Commit 159dc874 authored by Christophe Benz's avatar Christophe Benz
Browse files

Add pipelines

parent 5375a665
*.pyc
__pycache__
ansible/*.retry
\ No newline at end of file
stages:
- validate
- build
- deploy
validate_conf:
image: python:3
stage: test
stage: validate
before_script:
- pip install --requirement validation/requirements.txt
script:
- python3 validation/validate_conf.py badge_conf.toml
deploy_conf:
image: alpine:latest
stage: deploy
only:
- master
before_script:
# Install packages
- apk add openssh-client
# Load SSH agent
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_VALIDATA_SERVER" | ssh-add -
- mkdir -p ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
script:
- ssh validata@go.validata.fr "sudo systemctl restart uwsgi.service"
environment:
name: production
url: https://go.validata.fr/
build_doc:
image: python:3
stage: build
before_script:
- pip install --requirement doc/requirements.txt
script:
- python3 doc/gen_doc.py badge_conf.toml > badge.md
artifacts:
paths:
- badge.md
deploy_doc:
image: alpine:latest
stage: deploy
only:
- master
before_script:
# Install packages
- apk add git openssh-client
# Configure Git
- git config --global user.email "validata-badge@validata.fr"
- git config --global user.name "Validata Badge"
# Load SSH agent
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY_VALIDATA_DOC_REPO" | ssh-add -
- mkdir -p ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
script:
- git clone git@git.opendatafrance.net:validata/validata-doc.git
- cp badge.md validata-doc/docs
- cd validata-doc
- git add docs/badge.md
- git commit -m "Update badge documentation page" || true
- git push
environment:
name: documentation
url: https://scdl.opendatafrance.net/docs/
# Validata-badge Ansible playbooks
This directory contains Ansible playbooks useful to automate system administration tasks, required to execute GitLab CI/CD pipelines properly.
The server is supposed using Debian Stretch (the stable version as I write this).
## Install server
The [top-level playbook file](./install.yml) defines the steps to execute on the server. Run it with:
```sh
export GITLAB_API_PRIVATE_TOKEN="..." # secret, to be defined in your GitLab settings (https://git.opendatafrance.net/profile/personal_access_tokens)
export SCW_TOKEN="..." # secret, see Jailbreak passwords file. Comes from Scaleway Console (https://console.scaleway.com/account/credentials "Tokens" section; copy "Secret key")
cd ansible
# Install roles (to do only once)
ansible-galaxy install -r requirements.yml
ansible-playbook --inventory inventory --user root --limit validata install.yml
```
[defaults]
nocows = true
- name: Install and configure Validata server
hosts: all
roles:
- install
- src: peay.gitlab-ci-variables
gitlab_hostname: git.opendatafrance.net
ssh_key_email: validata-badge@validata.fr
- name: Allow user to restart uwsgi with sudo without password
template:
src: sudoers.j2
dest: /etc/sudoers.d/10-uwsgi
mode: 0440
- name: Create temporary directory for SSH keypairs
tempfile:
state: directory
register: tmp_ssh_keys_dir
delegate_to: localhost
- name: Generate SSH keypair to access Validata server
command: "ssh-keygen -f '{{ tmp_ssh_keys_dir.path }}/key_validata_server' -t rsa -C '{{ ssh_key_email }}' -b 4096"
delegate_to: localhost
- name: Generate SSH keypair to push to validata-doc
command: "ssh-keygen -f '{{ tmp_ssh_keys_dir.path }}/key_doc_repo' -t rsa -C '{{ ssh_key_email }}' -b 4096"
delegate_to: localhost
- name: Remove existing authorized key for user
lineinfile:
path: "/home/{{ validata_user }}/.ssh/authorized_keys"
state: absent
regexp: "^.+{{ ssh_key_email }}$"
ignore_errors: yes
- name: Add authorized key
authorized_key:
user: "{{ validata_user }}"
state: present
key: "{{ lookup('file', '{{ tmp_ssh_keys_dir.path }}/key_validata_server.pub') }}"
- name: Add deploy key to validata-doc
gitlab_deploy_key:
api_url: "https://{{ gitlab_hostname }}/api"
private_token: "{{ lookup('env','GITLAB_API_PRIVATE_TOKEN') }}"
project: "validata/validata-doc"
title: "validata-badge"
state: present
key: "{{ lookup('file', '{{ tmp_ssh_keys_dir.path }}/key_doc_repo.pub') }}"
can_push: yes
- name: Affect private keys to GitLab CI environment variables
include_role:
name: peay.gitlab-ci-variables
vars:
gitlab_api_url: "https://{{ gitlab_hostname }}/api/v4"
gitlab_token: "{{ lookup('env','GITLAB_API_PRIVATE_TOKEN') }}"
gitlab_ci_check_unknown: false # don't fail if other env variables are defined in GitLab CI
gitlab_ci_variables:
- project: "validata/validata-badge"
variables:
- key: SSH_PRIVATE_KEY_VALIDATA_SERVER
value: "{{ lookup('file', '{{ tmp_ssh_keys_dir.path }}/key_validata_server') }}"
- key: SSH_PRIVATE_KEY_VALIDATA_DOC_REPO
value: "{{ lookup('file', '{{ tmp_ssh_keys_dir.path }}/key_doc_repo') }}"
- name: Delete temporary directory
file:
path: "{{ tmp_ssh_keys_dir.path }}"
state: absent
delegate_to: localhost
{{ validata_user }} ALL=NOPASSWD: /bin/systemctl restart uwsgi.service
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment