CI: Update gitlab pipeline [PREVIEW]

.gitlab-ci.yml

@@ -1,170 +1,5 @@
-stages:
-  - synchronize
-  - create
-  - build
-  - destroy
-
-################## extends ##################
-
-.terraform:
-  before_script:
-    - apt update && apt install -y --no-install-recommends --no-install-suggests git gnupg software-properties-common curl openssh-client gettext
-    - curl -fsSL https://apt.releases.hashicorp.com/gpg | apt-key add -
-    - apt-add-repository "deb [arch=amd64] https://apt.releases.hashicorp.com $(lsb_release -cs) main"
-    - apt update && apt install -y --no-install-recommends --no-install-suggests terraform
-    - cd "${CI_PROJECT_DIR}/.gitlab/terraform"
-    - |-
-      terraform init \
-        -backend-config="address=${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/terraform/state/${CI_COMMIT_REF_SLUG}_${CI_PIPELINE_ID}" \
-        -backend-config="lock_address=${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/terraform/state/${CI_COMMIT_REF_SLUG}_${CI_PIPELINE_ID}/lock" \
-        -backend-config="unlock_address=${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/terraform/state/${CI_COMMIT_REF_SLUG}_${CI_PIPELINE_ID}/lock" \
-        -backend-config="username=project_${CI_PROJECT_ID}_bot" \
-        -backend-config="password=${PROJECT_API_TOKEN}" \
-        -backend-config="lock_method=POST" \
-        -backend-config="unlock_method=DELETE" \
-        -backend-config="retry_wait_min=5"
-    - envsubst < "terraform.tfvars.template" > "terraform.tfvars"
-
-################## Includes ##################
-
 include:
-  - project: 'coopengo/devops/gitlab-ci-template'
+  - project: "coopengo/devops/gitlab-ci-template"
     ref: master
-    file: '/Jobs/reference.debian.gitlab-ci.yml'
-
-################## Jobs ##################
-
-synchronize:pipeline:
-  stage: synchronize
-  image: bitnami/git:latest
-  before_script:
-    - mkdir -p ~/.ssh
-    - chmod 700 ~/.ssh
-    - ssh-keyscan -H "${CI_SERVER_HOST}" >>~/.ssh/known_hosts
-    - cat "${SSH_KEY}" > ~/.ssh/id_rsa
-    - chmod 400 ~/.ssh/id_rsa
-    - git config --global user.email "${GITLAB_USER_EMAIL}"
-    - git config --global user.name "🤖 GitLab CI/CD 🤖"
-    - git remote set-url origin git@${CI_SERVER_HOST}:${CI_PROJECT_PATH}.git
-    - git fetch --all
-  script:
-    - |-
-      for BRANCH in $(git ls-remote --refs -h origin -l "coog-*" | cut -s -d '/' -f3 | grep -E "^(coog-[[:digit:]]{1,2}).([[:digit:]]{1,2})$" )
-      do
-        git checkout "${BRANCH}"
-        git checkout "${CI_COMMIT_SHORT_SHA}" .gitlab-ci.yml sign-client.bat .gitlab/
-        git commit -m "Merge .gitlab-ci.yml, sign-client.bat and build directory from \"${CI_COMMIT_SHORT_SHA}\"" || echo "Nothing to do"
-      done
-      git push --all
-  rules:
-    - if: '$CI_PIPELINE_SOURCE == "push" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
-      changes:
-        - ".gitlab-ci.yml"
-        - ".gitlab/**/*"
-        - "sign-client.bat"
-
-create:windows:
-  stage: create
-  image: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
-  before_script:
-    - apt update && apt install -y --no-install-recommends git
-    - |-
-      if [[ $(git tag --points-at HEAD | wc -l) -ne 1 && ${CI_PIPELINE_SOURCE} != "web" ]]
-      then
-        echo "Last commit doesn't have 1 tag, that mean there is no change"
-        echo "Pipeline stop here"
-        exit 1
-      fi
-    - !reference [.terraform, before_script]
-  script:
-    - terraform plan
-    - terraform apply --auto-approve
-    - cd "${CI_PROJECT_DIR}"
-    - |-
-      export EC2_STATE_TRY="1"
-      while [[ $(aws ec2 describe-instances --filters "Name = instance.group-name, Values = tryton-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_ID}" --query 'Reservations[*].Instances[0].State.Name' --output text) != "running" ]] &&
-            [[ "$EC2_STATE_TRY" -le "10" ]]
-      do
-        echo "Warning : Must wait 60 second minimum else ssh refuse connection"
-        echo "Instance not ready... Retry in 60 sec - ${EC2_STATE_TRY}"
-        sleep 60
-        let ++EC2_STATE_TRY
-      done
-      if [[ "$EC2_STATE_TRY" -ge "10" ]]
-      then
-        echo "Instance still not running"
-        exit 1
-      fi
-    - |-
-      export INSTANCE_IP_TRY="1"
-      while [[ "${INSTANCE_IP}" == "" ]] && [[ "${INSTANCE_IP_TRY}" -le "20" ]]
-      do
-        export INSTANCE_IP=$(aws ec2 describe-instances --filters "Name = instance.group-name, Values = tryton-${CI_COMMIT_REF_NAME}-${CI_PIPELINE_ID}" --query 'Reservations[*].Instances[0].PrivateIpAddress' --output text)
-        if [[ "${INSTANCE_IP}" == "" ]]
-        then
-          echo "INSTANCE_IP variable is empty."
-          echo "Wait 10 seconds before retry"
-          echo "Try ${INSTANCE_IP_TRY}/20"
-          sleep 10
-          (( ++INSTANCE_IP_TRY ))
-        fi
-      done
-      if [[ "$INSTANCE_IP" == "" ]]
-      then
-        echo "Couldn't get INSTANCE_IP"
-        exit 1
-      fi
-    - envsubst < "${CI_PROJECT_DIR}/.gitlab/env/tryton.env" > tryton.env
-  artifacts:
-    paths:
-      - tryton.env
-    expire_in: 2 hours
-  rules:
-    - if: $CI_COMMIT_TAG =~ /^coog-(([[:digit:]]{1,2}).([[:digit:]]{1,2}))/
-
-build:tryton_client:
-  stage: build
-  image: darkwizard242/ansible:debian-bullseye
-  variables:
-    ANSIBLE_FORCE_COLOR: "true"
-  before_script:
-    - ansible --version
-    - apt update && apt install --no-install-recommends --no-install-suggests -y git sudo openssh-client nmap
-    - source tryton.env
-    - !reference [.git_with_ssh:debian, before_script]
-  script:
-    - |-
-      export SSH_CONNECTION="1"
-      while [[ "$(nmap ${INSTANCE_IP} -Pn -p 22 | egrep -io 'open|closed|filtered')" != "open" ]] && [[ "${SSH_CONNECTION}" -le "20" ]]
-      do
-        echo "Windows server (${INSTANCE_IP}) is not available."
-        echo "Retry in 60 seconds"
-        echo "Try ${SSH_CONNECTION}/20"
-        sleep 60
-        (( ++SSH_CONNECTION ))
-      done
-    - ssh -T -o "StrictHostKeyChecking=no" administrator@"${INSTANCE_IP}" \
-        "PATH=\"${PATH}:/c/msys32/mingw32/bin\" && cd tryton && /usr/bin/git fetch --tags --all -p -f && /usr/bin/git reset --hard origin/master && /usr/bin/git clean -fd && /usr/bin/git checkout ${CI_COMMIT_REF_NAME} && source .gitlab/env/windows.env && ./win-make.sh build ${COOPENGO_SOFTWARE_CERT_PASSWORD} ${WINDOWS_USER_PASSWORD} && ./win-make.sh upload ${GITHUB_TOKEN}"
-  needs:
-    - create:windows
-  rules:
-    - if: $CI_COMMIT_TAG =~ /^coog-(([[:digit:]]{1,2}).([[:digit:]]{1,2}))/
-
-
-destroy:windows:
-  stage: destroy
-  image: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
-  before_script:
-    - !reference [.terraform, before_script]
-  script:
-    - terraform plan --refresh-only
-    - terraform destroy --auto-approve
-    - curl -s --header "Private-Token:${PROJECT_API_TOKEN}" --request DELETE "${CI_SERVER_URL}/api/v4/projects/${CI_PROJECT_ID}/terraform/state/${CI_COMMIT_REF_SLUG}_${CI_PIPELINE_ID}"
-  needs:
-    - job: build:tryton_client
-      artifacts: false
-    - job: create:windows
-      artifacts: false
-  rules:
-    - if: $CI_COMMIT_TAG =~ /^coog-(([[:digit:]]{1,2}).([[:digit:]]{1,2}))/
-      when: always
+    file:
+      - "/Project/${CI_PROJECT_NAME}/.gitlab-ci.yml"

.gitlab/terraform/main.tf → tryton/.gitlab/terraform/main.tf

@@ -40,18 +40,10 @@ module "asg_gitlab_runner_manager" {
         instance_type     = "c5a.large"
         weighted_capacity = "5"
       },
-      {
-        instance_type     = "c6i.large"
-        weighted_capacity = "4"
-      },
       {
         instance_type     = "c5n.large"
         weighted_capacity = "3"
       },
-      {
-        instance_type     = "t3.medium"
-        weighted_capacity = "2"
-      },
       {
         instance_type     = "c5.large"
         weighted_capacity = "1"
@@ -67,16 +59,12 @@ module "asg_gitlab_runner_manager" {
       ebs = {
         delete_on_termination = true
         encrypted             = false
-        volume_size           = 50
+        volume_size           = 70
         volume_type           = "gp3"
       }
     }
   ]
 
-  credit_specification = {
-    cpu_credits = "standard"
-  }
-
   network_interfaces = [
     {
       delete_on_termination       = true

.gitlab/terraform/providers.tf → tryton/.gitlab/terraform/providers.tf

@@ -12,6 +12,10 @@ terraform {
 provider "aws" {
   region = "eu-west-3"
 
+  assume_role {
+    role_arn    = "arn:aws:iam::${var.assume_role}:role/gitlab-ci"
+  }
+
 
   default_tags {
     tags = {

tryton/build/terraform/terraform.tfvars.template → tryton/.gitlab/terraform/terraform.tfvars.template

@@ -1,4 +1,5 @@
 coog_main_version = "${CI_COMMIT_REF_NAME}"
 ci_pipeline_id    = "${CI_PIPELINE_ID}"
 vpc_id            = "${AWS_GITLAB_EC2_VPCID}"
-availability_zone = "${AWS_GITLAB_EC2_AZ}"
+availability_zone = "${AWS_GITLAB_EC2_AZ}"
+assume_role       = "${AWS_ASSUME_ROLE_COOPENGO_INTERNE}"

tryton/build/terraform/variables.tf → tryton/.gitlab/terraform/variables.tf

@@ -53,4 +53,13 @@ variable "availability_zone" {
   description = "Get AWS availability_zone from Gitlab-runner. Configured on the same AZ to avoid extra billing."
   type        = string
   default     = null
-}
+}
+
+variable "assume_role" {
+  description = "Define which AWS Account assume"
+  type        = string
+  validation {
+    condition     = length(var.assume_role) >= 12
+    error_message = "Add AWS Account ID to assume"
+  }
+}