ci: test environment docker image for CI pipelines
This commit includes a Dockerfile for building a test environment for future CI pipelines. This commit also refactors the GitLab CI pipeline files by splitting the jobs into different files: - .gitlab-ci.yml: Global CI pipeline file. - .gitlab/ci/test-env.gitlab-ci.yml: Jobs to test and publish the docker image for the test environment. - .gitlab/ci/playbook.gitlab-ci.yml: Jobs to test and publish the docker image for the pleroma playbook - .gitlab/ci/templates/docker.gitlab-ci.yml: Template jobs for testing and publishing docker images. Part of dananglin/pleroma-ansible-playbook#17
This commit is contained in:
parent
933911aef1
commit
20667709b2
10 changed files with 188 additions and 77 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,6 +1,5 @@
|
||||||
inventories/*
|
inventories/*
|
||||||
!inventories/.gitkeep
|
!inventories/.gitkeep
|
||||||
site.yml
|
|
||||||
vapid-private-key.pem
|
vapid-private-key.pem
|
||||||
|
|
||||||
library/__pycache__/
|
library/__pycache__/
|
||||||
|
|
|
@ -1,79 +1,15 @@
|
||||||
---
|
---
|
||||||
|
workflow:
|
||||||
|
rules:
|
||||||
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||||
|
- if: '$CI_COMMIT_TAG'
|
||||||
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||||
|
|
||||||
stages:
|
stages:
|
||||||
- test
|
- test
|
||||||
- publish
|
- publish
|
||||||
|
|
||||||
.use-python:
|
include:
|
||||||
image: python:3.7.6-slim-buster
|
- local: '/.gitlab/ci/templates/docker.gitlab-ci.yml'
|
||||||
|
- local: '/.gitlab/ci/test-env.gitlab-ci.yml'
|
||||||
.docker-build-setup:
|
- local: '/.gitlab/ci/playbook.gitlab-ci.yml'
|
||||||
image: docker:19.03.8
|
|
||||||
services:
|
|
||||||
- docker:19.03.8-dind
|
|
||||||
|
|
||||||
.install-make: &install-make
|
|
||||||
- apk add --no-cache make
|
|
||||||
|
|
||||||
test:dockerfile-lint:
|
|
||||||
stage: test
|
|
||||||
image: hadolint/hadolint:v1.17.5-alpine
|
|
||||||
script:
|
|
||||||
- hadolint ./Dockerfile
|
|
||||||
only:
|
|
||||||
refs:
|
|
||||||
- merge_requests
|
|
||||||
changes:
|
|
||||||
- Dockerfile
|
|
||||||
except:
|
|
||||||
refs:
|
|
||||||
- master
|
|
||||||
|
|
||||||
test:docker-image-build:
|
|
||||||
stage: test
|
|
||||||
extends: .docker-build-setup
|
|
||||||
script:
|
|
||||||
- *install-make
|
|
||||||
- export IMAGE_DATE=$(date -Iseconds)
|
|
||||||
- make image
|
|
||||||
only:
|
|
||||||
refs:
|
|
||||||
- merge_requests
|
|
||||||
changes:
|
|
||||||
- Dockerfile
|
|
||||||
except:
|
|
||||||
refs:
|
|
||||||
- master
|
|
||||||
|
|
||||||
test:custom-modules:
|
|
||||||
stage: test
|
|
||||||
extends: .use-python
|
|
||||||
before_script:
|
|
||||||
- apt-get update && apt-get install make
|
|
||||||
- pip install ansible==2.9.6
|
|
||||||
script:
|
|
||||||
- make test_modules_unit
|
|
||||||
only:
|
|
||||||
refs:
|
|
||||||
- merge_requests
|
|
||||||
changes:
|
|
||||||
- library/*
|
|
||||||
except:
|
|
||||||
refs:
|
|
||||||
- master
|
|
||||||
|
|
||||||
publish:docker-image:
|
|
||||||
stage: publish
|
|
||||||
extends: .docker-build-setup
|
|
||||||
before_script:
|
|
||||||
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
|
|
||||||
after_script:
|
|
||||||
- docker logout ${CI_REGISTRY}
|
|
||||||
script:
|
|
||||||
- *install-make
|
|
||||||
- export IMAGE_DATE=$(date -Iseconds)
|
|
||||||
- make publish
|
|
||||||
only:
|
|
||||||
- /^v[0-9]+(.[0-9]+){2}$/
|
|
||||||
variables:
|
|
||||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook
|
|
||||||
IMAGE_TAG: ${CI_COMMIT_REF_NAME}
|
|
||||||
|
|
60
.gitlab/ci/playbook.gitlab-ci.yml
Normal file
60
.gitlab/ci/playbook.gitlab-ci.yml
Normal file
|
@ -0,0 +1,60 @@
|
||||||
|
---
|
||||||
|
.use-python:
|
||||||
|
image: python:3.7.6-slim-buster
|
||||||
|
|
||||||
|
.playbook-docker-vars:
|
||||||
|
variables:
|
||||||
|
DOCKERFILE: "Dockerfile"
|
||||||
|
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook
|
||||||
|
IMAGE_TAG: ${CI_COMMIT_REF_NAME}
|
||||||
|
|
||||||
|
.playbook-docker-test-rules:
|
||||||
|
rules:
|
||||||
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||||
|
changes:
|
||||||
|
- "Dockerfile"
|
||||||
|
when: always
|
||||||
|
|
||||||
|
test:playbook:dockerfile-lint:
|
||||||
|
extends:
|
||||||
|
- .dockerfile-lint
|
||||||
|
- .playbook-docker-vars
|
||||||
|
- .playbook-docker-test-rules
|
||||||
|
|
||||||
|
test:playbook:docker-build:
|
||||||
|
extends:
|
||||||
|
- .dockerbuild-test
|
||||||
|
- .playbook-docker-vars
|
||||||
|
- .playbook-docker-test-rules
|
||||||
|
script:
|
||||||
|
- export IMAGE_DATE=$(date -Iseconds)
|
||||||
|
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
||||||
|
- make image
|
||||||
|
|
||||||
|
test:playbook:custom-modules:
|
||||||
|
stage: test
|
||||||
|
extends: .use-python
|
||||||
|
before_script:
|
||||||
|
- apt-get update && apt-get install make
|
||||||
|
- pip install ansible==2.9.7
|
||||||
|
script:
|
||||||
|
- make test_modules_unit
|
||||||
|
only:
|
||||||
|
refs:
|
||||||
|
- merge_requests
|
||||||
|
changes:
|
||||||
|
- library/*
|
||||||
|
except:
|
||||||
|
refs:
|
||||||
|
- master
|
||||||
|
|
||||||
|
publish:playbook:docker-image:
|
||||||
|
extends:
|
||||||
|
- .docker-publish
|
||||||
|
- .playbook-docker-vars
|
||||||
|
script:
|
||||||
|
- export IMAGE_DATE=$(date -Iseconds)
|
||||||
|
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
||||||
|
- make publish
|
||||||
|
only:
|
||||||
|
- /^v[0-9]+(.[0-9]+){2}$/
|
29
.gitlab/ci/templates/docker.gitlab-ci.yml
Normal file
29
.gitlab/ci/templates/docker.gitlab-ci.yml
Normal file
|
@ -0,0 +1,29 @@
|
||||||
|
---
|
||||||
|
.install-make: &install-make
|
||||||
|
- apk add --no-cache make
|
||||||
|
|
||||||
|
.docker-build-setup:
|
||||||
|
image: docker:19.03.8
|
||||||
|
services:
|
||||||
|
- docker:19.03.8-dind
|
||||||
|
|
||||||
|
.dockerfile-lint:
|
||||||
|
stage: test
|
||||||
|
image: hadolint/hadolint:v1.18.0-alpine
|
||||||
|
script:
|
||||||
|
- hadolint ${DOCKERFILE}
|
||||||
|
|
||||||
|
.dockerbuild-test:
|
||||||
|
stage: test
|
||||||
|
extends: .docker-build-setup
|
||||||
|
before_script:
|
||||||
|
- *install-make
|
||||||
|
|
||||||
|
.docker-publish:
|
||||||
|
stage: publish
|
||||||
|
extends: .docker-build-setup
|
||||||
|
before_script:
|
||||||
|
- *install-make
|
||||||
|
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
|
||||||
|
after_script:
|
||||||
|
- docker logout ${CI_REGISTRY}
|
39
.gitlab/ci/test-env.gitlab-ci.yml
Normal file
39
.gitlab/ci/test-env.gitlab-ci.yml
Normal file
|
@ -0,0 +1,39 @@
|
||||||
|
---
|
||||||
|
.test-env-docker-vars:
|
||||||
|
variables:
|
||||||
|
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/test-environment
|
||||||
|
IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
|
||||||
|
DOCKERFILE: "test/pleroma_test_env/Dockerfile"
|
||||||
|
DOCKER_CONTEXT: "test/pleroma_test_env"
|
||||||
|
BUILD_ARGS: "--build-arg TEST_ENV_PASSWORD=${TEST_ENV_PASSWORD}"
|
||||||
|
|
||||||
|
.test-env-test-rules:
|
||||||
|
rules:
|
||||||
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||||
|
changes:
|
||||||
|
- "test/pleroma_test_env/Dockerfile"
|
||||||
|
when: always
|
||||||
|
|
||||||
|
test:test-env:dockerfile-lint:
|
||||||
|
extends:
|
||||||
|
- .dockerfile-lint
|
||||||
|
- .test-env-docker-vars
|
||||||
|
- .test-env-test-rules
|
||||||
|
|
||||||
|
test:test-env:docker-build:
|
||||||
|
extends:
|
||||||
|
- .dockerbuild-test
|
||||||
|
- .test-env-docker-vars
|
||||||
|
- .test-env-test-rules
|
||||||
|
script:
|
||||||
|
- make image
|
||||||
|
|
||||||
|
publish:test-env:docker-image:
|
||||||
|
extends:
|
||||||
|
- .docker-publish
|
||||||
|
- .test-env-docker-vars
|
||||||
|
script:
|
||||||
|
- make publish
|
||||||
|
rules:
|
||||||
|
- if: '$CI_PIPELINE_SOURCE == "web"'
|
||||||
|
when: always
|
5
Makefile
5
Makefile
|
@ -2,7 +2,8 @@ VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
||||||
INVENTORY ?= "hosts.yml"
|
INVENTORY ?= "hosts.yml"
|
||||||
PLAYBOOK_TAGS ?= "all"
|
PLAYBOOK_TAGS ?= "all"
|
||||||
PLAYBOOK_FILE ?= "playbook.yml"
|
PLAYBOOK_FILE ?= "playbook.yml"
|
||||||
DOCKERFILE = Dockerfile
|
DOCKERFILE ?= Dockerfile
|
||||||
|
DOCKER_CONTEXT ?= .
|
||||||
IMAGE_NAME ?= pleroma-ansible-playbook
|
IMAGE_NAME ?= pleroma-ansible-playbook
|
||||||
IMAGE_TAG ?= latest
|
IMAGE_TAG ?= latest
|
||||||
IMAGE_DATE ?= nil
|
IMAGE_DATE ?= nil
|
||||||
|
@ -37,7 +38,7 @@ test_modules_unit:
|
||||||
@find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3
|
@find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3
|
||||||
|
|
||||||
image:
|
image:
|
||||||
@docker build --build-arg BUILD_TAG=$(IMAGE_TAG) --build-arg BUILD_TIME=$(IMAGE_DATE) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) .
|
@docker build $(BUILD_ARGS) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) $(DOCKER_CONTEXT)
|
||||||
|
|
||||||
publish: image
|
publish: image
|
||||||
@docker push $(DOCKER_IMAGE)
|
@docker push $(DOCKER_IMAGE)
|
||||||
|
|
2
test/pleroma_test_env/.dockerignore
Normal file
2
test/pleroma_test_env/.dockerignore
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
*
|
||||||
|
!files
|
30
test/pleroma_test_env/Dockerfile
Normal file
30
test/pleroma_test_env/Dockerfile
Normal file
|
@ -0,0 +1,30 @@
|
||||||
|
FROM dockage/alpine:3.10-openrc
|
||||||
|
|
||||||
|
ARG TEST_ENV_UID=1100
|
||||||
|
ARG TEST_ENV_USER=admin
|
||||||
|
ARG TEST_ENV_PASSWORD
|
||||||
|
ARG SSH_DIR=/home/admin/.ssh
|
||||||
|
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
|
||||||
|
|
||||||
|
RUN apk add --no-cache \
|
||||||
|
bash=5.0.0-r0 \
|
||||||
|
openssh=8.1_p1-r0 \
|
||||||
|
sudo=1.8.27-r2 \
|
||||||
|
python3=3.7.7-r0 \
|
||||||
|
&& \
|
||||||
|
adduser -u ${TEST_ENV_UID} -s /bin/bash -D ${TEST_ENV_USER} && \
|
||||||
|
echo ${TEST_ENV_USER}:${TEST_ENV_PASSWORD} | chpasswd && \
|
||||||
|
mkdir ${SSH_DIR} && \
|
||||||
|
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR} && chmod 0700 ${SSH_DIR} && \
|
||||||
|
touch ${SSH_DIR}/authorized_keys && \
|
||||||
|
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR}/authorized_keys && \
|
||||||
|
chmod 0600 ${SSH_DIR}/authorized_keys && \
|
||||||
|
rc-status && \
|
||||||
|
touch /run/openrc/softlevel
|
||||||
|
|
||||||
|
COPY files/entrypoint /entrypoint
|
||||||
|
COPY files/admin-sudoers /etc/sudoers.d/admin
|
||||||
|
|
||||||
|
EXPOSE 22 80 443
|
||||||
|
|
||||||
|
CMD ["/entrypoint"]
|
1
test/pleroma_test_env/files/admin-sudoers
Normal file
1
test/pleroma_test_env/files/admin-sudoers
Normal file
|
@ -0,0 +1 @@
|
||||||
|
admin ALL=(ALL) NOPASSWD: ALL
|
14
test/pleroma_test_env/files/entrypoint
Executable file
14
test/pleroma_test_env/files/entrypoint
Executable file
|
@ -0,0 +1,14 @@
|
||||||
|
#!/usr/bin/env bash
|
||||||
|
|
||||||
|
set euo -pipefail
|
||||||
|
|
||||||
|
# Add authorized keys
|
||||||
|
if ! [ -z "${AUTHORIZED_KEYS}" ]; then
|
||||||
|
echo ${AUTHORIZED_KEYS} > /home/admin/.ssh/authorized_keys
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Start SSH service
|
||||||
|
rc-service sshd start
|
||||||
|
|
||||||
|
# Sleep and wait
|
||||||
|
sleep 30d
|
Reference in a new issue