Merge branch 'add-review-app' into 'master'

Add review app Closes #52188 and #49569 See merge request gitlab-org/gitlab-ce!22010
author: Marin Jankovski <marin@gitlab.com> 2018-10-23 18:00:02 +0000
committer: Marin Jankovski <marin@gitlab.com> 2018-10-23 18:00:02 +0000
commit: d25a8ed076aea797ad71cbfaf895cfab190bfcfd (patch)
tree: 91b9f532367c59e540a43f2fe06feadf643d6f42
parent: 3e18ac0e9ac04b4efce4c55748b8db12c5e42c3e (diff)
parent: 151a6c334913833c69b56e42500aba39ebd994d4 (diff)
download: gitlab-ce-d25a8ed076aea797ad71cbfaf895cfab190bfcfd.tar.gz
2 files changed, 125 insertions, 5 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index b3593df8b13..ccc9e640970 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -139,7 +139,7 @@ stages:
     - export SCRIPT_NAME="${SCRIPT_NAME:-$CI_JOB_NAME}"
     - apk add --update openssl
     - wget $CI_PROJECT_URL/raw/$CI_COMMIT_SHA/scripts/$SCRIPT_NAME
-    - chmod 755 $SCRIPT_NAME
+    - chmod 755 $(basename $SCRIPT_NAME)
 
 .rake-exec: &rake-exec
   <<: *dedicated-no-docs-no-db-pull-cache-job
@@ -929,3 +929,94 @@ no_ee_check:
     - scripts/no-ee-check
   only:
     - //@gitlab-org/gitlab-ce
+
+# GitLab Review apps
+review:
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
+  stage: test
+  allow_failure: true
+  before_script:
+    - gem install gitlab --no-document
+  variables:
+    GIT_DEPTH: "1"
+    HOST_SUFFIX: "$CI_ENVIRONMENT_SLUG"
+    DOMAIN: "-$CI_ENVIRONMENT_SLUG.$REVIEW_APPS_DOMAIN"
+    GITLAB_HELM_CHART_REF: "master"
+  script:
+    - export GITLAB_SHELL_VERSION=$(<GITLAB_SHELL_VERSION)
+    - export GITALY_VERSION=$(<GITALY_SERVER_VERSION)
+    - export GITLAB_WORKHORSE_VERSION=$(<GITLAB_WORKHORSE_VERSION)
+    - source ./scripts/review_apps/review-apps.sh
+    - BUILD_TRIGGER_TOKEN=$REVIEW_APPS_BUILD_TRIGGER_TOKEN ./scripts/trigger-build cng
+    - check_kube_domain
+    - download_gitlab_chart
+    - ensure_namespace
+    - install_tiller
+    - create_secret
+    - install_external_dns
+    - deploy
+  environment:
+    name: review/$CI_COMMIT_REF_NAME
+    url: https://gitlab-$CI_ENVIRONMENT_SLUG.$REVIEW_APPS_DOMAIN
+    on_stop: stop_review
+  only:
+    refs:
+      - branches@gitlab-org/gitlab-ce
+      - branches@gitlab-org/gitlab-ee
+    kubernetes: active
+  except:
+    refs:
+      - master
+      - /(^docs[\/-].*|.*-docs$)/
+
+stop_review:
+  <<: *single-script-job
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
+  stage: test
+  allow_failure: true
+  cache: {}
+  dependencies: []
+  variables:
+    SCRIPT_NAME: "review_apps/review-apps.sh"
+  script:
+    - source $(basename "${SCRIPT_NAME}")
+    - delete
+    - cleanup
+  when: manual
+  environment:
+    name: review/$CI_COMMIT_REF_NAME
+    action: stop
+  only:
+    refs:
+      - branches@gitlab-org/gitlab-ce
+      - branches@gitlab-org/gitlab-ee
+    kubernetes: active
+  except:
+    - master
+    - /(^docs[\/-].*|.*-docs$)/
+
+schedule:review_apps_cleanup:
+  <<: *dedicated-no-docs-pull-cache-job
+  image: registry.gitlab.com/gitlab-org/gitlab-build-images:gitlab-charts-build-base
+  stage: build
+  allow_failure: true
+  cache: {}
+  dependencies: []
+  before_script:
+    - gem install gitlab --no-document
+  variables:
+    GIT_DEPTH: "1"
+  script:
+    - ruby -rrubygems scripts/review_apps/automated_cleanup.rb
+  environment:
+    name: review/auto-cleanup
+    action: stop
+  only:
+    refs:
+      - schedules@gitlab-org/gitlab-ce
+      - schedules@gitlab-org/gitlab-ee
+    kubernetes: active
+  except:
+    - master
+    - tags
+    - /(^docs[\/-].*|.*-docs$)/
diff --git a/scripts/review_apps/review-apps.sh b/scripts/review_apps/review-apps.sh
index 78293464265..d372bcbdab1 100755
--- a/scripts/review_apps/review-apps.sh
+++ b/scripts/review_apps/review-apps.sh
@@ -47,15 +47,23 @@ function create_secret() {
     --dry-run -o json | kubectl apply -f -
 }
 
+function deployExists() {
+  local namespace="${1}"
+  local deploy="${2}"
+  helm status --tiller-namespace "${namespace}" "${deploy}" >/dev/null 2>&1
+  return $?
+}
+
 function previousDeployFailed() {
   set +e
-  echo "Checking for previous deployment of $CI_ENVIRONMENT_SLUG"
-  deployment_status=$(helm status $CI_ENVIRONMENT_SLUG >/dev/null 2>&1)
+  deploy="${1}"
+  echo "Checking for previous deployment of ${deploy}"
+  deployment_status=$(helm status ${deploy} >/dev/null 2>&1)
   status=$?
   # if `status` is `0`, deployment exists, has a status
   if [ $status -eq 0 ]; then
     echo "Previous deployment found, checking status"
-    deployment_status=$(helm status $CI_ENVIRONMENT_SLUG | grep ^STATUS | cut -d' ' -f2)
+    deployment_status=$(helm status ${deploy} | grep ^STATUS | cut -d' ' -f2)
     echo "Previous deployment state: $deployment_status"
     if [[ "$deployment_status" == "FAILED" || "$deployment_status" == "PENDING_UPGRADE" || "$deployment_status" == "PENDING_INSTALL" ]]; then
       status=0;
@@ -113,7 +121,7 @@ function deploy() {
   fi
 
   # Cleanup and previous installs, as FAILED and PENDING_UPGRADE will cause errors with `upgrade`
-  if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed ; then
+  if [ "$CI_ENVIRONMENT_SLUG" != "production" ] && previousDeployFailed "$CI_ENVIRONMENT_SLUG" ; then
     echo "Deployment in bad state, cleaning up $CI_ENVIRONMENT_SLUG"
     delete
     cleanup
@@ -149,6 +157,7 @@ HELM_CMD=$(cat << EOF
     --set gitlab.gitlab-shell.image.tag="v$GITLAB_SHELL_VERSION" \
     --set gitlab.unicorn.workhorse.image="$gitlab_workhorse_image_repository" \
     --set gitlab.unicorn.workhorse.tag="$CI_COMMIT_REF_NAME" \
+    --set nginx-ingress.controller.config.ssl-ciphers="ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA384:ECDHE-RSA-AES128-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:AES256-GCM-SHA384:AES128-GCM-SHA256:AES256-SHA256:AES128-SHA256:AES256-SHA:AES128-SHA:!aNULL:!eNULL:!EXPORT:!DES:!MD5:!PSK:!RC4" \
     --namespace="$KUBE_NAMESPACE" \
     --version="$CI_PIPELINE_ID-$CI_JOB_ID" \
     "$name" \
@@ -182,3 +191,23 @@ function cleanup() {
     | xargs kubectl -n "$KUBE_NAMESPACE" delete \
     || true
 }
+
+function install_external_dns() {
+  local release_name="dns-gitlab-review-app"
+  local domain=$(echo "${REVIEW_APPS_DOMAIN}" | awk -F. '{printf "%s.%s", $(NF-1), $NF}')
+
+  if ! deployExists "${KUBE_NAMESPACE}" "${release_name}" || previousDeployFailed "${release_name}" ; then
+    echo "Installing external-dns helm chart"
+    helm repo update
+    helm install stable/external-dns \
+      -n "${release_name}" \
+      --namespace "${KUBE_NAMESPACE}" \
+      --set provider="aws" \
+      --set aws.secretKey="${REVIEW_APPS_AWS_SECRET_KEY}" \
+      --set aws.accessKey="${REVIEW_APPS_AWS_ACCESS_KEY}" \
+      --set aws.zoneType="public" \
+      --set domainFilters[0]="${domain}" \
+      --set txtOwnerId="${KUBE_NAMESPACE}" \
+      --set rbac.create="true"
+  fi
+}
author	Marin Jankovski <marin@gitlab.com>	2018-10-23 18:00:02 +0000
committer	Marin Jankovski <marin@gitlab.com>	2018-10-23 18:00:02 +0000
commit	d25a8ed076aea797ad71cbfaf895cfab190bfcfd (patch)
tree	91b9f532367c59e540a43f2fe06feadf643d6f42
parent	3e18ac0e9ac04b4efce4c55748b8db12c5e42c3e (diff)
parent	151a6c334913833c69b56e42500aba39ebd994d4 (diff)
download	gitlab-ce-d25a8ed076aea797ad71cbfaf895cfab190bfcfd.tar.gz