This repository has been archived by the owner on Jul 27, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 3
/
.gitlab-ci.yml
307 lines (280 loc) · 11.5 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
image: docker:latest
variables:
IMAGE_TAG_DEBIAN: "3-bookworm"
RT_TESTS_MAJOR: "3"
RT_TESTS_MINOR: "0"
RT_TESTS_PATCH: "3"
STRESS_TESTS_MAJOR: "3"
STRESS_TESTS_MINOR: "0"
STRESS_TESTS_PATCH: "3"
# This should be set by docker image already, just to be sure...
DOCKER_HOST: tcp://docker:2375
# Use overlayfs driver for better performance
DOCKER_TLS_CERTDIR: ""
DOCKER_DRIVER: overlay2
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
GITLAB_DOCKERREGISTRY_SUFFIX: ${CI_COMMIT_REF_SLUG}-${CI_PIPELINE_ID}
GITLAB_DOCKERREGISTRY_SUFFIX_LATEST: ${CI_COMMIT_REF_SLUG}-latest
services:
- name: docker:dind
stages:
- lint
- repository tagging
- build-rt-tests
- build-rt-tests-multiarch
- deploy
- deploy-multiarch
# Docker image builds
#
# Build the Docker images specified in DOCKERFILE_FOLDER/IMAGE_NAME and push
# it to Gitlab's internal Docker registry
.docker-build:
variables:
IMAGE_ARCH: linux/arm
script:
# Try to download latest image for cache, but don't fail if it does not exist
- docker pull ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST} || true
- docker info
- export DATE=$(date +%Y%m%d)
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --build-arg IMAGE_TAG=${IMAGE_TAG}
--build-arg IMAGE_ARCH=${IMAGE_ARCH}
--cache-from ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST}
${DOCKER_NO_CACHE:+--no-cache}
--label container.name=${IMAGE_NAME}
--label container.version=${MAJOR}.${MINOR}.${PATCH}-${DATE}
--label git.branch=${CI_COMMIT_BRANCH}
--label git.hash=${CI_COMMIT_SHA}
--label pipeline.id=${CI_PIPELINE_ID}
-f ${DOCKERFILE_FOLDER}Dockerfile
-t ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX}
-t ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST}
${DOCKERFILE_FOLDER}
- docker push ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX}
- docker push ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST}
docker-build-rt-tests:
extends: .docker-build
needs: []
before_script:
- export MAJOR="${RT_TESTS_MAJOR}"
- export MINOR="${RT_TESTS_MINOR}"
- export PATCH="${RT_TESTS_PATCH}"
variables:
IMAGE_TAG: ${IMAGE_TAG_DEBIAN}
IMAGE_NAME: arm32v7-rt-tests
DOCKERFILE_FOLDER: "./rt-tests/"
DOCKER_NO_CACHE: ${DOCKER_NO_CACHE_FEEDS}
stage: build-rt-tests
docker-build-stress-tests:
extends: .docker-build
needs: []
before_script:
- export MAJOR="${STRESS_TESTS_MAJOR}"
- export MINOR="${STRESS_TESTS_MINOR}"
- export PATCH="${STRESS_TESTS_PATCH}"
variables:
IMAGE_TAG: ${IMAGE_TAG_DEBIAN}
IMAGE_NAME: arm32v7-stress-tests
DOCKERFILE_FOLDER: "./stress-tests/"
DOCKER_NO_CACHE: ${DOCKER_NO_CACHE_FEEDS}
stage: build-rt-tests
docker-build-rt-tests-arm64:
extends: .docker-build
needs: []
before_script:
- export MAJOR="${RT_TESTS_MAJOR}"
- export MINOR="${RT_TESTS_MINOR}"
- export PATCH="${RT_TESTS_PATCH}"
variables:
IMAGE_ARCH: linux/arm64
IMAGE_TAG: ${IMAGE_TAG_DEBIAN}
IMAGE_NAME: arm64v8-rt-tests
DOCKERFILE_FOLDER: "./rt-tests/"
DOCKER_NO_CACHE: ${DOCKER_NO_CACHE_FEEDS}
stage: build-rt-tests
docker-build-stress-tests-arm64:
extends: .docker-build
needs: []
before_script:
- export MAJOR="${STRESS_TESTS_MAJOR}"
- export MINOR="${STRESS_TESTS_MINOR}"
- export PATCH="${STRESS_TESTS_PATCH}"
variables:
IMAGE_ARCH: linux/arm64
IMAGE_TAG: ${IMAGE_TAG_DEBIAN}
IMAGE_NAME: arm64v8-stress-tests
DOCKERFILE_FOLDER: "./stress-tests/"
DOCKER_NO_CACHE: ${DOCKER_NO_CACHE_FEEDS}
stage: build-rt-tests
lint_dockerfile:
stage: lint
image: hadolint/hadolint:latest-debian
script:
# Some rules cannot be applied in our specific cases.
# However, since we don't want to completely ignore these rules,
# we are changing the following rules to have the level "info":
# - DL3008: pin versions in apt-get install
# - DL3029 (do not use --platform flag with FROM)
- hadolint */Dockerfile --failure-threshold warning --info DL3008 --info DL3029
# Make sure to create access token in "Settings/Access Tokens" section with "write_repository" scope selected.
# Then in "Settings/CI/CD/" section add a variable with key "GIT_TOKEN" and a value of the access token. Also mask the variable.
tag:
stage: repository tagging
needs: []
before_script:
- if [ -z ${GIT_TOKEN} ]; then echo "Missing variable GIT_TOKEN." && exit 1; fi
- TAGS="rt-tests-${RT_TESTS_MAJOR}.${RT_TESTS_MINOR}.${RT_TESTS_PATCH} stress_tests-${RT_TESTS_MAJOR}.${RT_TESTS_MINOR}.${RT_TESTS_PATCH}"
script:
- apk update && apk add git
- git remote set-url origin https://gitlab-ci-token:${GIT_TOKEN}@${CI_REPOSITORY_URL#*@}
- for TAG in ${TAGS};
do
if git ls-remote --tags origin | grep ${TAG} > /dev/null; then
echo "${TAG} tag already exists.";
else
echo "Tagging repository with ${TAG} tag.";
git tag --delete ${TAG} > /dev/null 2>&1 || true;
git tag ${TAG};
git push -o ci.skip origin ${TAG};
fi
done
# Enable experimental features in Docker client (experimental feature are needed for manifest)
.do_docker_experimental: &do_docker_experimental
- mkdir -p $HOME/.docker
- "echo -e '{\n \"experimental\": \"enabled\"\n}' | tee $HOME/.docker/config.json"
- docker version
.docker-build-multiarch:
before_script:
- *do_docker_experimental
- rm -rf ~/.docker/manifests/*
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull ${CI_REGISTRY_IMAGE}/${IMAGE_NAME_32}:${GITLAB_DOCKERREGISTRY_SUFFIX}
- docker pull ${CI_REGISTRY_IMAGE}/${IMAGE_NAME_64}:${GITLAB_DOCKERREGISTRY_SUFFIX}
- docker manifest create ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST} ${CI_REGISTRY_IMAGE}/${IMAGE_NAME_32}:${GITLAB_DOCKERREGISTRY_SUFFIX} ${CI_REGISTRY_IMAGE}/${IMAGE_NAME_64}:${GITLAB_DOCKERREGISTRY_SUFFIX}
- docker manifest annotate ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST} ${CI_REGISTRY_IMAGE}/${IMAGE_NAME_32}:${GITLAB_DOCKERREGISTRY_SUFFIX} --os linux --arch arm
- docker manifest annotate ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST} ${CI_REGISTRY_IMAGE}/${IMAGE_NAME_64}:${GITLAB_DOCKERREGISTRY_SUFFIX} --os linux --arch arm64
- docker manifest inspect -v ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST}
- docker manifest push ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX_LATEST}
docker-build-rt-tests-multiarch:
extends: .docker-build-multiarch
variables:
IMAGE_NAME: rt-tests
IMAGE_NAME_32: arm32v7-rt-tests
IMAGE_NAME_64: arm64v8-rt-tests
stage: build-rt-tests-multiarch
docker-build-stress-tests-multiarch:
extends: .docker-build-multiarch
variables:
IMAGE_NAME: stress-tests
IMAGE_NAME_32: arm32v7-stress-tests
IMAGE_NAME_64: arm64v8-stress-tests
stage: build-rt-tests-multiarch
# Docker deploy jobs
#
# Make sure DOCKER_HUB_USER/DOCKER_HUB_TOKEN is properly set in the project
# specific Gitlab CI settings.
.docker-deploy:
when: manual
allow_failure: false
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
when: manual
script:
- *do_docker_experimental
- export DATE=$(date +%Y%m%d)
- export DOCKER_TAGS_CHECK="${MAJOR}.${MINOR}.${PATCH} ${MAJOR}.${MINOR}.${PATCH}-${DATE}"
- export DOCKER_TAGS="${MAJOR} ${MAJOR}.${MINOR}"
- docker pull ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX}
- docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_TOKEN;
- for tag in ${DOCKER_TAGS_CHECK};
do
docker manifest inspect ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag} > /dev/null && true; RESULT=$?;
(if [ $RESULT == 0 ] ; then echo "Image with ${tag} tag already exists." && exit 1 ; fi);
done
- for tag in ${DOCKER_TAGS} ${DOCKER_TAGS_CHECK};
do
docker tag ${CI_REGISTRY_IMAGE}/${IMAGE_NAME}:${GITLAB_DOCKERREGISTRY_SUFFIX} ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag};
docker push ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag};
done
docker-deploy-rt-tests:
extends: .docker-deploy
before_script:
- export MAJOR="${RT_TESTS_MAJOR}"
- export MINOR="${RT_TESTS_MINOR}"
- export PATCH="${RT_TESTS_PATCH}"
variables:
IMAGE_NAME: arm32v7-rt-tests
stage: deploy
docker-deploy-stress-tests:
extends: .docker-deploy
before_script:
- export MAJOR="${STRESS_TESTS_MAJOR}"
- export MINOR="${STRESS_TESTS_MINOR}"
- export PATCH="${STRESS_TESTS_PATCH}"
variables:
IMAGE_NAME: arm32v7-stress-tests
stage: deploy
docker-deploy-rt-tests-arm64:
extends: .docker-deploy
before_script:
- export MAJOR="${RT_TESTS_MAJOR}"
- export MINOR="${RT_TESTS_MINOR}"
- export PATCH="${RT_TESTS_PATCH}"
variables:
IMAGE_NAME: arm64v8-rt-tests
stage: deploy
docker-deploy-stress-tests-arm64:
extends: .docker-deploy
before_script:
- export MAJOR="${STRESS_TESTS_MAJOR}"
- export MINOR="${STRESS_TESTS_MINOR}"
- export PATCH="${STRESS_TESTS_PATCH}"
variables:
IMAGE_NAME: arm64v8-stress-tests
stage: deploy
.docker-deploy-multiarch:
script:
- *do_docker_experimental
- export DATE=$(date +%Y%m%d)
- export DOCKER_TAGS_CHECK="${MAJOR}.${MINOR}.${PATCH} ${MAJOR}.${MINOR}.${PATCH}-${DATE}"
- export DOCKER_TAGS="${MAJOR} ${MAJOR}.${MINOR}"
- rm -rf ~/.docker/manifests/*
- docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_TOKEN
- for tag in ${DOCKER_TAGS_CHECK};
do
docker manifest inspect ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag} > /dev/null && true; RESULT=$?;
(if [ $RESULT == 0 ] ; then echo "Image with ${tag} tag already exists." && exit 1 ; fi);
done
- for tag in ${DOCKER_TAGS} ${DOCKER_TAGS_CHECK};
do
docker manifest create ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag} ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME_32}:${tag} ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME_64}:${tag};
docker manifest annotate ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag} ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME_32}:${tag} --os linux --arch arm;
docker manifest annotate ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag} ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME_64}:${tag} --os linux --arch arm64;
docker manifest inspect -v ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag};
docker manifest push ${DOCKER_HUB_REPOSITORY}/${IMAGE_NAME}:${tag};
done
docker-deploy-rt-tests-multiarch:
extends: .docker-deploy-multiarch
needs: ["docker-deploy-rt-tests", "docker-deploy-rt-tests-arm64"]
before_script:
- export MAJOR="${RT_TESTS_MAJOR}"
- export MINOR="${RT_TESTS_MINOR}"
- export PATCH="${RT_TESTS_PATCH}"
variables:
IMAGE_NAME: rt-tests
IMAGE_NAME_32: arm32v7-rt-tests
IMAGE_NAME_64: arm64v8-rt-tests
stage: deploy-multiarch
docker-deploy-stress-tests-multiarch:
extends: .docker-deploy-multiarch
needs: ["docker-deploy-stress-tests", "docker-deploy-stress-tests-arm64"]
before_script:
- export MAJOR="${STRESS_TESTS_MAJOR}"
- export MINOR="${STRESS_TESTS_MINOR}"
- export PATCH="${STRESS_TESTS_PATCH}"
variables:
IMAGE_NAME: stress-tests
IMAGE_NAME_32: arm32v7-stress-tests
IMAGE_NAME_64: arm64v8-stress-tests
stage: deploy-multiarch