@catladder/pipeline 1.170.1 → 2.0.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bash/BashExpression.d.ts +1 -6
- package/dist/bash/BashExpression.js +2 -15
- package/dist/bash/bashEscape.d.ts +34 -0
- package/dist/bash/bashEscape.js +114 -0
- package/dist/bash/bashYaml.js +25 -2
- package/dist/bash/getInjectVarsScript.js +4 -2
- package/dist/bash/index.d.ts +2 -0
- package/dist/bash/index.js +26 -0
- package/dist/build/base/createAppBuildJob.js +3 -3
- package/dist/build/base/writeDotEnv.js +6 -4
- package/dist/build/custom/testJob.js +12 -12
- package/dist/build/docker.d.ts +3 -3
- package/dist/build/node/buildJob.js +1 -1
- package/dist/build/node/cache.d.ts +2 -4
- package/dist/build/node/cache.js +3 -24
- package/dist/build/node/testJob.js +11 -11
- package/dist/build/rails/build.js +1 -1
- package/dist/build/rails/test.js +8 -8
- package/dist/build/types.d.ts +0 -10
- package/dist/constants.js +1 -1
- package/dist/context/createComponentContext.js +0 -1
- package/dist/context/getEnvConfig.js +2 -1
- package/dist/context/getEnvironment.js +1 -2
- package/dist/context/getEnvironmentVariables.d.ts +5 -6
- package/dist/context/getEnvironmentVariables.js +50 -38
- package/dist/deploy/base/deploy.js +3 -3
- package/dist/deploy/cloudRun/createJobs/getCloudRunDeployScripts.js +2 -2
- package/dist/deploy/cloudRun/index.js +2 -2
- package/dist/deploy/cloudRun/utils/getServiceName.d.ts +1 -1
- package/dist/deploy/kubernetes/cloudSql/index.d.ts +2 -2
- package/dist/deploy/kubernetes/cloudSql/index.js +3 -14
- package/dist/deploy/kubernetes/deployJob.js +1 -3
- package/dist/deploy/kubernetes/index.js +2 -2
- package/dist/deploy/kubernetes/kubeEnv.d.ts +3 -3
- package/dist/deploy/kubernetes/kubeValues.d.ts +3 -4
- package/dist/deploy/kubernetes/kubeValues.js +2 -3
- package/dist/deploy/types/base.d.ts +0 -6
- package/dist/deploy/types/kubernetes.d.ts +1 -34
- package/dist/globalScriptFunctions/index.d.ts +14 -0
- package/dist/globalScriptFunctions/index.js +37 -0
- package/dist/index.d.ts +3 -1
- package/dist/index.js +3 -1
- package/dist/pipeline/gitlab/createGitlabJobs.js +3 -5
- package/dist/pipeline/gitlab/createGitlabPipeline.d.ts +1 -0
- package/dist/pipeline/gitlab/createGitlabPipeline.js +38 -2
- package/dist/pipeline/packageManager.js +1 -1
- package/dist/runner/index.d.ts +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/dist/types/config.d.ts +6 -9
- package/dist/types/context.d.ts +2 -9
- package/dist/types/gitlab-types.d.ts +1 -0
- package/dist/types/jobs.d.ts +0 -8
- package/dist/utils/gitlab.js +4 -1
- package/dist/utils/writeFiles.js +1 -7
- package/dist/variables/VariableValue.d.ts +3 -0
- package/dist/variables/VariableValue.js +5 -0
- package/dist/variables/VariableValueContainingReferences.d.ts +24 -0
- package/dist/variables/VariableValueContainingReferences.js +97 -0
- package/dist/variables/__tests__/resolveAllReferences.test.js +219 -0
- package/dist/variables/__tests__/resolveAllReferencesOnce.test.d.ts +1 -0
- package/dist/variables/__tests__/resolveAllReferencesOnce.test.js +171 -0
- package/dist/variables/__tests__/resolveReferencesOnce.test.d.ts +1 -0
- package/dist/variables/__tests__/resolveReferencesOnce.test.js +202 -0
- package/dist/variables/__tests__/variableValue.test.d.ts +1 -0
- package/dist/variables/__tests__/variableValue.test.js +36 -0
- package/dist/variables/resolveAllReferences.d.ts +3 -0
- package/dist/{bash/replaceAsync.js → variables/resolveAllReferences.js} +60 -40
- package/dist/variables/resolveAllReferencesOnce.d.ts +5 -0
- package/dist/variables/resolveAllReferencesOnce.js +191 -0
- package/dist/variables/resolveReferencesOnce.d.ts +8 -0
- package/dist/variables/resolveReferencesOnce.js +22 -0
- package/examples/__snapshots__/cloud-run-http2.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-memory-limit.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-meteor-with-worker.test.ts.snap +312 -222
- package/examples/__snapshots__/cloud-run-nextjs.test.ts.snap +1436 -0
- package/examples/__snapshots__/cloud-run-no-cpu-throttling.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-no-service.test.ts.snap +316 -238
- package/examples/__snapshots__/cloud-run-non-public.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-post-stop-job.test.ts.snap +313 -238
- package/examples/__snapshots__/cloud-run-service-custom-vpc-connector.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-custom-vpc.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-gen2.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-increase-timout.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-with-volumes.test.ts.snap +316 -238
- package/examples/__snapshots__/cloud-run-storybook.test.ts.snap +294 -220
- package/examples/__snapshots__/cloud-run-with-ngnix.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-with-sql-reuse-db.test.ts.snap +652 -486
- package/examples/__snapshots__/cloud-run-with-sql.test.ts.snap +282 -288
- package/examples/__snapshots__/cloud-run-with-worker.test.ts.snap +312 -238
- package/examples/__snapshots__/custom-build-job-with-tests.test.ts.snap +284 -194
- package/examples/__snapshots__/custom-build-job.test.ts.snap +278 -188
- package/examples/__snapshots__/custom-deploy.test.ts.snap +220 -154
- package/examples/__snapshots__/custom-envs.test.ts.snap +216 -126
- package/examples/__snapshots__/custom-sbom-java.test.ts.snap +278 -188
- package/examples/__snapshots__/git-submodule.test.ts.snap +312 -238
- package/examples/__snapshots__/kubernetes-application-customization.test.ts.snap +231 -253
- package/examples/__snapshots__/kubernetes-with-cloud-sql.test.ts.snap +240 -262
- package/examples/__snapshots__/kubernetes-with-jobs.test.ts.snap +504 -506
- package/examples/__snapshots__/kubernetes-with-mongodb.test.ts.snap +239 -261
- package/examples/__snapshots__/local-dot-env.test.ts.snap +236 -238
- package/examples/__snapshots__/meteor-kubernetes.test.ts.snap +236 -242
- package/examples/__snapshots__/multiline-var.test.ts.snap +1355 -973
- package/examples/__snapshots__/native-app.test.ts.snap +438 -392
- package/examples/__snapshots__/node-build-with-custom-image.test.ts.snap +312 -238
- package/examples/__snapshots__/node-build-with-docker-additions.test.ts.snap +312 -238
- package/examples/__snapshots__/rails-k8s-with-worker-dockerfile.test.ts.snap +186 -188
- package/examples/__snapshots__/rails-k8s-with-worker.test.ts.snap +162 -164
- package/examples/__snapshots__/referencing-other-vars.test.ts.snap +971 -765
- package/examples/__snapshots__/wait-for-other-deploy.test.ts.snap +330 -228
- package/examples/__snapshots__/{workspace-api-www-custom-cache.test.ts.snap → workspace-api-www-turbo-cache.test.ts.snap} +457 -499
- package/examples/__snapshots__/workspace-api-www.test.ts.snap +452 -482
- package/examples/{workspace-api-www-custom-cache.test.ts → cloud-run-nextjs.test.ts} +2 -2
- package/examples/cloud-run-nextjs.ts +28 -0
- package/examples/cloud-run-with-sql.ts +0 -1
- package/examples/kubernetes-application-customization.ts +1 -0
- package/examples/kubernetes-with-cloud-sql.ts +1 -0
- package/examples/kubernetes-with-jobs.ts +1 -0
- package/examples/kubernetes-with-mongodb.ts +1 -0
- package/examples/meteor-kubernetes.ts +1 -1
- package/examples/native-app.ts +10 -7
- package/examples/rails-k8s-with-worker.ts +7 -1
- package/examples/{kubernetes-with-cloud-sql-legacy.test.ts → workspace-api-www-turbo-cache.test.ts} +2 -2
- package/examples/{workspace-api-www-custom-cache.ts → workspace-api-www-turbo-cache.ts} +4 -3
- package/examples/workspace-api-www.ts +3 -2
- package/package.json +2 -6
- package/src/bash/BashExpression.ts +0 -13
- package/src/bash/bashEscape.ts +158 -0
- package/src/bash/bashYaml.ts +36 -2
- package/src/bash/getInjectVarsScript.ts +11 -2
- package/src/bash/index.ts +2 -0
- package/src/build/base/createAppBuildJob.ts +0 -1
- package/src/build/base/writeDotEnv.ts +6 -6
- package/src/build/custom/testJob.ts +0 -1
- package/src/build/node/buildJob.ts +2 -2
- package/src/build/node/cache.ts +0 -29
- package/src/build/node/testJob.ts +0 -1
- package/src/build/rails/build.ts +0 -1
- package/src/build/rails/test.ts +0 -1
- package/src/build/types.ts +0 -13
- package/src/context/createComponentContext.ts +0 -1
- package/src/context/getEnvConfig.ts +2 -2
- package/src/context/getEnvironment.ts +1 -1
- package/src/context/getEnvironmentContext.ts +1 -1
- package/src/context/getEnvironmentVariables.ts +44 -51
- package/src/deploy/base/deploy.ts +1 -1
- package/src/deploy/cloudRun/createJobs/getCloudRunDeployScripts.ts +4 -12
- package/src/deploy/cloudRun/index.ts +2 -2
- package/src/deploy/kubernetes/cloudSql/index.ts +3 -16
- package/src/deploy/kubernetes/deployJob.ts +0 -2
- package/src/deploy/kubernetes/index.ts +2 -2
- package/src/deploy/kubernetes/kubeEnv.ts +3 -3
- package/src/deploy/kubernetes/kubeValues.ts +5 -8
- package/src/deploy/types/base.ts +0 -6
- package/src/deploy/types/kubernetes.ts +1 -36
- package/src/globalScriptFunctions/index.ts +30 -0
- package/src/index.ts +2 -0
- package/src/pipeline/gitlab/createGitlabJobs.ts +1 -4
- package/src/pipeline/gitlab/createGitlabPipeline.ts +8 -1
- package/src/pipeline/packageManager.ts +7 -5
- package/src/runner/index.ts +0 -1
- package/src/types/config.ts +6 -9
- package/src/types/context.ts +3 -9
- package/src/types/gitlab-types.ts +1 -0
- package/src/types/jobs.ts +0 -8
- package/src/utils/gitlab.ts +19 -2
- package/src/utils/writeFiles.ts +1 -2
- package/src/variables/VariableValue.ts +6 -0
- package/src/variables/VariableValueContainingReferences.ts +89 -0
- package/src/variables/__tests__/resolveAllReferences.test.ts +110 -0
- package/src/variables/__tests__/resolveAllReferencesOnce.test.ts +64 -0
- package/src/variables/__tests__/resolveReferencesOnce.test.ts +117 -0
- package/src/variables/__tests__/variableValue.test.ts +73 -0
- package/src/variables/resolveAllReferences.ts +46 -0
- package/src/variables/resolveAllReferencesOnce.ts +44 -0
- package/src/variables/resolveReferencesOnce.ts +29 -0
- package/bin/catladder-gitlab-dev.js +0 -3
- package/bin/catladder-gitlab.js +0 -3
- package/dist/bash/replaceAsync.d.ts +0 -2
- package/dist/bundles/catladder-gitlab/index.js +0 -15
- package/dist/context/__tests__/resolveReferences.test.js +0 -368
- package/dist/context/resolveReferences.d.ts +0 -6
- package/dist/context/resolveReferences.js +0 -286
- package/dist/deploy/kubernetes/processSecretsAsFiles.d.ts +0 -85
- package/dist/deploy/kubernetes/processSecretsAsFiles.js +0 -33
- package/examples/__snapshots__/kubernetes-with-cloud-sql-legacy.test.ts.snap +0 -1795
- package/examples/kubernetes-with-cloud-sql-legacy.ts +0 -35
- package/scripts/bundle +0 -2
- package/src/bash/replaceAsync.ts +0 -49
- package/src/context/__tests__/resolveReferences.test.ts +0 -148
- package/src/context/resolveReferences.ts +0 -93
- package/src/deploy/kubernetes/processSecretsAsFiles.ts +0 -35
- /package/dist/{context/__tests__/resolveReferences.test.d.ts → variables/__tests__/resolveAllReferences.test.d.ts} +0 -0
|
@@ -45,6 +45,36 @@ variables:
|
|
|
45
45
|
CACHE_COMPRESSION_LEVEL: fast
|
|
46
46
|
TRANSFER_METER_FREQUENCY: 5s
|
|
47
47
|
GIT_DEPTH: '1'
|
|
48
|
+
before_script:
|
|
49
|
+
- |-
|
|
50
|
+
function escapeForDotEnv () {
|
|
51
|
+
input="\${1:-$(cat)}"
|
|
52
|
+
input="\${input//$'\\n'/\\\\n}"
|
|
53
|
+
if [[ "$input" == *\\\\n* ]]; then
|
|
54
|
+
if [[ "$input" == *\\"* && "$input" == *\\'* && "$input" == *\\\`* ]]; then
|
|
55
|
+
printf "\\"%s\\"\\n" "$input"
|
|
56
|
+
elif [[ "$input" == *\\"* && "$input" == *\\'* ]]; then
|
|
57
|
+
printf "\`%s\`\\n" "$input"
|
|
58
|
+
elif [[ "$input" == *\\"* ]]; then
|
|
59
|
+
printf "'%s'\\n" "$input"
|
|
60
|
+
else
|
|
61
|
+
printf "\\"%s\\"\\n" "$input"
|
|
62
|
+
fi
|
|
63
|
+
else
|
|
64
|
+
printf "%s\\n" "$input"
|
|
65
|
+
fi
|
|
66
|
+
}
|
|
67
|
+
- |-
|
|
68
|
+
function collapseable_section_start () {
|
|
69
|
+
local section_title="\${1}"
|
|
70
|
+
local section_description="\${2:-$section_title}"
|
|
71
|
+
echo -e "section_start:\`date +%s\`:\${section_title}[collapsed=true]\\r\\e[0K\${section_description}"
|
|
72
|
+
}
|
|
73
|
+
- |-
|
|
74
|
+
function collapseable_section_end () {
|
|
75
|
+
local section_title="\${1}"
|
|
76
|
+
echo -e "section_end:\`date +%s\`:\${section_title}\\r\\e[0K"
|
|
77
|
+
}
|
|
48
78
|
api 🛡 audit:
|
|
49
79
|
stage: test
|
|
50
80
|
image: path/to/docker/jobs-default:the-version
|
|
@@ -53,9 +83,9 @@ api 🛡 audit:
|
|
|
53
83
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
54
84
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
55
85
|
script:
|
|
56
|
-
-
|
|
86
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
57
87
|
- export APP_PATH="app"
|
|
58
|
-
-
|
|
88
|
+
- collapseable_section_end "injectvars"
|
|
59
89
|
- cd app
|
|
60
90
|
- yarn npm audit --environment production
|
|
61
91
|
rules:
|
|
@@ -79,21 +109,21 @@ api 👮 lint:
|
|
|
79
109
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
80
110
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
81
111
|
script:
|
|
82
|
-
-
|
|
112
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
83
113
|
- export APP_PATH="app"
|
|
84
|
-
-
|
|
85
|
-
-
|
|
114
|
+
- collapseable_section_end "injectvars"
|
|
115
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
86
116
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
87
117
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
88
|
-
-
|
|
118
|
+
- collapseable_section_end "nodeinstall"
|
|
89
119
|
- cd app
|
|
90
|
-
-
|
|
120
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
91
121
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
92
122
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
93
|
-
-
|
|
94
|
-
-
|
|
123
|
+
- collapseable_section_end "nodeinstall"
|
|
124
|
+
- collapseable_section_start "yarninstall" "Yarn install"
|
|
95
125
|
- yarn install --immutable
|
|
96
|
-
-
|
|
126
|
+
- collapseable_section_end "yarninstall"
|
|
97
127
|
- yarn lint
|
|
98
128
|
cache:
|
|
99
129
|
- key: app-yarn
|
|
@@ -120,21 +150,21 @@ api 🧪 test:
|
|
|
120
150
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
121
151
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
122
152
|
script:
|
|
123
|
-
-
|
|
153
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
124
154
|
- export APP_PATH="app"
|
|
125
|
-
-
|
|
126
|
-
-
|
|
155
|
+
- collapseable_section_end "injectvars"
|
|
156
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
127
157
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
128
158
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
129
|
-
-
|
|
159
|
+
- collapseable_section_end "nodeinstall"
|
|
130
160
|
- cd app
|
|
131
|
-
-
|
|
161
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
132
162
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
133
163
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
134
|
-
-
|
|
135
|
-
-
|
|
164
|
+
- collapseable_section_end "nodeinstall"
|
|
165
|
+
- collapseable_section_start "yarninstall" "Yarn install"
|
|
136
166
|
- yarn install --immutable
|
|
137
|
-
-
|
|
167
|
+
- collapseable_section_end "yarninstall"
|
|
138
168
|
- yarn test
|
|
139
169
|
cache:
|
|
140
170
|
- key: app-yarn
|
|
@@ -161,38 +191,55 @@ api 🧪 test:
|
|
|
161
191
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
162
192
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
163
193
|
script:
|
|
164
|
-
-
|
|
194
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
165
195
|
- export ENV_SHORT="dev"
|
|
166
196
|
- export APP_DIR="app"
|
|
167
197
|
- export ENV_TYPE="dev"
|
|
168
198
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
169
199
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
170
200
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
171
|
-
- export
|
|
201
|
+
- export HOSTNAME="$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
172
202
|
- export ROOT_URL="https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
173
|
-
- export
|
|
174
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
203
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
175
204
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
176
205
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-dev-api-alarm-clock:run"
|
|
177
206
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
178
207
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
179
208
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_dev_api_GCLOUD_DEPLOY_credentialsKey"
|
|
180
209
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
181
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
182
|
-
-
|
|
210
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
211
|
+
- collapseable_section_end "injectvars"
|
|
212
|
+
- collapseable_section_start "write-dotenv-api" "write dot env for api"
|
|
213
|
+
- |-
|
|
214
|
+
cat <<EOF > app/.env
|
|
215
|
+
ENV_SHORT=dev
|
|
216
|
+
APP_DIR=app
|
|
217
|
+
ENV_TYPE=dev
|
|
218
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
219
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
220
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
221
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
222
|
+
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock=https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-dev-api-alarm-clock:run
|
|
223
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
224
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
225
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_dev_api_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
226
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
227
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
228
|
+
EOF
|
|
229
|
+
- collapseable_section_end "write-dotenv-api"
|
|
183
230
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > app/__build_info.json
|
|
184
|
-
-
|
|
231
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
185
232
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
186
233
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
187
|
-
-
|
|
234
|
+
- collapseable_section_end "nodeinstall"
|
|
188
235
|
- cd app
|
|
189
|
-
-
|
|
236
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
190
237
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
191
238
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
192
|
-
-
|
|
193
|
-
-
|
|
239
|
+
- collapseable_section_end "nodeinstall"
|
|
240
|
+
- collapseable_section_start "yarninstall" "Yarn install"
|
|
194
241
|
- yarn install --immutable
|
|
195
|
-
-
|
|
242
|
+
- collapseable_section_end "yarninstall"
|
|
196
243
|
- yarn build
|
|
197
244
|
cache:
|
|
198
245
|
- key: app-yarn
|
|
@@ -203,15 +250,13 @@ api 🧪 test:
|
|
|
203
250
|
policy: pull-push
|
|
204
251
|
paths:
|
|
205
252
|
- app/node_modules
|
|
206
|
-
- key: api-next-cache
|
|
207
|
-
policy: pull-push
|
|
208
|
-
paths:
|
|
209
|
-
- app/.next/cache
|
|
210
253
|
artifacts:
|
|
211
254
|
paths:
|
|
212
255
|
- app/__build_info.json
|
|
213
256
|
- app/.next
|
|
214
257
|
- app/dist
|
|
258
|
+
exclude:
|
|
259
|
+
- app/.env
|
|
215
260
|
expire_in: 1 day
|
|
216
261
|
when: always
|
|
217
262
|
reports: {}
|
|
@@ -239,7 +284,7 @@ api 🧪 test:
|
|
|
239
284
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
240
285
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
241
286
|
script:
|
|
242
|
-
-
|
|
287
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
243
288
|
- export APP_DIR="app"
|
|
244
289
|
- export DOCKER_BUILD_CONTEXT="."
|
|
245
290
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
@@ -255,20 +300,20 @@ api 🧪 test:
|
|
|
255
300
|
COPY --chown=node:node app/yarn.lock /app/app/yarn.lock
|
|
256
301
|
COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
|
|
257
302
|
COPY --chown=node:node .yarn /app/.yarn"
|
|
258
|
-
-
|
|
303
|
+
- collapseable_section_end "injectvars"
|
|
259
304
|
- ensureNodeDockerfile
|
|
260
|
-
-
|
|
305
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
261
306
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_dev_api_GCLOUD_DEPLOY_credentialsKey")
|
|
262
307
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
263
|
-
-
|
|
264
|
-
-
|
|
308
|
+
- collapseable_section_end "docker-login"
|
|
309
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
265
310
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
266
|
-
-
|
|
267
|
-
-
|
|
311
|
+
- collapseable_section_end "docker-build"
|
|
312
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
268
313
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
269
314
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
270
315
|
- docker push $DOCKER_CACHE_IMAGE
|
|
271
|
-
-
|
|
316
|
+
- collapseable_section_end "docker-push"
|
|
272
317
|
cache:
|
|
273
318
|
- key: app-yarn
|
|
274
319
|
policy: pull
|
|
@@ -287,8 +332,8 @@ api 🧪 test:
|
|
|
287
332
|
image: aquasec/trivy:0.38.3
|
|
288
333
|
variables: {}
|
|
289
334
|
script:
|
|
290
|
-
-
|
|
291
|
-
-
|
|
335
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
336
|
+
- collapseable_section_end "injectvars"
|
|
292
337
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" app
|
|
293
338
|
artifacts:
|
|
294
339
|
paths:
|
|
@@ -309,36 +354,35 @@ api 🧪 test:
|
|
|
309
354
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
310
355
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
311
356
|
script:
|
|
312
|
-
-
|
|
357
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
313
358
|
- export ENV_SHORT="dev"
|
|
314
359
|
- export APP_DIR="app"
|
|
315
360
|
- export ENV_TYPE="dev"
|
|
316
361
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
317
362
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
318
363
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
319
|
-
- export
|
|
364
|
+
- export HOSTNAME="$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
320
365
|
- export ROOT_URL="https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
321
|
-
- export
|
|
322
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
366
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
323
367
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
324
368
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-dev-api-alarm-clock:run"
|
|
325
369
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
326
370
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
327
371
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_dev_api_GCLOUD_DEPLOY_credentialsKey"
|
|
328
372
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
329
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
373
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
330
374
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
331
375
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/api"
|
|
332
376
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api"
|
|
333
377
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
334
378
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
335
|
-
-
|
|
336
|
-
-
|
|
379
|
+
- collapseable_section_end "injectvars"
|
|
380
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
337
381
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_dev_api_GCLOUD_DEPLOY_credentialsKey")
|
|
338
382
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
339
383
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
340
|
-
-
|
|
341
|
-
-
|
|
384
|
+
- collapseable_section_end "prepare"
|
|
385
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
342
386
|
- |
|
|
343
387
|
cat > ____envvars.yaml <<EOF
|
|
344
388
|
ENV_SHORT: |-
|
|
@@ -348,21 +392,19 @@ api 🧪 test:
|
|
|
348
392
|
ENV_TYPE: |-
|
|
349
393
|
dev
|
|
350
394
|
BUILD_INFO_BUILD_ID: |-
|
|
351
|
-
|
|
395
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
352
396
|
BUILD_INFO_BUILD_TIME: |-
|
|
353
|
-
|
|
397
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
354
398
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
355
|
-
|
|
356
|
-
|
|
357
|
-
|
|
399
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
400
|
+
HOSTNAME: |-
|
|
401
|
+
$(printf %s "$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
358
402
|
ROOT_URL: |-
|
|
359
|
-
|
|
360
|
-
|
|
361
|
-
|
|
362
|
-
HOST_CANONICAL: |-
|
|
363
|
-
$(printf %s "$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
403
|
+
$(printf %s "https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
404
|
+
HOSTNAME_INTERNAL: |-
|
|
405
|
+
$(printf %s "$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
364
406
|
ROOT_URL_INTERNAL: |-
|
|
365
|
-
|
|
407
|
+
$(printf %s "https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
366
408
|
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock: |-
|
|
367
409
|
https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-dev-api-alarm-clock:run
|
|
368
410
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
@@ -370,13 +412,13 @@ api 🧪 test:
|
|
|
370
412
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
371
413
|
asia-east1
|
|
372
414
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
373
|
-
|
|
415
|
+
$(printf %s "$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
374
416
|
_ALL_ENV_VAR_KEYS: |-
|
|
375
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
417
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
376
418
|
|
|
377
419
|
EOF
|
|
378
|
-
-
|
|
379
|
-
-
|
|
420
|
+
- collapseable_section_end "writeenvvars"
|
|
421
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
380
422
|
- |-
|
|
381
423
|
exist_scheduler_names="$(
|
|
382
424
|
gcloud scheduler jobs list --filter='httpTarget.uri ~ dev.*api' --format='value(name)' --limit=999 --location='asia-east1' --project='asdf'
|
|
@@ -398,12 +440,12 @@ api 🧪 test:
|
|
|
398
440
|
else
|
|
399
441
|
gcloud run jobs create "$current_job_name" --command="./wake-up-call" --labels="customer-name=pan,component-name=api,app-name=test-app,env-type=dev,env-name=dev,build-type=node,cloud-run-job-name=$current_job_name" --image="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/api:$DOCKER_IMAGE_TAG" --project=asdf --region=asia-east1 --memory=512Mi --parallelism=1 --task-timeout=10m --env-vars-file=____envvars.yaml --max-retries=0
|
|
400
442
|
fi
|
|
401
|
-
-
|
|
402
|
-
-
|
|
443
|
+
- collapseable_section_end "deploy"
|
|
444
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
403
445
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=pan-test-app-dev-api --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
404
446
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/api@$version --quiet --delete-tags; done
|
|
405
447
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api@$version --quiet --delete-tags; done
|
|
406
|
-
-
|
|
448
|
+
- collapseable_section_end "cleanup"
|
|
407
449
|
- echo 'Uploading SBOM to Dependency Track'
|
|
408
450
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
409
451
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-dev-api-$CL_dev_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -445,9 +487,9 @@ api 🧪 test:
|
|
|
445
487
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
446
488
|
GIT_STRATEGY: none
|
|
447
489
|
script:
|
|
448
|
-
-
|
|
490
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
449
491
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
450
|
-
-
|
|
492
|
+
- collapseable_section_end "injectvars"
|
|
451
493
|
- set +e
|
|
452
494
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_dev_api_GCLOUD_DEPLOY_credentialsKey")
|
|
453
495
|
- gcloud scheduler jobs delete pan-test-app-dev-api-alarm-clock-scheduler --project=asdf --location=asia-east1
|
|
@@ -485,38 +527,55 @@ api 🧪 test:
|
|
|
485
527
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
486
528
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
487
529
|
script:
|
|
488
|
-
-
|
|
530
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
489
531
|
- export ENV_SHORT="review"
|
|
490
532
|
- export APP_DIR="app"
|
|
491
533
|
- export ENV_TYPE="review"
|
|
492
534
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
493
535
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
494
536
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
495
|
-
- export
|
|
537
|
+
- export HOSTNAME="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
496
538
|
- export ROOT_URL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
497
|
-
- export
|
|
498
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
539
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
499
540
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
500
541
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/$(printf %s \\"pan-test-app-review-$([ -n \\"$CI_MERGE_REQUEST_IID\\" ] && echo \\"mr$CI_MERGE_REQUEST_IID\\" || { [ -n \\"$CI_COMMIT_REF_SLUG\\" ] && echo \\"$CI_COMMIT_REF_SLUG\\" || echo \\"unknown\\"; })-api\\" | awk '{print tolower($0)}')-alarm-clock:run"
|
|
501
542
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
502
543
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
503
544
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_review_api_GCLOUD_DEPLOY_credentialsKey"
|
|
504
545
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_review_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
505
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
506
|
-
-
|
|
546
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
547
|
+
- collapseable_section_end "injectvars"
|
|
548
|
+
- collapseable_section_start "write-dotenv-api" "write dot env for api"
|
|
549
|
+
- |-
|
|
550
|
+
cat <<EOF > app/.env
|
|
551
|
+
ENV_SHORT=review
|
|
552
|
+
APP_DIR=app
|
|
553
|
+
ENV_TYPE=review
|
|
554
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
555
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
556
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
557
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
558
|
+
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock=https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" | awk '{print tolower($0)}')-alarm-clock:run
|
|
559
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
560
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
561
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_review_api_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
562
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
563
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
564
|
+
EOF
|
|
565
|
+
- collapseable_section_end "write-dotenv-api"
|
|
507
566
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > app/__build_info.json
|
|
508
|
-
-
|
|
567
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
509
568
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
510
569
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
511
|
-
-
|
|
570
|
+
- collapseable_section_end "nodeinstall"
|
|
512
571
|
- cd app
|
|
513
|
-
-
|
|
572
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
514
573
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
515
574
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
516
|
-
-
|
|
517
|
-
-
|
|
575
|
+
- collapseable_section_end "nodeinstall"
|
|
576
|
+
- collapseable_section_start "yarninstall" "Yarn install"
|
|
518
577
|
- yarn install --immutable
|
|
519
|
-
-
|
|
578
|
+
- collapseable_section_end "yarninstall"
|
|
520
579
|
- yarn build
|
|
521
580
|
cache:
|
|
522
581
|
- key: app-yarn
|
|
@@ -527,15 +586,13 @@ api 🧪 test:
|
|
|
527
586
|
policy: pull-push
|
|
528
587
|
paths:
|
|
529
588
|
- app/node_modules
|
|
530
|
-
- key: api-next-cache
|
|
531
|
-
policy: pull-push
|
|
532
|
-
paths:
|
|
533
|
-
- app/.next/cache
|
|
534
589
|
artifacts:
|
|
535
590
|
paths:
|
|
536
591
|
- app/__build_info.json
|
|
537
592
|
- app/.next
|
|
538
593
|
- app/dist
|
|
594
|
+
exclude:
|
|
595
|
+
- app/.env
|
|
539
596
|
expire_in: 1 day
|
|
540
597
|
when: always
|
|
541
598
|
reports: {}
|
|
@@ -561,7 +618,7 @@ api 🧪 test:
|
|
|
561
618
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
562
619
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
563
620
|
script:
|
|
564
|
-
-
|
|
621
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
565
622
|
- export APP_DIR="app"
|
|
566
623
|
- export DOCKER_BUILD_CONTEXT="."
|
|
567
624
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
@@ -577,20 +634,20 @@ api 🧪 test:
|
|
|
577
634
|
COPY --chown=node:node app/yarn.lock /app/app/yarn.lock
|
|
578
635
|
COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
|
|
579
636
|
COPY --chown=node:node .yarn /app/.yarn"
|
|
580
|
-
-
|
|
637
|
+
- collapseable_section_end "injectvars"
|
|
581
638
|
- ensureNodeDockerfile
|
|
582
|
-
-
|
|
639
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
583
640
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_review_api_GCLOUD_DEPLOY_credentialsKey")
|
|
584
641
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
585
|
-
-
|
|
586
|
-
-
|
|
642
|
+
- collapseable_section_end "docker-login"
|
|
643
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
587
644
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
588
|
-
-
|
|
589
|
-
-
|
|
645
|
+
- collapseable_section_end "docker-build"
|
|
646
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
590
647
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
591
648
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
592
649
|
- docker push $DOCKER_CACHE_IMAGE
|
|
593
|
-
-
|
|
650
|
+
- collapseable_section_end "docker-push"
|
|
594
651
|
cache:
|
|
595
652
|
- key: app-yarn
|
|
596
653
|
policy: pull
|
|
@@ -607,8 +664,8 @@ api 🧪 test:
|
|
|
607
664
|
image: aquasec/trivy:0.38.3
|
|
608
665
|
variables: {}
|
|
609
666
|
script:
|
|
610
|
-
-
|
|
611
|
-
-
|
|
667
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
668
|
+
- collapseable_section_end "injectvars"
|
|
612
669
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" app
|
|
613
670
|
artifacts:
|
|
614
671
|
paths:
|
|
@@ -627,36 +684,35 @@ api 🧪 test:
|
|
|
627
684
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
628
685
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
629
686
|
script:
|
|
630
|
-
-
|
|
687
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
631
688
|
- export ENV_SHORT="review"
|
|
632
689
|
- export APP_DIR="app"
|
|
633
690
|
- export ENV_TYPE="review"
|
|
634
691
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
635
692
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
636
693
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
637
|
-
- export
|
|
694
|
+
- export HOSTNAME="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
638
695
|
- export ROOT_URL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
639
|
-
- export
|
|
640
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
696
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
641
697
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
642
698
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/$(printf %s \\"pan-test-app-review-$([ -n \\"$CI_MERGE_REQUEST_IID\\" ] && echo \\"mr$CI_MERGE_REQUEST_IID\\" || { [ -n \\"$CI_COMMIT_REF_SLUG\\" ] && echo \\"$CI_COMMIT_REF_SLUG\\" || echo \\"unknown\\"; })-api\\" | awk '{print tolower($0)}')-alarm-clock:run"
|
|
643
699
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
644
700
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
645
701
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_review_api_GCLOUD_DEPLOY_credentialsKey"
|
|
646
702
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_review_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
647
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
703
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
648
704
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
649
705
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/api/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })"
|
|
650
706
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api"
|
|
651
707
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
652
708
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
653
|
-
-
|
|
654
|
-
-
|
|
709
|
+
- collapseable_section_end "injectvars"
|
|
710
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
655
711
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_review_api_GCLOUD_DEPLOY_credentialsKey")
|
|
656
712
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
657
713
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
658
|
-
-
|
|
659
|
-
-
|
|
714
|
+
- collapseable_section_end "prepare"
|
|
715
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
660
716
|
- |
|
|
661
717
|
cat > ____envvars.yaml <<EOF
|
|
662
718
|
ENV_SHORT: |-
|
|
@@ -666,21 +722,19 @@ api 🧪 test:
|
|
|
666
722
|
ENV_TYPE: |-
|
|
667
723
|
review
|
|
668
724
|
BUILD_INFO_BUILD_ID: |-
|
|
669
|
-
|
|
725
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
670
726
|
BUILD_INFO_BUILD_TIME: |-
|
|
671
|
-
|
|
727
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
672
728
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
673
|
-
|
|
674
|
-
|
|
675
|
-
|
|
729
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
730
|
+
HOSTNAME: |-
|
|
731
|
+
$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
676
732
|
ROOT_URL: |-
|
|
677
|
-
|
|
678
|
-
|
|
679
|
-
|
|
680
|
-
HOST_CANONICAL: |-
|
|
681
|
-
$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
733
|
+
$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
734
|
+
HOSTNAME_INTERNAL: |-
|
|
735
|
+
$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
682
736
|
ROOT_URL_INTERNAL: |-
|
|
683
|
-
|
|
737
|
+
$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
684
738
|
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock: |-
|
|
685
739
|
https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" | awk '{print tolower($0)}')-alarm-clock:run
|
|
686
740
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
@@ -688,13 +742,13 @@ api 🧪 test:
|
|
|
688
742
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
689
743
|
asia-east1
|
|
690
744
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
691
|
-
|
|
745
|
+
$(printf %s "$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
692
746
|
_ALL_ENV_VAR_KEYS: |-
|
|
693
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
747
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
694
748
|
|
|
695
749
|
EOF
|
|
696
|
-
-
|
|
697
|
-
-
|
|
750
|
+
- collapseable_section_end "writeenvvars"
|
|
751
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
698
752
|
- |-
|
|
699
753
|
exist_scheduler_names="$(
|
|
700
754
|
gcloud scheduler jobs list --filter='httpTarget.uri ~ review.*api' --format='value(name)' --limit=999 --location='asia-east1' --project='asdf'
|
|
@@ -716,15 +770,15 @@ api 🧪 test:
|
|
|
716
770
|
else
|
|
717
771
|
gcloud run jobs create "$current_job_name" --command="./wake-up-call" --labels="customer-name=pan,component-name=api,app-name=test-app,env-type=review,env-name=review,build-type=node,cloud-run-job-name=$current_job_name" --image="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/api/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }):$DOCKER_IMAGE_TAG" --project=asdf --region=asia-east1 --memory=512Mi --parallelism=1 --task-timeout=10m --env-vars-file=____envvars.yaml --max-retries=0
|
|
718
772
|
fi
|
|
719
|
-
-
|
|
720
|
-
-
|
|
773
|
+
- collapseable_section_end "deploy"
|
|
774
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
721
775
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" | awk '{print tolower($0)}') --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
722
776
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/api/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }) --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/api/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })@$version --quiet --delete-tags; done
|
|
723
777
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api@$version --quiet --delete-tags; done
|
|
724
778
|
- set +e
|
|
725
779
|
- gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/api --quiet --delete-tags
|
|
726
780
|
- set -e
|
|
727
|
-
-
|
|
781
|
+
- collapseable_section_end "cleanup"
|
|
728
782
|
- echo 'Uploading SBOM to Dependency Track'
|
|
729
783
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
730
784
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api-$CL_review_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -764,9 +818,9 @@ api 🧪 test:
|
|
|
764
818
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
765
819
|
GIT_STRATEGY: none
|
|
766
820
|
script:
|
|
767
|
-
-
|
|
821
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
768
822
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
769
|
-
-
|
|
823
|
+
- collapseable_section_end "injectvars"
|
|
770
824
|
- set +e
|
|
771
825
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_review_api_GCLOUD_DEPLOY_credentialsKey")
|
|
772
826
|
- gcloud scheduler jobs delete $(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-api" | awk '{print tolower($0)}')-alarm-clock-scheduler --project=asdf --location=asia-east1
|
|
@@ -805,38 +859,55 @@ api 🧪 test:
|
|
|
805
859
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
806
860
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
807
861
|
script:
|
|
808
|
-
-
|
|
862
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
809
863
|
- export ENV_SHORT="stage"
|
|
810
864
|
- export APP_DIR="app"
|
|
811
865
|
- export ENV_TYPE="stage"
|
|
812
866
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
813
867
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
814
868
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
815
|
-
- export
|
|
869
|
+
- export HOSTNAME="$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
816
870
|
- export ROOT_URL="https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
817
|
-
- export
|
|
818
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
871
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
819
872
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
820
873
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-stage-api-alarm-clock:run"
|
|
821
874
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
822
875
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
823
876
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_stage_api_GCLOUD_DEPLOY_credentialsKey"
|
|
824
877
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
825
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
826
|
-
-
|
|
878
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
879
|
+
- collapseable_section_end "injectvars"
|
|
880
|
+
- collapseable_section_start "write-dotenv-api" "write dot env for api"
|
|
881
|
+
- |-
|
|
882
|
+
cat <<EOF > app/.env
|
|
883
|
+
ENV_SHORT=stage
|
|
884
|
+
APP_DIR=app
|
|
885
|
+
ENV_TYPE=stage
|
|
886
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
887
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
888
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
889
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
890
|
+
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock=https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-stage-api-alarm-clock:run
|
|
891
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
892
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
893
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_stage_api_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
894
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
895
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
896
|
+
EOF
|
|
897
|
+
- collapseable_section_end "write-dotenv-api"
|
|
827
898
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > app/__build_info.json
|
|
828
|
-
-
|
|
899
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
829
900
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
830
901
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
831
|
-
-
|
|
902
|
+
- collapseable_section_end "nodeinstall"
|
|
832
903
|
- cd app
|
|
833
|
-
-
|
|
904
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
834
905
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
835
906
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
836
|
-
-
|
|
837
|
-
-
|
|
907
|
+
- collapseable_section_end "nodeinstall"
|
|
908
|
+
- collapseable_section_start "yarninstall" "Yarn install"
|
|
838
909
|
- yarn install --immutable
|
|
839
|
-
-
|
|
910
|
+
- collapseable_section_end "yarninstall"
|
|
840
911
|
- yarn build
|
|
841
912
|
cache:
|
|
842
913
|
- key: app-yarn
|
|
@@ -847,15 +918,13 @@ api 🧪 test:
|
|
|
847
918
|
policy: pull-push
|
|
848
919
|
paths:
|
|
849
920
|
- app/node_modules
|
|
850
|
-
- key: api-next-cache
|
|
851
|
-
policy: pull-push
|
|
852
|
-
paths:
|
|
853
|
-
- app/.next/cache
|
|
854
921
|
artifacts:
|
|
855
922
|
paths:
|
|
856
923
|
- app/__build_info.json
|
|
857
924
|
- app/.next
|
|
858
925
|
- app/dist
|
|
926
|
+
exclude:
|
|
927
|
+
- app/.env
|
|
859
928
|
expire_in: 1 day
|
|
860
929
|
when: always
|
|
861
930
|
reports: {}
|
|
@@ -881,7 +950,7 @@ api 🧪 test:
|
|
|
881
950
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
882
951
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
883
952
|
script:
|
|
884
|
-
-
|
|
953
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
885
954
|
- export APP_DIR="app"
|
|
886
955
|
- export DOCKER_BUILD_CONTEXT="."
|
|
887
956
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
@@ -897,20 +966,20 @@ api 🧪 test:
|
|
|
897
966
|
COPY --chown=node:node app/yarn.lock /app/app/yarn.lock
|
|
898
967
|
COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
|
|
899
968
|
COPY --chown=node:node .yarn /app/.yarn"
|
|
900
|
-
-
|
|
969
|
+
- collapseable_section_end "injectvars"
|
|
901
970
|
- ensureNodeDockerfile
|
|
902
|
-
-
|
|
971
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
903
972
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_stage_api_GCLOUD_DEPLOY_credentialsKey")
|
|
904
973
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
905
|
-
-
|
|
906
|
-
-
|
|
974
|
+
- collapseable_section_end "docker-login"
|
|
975
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
907
976
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
908
|
-
-
|
|
909
|
-
-
|
|
977
|
+
- collapseable_section_end "docker-build"
|
|
978
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
910
979
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
911
980
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
912
981
|
- docker push $DOCKER_CACHE_IMAGE
|
|
913
|
-
-
|
|
982
|
+
- collapseable_section_end "docker-push"
|
|
914
983
|
cache:
|
|
915
984
|
- key: app-yarn
|
|
916
985
|
policy: pull
|
|
@@ -927,8 +996,8 @@ api 🧪 test:
|
|
|
927
996
|
image: aquasec/trivy:0.38.3
|
|
928
997
|
variables: {}
|
|
929
998
|
script:
|
|
930
|
-
-
|
|
931
|
-
-
|
|
999
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1000
|
+
- collapseable_section_end "injectvars"
|
|
932
1001
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" app
|
|
933
1002
|
artifacts:
|
|
934
1003
|
paths:
|
|
@@ -947,36 +1016,35 @@ api 🧪 test:
|
|
|
947
1016
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
948
1017
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
949
1018
|
script:
|
|
950
|
-
-
|
|
1019
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
951
1020
|
- export ENV_SHORT="stage"
|
|
952
1021
|
- export APP_DIR="app"
|
|
953
1022
|
- export ENV_TYPE="stage"
|
|
954
1023
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
955
1024
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
956
1025
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
957
|
-
- export
|
|
1026
|
+
- export HOSTNAME="$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
958
1027
|
- export ROOT_URL="https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
959
|
-
- export
|
|
960
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1028
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
961
1029
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
962
1030
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-stage-api-alarm-clock:run"
|
|
963
1031
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
964
1032
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
965
1033
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_stage_api_GCLOUD_DEPLOY_credentialsKey"
|
|
966
1034
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
967
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
1035
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
968
1036
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
969
1037
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/api"
|
|
970
1038
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api"
|
|
971
1039
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
972
1040
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
973
|
-
-
|
|
974
|
-
-
|
|
1041
|
+
- collapseable_section_end "injectvars"
|
|
1042
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
975
1043
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_stage_api_GCLOUD_DEPLOY_credentialsKey")
|
|
976
1044
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
977
1045
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
978
|
-
-
|
|
979
|
-
-
|
|
1046
|
+
- collapseable_section_end "prepare"
|
|
1047
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
980
1048
|
- |
|
|
981
1049
|
cat > ____envvars.yaml <<EOF
|
|
982
1050
|
ENV_SHORT: |-
|
|
@@ -986,21 +1054,19 @@ api 🧪 test:
|
|
|
986
1054
|
ENV_TYPE: |-
|
|
987
1055
|
stage
|
|
988
1056
|
BUILD_INFO_BUILD_ID: |-
|
|
989
|
-
|
|
1057
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
990
1058
|
BUILD_INFO_BUILD_TIME: |-
|
|
991
|
-
|
|
1059
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
992
1060
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
993
|
-
|
|
994
|
-
|
|
995
|
-
|
|
1061
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
1062
|
+
HOSTNAME: |-
|
|
1063
|
+
$(printf %s "$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
996
1064
|
ROOT_URL: |-
|
|
997
|
-
|
|
998
|
-
|
|
999
|
-
|
|
1000
|
-
HOST_CANONICAL: |-
|
|
1001
|
-
$(printf %s "$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
1065
|
+
$(printf %s "https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1066
|
+
HOSTNAME_INTERNAL: |-
|
|
1067
|
+
$(printf %s "$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1002
1068
|
ROOT_URL_INTERNAL: |-
|
|
1003
|
-
|
|
1069
|
+
$(printf %s "https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1004
1070
|
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock: |-
|
|
1005
1071
|
https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-stage-api-alarm-clock:run
|
|
1006
1072
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
@@ -1008,13 +1074,13 @@ api 🧪 test:
|
|
|
1008
1074
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
1009
1075
|
asia-east1
|
|
1010
1076
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
1011
|
-
|
|
1077
|
+
$(printf %s "$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
1012
1078
|
_ALL_ENV_VAR_KEYS: |-
|
|
1013
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
1079
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
1014
1080
|
|
|
1015
1081
|
EOF
|
|
1016
|
-
-
|
|
1017
|
-
-
|
|
1082
|
+
- collapseable_section_end "writeenvvars"
|
|
1083
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
1018
1084
|
- |-
|
|
1019
1085
|
exist_scheduler_names="$(
|
|
1020
1086
|
gcloud scheduler jobs list --filter='httpTarget.uri ~ stage.*api' --format='value(name)' --limit=999 --location='asia-east1' --project='asdf'
|
|
@@ -1036,12 +1102,12 @@ api 🧪 test:
|
|
|
1036
1102
|
else
|
|
1037
1103
|
gcloud run jobs create "$current_job_name" --command="./wake-up-call" --labels="customer-name=pan,component-name=api,app-name=test-app,env-type=stage,env-name=stage,build-type=node,cloud-run-job-name=$current_job_name" --image="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/api:$DOCKER_IMAGE_TAG" --project=asdf --region=asia-east1 --memory=512Mi --parallelism=1 --task-timeout=10m --env-vars-file=____envvars.yaml --max-retries=0
|
|
1038
1104
|
fi
|
|
1039
|
-
-
|
|
1040
|
-
-
|
|
1105
|
+
- collapseable_section_end "deploy"
|
|
1106
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
1041
1107
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=pan-test-app-stage-api --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
1042
1108
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/api@$version --quiet --delete-tags; done
|
|
1043
1109
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api@$version --quiet --delete-tags; done
|
|
1044
|
-
-
|
|
1110
|
+
- collapseable_section_end "cleanup"
|
|
1045
1111
|
- echo 'Uploading SBOM to Dependency Track'
|
|
1046
1112
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
1047
1113
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-stage-api-$CL_stage_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -1074,9 +1140,9 @@ api 🧪 test:
|
|
|
1074
1140
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
1075
1141
|
GIT_STRATEGY: none
|
|
1076
1142
|
script:
|
|
1077
|
-
-
|
|
1143
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1078
1144
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
1079
|
-
-
|
|
1145
|
+
- collapseable_section_end "injectvars"
|
|
1080
1146
|
- set +e
|
|
1081
1147
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_stage_api_GCLOUD_DEPLOY_credentialsKey")
|
|
1082
1148
|
- gcloud scheduler jobs delete pan-test-app-stage-api-alarm-clock-scheduler --project=asdf --location=asia-east1
|
|
@@ -1112,38 +1178,55 @@ api 🧪 test:
|
|
|
1112
1178
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
1113
1179
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
1114
1180
|
script:
|
|
1115
|
-
-
|
|
1181
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1116
1182
|
- export ENV_SHORT="prod"
|
|
1117
1183
|
- export APP_DIR="app"
|
|
1118
1184
|
- export ENV_TYPE="prod"
|
|
1119
1185
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
1120
1186
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
1121
1187
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
1122
|
-
- export
|
|
1188
|
+
- export HOSTNAME="$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1123
1189
|
- export ROOT_URL="https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1124
|
-
- export
|
|
1125
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1190
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1126
1191
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1127
1192
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-prod-api-alarm-clock:run"
|
|
1128
1193
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
1129
1194
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
1130
1195
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_prod_api_GCLOUD_DEPLOY_credentialsKey"
|
|
1131
1196
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
1132
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
1133
|
-
-
|
|
1197
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
1198
|
+
- collapseable_section_end "injectvars"
|
|
1199
|
+
- collapseable_section_start "write-dotenv-api" "write dot env for api"
|
|
1200
|
+
- |-
|
|
1201
|
+
cat <<EOF > app/.env
|
|
1202
|
+
ENV_SHORT=prod
|
|
1203
|
+
APP_DIR=app
|
|
1204
|
+
ENV_TYPE=prod
|
|
1205
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
1206
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
1207
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
1208
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
1209
|
+
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock=https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-prod-api-alarm-clock:run
|
|
1210
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
1211
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
1212
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_prod_api_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
1213
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
1214
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
1215
|
+
EOF
|
|
1216
|
+
- collapseable_section_end "write-dotenv-api"
|
|
1134
1217
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > app/__build_info.json
|
|
1135
|
-
-
|
|
1218
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
1136
1219
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
1137
1220
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
1138
|
-
-
|
|
1221
|
+
- collapseable_section_end "nodeinstall"
|
|
1139
1222
|
- cd app
|
|
1140
|
-
-
|
|
1223
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
1141
1224
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
1142
1225
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
1143
|
-
-
|
|
1144
|
-
-
|
|
1226
|
+
- collapseable_section_end "nodeinstall"
|
|
1227
|
+
- collapseable_section_start "yarninstall" "Yarn install"
|
|
1145
1228
|
- yarn install --immutable
|
|
1146
|
-
-
|
|
1229
|
+
- collapseable_section_end "yarninstall"
|
|
1147
1230
|
- yarn build
|
|
1148
1231
|
cache:
|
|
1149
1232
|
- key: app-yarn
|
|
@@ -1154,15 +1237,13 @@ api 🧪 test:
|
|
|
1154
1237
|
policy: pull-push
|
|
1155
1238
|
paths:
|
|
1156
1239
|
- app/node_modules
|
|
1157
|
-
- key: api-next-cache
|
|
1158
|
-
policy: pull-push
|
|
1159
|
-
paths:
|
|
1160
|
-
- app/.next/cache
|
|
1161
1240
|
artifacts:
|
|
1162
1241
|
paths:
|
|
1163
1242
|
- app/__build_info.json
|
|
1164
1243
|
- app/.next
|
|
1165
1244
|
- app/dist
|
|
1245
|
+
exclude:
|
|
1246
|
+
- app/.env
|
|
1166
1247
|
expire_in: 1 day
|
|
1167
1248
|
when: always
|
|
1168
1249
|
reports: {}
|
|
@@ -1188,7 +1269,7 @@ api 🧪 test:
|
|
|
1188
1269
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
1189
1270
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
1190
1271
|
script:
|
|
1191
|
-
-
|
|
1272
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1192
1273
|
- export APP_DIR="app"
|
|
1193
1274
|
- export DOCKER_BUILD_CONTEXT="."
|
|
1194
1275
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
@@ -1204,20 +1285,20 @@ api 🧪 test:
|
|
|
1204
1285
|
COPY --chown=node:node app/yarn.lock /app/app/yarn.lock
|
|
1205
1286
|
COPY --chown=node:node .yarnrc.yml /app/.yarnrc.yml
|
|
1206
1287
|
COPY --chown=node:node .yarn /app/.yarn"
|
|
1207
|
-
-
|
|
1288
|
+
- collapseable_section_end "injectvars"
|
|
1208
1289
|
- ensureNodeDockerfile
|
|
1209
|
-
-
|
|
1290
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
1210
1291
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_prod_api_GCLOUD_DEPLOY_credentialsKey")
|
|
1211
1292
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
1212
|
-
-
|
|
1213
|
-
-
|
|
1293
|
+
- collapseable_section_end "docker-login"
|
|
1294
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
1214
1295
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
1215
|
-
-
|
|
1216
|
-
-
|
|
1296
|
+
- collapseable_section_end "docker-build"
|
|
1297
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
1217
1298
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
1218
1299
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
1219
1300
|
- docker push $DOCKER_CACHE_IMAGE
|
|
1220
|
-
-
|
|
1301
|
+
- collapseable_section_end "docker-push"
|
|
1221
1302
|
cache:
|
|
1222
1303
|
- key: app-yarn
|
|
1223
1304
|
policy: pull
|
|
@@ -1234,8 +1315,8 @@ api 🧪 test:
|
|
|
1234
1315
|
image: aquasec/trivy:0.38.3
|
|
1235
1316
|
variables: {}
|
|
1236
1317
|
script:
|
|
1237
|
-
-
|
|
1238
|
-
-
|
|
1318
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1319
|
+
- collapseable_section_end "injectvars"
|
|
1239
1320
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" app
|
|
1240
1321
|
artifacts:
|
|
1241
1322
|
paths:
|
|
@@ -1254,36 +1335,35 @@ api 🧪 test:
|
|
|
1254
1335
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
1255
1336
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
1256
1337
|
script:
|
|
1257
|
-
-
|
|
1338
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1258
1339
|
- export ENV_SHORT="prod"
|
|
1259
1340
|
- export APP_DIR="app"
|
|
1260
1341
|
- export ENV_TYPE="prod"
|
|
1261
1342
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
1262
1343
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
1263
1344
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
1264
|
-
- export
|
|
1345
|
+
- export HOSTNAME="$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1265
1346
|
- export ROOT_URL="https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1266
|
-
- export
|
|
1267
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1347
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1268
1348
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1269
1349
|
- export CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock="https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-prod-api-alarm-clock:run"
|
|
1270
1350
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
1271
1351
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
1272
1352
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_prod_api_GCLOUD_DEPLOY_credentialsKey"
|
|
1273
1353
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix"
|
|
1274
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
1354
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
1275
1355
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
1276
1356
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/api"
|
|
1277
1357
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api"
|
|
1278
1358
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
1279
1359
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
1280
|
-
-
|
|
1281
|
-
-
|
|
1360
|
+
- collapseable_section_end "injectvars"
|
|
1361
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
1282
1362
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_prod_api_GCLOUD_DEPLOY_credentialsKey")
|
|
1283
1363
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
1284
1364
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
1285
|
-
-
|
|
1286
|
-
-
|
|
1365
|
+
- collapseable_section_end "prepare"
|
|
1366
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
1287
1367
|
- |
|
|
1288
1368
|
cat > ____envvars.yaml <<EOF
|
|
1289
1369
|
ENV_SHORT: |-
|
|
@@ -1293,21 +1373,19 @@ api 🧪 test:
|
|
|
1293
1373
|
ENV_TYPE: |-
|
|
1294
1374
|
prod
|
|
1295
1375
|
BUILD_INFO_BUILD_ID: |-
|
|
1296
|
-
|
|
1376
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
1297
1377
|
BUILD_INFO_BUILD_TIME: |-
|
|
1298
|
-
|
|
1378
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
1299
1379
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
1300
|
-
|
|
1301
|
-
|
|
1302
|
-
|
|
1380
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
1381
|
+
HOSTNAME: |-
|
|
1382
|
+
$(printf %s "$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1303
1383
|
ROOT_URL: |-
|
|
1304
|
-
|
|
1305
|
-
|
|
1306
|
-
|
|
1307
|
-
HOST_CANONICAL: |-
|
|
1308
|
-
$(printf %s "$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
1384
|
+
$(printf %s "https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1385
|
+
HOSTNAME_INTERNAL: |-
|
|
1386
|
+
$(printf %s "$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1309
1387
|
ROOT_URL_INTERNAL: |-
|
|
1310
|
-
|
|
1388
|
+
$(printf %s "https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1311
1389
|
CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock: |-
|
|
1312
1390
|
https://asia-east1-run.googleapis.com/apis/run.googleapis.com/v1/namespaces/asdf/jobs/pan-test-app-prod-api-alarm-clock:run
|
|
1313
1391
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
@@ -1315,13 +1393,13 @@ api 🧪 test:
|
|
|
1315
1393
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
1316
1394
|
asia-east1
|
|
1317
1395
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
1318
|
-
|
|
1396
|
+
$(printf %s "$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
1319
1397
|
_ALL_ENV_VAR_KEYS: |-
|
|
1320
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
1398
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","CLOUD_RUN_JOB_TRIGGER_URL_alarm_clock","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
1321
1399
|
|
|
1322
1400
|
EOF
|
|
1323
|
-
-
|
|
1324
|
-
-
|
|
1401
|
+
- collapseable_section_end "writeenvvars"
|
|
1402
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
1325
1403
|
- |-
|
|
1326
1404
|
exist_scheduler_names="$(
|
|
1327
1405
|
gcloud scheduler jobs list --filter='httpTarget.uri ~ prod.*api' --format='value(name)' --limit=999 --location='asia-east1' --project='asdf'
|
|
@@ -1343,12 +1421,12 @@ api 🧪 test:
|
|
|
1343
1421
|
else
|
|
1344
1422
|
gcloud run jobs create "$current_job_name" --command="./wake-up-call" --labels="customer-name=pan,component-name=api,app-name=test-app,env-type=prod,env-name=prod,build-type=node,cloud-run-job-name=$current_job_name" --image="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/api:$DOCKER_IMAGE_TAG" --project=asdf --region=asia-east1 --memory=512Mi --parallelism=1 --task-timeout=10m --env-vars-file=____envvars.yaml --max-retries=0
|
|
1345
1423
|
fi
|
|
1346
|
-
-
|
|
1347
|
-
-
|
|
1424
|
+
- collapseable_section_end "deploy"
|
|
1425
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
1348
1426
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=pan-test-app-prod-api --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | tail -n +6 | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
1349
1427
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +7 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/api@$version --quiet --delete-tags; done
|
|
1350
1428
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/api@$version --quiet --delete-tags; done
|
|
1351
|
-
-
|
|
1429
|
+
- collapseable_section_end "cleanup"
|
|
1352
1430
|
- echo 'Uploading SBOM to Dependency Track'
|
|
1353
1431
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/api" "https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
1354
1432
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-prod-api-$CL_prod_api_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -1381,9 +1459,9 @@ api 🧪 test:
|
|
|
1381
1459
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
1382
1460
|
GIT_STRATEGY: none
|
|
1383
1461
|
script:
|
|
1384
|
-
-
|
|
1462
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1385
1463
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
1386
|
-
-
|
|
1464
|
+
- collapseable_section_end "injectvars"
|
|
1387
1465
|
- set +e
|
|
1388
1466
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_prod_api_GCLOUD_DEPLOY_credentialsKey")
|
|
1389
1467
|
- gcloud scheduler jobs delete pan-test-app-prod-api-alarm-clock-scheduler --project=asdf --location=asia-east1
|