-
Notifications
You must be signed in to change notification settings - Fork 6
/
.gitlab-ci.yml
131 lines (120 loc) · 4.42 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
variables:
SLS_VERSION: "1.14.0" # make sure this matches your pinned version (if you have one)!
SLS_YAML_DIR: "." # This is relative to repo root. If serverless.yml is in the repo root, this should be "."
AWS_CLI_DEFAULT_REGION: us-east-1
PROD_SLS_STAGE_NAME: prod
PROD1_REGION: us-east-1
# PROD2_REGION: us-west-2 # use this for setting up multiregion deploys along with additional deploy:production_X jobs below
PROD_ACCOUNT: "AWS Account Number Here!!!" # todo!!!
STAGING_SLS_STAGE_NAME: stage
STAGING_REGION: us-east-1
STAGING_ACCOUNT: "AWS Account Number Here!!!" # todo!!!
DEV_SLS_STAGE_NAME_BASE: dev
DEV_REGION: us-east-1
DEV_ACCOUNT: "AWS Account Number Here!!!" # todo!!!
image: trek10/ci:3.4 # todo: swap in your CI docker image as needed
cache:
key: ${CI_COMMIT_REF_NAME}
untracked: true
paths:
- ${SLS_YAML_DIR}/node_modules
run_tests:
stage: test
script: |
if test -f package.json; then
npm install --loglevel error;
npm run test;
else
echo "no package.json found to run tests from";
fi
.deployment_script: &deployment_script
stage: deploy
script: | # ${variable//-/} is a bash replacement that strips the hyphens from the contents of the variable. Needed for API Gateway.
echo "===== Stage => ${SLS_STAGE_NAME//-/}, Account => ${ACCOUNT}, Region => ${REGION} ====="
echo "===== checking for tag and presence in master branch => ${CI_COMMIT_TAG:-"(not a tag)"} ====="
([ -z ${CI_COMMIT_TAG} ] || (git branch -r --contains `git rev-list -n 1 ${CI_COMMIT_TAG}` | grep master))
echo "===== installing serverless ====="
npm install -g serverless@${SLS_VERSION:-"latest"} --loglevel error
echo "===== assuming permissions => ${DEPLOYMENT_ROLE} ====="
KST=(`aws sts assume-role --role-arn ${DEPLOYMENT_ROLE} --role-session-name "deployment-${CI_PROJECT_NAME}" --query '[Credentials.AccessKeyId,Credentials.SecretAccessKey,Credentials.SessionToken]' --output text`)
unset AWS_SECURITY_TOKEN
export AWS_DEFAULT_REGION=${AWS_CLI_DEFAULT_REGION}
export AWS_ACCESS_KEY_ID=${KST[0]}
export AWS_SECRET_ACCESS_KEY=${KST[1]}
export AWS_SESSION_TOKEN=${KST[2]}
export AWS_SECURITY_TOKEN=${KST[2]}
echo "===== deploying to ${CI_ENVIRONMENT_NAME} environment ====="
cd ${SLS_YAML_DIR}
if test -f package.json; then
npm install --loglevel error;
fi
sls deploy -v -s ${SLS_STAGE_NAME//-/} --region ${REGION:-"us-east-1"}
.production_variables: &production_variables
ACCOUNT: ${PROD_ACCOUNT}
DEPLOYMENT_ROLE: "arn:aws:iam::${PROD_ACCOUNT}:role/gitlab-ci-deployment"
SLS_STAGE_NAME: ${PROD_SLS_STAGE_NAME}
PRODUCTION: "true"
deploy:production_1: &deploy_production
<<: *deployment_script
variables:
<<: *production_variables
REGION: ${PROD1_REGION}
artifacts:
paths:
- ${SLS_YAML_DIR}/.serverless
expire_in: 4 weeks
environment:
name: ${PROD_SLS_STAGE_NAME}
#url: https://${CI_COMMIT_REF_SLUG}.something.com
only:
- tags
# multiregion deploy is done by reusing the production1 template with different regions
#deploy:production_2:
# <<: *deploy_production
# variables:
# <<: *production_variables
# REGION: ${PROD2_REGION}
deploy:staging:
<<: *deployment_script
variables:
ACCOUNT: ${STAGING_ACCOUNT}
REGION: ${STAGING_REGION}
DEPLOYMENT_ROLE: "arn:aws:iam::${STAGING_ACCOUNT}:role/gitlab-ci-deployment"
SLS_STAGE_NAME: ${STAGING_SLS_STAGE_NAME}
environment:
name: ${STAGING_SLS_STAGE_NAME}
#url: https://${CI_COMMIT_REF_SLUG}.something.com
only:
- master
.dev_variables: &dev_variables
ACCOUNT: ${DEV_ACCOUNT}
REGION: ${DEV_REGION}
DEPLOYMENT_ROLE: "arn:aws:iam::${DEV_ACCOUNT}:role/gitlab-ci-deployment"
SLS_STAGE_NAME: ${DEV_SLS_STAGE_NAME_BASE}${CI_COMMIT_REF_SLUG} # stage name must be unique for each branch to prevent stacks from stomping on each other
.deploy:dev_branches:
<<: *deployment_script
variables:
<<: *dev_variables
environment:
name: ${DEV_SLS_STAGE_NAME_BASE}/${CI_COMMIT_REF_SLUG}
#url: https://${CI_COMMIT_REF_SLUG}.something.com
on_stop: stop_deploy:dev_branches
only:
- branches
except:
- master
stop_deploy:dev_branches:
stage: deploy
script: |
sls remove -v -s ${SLS_STAGE_NAME//-/}
variables:
<<: *dev_variables
GIT_STRATEGY: none
when: manual
environment:
name: ${DEV_SLS_STAGE_NAME_BASE}/${CI_COMMIT_REF_SLUG}
action: stop
only:
- branches
except:
- master