From 2fcadc79527648d63ab9c45b0b9b031212b4ba56 Mon Sep 17 00:00:00 2001
From: Phil Elson <philip.elson@cern.ch>
Date: Fri, 16 Jul 2021 16:04:26 +0200
Subject: [PATCH] Add auth-service building to the CI.

---
 .dockerignore                         |  1 +
 .gitlab-ci.yml                        | 33 ++++++++++++++++++++---
 app-config/auth-service/Dockerfile    |  5 ++--
 app-config/openshift/buildconfig.yaml | 38 ---------------------------
 4 files changed, 34 insertions(+), 43 deletions(-)

diff --git a/.dockerignore b/.dockerignore
index 7863674d..3e974774 100644
--- a/.dockerignore
+++ b/.dockerignore
@@ -2,3 +2,4 @@ venv
 env*
 prototypes
 support
+Dockerfile
\ No newline at end of file
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 848cd620..f527c912 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -20,6 +20,35 @@ test_dev:
   extends: .acc_py_dev_test
 
 
+.image_builder:
+    # Build and push images to the openshift instance, which automatically triggers an application re-deployment.
+    stage: deploy
+    image:
+        # Based on guidance at https://gitlab.cern.ch/gitlabci-examples/build_docker_image.
+        name: gitlab-registry.cern.ch/ci-tools/docker-image-builder
+        entrypoint: [""]
+    rules:
+        - if: '$OPENSHIFT_DOCKER_TOKEN_TEST != "" && $CI_COMMIT_BRANCH == "live/test-cara"'
+          variables:
+            DOCKER_REGISTRY: "${OPENSHIFT_DOCKER_REGISTRY_TEST}"
+            DOCKER_TOKEN: "${OPENSHIFT_DOCKER_TOKEN_TEST}"
+        - if: '$OPENSHIFT_DOCKER_TOKEN_PROD != "" && $CI_COMMIT_BRANCH == "master"'
+          variables:
+            DOCKER_REGISTRY: "${OPENSHIFT_DOCKER_REGISTRY_PROD}"
+            DOCKER_TOKEN: "${OPENSHIFT_DOCKER_TOKEN_PROD}"
+    script:
+        - echo "{\"auths\":{\"$DOCKER_REGISTRY\":{\"auth\":\"$DOCKER_TOKEN\"}}}" > /kaniko/.docker/config.json
+        - /kaniko/executor --context $CI_PROJECT_DIR/$DOCKERFILE_DIRECTORY --dockerfile $CI_PROJECT_DIR/$DOCKERFILE_DIRECTORY/Dockerfile --destination $DOCKER_REGISTRY/$IMAGE_NAME:latest
+
+
+auth-service-image_builder:
+  extends:
+    - .image_builder
+  variables:
+    IMAGE_NAME: auth-service
+    DOCKERFILE_DIRECTORY: app-config/auth-service
+
+
 trigger_build_on_openshift:
     stage: deploy
     rules:
@@ -27,7 +56,6 @@ trigger_build_on_openshift:
     script:
         - curl -X POST -k https://openshift.cern.ch:443/apis/build.openshift.io/v1/namespaces/cara/buildconfigs/cara-router/webhooks/${OPENSHIFT_BUILD_WEBHOOK_SECRET}/generic
         - curl -X POST -k https://openshift.cern.ch:443/apis/build.openshift.io/v1/namespaces/cara/buildconfigs/cara-webservice/webhooks/${OPENSHIFT_BUILD_WEBHOOK_SECRET}/generic
-        - curl -X POST -k https://openshift.cern.ch:443/apis/build.openshift.io/v1/namespaces/cara/buildconfigs/auth-service/webhooks/${OPENSHIFT_BUILD_WEBHOOK_SECRET}/generic
 
 
 deploy_to_test:
@@ -37,7 +65,6 @@ deploy_to_test:
     script:
         - curl -X POST -k https://openshift-dev.cern.ch:443/apis/build.openshift.io/v1/namespaces/test-cara/buildconfigs/cara-router/webhooks/${OPENSHIFT_TEST_BUILD_WEBHOOK_SECRET}/generic
         - curl -X POST -k https://openshift-dev.cern.ch:443/apis/build.openshift.io/v1/namespaces/test-cara/buildconfigs/cara-webservice/webhooks/${OPENSHIFT_TEST_BUILD_WEBHOOK_SECRET}/generic
-        - curl -X POST -k https://openshift-dev.cern.ch:443/apis/build.openshift.io/v1/namespaces/test-cara/buildconfigs/auth-service/webhooks/${OPENSHIFT_TEST_BUILD_WEBHOOK_SECRET}/generic
 
 
 oci_calculator:
@@ -45,7 +72,7 @@ oci_calculator:
   stage: deploy
   rules:
     # Only run if branch is master (the default branch).
-    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH   
+    - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
   image:
         name: gitlab-registry.cern.ch/ci-tools/docker-image-builder
         entrypoint: [""]
diff --git a/app-config/auth-service/Dockerfile b/app-config/auth-service/Dockerfile
index 01ddf2fa..3c726961 100644
--- a/app-config/auth-service/Dockerfile
+++ b/app-config/auth-service/Dockerfile
@@ -3,11 +3,12 @@ FROM condaforge/mambaforge as conda
 RUN mamba create --yes -p /opt/app python=3.9
 COPY . /opt/app-source
 RUN conda run -p /opt/app python -m pip install /opt/app-source
-RUN find -name '*.a' -delete \
+RUN cd /opt/app \
+ && find -name '*.a' -delete \
  && rm -rf /opt/app/conda-meta \
  && rm -rf /opt/app/include \
  && find -name '__pycache__' -type d -exec rm -rf '{}' '+' \
- && rm -rf /opt/app/lib/python*/site-packages/pip /opt/ap/lib/python*/idlelib /opt/app/lib/python*/ensurepip \
+ && rm -rf /opt/app/lib/python*/site-packages/pip /opt/app/lib/python*/idlelib /opt/app/lib/python*/ensurepip \
         /opt/app/bin/x86_64-conda-linux-gnu-ld \
         /opt/app/bin/sqlite3 \
         /opt/app/bin/openssl \
diff --git a/app-config/openshift/buildconfig.yaml b/app-config/openshift/buildconfig.yaml
index 0018b9a3..f1f6b8f0 100644
--- a/app-config/openshift/buildconfig.yaml
+++ b/app-config/openshift/buildconfig.yaml
@@ -10,44 +10,6 @@
   labels:
     template: "cara-application"
   objects:
-    -
-      kind: BuildConfig
-      apiVersion: v1
-      metadata:
-        name: auth-service
-        labels:
-          template: "cara-application"
-      spec:
-        source:
-          type: Git
-          git:
-            ref: ${GIT_BRANCH}
-            uri: ${GIT_REPO}
-          contextDir: app-config/auth-service
-          sourceSecret:
-            name: sshdeploykey
-        postCommit: {}
-        resources: {}
-        runPolicy: Serial
-        output:
-          to:
-            kind: ImageStreamTag
-            name: 'auth-service:latest'
-        strategy:
-          sourceStrategy:
-            from:
-              kind: ImageStreamTag
-              name: 'python:3.6'
-              namespace: openshift
-          type: Source
-        triggers:
-          - imageChange: {}
-            type: ImageChange
-          - generic:
-              secretReference:
-                name: gitlab-cara-webhook-secret
-            type: Generic
-        nodeSelector: null
     -
       kind: BuildConfig
       apiVersion: v1