From 9229359a4c3bd2d7a6acb87893f594544ba1f27a Mon Sep 17 00:00:00 2001 From: Sven Ketelsen Date: Tue, 27 Jun 2023 18:52:14 +0200 Subject: [PATCH] DEV-1114 patchday: extracted harbor/maria in own stages --- .gitlab-ci.yml | 170 +++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 135 insertions(+), 35 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 6afc124..5fc685c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -16,8 +16,10 @@ stages: - run-setup - run-setup-digitalocean - run-update - - run-patchday-elastic-postgres - - run-patchday-all-k8s + - run-patchday-harbor + - run-patchday-elastic + - run-patchday-database + - run-patchday-all - run-hcloud-firewall lint-job: @@ -362,9 +364,23 @@ run-management-update-demompmx: - ssh-add -L timeout: 2h +run-patchday-harbor-devnso: + extends: .run-patchday + stage: run-patchday-harbor + resource_group: devnso + script: + - export STAGE=devnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'harbor' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" + run-patchday-elastic-devnso: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-elastic resource_group: devnso script: - export STAGE=devnso @@ -376,9 +392,9 @@ run-patchday-elastic-devnso: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" -run-patchday-postgres-devnso: +run-patchday-database-postgres-devnso: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-database resource_group: devnso script: - export STAGE=devnso @@ -390,23 +406,37 @@ run-patchday-postgres-devnso: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" +run-patchday-database-maria-devnso: + extends: .run-patchday + stage: run-patchday-database + resource_group: devnso + script: + - export STAGE=devnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" + run-patchday-all-devnso: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: devnso script: - export STAGE=devnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!harbor:!elastic:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" -run-patchday-k8s-devnso: +run-patchday-all-k8s-devnso: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: devnso script: - export STAGE=devnso @@ -418,9 +448,9 @@ run-patchday-k8s-devnso: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" -run-patchday-k8s-devscr: +run-patchday-all-k8s-devscr: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: devscr script: - export STAGE=devscr @@ -432,9 +462,23 @@ run-patchday-k8s-devscr: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "main" +run-patchday-harbor-qa: + extends: .run-patchday + stage: run-patchday-harbor + resource_group: qa + script: + - export STAGE=qa + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'harbor' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" + run-patchday-elastic-qa: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-elastic resource_group: qa script: - export STAGE=qa @@ -446,9 +490,9 @@ run-patchday-elastic-qa: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" -run-patchday-postgres-qa: +run-patchday-database-postgres-qa: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-database resource_group: qa script: - export STAGE=qa @@ -460,23 +504,37 @@ run-patchday-postgres-qa: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" +run-patchday-database-maria-qa: + extends: .run-patchday + stage: run-patchday-database + resource_group: qa + script: + - export STAGE=qa + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" + run-patchday-all-qa: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: qa script: - export STAGE=qa - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_QA}" > /tmp/vault-pass - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!harbor:!elastic:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" -run-patchday-k8s-qa: +run-patchday-all-k8s-qa: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: qa script: - export STAGE=qa @@ -488,9 +546,23 @@ run-patchday-k8s-qa: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "qa" +run-patchday-harbor-prodnso: + extends: .run-patchday + stage: run-patchday-harbor + resource_group: prodnso + script: + - export STAGE=prodnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'harbor' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + run-patchday-elastic-prodnso: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-elastic resource_group: prodnso script: - export STAGE=prodnso @@ -502,9 +574,9 @@ run-patchday-elastic-prodnso: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" -run-patchday-postgres-prodnso: +run-patchday-database-postgres-prodnso: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-database resource_group: prodnso script: - export STAGE=prodnso @@ -516,23 +588,37 @@ run-patchday-postgres-prodnso: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" +run-patchday-database-maria-prodnso: + extends: .run-patchday + stage: run-patchday-database + resource_group: prodnso + script: + - export STAGE=prodnso + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + run-patchday-all-prodnso: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: prodnso script: - export STAGE=prodnso - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_PRODNSO}" > /tmp/vault-pass - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!harbor:!elastic:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" -run-patchday-k8s-prodnso: +run-patchday-all-k8s-prodnso: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: prodnso script: - export STAGE=prodnso @@ -546,7 +632,7 @@ run-patchday-k8s-prodnso: run-patchday-all-prodwork01: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: prodwork01 script: - export STAGE=prodwork01 @@ -558,9 +644,9 @@ run-patchday-all-prodwork01: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" -run-patchday-k8s-prodwork01: +run-patchday-all-k8s-prodwork01: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: prodwork01 script: - export STAGE=prodwork01 @@ -572,9 +658,9 @@ run-patchday-k8s-prodwork01: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" -run-patchday-postgres-demompmx: +run-patchday-database-postgres-demompmx: extends: .run-patchday - stage: run-patchday-elastic-postgres + stage: run-patchday-database resource_group: demompmx script: - export STAGE=demompmx @@ -586,23 +672,37 @@ run-patchday-postgres-demompmx: rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" +run-patchday-database-maria-demompmx: + extends: .run-patchday + stage: run-patchday-database + resource_group: demompmx + script: + - export STAGE=demompmx + - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" + - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'maria' + after_script: + - rm /tmp/vault-pass + rules: + - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" + run-patchday-all-demompmx: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: demompmx script: - export STAGE=demompmx - export HETZNER_LABEL_SELECTOR="stage=${STAGE}" - echo "${ANSIBLE_VAULT_PASS_DEMOMPMX}" > /tmp/vault-pass - - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!elastic:!postgres:!k8s_cluster' + - ansible-playbook -i stage-${STAGE}-netgo-hcloud.yml patchday.yml --vault-password-file=/tmp/vault-pass -u gitlabci --limit 'all:!postgres:!maria:!k8s_cluster' after_script: - rm /tmp/vault-pass rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_BRANCH == "prodnso" -run-patchday-k8s-demompmx: +run-patchday-all-k8s-demompmx: extends: .run-patchday - stage: run-patchday-all-k8s + stage: run-patchday-all resource_group: demompmx script: - export STAGE=demompmx @@ -730,7 +830,7 @@ run-setup-digitalocean: run-patchday-devnso-digitalocean: extends: .run-ansible - stage: run-patchday-all-k8s + stage: run-patchday-all before_script: - echo "${ANSIBLE_VAULT_PASS_DEV}" > /tmp/vault-pass script: