Add auth-service building to the CI.

2021-07-16 16:04:26 +02:00 · 2021-07-16 16:04:26 +02:00 · 2fcadc7952
commit 2fcadc7952
parent d7199f7a15
4 changed files with 34 additions and 43 deletions
--- a/.dockerignore
+++ b/.dockerignore
@ -2,3 +2,4 @@ venv
 env*
 prototypes
 support
+Dockerfile
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -20,6 +20,35 @@ test_dev:
  extends: .acc_py_dev_test


+.image_builder:
+    # Build and push images to the openshift instance, which automatically triggers an application re-deployment.
+    stage: deploy
+    image:
+        # Based on guidance at https://gitlab.cern.ch/gitlabci-examples/build_docker_image.
+        name: gitlab-registry.cern.ch/ci-tools/docker-image-builder
+        entrypoint: [""]
+    rules:
+        - if: '$OPENSHIFT_DOCKER_TOKEN_TEST != "" && $CI_COMMIT_BRANCH == "live/test-cara"'
+          variables:
+            DOCKER_REGISTRY: "${OPENSHIFT_DOCKER_REGISTRY_TEST}"
+            DOCKER_TOKEN: "${OPENSHIFT_DOCKER_TOKEN_TEST}"
+        - if: '$OPENSHIFT_DOCKER_TOKEN_PROD != "" && $CI_COMMIT_BRANCH == "master"'
+          variables:
+            DOCKER_REGISTRY: "${OPENSHIFT_DOCKER_REGISTRY_PROD}"
+            DOCKER_TOKEN: "${OPENSHIFT_DOCKER_TOKEN_PROD}"
+    script:
+        - echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"auth\":\"$DOCKER_TOKEN\"}}}" > /kaniko/.docker/config.json
+        - /kaniko/executor --context $CI_PROJECT_DIR/$DOCKERFILE_DIRECTORY --dockerfile $CI_PROJECT_DIR/$DOCKERFILE_DIRECTORY/Dockerfile --destination $DOCKER_REGISTRY/$IMAGE_NAME:latest
+
+
+auth-service-image_builder:
+  extends:
+    - .image_builder
+  variables:
+    IMAGE_NAME: auth-service
+    DOCKERFILE_DIRECTORY: app-config/auth-service
+
+
 trigger_build_on_openshift:
    stage: deploy
    rules:
@ -27,7 +56,6 @@ trigger_build_on_openshift:
    script:
        - curl -X POST -k https://openshift.cern.ch:443/apis/build.openshift.io/v1/namespaces/cara/buildconfigs/cara-router/webhooks/${OPENSHIFT_BUILD_WEBHOOK_SECRET}/generic
        - curl -X POST -k https://openshift.cern.ch:443/apis/build.openshift.io/v1/namespaces/cara/buildconfigs/cara-webservice/webhooks/${OPENSHIFT_BUILD_WEBHOOK_SECRET}/generic
-        - curl -X POST -k https://openshift.cern.ch:443/apis/build.openshift.io/v1/namespaces/cara/buildconfigs/auth-service/webhooks/${OPENSHIFT_BUILD_WEBHOOK_SECRET}/generic


 deploy_to_test:
@ -37,7 +65,6 @@ deploy_to_test:
    script:
        - curl -X POST -k https://openshift-dev.cern.ch:443/apis/build.openshift.io/v1/namespaces/test-cara/buildconfigs/cara-router/webhooks/${OPENSHIFT_TEST_BUILD_WEBHOOK_SECRET}/generic
        - curl -X POST -k https://openshift-dev.cern.ch:443/apis/build.openshift.io/v1/namespaces/test-cara/buildconfigs/cara-webservice/webhooks/${OPENSHIFT_TEST_BUILD_WEBHOOK_SECRET}/generic
-        - curl -X POST -k https://openshift-dev.cern.ch:443/apis/build.openshift.io/v1/namespaces/test-cara/buildconfigs/auth-service/webhooks/${OPENSHIFT_TEST_BUILD_WEBHOOK_SECRET}/generic


 oci_calculator:
@ -45,7 +72,7 @@ oci_calculator:
  stage: deploy
  rules:
    # Only run if branch is master (the default branch).
-    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH   
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
  image:
        name: gitlab-registry.cern.ch/ci-tools/docker-image-builder
        entrypoint: [""]
--- a/app-config/auth-service/Dockerfile
+++ b/app-config/auth-service/Dockerfile
@ -3,11 +3,12 @@ FROM condaforge/mambaforge as conda
 RUN mamba create --yes -p /opt/app python=3.9
 COPY . /opt/app-source
 RUN conda run -p /opt/app python -m pip install /opt/app-source
-RUN find -name '*.a' -delete \
+RUN cd /opt/app \
+ && find -name '*.a' -delete \
 && rm -rf /opt/app/conda-meta \
 && rm -rf /opt/app/include \
 && find -name '__pycache__' -type d -exec rm -rf '{}' '+' \
- && rm -rf /opt/app/lib/python*/site-packages/pip /opt/ap/lib/python*/idlelib /opt/app/lib/python*/ensurepip \
+ && rm -rf /opt/app/lib/python*/site-packages/pip /opt/app/lib/python*/idlelib /opt/app/lib/python*/ensurepip \
        /opt/app/bin/x86_64-conda-linux-gnu-ld \
        /opt/app/bin/sqlite3 \
        /opt/app/bin/openssl \
--- a/app-config/openshift/buildconfig.yaml
+++ b/app-config/openshift/buildconfig.yaml
@ -10,44 +10,6 @@
  labels:
    template: "cara-application"
  objects:
-    -
-      kind: BuildConfig
-      apiVersion: v1
-      metadata:
-        name: auth-service
-        labels:
-          template: "cara-application"
-      spec:
-        source:
-          type: Git
-          git:
-            ref: ${GIT_BRANCH}
-            uri: ${GIT_REPO}
-          contextDir: app-config/auth-service
-          sourceSecret:
-            name: sshdeploykey
-        postCommit: {}
-        resources: {}
-        runPolicy: Serial
-        output:
-          to:
-            kind: ImageStreamTag
-            name: 'auth-service:latest'
-        strategy:
-          sourceStrategy:
-            from:
-              kind: ImageStreamTag
-              name: 'python:3.6'
-              namespace: openshift
-          type: Source
-        triggers:
-          - imageChange: {}
-            type: ImageChange
-          - generic:
-              secretReference:
-                name: gitlab-cara-webhook-secret
-            type: Generic
-        nodeSelector: null
    -
      kind: BuildConfig
      apiVersion: v1