.gitlab-ci.yml

stages:
  - triggers
  - postbuild
  - schedule
  - report

# Gitlab CI Process:
#   - Beest spins up a cluster
#   - Only one instance per branch is allowed. What that means is if you push up another commit, the prepare stage will destroy the ec2 machine from your previous builds. If you get a message that says x-x-x-branch-name-lock, that means you have a prev branch still running and need to kill that branch to release the lock to allow your new branch to continue. This prevents a lot of useless EC2 instances from running and building up costs (We did include interrupt but GitLab seems to be broken on interrupts atm)
#   - If a step in the "Cleanup" stage ran to destroy a molecule machine, or your acceptance step complains about "Unable to reach the ssh machine", then your molecule instance might have been destroyed or cleaned up. To recreate it, rerun the appropriate "Prepare" stage step to spin the machine back up

# Supported Commit Message Functionality:
#   ** Default: Note these do not have to be defined, by default everything will be included except secrets and localinstall which **
#   ** falls on master and tags **

# You can also reduce ec2 costs and clutter by defining the py version you want to build
#   - "<commit message> [py2]"
#   - "<commit message> [py3]"

variables: &commonvariables
  # The SRC_PATH is in the GOPATH of the builders which
  # currently is /go
  SRC_PATH: /go/src/github.com/StackVista/stackstate-agent
  # Directory in which we execute the omnibus build.
  # For an unknown reason, it does not go well with
  # a ruby dependency if we build directly into $CI_PROJECT_DIR/.omnibus
  OMNIBUS_BASE_DIR: /.omnibus
  OMNIBUS_BASE_DIR_WIN: c:/omnibus-ruby #\$CI_RUNNER_ID
  # Directory in which we execute the omnibus build for SUSE
  # as we want to separate the RPM built for this distro.
  BCC_VERSION: v0.12.0
  SYSTEM_PROBE_GO_VERSION: 1.16.7
  DATADOG_AGENT_EMBEDDED_PATH: /opt/datadog-agent/embedded
  VCINSTALLDIR: "C:\\Program Files (x86)\\Microsoft Visual Studio\\2017\\Community"
  # This variable represents which one of the gitlab pipelines will contain most of the jobs that's not required for both pipelines to run.
  # IE VMS is a massive jobs and only has to run on either v2 or the v3 pipeline. With this variable you can control on which of the pipelines
  # do jobs like these run on
  PRIMARY_MAJOR_VERSION: '3'
  PROCESS_AGENT_TEST_REPO: stackstate-process-agent-test
  AGENT_HELM_CHART_VERSION: ""
  STACKSTATE_HELM_CHART_VERSION: ""
  RUNNERS_IP: $RUNNERS_IP # IP of NAT Gateway from tooling account (where kubernetes runners live)
  STS_DOCKER_K8S_REPO: stackstate-k8s-agent
  STS_DOCKER_K8S_REPO_CLUSTER: stackstate-k8s-cluster-agent
  DD_KUBE_RESOURCES_NAMESPACE: "default" # this is here to make sure k8s based unit tests do not pick up namespaces from the environment when  running in k8s

.agent_variables: &agent_variables
  CONDA_ENV: ddpy3
  PYTHON_RUNTIMES: '3'
  MAJOR_VERSION: '3'
  STS_VER: 'v3'
  STS_AWS_RELEASE_BUCKET: stackstate-agent-3
  STS_AWS_TEST_BUCKET: stackstate-agent-3-test
  STS_AWS_RELEASE_BUCKET_YUM: stackstate-agent-3-rpm
  STS_AWS_TEST_BUCKET_YUM: stackstate-agent-3-rpm-test
  STS_AWS_RELEASE_BUCKET_WIN: stackstate-agent-3
  STS_AWS_TEST_BUCKET_WIN: stackstate-agent-3-test
  STS_DOCKER_RELEASE_REPO: stackstate-agent
  STS_DOCKER_TEST_REPO: stackstate-agent-test
  STS_DOCKER_RELEASE_REPO_TRACE: stackstate-trace-agent
  STS_DOCKER_TEST_REPO_TRACE: stackstate-trace-agent-test
  STS_DOCKER_RELEASE_REPO_CLUSTER: stackstate-cluster-agent
  STS_DOCKER_TEST_REPO_CLUSTER: stackstate-cluster-agent-test
  STS_DOCKER_RELEASE_REPO_SWARM: stackstate-swarm-agent
  STS_DOCKER_TEST_REPO_SWARM: stackstate-swarm-agent-test

.rules:
  - &exclude_on_cluster_agent
    if: $CI_COMMIT_MESSAGE =~ /\[cluster-agent]/
    when: never
  - &include_on_cluster_agent
    if: $CI_COMMIT_MESSAGE =~ /\[cluster-agent]/
    when: on_success
  - &exclude_on_tag_v3
    if: $CI_COMMIT_TAG =~ /3\..*/
    when: never
  - &scheduled_master_pipeline
    if: $CI_COMMIT_TAG || ($CI_COMMIT_REF_NAME == "master" && $CI_PIPELINE_SOURCE == "schedule")
    when: always
  - &exclude_on_clean
    if: $CLEAN == "yes"
    when: never

.other_files_rule: &other_files_rule
  # Check if any files (not MD) changed
  # Glob syntax that checks for changes in all files except files that end with .md, .mdown or .markdown extension.
  # (Glob syntax tester: https://toools.cloud/miscellaneous/glob-tester)

  # Run pipeline for merge requests and not for branch pipelines when a commit is pushed
  - if: $CI_MERGE_REQUEST_IID
    changes:
      - "**/{!(*.markdown|*.mdown|*.md),.*}"
    # If any non-MD files changed, always run the pipeline.
    when: always

  # Do not run pipeline for branch commits when there is an open merge request available
  - if: $CI_OPEN_MERGE_REQUESTS && $CI_COMMIT_BRANCH
    when: never

  # Run pipeline for branch commits when no merge requests are available
  - if: $CI_COMMIT_BRANCH || $CI_COMMIT_REF_NAME == "master"
    changes:
      - "**/{!(*.markdown|*.mdown|*.md),.*}"
    # If any non-MD files changed, always run the pipeline.
    when: always

.md_only_rule: &md_only_rule
  # Check if any MD files changed
  # Glob syntax that checks for changes in files ending with .md, .mdown or .markdown extension.
  # (Glob syntax tester: https://toools.cloud/miscellaneous/glob-tester)

  # Run pipeline for merge requests and not for branch pipelines when a commit is pushed
  - if: $CI_MERGE_REQUEST_IID
    changes:
      - "**/*.{markdown,mdown,md}"
    # If only MD files changed, don't run the pipeline.
    when: manual
    # Allow failure must be true, else manual pipelines can never be successful without running the manual jobs.
    allow_failure: true

  # Do not run pipeline for branch commits when there is an open merge request available
  - if: $CI_OPEN_MERGE_REQUESTS && $CI_COMMIT_BRANCH
    when: never

  # Run pipeline for branch commits when no merge requests are available
  - if: $CI_COMMIT_BRANCH || $CI_COMMIT_REF_NAME == "master"
    changes:
      - "**/*.{markdown,mdown,md}"
    # If only MD files changed, don't run the pipeline.
    when: manual
    # Allow failure must be true, else manual pipelines can never be successful without running the manual jobs.
    allow_failure: true

agent-x86:
  stage: triggers
  variables:
    <<: *commonvariables
    <<: *agent_variables
    ARCH: amd64
    ANSIBLE_INVENTORY_LOCATION: "../../sut/yards/k8s/ansible_inventory"
    STS_CONTEXT_FILE: "../../sut/yards/k8s/config.yaml"
    STS_KUBECONFIG_FILE: "./../../sut/yards/k8s/config"
  trigger:
    include: .gitlab-ci-agent-x86.yml
    strategy: depend
  rules:
    - <<: *exclude_on_clean
    - <<: *exclude_on_cluster_agent
    - <<: *scheduled_master_pipeline
    - *other_files_rule
    - *md_only_rule
    - when: always

agent-arm:
  stage: triggers
  variables:
    <<: *commonvariables
    <<: *agent_variables
    ARCH: arm64
    ANSIBLE_INVENTORY_LOCATION: "../../sut/yards/k8s-arm/ansible_inventory"
    STS_CONTEXT_FILE: "../../sut/yards/k8s-arm/config.yaml"
    STS_KUBECONFIG_FILE: "./../../sut/yards/k8s-arm/config"
  trigger:
    include: .gitlab-ci-agent-arm.yml
    strategy: depend
  rules:
    - <<: *exclude_on_clean
    - <<: *exclude_on_cluster_agent
    - <<: *scheduled_master_pipeline
    - *other_files_rule
    - *md_only_rule
    - when: always

.merge_docker_manifest: &merge_docker_manifest
  stage: postbuild
  needs: [ agent-x86, agent-arm ]
  trigger:
    include: .gitlab-ci-docker.yml
    strategy: depend

merge_docker_manifest_cluster_agent:
  <<: *merge_docker_manifest
  rules:
    - <<: *exclude_on_clean
    - <<: *exclude_on_cluster_agent
    - <<: *scheduled_master_pipeline
    - *other_files_rule
    - *md_only_rule
    - when: on_success
  variables:
    DST_REPOSITORY: quay.io/stackstate/stackstate-k8s-cluster-agent

merge_docker_manifest_main_agent:
  <<: *merge_docker_manifest
  rules:
    - <<: *exclude_on_clean
    - <<: *exclude_on_cluster_agent
    - <<: *scheduled_master_pipeline
    - *other_files_rule
    - *md_only_rule
    - when: on_success
  variables:
    DST_REPOSITORY: quay.io/stackstate/stackstate-k8s-agent

cluster_agent:
  stage: triggers
  variables:
    <<: *commonvariables
    <<: *agent_variables
  trigger:
    include: .gitlab-ci-cluster-agent.yml
    strategy: depend
  rules:
    - <<: *exclude_on_clean
    - <<: *include_on_cluster_agent
    - when: never

build_agent_runners:
  stage: triggers
  variables:
    <<: *commonvariables
  trigger:
    include: .gitlab-ci-build-runners.yml
    strategy: depend
  rules:
    - <<: *exclude_on_clean
    - if: $CI_MERGE_REQUEST_IID
    - if: $CI_OPEN_MERGE_REQUESTS
      when: never
    - if: $CI_COMMIT_BRANCH

cleanup_job:
  stage: schedule
  image: registry.tooling.stackstate.io/docker/stackstate/beest:20241022
  variables:
    <<: *commonvariables
    <<: *agent_variables
  rules:
    - if: $CI_PIPELINE_SOURCE == "schedule" && $CLEAN == "yes"
      when: always
    - if: $CI_COMMIT_MESSAGE =~ /\[cleanup]/
      when: always
  script:
    - cd $CI_PROJECT_DIR
    - . $CI_PROJECT_DIR/beest/bootstrap_functions.sh
    - generate_aws_config
    - configure_aws_beest_credentials
    - unset AWS_ACCESS_KEY_ID && unset AWS_SECRET_ACCESS_KEY && unset AWS_ROLE_ARN && unset AWS_WEB_IDENTITY_TOKEN_FILE  # Unset gitlab runner AWS credentials which conflicts with Beest ~/.aws/credentials
    - export AWS_PROFILE=stackstate-sandbox
    - chmod +x env_cleanup_schedule.sh
    - ./env_cleanup_schedule.sh ${gitlab_api_scope_token} ${days_of_last_commit}
  tags:
    - sts-k8s-xl-runner

notify-on-master-fail:
  before_script:
    - apk add --no-cache bash curl
  image: ${DOCKER_PROXY_URL}/library/alpine:latest
  only:
    - stackstate-7.51.1
  script:
    - SUITE=build ./.cerberus/cerberus_notify_failure.sh
  stage: report
  tags:
    - sts-k8s-m-runner
  when: on_failure