Epic 3

Utworzenie procesów gitlab-ci

Tags:

Gitlab

5 minute read

🎯 Cel epiki

Zadanie polega na zaprojektowaniu i wdrożeniu ustandaryzowanych procesów CI/CD w przestrzeni pl.rachuna-net z wykorzystaniem GitLab-CI, zgodnie z podejściem modularnym i komponentowym.

Projekt zakłada utworzenie dedykowanej struktury repozytoriów, komponentów oraz definicji pipeline’ów, które umożliwią zarządzanie i automatyzację procesów testowania, budowania, publikowania oraz wdrażania aplikacji i bibliotek w spójny, skalowalny sposób.

---
config:
  theme: neo
  layout: dagre
  look: neo
---
flowchart LR
 subgraph s3["Repozytorium IAC"]
        n12["iac-gitlab"]
  end
 subgraph s4["Infrastruktura"]
        n13["Zarządzanie grupami i repozytoriami"]
  end
 subgraph s5["Przestrzeń CI/CD"]
        n18["gitlab-ci"]
        n19["components"]
  end
    n12 --> s4
    n18 --> n19
    n13 -- Definicja pipeline --> s5
    s5 --> n11["containers"]
    n11 --> n22["Job"]

    n12@{ shape: rounded}
    n18@{ shape: rect}
    n19@{ shape: procs}
    n11@{ shape: procs}
    n22@{ shape: lean-r}
     n12:::Sky
     n22:::Pine
    classDef Aqua stroke-width:1px, stroke-dasharray:none, stroke:#46EDC8, fill:#DEFFF8, color:#378E7A
    classDef Pine stroke-width:1px, stroke-dasharray:none, stroke:#254336, fill:#27654A, color:#FFFFFF
    classDef Sky stroke-width:1px, stroke-dasharray:none, stroke:#374D7C, fill:#E2EBFF, color:#374D7C
    click n12 "https://gitlab.com/pl.rachuna-net/infrastructure/opentofu/iac-gitlab"

Przygotowanie grup i repozytoriów za pomocą Terraform

- przestrzeń pl.rachuna-net / cicd

✅ Definicja grupy pl.rachuna-net/cicd
✅ Definicja grupy pl.rachuna-net/cicd/components
✅ Definicja repozytorium pl.rachuna-net/cicd/gitlab-profile
✅ Definicja repozytorium pl.rachuna-net/cicd/gitlab-ci
✅ Definicja repozytorium pl.rachuna-net/cicd/gitlab-rendering
✅ Definicja repozytorium pl.rachuna-net/cicd/components/prepare
✅ Definicja repozytorium pl.rachuna-net/cicd/components/validate
✅ Definicja repozytorium pl.rachuna-net/cicd/components/release
✅ Definicja repozytorium pl.rachuna-net/cicd/components/containers
✅ Definicja repozytorium pl.rachuna-net/cicd/components/ast
✅ Definicja repozytorium pl.rachuna-net/cicd/components/infrastructure

- przestrzeń pl.rachuna-net / containers

✅ Definicja repozytorium pl.rachuna-net/containers/buildah
✅ Definicja repozytorium pl.rachuna-net/containers/conftest
✅ Definicja repozytorium pl.rachuna-net/containers/opentofu
✅ Definicja repozytorium pl.rachuna-net/containers/python
✅ Definicja repozytorium pl.rachuna-net/containers/semantic-release
✅ Definicja repozytorium pl.rachuna-net/containers/trivy

Przygotowanie minimalistycznego procesu do budowania kontenerów (image builder)

---
config:
  theme: neo
  layout: dagre
  look: neo
---
flowchart LR
    A(["Ręczne przygotowanie obrazu konterowego"]) --> B["proces-ci"]
    B --> C@{ label: "<span style=\"color:\">wydanie obrazu</span><br style=\"--tw-scale-x:\"><span style=\"color:\">buildah</span>" } & D["wydanie obrazu<br>semantic-release"] & n2@{ label: "<span style=\"color:\">wydanie obrazu</span><br style=\"--tw-scale-x:\"><span style=\"color:\">python</span>" } & n4@{ label: "<span style=\"padding-left:\"><span style=\"color:\">wydanie obrazu</span><br style=\"--tw-scale-x:\">conftest</span>" } & n5@{ label: "<span style=\"padding-left:\"><span style=\"padding-left:\"><span style=\"color:\">wydanie obrazu<br></span>trivy</span></span>" }
    n1(["Przygotowanie minimalistyczny<br>proces gitlab-ci"]) --> B

    B@{ shape: proc}
    C@{ shape: rect}
    n2@{ shape: rect}
    n4@{ shape: rect}
    n5@{ shape: rect}
     A:::Pine
     n1:::Pine
    classDef Pine stroke-width:1px, stroke-dasharray:none, stroke:#254336, fill:#27654A, color:#FFFFFF
    click A "https://gitlab.com/pl.rachuna-net/containers/buildah/-/blob/main/Dockerfile?ref_type=heads"
    click C "https://gitlab.com/pl.rachuna-net/containers/buildah/-/releases/v1.0.0"
    click D "https://gitlab.com/pl.rachuna-net/containers/semantic-release"
    click n2 "https://gitlab.com/pl.rachuna-net/containers/python"
    click n4 "https://gitlab.com/pl.rachuna-net/containers/conftest"
    click n5 "https://gitlab.com/pl.rachuna-net/containers/trivy"
    click n1 "http://localhost:1313/blog/2025/07/23/proces-budowania-kontenerów/#przygotowanie-procesu-ci"

✅ Utworzenie obrazu kontenerowego buildah v1.0.0
✅ Utworzenie obrazu kontenerowego conftest v1.0.0
✅ Utworzenie obrazu kontenerowego python v2.0.0
✅ Utworzenie obrazu kontenerowego semantic-release v2.0.0
✅ Utworzenie obrazu kontenerowego trivy v1.0.0

Przygotowanie procesu defaultowego procesu

---
config:
  theme: redux
---
flowchart LR
 subgraph s1["validate"]
        n1["🧑‍💻 YAML lint"]
  end
 subgraph s2["prepare"]
        n2["🔍 Analyze Conventional Commits"]
        n3["🔍 input parameters"]
        n4["🕵 Set Version"]
  end
 subgraph s4["release"]
        n6["📍 Publish Version"]
  end
    s2 --> s1
    n2 --- n3
    n3 --- n4
    s1 --> s4

    click n1 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/yamllint.yml?ref_type=heads"
    click n2 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/conventional_commits.yml?ref_type=heads"
    click n3 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n4 "https://gitlab.com/pl.rachuna-net/cicd/components/release/-/blob/main/templates/versioning.yml?ref_type=heads"
    click n6 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"

(prepare) Przygotowanie procesu

✅ Przygotowanie Joba wyświetlającego dane o procesie 🔍 Input Parameters
✅ Przygotowanie Joba wyświetlającego dane o procesie 🔍 Analyze Conventional Commits

(validate) Walidacja

✅ Utworzenie Joba z użyciem yamlint 🕵 YAML lint

(release) Wydawnie

✅ Przygotowanie Joba Semantic Release 📍 Publish Version
✅ 🏁 Wydanie pipeline default → v1.0.0

Przygotowanie procesu dla builder image

---
config:
  theme: redux
---
flowchart LR
 subgraph s1["prepare"]
        n1["🔍 Analyze Conventional Commits"]
        n2["⚙️ Input Parameters"]
        n3["🕵 Set Version"]
  end
 subgraph s2["validate"]
        n4["🧪 Validate files (conftest)"]
        n11@{ label: "<div style=\"color:\"><span style=\"color:\">🧑‍💻 YAML lint</span></div>" }
  end
 subgraph s3["build"]
        n5["🚀 build container image"]
  end
 subgraph s4["publish"]
        n6["🌐 publish container image"]
  end
 subgraph s5["release"]
        n8["📍 Publish Version"]
  end
 subgraph s6["integration-test"]
        n9["🔬 trivy (dast)"]
        n10["🧪 test docker image"]
  end
    s1 --> s2
    s2 --> s3
    s3 --> s4
    s4 --> s5
    s5 --> s6
    n1 --- n2
    n2 --- n3
    n9 --- n10
    n4 --> n11
    n11@{ shape: rect}
    click n1 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/conventional_commits.yml?ref_type=heads"
    click n2 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n3 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/set_version.yml?ref_type=heads"
    click n4 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/contrest.yml"
    click n5 "https://gitlab.com/pl.rachuna-net/cicd/components/containers/-/blob/main/templates/image-builder.yml"
    click n6 "https://gitlab.com/pl.rachuna-net/cicd/components/containers/-/blob/main/templates/image-builder.yml"
    click n7 "https://gitlab.com/pl.rachuna-net/cicd/components/release/-/blob/main/templates/vault.yml"
    click n8 "https://gitlab.com/pl.rachuna-net/cicd/components/release/-/blob/main/templates/versioning.yml"
    click n9 "https://gitlab.com/pl.rachuna-net/cicd/components/ast/-/blob/main/templates/trivy.yml?ref_type=heads"
    click n10 "https://gitlab.com/pl.rachuna-net/cicd/components/containers/-/blob/main/templates/image-builder.yml"

(validate) Walidacja

✅ Utworzenie Joba z użyciem conftest 🔬 Validate files (conftest)

(build)

✅ Utworzenie Joba z użyciem image-builder 🚀 build container image

(publish) Publikacja

✅ Utworzenie Joba z użyciem image-builder 🌐 publish container image

(integration-test) Testy integracyjne

✅ Utworzenie Joba z użyciem image-builder 🧪 test docker image
✅ Utworzenie Joba z użyciem trivy 🔬 trivy (dast)
✅ 🏁 Wydanie pipeline image-builder → v1.0.0

Przygotowanie procesu dla opentofu modules

---
config:
  theme: redux
---
flowchart LR
 subgraph s1["validate"]
        n1["🧑‍💻 YAML lint"]
        n8@{ label: "<code><span class=\"hljs-string\">🕵</span><span class=\"\"> </span><span class=\"hljs-attr\">opentofu fmt</span></code>" }
        n10@{ label: "<code><span class=\"hljs-string\">✅</span><span class=\"\"> </span><span class=\"hljs-attr\">tflint</span></code>" }
        n11@{ label: "<code><span class=\"hljs-string\">✅</span><span class=\"\"> </span><span class=\"hljs-attr\">terraform-docs</span></code>" }
  end
 subgraph s2["prepare"]
        n2["🔍 Analyze Conventional Commits"]
        n3["🔍 input parameters"]
        n4["🕵 Set Version"]
  end
 subgraph s3["sast"]
        n5["💪 sonarqube scan"]
  end
 subgraph s4["release"]
        n6["📍 Publish Version"]
  end
    s2 --> s1
    n2 --- n3
    n3 --- n4
    s3 --> s4
    n1 --- n8
    n8 --- n10
    n10 --- n11
    s1 --> s3
    n8@{ shape: rect}
    n10@{ shape: rect}
    n11@{ shape: rect}
    click n1 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/yamllint.yml?ref_type=heads"
    click n8 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n10 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n11 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n2 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/conventional_commits.yml?ref_type=heads"
    click n3 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n4 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n5 "https://gitlab.com/pl.rachuna-net/cicd/components/ast/-/blob/main/templates/sonarqube.yml?ref_type=heads"
    click n6 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"

(validate) Walidacja

✅ Przygotowanie Joba 🕵 opentofu fmt
✅ Przygotowanie Joba ✅ tflint
✅ Przygotowanie Joba ✅ terraform-docs
✅ 🏁 Wydanie pipeline opentofu-module → v1.0.0

Przygotowanie procesu dla opentofu

---
config:
  theme: redux
---
flowchart LR
 subgraph s1["validate"]
        n1["🧑‍💻 YAML lint"]
        n8@{ label: "<code><span class=\"hljs-string\">🕵</span><span class=\"\"> </span><span class=\"hljs-attr\">opentofu fmt</span></code>" }
        n9@{ label: "<code><span class=\"hljs-string\">✅</span><span class=\"\"> </span><span class=\"hljs-attr\">opentofu validate</span></code>" }
        n10@{ label: "<code><span class=\"hljs-string\">✅</span><span class=\"\"> </span><span class=\"hljs-attr\">tflint</span></code>" }
        n11@{ label: "<code><span class=\"hljs-string\">✅</span><span class=\"\"> </span><span class=\"hljs-attr\">terraform-docs</span></code>" }
  end
 subgraph s2["prepare"]
        n2["🔍 Analyze Conventional Commits"]
        n3["🔍 input parameters"]
        n4["🕵 Set Version"]
  end
 subgraph s3["sast"]
        n5["💪 sonarqube scan"]
  end
 subgraph s4["release"]
        n6["📍 Publish Version"]
  end
 subgraph s5["unit-test"]
        n12@{ label: "<span style=\"color:\" color=\"\">🧪 opentofu plan</span>" }
  end
 subgraph s6["deploy"]
        n13@{ label: "<span style=\"color:\" color=\"\">💥 opentofu apply</span>" }
  end
    s2 --> s1
    n2 --- n3
    n3 --- n4
    s3 --> s4
    s1 --> s5
    n1 --- n8
    n8 --> n9
    n9 --> n10
    n10 --> n11
    s5 --> s3
    s4 --> s6
    n8@{ shape: rect}
    n9@{ shape: rect}
    n10@{ shape: rect}
    n11@{ shape: rect}
    n12@{ shape: rect}
    n13@{ shape: rect}
    click n1 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/yamllint.yml?ref_type=heads"
    click n8 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n9 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n10 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n11 "https://gitlab.com/pl.rachuna-net/cicd/components/validate/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n2 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/conventional_commits.yml?ref_type=heads"
    click n3 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n4 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n5 "https://gitlab.com/pl.rachuna-net/cicd/components//-/blob/main/templates/sonarqube.yml?ref_type=heads"
    click n6 "https://gitlab.com/pl.rachuna-net/cicd/components/prepare/-/blob/main/templates/input_parameters.yml?ref_type=heads"
    click n7 "https://gitlab.com/pl.rachuna-net/cicd/components/release/-/blob/main/templates/vault.yml?ref_type=heads"
    click n12 "https://gitlab.com/pl.rachuna-net/cicd/components/unit-test/-/blob/main/templates/opentofu.yml?ref_type=heads"
    click n13 "https://gitlab.com/pl.rachuna-net/cicd/components/deploy/-/blob/main/templates/opentofu.yml?ref_type=heads"

✅ Przygotowanie Joba ✖️ opentofu validate
✅ Przygotowanie Joba 🧪 opentofu plan
✅ Przygotowanie Joba 💥 opentofu apply
✅ 🏁 Wydanie pipeline opentofu → v1.0.0

Last modified August 14, 2025: feat!: DEVOPS-123 Zmiana mkdocs na hugo (660375f)