stages:
- prebuild
- build
- pack-centos
- pack-ubuntu
- pack-debian
- sign
- deploy
- test_rpm
#workflow:
# rules:
# - if: $CI_PIPELINE_SOURCE == "merge_request_event"
# - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
# - if: $CI_PIPELINE_SOURCE == "web"
variables:
GIT_DEPTH: 0
GIT_SUBMODULE_STRATEGY: recursive
BASE_IMAGE: build-base:latest
CARGO_INCREMENTAL: 0
CARGO_HOME: ${CI_PROJECT_DIR}/.cargo
REGISTRY_IMAGE: docker-public.binary.picodata.io
RAW_REGISTRY: https://binary.picodata.io/repository/raw-private/
#
# See also:
# GitLab CI/CD predefined variables
# https://docs.gitlab.com/ee/ci/variables/predefined_variables.html
#
# CI_COMMIT_SHA: The commit revision the project is built for
# CI_REGISTRY: The address of the GitLab Container Registry
# CI_REGISTRY_USER: The username to push containers to the project’s
# GitLab Container Registry
# CI_REGISTRY_PASSWORD: The password to push containers to the project’s
# GitLab Container Registry
# CI_REGISTRY_IMAGE: The address of the project’s Container Registry
docker-build-base:
stage: prebuild
image: docker:20
tags:
- dind
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
changes:
- docker-build-base/Dockerfile
before_script:
- mkdir -p $CI_PROJECT_DIR/.docker
- echo $DOCKER_AUTH_RW > $CI_PROJECT_DIR/.docker/config.json
script:
- docker pull ${REGISTRY_IMAGE}/${BASE_IMAGE} || true
- >
docker build
--pull
--label GIT_COMMIT=${CI_COMMIT_SHA}
--cache-from ${REGISTRY_IMAGE}/${BASE_IMAGE}
-t ${REGISTRY_IMAGE}/${BASE_IMAGE}
-f ./docker-build-base/Dockerfile
./docker-build-base
- docker --config $CI_PROJECT_DIR/.docker/ push ${REGISTRY_IMAGE}/${BASE_IMAGE}
build:
image: ${REGISTRY_IMAGE}/${BASE_IMAGE}
stage: build
tags:
- docker
script:
# - git submodule foreach --recursive 'git fetch --tags; git describe --always'
- pushd tarantool-sys; git describe; popd
- pushd tarantool-sys/third_party/luajit; git describe; popd
- cargo -V
- cargo build --locked
- cargo test --locked
- cargo fmt -- -v --check
- cargo clippy --version
- cargo clippy -- --deny clippy::all
- PIPENV_VENV_IN_PROJECT=1 PIP_NO_CACHE_DIR=true python3.10 -m pipenv install --deploy
- pipenv run pytest --numprocesses 2 -v
- pipenv run lint
cache:
paths:
- target
- .cargo
- .venv
build-package-centos:
stage: pack-centos
tags:
- shell
only:
- web
- tags
before_script:
- git submodule update --init --recursive
- git clone https://github.com/packpack/packpack.git packpack
- sed -i "s/(id -u)/(id -u) -o/g" packpack/packpack
script:
- |
pushd tarantool-sys; export VER_TNT=$(git describe --long | sed -n 's/^\([0-9\.]*\)-\([0-9]*\)-\([a-z0-9]*\)/\1.\2/p'); popd
OS=centos DIST=7 PRESERVE_ENVVARS=VER_TNT packpack/packpack
OS=centos DIST=8 PRESERVE_ENVVARS=VER_TNT packpack/packpack
artifacts:
paths:
- build/picodata*.rpm
dependencies: []
build-package-ubuntu:
tags:
- shell
stage: pack-ubuntu
only:
- web
- tags
before_script:
- git submodule update --init --recursive
- git clone https://github.com/packpack/packpack.git packpack
- git describe --long
script:
- |
pushd tarantool-sys; export VER_TNT=$(git describe --long | sed -n 's/^\([0-9\.]*\)-\([0-9]*\)-\([a-z0-9]*\)/\1.\2/p'); popd
OS=ubuntu DIST=focal PRESERVE_ENVVARS=VER_TNT BUILDDIR=$PWD/build_ubuntu/ RELEASE=${DIST} packpack/packpack
artifacts:
paths:
- build_ubuntu/*.deb
dependencies: []
build-package-debian:
tags:
- shell
stage: pack-debian
only:
- web
- tags
before_script:
- git submodule update --init --recursive
- git clone https://github.com/packpack/packpack.git packpack
- git describe --long
script:
- |
pushd tarantool-sys; export VER_TNT=$(git describe --long | sed -n 's/^\([0-9\.]*\)-\([0-9]*\)-\([a-z0-9]*\)/\1.\2/p'); popd
OS=debian DIST=bullseye PRESERVE_ENVVARS=VER_TNT BUILDDIR=$PWD/build_debian/ RELEASE=${DIST} packpack/packpack
artifacts:
paths:
- build_debian/*.deb
dependencies: []
sign-rpm-packages:
variables:
DOCKER_AUTH_CONFIG: $DOCKER_AUTH_RO
stage: sign
tags:
- shell
only:
- web
- tags
before_script:
- mkdir -p $CI_PROJECT_DIR/.docker
- echo $DOCKER_AUTH_RW > $CI_PROJECT_DIR/.docker/config.json
- echo "$GPG_KEY_KDY" | base64 -d > build/kdy.asc
script:
- docker run --rm -e KEY_FILE=kdy.asc -v $PWD/build:/build docker-picodata.binary.picodata.io/rpmsign:centos7
artifacts:
paths:
- build/picodata*.rpm
dependencies:
- build-package-centos
deploy-job:
stage: deploy
tags:
- shell
only:
- web
- tags
before_script:
- eval $(ssh-agent -s)
- echo "$DEPLOY_PROD_SSH_KEY" | base64 -d | ssh-add -
script:
# CentOS 7
- echo "Deploying rpm-centos7-packet..."
- scp -o stricthostkeychecking=no build/picodata*.el7.*rpm ansible@94.26.239.246:/data/nginx/www/packrepo/tarantool-picodata/el/7/x86_64/
- ssh -o stricthostkeychecking=no ansible@94.26.239.246 "cd /data/nginx/www/packrepo/tarantool-picodata/el/7/ && createrepo --update x86_64 && gpg --no-tty --yes -u kdy@picodata.io --detach-sign --armor x86_64/repodata/repomd.xml"
- echo "rpm-centos7-packet successfully deployed."
- echo
# CentOS 8
- echo "Deploying rpm-centos8-packet..."
- scp -o stricthostkeychecking=no build/picodata*.el8.*rpm ansible@94.26.239.246:/data/nginx/www/packrepo/tarantool-picodata/el/8/x86_64/
- ssh -o stricthostkeychecking=no ansible@94.26.239.246 "cd /data/nginx/www/packrepo/tarantool-picodata/el/8/ && createrepo --update x86_64 && gpg --no-tty --yes -u kdy@picodata.io --detach-sign --armor x86_64/repodata/repomd.xml"
- echo "rpm-centos8-packet successfully deployed."
- echo
# Ubuntu
- echo "Deploying ubuntu deb-packets..."
- ssh -o stricthostkeychecking=no ansible@94.26.239.246 "mkdir -p ~/.deb/ubuntu"
- scp -o stricthostkeychecking=no build_ubuntu/picodata*deb ansible@94.26.239.246:.deb/ubuntu/
- ssh -o stricthostkeychecking=no ansible@94.26.239.246 "reprepro -b /data/nginx/www/packrepo/tarantool-picodata/ubuntu/ -C main includedeb focal ~/.deb/ubuntu/picodata*focal*deb; rm ~/.deb/ubuntu/picodata*focal*deb"
- echo "ubuntu deb-packets successfully deployed."
- echo
# Debian
- echo "Deploying debian packets..."
- ssh -o stricthostkeychecking=no ansible@94.26.239.246 "mkdir -p ~/.deb/debian"
- scp -o stricthostkeychecking=no build_debian/picodata*deb ansible@94.26.239.246:.deb/debian/
- ssh -o stricthostkeychecking=no ansible@94.26.239.246 "reprepro -b /data/nginx/www/packrepo/tarantool-picodata/debian/ -C main includedeb bullseye ~/.deb/debian/picodata*bullseye*deb; rm ~/.deb/debian/picodata*bullseye*deb"
- echo "debian packets successfully deployed."
dependencies:
- build-package-ubuntu
- build-package-debian
- sign-rpm-packages
test_el7:
stage: test_rpm
only:
- web
- tags
tags: [docker]
image: centos:7
before_script:
- rpm --import https://download.picodata.io/tarantool-picodata/el/RPM-GPG-KEY-kdy
- yum install -y https://download.picodata.io/tarantool-picodata/el/7/x86_64/picodata-release-1.1.0.11-1.el7.x86_64.rpm
script:
- yum install -y picodata
test_el8:
stage: test_rpm
only:
- web
- tags
tags: [docker]
image: rockylinux:8
before_script:
- rpm --import https://download.picodata.io/tarantool-picodata/el/RPM-GPG-KEY-kdy
- yum install -y https://download.picodata.io/tarantool-picodata/el/8/x86_64/picodata-release-1.1.0.11-1.el8.x86_64.rpm
script:
- yum install -y picodata