Add Kube in CI/CD (after review)

Author: mistraloz

.gitlab-ci.yml

@@ -2,6 +2,7 @@ stages:
   - build
   - test
   - deploy
+  - cleanup
 
 # It is shared between includes anyway
 default:
@@ -22,14 +23,16 @@ default:
 variables:
   GIT_STRATEGY: fetch
   GIT_DEPTH: 1
-  CURRENT_WORKFLOW: "undefined"
   TAG_NAME: ${CI_COMMIT_REF_SLUG}
   BACK_IMAGE: ${CI_REGISTRY_IMAGE}/back
   BACK_IMAGE_DEV: ${BACK_IMAGE}:${TAG_NAME}-dev
   BACK_IMAGE_STABLE: ${BACK_IMAGE}:${TAG_NAME}
   FRONT_IMAGE: ${CI_REGISTRY_IMAGE}/front
   FRONT_IMAGE_DEV: ${FRONT_IMAGE}:${TAG_NAME}-dev
   FRONT_IMAGE_STABLE: ${FRONT_IMAGE}:${TAG_NAME}
+  FEATURE_DEPLOY_MR_ON_K8S: 1
+  KUBERNETES_URL_SUFFIX: "boilerplate.test.thecodingmachine.com"
+  #KUBERNETES_PASSWORD_SECRET: "CHANGE-THIS-SECRET" # Define it in gitlab CI/CD variables
 #  DEPLOYMENT_PATH: /tcm_deployment/${CI_PROJECT_NAME}
 #  DEPLOYMENT_IP: PUT_YOUR_DEPLOYMENT_IP_HERE
 

deployments/kubernetes/deployment.yaml

@@ -4,7 +4,7 @@ kind: Ingress
 metadata:
   name: ingress
   annotations:
-    cert-manager.io/cluster-issuer: letsencrypt-staging
+    cert-manager.io/cluster-issuer: letsencrypt-prod
     kubernetes.io/ingress.global-static-ip-name: web-static-ip
     nginx.ingress.kubernetes.io/proxy-body-size: 1024m
     nginx.ingress.kubernetes.io/force-ssl-redirect: "false"

gitlab-ci/build.gitlab-ci.yml

@@ -9,6 +9,9 @@ build back dev:
     TARGET: dev
     CONTEXT_PATH: ./apps/back
     IMAGE_DESTINATION: $BACK_IMAGE_DEV
+  rules:
+    - !reference [.except hotfix rules, rules]
+    - when: always
 
 build back stable:
   stage: 'build'
@@ -31,6 +34,9 @@ build front dev:
     TARGET: dev
     CONTEXT_PATH: ./apps/front
     IMAGE_DESTINATION: $FRONT_IMAGE_DEV
+  rules:
+    - !reference [.except hotfix rules, rules]
+    - when: always
 
 build front stable:
   stage: 'build'

gitlab-ci/deploy-k8s.gitlab-ci.yml

@@ -1,20 +1,20 @@
 include:
   - local: 'gitlab-ci/templates/k8s.gitlab-ci.yml'
 
-variables:
-  KUBERNETES_URL_SUFFIX: "boilerplate.test.thecodingmachine.com"
-
 deploy k8s start:
   stage: 'deploy'
   extends:
     - '.deploy k8s start'
   environment:
+    deployment_tier: development
     on_stop: deploy k8s stop
     auto_stop_in: 6 week
   needs:
     - 'build back stable'
     - 'build front stable'
   rules:
+    - if: '$FEATURE_DEPLOY_MR_ON_K8S != "1"'
+      when: never
     - !reference [.MR rules, rules]
   when: manual
 
@@ -25,5 +25,23 @@ deploy k8s stop:
   needs:
     - 'deploy k8s start'
   rules:
+    - if: '$FEATURE_DEPLOY_MR_ON_K8S != "1"'
+      when: never
     - !reference [.MR rules, rules]
   when: manual
+
+remove stable images:
+  stage: 'cleanup'
+  extends:
+    - '.delete image'
+  needs:
+    - 'deploy k8s stop'
+  script:
+    - ./reg rm -d --auth-url $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $BACK_IMAGE_STABLE
+    - ./reg rm -d --auth-url $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $FRONT_IMAGE_STABLE
+  rules:
+    - if: '$FEATURE_DEPLOY_MR_ON_K8S != "1"'
+      when: never
+    - !reference [.MR rules, rules]
+  when: on_success
+

gitlab-ci/rules.gitlab-ci.yml

@@ -4,12 +4,21 @@
       if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
 .rc rules:
   rules:
-    - # Target only tags "a.b.c-rcX" and develop branch
-      if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-rc\.\d+$/ || $CI_COMMIT_REF_NAME =~ /^develop$/'
+    - # Target only tags "a.b.c-rcX" and main branch
+      if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-rc\.\d+$/ || $CI_COMMIT_REF_NAME =~ /^main/'
 .stable rules:
   rules:
-    - # Target only tags "a.b.c" and main branch
-      if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/ || $CI_COMMIT_REF_NAME =~ /^main$/'
+    - # Target only tags "a.b.c"
+      if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+$/'
+.hotfix rules:
+  rules:
+    - # Target tags and branches named `hotfix/...`
+      if: '$CI_COMMIT_TAG =~ /^hotfix\// || $CI_COMMIT_REF_NAME =~ /^hotfix\//'
+.except hotfix rules:
+  rules:
+    - # Target tags and branches named `hotfix/...`
+      if: '$CI_COMMIT_TAG =~ /^hotfix\// || $CI_COMMIT_REF_NAME =~ /^hotfix\//'
+      when: never
 
 
 workflow:
@@ -20,3 +29,5 @@ workflow:
     - !reference [.MR rules, rules]
     - !reference [.rc rules, rules]
     - !reference [.stable rules, rules]
+    - !reference [.hotfix rules, rules]
+    - !reference [.except hotfix rules, rules]

gitlab-ci/templates/build.gitlab-ci.yml

@@ -57,3 +57,19 @@
 .build image:
   extends:
     - '.build image kaniko'
+
+# IMAGE_TAG is required except if script part is overwrited (to allow multiple remove in one task).
+.delete image:
+  image: curlimages/curl:7.86.0
+  variables:
+    IMAGE_TAG: "" # Required
+    REG_SHA256: ade837fc5224acd8c34732bf54a94f579b47851cc6a7fd5899a98386b782e228
+    REG_VERSION: 0.16.1
+    GIT_STRATEGY: none
+  before_script:
+    - curl --fail --show-error --location "https://github.com/genuinetools/reg/releases/download/v$REG_VERSION/reg-linux-amd64" --output ./reg
+    - echo "$REG_SHA256  ./reg" | sha256sum -c -
+    - chmod a+x ./reg
+  script:
+    - if [[ -z $IMAGE_TAG ]]; then echo "IMAGE_TAG is required"; exit 1; fi
+    - ./reg rm -d --auth-url $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $IMAGE_TAG

gitlab-ci/templates/k8s.gitlab-ci.yml

@@ -1,9 +1,13 @@
 .deploy k8s start:
   image: thecodingmachine/k8s_gitlabci:latest
   variables:
+    #KUBERNETES_URL_SUFFIX: "" # Required
+    #KUBERNETES_PASSWORD_SECRET: "" # Required
     AUTOCONNECT: 1
     KUBECONFIG: "/root/.kube/config"
   before_script:
+    - if [[ -z $KUBERNETES_URL_SUFFIX ]]; then echo "KUBERNETES_URL_SUFFIX is required"; exit 1; fi
+    - if [[ -z $KUBERNETES_PASSWORD_SECRET ]]; then echo "KUBERNETES_PASSWORD_SECRET is required"; exit 1; fi
     - mkdir -p ~/.kube
     - echo "$KUBE_CONFIG" > ~/.kube/config
     - 'kubectl create namespace ${CI_PROJECT_PATH_SLUG}-${CI_COMMIT_REF_SLUG} || true'
@@ -42,3 +46,4 @@
   environment:
     name: "review/${CI_COMMIT_REF_NAME}"
     action: stop
+

gitlab-ci/test-back.gitlab-ci.yml

@@ -11,6 +11,9 @@ test back build:
     - exit 0
   needs:
     - 'build back dev'
+  rules:
+    - !reference [.except hotfix rules, rules]
+    - when: always
 
 test back analyze:
   stage: 'test'
@@ -22,17 +25,9 @@ test back analyze:
     - composer run phpmd
   needs:
     - 'test back build'
-
-test back analyze:
-  stage: 'test'
-  extends:
-    - '.app back'
-  script:
-    - composer run phpstan -- --no-progress
-    - composer run cs-check -- -n
-    - composer run phpmd
-  needs:
-    - 'test back build'
+  rules:
+    - !reference [.except hotfix rules, rules]
+    - when: always
 
 # TODO : have to be implemented
 #back unit test:
@@ -52,3 +47,6 @@ test back analyze:
 #    - composer run test
 #  needs:
 #    - 'test back build'
+#  rules:
+#    - !reference [.except hotfix rules, rules]
+#    - when: always

gitlab-ci/test-front.gitlab-ci.yml

@@ -1,24 +1,26 @@
 include:
   - local: 'gitlab-ci/templates/apps.gitlab-ci.yml'
 
-# required only if there is multiple tests for front part
-#test front build:
-#  stage: "test"
-#  needs:
-#    - 'build front dev'
-#  extends:
-#    - '.app front'
-#  script:
-#    - exit 0
-#  cache:
-#    - <<: *app_front_cache
-#      policy: pull-push
+test front build:
+  stage: "test"
+  needs:
+    - 'build front dev'
+  extends:
+    - '.app front cache-rw'
+  script:
+    - exit 0
+  rules:
+    - !reference [.except hotfix rules, rules]
+    - when: always
 
 front linter:
   stage: 'test'
   needs:
-    - 'build front dev'
+    - 'test front build'
   extends:
-    - '.app front cache-rw'
+    - '.app front'
   script:
     - yarn lint
+  rules:
+    - !reference [.except hotfix rules, rules]
+    - when: always