pk/atst
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update CI and remove AWS config.

Browse Source 
This does the following:
- Consolidates the app_setup and test jobs into one. The test job was
  only one additional step, so it's not worth separating.
- Updates the Postgres image used to reflect what we're using for the
  deployed version of the site (i.e., v 10).
- Removes some unnecessary steps from the first job.
- Removes all AWS config so that CD will only push to the Azure
  container registry, run migrations against the Azure-hosted database,
  and rotate the container images in the Azure k8s cluster.
This commit is contained in:
dandds 2019-10-26 16:15:45 -04:00
parent d514305f26
commit 85da084cd7
1 changed files with 68 additions and 158 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

176
.circleci/config.yml
View File

@ -1,8 +1,6 @@
version: 2.1
orbs:
aws-ecr: circleci/aws-ecr@6.3.0
aws-eks: circleci/aws-eks@0.1.0
azure-acr: circleci/azure-acr@0.1.2
azure-aks: circleci/azure-aks@0.2.0
kubernetes: circleci/kubernetes@0.3.0
@ -11,11 +9,10 @@ defaults:
appEnvironment: &appEnvironment
KEEP_EXISTING_VENV: true
PGHOST: localhost
PGUSER: root
PGUSER: postgres
PGDATABASE: circle_test
REDIS_URI: redis://localhost:6379
PIP_VERSION: 18.*
CRL_STORAGE_PROVIDER: CLOUDFILES
commands:
migration_setup:
@ -39,21 +36,21 @@ commands:
name: Apply Migrations and Seed Roles
jobs:
app_setup:
test:
docker:
- image: circleci/python:3.7.3-stretch-node
environment: *appEnvironment
- image: circleci/postgres:9.6.5-alpine-ram
- image: circleci/postgres:10-alpine-ram
- image: circleci/redis:4-alpine3.8
steps:
- checkout
- run: sudo apt-get update
- run: sudo apt-get install postgresql-client-9.6
- run: sudo apt-get install postgresql-client
- attach_workspace:
at: .
- run: ./script/setup
- save_cache:
name: "Save Cache: Pipenv Refrences"
name: "Save Cache: Pipenv References"
paths:
- ~/.local/share
key: pipenv-v1-{{ .Branch }}-{{ checksum "Pipfile.lock" }}
@ -73,90 +70,38 @@ jobs:
- ./node_modules
key: node-v1-{{ .Branch }}-{{ checksum "yarn.lock" }}
- run:
name: "Update CRLs"
command: ./script/sync-crls
- run:
name: "Generate build info"
command: ./script/generate_build_info.sh
name: "Run Tests"
command: ./script/cibuild
- persist_to_workspace:
root: .
paths:
- .
test:
integration-tests:
docker:
- image: circleci/python:3.7.3-stretch-node
environment: *appEnvironment
- image: circleci/postgres:9.6.5-alpine-ram
- image: docker:18.06.0-ce-git
- image: circleci/postgres:10-alpine-ram
- image: circleci/redis:4-alpine3.8
steps:
- attach_workspace:
at: .
- run: sudo apt-get update
- run: sudo apt-get install postgresql-client-9.6
- run:
name: "Run Tests"
command: ./script/cibuild
aws-migration:
executor: aws-eks/python3
steps:
- migration_setup:
container_image: "$AWS_ECR_ACCOUNT_URL/atat:atat-$CIRCLE_SHA1"
- aws-eks/update-kubeconfig-with-authenticator:
cluster-name: atat
aws-region: "${AWS_REGION}"
- migration_apply
azure-migration:
executor: azure-aks/default
steps:
- migration_setup:
container_image: "$AZURE_SERVER_NAME/atat:atat-$CIRCLE_SHA1"
- azure-aks/update-kubeconfig-with-credentials:
cluster-name: atat-cluster
install-kubectl: true
perform-login: true
resource-group: atat
- migration_apply
# the azure-acr orb doesn't allow for multiple tags in the
# build-and-push-image step, so instead we wrap our own job around it and run
# some additional Docker commands
azure-build-and-push-image:
executor: azure-acr/default
steps:
- azure-acr/build-and-push-image:
extra-build-args: "--build-arg CSP=azure"
login-server-name: "${AZURE_SERVER_NAME}"
registry-name: pwatat
repo: atat
tag: "atat-${CIRCLE_SHA1}"
- run: "docker tag ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} ${AZURE_SERVER_NAME}/atat:latest"
- run: "docker push ${AZURE_SERVER_NAME}/atat:latest"
integration-tests:
docker:
- image: docker:17.05.0-ce-git
steps:
- setup_remote_docker:
version: 18.06.0-ce
- checkout
- run:
name: Remove existing font symlink
command: rm static/fonts
- run:
name: Set up temporary docker network
command: docker network create atat
- run:
name: Build image
command: docker build . -t atat:latest
- run:
name: Get storage containers
command: docker pull postgres:latest && docker pull redis:latest
- run:
name: Start redis
command: docker run -d --network atat --link redis:redis -p 6379:6379 --name redis redis:latest
command: docker run -d --network atat --link redis:redis -p 6379:6379 --name redis circleci/redis:4-alpine3.8
- run:
name: Start postgres
command: docker run -d --network atat --link postgres:postgres -p 5432:5432 --name postgres postgres:latest
command: docker run -d --network atat --link postgres:postgres -p 5432:5432 --name postgres circleci/postgres:10-alpine-ram
- run:
name: Start application container
command: |
@ -199,14 +144,38 @@ jobs:
--network atat \
ghostinspector/test-runner-standalone:latest
azure-migration:
executor: azure-aks/default
steps:
- migration_setup:
container_image: "$AZURE_SERVER_NAME/atat:atat-$CIRCLE_SHA1"
- azure-aks/update-kubeconfig-with-credentials:
cluster-name: atat-cluster
install-kubectl: true
perform-login: true
resource-group: atat
- migration_apply
# the azure-acr orb doesn't allow for multiple tags in the
# build-and-push-image step, so instead we wrap our own job around it and run
# some additional Docker commands
azure-build-and-push-image:
executor: azure-acr/default
steps:
- azure-acr/build-and-push-image:
extra-build-args: "--build-arg CSP=azure"
login-server-name: "${AZURE_SERVER_NAME}"
registry-name: pwatat
repo: atat
tag: "atat-${CIRCLE_SHA1}"
- run: "docker tag ${AZURE_SERVER_NAME}/atat:atat-${CIRCLE_SHA1} ${AZURE_SERVER_NAME}/atat:latest"
- run: "docker push ${AZURE_SERVER_NAME}/atat:latest"
workflows:
version: 2
run-tests:
jobs:
- app_setup
- test:
requires:
- app_setup
- test
- integration-tests:
requires:
- test
@ -266,62 +235,3 @@ workflows:
branches:
only:
- master
- aws-ecr/build-and-push-image:
extra-build-args: "--build-arg CSP=aws"
repo: atat
tag: "atat-${CIRCLE_SHA1},latest"
requires:
- integration-tests
filters:
branches:
only:
- master
- aws-migration:
requires:
- aws-ecr/build-and-push-image
filters:
branches:
only:
- master
- aws-eks/update-container-image:
cluster-name: atat
container-image-updates: "atst=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
namespace: atat
resource-name: deployment.apps/atst
aws-region: "${AWS_REGION}"
# uncomment below for debugging
# show-kubectl-command: true
requires:
- aws-migration
filters:
branches:
only:
- master
- aws-eks/update-container-image:
cluster-name: atat
container-image-updates: "atst-worker=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
namespace: atat
resource-name: deployment.apps/atst-worker
aws-region: "${AWS_REGION}"
# uncomment below for debugging
# show-kubectl-command: true
requires:
- aws-migration
filters:
branches:
only:
- master
- aws-eks/update-container-image:
cluster-name: atat
container-image-updates: "atst-beat=${AWS_ECR_ACCOUNT_URL}/atat:atat-${CIRCLE_SHA1}"
namespace: atat
resource-name: deployment.apps/atst-beat
aws-region: "${AWS_REGION}"
# uncomment below for debugging
# show-kubectl-command: true
requires:
- aws-migration
filters:
branches:
only:
- master