Build with gitlab
ℹ️note
Last tested GitLab version for custom GitLab pipelines: GitLab Enterprise Edition v17.5.1
The IBM Industry Solutions Workbench provides prebuild pipeline steps ready to use in custom GitLab pipelines. This sample shows, how to set up custom GitLab pipelines to work seamlessly with k5 service projects.
Update release dependent container images
The GitLab pipeline samples contain a section with variables, containing all IBM Industry Solutions Workbench release dependent container images.
To provide a convenient method for updating these container images, the content of the ConfigMap k5-pipeline-image-versions can be used to replace this section.
kind: ConfigMap
apiVersion: v1
metadata:
name: k5-pipeline-image-versions
data:
ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: 'domain-server:7.3.57'
BUILD_BAW_TOOLKIT_IMAGE: 'build-bpm-toolkit@sha256:308c70e7fa192bdf5d95560bb9f79e86256c40f3dc9fb9610a55b180983a5a46'
GENERATE_CODE_TS_IMAGE: 'build-low-code-gen-ts@sha256:0e3b1e740e7d686875cf78796b00570565861b7303b87e8219065d4b7643b3ea'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE: 'k5-domain-server:7.3.57'
GENERATE_CODE_JAVA_IMAGE: 'build-low-code-gen-java@sha256:a77fe2b4f39c69f418c8fe5546f66f4cd2140427f0b375c7b7a9fab2b6e1acdc'
ADO_DS_IMAGE_BASETAG: 7.3.57
UNIT_TEST_IMAGE: 'step-unit-test@sha256:5ff24d3aef99acbe01ad3efaff11cb996644a568b8e86453e0194a206be7c8a7'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11: 'k5-solution-ubi8-openjdk-11:12.2.59'
DEPLOY_SOLUTION_IMAGE: 'step-deploy-solution@sha256:824a95ff42beacad4beb688a8364bb9a7f6fa4e172a6b79afc8149c589e5361d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17: 'k5-solution-ubi8-openjdk-17:12.2.59'
PREPARE_VALIDATE_DESIGN_MODEL_IMAGE: 'design-model-validation@sha256:c97c56c02d163317094f6e197e7c96f56fecf3d8ede0285fad059cbde5632a33'
PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE: 'prepare-denormalize-domain-model@sha256:85355b07bba338f697434b000099f386c474f266660b07e927a4c485df5ab80d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE: 'k5-solution-ubi8-node:12.2.59'
BUILD_CODE_IMAGE: 'step-build-code@sha256:7d395e574b51d0b2d231fb819fdc024da257a806339fb32c43db278d16873ac8'
BUILD_PUBLISH_DOCKER_IMAGE: 'step-pack-solution-docker@sha256:81e9e83f8cd30ddaf4d3b0b070e75f7e59d8ecd8fa13c61ee8aebe0da1aea01d'
HANDLE_VERSION_IMAGE: 'step-handle-version@sha256:cdb11b32641f3f38dda7b64c05b9e51140234e4a0dea8b181cc978af0e20bafd'
PACK_HELM_CHART_IMAGE: 'step-pack-helm-chart@sha256:6bfb3752bec4fa91b70ec5aba26a2dc27411b4a7556f6673e7d8ec7662f35c52'
Java stack support
This sample shows the content of a .gitlab-ci.yml file to handle a k5 service based on a Java stack.
Please fill all mandatory variables with content regarding your installation, e.g.:
# Container registry authentication data for all used container image registries (JSON data structure)
DOCKER_AUTH_CONFIG: "{ 'auths': { 'imagerepo.company.cloud': { 'username': 'iamapikey', 'password': 'password', 'auth': 'aWFtYXBpa2***' } }"
# Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
HELM_REPO_USERNAME: "helmRepoUser"
# Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
HELM_REPO_PASSWORD: "password"
# Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
OC_LOGIN_TOKEN: "eyJhbGciOi****"
# configured container image registry path [mandatory]
IMAGE_REGISTRY: "imagerepo.company.cloud/k5_release"
# Acronym of the service project [mandatory]
SOLUTION_ACRONYM: "JAVADDDPROJECT"
# Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST: "openshift-01.company.cloud"
# URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL: "https://urm.company.cloud/repository/component-helm-charts"
# Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY: "imagerepo.company.cloud/k5_components"
# URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL: "https://urm.company.cloud/repository/component-helm-charts/"
# k5 project namespace to install the solution into [mandatory]
K5_PROJECT: "dev-env"
variables:
# ####################################################################################################################
# Pipeline job and service base images (value from config map 'k5-pipeline-image-versions').
# ####################################################################################################################
ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: 'domain-server:7.3.57'
BUILD_BAW_TOOLKIT_IMAGE: 'build-bpm-toolkit@sha256:308c70e7fa192bdf5d95560bb9f79e86256c40f3dc9fb9610a55b180983a5a46'
GENERATE_CODE_TS_IMAGE: 'build-low-code-gen-ts@sha256:0e3b1e740e7d686875cf78796b00570565861b7303b87e8219065d4b7643b3ea'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE: 'k5-domain-server:7.3.57'
GENERATE_CODE_JAVA_IMAGE: 'build-low-code-gen-java@sha256:a77fe2b4f39c69f418c8fe5546f66f4cd2140427f0b375c7b7a9fab2b6e1acdc'
ADO_DS_IMAGE_BASETAG: 7.3.57
UNIT_TEST_IMAGE: 'step-unit-test@sha256:5ff24d3aef99acbe01ad3efaff11cb996644a568b8e86453e0194a206be7c8a7'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11: 'k5-solution-ubi8-openjdk-11:12.2.59'
DEPLOY_SOLUTION_IMAGE: 'step-deploy-solution@sha256:824a95ff42beacad4beb688a8364bb9a7f6fa4e172a6b79afc8149c589e5361d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17: 'k5-solution-ubi8-openjdk-17:12.2.59'
PREPARE_VALIDATE_DESIGN_MODEL_IMAGE: 'design-model-validation@sha256:c97c56c02d163317094f6e197e7c96f56fecf3d8ede0285fad059cbde5632a33'
PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE: 'prepare-denormalize-domain-model@sha256:85355b07bba338f697434b000099f386c474f266660b07e927a4c485df5ab80d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE: 'k5-solution-ubi8-node:12.2.59'
BUILD_CODE_IMAGE: 'step-build-code@sha256:7d395e574b51d0b2d231fb819fdc024da257a806339fb32c43db278d16873ac8'
BUILD_PUBLISH_DOCKER_IMAGE: 'step-pack-solution-docker@sha256:81e9e83f8cd30ddaf4d3b0b070e75f7e59d8ecd8fa13c61ee8aebe0da1aea01d'
HANDLE_VERSION_IMAGE: 'step-handle-version@sha256:cdb11b32641f3f38dda7b64c05b9e51140234e4a0dea8b181cc978af0e20bafd'
PACK_HELM_CHART_IMAGE: 'step-pack-helm-chart@sha256:6bfb3752bec4fa91b70ec5aba26a2dc27411b4a7556f6673e7d8ec7662f35c52'
# ####################################################################################################################
# Security related CI/CD variables (stored in gitlab -> Settings -> CI/CD -> Variables
# ####################################################################################################################
# DOCKER_AUTH_CONFIG: Container registry authentication data for all used container image registries (JSON data structure)
# HELM_REPO_USERNAME: Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
# HELM_REPO_PASSWORD: Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
# OC_LOGIN_TOKEN: Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
# ####################################################################################################################
# Common CI/CD variables
# ####################################################################################################################
# configured container image registry path [mandatory]
IMAGE_REGISTRY: ""
# Acronym of the service project [mandatory]
SOLUTION_ACRONYM: ""
# Name of the used base 'stack' (always 'JAVA')
STACK: "JAVA"
# Node.js configuration to optimize script execution for production environments
# see also: https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production
NODE_ENV: "production"
# Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST: ""
# URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL: ""
# Customized maven settings [optional] (value from secret 'k5-build-settings' and key 'mvnSettings'):
MVN_SETTINGS: ""
# Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY: ""
# Registry, which contains the built solution project image (value from secret 'k5-image-registry-binding' and key 'url')
COMPONENT_IMAGE_REGISTRY: ${SERVICE_PROJECT_IMAGE_REGISTRY}
# ####################################################################################################################
# CI/CD variables for job 'handle-version'
# ####################################################################################################################
# Will check if the current version has already been published or not to prevent previous versions to be overwritten
# unintentionally
UNIQUE_SEMVER_CHECK: "false"
# Defines where uniqueness needs to be enforced by adding the current pipeline id to the version number
ENFORCE_UNIQUENESS: "false"
# Adds a timestamp to pre-release versions to ensure that every commit gets built without manually changing the version
PRE_RELEASE_UNIQUENESS: "false"
# Flag, if unit test feature was activated
UNIT_TEST_FEATURE: "true"
# ####################################################################################################################
# CI/CD variables for job 'build-publish-docker'
# ####################################################################################################################
# Base container image for Java 11 solution projects
ADO_UBI_JDK_IMAGE_11: "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11}"
# Base container image for Java 17 solution projects
ADO_UBI_JDK_IMAGE_17: "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17}"
# ####################################################################################################################
# CI/CD variables for job 'pack-helm-chart'
# ####################################################################################################################
# Flag to enable the push to the configured helm repository
PUBLISH: "false"
# URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL: ""
# Request type to upload the helm chart [optional] (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType').
HELM_REPO_REQUEST_TYPE: ""
# File pattern for the helm chart upload (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern').
HELM_REPO_UPLOAD_FILE_PATTERN: "--upload-file"
# ####################################################################################################################
# CI/CD variables for job 'deploy-solution'
# ####################################################################################################################
# k5 project namespace to install the solution into [mandatory]
K5_PROJECT: ""
# ID of the current pipeline run '${CI_PIPELINE_ID}'
PIPELINE_RUN: ${CI_PIPELINE_ID}
# Internal service project deployment flag (always 'true')
REMOTE_LOGIN_FLAG: "true"
# Internal service project deployment configuration
DEPLOYMENT_CONFIG: "{ 'environment': { 'host': '${K5_PROJECT}.apps.${OPENSHIFT_CLUSTER_HOST}' } }"
# OpenShift login url
OC_LOGIN_URL: "https://api.${OPENSHIFT_CLUSTER_HOST}:6443"
stages:
- k5-validate
- k5-generate-code-java
- k5-build-application-java
- k5-build-publish-docker-java
- k5-build-publish-chart-java
- k5-deploy
########################################################################################################################
#
# job name: handle-version
#
# description: This job will extract the project version number and persist it for the step 'build-publish-docker'.
# parameter:
# NODE_ENV: "production"
# PRE_RELEASE_UNIQUENESS [true|false]: Adds a timestamp to pre-release versions to ensure that every commit gets
# built without manually changing the version
# ENFORCE_UNIQUENESS [true|false]: Defines where uniqueness needs to be enforced by adding the current
# pipeline id to the version number
# UNIQUE_SEMVER_CHECK [true|false]: Will check if the current version has already been published or not to
# prevent previous versions to be overwritten unintentionally
# STACK: Name of the used 'stack'.
# SOLUTION_ACRONYM: Acronym of the service project.
# HELM_REPO_URL: URL of the configured helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'url')
# HELM_REPO_USERNAME: Username for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'username')
# HELM_REPO_PASSWORD: Password for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'password')
handle-version:
stage: k5-validate
image:
name: ${IMAGE_REGISTRY}/${HANDLE_VERSION_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/step-handle-version.sh
- echo "job 'k5-validate' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
#####################################################################################################################
#
# job name: prepare-validate-design-model
#
# description: This job will validate the content of the design model.
# parameter:
# NODE_ENV: "production"
#
prepare-validate-design-model:
stage: k5-generate-code-java
image:
name: ${IMAGE_REGISTRY}/${PREPARE_VALIDATE_DESIGN_MODEL_IMAGE}
script:
- /opt/open-banking-platform/scripts/v2/step-validate-design-model.sh
- echo "job 'prepare-validate-design-model' completed"
#####################################################################################################################
#
# job name: prepare-denormalize-domain-model
#
# description: This job will optimize the content of the design model to prepare the code generation.
# parameter:
# NODE_ENV: "production"
#
prepare-denormalize-domain-model:
stage: k5-generate-code-java
image:
name: ${IMAGE_REGISTRY}/${PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE}
needs:
- prepare-validate-design-model
script:
- /opt/open-banking-platform/scripts/v2/step-denormalize-domain-model.sh
- echo "job 'prepare-denormalize-domain-model' completed"
artifacts:
paths:
- artifacts
#####################################################################################################################
#
# job name: build-baw-toolkit
#
# description: This job will generate a IBM BAW compatible toolkit to access the APIs within process apps.
# parameter:
# NODE_ENV: "production"
#
build-baw-toolkit:
stage: k5-generate-code-java
image:
name: ${IMAGE_REGISTRY}/${BUILD_BAW_TOOLKIT_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/bpm-toolkit-creator.sh
- echo "job 'build-baw-toolkit' completed"
#####################################################################################################################
#
# job name: generate-code
#
# description: This job will generate the source code according to the used stack.
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# MVN_SETTINGS: Customized maven settings
# (value from secret 'k5-build-settings' and key 'mvnSettings')
generate-code:
stage: k5-generate-code-java
image:
name: ${IMAGE_REGISTRY}/${GENERATE_CODE_JAVA_IMAGE}
needs:
- prepare-denormalize-domain-model
script:
- /opt/open-banking-platform/scripts/v1/step-generate-code.sh
- echo "job 'generate-code' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
#####################################################################################################################
#
# job name: build-code
#
# description: This job will build the service project according to the used stack
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# MVN_SETTINGS: Customized maven settings
# (value from secret 'k5-build-settings' and key 'mvnSettings')
build-code:
stage: k5-build-application-java
image:
name: ${IMAGE_REGISTRY}/${BUILD_CODE_IMAGE}
dependencies:
- generate-code
script:
- /opt/open-banking-platform/scripts/v1/step-build-code.sh
- echo "job 'build-code' completed"
needs:
- generate-code
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
#####################################################################################################################
#
# job name: unit-test
#
# description: This job will execute the project specific unit tests according to the used stack
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# UNIT_TEST_FEATURE: Flag, if unit test feature was activated
# MVN_SETTINGS: Customized maven settings
# (value from secret 'k5-build-settings' and key 'mvnSettings')
unit-test:
stage: k5-build-application-java
image:
name: ${IMAGE_REGISTRY}/${UNIT_TEST_IMAGE}
needs:
- build-code
script:
- /opt/open-banking-platform/scripts/v1/step-unit-test.sh
- echo "job 'build-code' completed"
#####################################################################################################################
#
# job name: build-publish-docker
#
# description: This job will pack the solution project into a container image according to the given docker file
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# ADO_UBI_JDK_IMAGE_11: Base container image for Java 11 solution projects
# ADO_UBI_JDK_IMAGE_17: Base container image for Java 17 solution projects
# SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
# (value from secret 'k5-image-registry-binding' and key 'url')
# DOCKER_AUTH_CONFIG: Container registry authentication data. (JSON data structure)
build-publish-docker:
stage: k5-build-publish-docker-java
image:
name: ${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE}
docker:
user: root
script:
- /opt/open-banking-platform/scripts/v1/step-pack-solution-docker.sh
- echo "job 'build-publish-docker' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
needs:
- handle-version
- generate-code
- build-code
#####################################################################################################################
#
# job name: pack-helm-chart
#
# description: This job will pack the solution project into a container image according to the given docker file
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# PUBLISH [true|false]: Flag to enable the push to the configured helm repository
# SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
# (value from secret 'k5-image-registry-binding' and key 'url')
# HELM_REPO_URL: URL of the configured helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'url')
# HELM_REPO_USERNAME: Username for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'username')
# HELM_REPO_PASSWORD: Password for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'password')
# HELM_REPO_UPLOAD_URL: URL of the configured helm upload repository.
# (value from secret 'k5-helm-repo-binding' and key 'uploadUrl')
# HELM_REPO_REQUEST_TYPE: Request type to upload the helm chart
# (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType')
# HELM_REPO_UPLOAD_FILE_PATTERN: File pattern for the helm chart upload
# (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern')
pack-helm-chart:
stage: k5-build-publish-chart-java
image:
name: ${IMAGE_REGISTRY}/${PACK_HELM_CHART_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/step-helm-chart.sh
- echo "job 'pack-helm-chart' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
needs:
- handle-version
- build-publish-docker
#####################################################################################################################
#
# job name: deploy-solution
#
# description: This job will pack the solution project into a container image according to the given docker file
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# K5_PROJECT: k5 project namespace to install the solution into
# PIPELINE_RUN: ID of the current pipeline run '${CI_PIPELINE_ID}'
# COMPONENT_IMAGE_REGISTRY: Registry, which contains the built solution project image
# REMOTE_LOGIN_FLAG: Internal solution deployment flag (always 'true')
# DEPLOYMENT_CONFIG: Internal solution deployment configuration
# OC_LOGIN_URL: OpenShift login url
deploy-solution:
stage: k5-deploy
image: ${IMAGE_REGISTRY}/${DEPLOY_SOLUTION_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/step-deploy-solution.sh
- echo "job 'deploy-solution' completed"
needs:
- handle-version
- build-publish-docker
- pack-helm-chart
TypeScript stack support
This sample shows the content of a .gitlab-ci.yml file to handle a k5 service based on a TypeScript stack.
Please fill all mandatory variables with content regarding your installation, e.g.:
# Container registry authentication data for all used container image registries (JSON data structure)
DOCKER_AUTH_CONFIG: "{ 'auths': { 'imagerepo.company.cloud': { 'username': 'iamapikey', 'password': 'password', 'auth': 'aWFtYXBpa2***' } }"
# Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
HELM_REPO_USERNAME: "helmRepoUser"
# Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
HELM_REPO_PASSWORD: "password"
# Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
OC_LOGIN_TOKEN: "eyJhbGciOi****"
# configured container image registry path [mandatory]
IMAGE_REGISTRY: "imagerepo.company.cloud/k5_release"
# Acronym of the service project [mandatory]
SOLUTION_ACRONYM: "TSDDDPROJECT"
# Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST: "openshift-01.company.cloud"
# URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL: "https://urm.company.cloud/repository/component-helm-charts"
# Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY: "imagerepo.company.cloud/k5_components"
# URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL: "https://urm.company.cloud/repository/component-helm-charts/"
# k5 project namespace to install the solution into [mandatory]
K5_PROJECT: "dev-env"
variables:
# ####################################################################################################################
# Pipeline job and service base images (value from config map 'k5-pipeline-image-versions').
# ####################################################################################################################
ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: 'domain-server:7.3.57'
BUILD_BAW_TOOLKIT_IMAGE: 'build-bpm-toolkit@sha256:308c70e7fa192bdf5d95560bb9f79e86256c40f3dc9fb9610a55b180983a5a46'
GENERATE_CODE_TS_IMAGE: 'build-low-code-gen-ts@sha256:0e3b1e740e7d686875cf78796b00570565861b7303b87e8219065d4b7643b3ea'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE: 'k5-domain-server:7.3.57'
GENERATE_CODE_JAVA_IMAGE: 'build-low-code-gen-java@sha256:a77fe2b4f39c69f418c8fe5546f66f4cd2140427f0b375c7b7a9fab2b6e1acdc'
ADO_DS_IMAGE_BASETAG: 7.3.57
UNIT_TEST_IMAGE: 'step-unit-test@sha256:5ff24d3aef99acbe01ad3efaff11cb996644a568b8e86453e0194a206be7c8a7'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_11: 'k5-solution-ubi8-openjdk-11:12.2.59'
DEPLOY_SOLUTION_IMAGE: 'step-deploy-solution@sha256:824a95ff42beacad4beb688a8364bb9a7f6fa4e172a6b79afc8149c589e5361d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_JDK_IMAGE_17: 'k5-solution-ubi8-openjdk-17:12.2.59'
PREPARE_VALIDATE_DESIGN_MODEL_IMAGE: 'design-model-validation@sha256:c97c56c02d163317094f6e197e7c96f56fecf3d8ede0285fad059cbde5632a33'
PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE: 'prepare-denormalize-domain-model@sha256:85355b07bba338f697434b000099f386c474f266660b07e927a4c485df5ab80d'
BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE: 'k5-solution-ubi8-node:12.2.59'
BUILD_CODE_IMAGE: 'step-build-code@sha256:7d395e574b51d0b2d231fb819fdc024da257a806339fb32c43db278d16873ac8'
BUILD_PUBLISH_DOCKER_IMAGE: 'step-pack-solution-docker@sha256:81e9e83f8cd30ddaf4d3b0b070e75f7e59d8ecd8fa13c61ee8aebe0da1aea01d'
HANDLE_VERSION_IMAGE: 'step-handle-version@sha256:cdb11b32641f3f38dda7b64c05b9e51140234e4a0dea8b181cc978af0e20bafd'
PACK_HELM_CHART_IMAGE: 'step-pack-helm-chart@sha256:6bfb3752bec4fa91b70ec5aba26a2dc27411b4a7556f6673e7d8ec7662f35c52'
# ####################################################################################################################
# Security related CI/CD variables (stored in gitlab -> Settings -> CI/CD -> Variables
# ####################################################################################################################
# DOCKER_AUTH_CONFIG: Container registry authentication data for all used container image registries (JSON data structure)
# HELM_REPO_USERNAME: Username for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'username').
# HELM_REPO_PASSWORD: Password for accessing the helm repository (value from secret 'k5-helm-repo-binding' and key 'password').
# OC_LOGIN_TOKEN: Token for OpenShift (value from secret 'k5-pipeline-sa-dockercfg-*' and key 'password')
# ####################################################################################################################
# Common CI/CD variables
# ####################################################################################################################
# configured container image registry path [mandatory]
IMAGE_REGISTRY: ""
# Acronym of the service project [mandatory]
SOLUTION_ACRONYM: ""
# Name of the used base 'stack' (always 'TYPESCRIPT')
STACK: "TYPESCRIPT"
# Node.js configuration to optimize script execution for production environments
# see also: https://nodejs.org/en/learn/getting-started/nodejs-the-difference-between-development-and-production
NODE_ENV: "production"
# Openshift cluster host name [mandatory]
OPENSHIFT_CLUSTER_HOST: ""
# URL of the configured helm repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'url').
HELM_REPO_URL: ""
# Customized npm settings [optional] (value from secret 'k5-build-settings' and key 'npmSettings'):
NPM_SETTINGS: ""
# Registry, to push the created solution project image to [mandatory] (value from secret 'k5-image-registry-binding' and key 'url')
SERVICE_PROJECT_IMAGE_REGISTRY: ""
# Registry, which contains the built solution project image (value from secret 'k5-image-registry-binding' and key 'url')
COMPONENT_IMAGE_REGISTRY: ${SERVICE_PROJECT_IMAGE_REGISTRY}
# ####################################################################################################################
# CI/CD variables for job 'handle-version'
# ####################################################################################################################
# Will check if the current version has already been published or not to prevent previous versions to be overwritten
# unintentionally
UNIQUE_SEMVER_CHECK: "false"
# Defines where uniqueness needs to be enforced by adding the current pipeline id to the version number
ENFORCE_UNIQUENESS: "true"
# Adds a timestamp to pre-release versions to ensure that every commit gets built without manually changing the version
PRE_RELEASE_UNIQUENESS: "false"
# Flag, if unit test feature was activated
UNIT_TEST_FEATURE: "true"
# ####################################################################################################################
# CI/CD variables for job 'build-publish-docker'
# ####################################################################################################################
# ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: Base images for domain server
# Base images for domain server
ADO_DOMAIN_SERVER_IMAGE: "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_DOMAIN_SERVER_IMAGE}"
# Base container image for node solution projects
ADO_UBI_NODE_IMAGE: "${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE_ADO_UBI_NODE_IMAGE}"
# ####################################################################################################################
# CI/CD variables for job 'pack-helm-chart'
# ####################################################################################################################
# ADO_DS_IMAGE_BASETAG: Domain server base image tag
# Flag to enable the push to the configures helm repository
PUBLISH: "false"
# URL of the configured helm upload repository [mandatory] (value from secret 'k5-helm-repo-binding' and key 'uploadUrl').
HELM_REPO_UPLOAD_URL: ""
# Request type to upload the helm chart [optional] (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType').
HELM_REPO_REQUEST_TYPE: ""
# File pattern for the helm chart upload (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern').
HELM_REPO_UPLOAD_FILE_PATTERN: "--upload-file"
# ####################################################################################################################
# CI/CD variables for job 'deploy-solution'
# ####################################################################################################################
# k5 project namespace to install the solution into [mandatory]
K5_PROJECT: ""
# ID of the current pipeline run '${CI_PIPELINE_ID}'
PIPELINE_RUN: ${CI_PIPELINE_ID}
# Hostname of the configured Keycloak server [mandatory] (value from secret 'configuration-management-client-secret' and key 'hostname')
KEYCLOAK_HOST: ""
# Internal service project deployment flag (always 'true')
REMOTE_LOGIN_FLAG: "true"
# Internal service project deployment configuration
DEPLOYMENT_CONFIG: "{ 'environment': { 'host': '${K5_PROJECT}.apps.${OPENSHIFT_CLUSTER_HOST}' } }"
# OpenShift login url
OC_LOGIN_URL: "https://api.${OPENSHIFT_CLUSTER_HOST}:6443"
stages:
- k5-validate
- k5-generate-code-node
- k5-build-application-node
- k5-build-publish-docker-node
- k5-build-publish-chart-node
- k5-deploy
########################################################################################################################
#
# job name: handle-version
#
# description: This job will extract the project version number and persist it for the step 'build-publish-docker'.
# parameter:
# NODE_ENV: "production"
# PRE_RELEASE_UNIQUENESS [true|false]: Adds a timestamp to pre-release versions to ensure that every commit gets
# built without manually changing the version
# ENFORCE_UNIQUENESS [true|false]: Defines where uniqueness needs to be enforced by adding the current
# pipeline id to the version number
# UNIQUE_SEMVER_CHECK [true|false]: Will check if the current version has already been published or not to
# prevent previous versions to be overwritten unintentionally
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# HELM_REPO_URL: URL of the configured helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'url')
# HELM_REPO_USERNAME: Username for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'username')
# HELM_REPO_PASSWORD: Password for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'password')
handle-version:
stage: k5-validate
image:
name: ${IMAGE_REGISTRY}/${HANDLE_VERSION_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/step-handle-version.sh
- echo "job 'k5-validate' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
#####################################################################################################################
#
# job name: prepare-validate-design-model
#
# description: This job will validate the content of the design model.
# parameter:
# NODE_ENV: "production"
#
prepare-validate-design-model:
stage: k5-generate-code-node
image:
name: ${IMAGE_REGISTRY}/${PREPARE_VALIDATE_DESIGN_MODEL_IMAGE}
script:
- /opt/open-banking-platform/scripts/v2/step-validate-design-model.sh
- echo "job 'prepare-validate-design-model' completed"
#####################################################################################################################
#
# job name: prepare-denormalize-domain-model
#
# description: This job will optimize the content of the design model to prepare the code generation.
# parameter:
# NODE_ENV: "production"
#
prepare-denormalize-domain-model:
stage: k5-generate-code-node
image:
name: ${IMAGE_REGISTRY}/${PREPARE_DENORMALIZE_DOMAIN_MODEL_IMAGE}
needs:
- prepare-validate-design-model
script:
- /opt/open-banking-platform/scripts/v2/step-denormalize-domain-model.sh
- echo "job 'prepare-denormalize-domain-model' completed"
artifacts:
paths:
- artifacts
#####################################################################################################################
#
# job name: build-baw-toolkit
#
# description: This job will generate a IBM BAW compatible toolkit to access the APIs within process apps.
# parameter:
# NODE_ENV: "production"
#
build-baw-toolkit:
stage: k5-generate-code-node
image:
name: ${IMAGE_REGISTRY}/${BUILD_BAW_TOOLKIT_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/bpm-toolkit-creator.sh
- echo "job 'build-baw-toolkit' completed"
#####################################################################################################################
#
# job name: generate-code
#
# description: This job will generate the source code according to the used stack.
# parameter:
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# NPM_SETTINGS: Customized npm settings
# (value from secret 'k5-build-settings' and key 'npmSettings')
generate-code:
stage: k5-generate-code-node
image:
name: ${IMAGE_REGISTRY}/${GENERATE_CODE_TS_IMAGE}
needs:
- prepare-denormalize-domain-model
script:
- export NODE_ENV=
- /opt/open-banking-platform/scripts/v1/step-generate-code.sh
- echo "job 'generate-code' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
#####################################################################################################################
#
# job name: build-code
#
# description: This job will build the service project according to the used stack
# parameter:
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# NPM_SETTINGS: Customized npm settings
# (value from secret 'k5-build-settings' and key 'npmSettings')
build-code:
stage: k5-build-application-node
image:
name: ${IMAGE_REGISTRY}/${BUILD_CODE_IMAGE}
dependencies:
- generate-code
script:
- export NODE_ENV=
- /opt/open-banking-platform/scripts/v1/step-build-code.sh
- echo "job 'build-code' completed"
needs:
- generate-code
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
#####################################################################################################################
#
# job name: unit-test
#
# description: This job will execute the project specific unit tests according to the used stack
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# UNIT_TEST_FEATURE: Flag, if unit test feature was activated
# NPM_SETTINGS: Customized npm settings
# (value from secret 'k5-build-settings' and key 'npmSettings')
unit-test:
stage: k5-build-application-node
image:
name: ${IMAGE_REGISTRY}/${UNIT_TEST_IMAGE}
needs:
- build-code
script:
- export NODE_ENV=
- /opt/open-banking-platform/scripts/v1/step-unit-test.sh
- echo "job 'build-code' completed"
#####################################################################################################################
#
# job name: build-publish-docker
#
# description: This job will pack the solution project into a container image according to the given docker file
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# ADO_DOMAIN_SERVER_IMAGE_TARGET_NAME: Base image for domain server
# ADO_DOMAIN_SERVER_IMAGE: Base image for domain server
# ADO_UBI_NODE_IMAGE: Base container image for node solution projects
# SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
# (value from secret 'k5-image-registry-binding' and key 'url')
# DOCKER_AUTH_CONFIG: Container registry authentication data. (JSON data structure)
build-publish-docker:
stage: k5-build-publish-docker-node
image:
name: ${IMAGE_REGISTRY}/${BUILD_PUBLISH_DOCKER_IMAGE}
docker:
user: root
script:
- /opt/open-banking-platform/scripts/v1/step-pack-solution-docker.sh
- echo "job 'build-publish-docker' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
needs:
- handle-version
- generate-code
- build-code
#####################################################################################################################
#
# job name: pack-helm-chart
#
# description: This job will pack the solution project into a container image according to the given docker file
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# SOLUTION_ACRONYM: Acronym of the service project
# PUBLISH [true|false]: Flag to enable the push to the configured helm repository
# SERVICE_PROJECT_IMAGE_REGISTRY: Registry, to push the created solution project image to
# (value from secret 'k5-image-registry-binding' and key 'url')
# HELM_REPO_URL: URL of the configured helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'url')
# HELM_REPO_USERNAME: Username for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'username')
# HELM_REPO_PASSWORD: Password for accessing the helm repository.
# (value from secret 'k5-helm-repo-binding' and key 'password')
# HELM_REPO_UPLOAD_URL: URL of the configured helm upload repository.
# (value from secret 'k5-helm-repo-binding' and key 'uploadUrl')
# HELM_REPO_REQUEST_TYPE: Request type to upload the helm chart
# (value from secret 'k5-helm-repo-binding' and key 'uploadRequestType')
# HELM_REPO_UPLOAD_FILE_PATTERN: File pattern for the helm chart upload
# (value from secret 'k5-helm-repo-binding' and key 'uploadFilePattern')
# ADO_DS_IMAGE_BASETAG Domain server base image tag
pack-helm-chart:
stage: k5-build-publish-chart-node
image:
name: ${IMAGE_REGISTRY}/${PACK_HELM_CHART_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/step-helm-chart.sh
- echo "job 'pack-helm-chart' completed"
artifacts:
when: on_success
expire_in: 30 days
paths:
- "./"
needs:
- handle-version
- build-publish-docker
#####################################################################################################################
#
# job name: deploy-solution
#
# description: This job will pack the solution project into a container image according to the given docker file
# parameter:
# NODE_ENV: "production"
# STACK: Name of the used 'stack'
# K5_PROJECT: k5 project namespace to install the solution into
# PIPELINE_RUN: ID of the current pipeline run '${CI_PIPELINE_ID}'
# COMPONENT_IMAGE_REGISTRY: Registry, which contains the built solution project image
# REMOTE_LOGIN_FLAG: Internal solution deployment flag (always 'true')
# DEPLOYMENT_CONFIG: Internal solution deployment configuration
# OC_LOGIN_URL: OpenShift login url
deploy-solution:
stage: k5-deploy
image: ${IMAGE_REGISTRY}/${DEPLOY_SOLUTION_IMAGE}
script:
- /opt/open-banking-platform/scripts/v1/step-deploy-solution.sh
- echo "job 'deploy-solution' completed"
needs:
- handle-version
- build-publish-docker
- pack-helm-chart