Skip to content
Snippets Groups Projects
Commit bd9f9dec authored by Etienne LOUPIAS's avatar Etienne LOUPIAS
Browse files

feat(ci): add openshift

parent 663f1121
No related branches found
No related tags found
2 merge requests!907V3.2.0,!839feat(ci): add openshift
Hide whitespace changes
Inline Side-by-side
.gitlab-ci.yml
+ 45
92
View file @ bd9f9dec
stages:
- build
- quality
- deploy
- quality
default:
services:
- name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:24.0.2-dind
- name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:25-dind
alias: docker
before_script:
- export IMAGE_TAG=$CI_COMMIT_REF_NAME
- if [ "$CI_COMMIT_REF_NAME" == "master" ]; then export IMAGE_TAG="stable"; fi
- echo $IMAGE_TAG
variables:
DEPENDENCY_PROXY: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/
build_branch:
variables:
DOCKER_TLS_CERTDIR: ''
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
only:
- merge_requests
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:24.0.2
stage: build
except:
- master
- recette
- dev
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --pull -t "$CI_REGISTRY_IMAGE/feat:$CI_COMMIT_REF_SLUG" --build-arg conf=prod .
- docker push "$CI_REGISTRY_IMAGE/feat:$CI_COMMIT_REF_SLUG"
build:
variables:
DOCKER_TLS_CERTDIR: ''
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:24.0.2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:25
stage: build
only:
- master
- recette
- dev
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --pull -t "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" --build-arg conf=prod .
- docker push "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
- docker login ${CI_DEPENDENCY_PROXY_SERVER} -u ${CI_DEPENDENCY_PROXY_USER} -p ${CI_DEPENDENCY_PROXY_PASSWORD}
- docker build --pull -t "$CI_REGISTRY_IMAGE:$IMAGE_TAG" --build-arg DEPENDENCY_PROXY="$DEPENDENCY_PROXY" .
- docker push "$CI_REGISTRY_IMAGE:$IMAGE_TAG"
build-release:
build-tag:
variables:
DOCKER_TLS_CERTDIR: ''
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:24.0.2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:25
stage: build
only:
- tags
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --pull -t "$CI_REGISTRY_IMAGE/tags:$CI_COMMIT_TAG" --build-arg conf=prod .
- docker push "$CI_REGISTRY_IMAGE/tags:$CI_COMMIT_TAG"
build_dev:
variables:
DOCKER_TLS_CERTDIR: ''
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:24.0.2
stage: build
only:
- dev
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --pull -t "$CI_REGISTRY_IMAGE:dev" --build-arg conf=dev .
- docker push "$CI_REGISTRY_IMAGE:dev"
- docker login ${CI_DEPENDENCY_PROXY_SERVER} -u ${CI_DEPENDENCY_PROXY_USER} -p ${CI_DEPENDENCY_PROXY_PASSWORD}
- docker build --pull -t "$CI_REGISTRY_IMAGE:$IMAGE_TAG" --build-arg DEPENDENCY_PROXY="$DEPENDENCY_PROXY" .
- docker push "$CI_REGISTRY_IMAGE:$IMAGE_TAG"
build-storybook:
variables:
DOCKER_TLS_CERTDIR: ''
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:24.0.2
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:25
stage: build
rules:
- if: $CI_COMMIT_BRANCH == "dev"
......@@ -94,7 +62,8 @@ build-storybook:
allow_failure: true
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --pull -t "$CI_REGISTRY_IMAGE/storybook:$IMAGE_TAG" -f .storybook/Dockerfile .
- docker login ${CI_DEPENDENCY_PROXY_SERVER} -u ${CI_DEPENDENCY_PROXY_USER} -p ${CI_DEPENDENCY_PROXY_PASSWORD}
- docker build --pull -t "$CI_REGISTRY_IMAGE/storybook:$IMAGE_TAG" -f .storybook/Dockerfile --build-arg DEPENDENCY_PROXY="$DEPENDENCY_PROXY" .
- docker push "$CI_REGISTRY_IMAGE/storybook:$IMAGE_TAG"
deploy_dev:
......@@ -113,23 +82,6 @@ deploy_dev:
name: dev
url: https://resin-dev.grandlyon.com
deploy_rec:
stage: deploy
tags:
- deploy
only:
- recette
script:
- cd /home/mps/ram
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker-compose pull web-app-rec
- docker-compose up -d web-app-rec
- docker system prune -a -f
when: manual
environment:
name: rec
url: https://resin-rec.grandlyon.com
sonarqube:
stage: quality
only:
......@@ -154,33 +106,7 @@ sonarqube:
-Dsonar.login=${SONAR_TOKEN}
-Dsonar.qualitygate.wait=true
sonarqube-mr:
stage: quality
only:
- merge_requests
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/sonarsource/sonar-scanner-cli:4
variables:
SONAR_USER_HOME: '${CI_PROJECT_DIR}/.sonar' # Defines the location of the analysis task cache
GIT_DEPTH: '0' # T
cache:
key: '${CI_JOB_NAME}'
paths:
- .sonar/cache
script:
- >
sonar-scanner
-Dsonar.projectName=${SONAR_PROJECT_KEY}
-Dsonar.projectVersion=1.0
-Dsonar.sourceEncoding=UTF-8
-Dsonar.projectBaseDir=.
-Dsonar.host.url=${SONAR_URL}
-Dsonar.projectKey=${SONAR_PROJECT_KEY}
-Dsonar.login=${SONAR_MR_TOKEN}
-Dsonar.qualitygate.wait=true
.deploy:
# Use extended image with envsubst installed
image: registry.forge.grandlyon.com/openshift-as-code/reposit-gl/oc-client:4.10_extended
script:
- if [ "$CI_ENVIRONMENT_NAME" == "dev" ]; then export KUBECONFIG=$KUBECONFIG_DEV; fi
- if [ "$CI_ENVIRONMENT_NAME" == "rec" ]; then export KUBECONFIG=$KUBECONFIG_REC; fi
......@@ -192,18 +118,19 @@ sonarqube-mr:
- mkdir -p k8s/env
# Use envsubst to substitute env variables in all deployment/*.yml files
- cd k8s ; for f in *.yml; do envsubst < $f > env/$f ; done ; cd ..
- if [ "$CI_ENVIRONMENT_NAME" != "dev" ]; then rm k8s/env/90-res-storybook.yml; fi
- ls k8s/env/
- oc whoami
- oc apply -f k8s/env/
- oc delete pod -l app=res-storybook
- if [ "$CI_ENVIRONMENT_NAME" == "dev" ]; then oc delete pod -l app=res-client; fi
- if [ "$CI_ENVIRONMENT_NAME" == "dev" ]; then oc delete pod -l app=res-storybook; fi
tags:
- ns-res-$NAMESPACE_ENV-syn
deploy_10_dev:
deploy-10-dev:
stage: deploy
inherit:
default: [before_script]
variables: false
extends: .deploy
environment:
name: dev
......@@ -211,3 +138,29 @@ deploy_10_dev:
NAMESPACE_ENV: "d01"
only:
- dev
deploy-20-rec:
stage: deploy
inherit:
default: [before_script]
extends: .deploy
environment:
name: rec
variables:
NAMESPACE_ENV: "r01"
when: manual
only:
- tags
deploy-30-pro:
stage: deploy
inherit:
default: [before_script]
extends: .deploy
environment:
name: pro
variables:
NAMESPACE_ENV: "p01"
when: manual
only:
- tags
Dockerfile
+ 4
3
View file @ bd9f9dec
......@@ -25,7 +25,10 @@ ARG conf
RUN npm run build:prod
# Stage 1, based on Nginx, to have only the compiled app
FROM ${DEPENDENCY_PROXY}nginx
FROM ${DEPENDENCY_PROXY}nginxinc/nginx-unprivileged:1.25
# Copy nginx modified conf
COPY nginx/default.conf /etc/nginx/conf.d/default.conf
# copy artifact build from the 'build environment'
COPY --from=build /app/dist/fr /usr/share/nginx/html
......@@ -33,10 +36,8 @@ COPY --from=build /app/dist/fr /usr/share/nginx/html
# Add outdated browser page
ADD ./nginx/outdated.html /usr/share/nginx/html
RUN touch /var/run/nginx.pid
RUN ls -l /usr/share/nginx/html
# expose port 8080
EXPOSE 8080
......
k8s/10-res-client.yml 0 → 100644
+ 75
0
View file @ bd9f9dec
kind: Deployment
apiVersion: apps/v1
metadata:
name: res-client-deployment
spec:
replicas: 1
selector:
matchLabels:
app: res-client
template:
metadata:
labels:
app: res-client
spec:
volumes:
- name: res-pvc-files
persistentVolumeClaim:
claimName: pvc-01-ns-res-$NAMESPACE_ENV-syn-claim
containers:
- name: res-client
image: registry.forge.grandlyon.com/web-et-numerique/factory/pamn_plateforme-des-acteurs-de-la-mediation-numerique/pamn_client:$IMAGE_TAG
imagePullPolicy: Always
volumeMounts:
- mountPath: /usr/share/nginx/html/shared
name: res-pvc-files
subPath: "shared"
ports:
- containerPort: 8080
protocol: TCP
readinessProbe:
httpGet:
path: /
port: 8080
livenessProbe:
httpGet:
path: /
port: 8080
resources:
requests:
memory: 50Mi
cpu: 50m
limits:
memory: 50Mi
cpu: 50m
imagePullSecrets:
- name: forge-secret
---
kind: Service
apiVersion: v1
metadata:
name: res-client-service
spec:
selector:
app: res-client
ports:
- protocol: TCP
port: 8080
targetPort: 8080
---
kind: Route
apiVersion: route.openshift.io/v1
metadata:
name: res-client-route
spec:
host: resin${URL_ENV_SUFFIX}${URL_APPS_SUFFIX}.grandlyon.com
to:
kind: Service
name: res-client-service
port:
targetPort: 8080
wildcardPolicy: None
tls:
termination: edge
insecureEdgeTerminationPolicy: Redirect
certificate: $HTTPS_CERTIFICATE
k8s/90-res-storybook.yml
+ 2
2
View file @ bd9f9dec
......@@ -32,8 +32,8 @@ spec:
memory: 50Mi
cpu: 20m
limits:
memory: 500Mi
cpu: 500m
memory: 50Mi
cpu: 50m
imagePullSecrets:
- name: forge-secret
---
......
nginx/default.conf 0 → 100644
+ 83
0
View file @ bd9f9dec
map $http_user_agent $outdated {
default 0;
"~MSIE [1-10]\." 1;
"~Trident/[5-7]\." 1;
"~Mozilla.*Firefox/[1-9]\." 1;
"~Mozilla.*Firefox/[0-2][0-9]\." 1;
"~Mozilla.*Firefox/3[0-1]\." 1;
"~Opera.*Version/[0-9]\." 1;
"~Opera.*Version/[0-1][0-9]\." 1;
"~Opera.*Version/2[0-1]\." 1;
"~AppleWebKit.*Version/[0-6]\..*Safari" 1;
"~Chrome/[0-9]\." 1;
"~Chrome/[0-2][0-9]\." 1;
"~Chrome/3[0-3]\." 1;
}
server {
listen 8080 default_server;
root /usr/share/nginx/html/;
server_tokens off;
## get the calling real ip behind the haproxy ( https://nginx.org/en/docs/http/ngx_http_realip_module.html )
set_real_ip_from 10.131.2.2;
set_real_ip_from 10.4.75.2;
real_ip_header X-Forwarded-For;
##real_ip_recursive on;
#allow 10.131.2.2; # haproxy
#allow 10.131.0.2; # probe
#allow 10.128.4.2; # probe
#allow 80.14.51.82; # Erasme
#deny all;
location / {
add_header X-Frame-Options SAMEORIGIN always;
add_header X-Content-Type-Options nosniff;
# Redirect outdated navigator
if ($outdated = 1){
rewrite ^ /outdated.html break;
}
# First attempt to serve request as file, then
# as directory, then fall back to displaying a 404.
# Angular routed apps must fall back to index.html ( https://angular.io/guide/deployment#server-configuration )
try_files $uri $uri/ /index.html;
}
location /api {
proxy_pass http://res-server-service:3000;
}
# temp to remove
# https://ghost.org/docs/faq/proxying-https-infinite-loops/
location ~* (/blog) {
expires epoch;
proxy_no_cache 1;
proxy_pass http://res-ghost-service:2368;
}
location /base-adresse/base-adresse-nationale/streets {
proxy_pass https://passerelle.formulaireextranet.grandlyon.com/base-adresse/base-adresse-nationale/streets;
}
location /geocoding/photon/api {
proxy_pass https://download.data.grandlyon.com/geocoding/photon/api;
}
location /reverse {
proxy_pass https://api-adresse.data.gouv.fr/reverse;
}
location /wfs/grandlyon {
proxy_pass https://download.data.grandlyon.com/wfs/grandlyon;
}
# REALLY important for JavaScript modules (type="module") to work as expected!!!
location ~ \.js {
add_header Content-Type text/javascript;
}
}
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment