stages: - moderator - unit-tests - deploy-gce-part1 - deploy-gce-part2 - deploy-gce-special variables: FAILFASTCI_NAMESPACE: 'kargo-ci' # DOCKER_HOST: tcp://localhost:2375 ANSIBLE_FORCE_COLOR: "true" # asia-east1-a # asia-northeast1-a # europe-west1-b # us-central1-a # us-east1-b # us-west1-a before_script: - pip install -r tests/requirements.txt - mkdir -p /.ssh .job: &job tags: - kubernetes - docker image: quay.io/ant31/kargo:master .docker_service: &docker_service services: - docker:dind .create_cluster: &create_cluster <<: *job <<: *docker_service .gce_variables: &gce_variables GCE_USER: travis SSH_USER: $GCE_USER TEST_ID: "$CI_PIPELINE_ID-$CI_BUILD_ID" CI_TEST_VARS: "./tests/files/${CI_JOB_NAME}.yml" CONTAINER_ENGINE: docker PRIVATE_KEY: $GCE_PRIVATE_KEY GS_ACCESS_KEY_ID: $GS_KEY GS_SECRET_ACCESS_KEY: $GS_SECRET CLOUD_MACHINE_TYPE: "g1-small" GCE_PREEMPTIBLE: "false" ANSIBLE_KEEP_REMOTE_FILES: "1" ANSIBLE_CONFIG: ./tests/ansible.cfg IDEMPOT_CHECK: "false" RESET_CHECK: "false" UPGRADE_TEST: "false" KUBEADM_ENABLED: "false" LOG_LEVEL: "-vv" MAGIC: "ci check this" .gce: &gce <<: *job <<: *docker_service cache: key: "$CI_BUILD_REF_NAME" paths: - downloads/ - $HOME/.cache before_script: - docker info - pip install -r tests/requirements.txt - mkdir -p /.ssh - mkdir -p $HOME/.ssh - echo $PRIVATE_KEY | base64 -d > $HOME/.ssh/id_rsa - echo $GCE_PEM_FILE | base64 -d > $HOME/.ssh/gce - echo $GCE_CREDENTIALS > $HOME/.ssh/gce.json - chmod 400 $HOME/.ssh/id_rsa - ansible-playbook --version - export PYPATH=$([[ ! "$CI_JOB_NAME" =~ "coreos" ]] && echo /usr/bin/python || echo /opt/bin/python) - echo "CI_JOB_NAME is $CI_JOB_NAME" - echo "PYPATH is $PYPATH" script: - pwd - ls - echo ${PWD} - echo "${STARTUP_SCRIPT}" - > ansible-playbook tests/cloud_playbooks/create-gce.yml -i tests/local_inventory/hosts.cfg -c local ${LOG_LEVEL} -e gce_credentials_file=${HOME}/.ssh/gce.json -e gce_project_id=${GCE_PROJECT_ID} -e gce_service_account_email=${GCE_ACCOUNT} -e inventory_path=${PWD}/inventory/inventory.ini -e test_id=${TEST_ID} -e preemptible=$GCE_PREEMPTIBLE # Check out latest tag if testing upgrade # Uncomment when gitlab kargo repo has tags #- test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1)) - test "${UPGRADE_TEST}" != "false" && git checkout 72ae7638bcc94c66afa8620dfa4ad9a9249327ea # Checkout the CI vars file so it is available - test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml # Create cluster - > ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER ${SSH_ARGS} ${LOG_LEVEL} -e @${CI_TEST_VARS} -e ansible_python_interpreter=${PYPATH} -e ansible_ssh_user=${SSH_USER} -e local_release_dir=${PWD}/downloads --limit "all:!fake_hosts" cluster.yml # Repeat deployment if testing upgrade - > if [ "${UPGRADE_TEST}" != "false" ]; then test "${UPGRADE_TEST}" == "basic" && PLAYBOOK="cluster.yml"; test "${UPGRADE_TEST}" == "graceful" && PLAYBOOK="upgrade-cluster.yml"; git checkout "${CI_BUILD_REF}"; ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER ${SSH_ARGS} ${LOG_LEVEL} -e @${CI_TEST_VARS} -e ansible_python_interpreter=${PYPATH} -e ansible_ssh_user=${SSH_USER} -e local_release_dir=${PWD}/downloads --limit "all:!fake_hosts" $PLAYBOOK; fi # Tests Cases ## Test Master API - > ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/010_check-apiserver.yml $LOG_LEVEL -e "{kubeadm_enabled: ${KUBEADM_ENABLED}}" ## Ping the between 2 pod - ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/030_check-network.yml $LOG_LEVEL ## Advanced DNS checks - ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL ## Idempotency checks 1/5 (repeat deployment) - > if [ "${IDEMPOT_CHECK}" = "true" ]; then ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER ${SSH_ARGS} ${LOG_LEVEL} -e @${CI_TEST_VARS} -e ansible_python_interpreter=${PYPATH} -e local_release_dir=${PWD}/downloads --limit "all:!fake_hosts" cluster.yml; fi ## Idempotency checks 2/5 (Advanced DNS checks) - > if [ "${IDEMPOT_CHECK}" = "true" ]; then ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER ${SSH_ARGS} ${LOG_LEVEL} -e @${CI_TEST_VARS} --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL; fi ## Idempotency checks 3/5 (reset deployment) - > if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER ${SSH_ARGS} ${LOG_LEVEL} -e @${CI_TEST_VARS} -e ansible_python_interpreter=${PYPATH} -e reset_confirmation=yes --limit "all:!fake_hosts" reset.yml; fi ## Idempotency checks 4/5 (redeploy after reset) - > if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then ansible-playbook -i inventory/inventory.ini -b --become-user=root --private-key=${HOME}/.ssh/id_rsa -u $SSH_USER ${SSH_ARGS} ${LOG_LEVEL} -e @${CI_TEST_VARS} -e ansible_python_interpreter=${PYPATH} -e local_release_dir=${PWD}/downloads --limit "all:!fake_hosts" cluster.yml; fi ## Idempotency checks 5/5 (Advanced DNS checks) - > if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then ansible-playbook -i inventory/inventory.ini -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL; fi after_script: - > ansible-playbook -i inventory/inventory.ini tests/cloud_playbooks/delete-gce.yml -c local $LOG_LEVEL -e @${CI_TEST_VARS} -e test_id=${TEST_ID} -e gce_project_id=${GCE_PROJECT_ID} -e gce_service_account_email=${GCE_ACCOUNT} -e gce_credentials_file=${HOME}/.ssh/gce.json -e inventory_path=${PWD}/inventory/inventory.ini # Test matrix. Leave the comments for markup scripts. .coreos_calico_aio_variables: &coreos_calico_aio_variables # stage: deploy-gce-part1 MOVED_TO_GROUP_VARS: "true" .ubuntu_canal_ha_variables: &ubuntu_canal_ha_variables # stage: deploy-gce-part1 UPGRADE_TEST: "graceful" .centos_weave_kubeadm_variables: ¢os_weave_kubeadm_variables # stage: deploy-gce-part1 UPGRADE_TEST: "graceful" .ubuntu_canal_kubeadm_variables: &ubuntu_canal_kubeadm_variables # stage: deploy-gce-part1 MOVED_TO_GROUP_VARS: "true" .rhel7_weave_variables: &rhel7_weave_variables # stage: deploy-gce-part1 MOVED_TO_GROUP_VARS: "true" .centos7_flannel_addons_variables: ¢os7_flannel_addons_variables # stage: deploy-gce-part2 MOVED_TO_GROUP_VARS: "true" .debian8_calico_variables: &debian8_calico_variables # stage: deploy-gce-part2 MOVED_TO_GROUP_VARS: "true" .coreos_canal_variables: &coreos_canal_variables # stage: deploy-gce-part2 MOVED_TO_GROUP_VARS: "true" .rhel7_canal_sep_variables: &rhel7_canal_sep_variables # stage: deploy-gce-special MOVED_TO_GROUP_VARS: "true" .ubuntu_weave_sep_variables: &ubuntu_weave_sep_variables # stage: deploy-gce-special MOVED_TO_GROUP_VARS: "true" .centos7_calico_ha_variables: ¢os7_calico_ha_variables # stage: deploy-gce-special MOVED_TO_GROUP_VARS: "true" .coreos_alpha_weave_ha_variables: &coreos_alpha_weave_ha_variables # stage: deploy-gce-special MOVED_TO_GROUP_VARS: "true" .ubuntu_rkt_sep_variables: &ubuntu_rkt_sep_variables # stage: deploy-gce-part1 MOVED_TO_GROUP_VARS: "true" .ubuntu_vault_sep_variables: &ubuntu_vault_sep_variables # stage: deploy-gce-part1 MOVED_TO_GROUP_VARS: "true" .ubuntu_flannel_variables: &ubuntu_flannel_variables # stage: deploy-gce-special MOVED_TO_GROUP_VARS: "true" # Builds for PRs only (premoderated by unit-tests step) and triggers (auto) coreos-calico-aio: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *coreos_calico_aio_variables when: on_success except: ['triggers'] only: [/^pr-.*$/] coreos-calico-sep-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *coreos_calico_aio_variables when: on_success only: ['triggers'] centos7-flannel-addons: stage: deploy-gce-part2 <<: *job <<: *gce variables: <<: *gce_variables <<: *centos7_flannel_addons_variables when: on_success except: ['triggers'] only: [/^pr-.*$/] centos7-flannel-addons-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *centos7_flannel_addons_variables when: on_success only: ['triggers'] ubuntu-weave-sep: stage: deploy-gce-special <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_weave_sep_variables when: on_success except: ['triggers'] only: [/^pr-.*$/] ubuntu-weave-sep-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_weave_sep_variables when: on_success only: ['triggers'] # More builds for PRs/merges (manual) and triggers (auto) ubuntu-canal-ha: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_canal_ha_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] ubuntu-canal-ha-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_canal_ha_variables when: on_success only: ['triggers'] ubuntu-canal-kubeadm: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_canal_kubeadm_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] ubuntu-canal-kubeadm-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_canal_kubeadm_variables when: on_success only: ['triggers'] centos-weave-kubeadm: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *centos_weave_kubeadm_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] centos-weave-kubeadm-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *centos_weave_kubeadm_variables when: on_success only: ['triggers'] rhel7-weave: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *rhel7_weave_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] rhel7-weave-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *rhel7_weave_variables when: on_success only: ['triggers'] debian8-calico-upgrade: stage: deploy-gce-part2 <<: *job <<: *gce variables: <<: *gce_variables <<: *debian8_calico_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] debian8-calico-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *debian8_calico_variables when: on_success only: ['triggers'] coreos-canal: stage: deploy-gce-part2 <<: *job <<: *gce variables: <<: *gce_variables <<: *coreos_canal_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] coreos-canal-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *coreos_canal_variables when: on_success only: ['triggers'] rhel7-canal-sep: stage: deploy-gce-special <<: *job <<: *gce variables: <<: *gce_variables <<: *rhel7_canal_sep_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/,] rhel7-canal-sep-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *rhel7_canal_sep_variables when: on_success only: ['triggers'] centos7-calico-ha: stage: deploy-gce-special <<: *job <<: *gce variables: <<: *gce_variables <<: *centos7_calico_ha_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] centos7-calico-ha-triggers: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *centos7_calico_ha_variables when: on_success only: ['triggers'] # no triggers yet https://github.com/kubernetes-incubator/kargo/issues/613 coreos-alpha-weave-ha: stage: deploy-gce-special <<: *job <<: *gce variables: <<: *gce_variables <<: *coreos_alpha_weave_ha_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] ubuntu-rkt-sep: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_rkt_sep_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] ubuntu-vault-sep: stage: deploy-gce-part1 <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_vault_sep_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] ubuntu-flannel-sep: stage: deploy-gce-special <<: *job <<: *gce variables: <<: *gce_variables <<: *ubuntu_flannel_variables when: manual except: ['triggers'] only: ['master', /^pr-.*$/] # Premoderated with manual actions ci-authorized: <<: *job stage: moderator before_script: - apt-get -y install jq script: - /bin/sh scripts/premoderator.sh except: ['triggers', 'master'] syntax-check: <<: *job stage: unit-tests script: - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root cluster.yml -vvv --syntax-check - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root upgrade-cluster.yml -vvv --syntax-check - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root reset.yml -vvv --syntax-check - ansible-playbook -i inventory/local-tests.cfg -u root -e ansible_ssh_user=root -b --become-user=root extra_playbooks/upgrade-only-k8s.yml -vvv --syntax-check except: ['triggers', 'master'] yamllint: <<: *job stage: unit-tests script: - yamllint roles except: ['triggers', 'master'] tox-inventory-builder: stage: unit-tests <<: *job script: - pip install tox - cd contrib/inventory_builder && tox when: manual except: ['triggers', 'master']