stages: - test - quality_check - build - push_tag - deploy_staging - deploy_production variables: NAMESPACE: "default" REGISTRY_GCP: europe-west1-docker.pkg.dev/ops-shared-e3afff9d/gitlab-pipeline IMAGE_NAME: "${REGISTRY_GCP}/${APPLICATION_NAME}" RELEASE_NAME: ${APPLICATION_NAME} CHART_DIR: helm-chart CI_TEMPLATES_GIT_USER: pipeline-git-ro CI_TEMPLATES_GIT_PROJECT_URL: gitlab.com/finboot/it-operations/ci-templates.git CI_TEMPLATES_GIT_PASSWORD: gphEDJxZScK9cC9qUdE3 GKE_REGION: europe-west1 MAVEN_OPTS: "-Djava.awt.headless=true -Dmaven.repo.local=./.m2/repository" MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version" .maven_cache: &maven_cache key: "maven_cache" paths: - .m2/repository .testing_maven_main: stage: test interruptible: true tags: - docker image: europe-west1-docker.pkg.dev/ops-shared-e3afff9d/sync-images/eclipse-temurin:pipeline cache: # inherit all global cache settings <<: *maven_cache variables: GOOGLE_APPLICATION_CREDENTIALS: .gcpserviceaccount.json JWT_PUB_KEY: ${JWT_PUB_CONTENT} JWT_TESTING_PUB_KEY: ${JWT_TESTING_PUB_CONTENT} # MIGRATIONS MYSQL_DATABASE: test_db MYSQL_ROOT_PASSWORD: rootpass MYSQL_USER: test_db_usr MYSQL_PASSWORD: test_db_usr_pass FLYWAY_URL: jdbc:mysql://mysql:3306/test_db FLYWAY_USER: test_db_usr FLYWAY_PASSWORD: test_db_usr_pass FLYWAY_LOCATIONS: classpath:db/migration/ddl,classpath:db/migration/data,classpath:db/migration/data-integration script: - apk update && apk add git gettext maven - echo $MAVEN_SETTINGS_CONTENT | base64 -d > .m2.settings.xml - mkdir -p /root/.m2 && cp .m2.settings.xml /root/.m2/settings2.xml - envsubst < /root/.m2/settings2.xml > /root/.m2/settings.xml - echo $GCP_SERVICE_ACCOUNT_CONTENT | base64 -d | base64 -d > .gcpserviceaccount.json - echo $MARCO_SERVICE_ACCOUNT_CONTENT | base64 -d | base64 -d > .marcoserviceaccount.json - echo $JWT_TESTING_PUB_KEY | base64 -d > jwtRS256.key.pub - echo MARCO_API_PARENT_URL = ${MARCO_API_PARENT_URL} - "mvn clean package $MAVEN_CLI_OPTS" artifacts: when: always paths: - ./target/*.jar - ./target/classes - ./target/jacoco.exec - ./target/site/jacoco/jacoco.xml - ./target/surefire-reports expire_in: 1 day .testing_maven_staging: extends: .testing_maven_main environment: name: staging variables: MARCO_API_PARENT_URL: https://api-marco.finboot-test.com rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' .testing_maven_prod: environment: name: production variables: MARCO_API_PARENT_URL: https://api-marco.finboot.com extends: .testing_maven_main rules: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH quality_check: image: europe-west1-docker.pkg.dev/ops-shared-e3afff9d/sync-images/sonarsource/sonar-scanner-cli:stable stage: quality_check interruptible: true tags: - docker script: - apk add --update bash libxml2-utils - TAG_VERSION=$(xmllint --xpath "//*[local-name()='project']/*[local-name()='version']/text()" pom.xml) - echo TAG_VERSION=${TAG_VERSION} - echo "${TAG_VERSION}" > tag-version - TAG_IMAGE=${TAG_VERSION}-${CI_COMMIT_SHORT_SHA} - echo "${TAG_IMAGE}" > tag-image - > sonar-scanner -Dsonar.projectKey=${APPLICATION_NAME} -Dsonar.projectVersion=${TAG_VERSION} -Dsonar.host.url=${SONAR_ENDPOINT} -Dsonar.login=${SONAR_TOKEN} -Dsonar.scm.provider=git -Dsonar.java.binaries=target/classes -Dsonar.coverage.jacoco.xmlReportPaths=target/site/jacoco/jacoco.xml -Dsonar.jacoco.reportPaths=target/jacoco.exec -Dsonar.qualitygate.wait=true allow_failure: false artifacts: paths: - tag-version - tag-image rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH build: stage: build interruptible: true tags: - docker image: name: europe-west1-docker.pkg.dev/ops-shared-e3afff9d/sync-images/finboot-custom/docker-git:stable entrypoint: [""] script: - apk add --update bash libxml2-utils curl #- apk add --update bash curl gettext nodejs npm - git clone https://${CI_TEMPLATES_GIT_USER}:${CI_TEMPLATES_GIT_PASSWORD}@${CI_TEMPLATES_GIT_PROJECT_URL} - cd ci-templates - scripts/notify-slack-start-pipeline.sh - cd ../ #- TAG_VERSION=$(node -p "require('./package.json').version" 2>/dev/null || echo "0.0.0") - TAG_VERSION=$(xmllint --xpath "//*[local-name()='project']/*[local-name()='version']/text()" pom.xml) - echo TAG_VERSION=${TAG_VERSION} - TAG_IMAGE=${TAG_VERSION}-${CI_COMMIT_SHORT_SHA} - echo TAG_IMAGE=${TAG_IMAGE} - docker build --no-cache -t "${IMAGE_NAME}:${TAG_IMAGE}" . - docker login -u _json_key -p "$SA_GCR" https://europe-west1-docker.pkg.dev - docker push "${IMAGE_NAME}:${TAG_IMAGE}" - echo Image uploaded "${IMAGE_NAME}:${TAG_IMAGE}" - echo "${TAG_IMAGE}" > tag-image allow_failure: false # Mandatory be success to continue artifacts: paths: - tag-version - tag-image rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH push_tag: stage: push_tag interruptible: true tags: - docker image: europe-west1-docker.pkg.dev/ops-shared-e3afff9d/sync-images/finboot-custom/docker-git:stable script: - TAG_IMAGE=$(cat tag-image) # CREATE TAG - git config user.email "${GITLAB_USER_EMAIL}" - git config user.name "${GITLAB_USER_NAME}" - echo "Debug gitlab.com/${CI_PROJECT_PATH}" - git tag - git remote set-url origin https://oauth2:${GITLAB_ACCESS_TOKEN}@gitlab.com/${CI_PROJECT_PATH} # Check if not exist this tag - | if git rev-parse "${TAG_IMAGE}" >/dev/null 2>&1; then echo "Tag Version $VERSION already exists" else git tag -a "${TAG_IMAGE}" -m "Version created by gitlab-ci Build" git push origin "${TAG_IMAGE}" fi allow_failure: false # Mandatory be success to continue artifacts: paths: - tag-version - tag-image rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH .deployment_script: tags: - docker image: europe-west1-docker.pkg.dev/ops-shared-e3afff9d/sync-images/finboot-custom/gitlab-job-deploy:stable script: - pip3 install untangle - mkdir -p /etc/deploy - echo ${SA_GKE} | base64 -d | base64 -d > /etc/deploy/sa.json - gcloud auth activate-service-account --key-file /etc/deploy/sa.json --project=${GKE_PROJECT} - gcloud container clusters get-credentials ${GKE_CLUSTER_NAME} --zone ${GKE_REGION} --project ${GKE_PROJECT} #- helm init --client-only - helm init --client-only --skip-refresh - helm repo rm stable - helm repo add stable https://charts.helm.sh/stable - helm list - TAG_IMAGE=$(cat tag-image) - echo TAG_IMAGE=${TAG_IMAGE} - git clone https://${CI_TEMPLATES_GIT_USER}:${CI_TEMPLATES_GIT_PASSWORD}@${CI_TEMPLATES_GIT_PROJECT_URL} - cd ci-templates - scripts/deploy.sh "${TAG_IMAGE}" artifacts: paths: - tag-version - tag-image timeout: 10m .deploy_staging_main: extends: .deployment_script variables: SA_GKE: ${SA_GKE_STAGE} GKE_PROJECT: ${STAGE_GKE_PROJECT} GKE_CLUSTER_NAME: ${STAGE_GKE_CLUSTER_NAME} HEALTHCHECK_MARCO_APPLICATION_TOKEN: ${STAGE_HEALTHCHECK_MARCO_APPLICATION_TOKEN} STACK: stage environment: name: staging url: https://${APPLICATION_NAME}.finboot-test.com rules: - if: $CI_PIPELINE_SOURCE == 'merge_request_event' when: manual # Force manual deploy for merge requests allow_failure: true # This allows us to merge without running this job in the merge request - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH .deploy_production_main: extends: .deployment_script variables: SA_GKE: ${SA_GKE_PROD} GKE_PROJECT: ${PROD_GKE_PROJECT} GKE_CLUSTER_NAME: ${PROD_GKE_CLUSTER_NAME} HEALTHCHECK_MARCO_APPLICATION_TOKEN: ${PROD_HEALTHCHECK_MARCO_APPLICATION_TOKEN} STACK: prod environment: name: production url: https://${APPLICATION_NAME}.finboot.com allow_failure: false # Mandatory be success to continue rules: - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH