From 40b9fd1c8a4ad405f5b0e7ffd4578df970944d9c Mon Sep 17 00:00:00 2001 From: daniele Date: Fri, 3 May 2024 14:02:10 +0200 Subject: [PATCH] Update pipeline remove deprecated compose version --- .../.gitlab-ci.yml | 35 ++++++++++++------- .../docker-compose.yaml | 2 -- .../scripts/ci_pact.sh | 2 +- .../scripts/ci_sentry.sh | 2 +- .../scripts/deploy/vault.sh | 2 +- 5 files changed, 26 insertions(+), 17 deletions(-) diff --git a/{{cookiecutter.project_dirname}}/.gitlab-ci.yml b/{{cookiecutter.project_dirname}}/.gitlab-ci.yml index 05ba0e9..552a850 100644 --- a/{{cookiecutter.project_dirname}}/.gitlab-ci.yml +++ b/{{cookiecutter.project_dirname}}/.gitlab-ci.yml @@ -62,14 +62,16 @@ variables: stage: .pre image: docker:20 services: - - docker:20-dind + - docker:20-dind{% if cookiecutter.use_vault == "true" %} + id_tokens: + VAULT_ID_TOKEN: + aud: ${VAULT_ADDR}{% endif %} script: - > docker run --rm -v ${PWD}:${PWD} -w ${PWD} -e CI_ENVIRONMENT_NAME{% if cookiecutter.use_vault == "true" %} - -e CI_JOB_JWT_V2 -e ENV_NAME=${CI_ENVIRONMENT_NAME}{% endif %} -e PROJECT_DIR=${CI_PROJECT_DIR} -e PROJECT_SLUG @@ -82,6 +84,7 @@ variables: -e SENTRY_URL{% if cookiecutter.use_vault == "true" %} -e SERVICE_SLUG={{ cookiecutter.service_slug }} -e VAULT_ADDR + -e VAULT_ID_TOKEN -e VAULT_ROLE{% endif %} -e VERSION_REF --entrypoint="" @@ -152,7 +155,10 @@ pact-verify-test: stage: Pact-verify image: docker:20 services: - - docker:20-dind + - docker:20-dind{% if cookiecutter.use_vault == "true" %} + id_tokens: + VAULT_ID_TOKEN: + aud: ${VAULT_ADDR}{% endif %} needs: [] variables: {{ cookiecutter.service_slug|upper }}_BUILD_TARGET: "test" @@ -165,7 +171,7 @@ pact-verify-test: allow_failure: true before_script: &pact-verify-before-script{% if cookiecutter.use_vault == "true" %} - > - vault_token=$(wget --quiet --post-data="role=pact&jwt=${CI_JOB_JWT_V2}" + vault_token=$(wget --quiet --post-data="role=pact&jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login -O - | sed -n 's/^.*"client_token":"\([^"]*\)".*$/\1/p') - > @@ -232,19 +238,22 @@ pages: image: name: docker:20 services: - - docker:20-dind + - docker:20-dind{% if cookiecutter.use_vault == "true" %} + id_tokens: + VAULT_ID_TOKEN: + aud: ${VAULT_ADDR}{% endif %} script: - > docker run --rm -v ${PWD}:${PWD} -w ${PWD}{% if cookiecutter.use_vault == "true" %} - -e CI_JOB_JWT_V2 -e ENV_SLUG{% else %} -e PACT_BROKER_BASE_URL -e PACT_BROKER_PASSWORD -e PACT_BROKER_USERNAME{% endif %} -e PROJECT_SLUG{% if cookiecutter.use_vault == "true" %} - -e VAULT_ADDR{% endif %} + -e VAULT_ADDR + -e VAULT_ID_TOKEN{% endif %} --entrypoint="" pactfoundation/pact-cli:latest-node14 ./scripts/ci_pact.sh ${PACT_CMD} @@ -332,7 +341,10 @@ build_production: image: name: docker:20 services: - - docker:20-dind + - docker:20-dind{% if cookiecutter.use_vault == "true" %} + id_tokens: + VAULT_ID_TOKEN: + aud: ${VAULT_ADDR}{% endif %} variables: TF_ROOT: ${CI_PROJECT_DIR}/terraform/{{ cookiecutter.deployment_type }} before_script: @@ -345,16 +357,14 @@ build_production: -w ${PWD}{% if cookiecutter.terraform_backend == "gitlab" %} -e CI_API_V4_URL -e CI_COMMIT_SHA - -e CI_JOB_ID{% if cookiecutter.use_vault == "true" %} - -e CI_JOB_JWT_V2{% endif %} + -e CI_JOB_ID -e CI_JOB_STAGE -e CI_JOB_TOKEN -e CI_PROJECT_ID -e CI_PROJECT_NAME -e CI_PROJECT_NAMESPACE -e CI_PROJECT_PATH - -e CI_PROJECT_URL{% elif cookiecutter.use_vault == "true" %} - -e CI_JOB_JWT_V2{% endif %} + -e CI_PROJECT_URL{% endif %} -e ENV_SLUG -e PROJECT_DIR=${CI_PROJECT_DIR} -e PROJECT_SLUG @@ -380,6 +390,7 @@ build_production: -e TF_WORKSPACE="{{ cookiecutter.project_slug }}_backend_environment_${ENV_SLUG}"{% endif %}{% if cookiecutter.terraform_backend == "terraform-cloud" and cookiecutter.use_vault == "false" %} -e TFC_TOKEN{% endif %}{% if cookiecutter.use_vault == "true" %} -e VAULT_ADDR + -e VAULT_ID_TOKEN -e VAULT_ROLE -e VAULT_SECRETS="digitalocean email k8s s3 {{ cookiecutter.service_slug }}/extra {{ cookiecutter.service_slug }}/sentry" -e VAULT_SECRETS_PREFIX="envs/${CI_ENVIRONMENT_NAME}" diff --git a/{{cookiecutter.project_dirname}}/docker-compose.yaml b/{{cookiecutter.project_dirname}}/docker-compose.yaml index 75b3adb..ba03700 100644 --- a/{{cookiecutter.project_dirname}}/docker-compose.yaml +++ b/{{cookiecutter.project_dirname}}/docker-compose.yaml @@ -1,5 +1,3 @@ -version: "3.9" - services: {{ cookiecutter.service_slug }}: build: diff --git a/{{cookiecutter.project_dirname}}/scripts/ci_pact.sh b/{{cookiecutter.project_dirname}}/scripts/ci_pact.sh index 8281c28..958c5e0 100755 --- a/{{cookiecutter.project_dirname}}/scripts/ci_pact.sh +++ b/{{cookiecutter.project_dirname}}/scripts/ci_pact.sh @@ -5,7 +5,7 @@ set -e if [ "${VAULT_ADDR}" != "" ]; then apk update && apk add curl jq - vault_token=$(curl --silent --request POST --data "role=pact" --data "jwt=${CI_JOB_JWT_V2}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token) + vault_token=$(curl --silent --request POST --data "role=pact" --data "jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token) pact_secrets=$(curl --silent --header "X-Vault-Token: ${vault_token}" "${VAULT_ADDR%/}"/v1/"${PROJECT_SLUG}"/pact | jq -r .data) diff --git a/{{cookiecutter.project_dirname}}/scripts/ci_sentry.sh b/{{cookiecutter.project_dirname}}/scripts/ci_sentry.sh index 3123c7e..217b5ac 100755 --- a/{{cookiecutter.project_dirname}}/scripts/ci_sentry.sh +++ b/{{cookiecutter.project_dirname}}/scripts/ci_sentry.sh @@ -9,7 +9,7 @@ git config --global --add safe.directory "${PROJECT_DIR}" if [ "${VAULT_ADDR}" != "" ]; then apk add curl jq - vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${CI_JOB_JWT_V2}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token) + vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token) SENTRY_AUTH_TOKEN=$(curl --silent --header "X-Vault-Token: ${vault_token}" "${VAULT_ADDR%/}"/v1/"${PROJECT_SLUG}"/envs/"${ENV_NAME}"/sentry | jq -r .data.sentry_auth_token) SENTRY_DSN=$(curl --silent --header "X-Vault-Token: ${vault_token}" "${VAULT_ADDR%/}"/v1/"${PROJECT_SLUG}"/envs/"${ENV_NAME}"/"${SERVICE_SLUG}"/sentry | jq -r .data.sentry_dsn) diff --git a/{{cookiecutter.project_dirname}}/scripts/deploy/vault.sh b/{{cookiecutter.project_dirname}}/scripts/deploy/vault.sh index 0f088b9..402802d 100755 --- a/{{cookiecutter.project_dirname}}/scripts/deploy/vault.sh +++ b/{{cookiecutter.project_dirname}}/scripts/deploy/vault.sh @@ -2,7 +2,7 @@ set -e -vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${CI_JOB_JWT_V2}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token) +vault_token=$(curl --silent --request POST --data "role=${VAULT_ROLE}" --data "jwt=${VAULT_ID_TOKEN}" "${VAULT_ADDR%/}"/v1/auth/gitlab-jwt/login | jq -r .auth.client_token) secrets_data="{}"