Merge pull request #165 from ESGF/future-architecture

# Default environment values used by ESGF/Docker

# Note that any value defined in the shell takes precedence over values defined in this file.

ESGF_HUB=esgfhub

ESGF_PREFIX=

ESGF_VERSION=latest

_site/

.project

.vscode

.python-version

.vagrant

kubeconfig

 No newline at end of file

stages:

  - build-1

  - build-2

  - build-3

  - build-4

variables:

  # By default, push to the esgfdeploy organisation on Docker Hub using the esgfci user

  # The password should be set as a CI/CD variable in the GitLab interface

  REGISTRY: docker.io

  REGISTRY_USER: esgfci

  REPOSITORY_BASE: esgfdeploy

# Base for Docker-in-Docker jobs

# Sets up authentication with the configured registry, which defaults to Docker Hub

.dind:

  services:

    - docker:19.03-dind

  image: docker:19.03

  variables:

    DOCKER_HOST: tcp://docker:2375

    DOCKER_TLS_CERTDIR: ""

  before_script:

    - docker info

    # Allow the password to come from a file

    - test -z "$REGISTRY_PASSWORD" && test -f "$REGISTRY_PASSWORD_FILE" && REGISTRY_PASSWORD="$(cat "$REGISTRY_PASSWORD_FILE")"

    # Also allow the password to be base64 encoded (GitLab masked variables must be base64-encoded)

    - test -z "$REGISTRY_PASSWORD" && test -n "$REGISTRY_PASSWORD_B64" && REGISTRY_PASSWORD="$(echo -n "$REGISTRY_PASSWORD_B64" | base64 -d)"

    # If there is still no password, bail

    - test -z "$REGISTRY_PASSWORD" && echo "REGISTRY_PASSWORD is required" 1>&2 && exit 1

    - docker login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $REGISTRY

# Base for Docker build jobs

# Build and push a Docker image to the primary registry, which defaults to Docker Hub

.docker-build:

  extends: .dind

  script:

    # Use the basename of the context directory as the image name

    - IMAGE_NAME="${IMAGE_NAME:-"$(basename $CONTEXT_DIR)"}"

    - REPOSITORY="${REPOSITORY:-"$REPOSITORY_BASE/$IMAGE_NAME"}"

    # Set build args so that child images pick up the correct parents

    - export BUILD_ARG_ESGF_REPOSITORY_BASE="$REPOSITORY_BASE"

    - export BUILD_ARG_ESGF_IMAGES_VERSION="$CI_COMMIT_SHORT_SHA"

    # Use the latest build for the branch and the latest build for master as cache sources

    - LATEST="$REPOSITORY:latest"

    - LATEST_BRANCH="$REPOSITORY:$CI_COMMIT_REF_SLUG"

    - docker pull $LATEST || true

    - docker pull $LATEST_BRANCH || true

    - DOCKER_ARGS="--cache-from $LATEST --cache-from $LATEST_BRANCH"

    # Build and push with the short commit SHA as a tag

    - DOCKER_ARGS="$DOCKER_ARGS --tag $REPOSITORY:$CI_COMMIT_SHORT_SHA"

    # Use any environment variable starting with BUILD_ARG_ as a build arg

    - BUILD_ARGS=$(env | grep -e "^BUILD_ARG_" | awk -F '=' '{ print $1 }' || true)

    - for arg in $BUILD_ARGS; do DOCKER_ARGS="$DOCKER_ARGS --build-arg ${arg:10}=$(eval "echo \$$arg")"; done

    # Build the image

    - docker build $DOCKER_ARGS $DOCKER_EXTRA_ARGS $CONTEXT_DIR

    # Retag the image

    #   Always tag with the slugified branch/tag name

    - docker tag "$REPOSITORY:$CI_COMMIT_SHORT_SHA" "$REPOSITORY:$CI_COMMIT_REF_SLUG"

    #   If building for a tag, add the Git tag to the Docker tags verbatim

    - test -n "$CI_COMMIT_TAG" && docker tag "$REPOSITORY:$CI_COMMIT_SHORT_SHA" "$REPOSITORY:$CI_COMMIT_TAG"

    #   If building master, also tag latest

    - test "$CI_COMMIT_REF_NAME" == "master" && docker tag "$REPOSITORY:$CI_COMMIT_SHORT_SHA" "$REPOSITORY:latest"

    # Push all tags

    - docker push $REPOSITORY

  only:

    # Only run build jobs for branches in the repo, not MRs

    refs:

      - branches

    # Only run build jobs if there is a change to the images or the build

    changes:

      - .gitlab-ci.yml

      - images/**/*

  except:

    # Exclude any branches that correspond to external PRs

    - external_pull_requests

build:base:

  extends: .docker-build

  stage: build-1

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/base

build:jdk:

  extends: .docker-build

  stage: build-2

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/jdk

  needs: ["build:base"]

build:jre:

  extends: .docker-build

  stage: build-2

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/jre

  needs: ["build:base"]

build:rsync:

  extends: .docker-build

  stage: build-2

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/rsync

  needs: ["build:base"]

build:nginx:

  extends: .docker-build

  stage: build-2

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/nginx

  needs: ["build:base"]

build:conda:

  extends: .docker-build

  stage: build-2

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/conda

  needs: ["build:base"]

build:search-builder:

  extends: .docker-build

  stage: build-3

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/search-builder

  needs: ["build:jdk"]

build:solr:

  extends: .docker-build

  stage: build-3

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/solr

  needs: ["build:jre"]

build:tomcat:

  extends: .docker-build

  stage: build-3

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/tomcat

  needs: ["build:jre"]

build:python-build:

  extends: .docker-build

  stage: build-3

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/python-build

  needs: ["build:conda"]

build:django:

  extends: .docker-build

  stage: build-3

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/django

  needs: ["build:conda"]

build:search:

  extends: .docker-build

  stage: build-4

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/search

  needs: ["build:search-builder", "build:tomcat"]

build:thredds:

  extends: .docker-build

  stage: build-4

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/thredds

  needs: ["build:jdk", "build:tomcat"]

build:auth-service:

  extends: .docker-build

  stage: build-4

  variables:

    CONTEXT_DIR: $CI_PROJECT_DIR/images/auth-service

  needs: ["build:python-build", "build:django"]

sudo: required

services:

  - docker

addons:

  apt:

    packages:

      - docker-ce

branches:

  only:

    - master

    - devel

script:

  - |

    function periodic_echo {

        while true; do

            sleep 60

            echo "Ensuring execution continues..."

        done

    }

    function keep_alive {

        periodic_echo &

        local echo_pid=$!

        $@ &

        local command_pid=$!

        wait $command_pid

        local command_status=$?

        kill -9 $echo_pid

        if [ "$command_status" -ne "0" ]; then

            exit $command_status

        fi

        return 0

    }

    # If the build is for a tag, use that as the image tag

    # If not, use the output of git-describe

    export ESGF_VERSION="${TRAVIS_TAG:-"$(git describe --always --tags)"}"

    keep_alive docker-compose build

    # If this is a pull request, we are done - all we wanted to do is check it builds

    if [ "$TRAVIS_PULL_REQUEST" != "false" ]; then

        echo "PR #${TRAVIS_PULL_REQUEST} built successfully - exiting"

        exit

    fi

    # If it is not a pull request, then push the tag to Docker Hub

    echo "$DOCKER_PASSWORD" | docker login -u "$DOCKER_USERNAME" --password-stdin

    keep_alive docker-compose push

    # If building master, retag with "latest" and push to Docker Hub

    # If building devel, retag with "devel" and push to Docker Hub

    # Any other branch (which shouldn't happen due to the whitelist above), we are done

    if [ "$TRAVIS_BRANCH" = "master" ]; then

        export ESGF_VERSION="latest"

    elif [ "$TRAVIS_BRANCH" = "devel" ]; then

        export ESGF_VERSION="devel"

    else

        exit

    fi

    keep_alive docker-compose build

    keep_alive docker-compose push

notifications:

  email: false

  slack:

    secure: v3c0zFQbSa5D+tE6CpMZwztWCt7jYeMZeQlgwCrGHCTWduCQhbeeHjzjWLyqqEag/ecvm2k40zWOSFF9HBDwStnXDaW0LmRRhtAQgapNlCvtAxa5IQhTcPtMfki0CrA8xj58SCfHdGbVDRquwNUuvahlhg45ddJBO1mw8hrMS1KRutE3AAZUVTdVJ2N7D6x7qA7i2hKVKjGfGlmHN+eA5ja/nW0J28XRKRXX6ztfelWIy7RNMWnhy/bsjkHNeiaIV6UztTKRi0mIzZSu/DXGM9VvrUleNUTqn/w/CumNnIh+Oboktl1jarGojnW0njRPqZbQ0Xm9mxc/vAcA0vFjLUVdae/fTNKojW2j8GZ2dOf9bFabdLflup6KAlF1+8PoSW9vDtSquYt8Ez1KpTm5YxkwGtf74KklEzDNqVoCrOK8uZWYOd05g0A32FbRZDlPGdouk1oz8Tw0ShOTtUd96pd69l8PsViXN7PkLh8UQ3yQv8E/A3Y7SHYUnFbQPN0uANwhqE9S0m9X/FQHRL2KGNXdnBTUKXaa7nRGxol57lXwWTIQbRwyBfYQf174yfMroZZO12lhmdBDzau5gtKBnPt33lbbjoGQBgRrF2zWukRKuMWOg8H8UiHMgJhcK6MFfMQeB/B0SOw/3t3sLGNm/1grbkiS/8lOOs1d2ZBdK5s=