-
Notifications
You must be signed in to change notification settings - Fork 39
/
.gitlab-ci.yml
415 lines (394 loc) · 14.7 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
---
default:
# we use this tag to select the runner to be used for a given job
tags:
- crab3
variables:
IMAGE_TAG: "${CI_COMMIT_REF_SLUG}" # to distinct it from commit tag and final image tag
RELEASE_IMAGE_TAG: "${CI_COMMIT_TAG}-stable" # final tag name, e.g., v3.240904-stable
# The `DOCKER_TLS_CERTDIR` variables is needed to run Docker-in-Docker, `DOCKER_BUILDKIT` is to make sure the docker build use the new BuildKit.
# https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-the-docker-executor
# Creating a docker context is required to be able to cache to the registry using Buildkit.
# https://docs.docker.com/build/cache/backends/
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_BUILDKIT: 1
CHECK_TEST_RESULT: "false"
SUBMIT_STATUS_TRACKING: "true"
CLIENT_CONFIGURATION_VALIDATION: "true"
CLIENT_VALIDATION_SUITE: "true"
SKIP_BUILD: "false"
SKIP_DEPLOY: "false"
SKIP_SUBMIT: "false"
# This key define variables which are later used in `!reference` tag in `rules`.
# Ref https://docs.gitlab.com/ee/ci/jobs/index.html#hide-jobs
# and https://docs.gitlab.com/ee/ci/yaml/yaml_optimization.html#reference-tags
.default_rules:
default:
- if: $CI_COMMIT_TAG =~ /pypi-.*/ # match tag: pypi-(prod|preprod|test*)-1714418922
release:
- if: $CI_COMMIT_TAG =~ /v3\.[0-9]{6}.*/ # match tag: v3.240101
skip_build:
- if: '$SKIP_BUILD == "true"'
when: never # helper var
skip_deploy:
- if: '$SKIP_DEPLOY == "true"'
when: never
skip_submit:
- if: '$SKIP_SUBMIT == "true"'
when: never
stages:
- prepare_env
- prepare_release
- build_docker
- deploy
- submit_testsuite
- run_testsuite_CV
- run_testsuite_CCV
- check_testsuite
- tagging_release
get_env:
# NB rules are evaluated like python `any()`. If there is no rule the job runs all of the times.
rules:
# !reference in following lines tells GITLAB to replace with the value of the indicated variables.
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: prepare_env
image:
name: registry.cern.ch/cmscrab/buildtools
entrypoint: [""]
script:
- printenv # debug check ci env
- cicd/gitlab/parseEnv.sh $CI_COMMIT_TAG # create .env
artifacts:
paths:
- .env
expire_in: 1 week
set_version_name:
rules:
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: prepare_release
image:
name: registry.cern.ch/cmscrab/buildtools
entrypoint: [""]
script:
- |
echo -e "\n__version__ = \"${CI_COMMIT_TAG}\" #Automatically added during build process\n" >> src/python/TaskWorker/__init__.py;
- |
echo -e "\n__version__ = \"${CI_COMMIT_TAG}\" #Automatically added during build process\n" >> src/python/CRABInterface/__init__.py;
cache:
- key: $CI_PIPELINE_ID
paths:
- src/python/TaskWorker/__init__.py
- src/python/CRABInterface/__init__.py
policy: push
build_rest_image:
rules:
- if: $BUILD || $BUILD_DEPLOY || $ONLY_BUILD_RELEASE
- !reference [.default_rules, skip_build]
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: build_docker
image:
name: docker:27.1.1
services:
- name: docker:27.1.1-dind
before_script:
- docker info
script:
- docker login -u $CMSCRAB_REGISTRY_USER -p $CMSCRAB_REGISTRY_PASSWORD $CMSCRAB_REGISTRY_URL
- source .env
- docker context create mycontext
- docker buildx create mycontext --use --name mybuilder --bootstrap
- docker buildx build --push -f "${CI_PROJECT_DIR}/cicd/crabserver_pypi/Dockerfile" --cache-to=type=registry,ref="registry.cern.ch/cmscrab/crabserver:pypi-${REST_Instance}-cache",image-manifest=true,mode=max --cache-from=type=registry,ref="registry.cern.ch/cmscrab/crabserver:pypi-${REST_Instance}-cache" -t "registry.cern.ch/cmscrab/crabserver:${IMAGE_TAG}" .
cache:
- key: $CI_PIPELINE_ID
paths:
- src/python/CRABInterface/__init__.py
policy: pull
build_tw_image:
rules:
- if: $BUILD || $BUILD_DEPLOY || $ONLY_BUILD_RELEASE
- !reference [.default_rules, skip_build]
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: build_docker
image:
name: docker:27.1.1
services:
- name: docker:27.1.1-dind
script:
- docker login -u $CMSCRAB_REGISTRY_USER -p $CMSCRAB_REGISTRY_PASSWORD $CMSCRAB_REGISTRY_URL
- source .env
- docker context create mycontext
- docker buildx create mycontext --use --name mybuilder --bootstrap
- docker buildx build --push -f "${CI_PROJECT_DIR}/cicd/crabtaskworker_pypi/Dockerfile" --cache-to=type=registry,ref="registry.cern.ch/cmscrab/crabtaskworker:pypi-${REST_Instance}-cache",image-manifest=true,mode=max --cache-from=type=registry,ref="registry.cern.ch/cmscrab/crabtaskworker:pypi-${REST_Instance}-cache" -t "registry.cern.ch/cmscrab/crabtaskworker:${IMAGE_TAG}" .
cache:
- key: $CI_PIPELINE_ID
paths:
- src/python/TaskWorker/__init__.py
policy: pull
build_monit_image:
rules:
- if: $BUILD
- !reference [.default_rules, skip_build]
- !reference [.default_rules, release]
stage: build_docker
needs: ["build_tw_image", "get_env"]
image:
name: docker:27.1.1
services:
- name: docker:27.1.1-dind
script:
- docker login -u $CMSCRAB_REGISTRY_USER -p $CMSCRAB_REGISTRY_PASSWORD $CMSCRAB_REGISTRY_URL
- source .env
- docker context create mycontext
- docker buildx create mycontext --use --name mybuilder --bootstrap
- docker buildx build --push --build-arg="BASE_TAG=${IMAGE_TAG}" -f "${CI_PROJECT_DIR}/cicd/monit_pypi/Dockerfile" --cache-to=type=registry,ref="registry.cern.ch/cmscrab/crabtwmonit:pypi-${REST_Instance}-cache",image-manifest=true,mode=max --cache-from=type=registry,ref="registry.cern.ch/cmscrab/crabtwmonit:pypi-${REST_Instance}-cache" -t "registry.cern.ch/cmscrab/crabtwmonit:${IMAGE_TAG}" -t "registry.cern.ch/cmscrab/crabtwmonit:v3.latest" .
cache:
- key: $CI_PIPELINE_ID
paths:
- src/python/TaskWorker/__init__.py
policy: pull
build_crabtwfilebeat_image:
rules:
- if: $BUILD
- !reference [.default_rules, skip_build]
- !reference [.default_rules, release]
stage: build_docker
image:
name: docker:27.1.1
services:
- name: docker:27.1.1-dind
script:
- docker login -u $CMSCRAB_REGISTRY_USER -p $CMSCRAB_REGISTRY_PASSWORD $CMSCRAB_REGISTRY_URL
- source .env
- docker context create mycontext
- docker buildx create mycontext --use --name mybuilder --bootstrap
- docker buildx build --push --build-arg="BASE_TAG=${IMAGE_TAG}" -f "${CI_PROJECT_DIR}/cicd/filebeat/Dockerfile" --cache-to=type=registry,ref="registry.cern.ch/cmscrab/crabtwfilebeat:pypi-${REST_Instance}-cache",image-manifest=true,mode=max --cache-from=type=registry,ref="registry.cern.ch/cmscrab/crabtwfilebeat:pypi-${REST_Instance}-cache" -t "registry.cern.ch/cmscrab/crabtwfilebeat:${IMAGE_TAG}" -t "registry.cern.ch/cmscrab/crabtwmonit:v3.latest" .
cache:
- key: $CI_PIPELINE_ID
paths:
- src/python/TaskWorker/__init__.py
policy: pull
build_spark_image:
rules:
- if: $BUILD
- !reference [.default_rules, skip_build]
- !reference [.default_rules, release]
stage: build_docker
image:
name: docker:27.1.1
services:
- name: docker:27.1.1-dind
script:
- docker login -u $CMSCRAB_REGISTRY_USER -p $CMSCRAB_REGISTRY_PASSWORD $CMSCRAB_REGISTRY_URL
- source .env
- docker context create mycontext
- docker buildx create mycontext --use --name mybuilder --bootstrap
- docker buildx build --push --build-arg="BASE_TAG=${IMAGE_TAG}" -f "${CI_PROJECT_DIR}/cicd/monit_spark/Dockerfile" --cache-to=type=registry,ref="registry.cern.ch/cmscrab/crabspark:pypi-${REST_Instance}-cache",image-manifest=true,mode=max --cache-from=type=registry,ref="registry.cern.ch/cmscrab/crabspark:pypi-${REST_Instance}-cache" -t "registry.cern.ch/cmscrab/crabspark:${IMAGE_TAG}" -t "registry.cern.ch/cmscrab/crabspark:v3.latest" .
deploy_server:
rules:
- if: $BUILD_DEPLOY
- !reference [.default_rules, skip_deploy]
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: deploy
image:
name: registry.cern.ch/cmscrab/buildtools
entrypoint: [""]
script:
# load KUBECONTEXT
- source .env
- echo $KUBECONFIG_FILE
- yq -i -y ".\"current-context\" = \"$KUBECONTEXT\"" $KUBECONFIG_FILE
- export KUBECONFIG=$KUBECONFIG_FILE
- kubectl set image deployment/crabserver "crabserver=registry.cern.ch/cmscrab/crabserver:${IMAGE_TAG}"
- kubectl rollout status deployment crabserver --watch --timeout=5m
.deploy_tw_template:
rules:
- if: $BUILD_DEPLOY
- !reference [.default_rules, skip_deploy]
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: deploy
image:
name: registry.cern.ch/cmscrab/buildtools
entrypoint: [""]
script:
- source .env
- export Environment # from .env
- export Service="${SERVICE}"
- export Image="${IMAGE_TAG}"
- export SSH_KEY=$(cicd/gitlab/credFile.sh $CRAB_TW_SSH_KEY ssh)
- bash -x cicd/gitlab/deployTW.sh
deploy_taskworker:
extends: .deploy_tw_template
variables:
SERVICE: TaskWorker
deploy_publisher_schedd:
extends: .deploy_tw_template
variables:
SERVICE: Publisher_schedd
deploy_publisher_rucio:
extends: .deploy_tw_template
variables:
SERVICE: Publisher_rucio
task_submission:
rules:
- if: '$SUBMIT_STATUS_TRACKING == "true" || $CLIENT_VALIDATION_SUITE == "true" || $CLIENT_CONFIGURATION_VALIDATION == "true"'
- !reference [.default_rules, skip_submit]
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: submit_testsuite
tags:
- crab3-shell
script:
- source .env
- export X509_USER_PROXY=$(cicd/gitlab/credFile.sh $X509_USER_PROXY x509)
- export CRABClient_version # from .env
- export REST_Instance # from .env
- export ROOT_DIR
- export CMSSW_release=CMSSW_13_0_2
- export Task_Submission_Status_Tracking=$SUBMIT_STATUS_TRACKING
- export Client_Configuration_Validation=$CLIENT_CONFIGURATION_VALIDATION
- export Client_Validation_Suite=$CLIENT_VALIDATION_SUITE
- bash -x cicd/gitlab/executeTests.sh
cache:
- key: $CI_PIPELINE_ID
paths:
- workdir/submitted_tasks_CV
- workdir/submitted_tasks_CCV
- workdir/submitted_tasks_TS
policy: push
- key: submitted_tasks_TS_latest
paths:
- workdir/submitted_tasks_TS
policy: push
- key: submitted_tasks_CV_latest
paths:
- workdir/submitted_tasks_CV
policy: push
- key: submitted_tasks_CCV_latest
paths:
- workdir/submitted_tasks_CCV
policy: push
client_validation_suite:
rules:
- if: '$CLIENT_VALIDATION_SUITE == "false"'
when: never
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: run_testsuite_CV
tags:
- crab3-shell
script:
- echo "Waiting for 20 minutes after task submission..."
- sleep 1200
- source .env
- export X509_USER_PROXY=$(cicd/gitlab/credFile.sh $X509_USER_PROXY x509)
- export CRABClient_version # from .env
- export REST_Instance # from .env
- export ROOT_DIR
- export CMSSW_release=CMSSW_13_0_2
- export Client_Validation_Suite=true
- ls workdir/submitted_tasks_CV
- bash -x cicd/gitlab/CV_config.sh
cache:
- key: $CI_PIPELINE_ID
paths:
- workdir/submitted_tasks_CV
policy: pull
- key: submitted_tasks_CV_latest
paths:
- workdir/submitted_tasks_CV
policy: pull
client_configuration_validation:
rules:
- if: '$CLIENT_CONFIGURATION_VALIDATION == "false"'
when: never
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: run_testsuite_CCV
tags:
- crab3-shell
script:
# - echo "Waiting for 20 minutes after task submission..."
# - sleep 1200
- source .env
- export X509_USER_PROXY=$(cicd/gitlab/credFile.sh $X509_USER_PROXY x509)
- export CRABClient_version # from .env
- export REST_Instance # from .env
- export ROOT_DIR
- export CMSSW_release=CMSSW_13_0_2
- export Client_Configuration_Validation=true
- ls workdir/submitted_tasks_CCV
- cicd/gitlab/retry.sh bash -x cicd/gitlab/CCV_config.sh
cache:
- key: $CI_PIPELINE_ID
paths:
- workdir/submitted_tasks_CCV
policy: pull
- key: submitted_tasks_CCV_latest
paths:
- workdir/submitted_tasks_CCV
policy: pull
check_test_result:
rules:
- if: '$CHECK_TEST_RESULT == "false"'
when: never
- !reference [.default_rules, default]
- !reference [.default_rules, release]
stage: check_testsuite
tags:
- crab3-shell
script:
- source .env
- export X509_USER_PROXY=$(cicd/gitlab/credFile.sh $X509_USER_PROXY x509)
- export REST_Instance # from .env
- export CRABClient_version # from .env
- export ROOT_DIR
- export CMSSW_release=CMSSW_13_0_2
- export SCRAM_ARCH=el8_amd64_gcc11
- export Check_Publication_Status=Yes
- echo ${MANUAL_CI_PIPELINE_ID}
# manual task name
- |
if [[ -n "${MANUAL_TASKNAME:-}" ]]; then
echo "${MANUAL_TASKNAME}" > workdir/submitted_tasks_TS
echo "${MANUAL_TASKNAME}" > workdir/submitted_tasks_CV
echo "${MANUAL_TASKNAME}" > workdir/submitted_tasks_CCV
fi
- cicd/gitlab/retry.sh bash -x cicd/gitlab/executeStatusTracking.sh
cache:
- key: $MANUAL_CI_PIPELINE_ID
fallback_keys:
- $CI_PIPELINE_ID
- submitted_tasks_TS_latest
- submitted_tasks_CCV_latest
- submitted_tasks_CV_latest
paths:
- workdir
policy: pull
# if test is pass, retag with `*-stable`
release_stable:
rules:
- !reference [.default_rules, release]
stage: tagging_release
image:
name: registry.cern.ch/cmscrab/buildtools
entrypoint: [""]
variables:
GIT_STRATEGY: none
script:
- crane auth login -u ${CMSCRAB_REGISTRY_USER} -p ${CMSCRAB_REGISTRY_PASSWORD} ${CMSCRAB_REGISTRY_URL}
# rest
- crane cp registry.cern.ch/cmscrab/crabserver:${IMAGE_TAG} registry.cern.ch/cmscrab/crabserver:${RELEASE_IMAGE_TAG}
# tw
- crane cp registry.cern.ch/cmscrab/crabtaskworker:${IMAGE_TAG} registry.cern.ch/cmscrab/crabtaskworker:${RELEASE_IMAGE_TAG}
# monit
- crane cp registry.cern.ch/cmscrab/crabtwmonit:${IMAGE_TAG} registry.cern.ch/cmscrab/crabtwmonit:${RELEASE_IMAGE_TAG}
# filebeat
- crane cp registry.cern.ch/cmscrab/crabtwfilebeat:${IMAGE_TAG} registry.cern.ch/cmscrab/crabtwfilebeat:${RELEASE_IMAGE_TAG}
# spark
- crane cp registry.cern.ch/cmscrab/crabspark:${IMAGE_TAG} registry.cern.ch/cmscrab/crabspark:${RELEASE_IMAGE_TAG}