-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
86 lines (79 loc) · 2.37 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
image: ubuntu:latest
stages:
- setup
- push_in_vault
- add_vault_lookups
- push_changes
variables:
VAULT_TOKEN: "$VAULT_TOKEN"
VAULT_URL: "http://127.0.0.1:8200"
KOLLA_CONFIG_PATH: "etc/kolla"
GIT_USER_NAME: "GitLab CI"
GIT_USER_EMAIL: "ci@example.com"
compile:
stage: setup
before_script:
- apt-get update -qq && apt-get install -y -qq python3-pip golang
- go mod init kolla-export-vault || true
- go get github.com/hashicorp/vault/api
- go get gopkg.in/yaml.v2
script:
- go build -o store_kolla_passwords store_kolla_passwords.go
- go build -o replace_kolla_passwords replace_kolla_passwords.go
artifacts:
paths:
- store_kolla_passwords
- replace_kolla_passwords
kolla_genpwd:
stage: setup
before_script:
- apt-get update -qq && apt-get install -y -qq python3-pip
- pip3 install kolla-ansible ansible --break-system-packages
- cp /usr/local/share/kolla-ansible/etc_examples/kolla/passwords.yml $KOLLA_CONFIG_PATH/passwords.yml
script:
- kolla-genpwd
artifacts:
paths:
- $KOLLA_CONFIG_PATH/passwords.yml
push_in_vault:
stage: push_in_vault
script:
- ./store_kolla_passwords
when: manual
rules:
- if: '$CI_COMMIT_TAG == "KOLLA_BOOTSTRAP"'
- if: '$VAULT_PATH != "production"'
- when: never
needs: ["compile", "kolla_genpwd"]
add_vault_lookups:
stage: add_vault_lookups
script:
- ./replace_kolla_passwords
when: manual
rules:
- if: '$CI_COMMIT_TAG == "KOLLA_BOOTSTRAP"'
- if: '$VAULT_PATH != "production"'
- when: never
artifacts:
paths:
- $KOLLA_CONFIG_PATH/passwords.yml
needs: ["compile", "kolla_genpwd", "push_in_vault"]
push_changes:
stage: push_changes
before_script:
- apt-get update -qq && apt-get install -y -qq git
script:
- git config --global user.email "$GIT_USER_EMAIL"
- git config --global user.name "$GIT_USER_NAME"
- git reset --hard origin/main
- BRANCH_NAME="update-passwords-$(date +'%Y%m%d')"
- git checkout -b "$BRANCH_NAME"
- git add $KOLLA_CONFIG_PATH/passwords.yml
- git commit -m "Add protected passwords.yml"
- git push -u https://gitlab-ci-token:${PROJECT_ACCESS_TOKEN}@${CI_SERVER_HOST}/${CI_PROJECT_PATH}.git $BRANCH_NAME
when: manual
rules:
- if: '$CI_COMMIT_TAG == "KOLLA_BOOTSTRAP"'
- if: '$VAULT_PATH != "production"'
- when: never
needs: ["add_vault_lookups"]