Add new workflow Gitlab

.gitlab-ci.yml

@@ -0,0 +1,73 @@
+stages:
+  - checkout
+  - configure
+  - run
+
+variables:
+  FEATURES_LEVEL_LOG: "required_value"
+  CLIENT_ID: "required_value"
+  CLIENT_KEY: "required_value"
+  CLIENT_REALM: "required_value"
+  REPOSITORY_NAME: "${CI_PROJECT_NAME}"
+  AWS_ACCESS_KEY_ID: "optional_value"
+  AWS_SECRET_ACCESS_KEY: "optional_value"
+  AWS_SESSION_TOKEN: "optional_value"
+  AWS_REGION: "required_value"
+  AWS_ROLE_ARN: "optional_value"
+  RUN_TASK_ID: "required_value"
+  PATH_TO_MOUNT: "${CI_PROJECT_DIR}"
+  BASE_PATH_OUTPUT: "optional_value"
+  CONTAINER_URL: "stackspot/runtime-job-iac:latest"
+  CHECKOUT_BRANCH: "false"
+
+checkout:
+  stage: checkout
+  script:
+    - if [ "$CHECKOUT_BRANCH" != "false" ]; then git checkout $CI_COMMIT_REF_NAME; fi
+
+check_runner:
+  stage: configure
+  script:
+    - echo "🤖 OS runner is $(uname)"
+
+configure_aws_credentials:
+  stage: configure
+  script:
+    - |
+      if [ -n "$AWS_ROLE_ARN" ]; then
+        aws sts assume-role --role-arn "$AWS_ROLE_ARN" --role-session-name "GitLabCI" > /tmp/creds.json
+        export AWS_ACCESS_KEY_ID=$(jq -r '.Credentials.AccessKeyId' /tmp/creds.json)
+        export AWS_SECRET_ACCESS_KEY=$(jq -r '.Credentials.SecretAccessKey' /tmp/creds.json)
+        export AWS_SESSION_TOKEN=$(jq -r '.Credentials.SessionToken' /tmp/creds.json)
+      fi
+
+run_runtime_action_iac:
+  stage: run
+  script:
+    - |
+      FLAGS=$(echo "-v $PATH_TO_MOUNT:/app-volume \
+      -e FEATURES_LEVEL_LOG=$FEATURES_LEVEL_LOG \
+      -e AUTHENTICATE_CLIENT_ID=$CLIENT_ID \
+      -e AUTHENTICATE_CLIENT_SECRET=$CLIENT_KEY \
+      -e AUTHENTICATE_CLIENT_REALMS=$CLIENT_REALM \
+      -e AUTHENTICATE_URL=https://idm.stackspot.com \
+      -e FEATURES_API_MANAGER=https://runtime-manager.v1.stackspot.com \
+      -e REPOSITORY_NAME=$REPOSITORY_NAME \
+      -e AWS_REGION=$AWS_REGION")
+
+      if [ -z "$AWS_ROLE_ARN" ]; then
+        FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID")
+        FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY")
+        FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN")
+      fi
+
+      if [ -n "$AWS_ROLE_ARN" ]; then
+        FLAGS=$(echo "$FLAGS -e AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID")
+        FLAGS=$(echo "$FLAGS -e AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY")
+        FLAGS=$(echo "$FLAGS -e AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN")
+      fi
+
+      docker run --rm \
+      $FLAGS \
+      --entrypoint=/app/stackspot-runtime-job-iac \
+      $CONTAINER_URL start --run-task-id="$RUN_TASK_ID" --base-path-output="$BASE_PATH_OUTPUT"

README-gitlab.md

@@ -0,0 +1,31 @@
+# GitLab CI/CD Workflow for Runtime Action Iac
+
+This GitLab CI/CD workflow runs the Runtime Action Iac with the specified parameters.
+
+## Inputs
+
+The following environment variables must be configured in your GitLab CI/CD settings:
+
+- `FEATURES_LEVEL_LOG`: Log Level (required)
+- `CLIENT_ID`: CLIENT ID (required)
+- `CLIENT_KEY`: CLIENT KEY (required)
+- `CLIENT_REALM`: CLIENT REALM (required)
+- `REPOSITORY_NAME`: Git Repository Name (optional, default: `${CI_PROJECT_NAME}`)
+- `AWS_ACCESS_KEY_ID`: AWS ACCESS KEY ID from console (optional)
+- `AWS_SECRET_ACCESS_KEY`: AWS SECRET ACCESS KEY from console (optional)
+- `AWS_SESSION_TOKEN`: AWS SESSION TOKEN from console (optional)
+- `AWS_REGION`: AWS REGION (required)
+- `AWS_ROLE_ARN`: AWS ROLE ARN (optional)
+- `RUN_TASK_ID`: Runtime Run Task Id (required)
+- `PATH_TO_MOUNT`: Path to mount inside the docker (optional, default: `${CI_PROJECT_DIR}`)
+- `BASE_PATH_OUTPUT`: Base Path Output (optional)
+- `CONTAINER_URL`: IAC Container URL (optional, default: `stackspot/runtime-job-iac:latest`)
+- `CHECKOUT_BRANCH`: Whether or not checkout is enabled (optional, default: `false`)
+
+## Usage
+
+To use this workflow, add the above environment variables to your GitLab CI/CD settings and include the `.gitlab-ci.yml` file in your repository.
+
+```yaml
+include:
+  - local: '.gitlab-ci.yml'