  • 2-up
  • Swipe
  • Onion skin
# =====================================================================================================================
# === OIDC authentication template variant
# =====================================================================================================================
spec:
inputs:
oidc-aud:
description: The `aud` claim for the JWT
default: $CI_SERVER_URL
oidc-provider:
description: Global Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/)
default: ''
oidc-account:
description: Global Service Account to which impersonate with OpenID Connect authentication
default: ''
review-oidc-provider:
description: |-
Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `review` environment
_(only define to override default)_
default: ''
review-oidc-account:
description: Service Account to which impersonate with OpenID Connect authentication on `review` environment
default: ''
integ-oidc-provider:
description: |-
Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `integration` environment
_(only define to override default)_
default: ''
integ-oidc-account:
description: Service Account to which impersonate with OpenID Connect authentication on `integration` environment
default: ''
staging-oidc-provider:
description: |-
Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `staging` environment
_(only define to override default)_
default: ''
staging-oidc-account:
description: Service Account to which impersonate with OpenID Connect authentication on `staging` environment
default: ''
prod-oidc-provider:
description: |-
Workload Identity Provider associated with GitLab to [authenticate with OpenID Connect](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) on `production` environment
_(only define to override default)_
default: ''
prod-oidc-account:
description: Service Account to which impersonate with OpenID Connect authentication on `production` environment
default: ''
---
variables:
GCP_OIDC_AUD: "$CI_SERVER_URL"
GCP_OIDC_AUD: $[[ inputs.oidc-aud ]]
GCP_OIDC_PROVIDER: $[[ inputs.oidc-provider ]]
GCP_OIDC_ACCOUNT: $[[ inputs.oidc-account ]]
GCP_REVIEW_OIDC_PROVIDER: $[[ inputs.review-oidc-provider ]]
GCP_REVIEW_OIDC_ACCOUNT: $[[ inputs.review-oidc-account ]]
GCP_INTEG_OIDC_PROVIDER: $[[ inputs.integ-oidc-provider ]]
GCP_INTEG_OIDC_ACCOUNT: $[[ inputs.integ-oidc-account ]]
GCP_STAGING_OIDC_PROVIDER: $[[ inputs.staging-oidc-provider ]]
GCP_STAGING_OIDC_ACCOUNT: $[[ inputs.staging-oidc-account ]]
GCP_PROD_OIDC_PROVIDER: $[[ inputs.prod-oidc-provider ]]
GCP_PROD_OIDC_ACCOUNT: $[[ inputs.prod-oidc-account ]]
.gcp-base:
id_tokens:
......
# =====================================================================================================================
# === Vault template variant
# =====================================================================================================================
spec:
inputs:
vault-oidc-aud:
description: The `aud` claim for the JWT
default: $CI_SERVER_URL
vault-base-url:
description: The Vault server base API url
default: ''
---
variables:
# variabilized vault-secrets-provider image
TBC_VAULT_IMAGE: "registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master"
TBC_VAULT_IMAGE: registry.gitlab.com/to-be-continuous/tools/vault-secrets-provider:master
# variables have to be explicitly declared in the YAML to be exported to the service
VAULT_JWT_TOKEN: "$VAULT_JWT_TOKEN"
VAULT_ROLE_ID: "$VAULT_ROLE_ID"
VAULT_SECRET_ID: "$VAULT_SECRET_ID"
VAULT_OIDC_AUD: "$CI_SERVER_URL"
VAULT_JWT_TOKEN: $VAULT_JWT_TOKEN
VAULT_ROLE_ID: $VAULT_ROLE_ID
VAULT_SECRET_ID: $VAULT_SECRET_ID
VAULT_OIDC_AUD: $[[ inputs.vault-oidc-aud ]]
VAULT_BASE_URL: $[[ inputs.vault-base-url ]]
.gcp-base:
services:
......
......@@ -14,6 +14,78 @@
# Floor, Boston, MA 02110-1301, USA.
# =========================================================================================
# default workflow rules: Merge Request pipelines
spec:
inputs:
cli-image:
description: The Docker image used to run Google Cloud CLI commands
default: gcr.io/google.com/cloudsdktool/cloud-sdk:latest
workload-identity-provider:
description: |-
Default [Workload Identity Provider](https://docs.gitlab.com/ee/ci/cloud_services/google_cloud/) associated with GitLab to authenticate
(has format `projects/PROJECT_NUMBER/locations/global/workloadIdentityPools/POOL_ID/providers/PROVIDER_ID`)
default: ''
service-account:
description: Default Service Account to which impersonate with WIF authentication
default: ''
base-app-name:
description: Base application name
default: $CI_PROJECT_NAME
environment-url:
description: |-
The default environments url _(only define for static environment URLs declaration)_
_supports late variable expansion (ex: `https://%{environment_name}.gcloud.acme.com`)_
default: ''
scripts-dir:
description: Directory where Google Cloud scripts (deploy & cleanup) are located
default: .
review-project:
description: Google Cloud project ID for review env
default: ''
review-app-name:
description: The application name for review env (only define to override default)
default: ''
review-autostop-duration:
description: The amount of time before GitLab will automatically stop `review` environments
default: 4 hours
review-environment-url:
description: The review environments url _(only define for static environment URLs declaration and if different from default)_
default: ''
integ-project:
description: Google Cloud project ID for integration env
default: ''
integ-app-name:
description: The application name for integration env (only define to override default)
default: ''
integ-environment-url:
description: The integration environment url _(only define for static environment URLs declaration and if different from default)_
default: ''
staging-project:
description: Google Cloud project ID for staging env
default: ''
staging-app-name:
description: The application name for staging env (only define to override default)
default: ''
staging-environment-url:
description: The staging environment url _(only define for static environment URLs declaration and if different from default)_
default: ''
prod-project:
description: Google Cloud project ID for production env
default: ''
prod-app-name:
description: The application name for production env (only define to override default)
default: ''
prod-environment-url:
description: The production environment url _(only define for static environment URLs declaration and if different from default)_
default: ''
prod-deploy-strategy:
description: Defines the deployment to production strategy.
options:
- manual
- auto
default: manual
---
workflow:
rules:
# prevent branch pipeline when an MR is open (prefer MR pipeline)
......@@ -37,25 +109,39 @@ workflow:
variables:
# variabilized tracking image
TBC_TRACKING_IMAGE: "registry.gitlab.com/to-be-continuous/tools/tracking:master"
TBC_TRACKING_IMAGE: registry.gitlab.com/to-be-continuous/tools/tracking:master
# Default Docker image (can be overridden)
GCP_CLI_IMAGE: "gcr.io/google.com/cloudsdktool/cloud-sdk:latest"
GCP_CLI_IMAGE: $[[ inputs.cli-image ]]
GCP_SCRIPTS_DIR: "."
GCP_SCRIPTS_DIR: $[[ inputs.scripts-dir ]]
GCP_BASE_APP_NAME: "$CI_PROJECT_NAME"
# deprecated, backward compatibility
GCP_REVIEW_ENVIRONMENT_SCHEME: "https"
GCP_REVIEW_AUTOSTOP_DURATION: "4 hours"
GCP_BASE_APP_NAME: $[[ inputs.base-app-name ]]
GCP_REVIEW_AUTOSTOP_DURATION: $[[ inputs.review-autostop-duration ]]
# default: one-click deploy
GCP_PROD_DEPLOY_STRATEGY: manual
GCP_PROD_DEPLOY_STRATEGY: $[[ inputs.prod-deploy-strategy ]]
# default production ref name (pattern)
PROD_REF: '/^(master|main)$/'
PROD_REF: /^(master|main)$/
# default integration ref name (pattern)
INTEG_REF: '/^develop$/'
INTEG_REF: /^develop$/
GCP_WORKLOAD_IDENTITY_PROVIDER: $[[ inputs.workload-identity-provider ]]
GCP_SERVICE_ACCOUNT: $[[ inputs.service-account ]]
GCP_ENVIRONMENT_URL: $[[ inputs.environment-url ]]
GCP_REVIEW_PROJECT: $[[ inputs.review-project ]]
GCP_REVIEW_APP_NAME: $[[ inputs.review-app-name ]]
GCP_REVIEW_ENVIRONMENT_URL: $[[ inputs.review-environment-url ]]
GCP_INTEG_PROJECT: $[[ inputs.integ-project ]]
GCP_INTEG_APP_NAME: $[[ inputs.integ-app-name ]]
GCP_INTEG_ENVIRONMENT_URL: $[[ inputs.integ-environment-url ]]
GCP_STAGING_PROJECT: $[[ inputs.staging-project ]]
GCP_STAGING_APP_NAME: $[[ inputs.staging-app-name ]]
GCP_STAGING_ENVIRONMENT_URL: $[[ inputs.staging-environment-url ]]
GCP_PROD_PROJECT: $[[ inputs.prod-project ]]
GCP_PROD_APP_NAME: $[[ inputs.prod-app-name ]]
GCP_PROD_ENVIRONMENT_URL: $[[ inputs.prod-environment-url ]]
stages:
- build
......@@ -314,7 +400,7 @@ stages:
export environment_type=$ENV_TYPE
export environment_name=${ENV_APP_NAME:-${GCP_BASE_APP_NAME}${ENV_APP_SUFFIX}}
export gcp_project_id=$ENV_PROJECT
environment_url=${ENV_URL:-${GCP_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}
environment_url=${ENV_URL:-$GCP_ENVIRONMENT_URL}
# backwards compatibility
export env=$environment_type
......@@ -465,8 +551,6 @@ gcp-review:
ENV_OIDC_ACCOUNT: "$GCP_REVIEW_OIDC_ACCOUNT"
ENV_KEY_FILE: "$GCP_REVIEW_KEY_FILE"
ENV_URL: "${GCP_REVIEW_ENVIRONMENT_URL}"
# deprecated, backward compatibility
ENV_URL_LEGACY: "${GCP_REVIEW_ENVIRONMENT_SCHEME}://${CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${GCP_REVIEW_ENVIRONMENT_DOMAIN}"
environment:
name: review/$CI_COMMIT_REF_NAME
on_stop: gcp-cleanup-review
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment