Update CI and remove AWS config.
This does the following: - Consolidates the app_setup and test jobs into one. The test job was only one additional step, so it's not worth separating. - Updates the Postgres image used to reflect what we're using for the deployed version of the site (i.e., v 10). - Removes some unnecessary steps from the first job. - Removes all AWS config so that CD will only push to the Azure container registry, run migrations against the Azure-hosted database, and rotate the container images in the Azure k8s cluster.
This commit is contained in:
parent
d514305f26
commit
85da084cd7
@ -1,8 +1,6 @@
|
|||||||
version: 2.1
|
version: 2.1
|
||||||
|
|
||||||
orbs:
|
orbs:
|
||||||
aws-ecr: circleci/aws-ecr@6.3.0
|
|
||||||
aws-eks: circleci/aws-eks@0.1.0
|
|
||||||
azure-acr: circleci/azure-acr@0.1.2
|
azure-acr: circleci/azure-acr@0.1.2
|
||||||
azure-aks: circleci/azure-aks@0.2.0
|
azure-aks: circleci/azure-aks@0.2.0
|
||||||
kubernetes: circleci/kubernetes@0.3.0
|
kubernetes: circleci/kubernetes@0.3.0
|
||||||
@ -11,11 +9,10 @@ defaults:
|
|||||||
appEnvironment: &appEnvironment
|
appEnvironment: &appEnvironment
|
||||||
KEEP_EXISTING_VENV: true
|
KEEP_EXISTING_VENV: true
|
||||||
PGHOST: localhost
|
PGHOST: localhost
|
||||||
PGUSER: root
|
PGUSER: postgres
|
||||||
PGDATABASE: circle_test
|
PGDATABASE: circle_test
|
||||||
REDIS_URI: redis://localhost:6379
|
REDIS_URI: redis://localhost:6379
|
||||||
PIP_VERSION: 18.*
|
PIP_VERSION: 18.*
|
||||||
CRL_STORAGE_PROVIDER: CLOUDFILES
|
|
||||||
|
|
||||||
commands:
|
commands:
|
||||||
migration_setup:
|
migration_setup:
|
||||||
@ -39,21 +36,21 @@ commands:
|
|||||||
name: Apply Migrations and Seed Roles
|
name: Apply Migrations and Seed Roles
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
app_setup:
|
test:
|
||||||
docker:
|
docker:
|
||||||
- image: circleci/python:3.7.3-stretch-node
|
- image: circleci/python:3.7.3-stretch-node
|
||||||
environment: *appEnvironment
|
environment: *appEnvironment
|
||||||
- image: circleci/postgres:9.6.5-alpine-ram
|
- image: circleci/postgres:10-alpine-ram
|
||||||
- image: circleci/redis:4-alpine3.8
|
- image: circleci/redis:4-alpine3.8
|
||||||
steps:
|
steps:
|
||||||
- checkout
|
- checkout
|
||||||
- run: sudo apt-get update
|
- run: sudo apt-get update
|
||||||
- run: sudo apt-get install postgresql-client-9.6
|
- run: sudo apt-get install postgresql-client
|
||||||
- attach_workspace:
|
- attach_workspace:
|
||||||
at: .
|
at: .
|
||||||
- run: ./script/setup
|
- run: ./script/setup
|
||||||
- save_cache:
|
- save_cache:
|
||||||
name: "Save Cache: Pipenv Refrences"
|
name: "Save Cache: Pipenv References"
|
||||||
paths:
|
paths:
|
||||||
- ~/.local/share
|
- ~/.local/share
|
||||||
key: pipenv-v1-{{ .Branch }}-{{ checksum "Pipfile.lock" }}
|
key: pipenv-v1-{{ .Branch }}-{{ checksum "Pipfile.lock" }}
|
||||||
@ -73,90 +70,38 @@ jobs:
|
|||||||
- ./node_modules
|
- ./node_modules
|
||||||
key: node-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
|
key: node-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
|
||||||
- run:
|
- run:
|
||||||
name: "Update CRLs"
|
name: "Run Tests"
|
||||||
command: ./script/sync-crls
|
command: ./script/cibuild
|
||||||
- run:
|
|
||||||
name: "Generate build info"
|
|
||||||
command: ./script/generate_build_info.sh
|
|
||||||
- persist_to_workspace:
|
- persist_to_workspace:
|
||||||
root: .
|
root: .
|
||||||
paths:
|
paths:
|
||||||
- .
|
- .
|
||||||
|
|
||||||
test:
|
integration-tests:
|
||||||
docker:
|
docker:
|
||||||
- image: circleci/python:3.7.3-stretch-node
|
- image: docker:18.06.0-ce-git
|
||||||
environment: *appEnvironment
|
- image: circleci/postgres:10-alpine-ram
|
||||||
- image: circleci/postgres:9.6.5-alpine-ram
|
|
||||||
- image: circleci/redis:4-alpine3.8
|
- image: circleci/redis:4-alpine3.8
|
||||||
steps:
|
steps:
|
||||||
- attach_workspace:
|
- attach_workspace:
|
||||||
at: .
|
at: .
|
||||||
- run: sudo apt-get update
|
|
||||||
- run: sudo apt-get install postgresql-client-9.6
|
|
||||||
- run:
|
|
||||||
name: "Run Tests"
|
|
||||||
command: ./script/cibuild
|
|
||||||
|
|
||||||
aws-migration:
|
|
||||||
executor: aws-eks/python3
|
|
||||||
steps:
|
|
||||||
- migration_setup:
|
|
||||||
container_image: "$AWS_ECR_ACCOUNT_URL/atat:atat-$CIRCLE_SHA1"
|
|
||||||
- aws-eks/update-kubeconfig-with-authenticator:
|
|
||||||
cluster-name: atat
|
|
||||||
aws-region: "${AWS_REGION}"
|
|
||||||
- migration_apply
|
|
||||||
|
|
||||||
azure-migration:
|
|
||||||
executor: azure-aks/default
|
|
||||||
steps:
|
|
||||||
- migration_setup:
|
|
||||||
container_image: "$AZURE_SERVER_NAME/atat:atat-$CIRCLE_SHA1"
|
|
||||||
- azure-aks/update-kubeconfig-with-credentials:
|
|
||||||
cluster-name: atat-cluster
|
|
||||||
install-kubectl: true
|
|
||||||
perform-login: true
|
|
||||||
resource-group: atat
|
|
||||||
- migration_apply
|
|
||||||
|
|
||||||
# the azure-acr orb doesn't allow for multiple tags in the
|
|
||||||
# build-and-push-image step, so instead we wrap our own job around it and run
|
|
||||||
# some additional Docker commands
|
|
||||||
azure-build-and-push-image:
|
|
||||||
executor: azure-acr/default
|
|
||||||
steps:
|
|
||||||
- azure-acr/build-and-push-image:
|
|
||||||
extra-build-args: "--build-arg CSP=azure"
|
|
||||||
login-server-name: "${AZURE_SERVER_NAME}"
|
|
||||||
registry-name: pwatat
|
|
||||||
repo: atat
|
|
||||||
tag: "atat-${CIRCLE_SHA1}"
|
|
||||||
- run: "docker tag ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} ${AZURE_SERVER_NAME}/atat:latest"
|
|
||||||
- run: "docker push ${AZURE_SERVER_NAME}/atat:latest"
|
|
||||||
|
|
||||||
integration-tests:
|
|
||||||
docker:
|
|
||||||
- image: docker:17.05.0-ce-git
|
|
||||||
steps:
|
|
||||||
- setup_remote_docker:
|
- setup_remote_docker:
|
||||||
version: 18.06.0-ce
|
version: 18.06.0-ce
|
||||||
- checkout
|
- run:
|
||||||
|
name: Remove existing font symlink
|
||||||
|
command: rm static/fonts
|
||||||
- run:
|
- run:
|
||||||
name: Set up temporary docker network
|
name: Set up temporary docker network
|
||||||
command: docker network create atat
|
command: docker network create atat
|
||||||
- run:
|
- run:
|
||||||
name: Build image
|
name: Build image
|
||||||
command: docker build . -t atat:latest
|
command: docker build . -t atat:latest
|
||||||
- run:
|
|
||||||
name: Get storage containers
|
|
||||||
command: docker pull postgres:latest && docker pull redis:latest
|
|
||||||
- run:
|
- run:
|
||||||
name: Start redis
|
name: Start redis
|
||||||
command: docker run -d --network atat --link redis:redis -p 6379:6379 --name redis redis:latest
|
command: docker run -d --network atat --link redis:redis -p 6379:6379 --name redis circleci/redis:4-alpine3.8
|
||||||
- run:
|
- run:
|
||||||
name: Start postgres
|
name: Start postgres
|
||||||
command: docker run -d --network atat --link postgres:postgres -p 5432:5432 --name postgres postgres:latest
|
command: docker run -d --network atat --link postgres:postgres -p 5432:5432 --name postgres circleci/postgres:10-alpine-ram
|
||||||
- run:
|
- run:
|
||||||
name: Start application container
|
name: Start application container
|
||||||
command: |
|
command: |
|
||||||
@ -199,14 +144,38 @@ jobs:
|
|||||||
--network atat \
|
--network atat \
|
||||||
ghostinspector/test-runner-standalone:latest
|
ghostinspector/test-runner-standalone:latest
|
||||||
|
|
||||||
|
azure-migration:
|
||||||
|
executor: azure-aks/default
|
||||||
|
steps:
|
||||||
|
- migration_setup:
|
||||||
|
container_image: "$AZURE_SERVER_NAME/atat:atat-$CIRCLE_SHA1"
|
||||||
|
- azure-aks/update-kubeconfig-with-credentials:
|
||||||
|
cluster-name: atat-cluster
|
||||||
|
install-kubectl: true
|
||||||
|
perform-login: true
|
||||||
|
resource-group: atat
|
||||||
|
- migration_apply
|
||||||
|
|
||||||
|
# the azure-acr orb doesn't allow for multiple tags in the
|
||||||
|
# build-and-push-image step, so instead we wrap our own job around it and run
|
||||||
|
# some additional Docker commands
|
||||||
|
azure-build-and-push-image:
|
||||||
|
executor: azure-acr/default
|
||||||
|
steps:
|
||||||
|
- azure-acr/build-and-push-image:
|
||||||
|
extra-build-args: "--build-arg CSP=azure"
|
||||||
|
login-server-name: "${AZURE_SERVER_NAME}"
|
||||||
|
registry-name: pwatat
|
||||||
|
repo: atat
|
||||||
|
tag: "atat-${CIRCLE_SHA1}"
|
||||||
|
- run: "docker tag ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} ${AZURE_SERVER_NAME}/atat:latest"
|
||||||
|
- run: "docker push ${AZURE_SERVER_NAME}/atat:latest"
|
||||||
|
|
||||||
workflows:
|
workflows:
|
||||||
version: 2
|
version: 2
|
||||||
run-tests:
|
run-tests:
|
||||||
jobs:
|
jobs:
|
||||||
- app_setup
|
- test
|
||||||
- test:
|
|
||||||
requires:
|
|
||||||
- app_setup
|
|
||||||
- integration-tests:
|
- integration-tests:
|
||||||
requires:
|
requires:
|
||||||
- test
|
- test
|
||||||
@ -266,62 +235,3 @@ workflows:
|
|||||||
branches:
|
branches:
|
||||||
only:
|
only:
|
||||||
- master
|
- master
|
||||||
- aws-ecr/build-and-push-image:
|
|
||||||
extra-build-args: "--build-arg CSP=aws"
|
|
||||||
repo: atat
|
|
||||||
tag: "atat-${CIRCLE_SHA1},latest"
|
|
||||||
requires:
|
|
||||||
- integration-tests
|
|
||||||
filters:
|
|
||||||
branches:
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
- aws-migration:
|
|
||||||
requires:
|
|
||||||
- aws-ecr/build-and-push-image
|
|
||||||
filters:
|
|
||||||
branches:
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
- aws-eks/update-container-image:
|
|
||||||
cluster-name: atat
|
|
||||||
container-image-updates: "atst=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
|
|
||||||
namespace: atat
|
|
||||||
resource-name: deployment.apps/atst
|
|
||||||
aws-region: "${AWS_REGION}"
|
|
||||||
# uncomment below for debugging
|
|
||||||
# show-kubectl-command: true
|
|
||||||
requires:
|
|
||||||
- aws-migration
|
|
||||||
filters:
|
|
||||||
branches:
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
- aws-eks/update-container-image:
|
|
||||||
cluster-name: atat
|
|
||||||
container-image-updates: "atst-worker=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
|
|
||||||
namespace: atat
|
|
||||||
resource-name: deployment.apps/atst-worker
|
|
||||||
aws-region: "${AWS_REGION}"
|
|
||||||
# uncomment below for debugging
|
|
||||||
# show-kubectl-command: true
|
|
||||||
requires:
|
|
||||||
- aws-migration
|
|
||||||
filters:
|
|
||||||
branches:
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
- aws-eks/update-container-image:
|
|
||||||
cluster-name: atat
|
|
||||||
container-image-updates: "atst-beat=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
|
|
||||||
namespace: atat
|
|
||||||
resource-name: deployment.apps/atst-beat
|
|
||||||
aws-region: "${AWS_REGION}"
|
|
||||||
# uncomment below for debugging
|
|
||||||
# show-kubectl-command: true
|
|
||||||
requires:
|
|
||||||
- aws-migration
|
|
||||||
filters:
|
|
||||||
branches:
|
|
||||||
only:
|
|
||||||
- master
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user