ci: test environment docker image for CI pipelines
This commit includes a Dockerfile for building a test environment for future CI pipelines. This commit also refactors the GitLab CI pipeline files by splitting the jobs into different files: - .gitlab-ci.yml: Global CI pipeline file. - .gitlab/ci/test-env.gitlab-ci.yml: Jobs to test and publish the docker image for the test environment. - .gitlab/ci/playbook.gitlab-ci.yml: Jobs to test and publish the docker image for the pleroma playbook - .gitlab/ci/templates/docker.gitlab-ci.yml: Template jobs for testing and publishing docker images. Part of dananglin/pleroma-ansible-playbook#17
This commit is contained in:
parent
933911aef1
commit
20667709b2
10 changed files with 188 additions and 77 deletions
1
.gitignore
vendored
1
.gitignore
vendored
|
@ -1,6 +1,5 @@
|
|||
inventories/*
|
||||
!inventories/.gitkeep
|
||||
site.yml
|
||||
vapid-private-key.pem
|
||||
|
||||
library/__pycache__/
|
||||
|
|
|
@ -1,79 +1,15 @@
|
|||
---
|
||||
workflow:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||
- if: '$CI_COMMIT_TAG'
|
||||
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
||||
|
||||
stages:
|
||||
- test
|
||||
- publish
|
||||
|
||||
.use-python:
|
||||
image: python:3.7.6-slim-buster
|
||||
|
||||
.docker-build-setup:
|
||||
image: docker:19.03.8
|
||||
services:
|
||||
- docker:19.03.8-dind
|
||||
|
||||
.install-make: &install-make
|
||||
- apk add --no-cache make
|
||||
|
||||
test:dockerfile-lint:
|
||||
stage: test
|
||||
image: hadolint/hadolint:v1.17.5-alpine
|
||||
script:
|
||||
- hadolint ./Dockerfile
|
||||
only:
|
||||
refs:
|
||||
- merge_requests
|
||||
changes:
|
||||
- Dockerfile
|
||||
except:
|
||||
refs:
|
||||
- master
|
||||
|
||||
test:docker-image-build:
|
||||
stage: test
|
||||
extends: .docker-build-setup
|
||||
script:
|
||||
- *install-make
|
||||
- export IMAGE_DATE=$(date -Iseconds)
|
||||
- make image
|
||||
only:
|
||||
refs:
|
||||
- merge_requests
|
||||
changes:
|
||||
- Dockerfile
|
||||
except:
|
||||
refs:
|
||||
- master
|
||||
|
||||
test:custom-modules:
|
||||
stage: test
|
||||
extends: .use-python
|
||||
before_script:
|
||||
- apt-get update && apt-get install make
|
||||
- pip install ansible==2.9.6
|
||||
script:
|
||||
- make test_modules_unit
|
||||
only:
|
||||
refs:
|
||||
- merge_requests
|
||||
changes:
|
||||
- library/*
|
||||
except:
|
||||
refs:
|
||||
- master
|
||||
|
||||
publish:docker-image:
|
||||
stage: publish
|
||||
extends: .docker-build-setup
|
||||
before_script:
|
||||
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
|
||||
after_script:
|
||||
- docker logout ${CI_REGISTRY}
|
||||
script:
|
||||
- *install-make
|
||||
- export IMAGE_DATE=$(date -Iseconds)
|
||||
- make publish
|
||||
only:
|
||||
- /^v[0-9]+(.[0-9]+){2}$/
|
||||
variables:
|
||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook
|
||||
IMAGE_TAG: ${CI_COMMIT_REF_NAME}
|
||||
include:
|
||||
- local: '/.gitlab/ci/templates/docker.gitlab-ci.yml'
|
||||
- local: '/.gitlab/ci/test-env.gitlab-ci.yml'
|
||||
- local: '/.gitlab/ci/playbook.gitlab-ci.yml'
|
||||
|
|
60
.gitlab/ci/playbook.gitlab-ci.yml
Normal file
60
.gitlab/ci/playbook.gitlab-ci.yml
Normal file
|
@ -0,0 +1,60 @@
|
|||
---
|
||||
.use-python:
|
||||
image: python:3.7.6-slim-buster
|
||||
|
||||
.playbook-docker-vars:
|
||||
variables:
|
||||
DOCKERFILE: "Dockerfile"
|
||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/playbook
|
||||
IMAGE_TAG: ${CI_COMMIT_REF_NAME}
|
||||
|
||||
.playbook-docker-test-rules:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||
changes:
|
||||
- "Dockerfile"
|
||||
when: always
|
||||
|
||||
test:playbook:dockerfile-lint:
|
||||
extends:
|
||||
- .dockerfile-lint
|
||||
- .playbook-docker-vars
|
||||
- .playbook-docker-test-rules
|
||||
|
||||
test:playbook:docker-build:
|
||||
extends:
|
||||
- .dockerbuild-test
|
||||
- .playbook-docker-vars
|
||||
- .playbook-docker-test-rules
|
||||
script:
|
||||
- export IMAGE_DATE=$(date -Iseconds)
|
||||
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
||||
- make image
|
||||
|
||||
test:playbook:custom-modules:
|
||||
stage: test
|
||||
extends: .use-python
|
||||
before_script:
|
||||
- apt-get update && apt-get install make
|
||||
- pip install ansible==2.9.7
|
||||
script:
|
||||
- make test_modules_unit
|
||||
only:
|
||||
refs:
|
||||
- merge_requests
|
||||
changes:
|
||||
- library/*
|
||||
except:
|
||||
refs:
|
||||
- master
|
||||
|
||||
publish:playbook:docker-image:
|
||||
extends:
|
||||
- .docker-publish
|
||||
- .playbook-docker-vars
|
||||
script:
|
||||
- export IMAGE_DATE=$(date -Iseconds)
|
||||
- export BUILD_ARGS="--build-arg BUILD_TAG=${IMAGE_TAG} --build-arg BUILD_TIME=${IMAGE_DATE}"
|
||||
- make publish
|
||||
only:
|
||||
- /^v[0-9]+(.[0-9]+){2}$/
|
29
.gitlab/ci/templates/docker.gitlab-ci.yml
Normal file
29
.gitlab/ci/templates/docker.gitlab-ci.yml
Normal file
|
@ -0,0 +1,29 @@
|
|||
---
|
||||
.install-make: &install-make
|
||||
- apk add --no-cache make
|
||||
|
||||
.docker-build-setup:
|
||||
image: docker:19.03.8
|
||||
services:
|
||||
- docker:19.03.8-dind
|
||||
|
||||
.dockerfile-lint:
|
||||
stage: test
|
||||
image: hadolint/hadolint:v1.18.0-alpine
|
||||
script:
|
||||
- hadolint ${DOCKERFILE}
|
||||
|
||||
.dockerbuild-test:
|
||||
stage: test
|
||||
extends: .docker-build-setup
|
||||
before_script:
|
||||
- *install-make
|
||||
|
||||
.docker-publish:
|
||||
stage: publish
|
||||
extends: .docker-build-setup
|
||||
before_script:
|
||||
- *install-make
|
||||
- docker login -u ${CI_REGISTRY_USER} -p ${CI_REGISTRY_PASSWORD} ${CI_REGISTRY}
|
||||
after_script:
|
||||
- docker logout ${CI_REGISTRY}
|
39
.gitlab/ci/test-env.gitlab-ci.yml
Normal file
39
.gitlab/ci/test-env.gitlab-ci.yml
Normal file
|
@ -0,0 +1,39 @@
|
|||
---
|
||||
.test-env-docker-vars:
|
||||
variables:
|
||||
IMAGE_NAME: ${CI_REGISTRY}/${CI_PROJECT_PATH}/test-environment
|
||||
IMAGE_TAG: ${CI_COMMIT_SHORT_SHA}
|
||||
DOCKERFILE: "test/pleroma_test_env/Dockerfile"
|
||||
DOCKER_CONTEXT: "test/pleroma_test_env"
|
||||
BUILD_ARGS: "--build-arg TEST_ENV_PASSWORD=${TEST_ENV_PASSWORD}"
|
||||
|
||||
.test-env-test-rules:
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||||
changes:
|
||||
- "test/pleroma_test_env/Dockerfile"
|
||||
when: always
|
||||
|
||||
test:test-env:dockerfile-lint:
|
||||
extends:
|
||||
- .dockerfile-lint
|
||||
- .test-env-docker-vars
|
||||
- .test-env-test-rules
|
||||
|
||||
test:test-env:docker-build:
|
||||
extends:
|
||||
- .dockerbuild-test
|
||||
- .test-env-docker-vars
|
||||
- .test-env-test-rules
|
||||
script:
|
||||
- make image
|
||||
|
||||
publish:test-env:docker-image:
|
||||
extends:
|
||||
- .docker-publish
|
||||
- .test-env-docker-vars
|
||||
script:
|
||||
- make publish
|
||||
rules:
|
||||
- if: '$CI_PIPELINE_SOURCE == "web"'
|
||||
when: always
|
5
Makefile
5
Makefile
|
@ -2,7 +2,8 @@ VAPID_PRIVATE_KEY_FILE := vapid-private-key.pem
|
|||
INVENTORY ?= "hosts.yml"
|
||||
PLAYBOOK_TAGS ?= "all"
|
||||
PLAYBOOK_FILE ?= "playbook.yml"
|
||||
DOCKERFILE = Dockerfile
|
||||
DOCKERFILE ?= Dockerfile
|
||||
DOCKER_CONTEXT ?= .
|
||||
IMAGE_NAME ?= pleroma-ansible-playbook
|
||||
IMAGE_TAG ?= latest
|
||||
IMAGE_DATE ?= nil
|
||||
|
@ -37,7 +38,7 @@ test_modules_unit:
|
|||
@find ./library -mindepth 1 -maxdepth 1 -type f -name test_*.py | xargs python3
|
||||
|
||||
image:
|
||||
@docker build --build-arg BUILD_TAG=$(IMAGE_TAG) --build-arg BUILD_TIME=$(IMAGE_DATE) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) .
|
||||
@docker build $(BUILD_ARGS) -f $(DOCKERFILE) -t $(DOCKER_IMAGE) $(DOCKER_CONTEXT)
|
||||
|
||||
publish: image
|
||||
@docker push $(DOCKER_IMAGE)
|
||||
|
|
2
test/pleroma_test_env/.dockerignore
Normal file
2
test/pleroma_test_env/.dockerignore
Normal file
|
@ -0,0 +1,2 @@
|
|||
*
|
||||
!files
|
30
test/pleroma_test_env/Dockerfile
Normal file
30
test/pleroma_test_env/Dockerfile
Normal file
|
@ -0,0 +1,30 @@
|
|||
FROM dockage/alpine:3.10-openrc
|
||||
|
||||
ARG TEST_ENV_UID=1100
|
||||
ARG TEST_ENV_USER=admin
|
||||
ARG TEST_ENV_PASSWORD
|
||||
ARG SSH_DIR=/home/admin/.ssh
|
||||
SHELL ["/bin/ash", "-eo", "pipefail", "-c"]
|
||||
|
||||
RUN apk add --no-cache \
|
||||
bash=5.0.0-r0 \
|
||||
openssh=8.1_p1-r0 \
|
||||
sudo=1.8.27-r2 \
|
||||
python3=3.7.7-r0 \
|
||||
&& \
|
||||
adduser -u ${TEST_ENV_UID} -s /bin/bash -D ${TEST_ENV_USER} && \
|
||||
echo ${TEST_ENV_USER}:${TEST_ENV_PASSWORD} | chpasswd && \
|
||||
mkdir ${SSH_DIR} && \
|
||||
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR} && chmod 0700 ${SSH_DIR} && \
|
||||
touch ${SSH_DIR}/authorized_keys && \
|
||||
chown ${TEST_ENV_USER}:${TEST_ENV_USER} ${SSH_DIR}/authorized_keys && \
|
||||
chmod 0600 ${SSH_DIR}/authorized_keys && \
|
||||
rc-status && \
|
||||
touch /run/openrc/softlevel
|
||||
|
||||
COPY files/entrypoint /entrypoint
|
||||
COPY files/admin-sudoers /etc/sudoers.d/admin
|
||||
|
||||
EXPOSE 22 80 443
|
||||
|
||||
CMD ["/entrypoint"]
|
1
test/pleroma_test_env/files/admin-sudoers
Normal file
1
test/pleroma_test_env/files/admin-sudoers
Normal file
|
@ -0,0 +1 @@
|
|||
admin ALL=(ALL) NOPASSWD: ALL
|
14
test/pleroma_test_env/files/entrypoint
Executable file
14
test/pleroma_test_env/files/entrypoint
Executable file
|
@ -0,0 +1,14 @@
|
|||
#!/usr/bin/env bash
|
||||
|
||||
set euo -pipefail
|
||||
|
||||
# Add authorized keys
|
||||
if ! [ -z "${AUTHORIZED_KEYS}" ]; then
|
||||
echo ${AUTHORIZED_KEYS} > /home/admin/.ssh/authorized_keys
|
||||
fi
|
||||
|
||||
# Start SSH service
|
||||
rc-service sshd start
|
||||
|
||||
# Sleep and wait
|
||||
sleep 30d
|
Reference in a new issue