@catladder/pipeline 1.170.1 → 2.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/dist/bash/BashExpression.d.ts +1 -6
- package/dist/bash/BashExpression.js +2 -15
- package/dist/bash/bashEscape.d.ts +34 -0
- package/dist/bash/bashEscape.js +114 -0
- package/dist/bash/bashYaml.js +25 -2
- package/dist/bash/getInjectVarsScript.js +4 -2
- package/dist/bash/index.d.ts +2 -0
- package/dist/bash/index.js +26 -0
- package/dist/build/base/createAppBuildJob.js +3 -3
- package/dist/build/base/writeDotEnv.js +6 -4
- package/dist/build/custom/testJob.js +12 -12
- package/dist/build/docker.d.ts +3 -3
- package/dist/build/node/buildJob.js +1 -1
- package/dist/build/node/cache.d.ts +2 -4
- package/dist/build/node/cache.js +3 -24
- package/dist/build/node/testJob.js +11 -11
- package/dist/build/rails/build.js +1 -1
- package/dist/build/rails/test.js +8 -8
- package/dist/build/types.d.ts +0 -10
- package/dist/constants.js +1 -1
- package/dist/context/createComponentContext.js +0 -1
- package/dist/context/getEnvConfig.js +2 -1
- package/dist/context/getEnvironment.js +1 -2
- package/dist/context/getEnvironmentVariables.d.ts +5 -6
- package/dist/context/getEnvironmentVariables.js +50 -38
- package/dist/deploy/base/deploy.js +3 -3
- package/dist/deploy/cloudRun/createJobs/getCloudRunDeployScripts.js +2 -2
- package/dist/deploy/cloudRun/index.js +2 -2
- package/dist/deploy/cloudRun/utils/getServiceName.d.ts +1 -1
- package/dist/deploy/kubernetes/cloudSql/index.d.ts +2 -2
- package/dist/deploy/kubernetes/cloudSql/index.js +3 -14
- package/dist/deploy/kubernetes/deployJob.js +1 -3
- package/dist/deploy/kubernetes/index.js +2 -2
- package/dist/deploy/kubernetes/kubeEnv.d.ts +3 -3
- package/dist/deploy/kubernetes/kubeValues.d.ts +3 -4
- package/dist/deploy/kubernetes/kubeValues.js +2 -3
- package/dist/deploy/types/base.d.ts +0 -6
- package/dist/deploy/types/kubernetes.d.ts +1 -34
- package/dist/globalScriptFunctions/index.d.ts +14 -0
- package/dist/globalScriptFunctions/index.js +37 -0
- package/dist/index.d.ts +3 -1
- package/dist/index.js +3 -1
- package/dist/pipeline/gitlab/createGitlabJobs.js +3 -5
- package/dist/pipeline/gitlab/createGitlabPipeline.d.ts +1 -0
- package/dist/pipeline/gitlab/createGitlabPipeline.js +38 -2
- package/dist/pipeline/packageManager.js +1 -1
- package/dist/runner/index.d.ts +1 -1
- package/dist/tsconfig.tsbuildinfo +1 -1
- package/dist/types/config.d.ts +6 -9
- package/dist/types/context.d.ts +2 -9
- package/dist/types/gitlab-types.d.ts +1 -0
- package/dist/types/jobs.d.ts +0 -8
- package/dist/utils/gitlab.js +4 -1
- package/dist/utils/writeFiles.js +1 -7
- package/dist/variables/VariableValue.d.ts +3 -0
- package/dist/variables/VariableValue.js +5 -0
- package/dist/variables/VariableValueContainingReferences.d.ts +24 -0
- package/dist/variables/VariableValueContainingReferences.js +97 -0
- package/dist/variables/__tests__/resolveAllReferences.test.js +219 -0
- package/dist/variables/__tests__/resolveAllReferencesOnce.test.d.ts +1 -0
- package/dist/variables/__tests__/resolveAllReferencesOnce.test.js +171 -0
- package/dist/variables/__tests__/resolveReferencesOnce.test.d.ts +1 -0
- package/dist/variables/__tests__/resolveReferencesOnce.test.js +202 -0
- package/dist/variables/__tests__/variableValue.test.d.ts +1 -0
- package/dist/variables/__tests__/variableValue.test.js +36 -0
- package/dist/variables/resolveAllReferences.d.ts +3 -0
- package/dist/{bash/replaceAsync.js → variables/resolveAllReferences.js} +60 -40
- package/dist/variables/resolveAllReferencesOnce.d.ts +5 -0
- package/dist/variables/resolveAllReferencesOnce.js +191 -0
- package/dist/variables/resolveReferencesOnce.d.ts +8 -0
- package/dist/variables/resolveReferencesOnce.js +22 -0
- package/examples/__snapshots__/cloud-run-http2.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-memory-limit.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-meteor-with-worker.test.ts.snap +312 -222
- package/examples/__snapshots__/cloud-run-nextjs.test.ts.snap +1436 -0
- package/examples/__snapshots__/cloud-run-no-cpu-throttling.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-no-service.test.ts.snap +316 -238
- package/examples/__snapshots__/cloud-run-non-public.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-post-stop-job.test.ts.snap +313 -238
- package/examples/__snapshots__/cloud-run-service-custom-vpc-connector.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-custom-vpc.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-gen2.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-increase-timout.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-service-with-volumes.test.ts.snap +316 -238
- package/examples/__snapshots__/cloud-run-storybook.test.ts.snap +294 -220
- package/examples/__snapshots__/cloud-run-with-ngnix.test.ts.snap +312 -238
- package/examples/__snapshots__/cloud-run-with-sql-reuse-db.test.ts.snap +652 -486
- package/examples/__snapshots__/cloud-run-with-sql.test.ts.snap +282 -288
- package/examples/__snapshots__/cloud-run-with-worker.test.ts.snap +312 -238
- package/examples/__snapshots__/custom-build-job-with-tests.test.ts.snap +284 -194
- package/examples/__snapshots__/custom-build-job.test.ts.snap +278 -188
- package/examples/__snapshots__/custom-deploy.test.ts.snap +220 -154
- package/examples/__snapshots__/custom-envs.test.ts.snap +216 -126
- package/examples/__snapshots__/custom-sbom-java.test.ts.snap +278 -188
- package/examples/__snapshots__/git-submodule.test.ts.snap +312 -238
- package/examples/__snapshots__/kubernetes-application-customization.test.ts.snap +231 -253
- package/examples/__snapshots__/kubernetes-with-cloud-sql.test.ts.snap +240 -262
- package/examples/__snapshots__/kubernetes-with-jobs.test.ts.snap +504 -506
- package/examples/__snapshots__/kubernetes-with-mongodb.test.ts.snap +239 -261
- package/examples/__snapshots__/local-dot-env.test.ts.snap +236 -238
- package/examples/__snapshots__/meteor-kubernetes.test.ts.snap +236 -242
- package/examples/__snapshots__/multiline-var.test.ts.snap +1355 -973
- package/examples/__snapshots__/native-app.test.ts.snap +438 -392
- package/examples/__snapshots__/node-build-with-custom-image.test.ts.snap +312 -238
- package/examples/__snapshots__/node-build-with-docker-additions.test.ts.snap +312 -238
- package/examples/__snapshots__/rails-k8s-with-worker-dockerfile.test.ts.snap +186 -188
- package/examples/__snapshots__/rails-k8s-with-worker.test.ts.snap +162 -164
- package/examples/__snapshots__/referencing-other-vars.test.ts.snap +971 -765
- package/examples/__snapshots__/wait-for-other-deploy.test.ts.snap +330 -228
- package/examples/__snapshots__/{workspace-api-www-custom-cache.test.ts.snap → workspace-api-www-turbo-cache.test.ts.snap} +457 -499
- package/examples/__snapshots__/workspace-api-www.test.ts.snap +452 -482
- package/examples/{workspace-api-www-custom-cache.test.ts → cloud-run-nextjs.test.ts} +2 -2
- package/examples/cloud-run-nextjs.ts +28 -0
- package/examples/cloud-run-with-sql.ts +0 -1
- package/examples/kubernetes-application-customization.ts +1 -0
- package/examples/kubernetes-with-cloud-sql.ts +1 -0
- package/examples/kubernetes-with-jobs.ts +1 -0
- package/examples/kubernetes-with-mongodb.ts +1 -0
- package/examples/meteor-kubernetes.ts +1 -1
- package/examples/native-app.ts +10 -7
- package/examples/rails-k8s-with-worker.ts +7 -1
- package/examples/{kubernetes-with-cloud-sql-legacy.test.ts → workspace-api-www-turbo-cache.test.ts} +2 -2
- package/examples/{workspace-api-www-custom-cache.ts → workspace-api-www-turbo-cache.ts} +4 -3
- package/examples/workspace-api-www.ts +3 -2
- package/package.json +2 -6
- package/scripts/generate-examples-test.ts +0 -7
- package/src/bash/BashExpression.ts +0 -13
- package/src/bash/bashEscape.ts +158 -0
- package/src/bash/bashYaml.ts +36 -2
- package/src/bash/getInjectVarsScript.ts +11 -2
- package/src/bash/index.ts +2 -0
- package/src/build/base/createAppBuildJob.ts +0 -1
- package/src/build/base/writeDotEnv.ts +6 -6
- package/src/build/custom/testJob.ts +0 -1
- package/src/build/node/buildJob.ts +2 -2
- package/src/build/node/cache.ts +0 -29
- package/src/build/node/testJob.ts +0 -1
- package/src/build/rails/build.ts +0 -1
- package/src/build/rails/test.ts +0 -1
- package/src/build/types.ts +0 -13
- package/src/context/createComponentContext.ts +0 -1
- package/src/context/getEnvConfig.ts +2 -2
- package/src/context/getEnvironment.ts +1 -1
- package/src/context/getEnvironmentContext.ts +1 -1
- package/src/context/getEnvironmentVariables.ts +44 -51
- package/src/deploy/base/deploy.ts +1 -1
- package/src/deploy/cloudRun/createJobs/getCloudRunDeployScripts.ts +4 -12
- package/src/deploy/cloudRun/index.ts +2 -2
- package/src/deploy/kubernetes/cloudSql/index.ts +3 -16
- package/src/deploy/kubernetes/deployJob.ts +0 -2
- package/src/deploy/kubernetes/index.ts +2 -2
- package/src/deploy/kubernetes/kubeEnv.ts +3 -3
- package/src/deploy/kubernetes/kubeValues.ts +5 -8
- package/src/deploy/types/base.ts +0 -6
- package/src/deploy/types/kubernetes.ts +1 -36
- package/src/globalScriptFunctions/index.ts +30 -0
- package/src/index.ts +2 -0
- package/src/pipeline/gitlab/createGitlabJobs.ts +1 -4
- package/src/pipeline/gitlab/createGitlabPipeline.ts +8 -1
- package/src/pipeline/packageManager.ts +7 -5
- package/src/runner/index.ts +0 -1
- package/src/types/config.ts +6 -9
- package/src/types/context.ts +3 -9
- package/src/types/gitlab-types.ts +1 -0
- package/src/types/jobs.ts +0 -8
- package/src/utils/gitlab.ts +19 -2
- package/src/utils/writeFiles.ts +1 -2
- package/src/variables/VariableValue.ts +6 -0
- package/src/variables/VariableValueContainingReferences.ts +89 -0
- package/src/variables/__tests__/resolveAllReferences.test.ts +110 -0
- package/src/variables/__tests__/resolveAllReferencesOnce.test.ts +64 -0
- package/src/variables/__tests__/resolveReferencesOnce.test.ts +117 -0
- package/src/variables/__tests__/variableValue.test.ts +73 -0
- package/src/variables/resolveAllReferences.ts +46 -0
- package/src/variables/resolveAllReferencesOnce.ts +44 -0
- package/src/variables/resolveReferencesOnce.ts +29 -0
- package/bin/catladder-gitlab-dev.js +0 -3
- package/bin/catladder-gitlab.js +0 -3
- package/dist/bash/replaceAsync.d.ts +0 -2
- package/dist/bundles/catladder-gitlab/index.js +0 -15
- package/dist/context/__tests__/resolveReferences.test.js +0 -368
- package/dist/context/resolveReferences.d.ts +0 -6
- package/dist/context/resolveReferences.js +0 -286
- package/dist/deploy/kubernetes/processSecretsAsFiles.d.ts +0 -85
- package/dist/deploy/kubernetes/processSecretsAsFiles.js +0 -33
- package/examples/__snapshots__/kubernetes-with-cloud-sql-legacy.test.ts.snap +0 -1795
- package/examples/kubernetes-with-cloud-sql-legacy.ts +0 -35
- package/scripts/bundle +0 -2
- package/src/bash/replaceAsync.ts +0 -49
- package/src/context/__tests__/resolveReferences.test.ts +0 -148
- package/src/context/resolveReferences.ts +0 -93
- package/src/deploy/kubernetes/processSecretsAsFiles.ts +0 -35
- /package/dist/{context/__tests__/resolveReferences.test.d.ts → variables/__tests__/resolveAllReferences.test.d.ts} +0 -0
|
@@ -45,6 +45,36 @@ variables:
|
|
|
45
45
|
CACHE_COMPRESSION_LEVEL: fast
|
|
46
46
|
TRANSFER_METER_FREQUENCY: 5s
|
|
47
47
|
GIT_DEPTH: '1'
|
|
48
|
+
before_script:
|
|
49
|
+
- |-
|
|
50
|
+
function escapeForDotEnv () {
|
|
51
|
+
input="\${1:-$(cat)}"
|
|
52
|
+
input="\${input//$'\\n'/\\\\n}"
|
|
53
|
+
if [[ "$input" == *\\\\n* ]]; then
|
|
54
|
+
if [[ "$input" == *\\"* && "$input" == *\\'* && "$input" == *\\\`* ]]; then
|
|
55
|
+
printf "\\"%s\\"\\n" "$input"
|
|
56
|
+
elif [[ "$input" == *\\"* && "$input" == *\\'* ]]; then
|
|
57
|
+
printf "\`%s\`\\n" "$input"
|
|
58
|
+
elif [[ "$input" == *\\"* ]]; then
|
|
59
|
+
printf "'%s'\\n" "$input"
|
|
60
|
+
else
|
|
61
|
+
printf "\\"%s\\"\\n" "$input"
|
|
62
|
+
fi
|
|
63
|
+
else
|
|
64
|
+
printf "%s\\n" "$input"
|
|
65
|
+
fi
|
|
66
|
+
}
|
|
67
|
+
- |-
|
|
68
|
+
function collapseable_section_start () {
|
|
69
|
+
local section_title="\${1}"
|
|
70
|
+
local section_description="\${2:-$section_title}"
|
|
71
|
+
echo -e "section_start:\`date +%s\`:\${section_title}[collapsed=true]\\r\\e[0K\${section_description}"
|
|
72
|
+
}
|
|
73
|
+
- |-
|
|
74
|
+
function collapseable_section_end () {
|
|
75
|
+
local section_title="\${1}"
|
|
76
|
+
echo -e "section_end:\`date +%s\`:\${section_title}\\r\\e[0K"
|
|
77
|
+
}
|
|
48
78
|
'www 🔨 app | dev ':
|
|
49
79
|
stage: build
|
|
50
80
|
image: foo
|
|
@@ -53,34 +83,52 @@ variables:
|
|
|
53
83
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
54
84
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
55
85
|
script:
|
|
56
|
-
-
|
|
86
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
57
87
|
- export ENV_SHORT="dev"
|
|
58
88
|
- export APP_DIR="www"
|
|
59
89
|
- export ENV_TYPE="dev"
|
|
60
90
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
61
91
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
62
92
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
63
|
-
- export
|
|
93
|
+
- export HOSTNAME="$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
64
94
|
- export ROOT_URL="https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
65
|
-
- export
|
|
66
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
95
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
67
96
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
68
97
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
69
98
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
70
99
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_dev_www_GCLOUD_DEPLOY_credentialsKey"
|
|
71
100
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
72
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
73
|
-
-
|
|
101
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
102
|
+
- collapseable_section_end "injectvars"
|
|
103
|
+
- collapseable_section_start "write-dotenv-www" "write dot env for www"
|
|
104
|
+
- |-
|
|
105
|
+
cat <<EOF > www/.env
|
|
106
|
+
ENV_SHORT=dev
|
|
107
|
+
APP_DIR=www
|
|
108
|
+
ENV_TYPE=dev
|
|
109
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
110
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
111
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
112
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
113
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
114
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
115
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_dev_www_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
116
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
117
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
118
|
+
EOF
|
|
119
|
+
- collapseable_section_end "write-dotenv-www"
|
|
74
120
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > www/__build_info.json
|
|
75
|
-
-
|
|
121
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
76
122
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
77
123
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
78
|
-
-
|
|
124
|
+
- collapseable_section_end "nodeinstall"
|
|
79
125
|
- cd www
|
|
80
126
|
artifacts:
|
|
81
127
|
paths:
|
|
82
128
|
- www/__build_info.json
|
|
83
129
|
- www/dist
|
|
130
|
+
exclude:
|
|
131
|
+
- www/.env
|
|
84
132
|
expire_in: 1 day
|
|
85
133
|
when: always
|
|
86
134
|
reports: {}
|
|
@@ -112,27 +160,27 @@ variables:
|
|
|
112
160
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
113
161
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
114
162
|
script:
|
|
115
|
-
-
|
|
163
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
116
164
|
- export APP_DIR="www"
|
|
117
165
|
- export DOCKER_BUILD_CONTEXT="."
|
|
118
166
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
119
167
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/www"
|
|
120
168
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
121
169
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
122
|
-
-
|
|
170
|
+
- collapseable_section_end "injectvars"
|
|
123
171
|
- ensureNginxDockerfile
|
|
124
|
-
-
|
|
172
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
125
173
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_dev_www_GCLOUD_DEPLOY_credentialsKey")
|
|
126
174
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
127
|
-
-
|
|
128
|
-
-
|
|
175
|
+
- collapseable_section_end "docker-login"
|
|
176
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
129
177
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
130
|
-
-
|
|
131
|
-
-
|
|
178
|
+
- collapseable_section_end "docker-build"
|
|
179
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
132
180
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
133
181
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
134
182
|
- docker push $DOCKER_CACHE_IMAGE
|
|
135
|
-
-
|
|
183
|
+
- collapseable_section_end "docker-push"
|
|
136
184
|
rules:
|
|
137
185
|
- when: never
|
|
138
186
|
if: $CI_COMMIT_MESSAGE =~ /^chore\\(release\\).*/
|
|
@@ -146,8 +194,8 @@ variables:
|
|
|
146
194
|
image: aquasec/trivy:0.38.3
|
|
147
195
|
variables: {}
|
|
148
196
|
script:
|
|
149
|
-
-
|
|
150
|
-
-
|
|
197
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
198
|
+
- collapseable_section_end "injectvars"
|
|
151
199
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" www
|
|
152
200
|
artifacts:
|
|
153
201
|
paths:
|
|
@@ -168,35 +216,34 @@ variables:
|
|
|
168
216
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
169
217
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
170
218
|
script:
|
|
171
|
-
-
|
|
219
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
172
220
|
- export ENV_SHORT="dev"
|
|
173
221
|
- export APP_DIR="www"
|
|
174
222
|
- export ENV_TYPE="dev"
|
|
175
223
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
176
224
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
177
225
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
178
|
-
- export
|
|
226
|
+
- export HOSTNAME="$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
179
227
|
- export ROOT_URL="https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
180
|
-
- export
|
|
181
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
228
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
182
229
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
183
230
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
184
231
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
185
232
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_dev_www_GCLOUD_DEPLOY_credentialsKey"
|
|
186
233
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
187
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
234
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
188
235
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
189
236
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/www"
|
|
190
237
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
191
238
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
192
239
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
193
|
-
-
|
|
194
|
-
-
|
|
240
|
+
- collapseable_section_end "injectvars"
|
|
241
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
195
242
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_dev_www_GCLOUD_DEPLOY_credentialsKey")
|
|
196
243
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
197
244
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
198
|
-
-
|
|
199
|
-
-
|
|
245
|
+
- collapseable_section_end "prepare"
|
|
246
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
200
247
|
- |
|
|
201
248
|
cat > ____envvars.yaml <<EOF
|
|
202
249
|
ENV_SHORT: |-
|
|
@@ -206,40 +253,38 @@ variables:
|
|
|
206
253
|
ENV_TYPE: |-
|
|
207
254
|
dev
|
|
208
255
|
BUILD_INFO_BUILD_ID: |-
|
|
209
|
-
|
|
256
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
210
257
|
BUILD_INFO_BUILD_TIME: |-
|
|
211
|
-
|
|
258
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
212
259
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
213
|
-
|
|
214
|
-
|
|
215
|
-
|
|
260
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
261
|
+
HOSTNAME: |-
|
|
262
|
+
$(printf %s "$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
216
263
|
ROOT_URL: |-
|
|
217
|
-
|
|
218
|
-
|
|
219
|
-
|
|
220
|
-
HOST_CANONICAL: |-
|
|
221
|
-
$(printf %s "$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
264
|
+
$(printf %s "https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
265
|
+
HOSTNAME_INTERNAL: |-
|
|
266
|
+
$(printf %s "$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
222
267
|
ROOT_URL_INTERNAL: |-
|
|
223
|
-
|
|
268
|
+
$(printf %s "https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
224
269
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
225
270
|
asdf
|
|
226
271
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
227
272
|
asia-east1
|
|
228
273
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
229
|
-
|
|
274
|
+
$(printf %s "$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
230
275
|
_ALL_ENV_VAR_KEYS: |-
|
|
231
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
276
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
232
277
|
|
|
233
278
|
EOF
|
|
234
|
-
-
|
|
235
|
-
-
|
|
279
|
+
- collapseable_section_end "writeenvvars"
|
|
280
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
236
281
|
- gcloud run deploy pan-test-app-dev-www --command="" --image=asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/www:$DOCKER_IMAGE_TAG --project=asdf --region=asia-east1 --labels=customer-name=pan,component-name=www,app-name=test-app,env-type=dev,env-name=dev,build-type=custom,cloud-run-service-name=pan-test-app-dev-www --env-vars-file=____envvars.yaml --min-instances=0 --max-instances=100 --cpu-throttling --allow-unauthenticated --ingress=all --cpu-boost
|
|
237
|
-
-
|
|
238
|
-
-
|
|
282
|
+
- collapseable_section_end "deploy"
|
|
283
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
239
284
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=pan-test-app-dev-www --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
240
285
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/dev/www@$version --quiet --delete-tags; done
|
|
241
286
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www@$version --quiet --delete-tags; done
|
|
242
|
-
-
|
|
287
|
+
- collapseable_section_end "cleanup"
|
|
243
288
|
- echo 'Uploading SBOM to Dependency Track'
|
|
244
289
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/www" "https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
245
290
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-dev-www-$CL_dev_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -275,9 +320,9 @@ variables:
|
|
|
275
320
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
276
321
|
GIT_STRATEGY: none
|
|
277
322
|
script:
|
|
278
|
-
-
|
|
323
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
279
324
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
280
|
-
-
|
|
325
|
+
- collapseable_section_end "injectvars"
|
|
281
326
|
- set +e
|
|
282
327
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_dev_www_GCLOUD_DEPLOY_credentialsKey")
|
|
283
328
|
- gcloud run services delete pan-test-app-dev-www --project=asdf --region=asia-east1
|
|
@@ -313,34 +358,52 @@ variables:
|
|
|
313
358
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
314
359
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
315
360
|
script:
|
|
316
|
-
-
|
|
361
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
317
362
|
- export ENV_SHORT="review"
|
|
318
363
|
- export APP_DIR="www"
|
|
319
364
|
- export ENV_TYPE="review"
|
|
320
365
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
321
366
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
322
367
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
323
|
-
- export
|
|
368
|
+
- export HOSTNAME="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
324
369
|
- export ROOT_URL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
325
|
-
- export
|
|
326
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
370
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
327
371
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
328
372
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
329
373
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
330
374
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_review_www_GCLOUD_DEPLOY_credentialsKey"
|
|
331
375
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_review_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
332
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
333
|
-
-
|
|
376
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
377
|
+
- collapseable_section_end "injectvars"
|
|
378
|
+
- collapseable_section_start "write-dotenv-www" "write dot env for www"
|
|
379
|
+
- |-
|
|
380
|
+
cat <<EOF > www/.env
|
|
381
|
+
ENV_SHORT=review
|
|
382
|
+
APP_DIR=www
|
|
383
|
+
ENV_TYPE=review
|
|
384
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
385
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
386
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
387
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
388
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
389
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
390
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_review_www_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
391
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
392
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
393
|
+
EOF
|
|
394
|
+
- collapseable_section_end "write-dotenv-www"
|
|
334
395
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > www/__build_info.json
|
|
335
|
-
-
|
|
396
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
336
397
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
337
398
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
338
|
-
-
|
|
399
|
+
- collapseable_section_end "nodeinstall"
|
|
339
400
|
- cd www
|
|
340
401
|
artifacts:
|
|
341
402
|
paths:
|
|
342
403
|
- www/__build_info.json
|
|
343
404
|
- www/dist
|
|
405
|
+
exclude:
|
|
406
|
+
- www/.env
|
|
344
407
|
expire_in: 1 day
|
|
345
408
|
when: always
|
|
346
409
|
reports: {}
|
|
@@ -366,27 +429,27 @@ variables:
|
|
|
366
429
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
367
430
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
368
431
|
script:
|
|
369
|
-
-
|
|
432
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
370
433
|
- export APP_DIR="www"
|
|
371
434
|
- export DOCKER_BUILD_CONTEXT="."
|
|
372
435
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
373
436
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/www/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })"
|
|
374
437
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
375
438
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
376
|
-
-
|
|
439
|
+
- collapseable_section_end "injectvars"
|
|
377
440
|
- ensureNginxDockerfile
|
|
378
|
-
-
|
|
441
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
379
442
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_review_www_GCLOUD_DEPLOY_credentialsKey")
|
|
380
443
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
381
|
-
-
|
|
382
|
-
-
|
|
444
|
+
- collapseable_section_end "docker-login"
|
|
445
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
383
446
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
384
|
-
-
|
|
385
|
-
-
|
|
447
|
+
- collapseable_section_end "docker-build"
|
|
448
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
386
449
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
387
450
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
388
451
|
- docker push $DOCKER_CACHE_IMAGE
|
|
389
|
-
-
|
|
452
|
+
- collapseable_section_end "docker-push"
|
|
390
453
|
rules:
|
|
391
454
|
- if: $CI_MERGE_REQUEST_ID
|
|
392
455
|
needs:
|
|
@@ -398,8 +461,8 @@ variables:
|
|
|
398
461
|
image: aquasec/trivy:0.38.3
|
|
399
462
|
variables: {}
|
|
400
463
|
script:
|
|
401
|
-
-
|
|
402
|
-
-
|
|
464
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
465
|
+
- collapseable_section_end "injectvars"
|
|
403
466
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" www
|
|
404
467
|
artifacts:
|
|
405
468
|
paths:
|
|
@@ -418,35 +481,34 @@ variables:
|
|
|
418
481
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
419
482
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
420
483
|
script:
|
|
421
|
-
-
|
|
484
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
422
485
|
- export ENV_SHORT="review"
|
|
423
486
|
- export APP_DIR="www"
|
|
424
487
|
- export ENV_TYPE="review"
|
|
425
488
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
426
489
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
427
490
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
428
|
-
- export
|
|
491
|
+
- export HOSTNAME="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
429
492
|
- export ROOT_URL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
430
|
-
- export
|
|
431
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
493
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
432
494
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
433
495
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
434
496
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
435
497
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_review_www_GCLOUD_DEPLOY_credentialsKey"
|
|
436
498
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_review_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
437
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
499
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
438
500
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
439
501
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/www/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })"
|
|
440
502
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
441
503
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
442
504
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
443
|
-
-
|
|
444
|
-
-
|
|
505
|
+
- collapseable_section_end "injectvars"
|
|
506
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
445
507
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_review_www_GCLOUD_DEPLOY_credentialsKey")
|
|
446
508
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
447
509
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
448
|
-
-
|
|
449
|
-
-
|
|
510
|
+
- collapseable_section_end "prepare"
|
|
511
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
450
512
|
- |
|
|
451
513
|
cat > ____envvars.yaml <<EOF
|
|
452
514
|
ENV_SHORT: |-
|
|
@@ -456,43 +518,41 @@ variables:
|
|
|
456
518
|
ENV_TYPE: |-
|
|
457
519
|
review
|
|
458
520
|
BUILD_INFO_BUILD_ID: |-
|
|
459
|
-
|
|
521
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
460
522
|
BUILD_INFO_BUILD_TIME: |-
|
|
461
|
-
|
|
523
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
462
524
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
463
|
-
|
|
464
|
-
|
|
465
|
-
|
|
525
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
526
|
+
HOSTNAME: |-
|
|
527
|
+
$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
466
528
|
ROOT_URL: |-
|
|
467
|
-
|
|
468
|
-
|
|
469
|
-
|
|
470
|
-
HOST_CANONICAL: |-
|
|
471
|
-
$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
529
|
+
$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
530
|
+
HOSTNAME_INTERNAL: |-
|
|
531
|
+
$(printf %s "$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
472
532
|
ROOT_URL_INTERNAL: |-
|
|
473
|
-
|
|
533
|
+
$(printf %s "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
474
534
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
475
535
|
asdf
|
|
476
536
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
477
537
|
asia-east1
|
|
478
538
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
479
|
-
|
|
539
|
+
$(printf %s "$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
480
540
|
_ALL_ENV_VAR_KEYS: |-
|
|
481
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
541
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
482
542
|
|
|
483
543
|
EOF
|
|
484
|
-
-
|
|
485
|
-
-
|
|
544
|
+
- collapseable_section_end "writeenvvars"
|
|
545
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
486
546
|
- gcloud run deploy $(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www" | awk '{print tolower($0)}') --command="" --image=asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/www/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }):$DOCKER_IMAGE_TAG --project=asdf --region=asia-east1 --labels=customer-name=pan,component-name=www,app-name=test-app,env-type=review,env-name=review,build-type=custom,cloud-run-service-name=$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www" | awk '{print tolower($0)}') --env-vars-file=____envvars.yaml --min-instances=0 --max-instances=100 --cpu-throttling --allow-unauthenticated --ingress=all --cpu-boost
|
|
487
|
-
-
|
|
488
|
-
-
|
|
547
|
+
- collapseable_section_end "deploy"
|
|
548
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
489
549
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www" | awk '{print tolower($0)}') --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
490
550
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/www/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; }) --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/www/$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })@$version --quiet --delete-tags; done
|
|
491
551
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www@$version --quiet --delete-tags; done
|
|
492
552
|
- set +e
|
|
493
553
|
- gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/review/www --quiet --delete-tags
|
|
494
554
|
- set -e
|
|
495
|
-
-
|
|
555
|
+
- collapseable_section_end "cleanup"
|
|
496
556
|
- echo 'Uploading SBOM to Dependency Track'
|
|
497
557
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/www" "https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
498
558
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www-$CL_review_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -526,9 +586,9 @@ variables:
|
|
|
526
586
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
527
587
|
GIT_STRATEGY: none
|
|
528
588
|
script:
|
|
529
|
-
-
|
|
589
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
530
590
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
531
|
-
-
|
|
591
|
+
- collapseable_section_end "injectvars"
|
|
532
592
|
- set +e
|
|
533
593
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_review_www_GCLOUD_DEPLOY_credentialsKey")
|
|
534
594
|
- gcloud run services delete $(printf %s "pan-test-app-review-$([ -n "$CI_MERGE_REQUEST_IID" ] && echo "mr$CI_MERGE_REQUEST_IID" || { [ -n "$CI_COMMIT_REF_SLUG" ] && echo "$CI_COMMIT_REF_SLUG" || echo "unknown"; })-www" | awk '{print tolower($0)}') --project=asdf --region=asia-east1
|
|
@@ -565,34 +625,52 @@ variables:
|
|
|
565
625
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
566
626
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
567
627
|
script:
|
|
568
|
-
-
|
|
628
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
569
629
|
- export ENV_SHORT="stage"
|
|
570
630
|
- export APP_DIR="www"
|
|
571
631
|
- export ENV_TYPE="stage"
|
|
572
632
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
573
633
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
574
634
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
575
|
-
- export
|
|
635
|
+
- export HOSTNAME="$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
576
636
|
- export ROOT_URL="https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
577
|
-
- export
|
|
578
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
637
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
579
638
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
580
639
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
581
640
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
582
641
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_stage_www_GCLOUD_DEPLOY_credentialsKey"
|
|
583
642
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
584
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
585
|
-
-
|
|
643
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
644
|
+
- collapseable_section_end "injectvars"
|
|
645
|
+
- collapseable_section_start "write-dotenv-www" "write dot env for www"
|
|
646
|
+
- |-
|
|
647
|
+
cat <<EOF > www/.env
|
|
648
|
+
ENV_SHORT=stage
|
|
649
|
+
APP_DIR=www
|
|
650
|
+
ENV_TYPE=stage
|
|
651
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
652
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
653
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
654
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
655
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
656
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
657
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_stage_www_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
658
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
659
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
660
|
+
EOF
|
|
661
|
+
- collapseable_section_end "write-dotenv-www"
|
|
586
662
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > www/__build_info.json
|
|
587
|
-
-
|
|
663
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
588
664
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
589
665
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
590
|
-
-
|
|
666
|
+
- collapseable_section_end "nodeinstall"
|
|
591
667
|
- cd www
|
|
592
668
|
artifacts:
|
|
593
669
|
paths:
|
|
594
670
|
- www/__build_info.json
|
|
595
671
|
- www/dist
|
|
672
|
+
exclude:
|
|
673
|
+
- www/.env
|
|
596
674
|
expire_in: 1 day
|
|
597
675
|
when: always
|
|
598
676
|
reports: {}
|
|
@@ -618,27 +696,27 @@ variables:
|
|
|
618
696
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
619
697
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
620
698
|
script:
|
|
621
|
-
-
|
|
699
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
622
700
|
- export APP_DIR="www"
|
|
623
701
|
- export DOCKER_BUILD_CONTEXT="."
|
|
624
702
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
625
703
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/www"
|
|
626
704
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
627
705
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
628
|
-
-
|
|
706
|
+
- collapseable_section_end "injectvars"
|
|
629
707
|
- ensureNginxDockerfile
|
|
630
|
-
-
|
|
708
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
631
709
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_stage_www_GCLOUD_DEPLOY_credentialsKey")
|
|
632
710
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
633
|
-
-
|
|
634
|
-
-
|
|
711
|
+
- collapseable_section_end "docker-login"
|
|
712
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
635
713
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
636
|
-
-
|
|
637
|
-
-
|
|
714
|
+
- collapseable_section_end "docker-build"
|
|
715
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
638
716
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
639
717
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
640
718
|
- docker push $DOCKER_CACHE_IMAGE
|
|
641
|
-
-
|
|
719
|
+
- collapseable_section_end "docker-push"
|
|
642
720
|
rules:
|
|
643
721
|
- if: $CI_COMMIT_TAG
|
|
644
722
|
needs:
|
|
@@ -650,8 +728,8 @@ variables:
|
|
|
650
728
|
image: aquasec/trivy:0.38.3
|
|
651
729
|
variables: {}
|
|
652
730
|
script:
|
|
653
|
-
-
|
|
654
|
-
-
|
|
731
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
732
|
+
- collapseable_section_end "injectvars"
|
|
655
733
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" www
|
|
656
734
|
artifacts:
|
|
657
735
|
paths:
|
|
@@ -670,35 +748,34 @@ variables:
|
|
|
670
748
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
671
749
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
672
750
|
script:
|
|
673
|
-
-
|
|
751
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
674
752
|
- export ENV_SHORT="stage"
|
|
675
753
|
- export APP_DIR="www"
|
|
676
754
|
- export ENV_TYPE="stage"
|
|
677
755
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
678
756
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
679
757
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
680
|
-
- export
|
|
758
|
+
- export HOSTNAME="$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
681
759
|
- export ROOT_URL="https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
682
|
-
- export
|
|
683
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
760
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
684
761
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
685
762
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
686
763
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
687
764
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_stage_www_GCLOUD_DEPLOY_credentialsKey"
|
|
688
765
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
689
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
766
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
690
767
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
691
768
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/www"
|
|
692
769
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
693
770
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
694
771
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
695
|
-
-
|
|
696
|
-
-
|
|
772
|
+
- collapseable_section_end "injectvars"
|
|
773
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
697
774
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_stage_www_GCLOUD_DEPLOY_credentialsKey")
|
|
698
775
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
699
776
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
700
|
-
-
|
|
701
|
-
-
|
|
777
|
+
- collapseable_section_end "prepare"
|
|
778
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
702
779
|
- |
|
|
703
780
|
cat > ____envvars.yaml <<EOF
|
|
704
781
|
ENV_SHORT: |-
|
|
@@ -708,40 +785,38 @@ variables:
|
|
|
708
785
|
ENV_TYPE: |-
|
|
709
786
|
stage
|
|
710
787
|
BUILD_INFO_BUILD_ID: |-
|
|
711
|
-
|
|
788
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
712
789
|
BUILD_INFO_BUILD_TIME: |-
|
|
713
|
-
|
|
790
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
714
791
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
715
|
-
|
|
716
|
-
|
|
717
|
-
|
|
792
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
793
|
+
HOSTNAME: |-
|
|
794
|
+
$(printf %s "$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
718
795
|
ROOT_URL: |-
|
|
719
|
-
|
|
720
|
-
|
|
721
|
-
|
|
722
|
-
HOST_CANONICAL: |-
|
|
723
|
-
$(printf %s "$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
796
|
+
$(printf %s "https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
797
|
+
HOSTNAME_INTERNAL: |-
|
|
798
|
+
$(printf %s "$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
724
799
|
ROOT_URL_INTERNAL: |-
|
|
725
|
-
|
|
800
|
+
$(printf %s "https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
726
801
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
727
802
|
asdf
|
|
728
803
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
729
804
|
asia-east1
|
|
730
805
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
731
|
-
|
|
806
|
+
$(printf %s "$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
732
807
|
_ALL_ENV_VAR_KEYS: |-
|
|
733
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
808
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
734
809
|
|
|
735
810
|
EOF
|
|
736
|
-
-
|
|
737
|
-
-
|
|
811
|
+
- collapseable_section_end "writeenvvars"
|
|
812
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
738
813
|
- gcloud run deploy pan-test-app-stage-www --command="" --image=asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/www:$DOCKER_IMAGE_TAG --project=asdf --region=asia-east1 --labels=customer-name=pan,component-name=www,app-name=test-app,env-type=stage,env-name=stage,build-type=custom,cloud-run-service-name=pan-test-app-stage-www --env-vars-file=____envvars.yaml --min-instances=0 --max-instances=100 --cpu-throttling --allow-unauthenticated --ingress=all --cpu-boost
|
|
739
|
-
-
|
|
740
|
-
-
|
|
814
|
+
- collapseable_section_end "deploy"
|
|
815
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
741
816
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=pan-test-app-stage-www --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
742
817
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/stage/www@$version --quiet --delete-tags; done
|
|
743
818
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www@$version --quiet --delete-tags; done
|
|
744
|
-
-
|
|
819
|
+
- collapseable_section_end "cleanup"
|
|
745
820
|
- echo 'Uploading SBOM to Dependency Track'
|
|
746
821
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/www" "https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
747
822
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-stage-www-$CL_stage_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -774,9 +849,9 @@ variables:
|
|
|
774
849
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
775
850
|
GIT_STRATEGY: none
|
|
776
851
|
script:
|
|
777
|
-
-
|
|
852
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
778
853
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
779
|
-
-
|
|
854
|
+
- collapseable_section_end "injectvars"
|
|
780
855
|
- set +e
|
|
781
856
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_stage_www_GCLOUD_DEPLOY_credentialsKey")
|
|
782
857
|
- gcloud run services delete pan-test-app-stage-www --project=asdf --region=asia-east1
|
|
@@ -810,34 +885,52 @@ variables:
|
|
|
810
885
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
811
886
|
KUBERNETES_MEMORY_LIMIT: 4Gi
|
|
812
887
|
script:
|
|
813
|
-
-
|
|
888
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
814
889
|
- export ENV_SHORT="prod"
|
|
815
890
|
- export APP_DIR="www"
|
|
816
891
|
- export ENV_TYPE="prod"
|
|
817
892
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
818
893
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
819
894
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
820
|
-
- export
|
|
895
|
+
- export HOSTNAME="$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
821
896
|
- export ROOT_URL="https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
822
|
-
- export
|
|
823
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
897
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
824
898
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
825
899
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
826
900
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
827
901
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_prod_www_GCLOUD_DEPLOY_credentialsKey"
|
|
828
902
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
829
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
830
|
-
-
|
|
903
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
904
|
+
- collapseable_section_end "injectvars"
|
|
905
|
+
- collapseable_section_start "write-dotenv-www" "write dot env for www"
|
|
906
|
+
- |-
|
|
907
|
+
cat <<EOF > www/.env
|
|
908
|
+
ENV_SHORT=prod
|
|
909
|
+
APP_DIR=www
|
|
910
|
+
ENV_TYPE=prod
|
|
911
|
+
HOSTNAME=$(printf %s "$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
912
|
+
ROOT_URL=$(printf %s "https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
913
|
+
HOSTNAME_INTERNAL=$(printf %s "$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
914
|
+
ROOT_URL_INTERNAL=$(printf %s "https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | escapeForDotEnv)
|
|
915
|
+
DEPLOY_CLOUD_RUN_PROJECT_ID=asdf
|
|
916
|
+
DEPLOY_CLOUD_RUN_REGION=asia-east1
|
|
917
|
+
GCLOUD_DEPLOY_credentialsKey=$(printf %s "$CL_prod_www_GCLOUD_DEPLOY_credentialsKey" | escapeForDotEnv)
|
|
918
|
+
GCLOUD_RUN_canonicalHostSuffix=$(printf %s "$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | escapeForDotEnv)
|
|
919
|
+
_ALL_ENV_VAR_KEYS=["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
920
|
+
EOF
|
|
921
|
+
- collapseable_section_end "write-dotenv-www"
|
|
831
922
|
- echo '{"id":"$(git describe --tags 2>/dev/null || git rev-parse HEAD)","time":"$CI_JOB_STARTED_AT"}' > www/__build_info.json
|
|
832
|
-
-
|
|
923
|
+
- collapseable_section_start "nodeinstall" "Ensure node version"
|
|
833
924
|
- if [ -f ~/.nvm/nvm.sh ]; then source ~/.nvm/nvm.sh; fi
|
|
834
925
|
- if command -v nvm &> /dev/null && [ -f ./.nvmrc ]; then nvm install; fi
|
|
835
|
-
-
|
|
926
|
+
- collapseable_section_end "nodeinstall"
|
|
836
927
|
- cd www
|
|
837
928
|
artifacts:
|
|
838
929
|
paths:
|
|
839
930
|
- www/__build_info.json
|
|
840
931
|
- www/dist
|
|
932
|
+
exclude:
|
|
933
|
+
- www/.env
|
|
841
934
|
expire_in: 1 day
|
|
842
935
|
when: always
|
|
843
936
|
reports: {}
|
|
@@ -863,27 +956,27 @@ variables:
|
|
|
863
956
|
KUBERNETES_MEMORY_REQUEST: 1Gi
|
|
864
957
|
KUBERNETES_MEMORY_LIMIT: 2Gi
|
|
865
958
|
script:
|
|
866
|
-
-
|
|
959
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
867
960
|
- export APP_DIR="www"
|
|
868
961
|
- export DOCKER_BUILD_CONTEXT="."
|
|
869
962
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
870
963
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/www"
|
|
871
964
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
872
965
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
873
|
-
-
|
|
966
|
+
- collapseable_section_end "injectvars"
|
|
874
967
|
- ensureNginxDockerfile
|
|
875
|
-
-
|
|
968
|
+
- collapseable_section_start "docker-login" "Docker Login"
|
|
876
969
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_prod_www_GCLOUD_DEPLOY_credentialsKey")
|
|
877
970
|
- gcloud auth configure-docker asia-east1-docker.pkg.dev
|
|
878
|
-
-
|
|
879
|
-
-
|
|
971
|
+
- collapseable_section_end "docker-login"
|
|
972
|
+
- collapseable_section_start "docker-build" "Docker build"
|
|
880
973
|
- docker build --network host --cache-from $DOCKER_CACHE_IMAGE --tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG -f $APP_DIR/Dockerfile $DOCKER_BUILD_CONTEXT --build-arg BUILDKIT_INLINE_CACHE=1
|
|
881
|
-
-
|
|
882
|
-
-
|
|
974
|
+
- collapseable_section_end "docker-build"
|
|
975
|
+
- collapseable_section_start "docker-push" "Docker push and tag"
|
|
883
976
|
- docker push $DOCKER_IMAGE:$DOCKER_IMAGE_TAG
|
|
884
977
|
- docker tag $DOCKER_IMAGE:$DOCKER_IMAGE_TAG $DOCKER_CACHE_IMAGE
|
|
885
978
|
- docker push $DOCKER_CACHE_IMAGE
|
|
886
|
-
-
|
|
979
|
+
- collapseable_section_end "docker-push"
|
|
887
980
|
rules:
|
|
888
981
|
- if: $CI_COMMIT_TAG
|
|
889
982
|
needs:
|
|
@@ -895,8 +988,8 @@ variables:
|
|
|
895
988
|
image: aquasec/trivy:0.38.3
|
|
896
989
|
variables: {}
|
|
897
990
|
script:
|
|
898
|
-
-
|
|
899
|
-
-
|
|
991
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
992
|
+
- collapseable_section_end "injectvars"
|
|
900
993
|
- trivy fs --quiet --format cyclonedx --output "__sbom.json" www
|
|
901
994
|
artifacts:
|
|
902
995
|
paths:
|
|
@@ -915,35 +1008,34 @@ variables:
|
|
|
915
1008
|
KUBERNETES_MEMORY_REQUEST: 200Mi
|
|
916
1009
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
917
1010
|
script:
|
|
918
|
-
-
|
|
1011
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
919
1012
|
- export ENV_SHORT="prod"
|
|
920
1013
|
- export APP_DIR="www"
|
|
921
1014
|
- export ENV_TYPE="prod"
|
|
922
1015
|
- export BUILD_INFO_BUILD_ID="$(git describe --tags 2>/dev/null || git rev-parse HEAD)"
|
|
923
1016
|
- export BUILD_INFO_BUILD_TIME="$CI_JOB_STARTED_AT"
|
|
924
1017
|
- export BUILD_INFO_CURRENT_VERSION="$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")"
|
|
925
|
-
- export
|
|
1018
|
+
- export HOSTNAME="$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
926
1019
|
- export ROOT_URL="https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
927
|
-
- export
|
|
928
|
-
- export HOST_CANONICAL="$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
1020
|
+
- export HOSTNAME_INTERNAL="$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
929
1021
|
- export ROOT_URL_INTERNAL="https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')"
|
|
930
1022
|
- export DEPLOY_CLOUD_RUN_PROJECT_ID="asdf"
|
|
931
1023
|
- export DEPLOY_CLOUD_RUN_REGION="asia-east1"
|
|
932
1024
|
- export GCLOUD_DEPLOY_credentialsKey="$CL_prod_www_GCLOUD_DEPLOY_credentialsKey"
|
|
933
1025
|
- export GCLOUD_RUN_canonicalHostSuffix="$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix"
|
|
934
|
-
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"
|
|
1026
|
+
- export _ALL_ENV_VAR_KEYS="[\\"ENV_SHORT\\",\\"APP_DIR\\",\\"ENV_TYPE\\",\\"BUILD_INFO_BUILD_ID\\",\\"BUILD_INFO_BUILD_TIME\\",\\"BUILD_INFO_CURRENT_VERSION\\",\\"HOSTNAME\\",\\"ROOT_URL\\",\\"HOSTNAME_INTERNAL\\",\\"ROOT_URL_INTERNAL\\",\\"DEPLOY_CLOUD_RUN_PROJECT_ID\\",\\"DEPLOY_CLOUD_RUN_REGION\\",\\"GCLOUD_DEPLOY_credentialsKey\\",\\"GCLOUD_RUN_canonicalHostSuffix\\"]"
|
|
935
1027
|
- export DOCKER_REGISTRY="asia-east1-docker.pkg.dev"
|
|
936
1028
|
- export DOCKER_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/www"
|
|
937
1029
|
- export DOCKER_CACHE_IMAGE="asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www"
|
|
938
1030
|
- export DOCKER_IMAGE_TAG="$CI_COMMIT_SHA"
|
|
939
1031
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
940
|
-
-
|
|
941
|
-
-
|
|
1032
|
+
- collapseable_section_end "injectvars"
|
|
1033
|
+
- collapseable_section_start "prepare" "Prepare..."
|
|
942
1034
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_prod_www_GCLOUD_DEPLOY_credentialsKey")
|
|
943
1035
|
- export GCLOUD_PROJECT_NUMBER=$(gcloud projects describe asdf --format="value(projectNumber)")
|
|
944
1036
|
- 'echo "GCLOUD_PROJECT_NUMBER: $GCLOUD_PROJECT_NUMBER"'
|
|
945
|
-
-
|
|
946
|
-
-
|
|
1037
|
+
- collapseable_section_end "prepare"
|
|
1038
|
+
- collapseable_section_start "writeenvvars" "Write env vars to file"
|
|
947
1039
|
- |
|
|
948
1040
|
cat > ____envvars.yaml <<EOF
|
|
949
1041
|
ENV_SHORT: |-
|
|
@@ -953,40 +1045,38 @@ variables:
|
|
|
953
1045
|
ENV_TYPE: |-
|
|
954
1046
|
prod
|
|
955
1047
|
BUILD_INFO_BUILD_ID: |-
|
|
956
|
-
|
|
1048
|
+
$(printf %s "$(git describe --tags 2>/dev/null || git rev-parse HEAD)" | sed '1!s/^/ /')
|
|
957
1049
|
BUILD_INFO_BUILD_TIME: |-
|
|
958
|
-
|
|
1050
|
+
$(printf %s "$CI_JOB_STARTED_AT" | sed '1!s/^/ /')
|
|
959
1051
|
BUILD_INFO_CURRENT_VERSION: |-
|
|
960
|
-
|
|
961
|
-
|
|
962
|
-
|
|
1052
|
+
$(printf %s "$(tag=$(git ls-remote origin "refs/tags/v*[0-9]" 2>/dev/null | cut -f 2- | sort -V | tail -1 | sed 's/refs\\/tags\\/v//'); [ -z "$tag" ] && echo "0.0.0" || echo "$tag")" | sed '1!s/^/ /')
|
|
1053
|
+
HOSTNAME: |-
|
|
1054
|
+
$(printf %s "$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
963
1055
|
ROOT_URL: |-
|
|
964
|
-
|
|
965
|
-
|
|
966
|
-
|
|
967
|
-
HOST_CANONICAL: |-
|
|
968
|
-
$(printf %s "$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed 's/^/ /')
|
|
1056
|
+
$(printf %s "https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
1057
|
+
HOSTNAME_INTERNAL: |-
|
|
1058
|
+
$(printf %s "$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
969
1059
|
ROOT_URL_INTERNAL: |-
|
|
970
|
-
|
|
1060
|
+
$(printf %s "https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" | sed '1!s/^/ /')
|
|
971
1061
|
DEPLOY_CLOUD_RUN_PROJECT_ID: |-
|
|
972
1062
|
asdf
|
|
973
1063
|
DEPLOY_CLOUD_RUN_REGION: |-
|
|
974
1064
|
asia-east1
|
|
975
1065
|
GCLOUD_RUN_canonicalHostSuffix: |-
|
|
976
|
-
|
|
1066
|
+
$(printf %s "$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | sed '1!s/^/ /')
|
|
977
1067
|
_ALL_ENV_VAR_KEYS: |-
|
|
978
|
-
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","
|
|
1068
|
+
["ENV_SHORT","APP_DIR","ENV_TYPE","BUILD_INFO_BUILD_ID","BUILD_INFO_BUILD_TIME","BUILD_INFO_CURRENT_VERSION","HOSTNAME","ROOT_URL","HOSTNAME_INTERNAL","ROOT_URL_INTERNAL","DEPLOY_CLOUD_RUN_PROJECT_ID","DEPLOY_CLOUD_RUN_REGION","GCLOUD_DEPLOY_credentialsKey","GCLOUD_RUN_canonicalHostSuffix"]
|
|
979
1069
|
|
|
980
1070
|
EOF
|
|
981
|
-
-
|
|
982
|
-
-
|
|
1071
|
+
- collapseable_section_end "writeenvvars"
|
|
1072
|
+
- collapseable_section_start "deploy" "Deploy to cloud run"
|
|
983
1073
|
- gcloud run deploy pan-test-app-prod-www --command="" --image=asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/www:$DOCKER_IMAGE_TAG --project=asdf --region=asia-east1 --labels=customer-name=pan,component-name=www,app-name=test-app,env-type=prod,env-name=prod,build-type=custom,cloud-run-service-name=pan-test-app-prod-www --env-vars-file=____envvars.yaml --min-instances=0 --max-instances=100 --cpu-throttling --allow-unauthenticated --ingress=all --cpu-boost
|
|
984
|
-
-
|
|
985
|
-
-
|
|
1074
|
+
- collapseable_section_end "deploy"
|
|
1075
|
+
- collapseable_section_start "cleanup" "Cleanup"
|
|
986
1076
|
- gcloud run revisions list --project=asdf --region=asia-east1 --service=pan-test-app-prod-www --limit=unlimited --sort-by=metadata.creationTimestamp --format="value(name)" --filter='(status.conditions.status=False OR status.conditions.status=Unknown)' | tail -n +6 | while read -r revisionname; do gcloud run revisions delete --project=asdf --region=asia-east1 --quiet $revisionname ; done
|
|
987
1077
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +7 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/prod/www@$version --quiet --delete-tags; done
|
|
988
1078
|
- gcloud artifacts docker images list asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www --sort-by=~CREATE_TIME --format="value(version)" | tail -n +2 | while read -r version; do gcloud artifacts docker images delete asia-east1-docker.pkg.dev/asdf/catladder-deploy/pan-test-app/caches/www@$version --quiet --delete-tags; done
|
|
989
|
-
-
|
|
1079
|
+
- collapseable_section_end "cleanup"
|
|
990
1080
|
- echo 'Uploading SBOM to Dependency Track'
|
|
991
1081
|
- /dtrackuploader https://dep.panter.swiss/ "$DT_KEY_PROD" upload "pan-test-app/www" "https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" "__sbom.json" vex.json || true
|
|
992
1082
|
- echo "CL_GITLAB_ENVIRONMENT_URL=https://$(printf %s "pan-test-app-prod-www-$CL_prod_www_GCLOUD_RUN_canonicalHostSuffix" | awk '{print tolower($0)}')" >> gitlab_environment.env
|
|
@@ -1019,9 +1109,9 @@ variables:
|
|
|
1019
1109
|
KUBERNETES_MEMORY_LIMIT: 400Mi
|
|
1020
1110
|
GIT_STRATEGY: none
|
|
1021
1111
|
script:
|
|
1022
|
-
-
|
|
1112
|
+
- collapseable_section_start "injectvars" "Injecting variables"
|
|
1023
1113
|
- export CLOUDSDK_CORE_DISABLE_PROMPTS="1"
|
|
1024
|
-
-
|
|
1114
|
+
- collapseable_section_end "injectvars"
|
|
1025
1115
|
- set +e
|
|
1026
1116
|
- gcloud auth activate-service-account --key-file=<(echo "$CL_prod_www_GCLOUD_DEPLOY_credentialsKey")
|
|
1027
1117
|
- gcloud run services delete pan-test-app-prod-www --project=asdf --region=asia-east1
|