.gitlab-ci.yml

image: ruby:2.5-slim

stages:
  - Lint Test
  - Test
  - Security Test
  - Build
  - Docker Build
  - Smoke Tests
  - Merge/Tag
  - Deploy

variables:
  DOCKER_DRIVER: overlay
  AWS_REGION: us-east-1
  CHEF_LICENSE: "accept"
  
.Rubocop:
  stage: Lint Test
  image: chef/chefdk:4.5
  script:
    - rubocop modules/
    - rubocop bin/
  allow_failure: true
  except:
    variables:
    - $IMAGE_BUILD

.Cookstyle:
  stage: Lint Test
  image: chef/chefdk:4.5
  script:
    - cookstyle cookbooks/
  allow_failure: true
  except:
    variables:
    - $IMAGE_BUILD

Foodcritic:
  stage: Lint Test
  image: chef/chefdk:4.5
  script:
    - foodcritic cookbooks/ -t ~FC075 -t ~FC015 -t ~FC034 -t ~FC122 -X firewall/*
  except:
    variables:
    - $IMAGE_BUILD

Foodcritic Deprecations:
  stage: Lint Test
  image: chef/chefdk:4.5
  script:
    - foodcritic cookbooks/ -t deprecated -t chef13 -t chef14 -t chef15 -X cokbooks/firewall/*
  except:
    variables:
    - $IMAGE_BUILD

ChefSpec:
  stage: Test
  image: chef/chefdk:4.5
  script:
    - for d in ./cookbooks/*/ ; do (cd "$d" && chef exec rspec); done
  allow_failure: true
  except:
    variables:
    - $IMAGE_BUILD

.Rspec:
  stage: Test
  before_script:
    - cat spec/azure_creds | sed -e "s/__AZURE_CLIENT_ID__/${AZURE_CLIENT_ID}/" > spec/azure_creds.tmp
    - cp spec/azure_creds.tmp spec/azure_creds
    - cat spec/azure_creds | sed -e "s/__AZURE_CLIENT_SECRET__/${AZURE_CLIENT_SECRET}/" > spec/azure_creds.tmp
    - cp spec/azure_creds.tmp spec/azure_creds
    - cat spec/mu.yaml | sed -e "s/__AZURE_DIRECTORY_ID__/${AZURE_CLIENT_SECRET}/" > spec/mu.yaml.tmp
    - cp spec/mu.yaml.tmp spec/mu.yaml
    - cat spec/mu.yaml | sed -e "s/__AZURE_CLIENT_SECRET__/${AZURE_CLIENT_SECRET}/" > spec/mu.yaml.tmp
    - cp spec/mu.yaml.tmp spec/mu.yaml
  script:
    - cd modules
    - bundle install
    - gem install rspec simplecov simplecov-console
    - cd ../
    - rspec
  after_script:
    - shred -u spec/azure_creds
    - shred -u spec/azure_creds.tmp
    - shred -u spec/mu.yaml
    - shred -u spec/mu.yaml.tmp
  allow_failure: true
  except:
    variables:
    - $IMAGE_BUILD

New_Berks:
  stage: Test
  image: chef/chefdk:4.5
  script:
    - apt-get -qq update
    - apt-get -qq install git -y
    - for d in `ls -1 ./cookbooks | grep -v '^firewall$'` ; do (echo && echo "Installing $d" && cd "cookbooks/$d" && berks install); done
    - for d in `ls -1 ./cookbooks | grep -v '^firewall$'` ; do (echo && echo "Verifying $d" && cd "cookbooks/$d" && berks verify); done
    - for d in `ls -1 ./cookbooks | grep -v '^firewall$'` ; do (echo && echo "Analyzing $d" && cd "cookbooks/$d" && berks outdated); done
  except:
    variables:
    - $IMAGE_BUILD
  
Berks:
  stage: Test
  image: chef/chefdk:4.5
  script:
    - apt-get -qq update
    - apt-get -qq install git -y
    - rm -rf Berksfile.lock
    - berks install
    - berks verify
    - berks outdated
  except:
    variables:
    - $IMAGE_BUILD

Gem Build:
  stage: Build
  script:
    - gem build cloud-mu.gemspec
  artifacts:
    paths:
    - cloud-mu-*.gem
  except:
    variables:
    - $IMAGE_BUILD

Docker Build:
  stage: Docker Build
  image: docker:stable
  services:
    - docker:19.03.5-dind
  dependencies:
    - Gem Build
  before_script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
#    - IMGS="`docker images -a --filter=dangling=true -q`"
#    - test "$IMGS" != "" && docker rmi $(docker images -a --filter=dangling=true -q)
#    - PROCS="`docker ps --filter=status=exited --filter=status=created -q`"
#    - test "$PROCS" != "" && docker rm $(docker ps --filter=status=exited --filter=status=created -q)
    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME || true
    - export MU_VERSION=$(grep '\.version' cloud-mu.gemspec | grep -o "'[^']*'" | tr -d "\'")
    - export OS=$(grep 'FROM' Dockerfile | grep -o " [a-zA-Z0-9:]*" | tr -d " " | tr ":" "-")
  script:
    - docker build --cache-from $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME -t mu .
    - docker run mu mu-configure --help
    - docker tag mu $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  only:
    - master
    - development
    - /^gem-.*$/
    - /^cicd-.*$/
    - /^docker-.*$/
    - /^hotfix-.*$/
  except:
    variables:
    - $IMAGE_BUILD
  tags: 
  - docker
  retry: 2

Parser Test With Gem:
  stage: Smoke Tests
  image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  before_script:
    - apt-get -qq update
    - myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
    - mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address=$myip --google-region=us-east4 --aws-region=us-east-1 --azure-region=eastus
  script:
    - apt-get -qq install git libyajl-dev libffi-dev libyajl2 -y
    - mu-run-tests
  only:
    - master
    - development
    - /^gem-.*$/
    - /^cicd-.*$/
    - /^hotfix-.*$/
  except:
    variables:
    - $IMAGE_BUILD

.Mu Install:
  stage: Smoke Tests
  image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  before_script:
    - myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
    - mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address=$myip --google-region=us-east4 --aws-region=us-east-1 --azure-region=eastus
  script:
    - for cloud in AWS Azure Google; do mu-deploy install/mu-master.yaml -p name=$cloud-MU-$CI_COMMIT_SHORT_SHA -p cloud=$cloud; done
  only:
  - master
  - development
  - gem-mess_with_test_kitchen
  artifacts:
    paths:
    - /tmp/ssh_debug

Test Kitchen:
  stage: Smoke Tests
  image: chef/chefdk::4.5
  before_script:
  - echo "export MU_BRANCH=$(CI_COMMIT_REF_NAME)" > ./kitchen_vars
  script:
  - kitchen test mu-install-aws-amazon2 mu-install-aws-centos-7 -c 5
  after_script:
  - kitchen destroy
  only:
  - master
  - development
  - /^hotfix-.*$/
  when: manual
  
Smoke Test:
  stage: Smoke Tests
  before_script:
    - apt-get -qq update
    - apt-get -qq -y install dnsutils
    - myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
    - mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address=$myip --google-region=us-east4 --aws-region=us-east-1 --azure-region=eastus
  script:
  - mu-upload-chef-artifacts -sn
  - mu-deploy /opt/mu/var/demo_platform/applications/gitlab-server.yml -p vpc_id=vpc-040da43493f894a8d
  tags: 
  - mu-master
  only:
  - master
  - development
  - /^hotfix-.*$/
  when: manual
  except:
    variables:
    - $IMAGE_BUILD


Gen Docs:
  stage: Merge/Tag
  image: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  before_script:
    - mkdir public/
    - mkdir -p /var/www/html/docs
    - myip="$(dig +short myip.opendns.com @resolver1.opendns.com)"
    - mu-configure -n --aws-access-key="${AWS_ACCESS_KEY_ID}" --aws-access-secret="${AWS_SECRET_ACCESS_KEY}" --azure-directory-id="${AZURE_DIRECTORY_ID}" --azure-client-id="${AZURE_CLIENT_ID}" --azure-client-secret="${AZURE_CLIENT_SECRET}" --azure-subscription="${AZURE_SUBSCIPTION_ID}" --mu-admin-email="egt-labs-dev@eglobaltech.com" --public-address="${myip}" --google-credentials-encoded="${GOOGLE_CREDS_ENCODED}" --google-region=us-east4 --google-project="egt-labs-admin" --aws-region=us-east-1 --azure-region=eastus
  script:
    - mu-gen-docs
    - mv -f /var/www/html/docs/* public/
  only:
  - master
  - development
  - gen_docs
  - /^hotfix-.*$/
  retry: 2
  artifacts:
    paths:
    - public/
  except:
    variables:
    - $IMAGE_BUILD

DockerHub Upload:
  stage: Deploy
  services:
    - docker:19.03.5-dind
  image: docker:stable
  when: on_success
  before_script:
    - export MU_VERSION=$(grep '\.version' cloud-mu.gemspec | grep -o "'[^']*'" | tr -d "\'")
    - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
    - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME mu
    - docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_PWD
  script:
    - docker tag mu egtlabs/mu:$MU_VERSION
    - docker tag mu egtlabs/mu:latest
    - docker tag mu egtlabs/mu:development
    - docker push egtlabs/mu:$MU_VERSION
    - if [ $CI_COMMIT_REF_NAME == "master" ]; then docker push egtlabs/mu:latest; fi
    - if [ $CI_COMMIT_REF_NAME == "development" ]; then  docker push egtlabs/mu:development; fi
  only:
    - master
    - development

Upload Gem:
  stage: Deploy
  script:
  - mkdir ~/.gem
  - cat .gitlab-ci/gem_credentials | sed -e "s/__RUBYGEMS_API_KEY__/${RUBYGEMS_API_KEY}/" > ~/.gem/credentials
  - chmod 0600 ~/.gem/credentials
  - gem push cloud-mu-*.gem
  - shred -u ~/.gem/credentials
  when: on_success
  dependencies:
  - Gem Build
  only:
  - master
  except:
    variables:
    - $IMAGE_BUILD

Upload Gem Manual:
  stage: Deploy
  script:
  - mkdir ~/.gem
  - cat .gitlab-ci/gem_credentials | sed -e "s/__RUBYGEMS_API_KEY__/${RUBYGEMS_API_KEY}/" > ~/.gem/credentials
  - chmod 0600 ~/.gem/credentials
  - gem push cloud-mu-*.gem
  - shred -u ~/.gem/credentials
  dependencies:
  - Gem Build
  when: manual
  only:
  - development
  - /^gem-.*$/
  - /^cicd-.*$/
  - /^hotfix-.*$/
  except:
    variables:
    - $IMAGE_BUILD

pages:
  stage: Deploy
  script:
  - ls public
  dependencies:
  - Gen Docs
  artifacts:
    paths:
    - public
  only:
  - master
  - gen_docs
  except:
    variables:
    - $IMAGE_BUILD

Base Images Linux:
  stage: Deploy
  script:
  - /opt/mu/lib/extras/generate-stock-images --clouds AWS --aws-creds egtprod --platforms centos7 rhel7
  tags:
  - mu-gitlab-runner
  only:
    variables:
    - $IMAGE_BUILD == "do_linux"

Base Images Windows:
  stage: Deploy
  script:
  - /opt/mu/lib/extras/generate-stock-images --clouds AWS --aws-creds egtprod --platforms win2k12 win2k16 win2k19
  tags:
  - mu-gitlab-runner
  only:
    variables:
    - $IMAGE_BUILD == "do_windows"