stages: - test - docker-build - deploy # Use the acc-py-devtools templates found at # https://gitlab.cern.ch/-/ide/project/acc-co/devops/python/acc-py-devtools/blob/master/-/acc_py_devtools/templates/gitlab-ci/python.yml. include: - project: acc-co/devops/python/acc-py-devtools file: acc_py_devtools/templates/gitlab-ci/python.yml variables: PY_VERSION: "3.11" # ################################################################################################### # Test code - CAiMIRA (model) and CERN CAiMIRA (CERN's UI) .test-base: image: registry.cern.ch/docker.io/library/python:${PY_VERSION} stage: test rules: # do not run tests on live/caimira-test branch or tags - if: $CI_COMMIT_BRANCH != "live/caimira-test" - if: $CI_COMMIT_TAG when: never .test-run: extends: - .test-base script: - cd ./${PROJECT_ROOT} - pip install -e .[test] - python -m pytest test-caimira-py311: variables: PROJECT_ROOT: "caimira" extends: - .test-run test-cern-caimira-py311: before_script: - cd ./caimira - pip install -e .[test] - cd ../ variables: PROJECT_ROOT: "cern_caimira" extends: - .test-run test-caimira-py39: variables: PY_VERSION: "3.9" PROJECT_ROOT: "caimira" extends: - test-caimira-py311 test-cern-caimira-py39: variables: PY_VERSION: "3.9" PROJECT_ROOT: "cern_caimira" extends: - test-cern-caimira-py311 # ################################################################################################### # Test OpenShift config .test_openshift_config: stage: test allow_failure: true image: registry.cern.ch/docker.io/mambaorg/micromamba before_script: - micromamba create --yes -p $HOME/env python=3.9 ruamel.yaml wget -c conda-forge - export PATH=$HOME/env/bin/:$PATH - wget https://github.com/openshift/origin/releases/download/v3.11.0/openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz - tar xzf ./openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit.tar.gz - mv openshift-origin-client-tools-v3.11.0-0cbc58b-linux-64bit/oc $HOME/env/bin/ script: - cd ./app-config/openshift - oc login ${OC_SERVER} --token="${OC_TOKEN}" - python ./config-fetch.py ${CAIMIRA_INSTANCE} --output-directory ./${CAIMIRA_INSTANCE}/actual - python ./config-generate.py ${CAIMIRA_INSTANCE} --output-directory ./${CAIMIRA_INSTANCE}/expected - python ./config-normalise.py ./${CAIMIRA_INSTANCE}/actual ./${CAIMIRA_INSTANCE}/actual-normed - python ./config-normalise.py ./${CAIMIRA_INSTANCE}/expected ./${CAIMIRA_INSTANCE}/expected-normed - diff -u ./${CAIMIRA_INSTANCE}/actual-normed/ ./${CAIMIRA_INSTANCE}/expected-normed/ artifacts: paths: - ./app-config/openshift/${CAIMIRA_INSTANCE}/actual - ./app-config/openshift/${CAIMIRA_INSTANCE}/expected check_openshift_config_test: extends: .test_openshift_config variables: CAIMIRA_INSTANCE: 'caimira-test' OC_SERVER: https://api.paas.okd.cern.ch OC_TOKEN: "${OPENSHIFT_CAIMIRA_TEST_CONFIG_CHECKER_TOKEN}" rules: - if: $CI_COMMIT_BRANCH == "live/caimira-test" check_openshift_config_prod: extends: .test_openshift_config variables: CAIMIRA_INSTANCE: 'caimira-prod' OC_SERVER: https://api.paas.okd.cern.ch OC_TOKEN: "${OPENSHIFT_CAIMIRA_PROD_CONFIG_CHECKER_TOKEN}" rules: - if: $CI_COMMIT_BRANCH == "master" # ################################################################################################### # Build docker images # base .docker-build: stage: docker-build image: # Based on guidance at https://gitlab.cern.ch/gitlabci-examples/build_docker_image. # The kaniko debug image is recommended because it has a shell, and a shell is required for an image to be used with GitLab CI/CD. name: gcr.io/kaniko-project/executor:debug entrypoint: [""] script: - echo "Building image for ${CI_COMMIT_REF_NAME} branch with tag ${IMAGE_TAG} and latest" # Prepare Kaniko configuration file - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json # Build and push the image from the Dockerfile - /kaniko/executor --context ${CI_PROJECT_DIR}/${DOCKER_CONTEXT_DIRECTORY} --dockerfile ${CI_PROJECT_DIR}/${DOCKERFILE_DIRECTORY}/Dockerfile --destination ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG} --destination ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:latest # Print the full registry path of the pushed image - echo "Image pushed successfully to ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG}" .docker-build-auth-service: variables: IMAGE_NAME: auth-service DOCKERFILE_DIRECTORY: app-config/auth-service DOCKER_CONTEXT_DIRECTORY: app-config/auth-service extends: .docker-build .docker-build-calculator-app: variables: IMAGE_NAME: calculator-app DOCKERFILE_DIRECTORY: app-config/calculator-app DOCKER_CONTEXT_DIRECTORY: "" extends: .docker-build .docker-build-docs: variables: IMAGE_NAME: caimira-docs DOCKERFILE_DIRECTORY: "caimira/docs" DOCKER_CONTEXT_DIRECTORY: "caimira" extends: .docker-build # on push to live/caimira-test .docker-build-test: variables: IMAGE_TAG: caimira-test-latest docker-build-auth-service-test: extends: - .docker-build-test - .docker-build-auth-service rules: - if: $CI_COMMIT_BRANCH == "live/caimira-test" docker-build-calculator-app-test: extends: - .docker-build-test - .docker-build-calculator-app rules: - if: $CI_COMMIT_BRANCH == "live/caimira-test" docker-build-docs-test: extends: - .docker-build-docs variables: IMAGE_TAG: caimira-test-docs-latest rules: - if: $CI_COMMIT_BRANCH == "live/caimira-test" # on release .docker-build-release: before_script: # Extract version number without 'v' prefix as IMAGE_TAG - IMAGE_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//') - echo "Version is $IMAGE_TAG" docker-build-auth-service-release: extends: - .docker-build-release - .docker-build-auth-service rules: - if: $CI_COMMIT_TAG docker-build-calculator-app-release: extends: - .docker-build-release - .docker-build-calculator-app rules: - if: $CI_COMMIT_TAG docker-build-docs-release: extends: - .docker-build-release - .docker-build-docs variables: IMAGE_TAG: caimira-docs-latest rules: - if: $CI_COMMIT_TAG # ################################################################################################### # Deploy to OpenShift .deploy: stage: deploy image: gitlab-registry.cern.ch/paas-tools/openshift-client variables: IMAGE_TAG: caimira-test-latest OPENSHIFT_SERVER: https://api.paas.okd.cern.ch OPENSHIFT_PROJECT: caimira-test script: - echo "Deploying ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG} to OpenShift" - oc login $OPENSHIFT_SERVER --token=$OPENSHIFT_CAIMIRA_TEST_DEPLOY_TOKEN - oc project $OPENSHIFT_PROJECT - oc set image deployment/$OPENSHIFT_DEPLOYMENT $OPENSHIFT_CONTAINER_NAME=${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${IMAGE_TAG} - oc rollout status deployment/$OPENSHIFT_DEPLOYMENT rules: - if: $CI_COMMIT_BRANCH == "live/caimira-test" deploy-auth-service-test: extends: .deploy variables: IMAGE_NAME: auth-service OPENSHIFT_DEPLOYMENT: auth-service OPENSHIFT_CONTAINER_NAME: auth-service deploy-calculator-app-test: extends: .deploy variables: IMAGE_NAME: calculator-app OPENSHIFT_DEPLOYMENT: calculator-app OPENSHIFT_CONTAINER_NAME: calculator-app deploy-calculator-open-app-test: extends: .deploy variables: IMAGE_NAME: calculator-app OPENSHIFT_DEPLOYMENT: calculator-open-app OPENSHIFT_CONTAINER_NAME: calculator-open-app deploy-docs-test: extends: .deploy variables: IMAGE_NAME: caimira-docs OPENSHIFT_DEPLOYMENT: caimira-test-docs OPENSHIFT_CONTAINER_NAME: caimira-test-docs # ################################################################################################### # Publish on PyPI .publish-to-pypi: stage: deploy image: python:3.12 script: - cd caimira - pip install build twine - python -m build - twine upload dist/* -u $PYPI_USERNAME -p $PYPI_TOKEN rules: - if: $CI_COMMIT_TAG publish-caimira: extends: .publish-to-pypi variables: PYPI_USERNAME: __token__ PYPI_TOKEN: $PYPI_TOKEN rules: - if: $CI_COMMIT_TAG