Commit 2c87a042 authored by Sandro Mathys's avatar Sandro Mathys
Browse files

use absolute paths

parent f5653368
......@@ -42,8 +42,8 @@ variables:
cache:
key: "${CI_ENVIRONMENT_SLUG}-${CI_COMMIT_REF_SLUG}"
paths:
- "ci/sp-key.pem"
- ".config/helm/registry.json"
- "${CI_PROJECT_DIR}/ci/sp-key.pem"
- "${CI_PROJECT_DIR}/.config/helm/registry.json"
stages:
# on commit to main
......@@ -85,12 +85,12 @@ prepare:
- test -n "${VAULT_PASSWORD}" || missing_vars="${missing_vars} VAULT_PASSWORD"
- if test -n "${missing_vars}"; then echo "Required environment variable(s) not set:${missing_vars} - check CI / CD variables in the project settings" >&2; exit 1; fi;
# apparently ash can't do process substitution, so we have to write this to a file temporarily
- echo "${VAULT_PASSWORD}" > ".vault_password"
- echo "${VAULT_PASSWORD}" > "${CI_PROJECT_DIR}/.vault_password"
script:
# can't do this in the deploy step, because we have no ansible there
- ansible-vault view --vault-password-file ".vault_password" "ci/sp-key.pem.vault" > "ci/sp-key.pem"
- ansible-vault view --vault-password-file "${CI_PROJECT_DIR}/.vault_password" "${CI_PROJECT_DIR}/ci/sp-key.pem.vault" > "${CI_PROJECT_DIR}/ci/sp-key.pem"
after_script:
- rm -f ".vault_password"
- rm -f "${CI_PROJECT_DIR}/.vault_password"
# just in case there's some left overs for some reason - because if so, the next job will fail
# we always want to perform an install (rather than an upgrade) in order to ensure the pre-install hooks work
......@@ -111,11 +111,11 @@ deploy:
- main
interruptible: true
script:
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" create secret tls shibboleth-sp-helm-chart-certs --cert="ci/sp-cert.pem" --key="ci/sp-key.pem"
- kubectl --namespace "${NAMESPACE}" --server "${KUBE_APISERVER}" --token="${KUBE_TOKEN}" create secret tls shibboleth-sp-helm-chart-certs --cert="${CI_PROJECT_DIR}/ci/sp-cert.pem" --key="${CI_PROJECT_DIR}/ci/sp-key.pem"
# thanks to --atomic, this command won't just install the chart but also ensure it works
- helm install "${HELM_RELEASE}" chart --values="ci/values.yaml" --atomic --debug
- helm install "${HELM_RELEASE}" "${CI_PROJECT_DIR}/chart" --values="${CI_PROJECT_DIR}/ci/values.yaml" --atomic --debug
# remove from cache
- rm -f "ci/sp-key.pem"
- rm -f "${CI_PROJECT_DIR}/ci/sp-key.pem"
verify:
stage: verify
......@@ -148,10 +148,10 @@ package:
- main
interruptible: true
script:
- helm package chart
- helm package "${CI_PROJECT_DIR}/chart"
artifacts:
paths:
- /builds/maps/shibboleth-sp-helm-chart/*.tgz
- ${CI_PROJECT_DIR}/*.tgz
upload:
stage: upload
......@@ -162,6 +162,6 @@ upload:
- $CI_COMMIT_TAG
interruptible: true
script:
- echo "${SHIBBOLETH_SP_HELM_CHART_REGISTRY_TOKEN}" | helm registry login "${CI_REGISTRY}/maps/shibboleth-sp-helm-chart/" -u "gitlab-ci-shibboleth-sp-helm-chart" --password-stdin
- helm chart save chart "cr.gitlab-int.switch.ch/maps/shibboleth-sp-helm-chart"
- helm chart push "cr.gitlab-int.switch.ch/maps/shibboleth-sp-helm-chart:${CI_COMMIT_TAG}"
- echo "${SHIBBOLETH_SP_HELM_CHART_REGISTRY_TOKEN}" | helm registry login "${CI_REGISTRY_IMAGE}" -u "gitlab-ci-shibboleth-sp-helm-chart" --password-stdin
- helm chart save "${CI_PROJECT_DIR}/chart" "${CI_REGISTRY_IMAGE}"
- helm chart push "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}"
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment