From f1b22544daf1dff2d904e6aec96f3f27f250c541 Mon Sep 17 00:00:00 2001 From: "fabiano.fernandes@stg.stackspot.com" Date: Mon, 9 Sep 2024 14:31:18 -0300 Subject: [PATCH] Add new workflow Gitlab Signed-off-by: fabiano.fernandes@stg.stackspot.com --- .gitlab-ci.yml | 73 ++++++++++++++++++++++++++++++++++++++++++++++++ README-gitlab.md | 31 ++++++++++++++++++++ 2 files changed, 104 insertions(+) create mode 100644 .gitlab-ci.yml create mode 100644 README-gitlab.md diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..7eef621 --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,73 @@ +stages: + - checkout + - configure + - run + +variables: + FEATURES_LEVEL_LOG: "required_value" + CLIENT_ID: "required_value" + CLIENT_KEY: "required_value" + CLIENT_REALM: "required_value" + REPOSITORY_NAME: "${CI_PROJECT_NAME}" + AWS_ACCESS_KEY_ID: "optional_value" + AWS_SECRET_ACCESS_KEY: "optional_value" + AWS_SESSION_TOKEN: "optional_value" + AWS_REGION: "required_value" + AWS_ROLE_ARN: "optional_value" + RUN_TASK_ID: "required_value" + PATH_TO_MOUNT: "${CI_PROJECT_DIR}" + BASE_PATH_OUTPUT: "optional_value" + CONTAINER_URL: "stackspot/runtime-job-iac:latest" + CHECKOUT_BRANCH: "false" + +checkout: + stage: checkout + script: + - if [ "$CHECKOUT_BRANCH" != "false" ]; then git checkout $CI_COMMIT_REF_NAME; fi + +check_runner: + stage: configure + script: + - echo "🤖 OS runner is $(uname)" + +configure_aws_credentials: + stage: configure + script: + - | + if [ -n "$AWS_ROLE_ARN" ]; then + aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "GitLabCI" > /tmp/creds.json + export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' /tmp/creds.json) + export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' /tmp/creds.json) + export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' /tmp/creds.json) + fi + +run_runtime_action_iac: + stage: run + script: + - | + FLAGS=$(echo "-v $PATH_TO_MOUNT:/app-volume \ + -e FEATURES_LEVEL_LOG=$FEATURES_LEVEL_LOG \ + -e AUTHENTICATE_CLIENT_ID=$CLIENT_ID \ + -e AUTHENTICATE_CLIENT_SECRET=$CLIENT_KEY \ + -e AUTHENTICATE_CLIENT_REALMS=$CLIENT_REALM \ + -e AUTHENTICATE_URL=https://idm.stackspot.com \ + -e FEATURES_API_MANAGER=https://runtime-manager.v1.stackspot.com \ + -e REPOSITORY_NAME=$REPOSITORY_NAME \ + -e AWS_REGION=$AWS_REGION") + + if [ -z "$AWS_ROLE_ARN" ]; then + FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID") + FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY") + FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN") + fi + + if [ -n "$AWS_ROLE_ARN" ]; then + FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID") + FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY") + FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN") + fi + + docker run --rm \ + $FLAGS \ + --entrypoint=/app/stackspot-runtime-job-iac \ + $CONTAINER_URL start --run-task-id="$RUN_TASK_ID" --base-path-output="$BASE_PATH_OUTPUT" \ No newline at end of file diff --git a/README-gitlab.md b/README-gitlab.md new file mode 100644 index 0000000..2dca2e5 --- /dev/null +++ b/README-gitlab.md @@ -0,0 +1,31 @@ +# GitLab CI/CD Workflow for Runtime Action Iac + +This GitLab CI/CD workflow runs the Runtime Action Iac with the specified parameters. + +## Inputs + +The following environment variables must be configured in your GitLab CI/CD settings: + +- `FEATURES_LEVEL_LOG`: Log Level (required) +- `CLIENT_ID`: CLIENT ID (required) +- `CLIENT_KEY`: CLIENT KEY (required) +- `CLIENT_REALM`: CLIENT REALM (required) +- `REPOSITORY_NAME`: Git Repository Name (optional, default: `${CI_PROJECT_NAME}`) +- `AWS_ACCESS_KEY_ID`: AWS ACCESS KEY ID from console (optional) +- `AWS_SECRET_ACCESS_KEY`: AWS SECRET ACCESS KEY from console (optional) +- `AWS_SESSION_TOKEN`: AWS SESSION TOKEN from console (optional) +- `AWS_REGION`: AWS REGION (required) +- `AWS_ROLE_ARN`: AWS ROLE ARN (optional) +- `RUN_TASK_ID`: Runtime Run Task Id (required) +- `PATH_TO_MOUNT`: Path to mount inside the docker (optional, default: `${CI_PROJECT_DIR}`) +- `BASE_PATH_OUTPUT`: Base Path Output (optional) +- `CONTAINER_URL`: IAC Container URL (optional, default: `stackspot/runtime-job-iac:latest`) +- `CHECKOUT_BRANCH`: Whether or not checkout is enabled (optional, default: `false`) + +## Usage + +To use this workflow, add the above environment variables to your GitLab CI/CD settings and include the `.gitlab-ci.yml` file in your repository. + +```yaml +include: + - local: '.gitlab-ci.yml' \ No newline at end of file