kubespray/.gitlab-ci.yml

---
stages:
  - unit-tests
  - moderator
  - deploy-part1
  - deploy-part2
  - deploy-special

variables:
  FAILFASTCI_NAMESPACE: 'kargo-ci'
  GITLAB_REPOSITORY: 'kargo-ci/kubernetes-sigs-kubespray'
  # DOCKER_HOST: tcp://localhost:2375
  ANSIBLE_FORCE_COLOR: "true"
  MAGIC: "ci check this"
  TEST_ID: "$CI_PIPELINE_ID-$CI_BUILD_ID"
  CI_TEST_VARS: "./tests/files/${CI_JOB_NAME}.yml"
  GS_ACCESS_KEY_ID: $GS_KEY
  GS_SECRET_ACCESS_KEY: $GS_SECRET
  CONTAINER_ENGINE: docker
  SSH_USER: root
  GCE_PREEMPTIBLE: "false"
  ANSIBLE_KEEP_REMOTE_FILES: "1"
  ANSIBLE_CONFIG: ./tests/ansible.cfg
  ANSIBLE_INVENTORY: ./inventory/sample/${CI_JOB_NAME}-${BUILD_NUMBER}.ini
  IDEMPOT_CHECK: "false"
  RESET_CHECK: "false"
  UPGRADE_TEST: "false"
  LOG_LEVEL: "-vv"

# asia-east1-a
# asia-northeast1-a
# europe-west1-b
# us-central1-a
# us-east1-b
# us-west1-a

before_script:
  - /usr/bin/python -m pip install -r tests/requirements.txt
  - mkdir -p /.ssh

.job: &job
  tags:
    - kubernetes
    - docker
  image: quay.io/kubespray/kubespray:v2.9.0

.docker_service: &docker_service
  services:
    - docker:dind

.create_cluster: &create_cluster
  <<: *job
  <<: *docker_service

.testcases: &testcases
  <<: *job
  <<: *docker_service
  cache:
    key: "$CI_BUILD_REF_NAME"
    paths:
      - downloads/
      - $HOME/.cache
  before_script:
    - docker info
    - /usr/bin/python -m pip install -r requirements.txt
    - /usr/bin/python -m pip install -r tests/requirements.txt
    - mkdir -p /.ssh
    - mkdir -p $HOME/.ssh
    - ansible-playbook --version
    - export PYPATH=$([[ ! "$CI_JOB_NAME" =~ "coreos" ]] && echo /usr/bin/python || echo /opt/bin/python)
    - echo "CI_JOB_NAME is $CI_JOB_NAME"
    - echo "PYPATH is $PYPATH"
  script:
    - pwd
    - ls
    - echo ${PWD}
    - echo "${STARTUP_SCRIPT}"
    - cd tests && make create-${CI_PLATFORM} -s ; cd -

    # Check out latest tag if testing upgrade
    - test "${UPGRADE_TEST}" != "false" && git fetch --all && git checkout $(git describe --tags $(git rev-list --tags --max-count=1))
    # Checkout the CI vars file so it is available
    - test "${UPGRADE_TEST}" != "false" && git checkout "${CI_BUILD_REF}" tests/files/${CI_JOB_NAME}.yml
    # Workaround https://github.com/kubernetes-sigs/kubespray/issues/2021
    - 'sh -c "echo ignore_assert_errors: true | tee -a tests/files/${CI_JOB_NAME}.yml"'


    # Create cluster
    - >
      ansible-playbook
      -i ${ANSIBLE_INVENTORY}
      -b --become-user=root
      --private-key=${HOME}/.ssh/id_rsa
      -u $SSH_USER
      ${SSH_ARGS}
      ${LOG_LEVEL}
      -e @${CI_TEST_VARS}
      -e ansible_ssh_user=${SSH_USER}
      -e local_release_dir=${PWD}/downloads
      --limit "all:!fake_hosts"
      cluster.yml

    # Repeat deployment if testing upgrade
    - >
      if [ "${UPGRADE_TEST}" != "false" ]; then
      test "${UPGRADE_TEST}" == "basic" && PLAYBOOK="cluster.yml";
      test "${UPGRADE_TEST}" == "graceful" && PLAYBOOK="upgrade-cluster.yml";
      git checkout "${CI_BUILD_REF}";
      ansible-playbook
      -i ${ANSIBLE_INVENTORY}
      -b --become-user=root
      --private-key=${HOME}/.ssh/id_rsa
      -u $SSH_USER
      ${SSH_ARGS}
      ${LOG_LEVEL}
      -e @${CI_TEST_VARS}
      -e ansible_ssh_user=${SSH_USER}
      -e local_release_dir=${PWD}/downloads
      --limit "all:!fake_hosts"
      $PLAYBOOK;
      fi

    # Tests Cases
    ## Test Master API
    - ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/010_check-apiserver.yml $LOG_LEVEL

    ## Ping the between 2 pod
    - ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/030_check-network.yml $LOG_LEVEL

    ## Advanced DNS checks
    - ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH} -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root --limit "all:!fake_hosts" tests/testcases/040_check-network-adv.yml $LOG_LEVEL

    ## Idempotency checks 1/5 (repeat deployment)
    - >
      if [ "${IDEMPOT_CHECK}" = "true" ]; then
      ansible-playbook
      -i ${ANSIBLE_INVENTORY}
      -b --become-user=root
      --private-key=${HOME}/.ssh/id_rsa
      -u $SSH_USER
      ${SSH_ARGS}
      ${LOG_LEVEL}
      -e @${CI_TEST_VARS}
      -e ansible_python_interpreter=${PYPATH}
      -e local_release_dir=${PWD}/downloads
      --limit "all:!fake_hosts"
      cluster.yml;
      fi

    ## Idempotency checks 2/5 (Advanced DNS checks)
    - >
      if [ "${IDEMPOT_CHECK}" = "true" ]; then
      ansible-playbook
      -i ${ANSIBLE_INVENTORY}
      -b --become-user=root
      --private-key=${HOME}/.ssh/id_rsa
      -u $SSH_USER
      ${SSH_ARGS}
      ${LOG_LEVEL}
      -e @${CI_TEST_VARS}
      --limit "all:!fake_hosts"
      tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
      fi

    ## Idempotency checks 3/5 (reset deployment)
    - >
      if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
      ansible-playbook
      -i ${ANSIBLE_INVENTORY}
      -b --become-user=root
      --private-key=${HOME}/.ssh/id_rsa
      -u $SSH_USER
      ${SSH_ARGS}
      ${LOG_LEVEL}
      -e @${CI_TEST_VARS}
      -e ansible_python_interpreter=${PYPATH}
      -e reset_confirmation=yes
      --limit "all:!fake_hosts"
      reset.yml;
      fi

    ## Idempotency checks 4/5 (redeploy after reset)
    - >
      if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
      ansible-playbook
      -i ${ANSIBLE_INVENTORY}
      -b --become-user=root
      --private-key=${HOME}/.ssh/id_rsa
      -u $SSH_USER
      ${SSH_ARGS}
      ${LOG_LEVEL}
      -e @${CI_TEST_VARS}
      -e ansible_python_interpreter=${PYPATH}
      -e local_release_dir=${PWD}/downloads
      --limit "all:!fake_hosts"
      cluster.yml;
      fi

    ## Idempotency checks 5/5 (Advanced DNS checks)
    - >
      if [ "${IDEMPOT_CHECK}" = "true" -a "${RESET_CHECK}" = "true" ]; then
      ansible-playbook -i ${ANSIBLE_INVENTORY} -e ansible_python_interpreter=${PYPATH}
      -u $SSH_USER -e ansible_ssh_user=$SSH_USER $SSH_ARGS -b --become-user=root
      --limit "all:!fake_hosts"
      tests/testcases/040_check-network-adv.yml $LOG_LEVEL;
      fi

  after_script:
    - cd tests && make delete-${CI_PLATFORM} -s ; cd -

# For failfast, at least 1 job must be defined in .gitlab-ci.yml
# Premoderated with manual actions
ci-authorized:
  extends: .job
  stage: moderator
  before_script:
    - apt-get -y install jq
  script:
    - /bin/sh scripts/premoderator.sh
  except: ['triggers', 'master']

include:
  - .gitlab-ci/lint.yml
  - .gitlab-ci/gce.yml
  - .gitlab-ci/digital-ocean.yml
  - .gitlab-ci/terraform.yml