From 41cc0478d10a59779108a9975527f3587522341d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fran=C3=A7ois=20Laurent?= <francois.laurent@posteo.net>
Date: Tue, 24 Sep 2024 16:17:51 +0200
Subject: [PATCH] ci: first pipeline

---
 .gitlab-ci.yml          | 83 +++++++++++++++++++++++++++++++++++++++++
 k8s/nyx-deployment.yaml | 21 +++++++++++
 k8s/nyx-ingress.yaml    | 14 +++++++
 k8s/nyx-service.yaml    | 11 ++++++
 4 files changed, 129 insertions(+)
 create mode 100644 .gitlab-ci.yml
 create mode 100644 k8s/nyx-deployment.yaml
 create mode 100644 k8s/nyx-ingress.yaml
 create mode 100644 k8s/nyx-service.yaml

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..d3f4f3e
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,83 @@
+variables:
+  GITLAB_PASTEUR_PROJECT_ID: 6531
+
+stages:
+  - build
+  - deploy
+
+.build-with-dind:
+  # https://dsi-docs.pasteur.cloud/docs/gitlab/cicd/docker-build/
+  stage: build
+  image: docker:24
+  before_script:
+    - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
+  script:
+    - docker build -t "$FQ_IMAGE_NAME" -f "$CONTAINERFILE" "$BUILD_CONTEXT"
+    - docker push "$FQ_IMAGE_NAME"
+
+.build-with-buildah:
+  # see https://dsi-docs.pasteur.cloud/docs/gitlab/cicd/buildah/
+  stage: build
+  image: quay.io/buildah/stable:v1.37
+  variables:
+    STORAGE_DRIVER: vfs
+    BUILDAH_FORMAT: docker
+    BUILDAH_ISOLATION: chroot
+  before_script:
+    - export REGISTRY_AUTH_FILE="$HOME/auth.json"
+    - echo "$CI_REGISTRY_PASSWORD" | buildah login -u "$CI_REGISTRY_USER" --password-stdin "$CI_REGISTRY"
+  script:
+    - buildah build -t "$FQ_IMAGE_NAME" -f "$CONTAINERFILE" "$BUILD_CONTEXT"
+    - buildah push "$FQ_IMAGE_NAME"
+
+build on gitlab.pasteur.fr:
+  extends: .build-with-buildah
+  rules:
+    - if: $CI_PROJECT_ID == $GITLAB_PASTEUR_PROJECT_ID      # gitlab.pasteur.fr only
+  variables:
+    FQ_IMAGE_NAME: "$CI_REGISTRY_IMAGE/front:$CI_COMMIT_SHORT_SHA"
+    BUILD_CONTEXT: "."
+    CONTAINERFILE: "front/Containerfile"
+
+.deploy-with-enix-toolbox:
+  stage: deploy
+  image: docker.io/enix/ci-toolbox:1.21
+  variables:
+    FQ_IMAGE_NAME: "$CI_REGISTRY_IMAGE/front:$CI_COMMIT_SHORT_SHA"
+  script:
+    - kubectl create secret
+      docker-registry registry-gitlab
+      --docker-server=registry-gitlab.pasteur.fr
+      --docker-username="$DOCKER_USER"
+      --docker-password="$DOCKER_TOKEN"
+      --docker-email=kubernetes@pasteur.fr
+      -n "$NAMESPACE"
+      --dry-run -o yaml | kubectl apply -f -
+    - envsubst < k8s/nyx-deployment.yaml | kubectl apply -n "$NAMESPACE" -f -
+    - envsubst < k8s/nyx-service.yaml | kubectl apply -n "$NAMESPACE" -f -
+    - envsubst < k8s/nyx-ingress.yaml | kubectl apply -n "$NAMESPACE" -f -
+  rules:
+    - if: $CI_PROJECT_ID == $GITLAB_PASTEUR_PROJECT_ID      # gitlab.pasteur.fr only
+
+deploy to pasteur.cloud:
+  extends: .deploy-with-enix-toolbox
+  variables:
+    NAMESPACE: "nyx-prod"
+  environment:
+    name: k8sprod-02/nyx-prod
+    url: https://nyx.pasteur.cloud
+  rules:
+    - if: $CI_COMMIT_BRANCH == "main"
+      when: manual
+
+deploy to dev.pasteur.cloud:
+  extends: .deploy-with-enix-toolbox
+  variables:
+    NAMESPACE: "nyx-dev"
+  environment:
+    name: k8sdev-01/nyx-dev
+    url: https://nyx.dev.pasteur.cloud
+  rules:
+    - if: $CI_COMMIT_BRANCH == "dev"
+      when: manual
+
diff --git a/k8s/nyx-deployment.yaml b/k8s/nyx-deployment.yaml
new file mode 100644
index 0000000..6d016a0
--- /dev/null
+++ b/k8s/nyx-deployment.yaml
@@ -0,0 +1,21 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: ${NAMESPACE}-depl
+  labels:
+    app: nyxui
+spec:
+  replicas: 1
+  selector:
+    matchLabels:
+      app: nyxui
+  template:
+    metadata:
+      labels:
+        app: nyxui
+    spec:
+      containers:
+      - name: nyxui
+        image: $FQ_IMAGE_NAME
+        ports:
+        - containerPort: 8080
diff --git a/k8s/nyx-ingress.yaml b/k8s/nyx-ingress.yaml
new file mode 100644
index 0000000..d959e16
--- /dev/null
+++ b/k8s/nyx-ingress.yaml
@@ -0,0 +1,14 @@
+apiVersion: v1
+kind: Ingress
+metadata:
+  name: ${NAMESPACE}-ingress
+spec:
+  ingressClassName: external
+  rules:
+  - host: $PUBLIC_URL
+    http:
+      paths:
+      - backend:
+          serviceName: ${NAMESPACE}-service
+          servicePort: 80
+        path: /
diff --git a/k8s/nyx-service.yaml b/k8s/nyx-service.yaml
new file mode 100644
index 0000000..cded451
--- /dev/null
+++ b/k8s/nyx-service.yaml
@@ -0,0 +1,11 @@
+apiVersion: v1
+kind: Service
+metadata:
+  name: ${NAMESPACE}-service
+spec:
+  selector:
+    app: nyxui
+  ports:
+    - protocol: TCP
+      port: 80
+      targetPort: 8080
-- 
GitLab