diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index ac8bbf4db..fb63ce150 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,10 +8,6 @@ stages: # without it, Docker builds could attempt to push to empty ECR repositories. # First step is to build the traefik module as the traefik service is created and updated in the infrastructure module - infrastructure_preprod_build - - infrastructure_preprod_west_init - - infrastructure_preprod_west_validate - - infrastructure_preprod_west_plan - - infrastructure_preprod_west_apply - infrastructure_preprod_init - infrastructure_preprod_validate - infrastructure_preprod_plan @@ -32,16 +28,6 @@ stages: - deploy:dev:validate:es - deploy:dev:plan:es - deploy:dev:apply:es - - - deploy:dev-west:init:en - - deploy:dev-west:validate:en - - deploy:dev-west:plan:en - - deploy:dev-west:apply:en - - - deploy:dev-west:init:es - - deploy:dev-west:validate:es - - deploy:dev-west:plan:es - - deploy:dev-west:apply:es - deploy:stage:init - deploy:stage:validate @@ -343,7 +329,6 @@ build:drupal: --build-arg GIT_TAG=$CI_COMMIT_TAG --target=$WEBCMS_TARGET --destination=$WEBCMS_REPO_URL/webcms-$WEBCMS_ENVIRONMENT-$WEBCMS_SITE-$WEBCMS_TARGET:$WEBCMS_IMAGE_TAG - --destination=$WEBCMS_REPO_URL_WEST/webcms-$WEBCMS_ENVIRONMENT-$WEBCMS_SITE-$WEBCMS_TARGET:$WEBCMS_IMAGE_TAG --destination=$CI_REGISTRY_IMAGE/webcms-$WEBCMS_ENVIRONMENT-$WEBCMS_SITE-$WEBCMS_TARGET:$WEBCMS_IMAGE_TAG variables: @@ -363,7 +348,6 @@ build:drupal: --build-arg GIT_COMMIT=$CI_COMMIT_SHA --build-arg GIT_TAG=$CI_COMMIT_TAG --destination=$WEBCMS_REPO_URL/webcms-$WEBCMS_ENVIRONMENT-$WEBCMS_SITE-fpm-metrics:$WEBCMS_IMAGE_TAG - --destination=$WEBCMS_REPO_URL_WEST/webcms-$WEBCMS_ENVIRONMENT-$WEBCMS_SITE-fpm-metrics:$WEBCMS_IMAGE_TAG --destination=$CI_REGISTRY_IMAGE/webcms-$WEBCMS_ENVIRONMENT-$WEBCMS_SITE-fpm-metrics:$WEBCMS_IMAGE_TAG variables: WEBCMS_ENVIRONMENT: preproduction @@ -399,7 +383,6 @@ build:drupal: --build-arg GIT_COMMIT=$CI_COMMIT_SHA --build-arg GIT_TAG=$CI_COMMIT_TAG --destination=$WEBCMS_REPO_URL/webcms-$WEBCMS_ENVIRONMENT-aws-cloudwatch - --destination=$WEBCMS_REPO_URL_WEST/webcms-$WEBCMS_ENVIRONMENT-aws-cloudwatch --destination=$CI_REGISTRY_IMAGE/webcms-$WEBCMS_ENVIRONMENT-aws-cloudwatch variables: @@ -420,7 +403,6 @@ build:drupal: --build-arg GIT_COMMIT=$CI_COMMIT_SHA --build-arg GIT_TAG=$CI_COMMIT_TAG --destination=$WEBCMS_REPO_URL/webcms-$WEBCMS_ENVIRONMENT-traefik:latest - --destination=$WEBCMS_REPO_URL_WEST/webcms-$WEBCMS_ENVIRONMENT-traefik:latest --destination=$CI_REGISTRY_IMAGE/webcms-$WEBCMS_ENVIRONMENT-traefik:latest variables: WEBCMS_ENVIRONMENT: preproduction @@ -440,7 +422,6 @@ build:drupal: --build-arg GIT_COMMIT=$CI_COMMIT_SHA --build-arg GIT_TAG=$CI_COMMIT_TAG --destination=$WEBCMS_REPO_URL/webcms-$WEBCMS_ENVIRONMENT-newrelic-daemon - --destination=$WEBCMS_REPO_URL_WEST/webcms-$WEBCMS_ENVIRONMENT-newrelic-daemon --destination=$CI_REGISTRY_IMAGE/webcms-$WEBCMS_ENVIRONMENT-newrelic-daemon variables: WEBCMS_ENVIRONMENT: preproduction @@ -657,81 +638,6 @@ infrastructure:preproduction:apply: environment: name: infra/preproduction -#sub-region us-west-2: -# These steps deploy into the infra/preproduction-west environment -# the infra/preproduction-west environment is pointed to the us-west-2 region within the DrupalCloud AWS accounts -infrastructure:preproduction-west:init: - extends: .infrastructure - stage: infrastructure_preprod_west_init - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - variables: - WEBCMS_ENVIRONMENT: preproduction - TF_STATE_NAME: dev-west - #override the TF_ADDRESS in .infrastructure - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-west - script: - - gitlab-terraform init -upgrade - - gitlab-terraform init - environment: - name: infra/preproduction-west - -infrastructure:preproduction-west:validate: - extends: .infrastructure - stage: infrastructure_preprod_west_validate - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - variables: - WEBCMS_ENVIRONMENT: preproduction - TF_STATE_NAME: dev-west - #override the TF_ADDRESS in .infrastructure - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-west - script: - - gitlab-terraform init -upgrade - - gitlab-terraform validate - environment: - name: infra/preproduction-west - -infrastructure:preproduction-west:plan: - extends: .infrastructure - stage: infrastructure_preprod_west_plan - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - variables: - WEBCMS_ENVIRONMENT: preproduction - TF_STATE_NAME: dev-west - #override the TF_ADDRESS in .infrastructure - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-west - script: - - gitlab-terraform init -upgrade - - gitlab-terraform plan - - gitlab-terraform plan-json - timeout: 24h - environment: - name: infra/preproduction-west - artifacts: - name: plan - paths: - - $TF_ROOT/plan.cache - reports: - terraform: $TF_ROOT/plan.json - -infrastructure:preproduction-west:apply: - extends: .infrastructure - stage: infrastructure_preprod_west_apply - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - dependencies: ["infrastructure:preproduction-west:plan"] - variables: - WEBCMS_ENVIRONMENT: preproduction - TF_STATE_NAME: dev-west - #override the TF_ADDRESS in .infrastructure - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-west - script: - - gitlab-terraform init -upgrade - - gitlab-terraform apply - environment: - name: infra/preproduction-west @@ -1009,263 +915,6 @@ deploy:dev:apply-es: -#region: US West 2 deployment -deploy:dev-west:init:en: - extends: .deploy - stage: deploy:dev-west:init:en - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - - variables: - WEBCMS_LANG: en - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - TF_STATE_NAME: dev-webcms-west-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - # As mentioned in the comments on the infrastructure:preproduction job, we use a - # resource group to prevent overlapping Terraform runs. The environment names here are - # prefixed with "site/" to indicate that they're for the Drupal site instead of - # infrastructure. - resource_group: site/dev-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - - script: - - echo $TF_ADDRESS - - gitlab-terraform init - -deploy:dev-west:init:es: - extends: .deploy - stage: deploy:dev-west:init:es - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - - variables: - WEBCMS_LANG: es - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - TF_STATE_NAME: dev-webcms-west-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - # As mentioned in the comments on the infrastructure:preproduction job, we use a - # resource group to prevent overlapping Terraform runs. The environment names here are - # prefixed with "site/" to indicate that they're for the Drupal site instead of - # infrastructure. - resource_group: site/dev-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - - script: - - echo $TF_ADDRESS - - gitlab-terraform init - - -# Validate syntax and configuration -deploy:dev-west:validate:en: - extends: .deploy - stage: deploy:dev-west:validate:en - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - - variables: - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - WEBCMS_LANG: en - TF_STATE_NAME: dev-webcms-west-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - environment: - name: site/dev-west-$WEBCMS_LANG - script: - - gitlab-terraform validate - -# Validate syntax and configuration -deploy:dev-west:validate:es: - extends: .deploy - stage: deploy:dev-west:validate:es - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - variables: - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - WEBCMS_LANG: en - TF_STATE_NAME: dev-webcms-west-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - script: - - gitlab-terraform validate - -# Perform a plan, uploading the plan files as GitLab artifacts. -deploy:dev-west:plan-en: - extends: .deploy - stage: deploy:dev-west:plan:en - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - - variables: - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - WEBCMS_LANG: en - TF_STATE_NAME: dev-webcms-west-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - # As mentioned in the comments on the infrastructure:preproduction job, we use a - # resource group to prevent overlapping Terraform runs. The environment names here are - # prefixed with "site/" to indicate that they're for the Drupal site instead of - # infrastructure. - resource_group: site/dev-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - - script: - - gitlab-terraform plan - - gitlab-terraform plan-json - - artifacts: - name: plan - paths: - - $TF_ROOT/plan.cache - reports: - terraform: $TF_ROOT/plan.json - -deploy:dev-west:plan-es: - extends: .deploy - stage: deploy:dev-west:plan:es - rules: - - if: '$CI_COMMIT_BRANCH == "live"' - - variables: - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - WEBCMS_LANG: es - TF_STATE_NAME: dev-webcms-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - # As mentioned in the comments on the infrastructure:preproduction job, we use a - # resource group to prevent overlapping Terraform runs. The environment names here are - # prefixed with "site/" to indicate that they're for the Drupal site instead of - # infrastructure. - resource_group: site/dev-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - - script: - - gitlab-terraform plan - - gitlab-terraform plan-json - - artifacts: - name: plan - paths: - - $TF_ROOT/plan.cache - reports: - terraform: $TF_ROOT/plan.json - - -# Perform an apply. Note that this is not always automatic; see the comments above the rules -# for more. -deploy:dev-west:apply-en: - extends: .deploy - stage: deploy:dev-west:apply:en - - # Download the plan files from the previous step. - dependencies: ["deploy:dev-west:plan-en"] - - variables: - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - WEBCMS_LANG: en - TF_STATE_NAME: dev-webcms-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - # As mentioned in the comments on the infrastructure:preproduction job, we use a - # resource group to prevent overlapping Terraform runs. The environment names here are - # prefixed with "site/" to indicate that they're for the Drupal site instead of - # infrastructure. - resource_group: site/dev-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - - script: - - gitlab-terraform apply - - # We use GitLab's rules to limit when we block the application of a Terraform module. - # - # There are three rules: - # 1. We require approval of the infrastructure module on its tracking branches (main and - # live). - # 2. We permit automatic application of the webcms module, since it only updates a - # limited subset of ECS resources. - # 3. Any other attempt to apply a Terraform plan is explicitly denied. This is provided - # as a safety net to keep misconfigured trigger jobs from accidentally clobbering - # live AWS resources. - # - # NB. GitLab uses a "first match wins" order of rule evaluation, which is why the third - # rule does not have an `if:` condition limiting when it applies. - rules: - - if: >- - $TF_MODULE == "infrastructure" && - ($CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "live") - when: manual - - - if: >- - $TF_MODULE == "webcms" && - ($CI_COMMIT_BRANCH == "integration" || $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "live") - when: on_success - - - when: never - -deploy:dev-west:apply-es: - extends: .deploy - stage: deploy:dev-west:apply:es - - # Download the plan files from the previous step. - dependencies: ["deploy:dev-west:plan-es"] - - variables: - WEBCMS_ENVIRONMENT: preproduction - WEBCMS_SITE: dev - WEBCMS_LANG: es - TF_STATE_NAME: dev-webcms-$WEBCMS_LANG - TF_ADDRESS: ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/terraform/state/dev-webcms-west-$WEBCMS_LANG - - # As mentioned in the comments on the infrastructure:preproduction job, we use a - # resource group to prevent overlapping Terraform runs. The environment names here are - # prefixed with "site/" to indicate that they're for the Drupal site instead of - # infrastructure. - resource_group: site/dev-west-$WEBCMS_LANG - environment: - name: site/dev-west-$WEBCMS_LANG - - script: - - gitlab-terraform apply - - # We use GitLab's rules to limit when we block the application of a Terraform module. - # - # There are three rules: - # 1. We require approval of the infrastructure module on its tracking branches (main and - # live). - # 2. We permit automatic application of the webcms module, since it only updates a - # limited subset of ECS resources. - # 3. Any other attempt to apply a Terraform plan is explicitly denied. This is provided - # as a safety net to keep misconfigured trigger jobs from accidentally clobbering - # live AWS resources. - # - # NB. GitLab uses a "first match wins" order of rule evaluation, which is why the third - # rule does not have an `if:` condition limiting when it applies. - rules: - - if: >- - $TF_MODULE == "infrastructure" && - ($CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "live") - when: manual - - - if: >- - $TF_MODULE == "webcms" && - ($CI_COMMIT_BRANCH == "integration" || $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "live") - when: on_success - - - when: never