Commit b9d95a37 authored by Pierre Smeyers's avatar Pierre Smeyers
Browse files

Merge branch '17-auto-stop-environments' into 'master' 

Resolve "auto-stop environments"

Closes #17

See merge request to-be-continuous/gcloud!50
parents 1977ee97 14156ff1

README.md

+1 −0
Original line number Diff line number Diff line
@@ -226,6 +226,7 @@ Here are variables supported to configure review environments: 
| :lock: `GCP_REVIEW_KEY_FILE`| [Service Account key file](https://cloud.google.com/bigquery/docs/authentication/service-account-file) to authenticate on `review` env  _(only define if different from default)_    | `$GCP_KEY_FILE` |

| `GCP_REVIEW_APP_NAME`    | Application name for `review` env      | `"${GCP_BASE_APP_NAME}-${CI_ENVIRONMENT_SLUG}"` (ex: `myproject-review-fix-bug-12`) |

| `GCP_REVIEW_ENVIRONMENT_URL`| The review environments url _(only define for static environment URLs declaration and if different from default)_ | `$GCP_ENVIRONMENT_URL` |

| `GCP_REVIEW_AUTOSTOP_DURATION`| The amount of time before GitLab will automatically stop `review` environments | `4 hours` |



### Integration environment configuration

kicker.json

+5 −0
Original line number Diff line number Diff line
@@ -59,6 +59,11 @@ 
          "description": "The application name for review env (only define if different from global)",

          "advanced": true

        },

        {

          "name": "GCP_REVIEW_AUTOSTOP_DURATION",

          "description": "The amount of time before GitLab will automatically stop `review` environments",

          "default": "4 hours"

        },

        {

          "name": "GCP_REVIEW_ENVIRONMENT_URL",

          "type": "url",

templates/gitlab-ci-gcloud.yml

+19 −26
Original line number Diff line number Diff line
@@ -45,7 +45,9 @@ variables: 
  GCP_SCRIPTS_DIR: "."

  

  GCP_BASE_APP_NAME: "$CI_PROJECT_NAME"

  # deprecated, backward compatibility

  GCP_REVIEW_ENVIRONMENT_SCHEME: "https"

  GCP_REVIEW_AUTOSTOP_DURATION: "4 hours"



  # default: one-click deploy

  GCP_PROD_DEPLOY_STRATEGY: manual
@@ -275,10 +277,9 @@ stages: 
  

  # Google Cloud Authentication

  function gcp_auth() {

    gcp_key_file="$1"

    oidc_provider="$2"

    oidc_account="$3"



    gcp_key_file=${ENV_KEY_FILE:-$GCP_KEY_FILE}

    oidc_provider=${ENV_OIDC_PROVIDER:-$GCP_OIDC_PROVIDER}

    oidc_account=${ENV_OIDC_ACCOUNT:-$GCP_OIDC_ACCOUNT}

    if [[ "$oidc_provider" ]]

    then

      # Use Workload Identity Federation to authenticate
@@ -300,13 +301,12 @@ stages: 
    fi

  }





  # application deployment function

  function deploy() {

    export environment_type=$1

    export environment_name=$2

    export gcp_project_id=$3

    environment_url=$4

  function gcp_deploy() {

    export environment_type=$ENV_TYPE

    export environment_name=${ENV_APP_NAME:-${GCP_BASE_APP_NAME}${ENV_APP_SUFFIX}}

    export gcp_project_id=$ENV_PROJECT

    environment_url=${ENV_URL:-${GCP_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}



    # backwards compatibility

    export env=$environment_type
@@ -353,10 +353,10 @@ stages: 
  }



  # environment cleanup function

  function delete() {

    export environment_type=$1

    export environment_name=$2

    export gcp_project_id=$3

  function gcp_delete() {

    export environment_type=$ENV_TYPE

    export environment_name=${ENV_APP_NAME:-${GCP_BASE_APP_NAME}${ENV_APP_SUFFIX}}

    export gcp_project_id=$ENV_PROJECT



    # backwards compatibility

    export env=$environment_type
@@ -379,7 +379,6 @@ stages: 
    fi

  }





  # export tool functions (might be used in after_script)

  export -f log_info log_warn log_error assert_defined awkenvsubst
@@ -398,6 +397,7 @@ stages: 
  before_script:

    - *gcp-scripts

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - gcp_auth



# Deploy job prototype

# Can be extended to define a concrete environment
@@ -413,13 +413,8 @@ stages: 
  stage: deploy 

  variables:

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  before_script:

    - *gcp-scripts

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - gcp_auth "${ENV_KEY_FILE:-$GCP_KEY_FILE}" "${ENV_OIDC_PROVIDER:-$GCP_OIDC_PROVIDER}" "${ENV_OIDC_ACCOUNT:-$GCP_OIDC_ACCOUNT}"



  script:

    - deploy "$ENV_TYPE" "${ENV_APP_NAME:-${GCP_BASE_APP_NAME}${ENV_APP_SUFFIX}}" "$ENV_PROJECT" "${ENV_URL:-${GCP_ENVIRONMENT_URL:-$ENV_URL_LEGACY}}"

    - gcp_deploy

  artifacts:

    name: "$ENV_TYPE env url for $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"

    paths:
@@ -444,12 +439,8 @@ stages: 
  dependencies: []

  variables:

    ENV_APP_SUFFIX: "-$CI_ENVIRONMENT_SLUG"

  before_script:

    - *gcp-scripts

    - install_ca_certs "${CUSTOM_CA_CERTS:-$DEFAULT_CA_CERTS}"

    - gcp_auth "${ENV_KEY_FILE:-$GCP_KEY_FILE}" "${ENV_OIDC_PROVIDER:-$GCP_OIDC_PROVIDER}" "${ENV_OIDC_ACCOUNT:-$GCP_OIDC_ACCOUNT}"

  script:

    - delete "$ENV_TYPE" "${ENV_APP_NAME:-${GCP_BASE_APP_NAME}${ENV_APP_SUFFIX}}" "$ENV_PROJECT"

    - gcp_delete

  environment:

    action: stop
@@ -466,10 +457,12 @@ gcp-review: 
    ENV_OIDC_ACCOUNT: "$GCP_REVIEW_OIDC_ACCOUNT"

    ENV_KEY_FILE: "$GCP_REVIEW_KEY_FILE"

    ENV_URL: "${GCP_REVIEW_ENVIRONMENT_URL}"

    # deprecated, backward compatibility

    ENV_URL_LEGACY: "${GCP_REVIEW_ENVIRONMENT_SCHEME}://${CI_PROJECT_NAME}-${CI_ENVIRONMENT_SLUG}.${GCP_REVIEW_ENVIRONMENT_DOMAIN}"

  environment:

    name: review/$CI_COMMIT_REF_NAME

    on_stop: gcp-cleanup-review

    auto_stop_in: "$GCP_REVIEW_AUTOSTOP_DURATION"

  resource_group: review/$CI_COMMIT_REF_NAME

  rules:

    # exclude tags