From 1ff15eba59e8b5bc41e710a1612e597e88e1e6ca Mon Sep 17 00:00:00 2001 From: "fabiano.fernandes@stg.stackspot.com" Date: Mon, 9 Sep 2024 14:29:45 -0300 Subject: [PATCH] Add new workflow Gitlab Signed-off-by: fabiano.fernandes@stg.stackspot.com --- .gitlab-ci.yml | 75 ++++++++++++++++++++++++++++++++++++++++++++++++ README-gitlab.md | 34 ++++++++++++++++++++++ 2 files changed, 109 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 README-gitlab.md diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..a3d9047 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,75 @@ +stages: + - deploy + +variables: + FEATURES_LEVEL_LOG: $FEATURES_LEVEL_LOG + CLIENT_ID: $CLIENT_ID + CLIENT_KEY: $CLIENT_KEY + CLIENT_REALM: $CLIENT_REALM + REPOSITORY_NAME: $REPOSITORY_NAME + AWS_ACCESS_KEY_ID: $AWS_ACCESS_KEY_ID + AWS_SECRET_ACCESS_KEY: $AWS_SECRET_ACCESS_KEY + AWS_SESSION_TOKEN: $AWS_SESSION_TOKEN + AWS_REGION: $AWS_REGION + AWS_ROLE_ARN: $AWS_ROLE_ARN + RUN_TASK_ID: $RUN_TASK_ID + CONTAINER_URL: ${CONTAINER_URL:-stackspot/runtime-job-deploy:latest} + FEATURES_TERRAFORM_MODULES: $FEATURES_TERRAFORM_MODULES + PATH_TO_MOUNT: ${PATH_TO_MOUNT:-$CI_PROJECT_DIR} + OUTPUT_FILE: ${OUTPUT_FILE:-outputs.json} + LOCALEXEC_ENABLED: ${LOCALEXEC_ENABLED:-false} + TF_LOG_PROVIDER: $TF_LOG_PROVIDER + CHECKOUT_BRANCH: ${CHECKOUT_BRANCH:-'false'} + +deploy: + stage: deploy + script: + - | + if [ "$CHECKOUT_BRANCH" != 'false' ]; then + git checkout $CI_COMMIT_REF_NAME + fi + - echo "🤖 OS runner is $(uname)" + - | + if [ -n "$AWS_ROLE_ARN" ]; then + aws sts assume-role --role-arn $AWS_ROLE_ARN --role-session-name gitlab-ci-session > /tmp/creds.json + export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' /tmp/creds.json) + export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' /tmp/creds.json) + export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' /tmp/creds.json) + fi + - | + FLAGS=$(echo "-v $PATH_TO_MOUNT:/app-volume \ + -e FEATURES_LEVEL_LOG=$FEATURES_LEVEL_LOG \ + -e AUTHENTICATE_CLIENT_ID=$CLIENT_ID \ + -e AUTHENTICATE_CLIENT_SECRET=$CLIENT_KEY \ + -e AUTHENTICATE_CLIENT_REALMS=$CLIENT_REALM \ + -e AUTHENTICATE_URL=https://idm.stackspot.com \ + -e REPOSITORY_NAME=$REPOSITORY_NAME \ + -e FEATURES_API_MANAGER=https://runtime-manager.v1.stackspot.com \ + -e FEATURES_BASEPATH_TMP=/tmp/runtime/deploys \ + -e FEATURES_BASEPATH_EBS=/opt/runtime \ + -e FEATURES_TEMPLATES_FILEPATH=/app/ \ + -e FEATURES_BASEPATH_TERRAFORM=/root/.asdf/shims/terraform \ + -e AWS_REGION=$AWS_REGION \ + -e FEATURES_RELEASE_LOCALEXEC=$LOCALEXEC_ENABLED") + + if [ -z "$AWS_ROLE_ARN" ]; then + FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID") + FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY") + FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN") + fi + + if [ -n "$AWS_ROLE_ARN" ]; then + FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID") + FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY") + FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN") + fi + + if [ -n "$TF_LOG_PROVIDER" ]; then + FLAGS=$(echo "$FLAGS -e FEATURES_TERRAFORM_LOGPROVIDER=$TF_LOG_PROVIDER") + fi + + docker run --rm \ + $FLAGS \ + -e FEATURES_TERRAFORM_MODULES='$FEATURES_TERRAFORM_MODULES' \ + --entrypoint=/app/stackspot-runtime-job-deploy \ + $CONTAINER_URL start --run-task-id="$RUN_TASK_ID" --output-file="$OUTPUT_FILE" \ No newline at end of file diff --git a/README-gitlab.md b/README-gitlab.md new file mode 100644 index 0000000..63aac7c --- /dev/null +++ b/README-gitlab.md @@ -0,0 +1,34 @@ +# GitLab CI/CD Workflow for Runtime Action Deploy + +This GitLab CI/CD workflow runs the Runtime Action Deploy with the specified parameters. + +## Inputs + +The following environment variables must be configured in your GitLab CI/CD settings: + +- `FEATURES_LEVEL_LOG`: Log Level (required) +- `CLIENT_ID`: CLIENT ID (required) +- `CLIENT_KEY`: CLIENT KEY (required) +- `CLIENT_REALM`: CLIENT REALM (required) +- `REPOSITORY_NAME`: Git Repository Name (required) +- `AWS_ACCESS_KEY_ID`: AWS ACCESS KEY ID from console (optional) +- `AWS_SECRET_ACCESS_KEY`: AWS SECRET ACCESS KEY from console (optional) +- `AWS_SESSION_TOKEN`: AWS SESSION TOKEN from console (optional) +- `AWS_REGION`: AWS REGION (required) +- `AWS_ROLE_ARN`: AWS ROLE ARN (optional) +- `RUN_TASK_ID`: Runtime Run Task Id (required) +- `CONTAINER_URL`: Deploy Container URL (optional, default: `stackspot/runtime-job-deploy:latest`) +- `FEATURES_TERRAFORM_MODULES`: Terraform Modules (optional) +- `PATH_TO_MOUNT`: Path to mount inside the docker (optional, default: `$CI_PROJECT_DIR`) +- `OUTPUT_FILE`: File name to save outputs (optional, default: `outputs.json`) +- `LOCALEXEC_ENABLED`: If Runtimes will allow execution of the local-exec command within terraform (optional, default: `false`) +- `TF_LOG_PROVIDER`: Level tf log provider - info, debug, warn or trace (optional) +- `CHECKOUT_BRANCH`: Whether or not checkout is enabled (optional, default: `false`) + +## Usage + +To use this workflow, add the above environment variables to your GitLab CI/CD settings and include the `.gitlab-ci.yml` file in your repository. + +```yaml +include: + - local: '.gitlab-ci.yml' \ No newline at end of file