@catladder/pipeline 1.159.1 → 1.161.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (109) hide show
  1. package/dist/bundles/catladder-gitlab/index.js +2 -2
  2. package/dist/constants.js +1 -1
  3. package/dist/tsconfig.tsbuildinfo +1 -1
  4. package/examples/.test-gen-ignore +1 -0
  5. package/examples/__snapshots__/{cloud-run-memory-limit.ts.snap → cloud-run-memory-limit.test.ts.snap} +1 -1
  6. package/examples/__snapshots__/{cloud-run-meteor-with-worker.ts.snap → cloud-run-meteor-with-worker.test.ts.snap} +1 -1
  7. package/examples/__snapshots__/{cloud-run-no-cpu-throttling.ts.snap → cloud-run-no-cpu-throttling.test.ts.snap} +1 -1
  8. package/examples/__snapshots__/{cloud-run-no-service.ts.snap → cloud-run-no-service.test.ts.snap} +1 -1
  9. package/examples/__snapshots__/{cloud-run-non-public.ts.snap → cloud-run-non-public.test.ts.snap} +1 -1
  10. package/examples/__snapshots__/{cloud-run-post-stop-job.ts.snap → cloud-run-post-stop-job.test.ts.snap} +1 -1
  11. package/examples/__snapshots__/{cloud-run-service-gen2.ts.snap → cloud-run-service-gen2.test.ts.snap} +1 -1
  12. package/examples/__snapshots__/{cloud-run-service-increase-timout.ts.snap → cloud-run-service-increase-timout.test.ts.snap} +1 -1
  13. package/examples/__snapshots__/{cloud-run-service-with-volumes.ts.snap → cloud-run-service-with-volumes.test.ts.snap} +1 -1
  14. package/examples/__snapshots__/{cloud-run-storybook.ts.snap → cloud-run-storybook.test.ts.snap} +1 -1
  15. package/examples/__snapshots__/{cloud-run-with-ngnix.ts.snap → cloud-run-with-ngnix.test.ts.snap} +1 -1
  16. package/examples/__snapshots__/{cloud-run-with-sql-reuse-db.ts.snap → cloud-run-with-sql-reuse-db.test.ts.snap} +1 -1
  17. package/examples/__snapshots__/{cloud-run-with-sql.ts.snap → cloud-run-with-sql.test.ts.snap} +1 -1
  18. package/examples/__snapshots__/{cloud-run-with-worker.ts.snap → cloud-run-with-worker.test.ts.snap} +1 -1
  19. package/examples/__snapshots__/{custom-build-job-with-tests.ts.snap → custom-build-job-with-tests.test.ts.snap} +1 -1
  20. package/examples/__snapshots__/{custom-build-job.ts.snap → custom-build-job.test.ts.snap} +1 -1
  21. package/examples/__snapshots__/{custom-deploy.ts.snap → custom-deploy.test.ts.snap} +1 -1
  22. package/examples/__snapshots__/{custom-envs.ts.snap → custom-envs.test.ts.snap} +1 -1
  23. package/examples/__snapshots__/{custom-sbom-java.ts.snap → custom-sbom-java.test.ts.snap} +1 -1
  24. package/examples/__snapshots__/{git-submodule.ts.snap → git-submodule.test.ts.snap} +1 -1
  25. package/examples/__snapshots__/{kubernetes-application-customization.ts.snap → kubernetes-application-customization.test.ts.snap} +1 -1
  26. package/examples/__snapshots__/{kubernetes-with-cloud-sql-legacy.ts.snap → kubernetes-with-cloud-sql-legacy.test.ts.snap} +1 -1
  27. package/examples/__snapshots__/{kubernetes-with-cloud-sql.ts.snap → kubernetes-with-cloud-sql.test.ts.snap} +1 -1
  28. package/examples/__snapshots__/{kubernetes-with-jobs.ts.snap → kubernetes-with-jobs.test.ts.snap} +1 -1
  29. package/examples/__snapshots__/{kubernetes-with-mongodb.ts.snap → kubernetes-with-mongodb.test.ts.snap} +1 -1
  30. package/examples/__snapshots__/{local-dot-env.ts.snap → local-dot-env.test.ts.snap} +1 -1
  31. package/examples/__snapshots__/{meteor-kubernetes.ts.snap → meteor-kubernetes.test.ts.snap} +1 -1
  32. package/examples/__snapshots__/{multiline-var.ts.snap → multiline-var.test.ts.snap} +1 -1
  33. package/examples/__snapshots__/{native-app.ts.snap → native-app.test.ts.snap} +1 -1
  34. package/examples/__snapshots__/{node-build-with-custom-image.ts.snap → node-build-with-custom-image.test.ts.snap} +1 -1
  35. package/examples/__snapshots__/{node-build-with-docker-additions.ts.snap → node-build-with-docker-additions.test.ts.snap} +1 -1
  36. package/examples/__snapshots__/rails-k8s-with-worker-dockerfile.test.ts.snap +2011 -0
  37. package/examples/__snapshots__/rails-k8s-with-worker.test.ts.snap +1995 -0
  38. package/examples/__snapshots__/{wait-for-other-deploy.ts.snap → wait-for-other-deploy.test.ts.snap} +1 -1
  39. package/examples/cloud-run-memory-limit.test.ts +10 -0
  40. package/examples/cloud-run-memory-limit.ts +6 -4
  41. package/examples/cloud-run-meteor-with-worker.test.ts +10 -0
  42. package/examples/cloud-run-meteor-with-worker.ts +6 -4
  43. package/examples/cloud-run-no-cpu-throttling.test.ts +10 -0
  44. package/examples/cloud-run-no-cpu-throttling.ts +6 -4
  45. package/examples/cloud-run-no-service.test.ts +10 -0
  46. package/examples/cloud-run-no-service.ts +5 -4
  47. package/examples/cloud-run-non-public.test.ts +10 -0
  48. package/examples/cloud-run-non-public.ts +5 -4
  49. package/examples/cloud-run-post-stop-job.test.ts +10 -0
  50. package/examples/cloud-run-post-stop-job.ts +6 -4
  51. package/examples/cloud-run-service-gen2.test.ts +10 -0
  52. package/examples/cloud-run-service-gen2.ts +6 -4
  53. package/examples/cloud-run-service-increase-timout.test.ts +10 -0
  54. package/examples/cloud-run-service-increase-timout.ts +6 -4
  55. package/examples/cloud-run-service-with-volumes.test.ts +10 -0
  56. package/examples/cloud-run-service-with-volumes.ts +6 -4
  57. package/examples/cloud-run-storybook.test.ts +10 -0
  58. package/examples/cloud-run-storybook.ts +5 -4
  59. package/examples/cloud-run-with-ngnix.test.ts +10 -0
  60. package/examples/cloud-run-with-ngnix.ts +5 -4
  61. package/examples/cloud-run-with-sql-reuse-db.test.ts +10 -0
  62. package/examples/cloud-run-with-sql-reuse-db.ts +5 -4
  63. package/examples/cloud-run-with-sql.test.ts +10 -0
  64. package/examples/cloud-run-with-sql.ts +6 -4
  65. package/examples/cloud-run-with-worker.test.ts +10 -0
  66. package/examples/cloud-run-with-worker.ts +6 -4
  67. package/examples/custom-build-job-with-tests.test.ts +10 -0
  68. package/examples/custom-build-job-with-tests.ts +5 -4
  69. package/examples/custom-build-job.test.ts +10 -0
  70. package/examples/custom-build-job.ts +5 -4
  71. package/examples/custom-deploy.test.ts +10 -0
  72. package/examples/custom-deploy.ts +5 -4
  73. package/examples/custom-envs.test.ts +10 -0
  74. package/examples/custom-envs.ts +5 -4
  75. package/examples/custom-sbom-java.test.ts +10 -0
  76. package/examples/custom-sbom-java.ts +5 -4
  77. package/examples/git-submodule.test.ts +10 -0
  78. package/examples/git-submodule.ts +5 -4
  79. package/examples/kubernetes-application-customization.test.ts +10 -0
  80. package/examples/kubernetes-application-customization.ts +6 -4
  81. package/examples/kubernetes-with-cloud-sql-legacy.test.ts +10 -0
  82. package/examples/kubernetes-with-cloud-sql-legacy.ts +6 -4
  83. package/examples/kubernetes-with-cloud-sql.test.ts +10 -0
  84. package/examples/kubernetes-with-cloud-sql.ts +6 -4
  85. package/examples/kubernetes-with-jobs.test.ts +10 -0
  86. package/examples/kubernetes-with-jobs.ts +6 -4
  87. package/examples/kubernetes-with-mongodb.test.ts +10 -0
  88. package/examples/kubernetes-with-mongodb.ts +6 -4
  89. package/examples/local-dot-env.test.ts +10 -0
  90. package/examples/local-dot-env.ts +6 -4
  91. package/examples/meteor-kubernetes.test.ts +10 -0
  92. package/examples/meteor-kubernetes.ts +3 -4
  93. package/examples/multiline-var.test.ts +10 -0
  94. package/examples/multiline-var.ts +5 -4
  95. package/examples/native-app.test.ts +10 -0
  96. package/examples/native-app.ts +6 -4
  97. package/examples/node-build-with-custom-image.test.ts +10 -0
  98. package/examples/node-build-with-custom-image.ts +5 -4
  99. package/examples/node-build-with-docker-additions.test.ts +10 -0
  100. package/examples/node-build-with-docker-additions.ts +5 -4
  101. package/examples/rails-k8s-with-worker-dockerfile.test.ts +9 -0
  102. package/examples/rails-k8s-with-worker.test.ts +10 -0
  103. package/examples/rails-k8s-with-worker.ts +4 -10
  104. package/examples/wait-for-other-deploy.test.ts +10 -0
  105. package/examples/wait-for-other-deploy.ts +5 -4
  106. package/package.json +5 -2
  107. package/scripts/generate-examples-test.ts +91 -0
  108. package/scripts/tsconfig.json +7 -0
  109. package/examples/__snapshots__/rails-k8s-with-worker.ts.snap +0 -4005
package/examples/__snapshots__/rails-k8s-with-worker.ts.snap DELETED
@@ -1,4005 +0,0 @@
1
- // Jest Snapshot v1, https://goo.gl/fbAQLP
2
-
3
- exports[`matches snapshot 1`] = `
4
- {
5
- "mainBranch": {
6
- "image": "path/to/docker/jobs-default:the-version",
7
- "jobs": {
8
- "app ↩️ Rollback ⚠️ | dev ": {
9
- "allow_failure": true,
10
- "artifacts": {
11
- "reports": {
12
- "dotenv": "gitlab_environment.env",
13
- },
14
- },
15
- "environment": {
16
- "action": "access",
17
- "name": "dev/app",
18
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
19
- },
20
- "image": "path/to/docker/kubernetes:the-version",
21
- "interruptible": true,
22
- "needs": [],
23
- "retry": {
24
- "max": 2,
25
- "when": [
26
- "runner_system_failure",
27
- "stuck_or_timeout_failure",
28
- ],
29
- },
30
- "rules": [
31
- {
32
- "when": "manual",
33
- },
34
- ],
35
- "script": [
36
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
37
- "export ENV_SHORT="dev"",
38
- "export APP_DIR="."",
39
- "export ENV_TYPE="dev"",
40
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
41
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
42
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
43
- "export ROOT_URL="https://app.dev.test-app.pan.panter.cloud"",
44
- "export HOST_INTERNAL="app.dev.test-app.pan.panter.cloud"",
45
- "export HOST_CANONICAL="app.dev.test-app.pan.panter.cloud"",
46
- "export ROOT_URL_INTERNAL="https://app.dev.test-app.pan.panter.cloud"",
47
- "export KUBE_NAMESPACE="pan-test-app-dev"",
48
- "export KUBE_APP_NAME="app"",
49
- "export KUBE_APP_NAME_PREFIX=""",
50
- "export SECRET_KEY_BASE="$CL_dev_app_SECRET_KEY_BASE"",
51
- "export POSTGRESQL_PASSWORD="$CL_dev_app_POSTGRESQL_PASSWORD"",
52
- "export cloudsqlProxyCredentials="$CL_dev_app_cloudsqlProxyCredentials"",
53
- "export RAILS_ENV="production"",
54
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
55
- "export RELEASE_NAME="pan-test-app-dev-app"",
56
- "export HELM_EXPERIMENTAL_OCI="1"",
57
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
58
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
59
- "export HELM_ARGS=""",
60
- "export COMPONENT_NAME="app"",
61
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
62
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
63
- "kubectl config set-cluster "kube-pan-test-app-dev-app" --server="$CL_dev_app_KUBE_URL" --certificate-authority <(echo $CL_dev_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
64
- "kubectl config set-credentials "kube-pan-test-app-dev-app" --token="$CL_dev_app_KUBE_TOKEN"",
65
- "kubectl config set-context "kube-pan-test-app-dev-app" --cluster="kube-pan-test-app-dev-app" --user="kube-pan-test-app-dev-app" --namespace="pan-test-app-dev"",
66
- "kubectl config use-context "kube-pan-test-app-dev-app"",
67
- "kubernetesRollback",
68
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
69
- ],
70
- "stage": "rollback dev",
71
- "variables": {
72
- "GIT_STRATEGY": "none",
73
- "KUBERNETES_CPU_REQUEST": "0.22",
74
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
75
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
76
- },
77
- },
78
- "app 👮 lint": {
79
- "cache": {
80
- "key": {
81
- "files": [
82
- "Gemfile.lock",
83
- ],
84
- "prefix": "$CI_JOB_IMAGE",
85
- },
86
- "paths": [
87
- "tmp/cache",
88
- ],
89
- },
90
- "image": "ruby:3.2.1",
91
- "interruptible": true,
92
- "needs": [],
93
- "retry": {
94
- "max": 2,
95
- "when": [
96
- "runner_system_failure",
97
- "stuck_or_timeout_failure",
98
- ],
99
- },
100
- "script": [
101
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
102
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
103
- "cd .",
104
- "bundle config set path 'tmp/cache'",
105
- "bundle install -j $(nproc)",
106
- "bundle exec rubocop",
107
- ],
108
- "stage": "test",
109
- "variables": {},
110
- },
111
- "app 🔨 docker | dev ": {
112
- "image": "path/to/docker/docker-build:the-version",
113
- "interruptible": true,
114
- "needs": [],
115
- "retry": {
116
- "max": 2,
117
- "when": [
118
- "runner_system_failure",
119
- "stuck_or_timeout_failure",
120
- ],
121
- },
122
- "script": [
123
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
124
- "export APP_DIR="."",
125
- "export DOCKER_BUILD_CONTEXT="."",
126
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
127
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
128
- "export DOCKER_IMAGE_NAME="dev/app"",
129
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
130
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
131
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
132
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
133
- "cd .",
134
- "docker pull $DOCKER_CACHE_IMAGE || true",
135
- "wget --output-document=- https://github.com/buildpacks/pack/releases/download/v0.32.1/pack-v0.32.1-linux.tgz | tar -zx --directory /usr/local/bin pack",
136
- "chmod +x /usr/local/bin/pack",
137
- "sed --in-place 's|git@\\([^:]*\\):|https://\\1/|g' Gemfile Gemfile.lock",
138
- "pack build "$DOCKER_IMAGE:$DOCKER_IMAGE_TAG" --builder 'heroku/builder:22' --publish --cache-image "$DOCKER_CACHE_IMAGE" --env 'SECRET_KEY_BASE=dummy-value' ",
139
- ],
140
- "services": [
141
- {
142
- "command": [
143
- "--tls=false",
144
- ],
145
- "name": "docker:24.0.6-dind",
146
- },
147
- ],
148
- "stage": "build",
149
- "variables": {
150
- "DOCKER_BUILDKIT": "1",
151
- "DOCKER_DRIVER": "overlay2",
152
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
153
- "DOCKER_TLS_CERTDIR": "",
154
- "KUBERNETES_CPU_REQUEST": "0.45",
155
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
156
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
157
- },
158
- },
159
- "app 🚀 Deploy | dev ": {
160
- "allow_failure": false,
161
- "artifacts": {
162
- "reports": {
163
- "dotenv": "gitlab_environment.env",
164
- },
165
- },
166
- "environment": {
167
- "auto_stop_in": "4 weeks",
168
- "name": "dev/app",
169
- "on_stop": "app 🛑 Stop ⚠️ | dev ",
170
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
171
- },
172
- "image": "path/to/docker/kubernetes:the-version",
173
- "interruptible": true,
174
- "needs": [
175
- {
176
- "artifacts": false,
177
- "job": "app 👮 lint",
178
- },
179
- {
180
- "artifacts": false,
181
- "job": "app 🔨 docker | dev ",
182
- },
183
- {
184
- "artifacts": false,
185
- "job": "app 🧪 test",
186
- },
187
- {
188
- "artifacts": true,
189
- "job": "app 🧾 sbom | dev ",
190
- },
191
- {
192
- "artifacts": false,
193
- "job": "app 🛡 audit",
194
- },
195
- ],
196
- "retry": {
197
- "max": 2,
198
- "when": [
199
- "runner_system_failure",
200
- "stuck_or_timeout_failure",
201
- ],
202
- },
203
- "rules": [
204
- {
205
- "when": "on_success",
206
- },
207
- ],
208
- "script": [
209
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
210
- "export ENV_SHORT="dev"",
211
- "export APP_DIR="."",
212
- "export ENV_TYPE="dev"",
213
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
214
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
215
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
216
- "export ROOT_URL="https://app.dev.test-app.pan.panter.cloud"",
217
- "export HOST_INTERNAL="app.dev.test-app.pan.panter.cloud"",
218
- "export HOST_CANONICAL="app.dev.test-app.pan.panter.cloud"",
219
- "export ROOT_URL_INTERNAL="https://app.dev.test-app.pan.panter.cloud"",
220
- "export KUBE_NAMESPACE="pan-test-app-dev"",
221
- "export KUBE_APP_NAME="app"",
222
- "export KUBE_APP_NAME_PREFIX=""",
223
- "export SECRET_KEY_BASE="$CL_dev_app_SECRET_KEY_BASE"",
224
- "export POSTGRESQL_PASSWORD="$CL_dev_app_POSTGRESQL_PASSWORD"",
225
- "export cloudsqlProxyCredentials="$CL_dev_app_cloudsqlProxyCredentials"",
226
- "export RAILS_ENV="production"",
227
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
228
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
229
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
230
- "export DOCKER_IMAGE_NAME="dev/app"",
231
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
232
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
233
- "export RELEASE_NAME="pan-test-app-dev-app"",
234
- "export HELM_EXPERIMENTAL_OCI="1"",
235
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
236
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
237
- "export HELM_ARGS=""",
238
- "export COMPONENT_NAME="app"",
239
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
240
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
241
- "kubectl config set-cluster "kube-pan-test-app-dev-app" --server="$CL_dev_app_KUBE_URL" --certificate-authority <(echo $CL_dev_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
242
- "kubectl config set-credentials "kube-pan-test-app-dev-app" --token="$CL_dev_app_KUBE_TOKEN"",
243
- "kubectl config set-context "kube-pan-test-app-dev-app" --cluster="kube-pan-test-app-dev-app" --user="kube-pan-test-app-dev-app" --namespace="pan-test-app-dev"",
244
- "kubectl config use-context "kube-pan-test-app-dev-app"",
245
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
246
- "cat > __all_values.yml <<EOF
247
- env:
248
- secret:
249
- SECRET_KEY_BASE: |-
250
- $(printf %s "$CL_dev_app_SECRET_KEY_BASE" | sed 's/^/ /')
251
- POSTGRESQL_PASSWORD: |-
252
- $(printf %s "$CL_dev_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
253
- cloudsqlProxyCredentials: |-
254
- $(printf %s "$CL_dev_app_cloudsqlProxyCredentials" | sed 's/^/ /')
255
- public:
256
- ENV_SHORT: |-
257
- dev
258
- APP_DIR: |-
259
- .
260
- ENV_TYPE: |-
261
- dev
262
- BUILD_INFO_BUILD_ID: |-
263
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
264
- BUILD_INFO_BUILD_TIME: |-
265
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
266
- BUILD_INFO_CURRENT_VERSION: |-
267
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
268
- ROOT_URL: |-
269
- https://app.dev.test-app.pan.panter.cloud
270
- HOST_INTERNAL: |-
271
- app.dev.test-app.pan.panter.cloud
272
- HOST_CANONICAL: |-
273
- app.dev.test-app.pan.panter.cloud
274
- ROOT_URL_INTERNAL: |-
275
- https://app.dev.test-app.pan.panter.cloud
276
- KUBE_NAMESPACE: |-
277
- pan-test-app-dev
278
- KUBE_APP_NAME: |-
279
- app
280
- KUBE_APP_NAME_PREFIX: ""
281
- RAILS_ENV: |-
282
- production
283
- _ALL_ENV_VAR_KEYS: |-
284
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
285
- application:
286
- host: |-
287
- app.dev.test-app.pan.panter.cloud
288
- command: |-
289
- /cnb/process/web
290
- livenessProbe:
291
- httpGet:
292
- path: |-
293
- __health
294
- readinessProbe:
295
- httpGet:
296
- path: |-
297
- __health
298
- startupProbe:
299
- httpGet:
300
- path: |-
301
- __health
302
- worker:
303
- enabled: true
304
- command: |-
305
- launcher bundle exec rake jobs:work
306
- livenessProbe: false
307
- cloudsql:
308
- enabled: true
309
- dbUser: |-
310
- postgres
311
- instanceConnectionName: |-
312
- some-project-id:europe-west6:pan-test-app-dev
313
- proxyCredentials: |-
314
- $CL_dev_app_cloudsqlProxyCredentials
315
- fullDbName: |-
316
- app
317
- projectId: |-
318
- some-project-id
319
- jobs:
320
- db-migrate:
321
- hook: |-
322
- post-install,post-upgrade
323
- command: |-
324
- launcher bundle exec rake db:migrate
325
-
326
- EOF
327
- ",
328
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
329
- "kubernetesCreateSecret",
330
- "kubernetesDeploy",
331
- "echo 'Uploading SBOM to Dependency Track'",
332
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://app.dev.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
333
- "echo deployment successful 😻",
334
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
335
- ],
336
- "stage": "deploy dev",
337
- "variables": {
338
- "KUBERNETES_CPU_REQUEST": "0.22",
339
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
340
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
341
- },
342
- },
343
- "app 🛑 Stop ⚠️ | dev ": {
344
- "allow_failure": true,
345
- "artifacts": {
346
- "reports": {
347
- "dotenv": "gitlab_environment.env",
348
- },
349
- },
350
- "environment": {
351
- "action": "stop",
352
- "name": "dev/app",
353
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
354
- },
355
- "image": "path/to/docker/kubernetes:the-version",
356
- "interruptible": true,
357
- "needs": [],
358
- "retry": {
359
- "max": 2,
360
- "when": [
361
- "runner_system_failure",
362
- "stuck_or_timeout_failure",
363
- ],
364
- },
365
- "rules": [
366
- {
367
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
368
- "when": "on_success",
369
- },
370
- {
371
- "when": "manual",
372
- },
373
- ],
374
- "script": [
375
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
376
- "export ENV_SHORT="dev"",
377
- "export APP_DIR="."",
378
- "export ENV_TYPE="dev"",
379
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
380
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
381
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
382
- "export ROOT_URL="https://app.dev.test-app.pan.panter.cloud"",
383
- "export HOST_INTERNAL="app.dev.test-app.pan.panter.cloud"",
384
- "export HOST_CANONICAL="app.dev.test-app.pan.panter.cloud"",
385
- "export ROOT_URL_INTERNAL="https://app.dev.test-app.pan.panter.cloud"",
386
- "export KUBE_NAMESPACE="pan-test-app-dev"",
387
- "export KUBE_APP_NAME="app"",
388
- "export KUBE_APP_NAME_PREFIX=""",
389
- "export SECRET_KEY_BASE="$CL_dev_app_SECRET_KEY_BASE"",
390
- "export POSTGRESQL_PASSWORD="$CL_dev_app_POSTGRESQL_PASSWORD"",
391
- "export cloudsqlProxyCredentials="$CL_dev_app_cloudsqlProxyCredentials"",
392
- "export RAILS_ENV="production"",
393
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
394
- "export RELEASE_NAME="pan-test-app-dev-app"",
395
- "export HELM_EXPERIMENTAL_OCI="1"",
396
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
397
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
398
- "export HELM_ARGS=""",
399
- "export COMPONENT_NAME="app"",
400
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
401
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
402
- "kubectl config set-cluster "kube-pan-test-app-dev-app" --server="$CL_dev_app_KUBE_URL" --certificate-authority <(echo $CL_dev_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
403
- "kubectl config set-credentials "kube-pan-test-app-dev-app" --token="$CL_dev_app_KUBE_TOKEN"",
404
- "kubectl config set-context "kube-pan-test-app-dev-app" --cluster="kube-pan-test-app-dev-app" --user="kube-pan-test-app-dev-app" --namespace="pan-test-app-dev"",
405
- "kubectl config use-context "kube-pan-test-app-dev-app"",
406
- "kubernetesDelete",
407
- "echo 'Disabling component in Dependency Track'",
408
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://app.dev.test-app.pan.panter.cloud" || true",
409
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
410
- ],
411
- "stage": "stop dev",
412
- "variables": {
413
- "GIT_STRATEGY": "none",
414
- "KUBERNETES_CPU_REQUEST": "0.22",
415
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
416
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
417
- },
418
- },
419
- "app 🛡 audit": {
420
- "allow_failure": true,
421
- "image": "ruby:3.2.1",
422
- "interruptible": true,
423
- "needs": [],
424
- "retry": {
425
- "max": 2,
426
- "when": [
427
- "runner_system_failure",
428
- "stuck_or_timeout_failure",
429
- ],
430
- },
431
- "script": [
432
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
433
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
434
- "cd .",
435
- "gem install bundler-audit",
436
- "bundle audit check",
437
- ],
438
- "stage": "test",
439
- "variables": {},
440
- },
441
- "app 🧪 test": {
442
- "cache": {
443
- "key": {
444
- "files": [
445
- "Gemfile.lock",
446
- ],
447
- "prefix": "$CI_JOB_IMAGE",
448
- },
449
- "paths": [
450
- "tmp/cache",
451
- ],
452
- },
453
- "image": "ruby:3.2.1",
454
- "interruptible": true,
455
- "needs": [],
456
- "retry": {
457
- "max": 2,
458
- "when": [
459
- "runner_system_failure",
460
- "stuck_or_timeout_failure",
461
- ],
462
- },
463
- "script": [
464
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
465
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
466
- "cd .",
467
- "bundle config set path 'tmp/cache'",
468
- "bundle install -j $(nproc)",
469
- "bundle exec rspec",
470
- ],
471
- "stage": "test",
472
- "variables": {},
473
- },
474
- "app 🧾 sbom | dev ": {
475
- "allow_failure": true,
476
- "artifacts": {
477
- "paths": [
478
- "__sbom.json",
479
- ],
480
- },
481
- "image": "aquasec/trivy:0.38.3",
482
- "interruptible": true,
483
- "needs": [],
484
- "retry": {
485
- "max": 2,
486
- "when": [
487
- "runner_system_failure",
488
- "stuck_or_timeout_failure",
489
- ],
490
- },
491
- "script": [
492
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
493
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
494
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
495
- ],
496
- "stage": "build",
497
- "variables": {},
498
- },
499
- },
500
- "stages": [
501
- "setup",
502
- "setup dev",
503
- "setup review",
504
- "setup stage",
505
- "setup prod",
506
- "test",
507
- "test dev",
508
- "test review",
509
- "test stage",
510
- "test prod",
511
- "build",
512
- "build dev",
513
- "build review",
514
- "build stage",
515
- "build prod",
516
- "deploy",
517
- "deploy dev",
518
- "deploy review",
519
- "deploy stage",
520
- "deploy prod",
521
- "verify",
522
- "verify dev",
523
- "verify review",
524
- "verify stage",
525
- "verify prod",
526
- "rollback",
527
- "rollback dev",
528
- "rollback review",
529
- "rollback stage",
530
- "rollback prod",
531
- "stop",
532
- "stop dev",
533
- "stop review",
534
- "stop stage",
535
- "stop prod",
536
- ],
537
- "variables": {
538
- "ARTIFACT_COMPRESSION_LEVEL": "fast",
539
- "CACHE_COMPRESSION_LEVEL": "fast",
540
- "FF_USE_FASTZIP": "true",
541
- "GIT_DEPTH": "1",
542
- "TRANSFER_METER_FREQUENCY": "5s",
543
- },
544
- "workflow": {
545
- "rules": [
546
- {
547
- "if": "$CI_COMMIT_TAG",
548
- },
549
- {
550
- "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
551
- "when": "never",
552
- },
553
- {
554
- "if": "$CI_PIPELINE_SOURCE == "schedule"",
555
- "when": "never",
556
- },
557
- {
558
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
559
- },
560
- {
561
- "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
562
- },
563
- {
564
- "if": "$CI_MERGE_REQUEST_ID",
565
- },
566
- ],
567
- },
568
- },
569
- "mr": {
570
- "image": "path/to/docker/jobs-default:the-version",
571
- "jobs": {
572
- "app ↩️ Rollback ⚠️ | review ": {
573
- "allow_failure": true,
574
- "artifacts": {
575
- "reports": {
576
- "dotenv": "gitlab_environment.env",
577
- },
578
- },
579
- "environment": {
580
- "action": "access",
581
- "name": "review/$CI_COMMIT_REF_NAME/app",
582
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
583
- },
584
- "image": "path/to/docker/kubernetes:the-version",
585
- "interruptible": true,
586
- "needs": [],
587
- "retry": {
588
- "max": 2,
589
- "when": [
590
- "runner_system_failure",
591
- "stuck_or_timeout_failure",
592
- ],
593
- },
594
- "rules": [
595
- {
596
- "when": "manual",
597
- },
598
- ],
599
- "script": [
600
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
601
- "export ENV_SHORT="review"",
602
- "export APP_DIR="."",
603
- "export ENV_TYPE="review"",
604
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
605
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
606
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
607
- "export ROOT_URL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
608
- "export HOST_INTERNAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
609
- "export HOST_CANONICAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
610
- "export ROOT_URL_INTERNAL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
611
- "export KUBE_NAMESPACE="pan-test-app-review"",
612
- "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
613
- "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
614
- "export SECRET_KEY_BASE="$CL_review_app_SECRET_KEY_BASE"",
615
- "export POSTGRESQL_PASSWORD="$CL_review_app_POSTGRESQL_PASSWORD"",
616
- "export cloudsqlProxyCredentials="$CL_review_app_cloudsqlProxyCredentials"",
617
- "export RAILS_ENV="production"",
618
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
619
- "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
620
- "export HELM_EXPERIMENTAL_OCI="1"",
621
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
622
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
623
- "export HELM_ARGS=""",
624
- "export COMPONENT_NAME="app"",
625
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
626
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
627
- "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --server="$CL_review_app_KUBE_URL" --certificate-authority <(echo $CL_review_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
628
- "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --token="$CL_review_app_KUBE_TOKEN"",
629
- "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --namespace="pan-test-app-review"",
630
- "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
631
- "kubernetesRollback",
632
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
633
- ],
634
- "stage": "rollback review",
635
- "variables": {
636
- "GIT_STRATEGY": "none",
637
- "KUBERNETES_CPU_REQUEST": "0.22",
638
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
639
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
640
- },
641
- },
642
- "app 👮 lint": {
643
- "cache": {
644
- "key": {
645
- "files": [
646
- "Gemfile.lock",
647
- ],
648
- "prefix": "$CI_JOB_IMAGE",
649
- },
650
- "paths": [
651
- "tmp/cache",
652
- ],
653
- },
654
- "image": "ruby:3.2.1",
655
- "interruptible": true,
656
- "needs": [],
657
- "retry": {
658
- "max": 2,
659
- "when": [
660
- "runner_system_failure",
661
- "stuck_or_timeout_failure",
662
- ],
663
- },
664
- "script": [
665
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
666
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
667
- "cd .",
668
- "bundle config set path 'tmp/cache'",
669
- "bundle install -j $(nproc)",
670
- "bundle exec rubocop",
671
- ],
672
- "stage": "test",
673
- "variables": {},
674
- },
675
- "app 🔨 docker | review ": {
676
- "image": "path/to/docker/docker-build:the-version",
677
- "interruptible": true,
678
- "needs": [],
679
- "retry": {
680
- "max": 2,
681
- "when": [
682
- "runner_system_failure",
683
- "stuck_or_timeout_failure",
684
- ],
685
- },
686
- "script": [
687
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
688
- "export APP_DIR="."",
689
- "export DOCKER_BUILD_CONTEXT="."",
690
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
691
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
692
- "export DOCKER_IMAGE_NAME="review/app"",
693
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
694
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
695
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
696
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
697
- "cd .",
698
- "docker pull $DOCKER_CACHE_IMAGE || true",
699
- "wget --output-document=- https://github.com/buildpacks/pack/releases/download/v0.32.1/pack-v0.32.1-linux.tgz | tar -zx --directory /usr/local/bin pack",
700
- "chmod +x /usr/local/bin/pack",
701
- "sed --in-place 's|git@\\([^:]*\\):|https://\\1/|g' Gemfile Gemfile.lock",
702
- "pack build "$DOCKER_IMAGE:$DOCKER_IMAGE_TAG" --builder 'heroku/builder:22' --publish --cache-image "$DOCKER_CACHE_IMAGE" --env 'SECRET_KEY_BASE=dummy-value' ",
703
- ],
704
- "services": [
705
- {
706
- "command": [
707
- "--tls=false",
708
- ],
709
- "name": "docker:24.0.6-dind",
710
- },
711
- ],
712
- "stage": "build",
713
- "variables": {
714
- "DOCKER_BUILDKIT": "1",
715
- "DOCKER_DRIVER": "overlay2",
716
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
717
- "DOCKER_TLS_CERTDIR": "",
718
- "KUBERNETES_CPU_REQUEST": "0.45",
719
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
720
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
721
- },
722
- },
723
- "app 🚀 Deploy | review ": {
724
- "allow_failure": false,
725
- "artifacts": {
726
- "reports": {
727
- "dotenv": "gitlab_environment.env",
728
- },
729
- },
730
- "environment": {
731
- "auto_stop_in": "1 week",
732
- "name": "review/$CI_COMMIT_REF_NAME/app",
733
- "on_stop": "app 🛑 Stop ⚠️ | review ",
734
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
735
- },
736
- "image": "path/to/docker/kubernetes:the-version",
737
- "interruptible": true,
738
- "needs": [
739
- {
740
- "artifacts": false,
741
- "job": "app 👮 lint",
742
- },
743
- {
744
- "artifacts": false,
745
- "job": "app 🔨 docker | review ",
746
- },
747
- {
748
- "artifacts": false,
749
- "job": "app 🧪 test",
750
- },
751
- {
752
- "artifacts": true,
753
- "job": "app 🧾 sbom | review ",
754
- },
755
- {
756
- "artifacts": false,
757
- "job": "app 🛡 audit",
758
- },
759
- ],
760
- "retry": {
761
- "max": 2,
762
- "when": [
763
- "runner_system_failure",
764
- "stuck_or_timeout_failure",
765
- ],
766
- },
767
- "rules": [
768
- {
769
- "when": "on_success",
770
- },
771
- ],
772
- "script": [
773
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
774
- "export ENV_SHORT="review"",
775
- "export APP_DIR="."",
776
- "export ENV_TYPE="review"",
777
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
778
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
779
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
780
- "export ROOT_URL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
781
- "export HOST_INTERNAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
782
- "export HOST_CANONICAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
783
- "export ROOT_URL_INTERNAL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
784
- "export KUBE_NAMESPACE="pan-test-app-review"",
785
- "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
786
- "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
787
- "export SECRET_KEY_BASE="$CL_review_app_SECRET_KEY_BASE"",
788
- "export POSTGRESQL_PASSWORD="$CL_review_app_POSTGRESQL_PASSWORD"",
789
- "export cloudsqlProxyCredentials="$CL_review_app_cloudsqlProxyCredentials"",
790
- "export RAILS_ENV="production"",
791
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
792
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
793
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
794
- "export DOCKER_IMAGE_NAME="review/app"",
795
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
796
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
797
- "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
798
- "export HELM_EXPERIMENTAL_OCI="1"",
799
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
800
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
801
- "export HELM_ARGS=""",
802
- "export COMPONENT_NAME="app"",
803
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
804
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
805
- "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --server="$CL_review_app_KUBE_URL" --certificate-authority <(echo $CL_review_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
806
- "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --token="$CL_review_app_KUBE_TOKEN"",
807
- "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --namespace="pan-test-app-review"",
808
- "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
809
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
810
- "cat > __all_values.yml <<EOF
811
- env:
812
- secret:
813
- SECRET_KEY_BASE: |-
814
- $(printf %s "$CL_review_app_SECRET_KEY_BASE" | sed 's/^/ /')
815
- POSTGRESQL_PASSWORD: |-
816
- $(printf %s "$CL_review_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
817
- cloudsqlProxyCredentials: |-
818
- $(printf %s "$CL_review_app_cloudsqlProxyCredentials" | sed 's/^/ /')
819
- public:
820
- ENV_SHORT: |-
821
- review
822
- APP_DIR: |-
823
- .
824
- ENV_TYPE: |-
825
- review
826
- BUILD_INFO_BUILD_ID: |-
827
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
828
- BUILD_INFO_BUILD_TIME: |-
829
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
830
- BUILD_INFO_CURRENT_VERSION: |-
831
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
832
- ROOT_URL: |-
833
- $(printf %s "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
834
- HOST_INTERNAL: |-
835
- $(printf %s "app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
836
- HOST_CANONICAL: |-
837
- $(printf %s "app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
838
- ROOT_URL_INTERNAL: |-
839
- $(printf %s "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
840
- KUBE_NAMESPACE: |-
841
- pan-test-app-review
842
- KUBE_APP_NAME: |-
843
- $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" | sed 's/^/ /')
844
- KUBE_APP_NAME_PREFIX: |-
845
- $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-" | sed 's/^/ /')
846
- RAILS_ENV: |-
847
- production
848
- _ALL_ENV_VAR_KEYS: |-
849
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
850
- application:
851
- host: |-
852
- $(printf %s "app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
853
- command: |-
854
- /cnb/process/web
855
- livenessProbe:
856
- httpGet:
857
- path: |-
858
- __health
859
- readinessProbe:
860
- httpGet:
861
- path: |-
862
- __health
863
- startupProbe:
864
- httpGet:
865
- path: |-
866
- __health
867
- worker:
868
- enabled: true
869
- command: |-
870
- launcher bundle exec rake jobs:work
871
- livenessProbe: false
872
- cloudsql:
873
- enabled: true
874
- dbUser: |-
875
- postgres
876
- instanceConnectionName: |-
877
- some-project-id:europe-west6:pan-test-app-review
878
- proxyCredentials: |-
879
- $CL_review_app_cloudsqlProxyCredentials
880
- fullDbName: |-
881
- $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" | sed 's/^/ /')
882
- projectId: |-
883
- some-project-id
884
- jobs:
885
- db-migrate:
886
- hook: |-
887
- post-upgrade
888
- command: |-
889
- launcher bundle exec rake db:migrate
890
- db-prepare-seed:
891
- hook: |-
892
- post-install
893
- command: |-
894
- launcher bundle exec rake db:prepare db:seed
895
-
896
- EOF
897
- ",
898
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
899
- "kubernetesCreateSecret",
900
- "kubernetesDeploy",
901
- "echo 'Uploading SBOM to Dependency Track'",
902
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
903
- "echo deployment successful 😻",
904
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
905
- ],
906
- "stage": "deploy review",
907
- "variables": {
908
- "KUBERNETES_CPU_REQUEST": "0.22",
909
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
910
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
911
- },
912
- },
913
- "app 🛑 Stop ⚠️ | review ": {
914
- "allow_failure": true,
915
- "artifacts": {
916
- "reports": {
917
- "dotenv": "gitlab_environment.env",
918
- },
919
- },
920
- "environment": {
921
- "action": "stop",
922
- "name": "review/$CI_COMMIT_REF_NAME/app",
923
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
924
- },
925
- "image": "path/to/docker/kubernetes:the-version",
926
- "interruptible": true,
927
- "needs": [],
928
- "retry": {
929
- "max": 2,
930
- "when": [
931
- "runner_system_failure",
932
- "stuck_or_timeout_failure",
933
- ],
934
- },
935
- "rules": [
936
- {
937
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
938
- "when": "on_success",
939
- },
940
- {
941
- "when": "manual",
942
- },
943
- ],
944
- "script": [
945
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
946
- "export ENV_SHORT="review"",
947
- "export APP_DIR="."",
948
- "export ENV_TYPE="review"",
949
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
950
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
951
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
952
- "export ROOT_URL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
953
- "export HOST_INTERNAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
954
- "export HOST_CANONICAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
955
- "export ROOT_URL_INTERNAL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
956
- "export KUBE_NAMESPACE="pan-test-app-review"",
957
- "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
958
- "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
959
- "export SECRET_KEY_BASE="$CL_review_app_SECRET_KEY_BASE"",
960
- "export POSTGRESQL_PASSWORD="$CL_review_app_POSTGRESQL_PASSWORD"",
961
- "export cloudsqlProxyCredentials="$CL_review_app_cloudsqlProxyCredentials"",
962
- "export RAILS_ENV="production"",
963
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
964
- "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
965
- "export HELM_EXPERIMENTAL_OCI="1"",
966
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
967
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
968
- "export HELM_ARGS=""",
969
- "export COMPONENT_NAME="app"",
970
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
971
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
972
- "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --server="$CL_review_app_KUBE_URL" --certificate-authority <(echo $CL_review_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
973
- "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --token="$CL_review_app_KUBE_TOKEN"",
974
- "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --namespace="pan-test-app-review"",
975
- "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
976
- "kubernetesDelete",
977
- "echo 'Disabling component in Dependency Track'",
978
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" || true",
979
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
980
- ],
981
- "stage": "stop review",
982
- "variables": {
983
- "GIT_STRATEGY": "none",
984
- "KUBERNETES_CPU_REQUEST": "0.22",
985
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
986
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
987
- },
988
- },
989
- "app 🛡 audit": {
990
- "allow_failure": true,
991
- "image": "ruby:3.2.1",
992
- "interruptible": true,
993
- "needs": [],
994
- "retry": {
995
- "max": 2,
996
- "when": [
997
- "runner_system_failure",
998
- "stuck_or_timeout_failure",
999
- ],
1000
- },
1001
- "script": [
1002
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1003
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1004
- "cd .",
1005
- "gem install bundler-audit",
1006
- "bundle audit check",
1007
- ],
1008
- "stage": "test",
1009
- "variables": {},
1010
- },
1011
- "app 🧪 test": {
1012
- "cache": {
1013
- "key": {
1014
- "files": [
1015
- "Gemfile.lock",
1016
- ],
1017
- "prefix": "$CI_JOB_IMAGE",
1018
- },
1019
- "paths": [
1020
- "tmp/cache",
1021
- ],
1022
- },
1023
- "image": "ruby:3.2.1",
1024
- "interruptible": true,
1025
- "needs": [],
1026
- "retry": {
1027
- "max": 2,
1028
- "when": [
1029
- "runner_system_failure",
1030
- "stuck_or_timeout_failure",
1031
- ],
1032
- },
1033
- "script": [
1034
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1035
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1036
- "cd .",
1037
- "bundle config set path 'tmp/cache'",
1038
- "bundle install -j $(nproc)",
1039
- "bundle exec rspec",
1040
- ],
1041
- "stage": "test",
1042
- "variables": {},
1043
- },
1044
- "app 🧾 sbom | review ": {
1045
- "allow_failure": true,
1046
- "artifacts": {
1047
- "paths": [
1048
- "__sbom.json",
1049
- ],
1050
- },
1051
- "image": "aquasec/trivy:0.38.3",
1052
- "interruptible": true,
1053
- "needs": [],
1054
- "retry": {
1055
- "max": 2,
1056
- "when": [
1057
- "runner_system_failure",
1058
- "stuck_or_timeout_failure",
1059
- ],
1060
- },
1061
- "script": [
1062
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1063
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1064
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
1065
- ],
1066
- "stage": "build",
1067
- "variables": {},
1068
- },
1069
- },
1070
- "stages": [
1071
- "setup",
1072
- "setup dev",
1073
- "setup review",
1074
- "setup stage",
1075
- "setup prod",
1076
- "test",
1077
- "test dev",
1078
- "test review",
1079
- "test stage",
1080
- "test prod",
1081
- "build",
1082
- "build dev",
1083
- "build review",
1084
- "build stage",
1085
- "build prod",
1086
- "deploy",
1087
- "deploy dev",
1088
- "deploy review",
1089
- "deploy stage",
1090
- "deploy prod",
1091
- "verify",
1092
- "verify dev",
1093
- "verify review",
1094
- "verify stage",
1095
- "verify prod",
1096
- "rollback",
1097
- "rollback dev",
1098
- "rollback review",
1099
- "rollback stage",
1100
- "rollback prod",
1101
- "stop",
1102
- "stop dev",
1103
- "stop review",
1104
- "stop stage",
1105
- "stop prod",
1106
- ],
1107
- "variables": {
1108
- "ARTIFACT_COMPRESSION_LEVEL": "fast",
1109
- "CACHE_COMPRESSION_LEVEL": "fast",
1110
- "FF_USE_FASTZIP": "true",
1111
- "GIT_DEPTH": "1",
1112
- "TRANSFER_METER_FREQUENCY": "5s",
1113
- },
1114
- "workflow": {
1115
- "rules": [
1116
- {
1117
- "if": "$CI_COMMIT_TAG",
1118
- },
1119
- {
1120
- "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
1121
- "when": "never",
1122
- },
1123
- {
1124
- "if": "$CI_PIPELINE_SOURCE == "schedule"",
1125
- "when": "never",
1126
- },
1127
- {
1128
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
1129
- },
1130
- {
1131
- "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
1132
- },
1133
- {
1134
- "if": "$CI_MERGE_REQUEST_ID",
1135
- },
1136
- ],
1137
- },
1138
- },
1139
- "taggedRelease": {
1140
- "image": "path/to/docker/jobs-default:the-version",
1141
- "jobs": {
1142
- "app ↩️ Rollback ⚠️ | prod ": {
1143
- "allow_failure": true,
1144
- "artifacts": {
1145
- "reports": {
1146
- "dotenv": "gitlab_environment.env",
1147
- },
1148
- },
1149
- "environment": {
1150
- "action": "access",
1151
- "name": "prod/app",
1152
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
1153
- },
1154
- "image": "path/to/docker/kubernetes:the-version",
1155
- "interruptible": true,
1156
- "needs": [],
1157
- "retry": {
1158
- "max": 2,
1159
- "when": [
1160
- "runner_system_failure",
1161
- "stuck_or_timeout_failure",
1162
- ],
1163
- },
1164
- "rules": [
1165
- {
1166
- "when": "manual",
1167
- },
1168
- ],
1169
- "script": [
1170
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1171
- "export ENV_SHORT="prod"",
1172
- "export APP_DIR="."",
1173
- "export ENV_TYPE="prod"",
1174
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1175
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
1176
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
1177
- "export ROOT_URL="https://my-fancy-website.com"",
1178
- "export HOST_INTERNAL="app.prod.test-app.pan.panter.cloud"",
1179
- "export HOST_CANONICAL="app.prod.test-app.pan.panter.cloud"",
1180
- "export ROOT_URL_INTERNAL="https://app.prod.test-app.pan.panter.cloud"",
1181
- "export KUBE_NAMESPACE="pan-test-app-prod"",
1182
- "export KUBE_APP_NAME="app"",
1183
- "export KUBE_APP_NAME_PREFIX=""",
1184
- "export SECRET_KEY_BASE="$CL_prod_app_SECRET_KEY_BASE"",
1185
- "export POSTGRESQL_PASSWORD="$CL_prod_app_POSTGRESQL_PASSWORD"",
1186
- "export cloudsqlProxyCredentials="$CL_prod_app_cloudsqlProxyCredentials"",
1187
- "export RAILS_ENV="production"",
1188
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
1189
- "export RELEASE_NAME="pan-test-app-prod-app"",
1190
- "export HELM_EXPERIMENTAL_OCI="1"",
1191
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
1192
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
1193
- "export HELM_ARGS=""",
1194
- "export COMPONENT_NAME="app"",
1195
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1196
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1197
- "kubectl config set-cluster "kube-pan-test-app-prod-app" --server="$CL_prod_app_KUBE_URL" --certificate-authority <(echo $CL_prod_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
1198
- "kubectl config set-credentials "kube-pan-test-app-prod-app" --token="$CL_prod_app_KUBE_TOKEN"",
1199
- "kubectl config set-context "kube-pan-test-app-prod-app" --cluster="kube-pan-test-app-prod-app" --user="kube-pan-test-app-prod-app" --namespace="pan-test-app-prod"",
1200
- "kubectl config use-context "kube-pan-test-app-prod-app"",
1201
- "kubernetesRollback",
1202
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://my-fancy-website.com" >> gitlab_environment.env",
1203
- ],
1204
- "stage": "rollback prod",
1205
- "variables": {
1206
- "GIT_STRATEGY": "none",
1207
- "KUBERNETES_CPU_REQUEST": "0.22",
1208
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
1209
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
1210
- },
1211
- },
1212
- "app ↩️ Rollback ⚠️ | stage ": {
1213
- "allow_failure": true,
1214
- "artifacts": {
1215
- "reports": {
1216
- "dotenv": "gitlab_environment.env",
1217
- },
1218
- },
1219
- "environment": {
1220
- "action": "access",
1221
- "name": "stage/app",
1222
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
1223
- },
1224
- "image": "path/to/docker/kubernetes:the-version",
1225
- "interruptible": true,
1226
- "needs": [],
1227
- "retry": {
1228
- "max": 2,
1229
- "when": [
1230
- "runner_system_failure",
1231
- "stuck_or_timeout_failure",
1232
- ],
1233
- },
1234
- "rules": [
1235
- {
1236
- "when": "manual",
1237
- },
1238
- ],
1239
- "script": [
1240
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1241
- "export ENV_SHORT="stage"",
1242
- "export APP_DIR="."",
1243
- "export ENV_TYPE="stage"",
1244
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1245
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
1246
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
1247
- "export ROOT_URL="https://app.stage.test-app.pan.panter.cloud"",
1248
- "export HOST_INTERNAL="app.stage.test-app.pan.panter.cloud"",
1249
- "export HOST_CANONICAL="app.stage.test-app.pan.panter.cloud"",
1250
- "export ROOT_URL_INTERNAL="https://app.stage.test-app.pan.panter.cloud"",
1251
- "export KUBE_NAMESPACE="pan-test-app-stage"",
1252
- "export KUBE_APP_NAME="app"",
1253
- "export KUBE_APP_NAME_PREFIX=""",
1254
- "export SECRET_KEY_BASE="$CL_stage_app_SECRET_KEY_BASE"",
1255
- "export POSTGRESQL_PASSWORD="$CL_stage_app_POSTGRESQL_PASSWORD"",
1256
- "export cloudsqlProxyCredentials="$CL_stage_app_cloudsqlProxyCredentials"",
1257
- "export RAILS_ENV="production"",
1258
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
1259
- "export RELEASE_NAME="pan-test-app-stage-app"",
1260
- "export HELM_EXPERIMENTAL_OCI="1"",
1261
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
1262
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
1263
- "export HELM_ARGS=""",
1264
- "export COMPONENT_NAME="app"",
1265
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1266
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1267
- "kubectl config set-cluster "kube-pan-test-app-stage-app" --server="$CL_stage_app_KUBE_URL" --certificate-authority <(echo $CL_stage_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
1268
- "kubectl config set-credentials "kube-pan-test-app-stage-app" --token="$CL_stage_app_KUBE_TOKEN"",
1269
- "kubectl config set-context "kube-pan-test-app-stage-app" --cluster="kube-pan-test-app-stage-app" --user="kube-pan-test-app-stage-app" --namespace="pan-test-app-stage"",
1270
- "kubectl config use-context "kube-pan-test-app-stage-app"",
1271
- "kubernetesRollback",
1272
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
1273
- ],
1274
- "stage": "rollback stage",
1275
- "variables": {
1276
- "GIT_STRATEGY": "none",
1277
- "KUBERNETES_CPU_REQUEST": "0.22",
1278
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
1279
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
1280
- },
1281
- },
1282
- "app 🔨 docker | prod ": {
1283
- "image": "path/to/docker/docker-build:the-version",
1284
- "interruptible": true,
1285
- "needs": [],
1286
- "retry": {
1287
- "max": 2,
1288
- "when": [
1289
- "runner_system_failure",
1290
- "stuck_or_timeout_failure",
1291
- ],
1292
- },
1293
- "script": [
1294
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1295
- "export APP_DIR="."",
1296
- "export DOCKER_BUILD_CONTEXT="."",
1297
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
1298
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
1299
- "export DOCKER_IMAGE_NAME="prod/app"",
1300
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
1301
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
1302
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1303
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
1304
- "cd .",
1305
- "docker pull $DOCKER_CACHE_IMAGE || true",
1306
- "wget --output-document=- https://github.com/buildpacks/pack/releases/download/v0.32.1/pack-v0.32.1-linux.tgz | tar -zx --directory /usr/local/bin pack",
1307
- "chmod +x /usr/local/bin/pack",
1308
- "sed --in-place 's|git@\\([^:]*\\):|https://\\1/|g' Gemfile Gemfile.lock",
1309
- "pack build "$DOCKER_IMAGE:$DOCKER_IMAGE_TAG" --builder 'heroku/builder:22' --publish --cache-image "$DOCKER_CACHE_IMAGE" --env 'SECRET_KEY_BASE=dummy-value' ",
1310
- ],
1311
- "services": [
1312
- {
1313
- "command": [
1314
- "--tls=false",
1315
- ],
1316
- "name": "docker:24.0.6-dind",
1317
- },
1318
- ],
1319
- "stage": "build",
1320
- "variables": {
1321
- "DOCKER_BUILDKIT": "1",
1322
- "DOCKER_DRIVER": "overlay2",
1323
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
1324
- "DOCKER_TLS_CERTDIR": "",
1325
- "KUBERNETES_CPU_REQUEST": "0.45",
1326
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
1327
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
1328
- },
1329
- },
1330
- "app 🔨 docker | stage ": {
1331
- "image": "path/to/docker/docker-build:the-version",
1332
- "interruptible": true,
1333
- "needs": [],
1334
- "retry": {
1335
- "max": 2,
1336
- "when": [
1337
- "runner_system_failure",
1338
- "stuck_or_timeout_failure",
1339
- ],
1340
- },
1341
- "script": [
1342
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1343
- "export APP_DIR="."",
1344
- "export DOCKER_BUILD_CONTEXT="."",
1345
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
1346
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
1347
- "export DOCKER_IMAGE_NAME="stage/app"",
1348
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
1349
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
1350
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1351
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
1352
- "cd .",
1353
- "docker pull $DOCKER_CACHE_IMAGE || true",
1354
- "wget --output-document=- https://github.com/buildpacks/pack/releases/download/v0.32.1/pack-v0.32.1-linux.tgz | tar -zx --directory /usr/local/bin pack",
1355
- "chmod +x /usr/local/bin/pack",
1356
- "sed --in-place 's|git@\\([^:]*\\):|https://\\1/|g' Gemfile Gemfile.lock",
1357
- "pack build "$DOCKER_IMAGE:$DOCKER_IMAGE_TAG" --builder 'heroku/builder:22' --publish --cache-image "$DOCKER_CACHE_IMAGE" --env 'SECRET_KEY_BASE=dummy-value' ",
1358
- ],
1359
- "services": [
1360
- {
1361
- "command": [
1362
- "--tls=false",
1363
- ],
1364
- "name": "docker:24.0.6-dind",
1365
- },
1366
- ],
1367
- "stage": "build",
1368
- "variables": {
1369
- "DOCKER_BUILDKIT": "1",
1370
- "DOCKER_DRIVER": "overlay2",
1371
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
1372
- "DOCKER_TLS_CERTDIR": "",
1373
- "KUBERNETES_CPU_REQUEST": "0.45",
1374
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
1375
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
1376
- },
1377
- },
1378
- "app 🚀 Deploy | prod ": {
1379
- "allow_failure": true,
1380
- "artifacts": {
1381
- "reports": {
1382
- "dotenv": "gitlab_environment.env",
1383
- },
1384
- },
1385
- "environment": {
1386
- "auto_stop_in": undefined,
1387
- "name": "prod/app",
1388
- "on_stop": "app 🛑 Stop ⚠️ | prod ",
1389
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
1390
- },
1391
- "image": "path/to/docker/kubernetes:the-version",
1392
- "interruptible": true,
1393
- "needs": [
1394
- {
1395
- "artifacts": false,
1396
- "job": "app 🔨 docker | prod ",
1397
- },
1398
- {
1399
- "artifacts": true,
1400
- "job": "app 🧾 sbom | prod ",
1401
- },
1402
- ],
1403
- "retry": {
1404
- "max": 2,
1405
- "when": [
1406
- "runner_system_failure",
1407
- "stuck_or_timeout_failure",
1408
- ],
1409
- },
1410
- "rules": [
1411
- {
1412
- "when": "manual",
1413
- },
1414
- ],
1415
- "script": [
1416
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1417
- "export ENV_SHORT="prod"",
1418
- "export APP_DIR="."",
1419
- "export ENV_TYPE="prod"",
1420
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1421
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
1422
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
1423
- "export ROOT_URL="https://my-fancy-website.com"",
1424
- "export HOST_INTERNAL="app.prod.test-app.pan.panter.cloud"",
1425
- "export HOST_CANONICAL="app.prod.test-app.pan.panter.cloud"",
1426
- "export ROOT_URL_INTERNAL="https://app.prod.test-app.pan.panter.cloud"",
1427
- "export KUBE_NAMESPACE="pan-test-app-prod"",
1428
- "export KUBE_APP_NAME="app"",
1429
- "export KUBE_APP_NAME_PREFIX=""",
1430
- "export SECRET_KEY_BASE="$CL_prod_app_SECRET_KEY_BASE"",
1431
- "export POSTGRESQL_PASSWORD="$CL_prod_app_POSTGRESQL_PASSWORD"",
1432
- "export cloudsqlProxyCredentials="$CL_prod_app_cloudsqlProxyCredentials"",
1433
- "export RAILS_ENV="production"",
1434
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
1435
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
1436
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
1437
- "export DOCKER_IMAGE_NAME="prod/app"",
1438
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
1439
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
1440
- "export RELEASE_NAME="pan-test-app-prod-app"",
1441
- "export HELM_EXPERIMENTAL_OCI="1"",
1442
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
1443
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
1444
- "export HELM_ARGS=""",
1445
- "export COMPONENT_NAME="app"",
1446
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1447
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1448
- "kubectl config set-cluster "kube-pan-test-app-prod-app" --server="$CL_prod_app_KUBE_URL" --certificate-authority <(echo $CL_prod_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
1449
- "kubectl config set-credentials "kube-pan-test-app-prod-app" --token="$CL_prod_app_KUBE_TOKEN"",
1450
- "kubectl config set-context "kube-pan-test-app-prod-app" --cluster="kube-pan-test-app-prod-app" --user="kube-pan-test-app-prod-app" --namespace="pan-test-app-prod"",
1451
- "kubectl config use-context "kube-pan-test-app-prod-app"",
1452
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
1453
- "cat > __all_values.yml <<EOF
1454
- env:
1455
- secret:
1456
- SECRET_KEY_BASE: |-
1457
- $(printf %s "$CL_prod_app_SECRET_KEY_BASE" | sed 's/^/ /')
1458
- POSTGRESQL_PASSWORD: |-
1459
- $(printf %s "$CL_prod_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
1460
- cloudsqlProxyCredentials: |-
1461
- $(printf %s "$CL_prod_app_cloudsqlProxyCredentials" | sed 's/^/ /')
1462
- public:
1463
- ENV_SHORT: |-
1464
- prod
1465
- APP_DIR: |-
1466
- .
1467
- ENV_TYPE: |-
1468
- prod
1469
- BUILD_INFO_BUILD_ID: |-
1470
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
1471
- BUILD_INFO_BUILD_TIME: |-
1472
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
1473
- BUILD_INFO_CURRENT_VERSION: |-
1474
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
1475
- ROOT_URL: |-
1476
- https://my-fancy-website.com
1477
- HOST_INTERNAL: |-
1478
- app.prod.test-app.pan.panter.cloud
1479
- HOST_CANONICAL: |-
1480
- app.prod.test-app.pan.panter.cloud
1481
- ROOT_URL_INTERNAL: |-
1482
- https://app.prod.test-app.pan.panter.cloud
1483
- KUBE_NAMESPACE: |-
1484
- pan-test-app-prod
1485
- KUBE_APP_NAME: |-
1486
- app
1487
- KUBE_APP_NAME_PREFIX: ""
1488
- RAILS_ENV: |-
1489
- production
1490
- _ALL_ENV_VAR_KEYS: |-
1491
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
1492
- application:
1493
- host: |-
1494
- my-fancy-website.com
1495
- command: |-
1496
- /cnb/process/web
1497
- livenessProbe:
1498
- httpGet:
1499
- path: |-
1500
- __health
1501
- readinessProbe:
1502
- httpGet:
1503
- path: |-
1504
- __health
1505
- startupProbe:
1506
- httpGet:
1507
- path: |-
1508
- __health
1509
- worker:
1510
- enabled: true
1511
- command: |-
1512
- launcher bundle exec rake jobs:work
1513
- livenessProbe: false
1514
- cloudsql:
1515
- enabled: true
1516
- dbUser: |-
1517
- postgres
1518
- instanceConnectionName: |-
1519
- some-project-id:europe-west6:pan-test-app-prod
1520
- proxyCredentials: |-
1521
- $CL_prod_app_cloudsqlProxyCredentials
1522
- fullDbName: |-
1523
- app
1524
- projectId: |-
1525
- some-project-id
1526
- jobs:
1527
- db-migrate:
1528
- hook: |-
1529
- post-install,post-upgrade
1530
- command: |-
1531
- launcher bundle exec rake db:migrate
1532
-
1533
- EOF
1534
- ",
1535
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
1536
- "kubernetesCreateSecret",
1537
- "kubernetesDeploy",
1538
- "echo 'Uploading SBOM to Dependency Track'",
1539
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://my-fancy-website.com" "__sbom.json" vex.json || true",
1540
- "echo deployment successful 😻",
1541
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://my-fancy-website.com" >> gitlab_environment.env",
1542
- ],
1543
- "stage": "deploy prod",
1544
- "variables": {
1545
- "KUBERNETES_CPU_REQUEST": "0.22",
1546
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
1547
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
1548
- },
1549
- },
1550
- "app 🚀 Deploy | stage ": {
1551
- "allow_failure": false,
1552
- "artifacts": {
1553
- "reports": {
1554
- "dotenv": "gitlab_environment.env",
1555
- },
1556
- },
1557
- "environment": {
1558
- "auto_stop_in": undefined,
1559
- "name": "stage/app",
1560
- "on_stop": "app 🛑 Stop ⚠️ | stage ",
1561
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
1562
- },
1563
- "image": "path/to/docker/kubernetes:the-version",
1564
- "interruptible": true,
1565
- "needs": [
1566
- {
1567
- "artifacts": false,
1568
- "job": "app 🔨 docker | stage ",
1569
- },
1570
- {
1571
- "artifacts": true,
1572
- "job": "app 🧾 sbom | stage ",
1573
- },
1574
- ],
1575
- "retry": {
1576
- "max": 2,
1577
- "when": [
1578
- "runner_system_failure",
1579
- "stuck_or_timeout_failure",
1580
- ],
1581
- },
1582
- "rules": [
1583
- {
1584
- "when": "on_success",
1585
- },
1586
- ],
1587
- "script": [
1588
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1589
- "export ENV_SHORT="stage"",
1590
- "export APP_DIR="."",
1591
- "export ENV_TYPE="stage"",
1592
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1593
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
1594
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
1595
- "export ROOT_URL="https://app.stage.test-app.pan.panter.cloud"",
1596
- "export HOST_INTERNAL="app.stage.test-app.pan.panter.cloud"",
1597
- "export HOST_CANONICAL="app.stage.test-app.pan.panter.cloud"",
1598
- "export ROOT_URL_INTERNAL="https://app.stage.test-app.pan.panter.cloud"",
1599
- "export KUBE_NAMESPACE="pan-test-app-stage"",
1600
- "export KUBE_APP_NAME="app"",
1601
- "export KUBE_APP_NAME_PREFIX=""",
1602
- "export SECRET_KEY_BASE="$CL_stage_app_SECRET_KEY_BASE"",
1603
- "export POSTGRESQL_PASSWORD="$CL_stage_app_POSTGRESQL_PASSWORD"",
1604
- "export cloudsqlProxyCredentials="$CL_stage_app_cloudsqlProxyCredentials"",
1605
- "export RAILS_ENV="production"",
1606
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
1607
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
1608
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
1609
- "export DOCKER_IMAGE_NAME="stage/app"",
1610
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
1611
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
1612
- "export RELEASE_NAME="pan-test-app-stage-app"",
1613
- "export HELM_EXPERIMENTAL_OCI="1"",
1614
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
1615
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
1616
- "export HELM_ARGS=""",
1617
- "export COMPONENT_NAME="app"",
1618
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1619
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1620
- "kubectl config set-cluster "kube-pan-test-app-stage-app" --server="$CL_stage_app_KUBE_URL" --certificate-authority <(echo $CL_stage_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
1621
- "kubectl config set-credentials "kube-pan-test-app-stage-app" --token="$CL_stage_app_KUBE_TOKEN"",
1622
- "kubectl config set-context "kube-pan-test-app-stage-app" --cluster="kube-pan-test-app-stage-app" --user="kube-pan-test-app-stage-app" --namespace="pan-test-app-stage"",
1623
- "kubectl config use-context "kube-pan-test-app-stage-app"",
1624
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
1625
- "cat > __all_values.yml <<EOF
1626
- env:
1627
- secret:
1628
- SECRET_KEY_BASE: |-
1629
- $(printf %s "$CL_stage_app_SECRET_KEY_BASE" | sed 's/^/ /')
1630
- POSTGRESQL_PASSWORD: |-
1631
- $(printf %s "$CL_stage_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
1632
- cloudsqlProxyCredentials: |-
1633
- $(printf %s "$CL_stage_app_cloudsqlProxyCredentials" | sed 's/^/ /')
1634
- public:
1635
- ENV_SHORT: |-
1636
- stage
1637
- APP_DIR: |-
1638
- .
1639
- ENV_TYPE: |-
1640
- stage
1641
- BUILD_INFO_BUILD_ID: |-
1642
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
1643
- BUILD_INFO_BUILD_TIME: |-
1644
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
1645
- BUILD_INFO_CURRENT_VERSION: |-
1646
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
1647
- ROOT_URL: |-
1648
- https://app.stage.test-app.pan.panter.cloud
1649
- HOST_INTERNAL: |-
1650
- app.stage.test-app.pan.panter.cloud
1651
- HOST_CANONICAL: |-
1652
- app.stage.test-app.pan.panter.cloud
1653
- ROOT_URL_INTERNAL: |-
1654
- https://app.stage.test-app.pan.panter.cloud
1655
- KUBE_NAMESPACE: |-
1656
- pan-test-app-stage
1657
- KUBE_APP_NAME: |-
1658
- app
1659
- KUBE_APP_NAME_PREFIX: ""
1660
- RAILS_ENV: |-
1661
- production
1662
- _ALL_ENV_VAR_KEYS: |-
1663
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
1664
- application:
1665
- host: |-
1666
- app.stage.test-app.pan.panter.cloud
1667
- command: |-
1668
- /cnb/process/web
1669
- livenessProbe:
1670
- httpGet:
1671
- path: |-
1672
- __health
1673
- readinessProbe:
1674
- httpGet:
1675
- path: |-
1676
- __health
1677
- startupProbe:
1678
- httpGet:
1679
- path: |-
1680
- __health
1681
- worker:
1682
- enabled: true
1683
- command: |-
1684
- launcher bundle exec rake jobs:work
1685
- livenessProbe: false
1686
- cloudsql:
1687
- enabled: true
1688
- dbUser: |-
1689
- postgres
1690
- instanceConnectionName: |-
1691
- some-project-id:europe-west6:pan-test-app-stage
1692
- proxyCredentials: |-
1693
- $CL_stage_app_cloudsqlProxyCredentials
1694
- fullDbName: |-
1695
- app
1696
- projectId: |-
1697
- some-project-id
1698
- jobs:
1699
- db-migrate:
1700
- hook: |-
1701
- post-install,post-upgrade
1702
- command: |-
1703
- launcher bundle exec rake db:migrate
1704
-
1705
- EOF
1706
- ",
1707
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
1708
- "kubernetesCreateSecret",
1709
- "kubernetesDeploy",
1710
- "echo 'Uploading SBOM to Dependency Track'",
1711
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://app.stage.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
1712
- "echo deployment successful 😻",
1713
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
1714
- ],
1715
- "stage": "deploy stage",
1716
- "variables": {
1717
- "KUBERNETES_CPU_REQUEST": "0.22",
1718
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
1719
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
1720
- },
1721
- },
1722
- "app 🛑 Stop ⚠️ | prod ": {
1723
- "allow_failure": true,
1724
- "artifacts": {
1725
- "reports": {
1726
- "dotenv": "gitlab_environment.env",
1727
- },
1728
- },
1729
- "environment": {
1730
- "action": "stop",
1731
- "name": "prod/app",
1732
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
1733
- },
1734
- "image": "path/to/docker/kubernetes:the-version",
1735
- "interruptible": true,
1736
- "needs": [],
1737
- "retry": {
1738
- "max": 2,
1739
- "when": [
1740
- "runner_system_failure",
1741
- "stuck_or_timeout_failure",
1742
- ],
1743
- },
1744
- "rules": [
1745
- {
1746
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
1747
- "when": "on_success",
1748
- },
1749
- {
1750
- "when": "manual",
1751
- },
1752
- ],
1753
- "script": [
1754
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1755
- "export ENV_SHORT="prod"",
1756
- "export APP_DIR="."",
1757
- "export ENV_TYPE="prod"",
1758
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1759
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
1760
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
1761
- "export ROOT_URL="https://my-fancy-website.com"",
1762
- "export HOST_INTERNAL="app.prod.test-app.pan.panter.cloud"",
1763
- "export HOST_CANONICAL="app.prod.test-app.pan.panter.cloud"",
1764
- "export ROOT_URL_INTERNAL="https://app.prod.test-app.pan.panter.cloud"",
1765
- "export KUBE_NAMESPACE="pan-test-app-prod"",
1766
- "export KUBE_APP_NAME="app"",
1767
- "export KUBE_APP_NAME_PREFIX=""",
1768
- "export SECRET_KEY_BASE="$CL_prod_app_SECRET_KEY_BASE"",
1769
- "export POSTGRESQL_PASSWORD="$CL_prod_app_POSTGRESQL_PASSWORD"",
1770
- "export cloudsqlProxyCredentials="$CL_prod_app_cloudsqlProxyCredentials"",
1771
- "export RAILS_ENV="production"",
1772
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
1773
- "export RELEASE_NAME="pan-test-app-prod-app"",
1774
- "export HELM_EXPERIMENTAL_OCI="1"",
1775
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
1776
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
1777
- "export HELM_ARGS=""",
1778
- "export COMPONENT_NAME="app"",
1779
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1780
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1781
- "kubectl config set-cluster "kube-pan-test-app-prod-app" --server="$CL_prod_app_KUBE_URL" --certificate-authority <(echo $CL_prod_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
1782
- "kubectl config set-credentials "kube-pan-test-app-prod-app" --token="$CL_prod_app_KUBE_TOKEN"",
1783
- "kubectl config set-context "kube-pan-test-app-prod-app" --cluster="kube-pan-test-app-prod-app" --user="kube-pan-test-app-prod-app" --namespace="pan-test-app-prod"",
1784
- "kubectl config use-context "kube-pan-test-app-prod-app"",
1785
- "kubernetesDelete",
1786
- "echo 'Disabling component in Dependency Track'",
1787
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://my-fancy-website.com" || true",
1788
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://my-fancy-website.com" >> gitlab_environment.env",
1789
- ],
1790
- "stage": "stop prod",
1791
- "variables": {
1792
- "GIT_STRATEGY": "none",
1793
- "KUBERNETES_CPU_REQUEST": "0.22",
1794
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
1795
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
1796
- },
1797
- },
1798
- "app 🛑 Stop ⚠️ | stage ": {
1799
- "allow_failure": true,
1800
- "artifacts": {
1801
- "reports": {
1802
- "dotenv": "gitlab_environment.env",
1803
- },
1804
- },
1805
- "environment": {
1806
- "action": "stop",
1807
- "name": "stage/app",
1808
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
1809
- },
1810
- "image": "path/to/docker/kubernetes:the-version",
1811
- "interruptible": true,
1812
- "needs": [],
1813
- "retry": {
1814
- "max": 2,
1815
- "when": [
1816
- "runner_system_failure",
1817
- "stuck_or_timeout_failure",
1818
- ],
1819
- },
1820
- "rules": [
1821
- {
1822
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
1823
- "when": "on_success",
1824
- },
1825
- {
1826
- "when": "manual",
1827
- },
1828
- ],
1829
- "script": [
1830
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1831
- "export ENV_SHORT="stage"",
1832
- "export APP_DIR="."",
1833
- "export ENV_TYPE="stage"",
1834
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1835
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
1836
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
1837
- "export ROOT_URL="https://app.stage.test-app.pan.panter.cloud"",
1838
- "export HOST_INTERNAL="app.stage.test-app.pan.panter.cloud"",
1839
- "export HOST_CANONICAL="app.stage.test-app.pan.panter.cloud"",
1840
- "export ROOT_URL_INTERNAL="https://app.stage.test-app.pan.panter.cloud"",
1841
- "export KUBE_NAMESPACE="pan-test-app-stage"",
1842
- "export KUBE_APP_NAME="app"",
1843
- "export KUBE_APP_NAME_PREFIX=""",
1844
- "export SECRET_KEY_BASE="$CL_stage_app_SECRET_KEY_BASE"",
1845
- "export POSTGRESQL_PASSWORD="$CL_stage_app_POSTGRESQL_PASSWORD"",
1846
- "export cloudsqlProxyCredentials="$CL_stage_app_cloudsqlProxyCredentials"",
1847
- "export RAILS_ENV="production"",
1848
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
1849
- "export RELEASE_NAME="pan-test-app-stage-app"",
1850
- "export HELM_EXPERIMENTAL_OCI="1"",
1851
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
1852
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
1853
- "export HELM_ARGS=""",
1854
- "export COMPONENT_NAME="app"",
1855
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
1856
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1857
- "kubectl config set-cluster "kube-pan-test-app-stage-app" --server="$CL_stage_app_KUBE_URL" --certificate-authority <(echo $CL_stage_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
1858
- "kubectl config set-credentials "kube-pan-test-app-stage-app" --token="$CL_stage_app_KUBE_TOKEN"",
1859
- "kubectl config set-context "kube-pan-test-app-stage-app" --cluster="kube-pan-test-app-stage-app" --user="kube-pan-test-app-stage-app" --namespace="pan-test-app-stage"",
1860
- "kubectl config use-context "kube-pan-test-app-stage-app"",
1861
- "kubernetesDelete",
1862
- "echo 'Disabling component in Dependency Track'",
1863
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://app.stage.test-app.pan.panter.cloud" || true",
1864
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
1865
- ],
1866
- "stage": "stop stage",
1867
- "variables": {
1868
- "GIT_STRATEGY": "none",
1869
- "KUBERNETES_CPU_REQUEST": "0.22",
1870
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
1871
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
1872
- },
1873
- },
1874
- "app 🧾 sbom | prod ": {
1875
- "allow_failure": true,
1876
- "artifacts": {
1877
- "paths": [
1878
- "__sbom.json",
1879
- ],
1880
- },
1881
- "image": "aquasec/trivy:0.38.3",
1882
- "interruptible": true,
1883
- "needs": [],
1884
- "retry": {
1885
- "max": 2,
1886
- "when": [
1887
- "runner_system_failure",
1888
- "stuck_or_timeout_failure",
1889
- ],
1890
- },
1891
- "script": [
1892
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1893
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1894
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
1895
- ],
1896
- "stage": "build",
1897
- "variables": {},
1898
- },
1899
- "app 🧾 sbom | stage ": {
1900
- "allow_failure": true,
1901
- "artifacts": {
1902
- "paths": [
1903
- "__sbom.json",
1904
- ],
1905
- },
1906
- "image": "aquasec/trivy:0.38.3",
1907
- "interruptible": true,
1908
- "needs": [],
1909
- "retry": {
1910
- "max": 2,
1911
- "when": [
1912
- "runner_system_failure",
1913
- "stuck_or_timeout_failure",
1914
- ],
1915
- },
1916
- "script": [
1917
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
1918
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
1919
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
1920
- ],
1921
- "stage": "build",
1922
- "variables": {},
1923
- },
1924
- },
1925
- "stages": [
1926
- "setup",
1927
- "setup dev",
1928
- "setup review",
1929
- "setup stage",
1930
- "setup prod",
1931
- "test",
1932
- "test dev",
1933
- "test review",
1934
- "test stage",
1935
- "test prod",
1936
- "build",
1937
- "build dev",
1938
- "build review",
1939
- "build stage",
1940
- "build prod",
1941
- "deploy",
1942
- "deploy dev",
1943
- "deploy review",
1944
- "deploy stage",
1945
- "deploy prod",
1946
- "verify",
1947
- "verify dev",
1948
- "verify review",
1949
- "verify stage",
1950
- "verify prod",
1951
- "rollback",
1952
- "rollback dev",
1953
- "rollback review",
1954
- "rollback stage",
1955
- "rollback prod",
1956
- "stop",
1957
- "stop dev",
1958
- "stop review",
1959
- "stop stage",
1960
- "stop prod",
1961
- ],
1962
- "variables": {
1963
- "ARTIFACT_COMPRESSION_LEVEL": "fast",
1964
- "CACHE_COMPRESSION_LEVEL": "fast",
1965
- "FF_USE_FASTZIP": "true",
1966
- "GIT_DEPTH": "1",
1967
- "TRANSFER_METER_FREQUENCY": "5s",
1968
- },
1969
- "workflow": {
1970
- "rules": [
1971
- {
1972
- "if": "$CI_COMMIT_TAG",
1973
- },
1974
- {
1975
- "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
1976
- "when": "never",
1977
- },
1978
- {
1979
- "if": "$CI_PIPELINE_SOURCE == "schedule"",
1980
- "when": "never",
1981
- },
1982
- {
1983
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
1984
- },
1985
- {
1986
- "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
1987
- },
1988
- {
1989
- "if": "$CI_MERGE_REQUEST_ID",
1990
- },
1991
- ],
1992
- },
1993
- },
1994
- }
1995
- `;
1996
-
1997
- exports[`matches snapshot with a Dockerfile 1`] = `
1998
- {
1999
- "mainBranch": {
2000
- "image": "path/to/docker/jobs-default:the-version",
2001
- "jobs": {
2002
- "app ↩️ Rollback ⚠️ | dev ": {
2003
- "allow_failure": true,
2004
- "artifacts": {
2005
- "reports": {
2006
- "dotenv": "gitlab_environment.env",
2007
- },
2008
- },
2009
- "environment": {
2010
- "action": "access",
2011
- "name": "dev/app",
2012
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
2013
- },
2014
- "image": "path/to/docker/kubernetes:the-version",
2015
- "interruptible": true,
2016
- "needs": [],
2017
- "retry": {
2018
- "max": 2,
2019
- "when": [
2020
- "runner_system_failure",
2021
- "stuck_or_timeout_failure",
2022
- ],
2023
- },
2024
- "rules": [
2025
- {
2026
- "when": "manual",
2027
- },
2028
- ],
2029
- "script": [
2030
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2031
- "export ENV_SHORT="dev"",
2032
- "export APP_DIR="."",
2033
- "export ENV_TYPE="dev"",
2034
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2035
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
2036
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
2037
- "export ROOT_URL="https://app.dev.test-app.pan.panter.cloud"",
2038
- "export HOST_INTERNAL="app.dev.test-app.pan.panter.cloud"",
2039
- "export HOST_CANONICAL="app.dev.test-app.pan.panter.cloud"",
2040
- "export ROOT_URL_INTERNAL="https://app.dev.test-app.pan.panter.cloud"",
2041
- "export KUBE_NAMESPACE="pan-test-app-dev"",
2042
- "export KUBE_APP_NAME="app"",
2043
- "export KUBE_APP_NAME_PREFIX=""",
2044
- "export SECRET_KEY_BASE="$CL_dev_app_SECRET_KEY_BASE"",
2045
- "export POSTGRESQL_PASSWORD="$CL_dev_app_POSTGRESQL_PASSWORD"",
2046
- "export cloudsqlProxyCredentials="$CL_dev_app_cloudsqlProxyCredentials"",
2047
- "export RAILS_ENV="production"",
2048
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
2049
- "export RELEASE_NAME="pan-test-app-dev-app"",
2050
- "export HELM_EXPERIMENTAL_OCI="1"",
2051
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
2052
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
2053
- "export HELM_ARGS=""",
2054
- "export COMPONENT_NAME="app"",
2055
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2056
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2057
- "kubectl config set-cluster "kube-pan-test-app-dev-app" --server="$CL_dev_app_KUBE_URL" --certificate-authority <(echo $CL_dev_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
2058
- "kubectl config set-credentials "kube-pan-test-app-dev-app" --token="$CL_dev_app_KUBE_TOKEN"",
2059
- "kubectl config set-context "kube-pan-test-app-dev-app" --cluster="kube-pan-test-app-dev-app" --user="kube-pan-test-app-dev-app" --namespace="pan-test-app-dev"",
2060
- "kubectl config use-context "kube-pan-test-app-dev-app"",
2061
- "kubernetesRollback",
2062
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
2063
- ],
2064
- "stage": "rollback dev",
2065
- "variables": {
2066
- "GIT_STRATEGY": "none",
2067
- "KUBERNETES_CPU_REQUEST": "0.22",
2068
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
2069
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
2070
- },
2071
- },
2072
- "app 👮 lint": {
2073
- "cache": {
2074
- "key": {
2075
- "files": [
2076
- "Gemfile.lock",
2077
- ],
2078
- "prefix": "$CI_JOB_IMAGE",
2079
- },
2080
- "paths": [
2081
- "tmp/cache",
2082
- ],
2083
- },
2084
- "image": "ruby:3.2.1",
2085
- "interruptible": true,
2086
- "needs": [],
2087
- "retry": {
2088
- "max": 2,
2089
- "when": [
2090
- "runner_system_failure",
2091
- "stuck_or_timeout_failure",
2092
- ],
2093
- },
2094
- "script": [
2095
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2096
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2097
- "cd .",
2098
- "bundle config set path 'tmp/cache'",
2099
- "bundle install -j $(nproc)",
2100
- "bundle exec rubocop",
2101
- ],
2102
- "stage": "test",
2103
- "variables": {},
2104
- },
2105
- "app 🔨 docker | dev ": {
2106
- "image": "path/to/docker/docker-build:the-version",
2107
- "interruptible": true,
2108
- "needs": [],
2109
- "retry": {
2110
- "max": 2,
2111
- "when": [
2112
- "runner_system_failure",
2113
- "stuck_or_timeout_failure",
2114
- ],
2115
- },
2116
- "script": [
2117
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2118
- "export APP_DIR="."",
2119
- "export DOCKER_BUILD_CONTEXT="."",
2120
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
2121
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
2122
- "export DOCKER_IMAGE_NAME="dev/app"",
2123
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
2124
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
2125
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2126
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
2127
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
2128
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
2129
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
2130
- "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
2131
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
2132
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
2133
- "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
2134
- "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
2135
- "docker push $DOCKER_CACHE_IMAGE",
2136
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
2137
- ],
2138
- "services": [
2139
- {
2140
- "command": [
2141
- "--tls=false",
2142
- ],
2143
- "name": "docker:24.0.6-dind",
2144
- },
2145
- ],
2146
- "stage": "build",
2147
- "variables": {
2148
- "DOCKER_BUILDKIT": "1",
2149
- "DOCKER_DRIVER": "overlay2",
2150
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
2151
- "DOCKER_TLS_CERTDIR": "",
2152
- "KUBERNETES_CPU_REQUEST": "0.45",
2153
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
2154
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
2155
- },
2156
- },
2157
- "app 🚀 Deploy | dev ": {
2158
- "allow_failure": false,
2159
- "artifacts": {
2160
- "reports": {
2161
- "dotenv": "gitlab_environment.env",
2162
- },
2163
- },
2164
- "environment": {
2165
- "auto_stop_in": "4 weeks",
2166
- "name": "dev/app",
2167
- "on_stop": "app 🛑 Stop ⚠️ | dev ",
2168
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
2169
- },
2170
- "image": "path/to/docker/kubernetes:the-version",
2171
- "interruptible": true,
2172
- "needs": [
2173
- {
2174
- "artifacts": false,
2175
- "job": "app 👮 lint",
2176
- },
2177
- {
2178
- "artifacts": false,
2179
- "job": "app 🔨 docker | dev ",
2180
- },
2181
- {
2182
- "artifacts": false,
2183
- "job": "app 🧪 test",
2184
- },
2185
- {
2186
- "artifacts": true,
2187
- "job": "app 🧾 sbom | dev ",
2188
- },
2189
- {
2190
- "artifacts": false,
2191
- "job": "app 🛡 audit",
2192
- },
2193
- ],
2194
- "retry": {
2195
- "max": 2,
2196
- "when": [
2197
- "runner_system_failure",
2198
- "stuck_or_timeout_failure",
2199
- ],
2200
- },
2201
- "rules": [
2202
- {
2203
- "when": "on_success",
2204
- },
2205
- ],
2206
- "script": [
2207
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2208
- "export ENV_SHORT="dev"",
2209
- "export APP_DIR="."",
2210
- "export ENV_TYPE="dev"",
2211
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2212
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
2213
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
2214
- "export ROOT_URL="https://app.dev.test-app.pan.panter.cloud"",
2215
- "export HOST_INTERNAL="app.dev.test-app.pan.panter.cloud"",
2216
- "export HOST_CANONICAL="app.dev.test-app.pan.panter.cloud"",
2217
- "export ROOT_URL_INTERNAL="https://app.dev.test-app.pan.panter.cloud"",
2218
- "export KUBE_NAMESPACE="pan-test-app-dev"",
2219
- "export KUBE_APP_NAME="app"",
2220
- "export KUBE_APP_NAME_PREFIX=""",
2221
- "export SECRET_KEY_BASE="$CL_dev_app_SECRET_KEY_BASE"",
2222
- "export POSTGRESQL_PASSWORD="$CL_dev_app_POSTGRESQL_PASSWORD"",
2223
- "export cloudsqlProxyCredentials="$CL_dev_app_cloudsqlProxyCredentials"",
2224
- "export RAILS_ENV="production"",
2225
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
2226
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
2227
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
2228
- "export DOCKER_IMAGE_NAME="dev/app"",
2229
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
2230
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
2231
- "export RELEASE_NAME="pan-test-app-dev-app"",
2232
- "export HELM_EXPERIMENTAL_OCI="1"",
2233
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
2234
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
2235
- "export HELM_ARGS=""",
2236
- "export COMPONENT_NAME="app"",
2237
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2238
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2239
- "kubectl config set-cluster "kube-pan-test-app-dev-app" --server="$CL_dev_app_KUBE_URL" --certificate-authority <(echo $CL_dev_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
2240
- "kubectl config set-credentials "kube-pan-test-app-dev-app" --token="$CL_dev_app_KUBE_TOKEN"",
2241
- "kubectl config set-context "kube-pan-test-app-dev-app" --cluster="kube-pan-test-app-dev-app" --user="kube-pan-test-app-dev-app" --namespace="pan-test-app-dev"",
2242
- "kubectl config use-context "kube-pan-test-app-dev-app"",
2243
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
2244
- "cat > __all_values.yml <<EOF
2245
- env:
2246
- secret:
2247
- SECRET_KEY_BASE: |-
2248
- $(printf %s "$CL_dev_app_SECRET_KEY_BASE" | sed 's/^/ /')
2249
- POSTGRESQL_PASSWORD: |-
2250
- $(printf %s "$CL_dev_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
2251
- cloudsqlProxyCredentials: |-
2252
- $(printf %s "$CL_dev_app_cloudsqlProxyCredentials" | sed 's/^/ /')
2253
- public:
2254
- ENV_SHORT: |-
2255
- dev
2256
- APP_DIR: |-
2257
- .
2258
- ENV_TYPE: |-
2259
- dev
2260
- BUILD_INFO_BUILD_ID: |-
2261
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
2262
- BUILD_INFO_BUILD_TIME: |-
2263
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
2264
- BUILD_INFO_CURRENT_VERSION: |-
2265
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
2266
- ROOT_URL: |-
2267
- https://app.dev.test-app.pan.panter.cloud
2268
- HOST_INTERNAL: |-
2269
- app.dev.test-app.pan.panter.cloud
2270
- HOST_CANONICAL: |-
2271
- app.dev.test-app.pan.panter.cloud
2272
- ROOT_URL_INTERNAL: |-
2273
- https://app.dev.test-app.pan.panter.cloud
2274
- KUBE_NAMESPACE: |-
2275
- pan-test-app-dev
2276
- KUBE_APP_NAME: |-
2277
- app
2278
- KUBE_APP_NAME_PREFIX: ""
2279
- RAILS_ENV: |-
2280
- production
2281
- _ALL_ENV_VAR_KEYS: |-
2282
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
2283
- application:
2284
- host: |-
2285
- app.dev.test-app.pan.panter.cloud
2286
- command: |-
2287
- /cnb/process/web
2288
- livenessProbe:
2289
- httpGet:
2290
- path: |-
2291
- __health
2292
- readinessProbe:
2293
- httpGet:
2294
- path: |-
2295
- __health
2296
- startupProbe:
2297
- httpGet:
2298
- path: |-
2299
- __health
2300
- worker:
2301
- enabled: true
2302
- command: |-
2303
- launcher bundle exec rake jobs:work
2304
- livenessProbe: false
2305
- cloudsql:
2306
- enabled: true
2307
- dbUser: |-
2308
- postgres
2309
- instanceConnectionName: |-
2310
- some-project-id:europe-west6:pan-test-app-dev
2311
- proxyCredentials: |-
2312
- $CL_dev_app_cloudsqlProxyCredentials
2313
- fullDbName: |-
2314
- app
2315
- projectId: |-
2316
- some-project-id
2317
- jobs:
2318
- db-migrate:
2319
- hook: |-
2320
- post-install,post-upgrade
2321
- command: |-
2322
- launcher bundle exec rake db:migrate
2323
-
2324
- EOF
2325
- ",
2326
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
2327
- "kubernetesCreateSecret",
2328
- "kubernetesDeploy",
2329
- "echo 'Uploading SBOM to Dependency Track'",
2330
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://app.dev.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
2331
- "echo deployment successful 😻",
2332
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
2333
- ],
2334
- "stage": "deploy dev",
2335
- "variables": {
2336
- "KUBERNETES_CPU_REQUEST": "0.22",
2337
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
2338
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
2339
- },
2340
- },
2341
- "app 🛑 Stop ⚠️ | dev ": {
2342
- "allow_failure": true,
2343
- "artifacts": {
2344
- "reports": {
2345
- "dotenv": "gitlab_environment.env",
2346
- },
2347
- },
2348
- "environment": {
2349
- "action": "stop",
2350
- "name": "dev/app",
2351
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
2352
- },
2353
- "image": "path/to/docker/kubernetes:the-version",
2354
- "interruptible": true,
2355
- "needs": [],
2356
- "retry": {
2357
- "max": 2,
2358
- "when": [
2359
- "runner_system_failure",
2360
- "stuck_or_timeout_failure",
2361
- ],
2362
- },
2363
- "rules": [
2364
- {
2365
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
2366
- "when": "on_success",
2367
- },
2368
- {
2369
- "when": "manual",
2370
- },
2371
- ],
2372
- "script": [
2373
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2374
- "export ENV_SHORT="dev"",
2375
- "export APP_DIR="."",
2376
- "export ENV_TYPE="dev"",
2377
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2378
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
2379
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
2380
- "export ROOT_URL="https://app.dev.test-app.pan.panter.cloud"",
2381
- "export HOST_INTERNAL="app.dev.test-app.pan.panter.cloud"",
2382
- "export HOST_CANONICAL="app.dev.test-app.pan.panter.cloud"",
2383
- "export ROOT_URL_INTERNAL="https://app.dev.test-app.pan.panter.cloud"",
2384
- "export KUBE_NAMESPACE="pan-test-app-dev"",
2385
- "export KUBE_APP_NAME="app"",
2386
- "export KUBE_APP_NAME_PREFIX=""",
2387
- "export SECRET_KEY_BASE="$CL_dev_app_SECRET_KEY_BASE"",
2388
- "export POSTGRESQL_PASSWORD="$CL_dev_app_POSTGRESQL_PASSWORD"",
2389
- "export cloudsqlProxyCredentials="$CL_dev_app_cloudsqlProxyCredentials"",
2390
- "export RAILS_ENV="production"",
2391
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
2392
- "export RELEASE_NAME="pan-test-app-dev-app"",
2393
- "export HELM_EXPERIMENTAL_OCI="1"",
2394
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
2395
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
2396
- "export HELM_ARGS=""",
2397
- "export COMPONENT_NAME="app"",
2398
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2399
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2400
- "kubectl config set-cluster "kube-pan-test-app-dev-app" --server="$CL_dev_app_KUBE_URL" --certificate-authority <(echo $CL_dev_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
2401
- "kubectl config set-credentials "kube-pan-test-app-dev-app" --token="$CL_dev_app_KUBE_TOKEN"",
2402
- "kubectl config set-context "kube-pan-test-app-dev-app" --cluster="kube-pan-test-app-dev-app" --user="kube-pan-test-app-dev-app" --namespace="pan-test-app-dev"",
2403
- "kubectl config use-context "kube-pan-test-app-dev-app"",
2404
- "kubernetesDelete",
2405
- "echo 'Disabling component in Dependency Track'",
2406
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://app.dev.test-app.pan.panter.cloud" || true",
2407
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.dev.test-app.pan.panter.cloud" >> gitlab_environment.env",
2408
- ],
2409
- "stage": "stop dev",
2410
- "variables": {
2411
- "GIT_STRATEGY": "none",
2412
- "KUBERNETES_CPU_REQUEST": "0.22",
2413
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
2414
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
2415
- },
2416
- },
2417
- "app 🛡 audit": {
2418
- "allow_failure": true,
2419
- "image": "ruby:3.2.1",
2420
- "interruptible": true,
2421
- "needs": [],
2422
- "retry": {
2423
- "max": 2,
2424
- "when": [
2425
- "runner_system_failure",
2426
- "stuck_or_timeout_failure",
2427
- ],
2428
- },
2429
- "script": [
2430
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2431
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2432
- "cd .",
2433
- "gem install bundler-audit",
2434
- "bundle audit check",
2435
- ],
2436
- "stage": "test",
2437
- "variables": {},
2438
- },
2439
- "app 🧪 test": {
2440
- "cache": {
2441
- "key": {
2442
- "files": [
2443
- "Gemfile.lock",
2444
- ],
2445
- "prefix": "$CI_JOB_IMAGE",
2446
- },
2447
- "paths": [
2448
- "tmp/cache",
2449
- ],
2450
- },
2451
- "image": "ruby:3.2.1",
2452
- "interruptible": true,
2453
- "needs": [],
2454
- "retry": {
2455
- "max": 2,
2456
- "when": [
2457
- "runner_system_failure",
2458
- "stuck_or_timeout_failure",
2459
- ],
2460
- },
2461
- "script": [
2462
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2463
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2464
- "cd .",
2465
- "bundle config set path 'tmp/cache'",
2466
- "bundle install -j $(nproc)",
2467
- "bundle exec rspec",
2468
- ],
2469
- "stage": "test",
2470
- "variables": {},
2471
- },
2472
- "app 🧾 sbom | dev ": {
2473
- "allow_failure": true,
2474
- "artifacts": {
2475
- "paths": [
2476
- "__sbom.json",
2477
- ],
2478
- },
2479
- "image": "aquasec/trivy:0.38.3",
2480
- "interruptible": true,
2481
- "needs": [],
2482
- "retry": {
2483
- "max": 2,
2484
- "when": [
2485
- "runner_system_failure",
2486
- "stuck_or_timeout_failure",
2487
- ],
2488
- },
2489
- "script": [
2490
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2491
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2492
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
2493
- ],
2494
- "stage": "build",
2495
- "variables": {},
2496
- },
2497
- },
2498
- "stages": [
2499
- "setup",
2500
- "setup dev",
2501
- "setup review",
2502
- "setup stage",
2503
- "setup prod",
2504
- "test",
2505
- "test dev",
2506
- "test review",
2507
- "test stage",
2508
- "test prod",
2509
- "build",
2510
- "build dev",
2511
- "build review",
2512
- "build stage",
2513
- "build prod",
2514
- "deploy",
2515
- "deploy dev",
2516
- "deploy review",
2517
- "deploy stage",
2518
- "deploy prod",
2519
- "verify",
2520
- "verify dev",
2521
- "verify review",
2522
- "verify stage",
2523
- "verify prod",
2524
- "rollback",
2525
- "rollback dev",
2526
- "rollback review",
2527
- "rollback stage",
2528
- "rollback prod",
2529
- "stop",
2530
- "stop dev",
2531
- "stop review",
2532
- "stop stage",
2533
- "stop prod",
2534
- ],
2535
- "variables": {
2536
- "ARTIFACT_COMPRESSION_LEVEL": "fast",
2537
- "CACHE_COMPRESSION_LEVEL": "fast",
2538
- "FF_USE_FASTZIP": "true",
2539
- "GIT_DEPTH": "1",
2540
- "TRANSFER_METER_FREQUENCY": "5s",
2541
- },
2542
- "workflow": {
2543
- "rules": [
2544
- {
2545
- "if": "$CI_COMMIT_TAG",
2546
- },
2547
- {
2548
- "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
2549
- "when": "never",
2550
- },
2551
- {
2552
- "if": "$CI_PIPELINE_SOURCE == "schedule"",
2553
- "when": "never",
2554
- },
2555
- {
2556
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
2557
- },
2558
- {
2559
- "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
2560
- },
2561
- {
2562
- "if": "$CI_MERGE_REQUEST_ID",
2563
- },
2564
- ],
2565
- },
2566
- },
2567
- "mr": {
2568
- "image": "path/to/docker/jobs-default:the-version",
2569
- "jobs": {
2570
- "app ↩️ Rollback ⚠️ | review ": {
2571
- "allow_failure": true,
2572
- "artifacts": {
2573
- "reports": {
2574
- "dotenv": "gitlab_environment.env",
2575
- },
2576
- },
2577
- "environment": {
2578
- "action": "access",
2579
- "name": "review/$CI_COMMIT_REF_NAME/app",
2580
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
2581
- },
2582
- "image": "path/to/docker/kubernetes:the-version",
2583
- "interruptible": true,
2584
- "needs": [],
2585
- "retry": {
2586
- "max": 2,
2587
- "when": [
2588
- "runner_system_failure",
2589
- "stuck_or_timeout_failure",
2590
- ],
2591
- },
2592
- "rules": [
2593
- {
2594
- "when": "manual",
2595
- },
2596
- ],
2597
- "script": [
2598
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2599
- "export ENV_SHORT="review"",
2600
- "export APP_DIR="."",
2601
- "export ENV_TYPE="review"",
2602
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2603
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
2604
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
2605
- "export ROOT_URL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2606
- "export HOST_INTERNAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2607
- "export HOST_CANONICAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2608
- "export ROOT_URL_INTERNAL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2609
- "export KUBE_NAMESPACE="pan-test-app-review"",
2610
- "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2611
- "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
2612
- "export SECRET_KEY_BASE="$CL_review_app_SECRET_KEY_BASE"",
2613
- "export POSTGRESQL_PASSWORD="$CL_review_app_POSTGRESQL_PASSWORD"",
2614
- "export cloudsqlProxyCredentials="$CL_review_app_cloudsqlProxyCredentials"",
2615
- "export RAILS_ENV="production"",
2616
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
2617
- "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2618
- "export HELM_EXPERIMENTAL_OCI="1"",
2619
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
2620
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
2621
- "export HELM_ARGS=""",
2622
- "export COMPONENT_NAME="app"",
2623
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2624
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2625
- "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --server="$CL_review_app_KUBE_URL" --certificate-authority <(echo $CL_review_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
2626
- "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --token="$CL_review_app_KUBE_TOKEN"",
2627
- "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --namespace="pan-test-app-review"",
2628
- "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2629
- "kubernetesRollback",
2630
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
2631
- ],
2632
- "stage": "rollback review",
2633
- "variables": {
2634
- "GIT_STRATEGY": "none",
2635
- "KUBERNETES_CPU_REQUEST": "0.22",
2636
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
2637
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
2638
- },
2639
- },
2640
- "app 👮 lint": {
2641
- "cache": {
2642
- "key": {
2643
- "files": [
2644
- "Gemfile.lock",
2645
- ],
2646
- "prefix": "$CI_JOB_IMAGE",
2647
- },
2648
- "paths": [
2649
- "tmp/cache",
2650
- ],
2651
- },
2652
- "image": "ruby:3.2.1",
2653
- "interruptible": true,
2654
- "needs": [],
2655
- "retry": {
2656
- "max": 2,
2657
- "when": [
2658
- "runner_system_failure",
2659
- "stuck_or_timeout_failure",
2660
- ],
2661
- },
2662
- "script": [
2663
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2664
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2665
- "cd .",
2666
- "bundle config set path 'tmp/cache'",
2667
- "bundle install -j $(nproc)",
2668
- "bundle exec rubocop",
2669
- ],
2670
- "stage": "test",
2671
- "variables": {},
2672
- },
2673
- "app 🔨 docker | review ": {
2674
- "image": "path/to/docker/docker-build:the-version",
2675
- "interruptible": true,
2676
- "needs": [],
2677
- "retry": {
2678
- "max": 2,
2679
- "when": [
2680
- "runner_system_failure",
2681
- "stuck_or_timeout_failure",
2682
- ],
2683
- },
2684
- "script": [
2685
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2686
- "export APP_DIR="."",
2687
- "export DOCKER_BUILD_CONTEXT="."",
2688
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
2689
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
2690
- "export DOCKER_IMAGE_NAME="review/app"",
2691
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
2692
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
2693
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2694
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
2695
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
2696
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
2697
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
2698
- "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
2699
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
2700
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
2701
- "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
2702
- "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
2703
- "docker push $DOCKER_CACHE_IMAGE",
2704
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
2705
- ],
2706
- "services": [
2707
- {
2708
- "command": [
2709
- "--tls=false",
2710
- ],
2711
- "name": "docker:24.0.6-dind",
2712
- },
2713
- ],
2714
- "stage": "build",
2715
- "variables": {
2716
- "DOCKER_BUILDKIT": "1",
2717
- "DOCKER_DRIVER": "overlay2",
2718
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
2719
- "DOCKER_TLS_CERTDIR": "",
2720
- "KUBERNETES_CPU_REQUEST": "0.45",
2721
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
2722
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
2723
- },
2724
- },
2725
- "app 🚀 Deploy | review ": {
2726
- "allow_failure": false,
2727
- "artifacts": {
2728
- "reports": {
2729
- "dotenv": "gitlab_environment.env",
2730
- },
2731
- },
2732
- "environment": {
2733
- "auto_stop_in": "1 week",
2734
- "name": "review/$CI_COMMIT_REF_NAME/app",
2735
- "on_stop": "app 🛑 Stop ⚠️ | review ",
2736
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
2737
- },
2738
- "image": "path/to/docker/kubernetes:the-version",
2739
- "interruptible": true,
2740
- "needs": [
2741
- {
2742
- "artifacts": false,
2743
- "job": "app 👮 lint",
2744
- },
2745
- {
2746
- "artifacts": false,
2747
- "job": "app 🔨 docker | review ",
2748
- },
2749
- {
2750
- "artifacts": false,
2751
- "job": "app 🧪 test",
2752
- },
2753
- {
2754
- "artifacts": true,
2755
- "job": "app 🧾 sbom | review ",
2756
- },
2757
- {
2758
- "artifacts": false,
2759
- "job": "app 🛡 audit",
2760
- },
2761
- ],
2762
- "retry": {
2763
- "max": 2,
2764
- "when": [
2765
- "runner_system_failure",
2766
- "stuck_or_timeout_failure",
2767
- ],
2768
- },
2769
- "rules": [
2770
- {
2771
- "when": "on_success",
2772
- },
2773
- ],
2774
- "script": [
2775
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2776
- "export ENV_SHORT="review"",
2777
- "export APP_DIR="."",
2778
- "export ENV_TYPE="review"",
2779
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2780
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
2781
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
2782
- "export ROOT_URL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2783
- "export HOST_INTERNAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2784
- "export HOST_CANONICAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2785
- "export ROOT_URL_INTERNAL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2786
- "export KUBE_NAMESPACE="pan-test-app-review"",
2787
- "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2788
- "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
2789
- "export SECRET_KEY_BASE="$CL_review_app_SECRET_KEY_BASE"",
2790
- "export POSTGRESQL_PASSWORD="$CL_review_app_POSTGRESQL_PASSWORD"",
2791
- "export cloudsqlProxyCredentials="$CL_review_app_cloudsqlProxyCredentials"",
2792
- "export RAILS_ENV="production"",
2793
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
2794
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
2795
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
2796
- "export DOCKER_IMAGE_NAME="review/app"",
2797
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
2798
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
2799
- "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2800
- "export HELM_EXPERIMENTAL_OCI="1"",
2801
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
2802
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
2803
- "export HELM_ARGS=""",
2804
- "export COMPONENT_NAME="app"",
2805
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2806
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2807
- "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --server="$CL_review_app_KUBE_URL" --certificate-authority <(echo $CL_review_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
2808
- "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --token="$CL_review_app_KUBE_TOKEN"",
2809
- "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --namespace="pan-test-app-review"",
2810
- "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2811
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
2812
- "cat > __all_values.yml <<EOF
2813
- env:
2814
- secret:
2815
- SECRET_KEY_BASE: |-
2816
- $(printf %s "$CL_review_app_SECRET_KEY_BASE" | sed 's/^/ /')
2817
- POSTGRESQL_PASSWORD: |-
2818
- $(printf %s "$CL_review_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
2819
- cloudsqlProxyCredentials: |-
2820
- $(printf %s "$CL_review_app_cloudsqlProxyCredentials" | sed 's/^/ /')
2821
- public:
2822
- ENV_SHORT: |-
2823
- review
2824
- APP_DIR: |-
2825
- .
2826
- ENV_TYPE: |-
2827
- review
2828
- BUILD_INFO_BUILD_ID: |-
2829
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
2830
- BUILD_INFO_BUILD_TIME: |-
2831
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
2832
- BUILD_INFO_CURRENT_VERSION: |-
2833
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
2834
- ROOT_URL: |-
2835
- $(printf %s "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
2836
- HOST_INTERNAL: |-
2837
- $(printf %s "app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
2838
- HOST_CANONICAL: |-
2839
- $(printf %s "app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
2840
- ROOT_URL_INTERNAL: |-
2841
- $(printf %s "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
2842
- KUBE_NAMESPACE: |-
2843
- pan-test-app-review
2844
- KUBE_APP_NAME: |-
2845
- $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" | sed 's/^/ /')
2846
- KUBE_APP_NAME_PREFIX: |-
2847
- $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-" | sed 's/^/ /')
2848
- RAILS_ENV: |-
2849
- production
2850
- _ALL_ENV_VAR_KEYS: |-
2851
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
2852
- application:
2853
- host: |-
2854
- $(printf %s "app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" | sed 's/^/ /')
2855
- command: |-
2856
- /cnb/process/web
2857
- livenessProbe:
2858
- httpGet:
2859
- path: |-
2860
- __health
2861
- readinessProbe:
2862
- httpGet:
2863
- path: |-
2864
- __health
2865
- startupProbe:
2866
- httpGet:
2867
- path: |-
2868
- __health
2869
- worker:
2870
- enabled: true
2871
- command: |-
2872
- launcher bundle exec rake jobs:work
2873
- livenessProbe: false
2874
- cloudsql:
2875
- enabled: true
2876
- dbUser: |-
2877
- postgres
2878
- instanceConnectionName: |-
2879
- some-project-id:europe-west6:pan-test-app-review
2880
- proxyCredentials: |-
2881
- $CL_review_app_cloudsqlProxyCredentials
2882
- fullDbName: |-
2883
- $(printf %s "$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" | sed 's/^/ /')
2884
- projectId: |-
2885
- some-project-id
2886
- jobs:
2887
- db-migrate:
2888
- hook: |-
2889
- post-upgrade
2890
- command: |-
2891
- launcher bundle exec rake db:migrate
2892
- db-prepare-seed:
2893
- hook: |-
2894
- post-install
2895
- command: |-
2896
- launcher bundle exec rake db:prepare db:seed
2897
-
2898
- EOF
2899
- ",
2900
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
2901
- "kubernetesCreateSecret",
2902
- "kubernetesDeploy",
2903
- "echo 'Uploading SBOM to Dependency Track'",
2904
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
2905
- "echo deployment successful 😻",
2906
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
2907
- ],
2908
- "stage": "deploy review",
2909
- "variables": {
2910
- "KUBERNETES_CPU_REQUEST": "0.22",
2911
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
2912
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
2913
- },
2914
- },
2915
- "app 🛑 Stop ⚠️ | review ": {
2916
- "allow_failure": true,
2917
- "artifacts": {
2918
- "reports": {
2919
- "dotenv": "gitlab_environment.env",
2920
- },
2921
- },
2922
- "environment": {
2923
- "action": "stop",
2924
- "name": "review/$CI_COMMIT_REF_NAME/app",
2925
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
2926
- },
2927
- "image": "path/to/docker/kubernetes:the-version",
2928
- "interruptible": true,
2929
- "needs": [],
2930
- "retry": {
2931
- "max": 2,
2932
- "when": [
2933
- "runner_system_failure",
2934
- "stuck_or_timeout_failure",
2935
- ],
2936
- },
2937
- "rules": [
2938
- {
2939
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
2940
- "when": "on_success",
2941
- },
2942
- {
2943
- "when": "manual",
2944
- },
2945
- ],
2946
- "script": [
2947
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
2948
- "export ENV_SHORT="review"",
2949
- "export APP_DIR="."",
2950
- "export ENV_TYPE="review"",
2951
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2952
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
2953
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
2954
- "export ROOT_URL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2955
- "export HOST_INTERNAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2956
- "export HOST_CANONICAL="app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2957
- "export ROOT_URL_INTERNAL="https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud"",
2958
- "export KUBE_NAMESPACE="pan-test-app-review"",
2959
- "export KUBE_APP_NAME="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2960
- "export KUBE_APP_NAME_PREFIX="$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-"",
2961
- "export SECRET_KEY_BASE="$CL_review_app_SECRET_KEY_BASE"",
2962
- "export POSTGRESQL_PASSWORD="$CL_review_app_POSTGRESQL_PASSWORD"",
2963
- "export cloudsqlProxyCredentials="$CL_review_app_cloudsqlProxyCredentials"",
2964
- "export RAILS_ENV="production"",
2965
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
2966
- "export RELEASE_NAME="pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2967
- "export HELM_EXPERIMENTAL_OCI="1"",
2968
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
2969
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
2970
- "export HELM_ARGS=""",
2971
- "export COMPONENT_NAME="app"",
2972
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
2973
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
2974
- "kubectl config set-cluster "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --server="$CL_review_app_KUBE_URL" --certificate-authority <(echo $CL_review_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
2975
- "kubectl config set-credentials "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --token="$CL_review_app_KUBE_TOKEN"",
2976
- "kubectl config set-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --cluster="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --user="kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app" --namespace="pan-test-app-review"",
2977
- "kubectl config use-context "kube-pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-app"",
2978
- "kubernetesDelete",
2979
- "echo 'Disabling component in Dependency Track'",
2980
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" || true",
2981
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }).review.test-app.pan.panter.cloud" >> gitlab_environment.env",
2982
- ],
2983
- "stage": "stop review",
2984
- "variables": {
2985
- "GIT_STRATEGY": "none",
2986
- "KUBERNETES_CPU_REQUEST": "0.22",
2987
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
2988
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
2989
- },
2990
- },
2991
- "app 🛡 audit": {
2992
- "allow_failure": true,
2993
- "image": "ruby:3.2.1",
2994
- "interruptible": true,
2995
- "needs": [],
2996
- "retry": {
2997
- "max": 2,
2998
- "when": [
2999
- "runner_system_failure",
3000
- "stuck_or_timeout_failure",
3001
- ],
3002
- },
3003
- "script": [
3004
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3005
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3006
- "cd .",
3007
- "gem install bundler-audit",
3008
- "bundle audit check",
3009
- ],
3010
- "stage": "test",
3011
- "variables": {},
3012
- },
3013
- "app 🧪 test": {
3014
- "cache": {
3015
- "key": {
3016
- "files": [
3017
- "Gemfile.lock",
3018
- ],
3019
- "prefix": "$CI_JOB_IMAGE",
3020
- },
3021
- "paths": [
3022
- "tmp/cache",
3023
- ],
3024
- },
3025
- "image": "ruby:3.2.1",
3026
- "interruptible": true,
3027
- "needs": [],
3028
- "retry": {
3029
- "max": 2,
3030
- "when": [
3031
- "runner_system_failure",
3032
- "stuck_or_timeout_failure",
3033
- ],
3034
- },
3035
- "script": [
3036
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3037
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3038
- "cd .",
3039
- "bundle config set path 'tmp/cache'",
3040
- "bundle install -j $(nproc)",
3041
- "bundle exec rspec",
3042
- ],
3043
- "stage": "test",
3044
- "variables": {},
3045
- },
3046
- "app 🧾 sbom | review ": {
3047
- "allow_failure": true,
3048
- "artifacts": {
3049
- "paths": [
3050
- "__sbom.json",
3051
- ],
3052
- },
3053
- "image": "aquasec/trivy:0.38.3",
3054
- "interruptible": true,
3055
- "needs": [],
3056
- "retry": {
3057
- "max": 2,
3058
- "when": [
3059
- "runner_system_failure",
3060
- "stuck_or_timeout_failure",
3061
- ],
3062
- },
3063
- "script": [
3064
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3065
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3066
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
3067
- ],
3068
- "stage": "build",
3069
- "variables": {},
3070
- },
3071
- },
3072
- "stages": [
3073
- "setup",
3074
- "setup dev",
3075
- "setup review",
3076
- "setup stage",
3077
- "setup prod",
3078
- "test",
3079
- "test dev",
3080
- "test review",
3081
- "test stage",
3082
- "test prod",
3083
- "build",
3084
- "build dev",
3085
- "build review",
3086
- "build stage",
3087
- "build prod",
3088
- "deploy",
3089
- "deploy dev",
3090
- "deploy review",
3091
- "deploy stage",
3092
- "deploy prod",
3093
- "verify",
3094
- "verify dev",
3095
- "verify review",
3096
- "verify stage",
3097
- "verify prod",
3098
- "rollback",
3099
- "rollback dev",
3100
- "rollback review",
3101
- "rollback stage",
3102
- "rollback prod",
3103
- "stop",
3104
- "stop dev",
3105
- "stop review",
3106
- "stop stage",
3107
- "stop prod",
3108
- ],
3109
- "variables": {
3110
- "ARTIFACT_COMPRESSION_LEVEL": "fast",
3111
- "CACHE_COMPRESSION_LEVEL": "fast",
3112
- "FF_USE_FASTZIP": "true",
3113
- "GIT_DEPTH": "1",
3114
- "TRANSFER_METER_FREQUENCY": "5s",
3115
- },
3116
- "workflow": {
3117
- "rules": [
3118
- {
3119
- "if": "$CI_COMMIT_TAG",
3120
- },
3121
- {
3122
- "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
3123
- "when": "never",
3124
- },
3125
- {
3126
- "if": "$CI_PIPELINE_SOURCE == "schedule"",
3127
- "when": "never",
3128
- },
3129
- {
3130
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
3131
- },
3132
- {
3133
- "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
3134
- },
3135
- {
3136
- "if": "$CI_MERGE_REQUEST_ID",
3137
- },
3138
- ],
3139
- },
3140
- },
3141
- "taggedRelease": {
3142
- "image": "path/to/docker/jobs-default:the-version",
3143
- "jobs": {
3144
- "app ↩️ Rollback ⚠️ | prod ": {
3145
- "allow_failure": true,
3146
- "artifacts": {
3147
- "reports": {
3148
- "dotenv": "gitlab_environment.env",
3149
- },
3150
- },
3151
- "environment": {
3152
- "action": "access",
3153
- "name": "prod/app",
3154
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
3155
- },
3156
- "image": "path/to/docker/kubernetes:the-version",
3157
- "interruptible": true,
3158
- "needs": [],
3159
- "retry": {
3160
- "max": 2,
3161
- "when": [
3162
- "runner_system_failure",
3163
- "stuck_or_timeout_failure",
3164
- ],
3165
- },
3166
- "rules": [
3167
- {
3168
- "when": "manual",
3169
- },
3170
- ],
3171
- "script": [
3172
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3173
- "export ENV_SHORT="prod"",
3174
- "export APP_DIR="."",
3175
- "export ENV_TYPE="prod"",
3176
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3177
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
3178
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
3179
- "export ROOT_URL="https://my-fancy-website.com"",
3180
- "export HOST_INTERNAL="app.prod.test-app.pan.panter.cloud"",
3181
- "export HOST_CANONICAL="app.prod.test-app.pan.panter.cloud"",
3182
- "export ROOT_URL_INTERNAL="https://app.prod.test-app.pan.panter.cloud"",
3183
- "export KUBE_NAMESPACE="pan-test-app-prod"",
3184
- "export KUBE_APP_NAME="app"",
3185
- "export KUBE_APP_NAME_PREFIX=""",
3186
- "export SECRET_KEY_BASE="$CL_prod_app_SECRET_KEY_BASE"",
3187
- "export POSTGRESQL_PASSWORD="$CL_prod_app_POSTGRESQL_PASSWORD"",
3188
- "export cloudsqlProxyCredentials="$CL_prod_app_cloudsqlProxyCredentials"",
3189
- "export RAILS_ENV="production"",
3190
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
3191
- "export RELEASE_NAME="pan-test-app-prod-app"",
3192
- "export HELM_EXPERIMENTAL_OCI="1"",
3193
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
3194
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
3195
- "export HELM_ARGS=""",
3196
- "export COMPONENT_NAME="app"",
3197
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3198
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3199
- "kubectl config set-cluster "kube-pan-test-app-prod-app" --server="$CL_prod_app_KUBE_URL" --certificate-authority <(echo $CL_prod_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
3200
- "kubectl config set-credentials "kube-pan-test-app-prod-app" --token="$CL_prod_app_KUBE_TOKEN"",
3201
- "kubectl config set-context "kube-pan-test-app-prod-app" --cluster="kube-pan-test-app-prod-app" --user="kube-pan-test-app-prod-app" --namespace="pan-test-app-prod"",
3202
- "kubectl config use-context "kube-pan-test-app-prod-app"",
3203
- "kubernetesRollback",
3204
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://my-fancy-website.com" >> gitlab_environment.env",
3205
- ],
3206
- "stage": "rollback prod",
3207
- "variables": {
3208
- "GIT_STRATEGY": "none",
3209
- "KUBERNETES_CPU_REQUEST": "0.22",
3210
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
3211
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
3212
- },
3213
- },
3214
- "app ↩️ Rollback ⚠️ | stage ": {
3215
- "allow_failure": true,
3216
- "artifacts": {
3217
- "reports": {
3218
- "dotenv": "gitlab_environment.env",
3219
- },
3220
- },
3221
- "environment": {
3222
- "action": "access",
3223
- "name": "stage/app",
3224
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
3225
- },
3226
- "image": "path/to/docker/kubernetes:the-version",
3227
- "interruptible": true,
3228
- "needs": [],
3229
- "retry": {
3230
- "max": 2,
3231
- "when": [
3232
- "runner_system_failure",
3233
- "stuck_or_timeout_failure",
3234
- ],
3235
- },
3236
- "rules": [
3237
- {
3238
- "when": "manual",
3239
- },
3240
- ],
3241
- "script": [
3242
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3243
- "export ENV_SHORT="stage"",
3244
- "export APP_DIR="."",
3245
- "export ENV_TYPE="stage"",
3246
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3247
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
3248
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
3249
- "export ROOT_URL="https://app.stage.test-app.pan.panter.cloud"",
3250
- "export HOST_INTERNAL="app.stage.test-app.pan.panter.cloud"",
3251
- "export HOST_CANONICAL="app.stage.test-app.pan.panter.cloud"",
3252
- "export ROOT_URL_INTERNAL="https://app.stage.test-app.pan.panter.cloud"",
3253
- "export KUBE_NAMESPACE="pan-test-app-stage"",
3254
- "export KUBE_APP_NAME="app"",
3255
- "export KUBE_APP_NAME_PREFIX=""",
3256
- "export SECRET_KEY_BASE="$CL_stage_app_SECRET_KEY_BASE"",
3257
- "export POSTGRESQL_PASSWORD="$CL_stage_app_POSTGRESQL_PASSWORD"",
3258
- "export cloudsqlProxyCredentials="$CL_stage_app_cloudsqlProxyCredentials"",
3259
- "export RAILS_ENV="production"",
3260
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
3261
- "export RELEASE_NAME="pan-test-app-stage-app"",
3262
- "export HELM_EXPERIMENTAL_OCI="1"",
3263
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
3264
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
3265
- "export HELM_ARGS=""",
3266
- "export COMPONENT_NAME="app"",
3267
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3268
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3269
- "kubectl config set-cluster "kube-pan-test-app-stage-app" --server="$CL_stage_app_KUBE_URL" --certificate-authority <(echo $CL_stage_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
3270
- "kubectl config set-credentials "kube-pan-test-app-stage-app" --token="$CL_stage_app_KUBE_TOKEN"",
3271
- "kubectl config set-context "kube-pan-test-app-stage-app" --cluster="kube-pan-test-app-stage-app" --user="kube-pan-test-app-stage-app" --namespace="pan-test-app-stage"",
3272
- "kubectl config use-context "kube-pan-test-app-stage-app"",
3273
- "kubernetesRollback",
3274
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
3275
- ],
3276
- "stage": "rollback stage",
3277
- "variables": {
3278
- "GIT_STRATEGY": "none",
3279
- "KUBERNETES_CPU_REQUEST": "0.22",
3280
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
3281
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
3282
- },
3283
- },
3284
- "app 🔨 docker | prod ": {
3285
- "image": "path/to/docker/docker-build:the-version",
3286
- "interruptible": true,
3287
- "needs": [],
3288
- "retry": {
3289
- "max": 2,
3290
- "when": [
3291
- "runner_system_failure",
3292
- "stuck_or_timeout_failure",
3293
- ],
3294
- },
3295
- "script": [
3296
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3297
- "export APP_DIR="."",
3298
- "export DOCKER_BUILD_CONTEXT="."",
3299
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
3300
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
3301
- "export DOCKER_IMAGE_NAME="prod/app"",
3302
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
3303
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
3304
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3305
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
3306
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
3307
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
3308
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
3309
- "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
3310
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
3311
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
3312
- "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
3313
- "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
3314
- "docker push $DOCKER_CACHE_IMAGE",
3315
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
3316
- ],
3317
- "services": [
3318
- {
3319
- "command": [
3320
- "--tls=false",
3321
- ],
3322
- "name": "docker:24.0.6-dind",
3323
- },
3324
- ],
3325
- "stage": "build",
3326
- "variables": {
3327
- "DOCKER_BUILDKIT": "1",
3328
- "DOCKER_DRIVER": "overlay2",
3329
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
3330
- "DOCKER_TLS_CERTDIR": "",
3331
- "KUBERNETES_CPU_REQUEST": "0.45",
3332
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
3333
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
3334
- },
3335
- },
3336
- "app 🔨 docker | stage ": {
3337
- "image": "path/to/docker/docker-build:the-version",
3338
- "interruptible": true,
3339
- "needs": [],
3340
- "retry": {
3341
- "max": 2,
3342
- "when": [
3343
- "runner_system_failure",
3344
- "stuck_or_timeout_failure",
3345
- ],
3346
- },
3347
- "script": [
3348
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3349
- "export APP_DIR="."",
3350
- "export DOCKER_BUILD_CONTEXT="."",
3351
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
3352
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
3353
- "export DOCKER_IMAGE_NAME="stage/app"",
3354
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
3355
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
3356
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3357
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-login[collapsed=true]\\r\\e[0KDocker Login"",
3358
- "docker login --username gitlab-ci-token --password $CI_JOB_TOKEN $CI_REGISTRY",
3359
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-login\\r\\e[0K"",
3360
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-build[collapsed=true]\\r\\e[0KDocker build"",
3361
- "docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1",
3362
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-build\\r\\e[0K"",
3363
- "echo -e "\\e[0Ksection_start:$(date +%s):docker-push[collapsed=true]\\r\\e[0KDocker push and tag"",
3364
- "docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG",
3365
- "docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE",
3366
- "docker push $DOCKER_CACHE_IMAGE",
3367
- "echo -e "\\e[0Ksection_end:$(date +%s):docker-push\\r\\e[0K"",
3368
- ],
3369
- "services": [
3370
- {
3371
- "command": [
3372
- "--tls=false",
3373
- ],
3374
- "name": "docker:24.0.6-dind",
3375
- },
3376
- ],
3377
- "stage": "build",
3378
- "variables": {
3379
- "DOCKER_BUILDKIT": "1",
3380
- "DOCKER_DRIVER": "overlay2",
3381
- "DOCKER_HOST": "tcp://0.0.0.0:2375",
3382
- "DOCKER_TLS_CERTDIR": "",
3383
- "KUBERNETES_CPU_REQUEST": "0.45",
3384
- "KUBERNETES_MEMORY_LIMIT": "2Gi",
3385
- "KUBERNETES_MEMORY_REQUEST": "1Gi",
3386
- },
3387
- },
3388
- "app 🚀 Deploy | prod ": {
3389
- "allow_failure": true,
3390
- "artifacts": {
3391
- "reports": {
3392
- "dotenv": "gitlab_environment.env",
3393
- },
3394
- },
3395
- "environment": {
3396
- "auto_stop_in": undefined,
3397
- "name": "prod/app",
3398
- "on_stop": "app 🛑 Stop ⚠️ | prod ",
3399
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
3400
- },
3401
- "image": "path/to/docker/kubernetes:the-version",
3402
- "interruptible": true,
3403
- "needs": [
3404
- {
3405
- "artifacts": false,
3406
- "job": "app 🔨 docker | prod ",
3407
- },
3408
- {
3409
- "artifacts": true,
3410
- "job": "app 🧾 sbom | prod ",
3411
- },
3412
- ],
3413
- "retry": {
3414
- "max": 2,
3415
- "when": [
3416
- "runner_system_failure",
3417
- "stuck_or_timeout_failure",
3418
- ],
3419
- },
3420
- "rules": [
3421
- {
3422
- "when": "manual",
3423
- },
3424
- ],
3425
- "script": [
3426
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3427
- "export ENV_SHORT="prod"",
3428
- "export APP_DIR="."",
3429
- "export ENV_TYPE="prod"",
3430
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3431
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
3432
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
3433
- "export ROOT_URL="https://my-fancy-website.com"",
3434
- "export HOST_INTERNAL="app.prod.test-app.pan.panter.cloud"",
3435
- "export HOST_CANONICAL="app.prod.test-app.pan.panter.cloud"",
3436
- "export ROOT_URL_INTERNAL="https://app.prod.test-app.pan.panter.cloud"",
3437
- "export KUBE_NAMESPACE="pan-test-app-prod"",
3438
- "export KUBE_APP_NAME="app"",
3439
- "export KUBE_APP_NAME_PREFIX=""",
3440
- "export SECRET_KEY_BASE="$CL_prod_app_SECRET_KEY_BASE"",
3441
- "export POSTGRESQL_PASSWORD="$CL_prod_app_POSTGRESQL_PASSWORD"",
3442
- "export cloudsqlProxyCredentials="$CL_prod_app_cloudsqlProxyCredentials"",
3443
- "export RAILS_ENV="production"",
3444
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
3445
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
3446
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
3447
- "export DOCKER_IMAGE_NAME="prod/app"",
3448
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
3449
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
3450
- "export RELEASE_NAME="pan-test-app-prod-app"",
3451
- "export HELM_EXPERIMENTAL_OCI="1"",
3452
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
3453
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
3454
- "export HELM_ARGS=""",
3455
- "export COMPONENT_NAME="app"",
3456
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3457
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3458
- "kubectl config set-cluster "kube-pan-test-app-prod-app" --server="$CL_prod_app_KUBE_URL" --certificate-authority <(echo $CL_prod_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
3459
- "kubectl config set-credentials "kube-pan-test-app-prod-app" --token="$CL_prod_app_KUBE_TOKEN"",
3460
- "kubectl config set-context "kube-pan-test-app-prod-app" --cluster="kube-pan-test-app-prod-app" --user="kube-pan-test-app-prod-app" --namespace="pan-test-app-prod"",
3461
- "kubectl config use-context "kube-pan-test-app-prod-app"",
3462
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
3463
- "cat > __all_values.yml <<EOF
3464
- env:
3465
- secret:
3466
- SECRET_KEY_BASE: |-
3467
- $(printf %s "$CL_prod_app_SECRET_KEY_BASE" | sed 's/^/ /')
3468
- POSTGRESQL_PASSWORD: |-
3469
- $(printf %s "$CL_prod_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
3470
- cloudsqlProxyCredentials: |-
3471
- $(printf %s "$CL_prod_app_cloudsqlProxyCredentials" | sed 's/^/ /')
3472
- public:
3473
- ENV_SHORT: |-
3474
- prod
3475
- APP_DIR: |-
3476
- .
3477
- ENV_TYPE: |-
3478
- prod
3479
- BUILD_INFO_BUILD_ID: |-
3480
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
3481
- BUILD_INFO_BUILD_TIME: |-
3482
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
3483
- BUILD_INFO_CURRENT_VERSION: |-
3484
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
3485
- ROOT_URL: |-
3486
- https://my-fancy-website.com
3487
- HOST_INTERNAL: |-
3488
- app.prod.test-app.pan.panter.cloud
3489
- HOST_CANONICAL: |-
3490
- app.prod.test-app.pan.panter.cloud
3491
- ROOT_URL_INTERNAL: |-
3492
- https://app.prod.test-app.pan.panter.cloud
3493
- KUBE_NAMESPACE: |-
3494
- pan-test-app-prod
3495
- KUBE_APP_NAME: |-
3496
- app
3497
- KUBE_APP_NAME_PREFIX: ""
3498
- RAILS_ENV: |-
3499
- production
3500
- _ALL_ENV_VAR_KEYS: |-
3501
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
3502
- application:
3503
- host: |-
3504
- my-fancy-website.com
3505
- command: |-
3506
- /cnb/process/web
3507
- livenessProbe:
3508
- httpGet:
3509
- path: |-
3510
- __health
3511
- readinessProbe:
3512
- httpGet:
3513
- path: |-
3514
- __health
3515
- startupProbe:
3516
- httpGet:
3517
- path: |-
3518
- __health
3519
- worker:
3520
- enabled: true
3521
- command: |-
3522
- launcher bundle exec rake jobs:work
3523
- livenessProbe: false
3524
- cloudsql:
3525
- enabled: true
3526
- dbUser: |-
3527
- postgres
3528
- instanceConnectionName: |-
3529
- some-project-id:europe-west6:pan-test-app-prod
3530
- proxyCredentials: |-
3531
- $CL_prod_app_cloudsqlProxyCredentials
3532
- fullDbName: |-
3533
- app
3534
- projectId: |-
3535
- some-project-id
3536
- jobs:
3537
- db-migrate:
3538
- hook: |-
3539
- post-install,post-upgrade
3540
- command: |-
3541
- launcher bundle exec rake db:migrate
3542
-
3543
- EOF
3544
- ",
3545
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
3546
- "kubernetesCreateSecret",
3547
- "kubernetesDeploy",
3548
- "echo 'Uploading SBOM to Dependency Track'",
3549
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://my-fancy-website.com" "__sbom.json" vex.json || true",
3550
- "echo deployment successful 😻",
3551
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://my-fancy-website.com" >> gitlab_environment.env",
3552
- ],
3553
- "stage": "deploy prod",
3554
- "variables": {
3555
- "KUBERNETES_CPU_REQUEST": "0.22",
3556
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
3557
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
3558
- },
3559
- },
3560
- "app 🚀 Deploy | stage ": {
3561
- "allow_failure": false,
3562
- "artifacts": {
3563
- "reports": {
3564
- "dotenv": "gitlab_environment.env",
3565
- },
3566
- },
3567
- "environment": {
3568
- "auto_stop_in": undefined,
3569
- "name": "stage/app",
3570
- "on_stop": "app 🛑 Stop ⚠️ | stage ",
3571
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
3572
- },
3573
- "image": "path/to/docker/kubernetes:the-version",
3574
- "interruptible": true,
3575
- "needs": [
3576
- {
3577
- "artifacts": false,
3578
- "job": "app 🔨 docker | stage ",
3579
- },
3580
- {
3581
- "artifacts": true,
3582
- "job": "app 🧾 sbom | stage ",
3583
- },
3584
- ],
3585
- "retry": {
3586
- "max": 2,
3587
- "when": [
3588
- "runner_system_failure",
3589
- "stuck_or_timeout_failure",
3590
- ],
3591
- },
3592
- "rules": [
3593
- {
3594
- "when": "on_success",
3595
- },
3596
- ],
3597
- "script": [
3598
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3599
- "export ENV_SHORT="stage"",
3600
- "export APP_DIR="."",
3601
- "export ENV_TYPE="stage"",
3602
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3603
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
3604
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
3605
- "export ROOT_URL="https://app.stage.test-app.pan.panter.cloud"",
3606
- "export HOST_INTERNAL="app.stage.test-app.pan.panter.cloud"",
3607
- "export HOST_CANONICAL="app.stage.test-app.pan.panter.cloud"",
3608
- "export ROOT_URL_INTERNAL="https://app.stage.test-app.pan.panter.cloud"",
3609
- "export KUBE_NAMESPACE="pan-test-app-stage"",
3610
- "export KUBE_APP_NAME="app"",
3611
- "export KUBE_APP_NAME_PREFIX=""",
3612
- "export SECRET_KEY_BASE="$CL_stage_app_SECRET_KEY_BASE"",
3613
- "export POSTGRESQL_PASSWORD="$CL_stage_app_POSTGRESQL_PASSWORD"",
3614
- "export cloudsqlProxyCredentials="$CL_stage_app_cloudsqlProxyCredentials"",
3615
- "export RAILS_ENV="production"",
3616
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
3617
- "export DOCKER_REGISTRY="$CI_REGISTRY"",
3618
- "export DOCKER_CACHE_IMAGE="$CI_REGISTRY_IMAGE/caches/app"",
3619
- "export DOCKER_IMAGE_NAME="stage/app"",
3620
- "export DOCKER_IMAGE="$CI_REGISTRY_IMAGE/$DOCKER_IMAGE_NAME"",
3621
- "export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"",
3622
- "export RELEASE_NAME="pan-test-app-stage-app"",
3623
- "export HELM_EXPERIMENTAL_OCI="1"",
3624
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
3625
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
3626
- "export HELM_ARGS=""",
3627
- "export COMPONENT_NAME="app"",
3628
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3629
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3630
- "kubectl config set-cluster "kube-pan-test-app-stage-app" --server="$CL_stage_app_KUBE_URL" --certificate-authority <(echo $CL_stage_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
3631
- "kubectl config set-credentials "kube-pan-test-app-stage-app" --token="$CL_stage_app_KUBE_TOKEN"",
3632
- "kubectl config set-context "kube-pan-test-app-stage-app" --cluster="kube-pan-test-app-stage-app" --user="kube-pan-test-app-stage-app" --namespace="pan-test-app-stage"",
3633
- "kubectl config use-context "kube-pan-test-app-stage-app"",
3634
- "echo -e "\\e[0Ksection_start:$(date +%s):writeallvalues[collapsed=true]\\r\\e[0KWrite __all_values.yml for helm deployment"",
3635
- "cat > __all_values.yml <<EOF
3636
- env:
3637
- secret:
3638
- SECRET_KEY_BASE: |-
3639
- $(printf %s "$CL_stage_app_SECRET_KEY_BASE" | sed 's/^/ /')
3640
- POSTGRESQL_PASSWORD: |-
3641
- $(printf %s "$CL_stage_app_POSTGRESQL_PASSWORD" | sed 's/^/ /')
3642
- cloudsqlProxyCredentials: |-
3643
- $(printf %s "$CL_stage_app_cloudsqlProxyCredentials" | sed 's/^/ /')
3644
- public:
3645
- ENV_SHORT: |-
3646
- stage
3647
- APP_DIR: |-
3648
- .
3649
- ENV_TYPE: |-
3650
- stage
3651
- BUILD_INFO_BUILD_ID: |-
3652
- $(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed 's/^/ /')
3653
- BUILD_INFO_BUILD_TIME: |-
3654
- $(printf %s "$CI_JOB_STARTED_AT" | sed 's/^/ /')
3655
- BUILD_INFO_CURRENT_VERSION: |-
3656
- $(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed 's/^/ /')
3657
- ROOT_URL: |-
3658
- https://app.stage.test-app.pan.panter.cloud
3659
- HOST_INTERNAL: |-
3660
- app.stage.test-app.pan.panter.cloud
3661
- HOST_CANONICAL: |-
3662
- app.stage.test-app.pan.panter.cloud
3663
- ROOT_URL_INTERNAL: |-
3664
- https://app.stage.test-app.pan.panter.cloud
3665
- KUBE_NAMESPACE: |-
3666
- pan-test-app-stage
3667
- KUBE_APP_NAME: |-
3668
- app
3669
- KUBE_APP_NAME_PREFIX: ""
3670
- RAILS_ENV: |-
3671
- production
3672
- _ALL_ENV_VAR_KEYS: |-
3673
- ["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","ROOT_URL","HOST_INTERNAL","HOST_CANONICAL","ROOT_URL_INTERNAL","KUBE_NAMESPACE","KUBE_APP_NAME","KUBE_APP_NAME_PREFIX","SECRET_KEY_BASE","POSTGRESQL_PASSWORD","cloudsqlProxyCredentials","RAILS_ENV"]
3674
- application:
3675
- host: |-
3676
- app.stage.test-app.pan.panter.cloud
3677
- command: |-
3678
- /cnb/process/web
3679
- livenessProbe:
3680
- httpGet:
3681
- path: |-
3682
- __health
3683
- readinessProbe:
3684
- httpGet:
3685
- path: |-
3686
- __health
3687
- startupProbe:
3688
- httpGet:
3689
- path: |-
3690
- __health
3691
- worker:
3692
- enabled: true
3693
- command: |-
3694
- launcher bundle exec rake jobs:work
3695
- livenessProbe: false
3696
- cloudsql:
3697
- enabled: true
3698
- dbUser: |-
3699
- postgres
3700
- instanceConnectionName: |-
3701
- some-project-id:europe-west6:pan-test-app-stage
3702
- proxyCredentials: |-
3703
- $CL_stage_app_cloudsqlProxyCredentials
3704
- fullDbName: |-
3705
- app
3706
- projectId: |-
3707
- some-project-id
3708
- jobs:
3709
- db-migrate:
3710
- hook: |-
3711
- post-install,post-upgrade
3712
- command: |-
3713
- launcher bundle exec rake db:migrate
3714
-
3715
- EOF
3716
- ",
3717
- "echo -e "\\e[0Ksection_end:$(date +%s):writeallvalues\\r\\e[0K"",
3718
- "kubernetesCreateSecret",
3719
- "kubernetesDeploy",
3720
- "echo 'Uploading SBOM to Dependency Track'",
3721
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/app" "https://app.stage.test-app.pan.panter.cloud" "__sbom.json" vex.json || true",
3722
- "echo deployment successful 😻",
3723
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
3724
- ],
3725
- "stage": "deploy stage",
3726
- "variables": {
3727
- "KUBERNETES_CPU_REQUEST": "0.22",
3728
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
3729
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
3730
- },
3731
- },
3732
- "app 🛑 Stop ⚠️ | prod ": {
3733
- "allow_failure": true,
3734
- "artifacts": {
3735
- "reports": {
3736
- "dotenv": "gitlab_environment.env",
3737
- },
3738
- },
3739
- "environment": {
3740
- "action": "stop",
3741
- "name": "prod/app",
3742
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
3743
- },
3744
- "image": "path/to/docker/kubernetes:the-version",
3745
- "interruptible": true,
3746
- "needs": [],
3747
- "retry": {
3748
- "max": 2,
3749
- "when": [
3750
- "runner_system_failure",
3751
- "stuck_or_timeout_failure",
3752
- ],
3753
- },
3754
- "rules": [
3755
- {
3756
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
3757
- "when": "on_success",
3758
- },
3759
- {
3760
- "when": "manual",
3761
- },
3762
- ],
3763
- "script": [
3764
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3765
- "export ENV_SHORT="prod"",
3766
- "export APP_DIR="."",
3767
- "export ENV_TYPE="prod"",
3768
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3769
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
3770
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
3771
- "export ROOT_URL="https://my-fancy-website.com"",
3772
- "export HOST_INTERNAL="app.prod.test-app.pan.panter.cloud"",
3773
- "export HOST_CANONICAL="app.prod.test-app.pan.panter.cloud"",
3774
- "export ROOT_URL_INTERNAL="https://app.prod.test-app.pan.panter.cloud"",
3775
- "export KUBE_NAMESPACE="pan-test-app-prod"",
3776
- "export KUBE_APP_NAME="app"",
3777
- "export KUBE_APP_NAME_PREFIX=""",
3778
- "export SECRET_KEY_BASE="$CL_prod_app_SECRET_KEY_BASE"",
3779
- "export POSTGRESQL_PASSWORD="$CL_prod_app_POSTGRESQL_PASSWORD"",
3780
- "export cloudsqlProxyCredentials="$CL_prod_app_cloudsqlProxyCredentials"",
3781
- "export RAILS_ENV="production"",
3782
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
3783
- "export RELEASE_NAME="pan-test-app-prod-app"",
3784
- "export HELM_EXPERIMENTAL_OCI="1"",
3785
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
3786
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
3787
- "export HELM_ARGS=""",
3788
- "export COMPONENT_NAME="app"",
3789
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3790
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3791
- "kubectl config set-cluster "kube-pan-test-app-prod-app" --server="$CL_prod_app_KUBE_URL" --certificate-authority <(echo $CL_prod_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
3792
- "kubectl config set-credentials "kube-pan-test-app-prod-app" --token="$CL_prod_app_KUBE_TOKEN"",
3793
- "kubectl config set-context "kube-pan-test-app-prod-app" --cluster="kube-pan-test-app-prod-app" --user="kube-pan-test-app-prod-app" --namespace="pan-test-app-prod"",
3794
- "kubectl config use-context "kube-pan-test-app-prod-app"",
3795
- "kubernetesDelete",
3796
- "echo 'Disabling component in Dependency Track'",
3797
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://my-fancy-website.com" || true",
3798
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://my-fancy-website.com" >> gitlab_environment.env",
3799
- ],
3800
- "stage": "stop prod",
3801
- "variables": {
3802
- "GIT_STRATEGY": "none",
3803
- "KUBERNETES_CPU_REQUEST": "0.22",
3804
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
3805
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
3806
- },
3807
- },
3808
- "app 🛑 Stop ⚠️ | stage ": {
3809
- "allow_failure": true,
3810
- "artifacts": {
3811
- "reports": {
3812
- "dotenv": "gitlab_environment.env",
3813
- },
3814
- },
3815
- "environment": {
3816
- "action": "stop",
3817
- "name": "stage/app",
3818
- "url": "$CL_GITLAB_ENVIRONMENT_URL",
3819
- },
3820
- "image": "path/to/docker/kubernetes:the-version",
3821
- "interruptible": true,
3822
- "needs": [],
3823
- "retry": {
3824
- "max": 2,
3825
- "when": [
3826
- "runner_system_failure",
3827
- "stuck_or_timeout_failure",
3828
- ],
3829
- },
3830
- "rules": [
3831
- {
3832
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+\\.([0-9]+|x)\\.x$/",
3833
- "when": "on_success",
3834
- },
3835
- {
3836
- "when": "manual",
3837
- },
3838
- ],
3839
- "script": [
3840
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3841
- "export ENV_SHORT="stage"",
3842
- "export APP_DIR="."",
3843
- "export ENV_TYPE="stage"",
3844
- "export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3845
- "export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"",
3846
- "export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"",
3847
- "export ROOT_URL="https://app.stage.test-app.pan.panter.cloud"",
3848
- "export HOST_INTERNAL="app.stage.test-app.pan.panter.cloud"",
3849
- "export HOST_CANONICAL="app.stage.test-app.pan.panter.cloud"",
3850
- "export ROOT_URL_INTERNAL="https://app.stage.test-app.pan.panter.cloud"",
3851
- "export KUBE_NAMESPACE="pan-test-app-stage"",
3852
- "export KUBE_APP_NAME="app"",
3853
- "export KUBE_APP_NAME_PREFIX=""",
3854
- "export SECRET_KEY_BASE="$CL_stage_app_SECRET_KEY_BASE"",
3855
- "export POSTGRESQL_PASSWORD="$CL_stage_app_POSTGRESQL_PASSWORD"",
3856
- "export cloudsqlProxyCredentials="$CL_stage_app_cloudsqlProxyCredentials"",
3857
- "export RAILS_ENV="production"",
3858
- "export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"ROOT_URL\\",\\"HOST_INTERNAL\\",\\"HOST_CANONICAL\\",\\"ROOT_URL_INTERNAL\\",\\"KUBE_NAMESPACE\\",\\"KUBE_APP_NAME\\",\\"KUBE_APP_NAME_PREFIX\\",\\"SECRET_KEY_BASE\\",\\"POSTGRESQL_PASSWORD\\",\\"cloudsqlProxyCredentials\\",\\"RAILS_ENV\\"]"",
3859
- "export RELEASE_NAME="pan-test-app-stage-app"",
3860
- "export HELM_EXPERIMENTAL_OCI="1"",
3861
- "export KUBE_DOCKER_IMAGE_PULL_SECRET="gitlab-registry-app"",
3862
- "export HELM_GITLAB_CHART_NAME="/helm-charts/the-panter-chart"",
3863
- "export HELM_ARGS=""",
3864
- "export COMPONENT_NAME="app"",
3865
- "export BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"",
3866
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3867
- "kubectl config set-cluster "kube-pan-test-app-stage-app" --server="$CL_stage_app_KUBE_URL" --certificate-authority <(echo $CL_stage_app_KUBE_CA_PEM | base64 -d) --embed-certs=true",
3868
- "kubectl config set-credentials "kube-pan-test-app-stage-app" --token="$CL_stage_app_KUBE_TOKEN"",
3869
- "kubectl config set-context "kube-pan-test-app-stage-app" --cluster="kube-pan-test-app-stage-app" --user="kube-pan-test-app-stage-app" --namespace="pan-test-app-stage"",
3870
- "kubectl config use-context "kube-pan-test-app-stage-app"",
3871
- "kubernetesDelete",
3872
- "echo 'Disabling component in Dependency Track'",
3873
- "/dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" disable "pan-test-app/app" "https://app.stage.test-app.pan.panter.cloud" || true",
3874
- "echo "CL_GITLAB_ENVIRONMENT_URL=https://app.stage.test-app.pan.panter.cloud" >> gitlab_environment.env",
3875
- ],
3876
- "stage": "stop stage",
3877
- "variables": {
3878
- "GIT_STRATEGY": "none",
3879
- "KUBERNETES_CPU_REQUEST": "0.22",
3880
- "KUBERNETES_MEMORY_LIMIT": "400Mi",
3881
- "KUBERNETES_MEMORY_REQUEST": "200Mi",
3882
- },
3883
- },
3884
- "app 🧾 sbom | prod ": {
3885
- "allow_failure": true,
3886
- "artifacts": {
3887
- "paths": [
3888
- "__sbom.json",
3889
- ],
3890
- },
3891
- "image": "aquasec/trivy:0.38.3",
3892
- "interruptible": true,
3893
- "needs": [],
3894
- "retry": {
3895
- "max": 2,
3896
- "when": [
3897
- "runner_system_failure",
3898
- "stuck_or_timeout_failure",
3899
- ],
3900
- },
3901
- "script": [
3902
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3903
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3904
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
3905
- ],
3906
- "stage": "build",
3907
- "variables": {},
3908
- },
3909
- "app 🧾 sbom | stage ": {
3910
- "allow_failure": true,
3911
- "artifacts": {
3912
- "paths": [
3913
- "__sbom.json",
3914
- ],
3915
- },
3916
- "image": "aquasec/trivy:0.38.3",
3917
- "interruptible": true,
3918
- "needs": [],
3919
- "retry": {
3920
- "max": 2,
3921
- "when": [
3922
- "runner_system_failure",
3923
- "stuck_or_timeout_failure",
3924
- ],
3925
- },
3926
- "script": [
3927
- "echo -e "\\e[0Ksection_start:$(date +%s):injectvars[collapsed=true]\\r\\e[0KInjecting variables"",
3928
- "echo -e "\\e[0Ksection_end:$(date +%s):injectvars\\r\\e[0K"",
3929
- "trivy fs --quiet --format cyclonedx --output "__sbom.json" .",
3930
- ],
3931
- "stage": "build",
3932
- "variables": {},
3933
- },
3934
- },
3935
- "stages": [
3936
- "setup",
3937
- "setup dev",
3938
- "setup review",
3939
- "setup stage",
3940
- "setup prod",
3941
- "test",
3942
- "test dev",
3943
- "test review",
3944
- "test stage",
3945
- "test prod",
3946
- "build",
3947
- "build dev",
3948
- "build review",
3949
- "build stage",
3950
- "build prod",
3951
- "deploy",
3952
- "deploy dev",
3953
- "deploy review",
3954
- "deploy stage",
3955
- "deploy prod",
3956
- "verify",
3957
- "verify dev",
3958
- "verify review",
3959
- "verify stage",
3960
- "verify prod",
3961
- "rollback",
3962
- "rollback dev",
3963
- "rollback review",
3964
- "rollback stage",
3965
- "rollback prod",
3966
- "stop",
3967
- "stop dev",
3968
- "stop review",
3969
- "stop stage",
3970
- "stop prod",
3971
- ],
3972
- "variables": {
3973
- "ARTIFACT_COMPRESSION_LEVEL": "fast",
3974
- "CACHE_COMPRESSION_LEVEL": "fast",
3975
- "FF_USE_FASTZIP": "true",
3976
- "GIT_DEPTH": "1",
3977
- "TRANSFER_METER_FREQUENCY": "5s",
3978
- },
3979
- "workflow": {
3980
- "rules": [
3981
- {
3982
- "if": "$CI_COMMIT_TAG",
3983
- },
3984
- {
3985
- "if": "$CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/",
3986
- "when": "never",
3987
- },
3988
- {
3989
- "if": "$CI_PIPELINE_SOURCE == "schedule"",
3990
- "when": "never",
3991
- },
3992
- {
3993
- "if": "$CI_COMMIT_BRANCH =~ /^[0-9]+.([0-9]+|x).x$/",
3994
- },
3995
- {
3996
- "if": "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH",
3997
- },
3998
- {
3999
- "if": "$CI_MERGE_REQUEST_ID",
4000
- },
4001
- ],
4002
- },
4003
- },
4004
- }
4005
- `;