diff --git a/component_publish_ci_cd.md b/component_publish_ci_cd.md index e69de29bb2d1d6434b8b29ae775ad8c2e48c5391..c3618ccde7ec97ea30ba3a2a79fcdd43998a98c9 100644 --- a/component_publish_ci_cd.md +++ b/component_publish_ci_cd.md @@ -0,0 +1,175 @@ +# Component Publish CI/CD + +Components are published to the docker image registry to make them available for deployment. In this guide, we will show you how to add gitlab ci/cd configuration. + +**Most of these examples require to add variables in the GitLab CI/CD variables. This requires to have the necessary permissions in the GitLab project.** + +## Table of contents +- [Gitlab CI/CD configuration for docker image publishing](#gitlab-ci-cd-configuration-for-docker-image-publishing) +- [Gitlab CI/CD configuration for semantic versioning](#gitlab-ci-cd-configuration-for-semantic-versioning) +- [Gitlab CI/CD configuration with RenovateBot trigger](#gitlab-ci-cd-configuration-with-renovatebot-trigger) + +## Gitlab CI/CD configuration for docker image publishing + +The following is an example of a `.gitlab-ci.yml` file that publishes a docker image to the docker image registry. + +```yaml +# variables in the GitLab CI/CD variables: +# - CI_REGISTRY_USER for artifact.tecnalia.com +# - CI_REGISTRY_PASSWORD for artifact.tecnalia.com +# - GITLAB_TOKEN for semantic-release + +include: + # docker template + - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/gitlab-ci-docker@master + inputs: + snapshot-image: $CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG + release-image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME + dind-build-job-tags: ["docker"] + docker-publish-job-tags: ["docker"] + # https://github.com/jfrog/artifactory-user-plugins/blob/master/cleanup/cleanDockerImages/README.md + metadata: >- + --label org.opencontainers.image.url=${CI_PROJECT_URL} + --label org.opencontainers.image.source=${CI_PROJECT_URL} + --label org.opencontainers.image.title=${CI_PROJECT_PATH} + --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} + --label org.opencontainers.image.revision=${CI_COMMIT_SHA} + --label org.opencontainers.image.created=${CI_JOB_STARTED_AT} + --label com.jfrog.artifactory.retention.maxCount=4 + prod-publish-strategy: auto + hadolint-disabled: true + healthcheck-disabled: true + trivy-disabled: true + sbom-disabled: true + build-tool: dind + +variables: + CI_REGISTRY_IMAGE: emerald-docker-dev-local.artifact.tecnalia.com/amoe + GIT_LFS_SKIP_SMUDGE: "1" # We dissable lfs smudge to avoid downloading large files +``` + +## Gitlab CI/CD configuration for semantic versioning + +The following is an example of a `.gitlab-ci.yml` file that uses semantic versioning to publish a docker image to the docker image registry. + +```yaml +# variables in the GitLab CI/CD variables: +# - CI_REGISTRY_USER for artifact.tecnalia.com +# - CI_REGISTRY_PASSWORD for artifact.tecnalia.com +# - GITLAB_TOKEN for semantic-release + +include: + # docker template + - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/gitlab-ci-docker@master + inputs: + snapshot-image: $CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG + release-image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME + dind-build-job-tags: ["docker"] + docker-publish-job-tags: ["docker"] + # https://github.com/jfrog/artifactory-user-plugins/blob/master/cleanup/cleanDockerImages/README.md + metadata: >- + --label org.opencontainers.image.url=${CI_PROJECT_URL} + --label org.opencontainers.image.source=${CI_PROJECT_URL} + --label org.opencontainers.image.title=${CI_PROJECT_PATH} + --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} + --label org.opencontainers.image.revision=${CI_COMMIT_SHA} + --label org.opencontainers.image.created=${CI_JOB_STARTED_AT} + --label com.jfrog.artifactory.retention.maxCount=4 + prod-publish-strategy: auto + hadolint-disabled: true + healthcheck-disabled: true + trivy-disabled: true + sbom-disabled: true + build-tool: dind + - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/semantic-release/gitlab-ci-semrel@master + inputs: + semantic-release-job-tags: ["docker"] + auto-release-enabled: true + branches-ref: "/^(master|main)$/" + +variables: + CI_REGISTRY_IMAGE: emerald-docker-dev-local.artifact.tecnalia.com/amoe + GIT_LFS_SKIP_SMUDGE: "1" # We dissable lfs smudge to avoid downloading large files + +docker-dind-build: + variables: + GIT_SUBMODULE_STRATEGY: recursive # this repo uses submodules + GIT_SUBMODULE_DEPTH: 1 +``` + +## Gitlab CI/CD configuration with RenovateBot trigger + +The following is an example of a `.gitlab-ci.yml` file that uses semantic versioning to publish a docker image to the docker image registry and triggers RenovateBot to update the dependencies. + +```yaml +# variables in the GitLab CI/CD variables: +# - CI_REGISTRY_USER for artifact.tecnalia.com +# - CI_REGISTRY_PASSWORD for artifact.tecnalia.com +# - GITLAB_TOKEN for semantic-release + +include: + # docker template + - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/docker/gitlab-ci-docker@master + inputs: + snapshot-image: $CI_REGISTRY_IMAGE/snapshot:$CI_COMMIT_REF_SLUG + release-image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME + dind-build-job-tags: ["docker"] + docker-publish-job-tags: ["docker"] + # https://github.com/jfrog/artifactory-user-plugins/blob/master/cleanup/cleanDockerImages/README.md + metadata: >- + --label org.opencontainers.image.url=${CI_PROJECT_URL} + --label org.opencontainers.image.source=${CI_PROJECT_URL} + --label org.opencontainers.image.title=${CI_PROJECT_PATH} + --label org.opencontainers.image.ref.name=${CI_COMMIT_REF_NAME} + --label org.opencontainers.image.revision=${CI_COMMIT_SHA} + --label org.opencontainers.image.created=${CI_JOB_STARTED_AT} + --label com.jfrog.artifactory.retention.maxCount=4 + prod-publish-strategy: auto + hadolint-disabled: true + healthcheck-disabled: true + trivy-disabled: true + sbom-disabled: true + build-tool: dind + - component: git.code.tecnalia.com/smartdatalab/public/ci-cd-components/semantic-release/gitlab-ci-semrel@master + inputs: + semantic-release-job-tags: ["docker"] + auto-release-enabled: true + branches-ref: "/^(master|main)$/" + +variables: + CI_REGISTRY_IMAGE: emerald-docker-dev-local.artifact.tecnalia.com/amoe + GIT_LFS_SKIP_SMUDGE: "1" # We dissable lfs smudge to avoid downloading large files + +docker-dind-build: + variables: + GIT_SUBMODULE_STRATEGY: recursive + GIT_SUBMODULE_DEPTH: 1 + +trigger-renovate-agent: + stage: publish + trigger: + project: emerald/private/devops/renovate-agent + forward: + yaml_variables: false + needs: + - job: docker-publish + optional: true + rules: + # on tag: if semrel info not enabled or semrel integration disabled + - if: '$CI_COMMIT_TAG && ($SEMREL_INFO_ON == null || $SEMREL_INFO_ON == "" || $DOCKER_SEMREL_RELEASE_DISABLED == "true")' + when: manual + # exclude non-production branches + - if: '$CI_COMMIT_TAG && ($CI_COMMIT_REF_NAME !~ $PROD_REF)' + when: never + # exclude if snapshot is same as release image and semrel info not enabled or semrel integration disabled + - if: '$CI_COMMIT_TAG && ($DOCKER_SNAPSHOT_IMAGE == $DOCKER_RELEASE_IMAGE && ($SEMREL_INFO_ON == null || $SEMREL_INFO_ON == "" || $DOCKER_SEMREL_RELEASE_DISABLED == "true"))' + when: never + # support former variable (prevent breaking change) + - if: '$CI_COMMIT_TAG && ($PUBLISH_ON_PROD == "false")' + when: never + - if: '$CI_COMMIT_TAG && ($DOCKER_PROD_PUBLISH_STRATEGY == "manual")' + when: manual + - if: '$CI_COMMIT_TAG && ($DOCKER_PROD_PUBLISH_STRATEGY == "auto")' + when: manual +``` +