variables: GIT_SUBMODULE_STRATEGY: none CI_DISPOSABLE_ENVIRONMENT: "true" DOCKER_DRIVER: overlay2 DOCKER_HOST: tcp://localhost:2375 DOCKER_TLS_CERTDIR: "" image: blockstream/gcloud-docker stages: - build - plan - deploy before_script: - TMPF=$(mktemp) || exit 1 - echo $GCLOUD_KEY > $TMPF - export GOOGLE_APPLICATION_CREDENTIALS=$TMPF - gcloud auth activate-service-account --key-file=$TMPF - gcloud auth list - gcloud --version build_ci_image: stage: build when: manual image: blockstream/satapi-builder tags: - k8s-docker services: - docker:19-dind only: - build_ci_image@satellite/ionosphere before_script: - echo $DOCKERHUB_PW | docker login -u $DOCKERHUB_USER --password-stdin script: - docker pull blockstream/satapi-builder:latest - docker build --cache-from blockstream/satapi-builder:latest -t blockstream/satapi-builder:latest -f Dockerfile.ci . - docker push blockstream/satapi-builder:latest # Run tests test_build: stage: build image: blockstream/satapi-builder tags: - k8s-docker services: - docker:19-dind only: - branches@satellite/ionosphere except: - master@satellite/ionosphere - cleanup_staging@satellite/ionosphere before_script: - export CHARGE_ROOT=$CHARGE_ROOT_CI - export REDIS_URI=$REDIS_URI_CI script: - bundle update --bundler - bundle exec rake db:create && bundle exec rake db:schema:load && bundle exec rake db:migrate - bundle exec ruby tests/tests.rb || { echo -e "Tests failed..\n Sleeping for an hour to debug."; sleep 3600; exit 1; } - echo "Tests passed!" - docker pull blockstream/satellite-api:latest - docker build --cache-from blockstream/satellite-api:latest -t blockstream/satellite-api:latest . - docker rmi blockstream/satellite-api:latest || true # Run tests and build docker images build: stage: build image: blockstream/satapi-builder tags: - k8s-docker services: - docker:19-dind only: - master@satellite/ionosphere before_script: - export CHARGE_ROOT=$CHARGE_ROOT_CI - export REDIS_URI=$REDIS_URI_CI script: - bundle update --bundler - bundle exec rake db:create && bundle exec rake db:schema:load && bundle exec rake db:migrate - bundle exec ruby tests/tests.rb || { echo "Tests failed.."; exit 1; } - echo $DOCKERHUB_PW | docker login -u $DOCKERHUB_USER --password-stdin - docker pull blockstream/satellite-api:latest - docker pull blockstream/satellite-api-sse:latest - docker build --cache-from blockstream/satellite-api:latest -f Dockerfile -t blockstream/satellite-api:latest -t blockstream/satellite-api:$CI_COMMIT_SHA . - docker push blockstream/satellite-api:latest - docker push blockstream/satellite-api:$CI_COMMIT_SHA - echo "Building Satellite API SSE image" - docker build --cache-from blockstream/satellite-api-sse:latest -f Dockerfile.sse -t blockstream/satellite-api-sse:latest -t blockstream/satellite-api-sse:$CI_COMMIT_SHA sse/ - docker push blockstream/satellite-api-sse:latest - docker push blockstream/satellite-api-sse:$CI_COMMIT_SHA # Any newly-pushed, WIP branch will be ran through plan (keep in mind docker images are using the latest tag, which may be an older one since the current commit may not match an available image) plan_satapi: stage: plan tags: - k8s only: - branches@satellite/ionosphere except: - cleanup_staging@satellite/ionosphere - build_ci_image@satellite/ionosphere - /^staging_.*/ - /^prod_.*/ - /^misc_.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select staging && terraform init -input=false && terraform plan -var "ionosphere_docker=blockstream/satellite-api:latest" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:latest" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "host=$HOST_STAGING" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS" -var "k8s_autossh_lb=$GKE_LB" -input=false) # This plan gets triggered only for miscellaneous branches/tags (i.e. tor, prometheus, etc), so make sure the branch/tag name starts with misc_ plan_misc: stage: plan tags: - k8s only: - /^misc_.*/ except: - /^misc_v.*/ script: - (echo -n "$V3_PK" > terraform/modules/tor/v3.pk) - (echo -n "$V3_PUBK" > terraform/modules/tor/v3.pubk) - (cd terraform && terraform init -input=false && terraform workspace select misc && terraform init -input=false && terraform plan -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "onion_host=$ONION_HOST" -var "prom_allowed_source_ip=$PROMETHEUS_ALLOWED_SOURCE_IP" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "satellite_lb=$SATELLITE_LB" -var "satellite_api_lb=$SATELLITE_API_LB" -var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING" -input=false) # This deploys only tags/branches starting with misc_v.* (i.e. tor, prometheus, etc) deploy_misc: stage: deploy tags: - k8s only: - /^misc_v.*/ script: - (echo -n "$V3_PK" > terraform/modules/tor/v3.pk) - (echo -n "$V3_PUBK" > terraform/modules/tor/v3.pubk) - (cd terraform && terraform init -input=false && terraform workspace select misc && terraform init -input=false && terraform apply -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "onion_host=$ONION_HOST" -var "prom_allowed_source_ip=$PROMETHEUS_ALLOWED_SOURCE_IP" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "satellite_lb=$SATELLITE_LB" -var "satellite_api_lb=$SATELLITE_API_LB" -var "satellite_api_lb_staging=$SATELLITE_API_LB_STAGING" -input=false -auto-approve) # Tag with staging_v.* to plan mainnet + LB to staging (e.g. staging_v0.1.1) plan_staging: stage: plan tags: - k8s only: - /^staging_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select staging && terraform init -input=false && terraform plan -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "host=$HOST_STAGING" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS" -var "k8s_autossh_lb=$GKE_LB" -input=false) # Tag with staging_v.* to deploy mainnet + LB to staging (e.g. staging_v0.1.1) deploy_staging: stage: deploy when: manual tags: - k8s only: - /^staging_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select staging && terraform init -input=false && terraform apply -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "host=$HOST_STAGING" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS" -var "k8s_autossh_lb=$GKE_LB" -input=false -auto-approve) # Tag with prod_v.* to plan mainnet + LB to production (e.g. prod_v0.1.1) plan_production: stage: plan tags: - k8s only: - /^prod_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select prod && terraform init -input=false && terraform plan -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "host=$HOST" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS" -var "k8s_autossh_lb=$GKE_LB" -input=false) # Tag with prod_v.* to deploy mainnet + LB to production (e.g. prod_v0.1.1) deploy_production: stage: deploy when: manual tags: - k8s only: - /^prod_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select prod && terraform init -input=false && terraform apply -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "host=$HOST" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS" -var "k8s_autossh_lb=$GKE_LB" -input=false -auto-approve) # Tag with testnet_staging_v.* to plan testnet staging (e.g. testnet_staging_v0.1.1) plan_staging_testnet: stage: plan tags: - k8s only: - /^testnet_staging_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select testnet-staging && terraform init -input=false && terraform plan -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS_TESTNET" -var "k8s_autossh_lb=$GKE_LB" -input=false) # Tag with testnet_staging_v.* to deploy testnet staging (e.g. testnet_staging_v0.1.1) deploy_staging_testnet: stage: deploy when: manual tags: - k8s only: - /^testnet_staging_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select testnet-staging && terraform init -input=false && terraform apply -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS_TESTNET" -var "k8s_autossh_lb=$GKE_LB" -input=false -auto-approve) # Tag with testnet_prod_v.* to plan testnet to production (e.g. testnet_prod_v0.1.1) plan_production_testnet: stage: plan tags: - k8s only: - /^testnet_prod_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select testnet-prod && terraform init -input=false && terraform plan -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS_TESTNET" -var "k8s_autossh_lb=$GKE_LB" -input=false) # Tag with testnet_prod_v.* to deploy testnet to production (e.g. testnet_prod_v0.1.1) deploy_production_testnet: stage: deploy when: manual tags: - k8s only: - /^testnet_prod_v.*/ script: - (cd terraform && terraform init -input=false && terraform workspace select testnet-prod && terraform init -input=false && terraform apply -var "ionosphere_docker=blockstream/satellite-api:$CI_COMMIT_SHA" -var "ionosphere_sse_docker=blockstream/satellite-api-sse:$CI_COMMIT_SHA" -var "region=$REGION" -var "zone=$ZONE" -var "instance_type=$INSTANCE_TYPE" -var "timeout=$TIMEOUT" -var "prom_service_acct=$PROM_SA" -var "opsgenie_key=$OPSGENIE_KEY" -var "public_bucket_url=$PUBLIC_BUCKET_URL" -var "private_bucket=$PRIVATE_BUCKET" -var "letsencrypt_email=$LE_EMAIL" -var "pguser=$PGUSER" -var "pgpass=$PGPASS" -var "charge_token=$CHARGE_TOKEN" -var "rpcpass=$RPCPASS_TESTNET" -var "k8s_autossh_lb=$GKE_LB" -input=false -auto-approve) # Pushing to this branch destroys the staging infrastructure cleanup_staging: stage: deploy tags: - k8s only: - cleanup_staging@satellite/ionosphere script: - (cd terraform && terraform init -input=false && terraform workspace select staging && terraform destroy -target module.blc.google_compute_instance_group_manager.blc -target module.lb.google_compute_region_instance_group_manager.satapi-lb -auto-approve) - (cd terraform && terraform init -input=false && terraform workspace select testnet-staging && terraform destroy -target module.blc.google_compute_instance_group_manager.blc -auto-approve)