pezkuwichain/pezkuwi-telemetry
1
0
Fork 0
mirror of https://github.com/pezkuwichain/pezkuwi-telemetry.git synced 2026-05-31 07:01:06 +00:00
Code Issues Packages Projects Releases Wiki Activity

Change CI to use Vault secrets (#400)

Browse Source
This commit is contained in:
Sergejs Kostjucenko
2021-09-15 12:59:32 +03:00
committed by GitHub
parent 0b0cec0512
commit e0ad18a5ad
1 changed files with 18 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitlab-ci.yml
+18 -4
View File
@@ -4,11 +4,23 @@ variables:
BACKEND_IMAGE_FULL_NAME: "${BACKEND_CONTAINER_REPO}:${CI_COMMIT_SHORT_SHA}-beta" BACKEND_IMAGE_FULL_NAME: "${BACKEND_CONTAINER_REPO}:${CI_COMMIT_SHORT_SHA}-beta"
FRONTEND_IMAGE_FULL_NAME: "${FRONTEND_CONTAINER_REPO}:${CI_COMMIT_SHORT_SHA}-beta" FRONTEND_IMAGE_FULL_NAME: "${FRONTEND_CONTAINER_REPO}:${CI_COMMIT_SHORT_SHA}-beta"
KUBE_NAMESPACE: "substrate-telemetry" KUBE_NAMESPACE: "substrate-telemetry"
VAULT_SERVER_URL: "https://vault.parity-mgmt-vault.parity.io"
VAULT_AUTH_PATH: "gitlab-parity-io-jwt"
VAULT_AUTH_ROLE: "cicd_gitlab_parity_${CI_PROJECT_NAME}"
stages: stages:
- dockerize - dockerize
- staging - staging
.vault-secrets: &vault-secrets
secrets:
DOCKER_HUB_USER:
vault: cicd/gitlab/parity/DOCKER_HUB_USER@kv
file: false
DOCKER_HUB_PASS:
vault: cicd/gitlab/parity/DOCKER_HUB_PASS@kv
file: false
.dockerize: &dockerize .dockerize: &dockerize
stage: dockerize stage: dockerize
image: quay.io/buildah/stable image: quay.io/buildah/stable
@@ -45,24 +57,26 @@ stages:
dockerize-backend: dockerize-backend:
<<: *dockerize <<: *dockerize
<<: *vault-secrets
script: script:
- echo "Building image $BACKEND_IMAGE_FULL_NAME" - echo "Building image $BACKEND_IMAGE_FULL_NAME"
- buildah bud - buildah bud
--format=docker --format=docker
--tag "$BACKEND_IMAGE_FULL_NAME" ./backend/ --tag "$BACKEND_IMAGE_FULL_NAME" ./backend/
- echo ${Docker_Hub_Pass_Parity} | - echo ${DOCKER_HUB_PASS} |
buildah login --username ${Docker_Hub_User_Parity} --password-stdin docker.io buildah login --username ${DOCKER_HUB_USER} --password-stdin docker.io
- buildah push --format=v2s2 "$BACKEND_IMAGE_FULL_NAME" - buildah push --format=v2s2 "$BACKEND_IMAGE_FULL_NAME"
dockerize-frontend: dockerize-frontend:
<<: *dockerize <<: *dockerize
<<: *vault-secrets
script: script:
- echo "Building image $FRONTEND_IMAGE_FULL_NAME" - echo "Building image $FRONTEND_IMAGE_FULL_NAME"
- buildah bud - buildah bud
--format=docker --format=docker
--tag "$FRONTEND_IMAGE_FULL_NAME" ./frontend/ --tag "$FRONTEND_IMAGE_FULL_NAME" ./frontend/
- echo ${Docker_Hub_Pass_Parity} | - echo ${DOCKER_HUB_PASS} |
buildah login --username ${Docker_Hub_User_Parity} --password-stdin docker.io buildah login --username ${DOCKER_HUB_USER} --password-stdin docker.io
- buildah push --format=v2s2 "$FRONTEND_IMAGE_FULL_NAME" - buildah push --format=v2s2 "$FRONTEND_IMAGE_FULL_NAME"
deploy-parity-stg: deploy-parity-stg: