Yuriy.Shikin
266 lines
8.0 KiB
YAML
266 lines
8.0 KiB
YAML
# Execute always
|
|
before_script:
|
|
- echo $GITLAB_USER_ID
|
|
- echo ${CI_COMMIT_REF_SLUG}
|
|
- id
|
|
- export BUILD_TIMESTAMP="_$(date +%Y_%j_%H%M)"
|
|
|
|
stages:
|
|
# - prepare
|
|
- lint
|
|
- build
|
|
- build_develop
|
|
- deploy
|
|
|
|
#cache:
|
|
# paths:
|
|
# - Result
|
|
|
|
variables:
|
|
GIT_SUBMODULE_STRATEGY: recursive
|
|
AWS_DEFAULT_REGION: us-east-1
|
|
BUCKET_NAME: privado-osx
|
|
SLACK_WEBHOOK: https://hooks.slack.com/services/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
|
|
SLACK_WEBHOOK_RELEASE: https://hooks.slack.com/services/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
|
|
SLACK_BOT_NAME: privado-ci
|
|
CF_DEV_URL: https://privado.dev/apps/osx
|
|
|
|
# Prepare stage
|
|
|
|
#Prepare:
|
|
# stage: prepare
|
|
# when: always
|
|
# allow_failure: false
|
|
# script:
|
|
# - chmod +x ./BuildTools/prepare.sh
|
|
# - ./BuildTools/prepare.sh
|
|
# artifacts:
|
|
# paths:
|
|
# - ./BuildTools/Creator
|
|
# expire_in: 2 hours
|
|
|
|
# Linting stage
|
|
|
|
Lint:
|
|
stage: lint
|
|
when: always
|
|
allow_failure: false
|
|
script:
|
|
- chmod +x ./BuildTools/linting.sh
|
|
- ./BuildTools/linting.sh
|
|
|
|
#Build DMG
|
|
.BuildDMG: &BuildDMG
|
|
stage: build
|
|
when: on_success
|
|
allow_failure: false
|
|
only:
|
|
- develop
|
|
- /^feature/
|
|
script:
|
|
- chmod +x ./BuildTools/create_macOS.sh
|
|
- chmod +x ./BuildTools/build_macOS.sh
|
|
- ./BuildTools/create_macOS.sh
|
|
- ./BuildTools/build_macOS.sh ${ARTIFACT_TYPE} ${BUILD_DMG_CONFIG} ${BUILD_TIMESTAMP}
|
|
# object_store:
|
|
# enabled: true
|
|
# remote_directory: ${BUCKET_NAME}
|
|
# connection:
|
|
# provider: AWS
|
|
# region: ${AWS_DEFAULT_REGION}
|
|
# aws_access_key_id: ${AWS_ACCESS_KEY_ID}
|
|
# aws_secret_access_key: ${AWS_SECRET_ACCESS_KEY}
|
|
|
|
BuildDevelopDmg:
|
|
variables:
|
|
BUILD_DMG_CONFIG: ""
|
|
ARTIFACT_TYPE: "Develop"
|
|
<<: *BuildDMG
|
|
stage: build_develop
|
|
artifacts:
|
|
paths:
|
|
- ./Develop/Update
|
|
expire_in: 3 days
|
|
|
|
BuildPrestageDmg:
|
|
variables:
|
|
BUILD_DMG_CONFIG: "PRODUCTION"
|
|
ARTIFACT_TYPE: "Prestage"
|
|
<<: *BuildDMG
|
|
artifacts:
|
|
paths:
|
|
- ./Prestage/Update
|
|
expire_in: 3 days
|
|
|
|
BuildProductionDmg:
|
|
variables:
|
|
BUILD_DMG_CONFIG: "PRODUCTION"
|
|
ARTIFACT_TYPE: "Production"
|
|
<<: *BuildDMG
|
|
only:
|
|
- master
|
|
- tags
|
|
artifacts:
|
|
paths:
|
|
- ./Update
|
|
expire_in: 3 mos
|
|
|
|
DeployPrestage:
|
|
stage: deploy
|
|
when: on_success
|
|
only:
|
|
- develop
|
|
allow_failure: false
|
|
dependencies:
|
|
- BuildDevelopDmg
|
|
- BuildPrestageDmg
|
|
before_script:
|
|
- export PATH=~/Library/Python/2.7/bin:$PATH
|
|
variables:
|
|
API_DEV: "*DEV-API*"
|
|
ARTIFACT_DEV: "Develop"
|
|
API_PROD: "*PROD-API*"
|
|
ARTIFACT_PROD: "Prestage"
|
|
script:
|
|
- pwd -P
|
|
- aws s3 cp ./${ARTIFACT_DEV}/Update s3://${BUCKET_NAME}/${ARTIFACT_DEV} --recursive
|
|
- aws s3 cp ./${ARTIFACT_PROD}/Update s3://${BUCKET_NAME}/${ARTIFACT_PROD} --recursive
|
|
- echo "Upload job done"
|
|
- ARTIFACT_DEV_DMG=$(find . -name ${ARTIFACT_DEV}*.dmg -exec basename \{} .po \;)
|
|
- ARTIFACT_DEV_LINK=${CF_DEV_URL}'/'${ARTIFACT_DEV}'/'${ARTIFACT_DEV_DMG}
|
|
- ARTIFACT_PROD_DMG=$(find . -name ${ARTIFACT_PROD}*.dmg -exec basename \{} .po \;)
|
|
- ARTIFACT_PROD_LINK=${CF_DEV_URL}'/'${ARTIFACT_PROD}'/'${ARTIFACT_PROD_DMG}
|
|
- >-
|
|
RESULT=":white_check_mark:"
|
|
RELEASE_NOTES=$(git log -5 --pretty=format:"%h (%cn) %s")
|
|
SLACK_MESSAGE=":mac:"
|
|
SLACK_MESSAGE="${RESULT} ${SLACK_MESSAGE} *macOS* build *$CI_PIPELINE_IID* from branch *$CI_COMMIT_BRANCH* with <${ARTIFACT_DEV_LINK}|${API_DEV}> and <${ARTIFACT_PROD_LINK}|${API_PROD}> \`\`\`${RELEASE_NOTES}\`\`\` "
|
|
- >-
|
|
curl \
|
|
-X POST \
|
|
-H "Content-Type: application/json" \
|
|
-d "{\"username\": \"${SLACK_BOT_NAME}\", \"icon_url\": \":privado:\", \"text\": \"${SLACK_MESSAGE}\"}" \
|
|
${SLACK_WEBHOOK}
|
|
environment:
|
|
name: ${CI_COMMIT_REF_SLUG}
|
|
url: https://privado.dev/apps/osx/Develop/ # This is the url of the bucket we saved before
|
|
on_stop: clean_s3
|
|
|
|
# ------ Production deploy ------
|
|
# TEST
|
|
deploys3Production:
|
|
variables:
|
|
API_TYPE: "*PROD-API*"
|
|
ARTIFACT_TYPE: "Production"
|
|
dependencies:
|
|
- BuildProductionDmg
|
|
when: manual
|
|
only:
|
|
- master
|
|
stage: deploy
|
|
allow_failure: false
|
|
before_script:
|
|
- export PATH=~/Library/Python/2.7/bin:$PATH
|
|
script:
|
|
- pwd -P
|
|
- aws s3 cp ./Update s3://${BUCKET_NAME}/${ARTIFACT_TYPE} --recursive
|
|
- echo "Upload job done"
|
|
- >-
|
|
curl -X POST -H "Content-Type: application/json"
|
|
-d '{"username": "'${SLACK_BOT_NAME}'", "text": "New macOS using '${API_TYPE}' build '${CF_DEV_URL}'/'${ARTIFACT_TYPE}'/PrivadoVPN.dmg", "icon_url": ":privado:"}'
|
|
${SLACK_WEBHOOK}
|
|
environment:
|
|
name: ${CI_COMMIT_REF_SLUG}
|
|
url: https://privado.dev/apps/osx/Production/ # This is the url of the bucket we saved before
|
|
# on_stop: clean_s3
|
|
|
|
.invalidate-cf: &invalidate-cf
|
|
- export DISTRIBUTION_RE='https?://([^/]*)(.*)|(/.*)'
|
|
- '[[ ${CI_ENVIRONMENT_URL} =~ ${DISTRIBUTION_RE} ]]'
|
|
- export DISTRIBUTION_ALIAS=${BASH_REMATCH[1]}
|
|
- export DISTRIBUTION_PATH=${BASH_REMATCH[2]}*
|
|
- export DISTRIBUTION_ID=$(aws cloudfront list-distributions --query "DistributionList.Items[?Aliases.Items!=null]|[?Aliases.contains(Items,'${DISTRIBUTION_ALIAS}')].Id" --output text)
|
|
- aws cloudfront create-invalidation --distribution-id ${DISTRIBUTION_ID} --paths ${DISTRIBUTION_PATH}
|
|
|
|
# Production (Frankfurt) eu-central-1
|
|
deploy_to_Frankfurt:
|
|
stage: deploy
|
|
when: manual
|
|
dependencies:
|
|
- BuildProductionDmg
|
|
before_script: &before_prod
|
|
- export PATH=~/Library/Python/2.7/bin:$PATH
|
|
- export BUCKET_NAME="privadovpn-web-prod"
|
|
- export AWS_ACCESS_KEY_ID="$MASTER_AWS_ACCESS_KEY_ID"
|
|
- export AWS_SECRET_ACCESS_KEY="$MASTER_AWS_SECRET_ACCESS_KEY"
|
|
- eval $(aws sts assume-role --role-arn $PROD_GITLAB_ROLE_ARN --role-session-name "macos-gitlabrunner" | jq -r '.Credentials | "export AWS_ACCESS_KEY_ID=\(.AccessKeyId)\nexport AWS_SECRET_ACCESS_KEY=\(.SecretAccessKey)\nexport AWS_SESSION_TOKEN=\(.SessionToken)\n"')
|
|
script:
|
|
- pwd -P
|
|
- aws s3 cp ./Update s3://${BUCKET_NAME}/apps/osx/ --recursive
|
|
- aws s3 cp ./Update/PrivadoVPN.dmg s3://${BUCKET_NAME}/apps/osx/PrivadoVPN.${CI_COMMIT_TAG}.dmg
|
|
- aws s3 cp ./Update/PrivadoVPN.html s3://${BUCKET_NAME}/apps/osx/rubyua/
|
|
- aws s3 cp ./Update/appcast.xml s3://${BUCKET_NAME}/apps/osx/rubyua/
|
|
- echo "Upload job done"
|
|
- *invalidate-cf
|
|
- >-
|
|
curl -X POST -H "Content-Type: application/json"
|
|
-d '{"username": "privado-production", "text": "New macOS *PRODUCTION* build https://privadovpn.com/apps/osx/PrivadoVPN.dmg", "icon_url": ":privado:"}'
|
|
${SLACK_WEBHOOK_RELEASE}
|
|
only:
|
|
- tags
|
|
environment: &env_prod
|
|
name: production
|
|
url: https://privadovpn.com/apps/osx/
|
|
|
|
deploy_to_Frankfurt_RuByUa:
|
|
stage: deploy
|
|
when: manual
|
|
dependencies:
|
|
- BuildProductionDmg
|
|
before_script: *before_prod
|
|
script:
|
|
- pwd -P
|
|
- aws s3 cp ./Update/PrivadoVPN.dmg s3://${BUCKET_NAME}/apps/osx/
|
|
- aws s3 cp ./Update/PrivadoVPN.html s3://${BUCKET_NAME}/apps/osx/rubyua/
|
|
- aws s3 cp ./Update/appcast.xml s3://${BUCKET_NAME}/apps/osx/rubyua/
|
|
- echo "Upload job done"
|
|
- *invalidate-cf
|
|
- >-
|
|
curl -X POST -H "Content-Type: application/json"
|
|
-d '{"username": "'${SLACK_BOT_NAME}'", "text": "New macOS *PRODUCTION* build (RU/BY/UA appcast) https://privadovpn.com/apps/osx/PrivadoVPN.dmg", "icon_url": ":privado:"}'
|
|
${SLACK_WEBHOOK}
|
|
only:
|
|
- tags
|
|
environment: *env_prod
|
|
|
|
deploy_to_Frankfurt_Binary_Only:
|
|
stage: deploy
|
|
when: manual
|
|
dependencies:
|
|
- BuildProductionDmg
|
|
before_script: *before_prod
|
|
script:
|
|
- pwd -P
|
|
- aws s3 cp ./Update/PrivadoVPN.dmg s3://${BUCKET_NAME}/apps/osx/
|
|
- echo "Upload job done"
|
|
- *invalidate-cf
|
|
only:
|
|
- tags
|
|
environment: *env_prod
|
|
|
|
clean_s3:
|
|
stage: deploy
|
|
when: manual
|
|
only:
|
|
- master
|
|
- develop
|
|
- tags
|
|
before_script:
|
|
- export PATH=~/Library/Python/2.7/bin:$PATH
|
|
script:
|
|
#- aws s3 rm s3://${BUCKET_NAME}/${CI_COMMIT_REF_SLUG} --recursive
|
|
- echo "Cleaned up! Or not."
|
|
environment:
|
|
name: ${CI_COMMIT_REF_SLUG}
|
|
action: stop
|