CI/CD examples
Version control
Build and push container
image: docker:19.03.12
services:
- docker:19.03.12-dind
stages:
- build
## Template for building and publishing the docker container
.build:
stage: build
image: docker:latest
variables:
HARBOR_IMAGE: "registry.services.k8s.true.nl/onboarding/app01-demo"
before_script: &before_script_build
- docker login -u "$HARBOR_USERNAME" -p "$HARBOR_PASSWORD" "registry.services.k8s.true.nl"
- echo "${IMAGE_TAG}"
script:
- docker build --pull -t "${HARBOR_IMAGE}" .
- docker tag "${HARBOR_IMAGE}" "${HARBOR_IMAGE}:${IMAGE_TAG}"
- docker push "${HARBOR_IMAGE}:${IMAGE_TAG}"
- docker push "${HARBOR_IMAGE}"
build:production:
extends: .build
variables:
IMAGE_TAG: "$CI_COMMIT_TAG"
only:
- tags
Example provided "as-is" by prepr.io 
name: "Build & Deploy Production"
on:
release:
types: [released]
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Check Out Repo
uses: actions/checkout@v2
- name: Add HTTP basic auth credentials for GIT
run: echo '${{ secrets.PAT_GITHUB }}' > $GITHUB_WORKSPACE/auth.json
- name: SignIn Docker
run: echo "${{ secrets.HARBOR_PASSWORD }}" | docker login ${{ secrets.HARBOR_HOSTNAME }} -u "${{ secrets.HARBOR_USERNAME }}" --password-stdin
# Set {{folder}}, {{project}} to push to the r
- name: Docker Meta Sign Release
id: meta
uses: docker/metadata-action@v3
with:
# Basename of the Docker Image
images: |
registry.services.k8s.true.nl/{{folder}}/{{project}}
# Generate Docker tags based on the following events/attributes (default)
tags: |
type=schedule
type=ref,event=branch
type=ref,event=pr
type=semver,pattern={{version}}
type=semver,pattern={{major}}.{{minor}}
type=semver,pattern={{major}}
type=sha
- name: Set up Docker Buildx
id: buildx
uses: docker/setup-buildx-action@v1
- name: Build and push
id: docker_build
uses: docker/build-push-action@v2
with:
context: ./
file: ./Dockerfile
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
- name: Remove auth.json file
run: rm -f $GITHUB_WORKSPACE/auth.json
deploy:
needs: build
runs-on: ubuntu-latest
container: registry.services.k8s.true.nl/library/helm-push:2.0.0
steps:
- name: Extract Release from Ref
id: releaseversion
run: echo ::set-output name=VERSION::$(echo ${{ github.ref }} | cut -d / -f 3)
# SET {{appName}} tot the Argo Project name
- name: Argo Tag Update
run: |
export ARGOCD_SERVER=${{ secrets.ARGOCD_HOSTNAME }}
export ARGOCD_AUTH_TOKEN="${{ secrets.ARGOCD_TOKEN }}"
argocd app set "{{appName}}" -p image.tag=${{ steps.releaseversion.outputs.VERSION }}
kind: pipeline
name: default
type: kubernetes
steps:
- name: build
image: registry.services.k8s.true.nl/library/drone-kaniko:1.0.2
settings:
repo: application-name-here
registry: registry.services.k8s.true.nl/01408-fakename
tags:
- 'master'
username:
from_secret: username
password:
from_secret: password
Build and push Helm charts
stages:
- helm-lint
- polaris-audit
- push-helm-chart
helm list:
stage: helm-lint
variables: {}
image: registry.services.k8s.true.nl/library/helm-push:2.0.0
script: |
cd charts
for i in `ls -d */ | cut -f1 -d'/'`
do
helm lint $i
done
polaris audit:
stage: polaris-audit
variables: {}
image: registry.services.k8s.true.nl/library/helm-push:testing
script: |
cd charts
for i in `ls -d */ | cut -f1 -d'/'`
do
polaris audit --helm-chart $i --config config.yaml
done
push chart:
stage: push-helm-chart
variables: {}
image: registry.services.k8s.true.nl/library/helm-push:2.0.0
script: |
helm repo add k8s-true https://registry.services.k8s.true.nl/chartrepo/01408-fakename/ --username=$HARBOR_USERNAME --password=$HARBOR_PASSWORD
helm repo update
cd charts
for i in `ls -d */ | cut -f1 -d'/'`
do
helm push $i k8s-true
done
only:
- tags
Example provided "as-is" by prepr.io
name: "Push to Harbor registry"
# {{chartName}} should be replaced with the folder of the chart.
on:
push:
branches: [ main ]
paths:
- 'charts/{{chartName}}/Chart.yaml'
jobs:
push:
runs-on: ubuntu-latest
container: registry.services.k8s.true.nl/library/helm-push:2.0.0
steps:
- name: Check Out Repo
uses: actions/checkout@v2
- name: Install Helm Push
run: |
mkdir -vp /root/.helm/plugins
helm plugin install https://github.com/chartmuseum/helm-push
- name: Add Repo & Update local repository
run: |
helm repo add k8s-true ${{ secrets.HARBOR_CHART_REPO }} --username=${{ secrets.HARBOR_USERNAME }} --password=${{ secrets.HARBOR_PASSWORD }}
helm repo update
- name: Helm Push
run: |
cd charts
for i in `ls -d */ | cut -f1 -d'/'`
do
helm cm-push $i k8s-true
done
Changing argocd from ci (cli)
.argo-deploy:
stage: argo-deploy
image:
name: registry.services.k8s.true.nl/library/helm-push:2.0.0
entrypoint: [/bin/bash, -c]
script:
- export ARGOCD_SERVER=argocd-01408.saas.true.nl
- export ARGOCD_AUTH_TOKEN="$ARGO_CI_TOKEN"
- argocd app set ${BRANCH_NAME}-demo-app01 -p image.tag=${IMAGE_TAG}
argo-deploy:production:
extends: .argo-deploy
variables:
IMAGE_TAG: "$CI_COMMIT_TAG"
BRANCH_NAME: "prd"
only:
- tags
Example provided "as-is" by prepr.io
name: "Update ArgoCD tag"
on:
push:
branches: [ main ]
jobs:
deploy:
needs: build
runs-on: ubuntu-latest
container: registry.services.k8s.true.nl/library/helm-push:2.0.0
steps:
- name: Argo Tag Update
run: |
export ARGOCD_SERVER=${{ secrets.ARGOCD_HOSTNAME }}
export ARGOCD_AUTH_TOKEN="${{ secrets.ARGOCD_TOKEN }}"
argocd app set "acc-marketing-prepr-io" -p image.tag=${{ github.sha }}
Warning
Changing the argocd spec in-cluster will take precidance over the git config. This means the values changed will be out of sync from git. While not great, we find this an acceptable trade-off for usablity. In the argoCD web interface under parameters you can view override values as they are prefixed with a 'hammer' example:
Deleting the application completely from argocd and re-syncing it after will reset the application to default settings.