Fix: Enable Gitlab tag pipeline and document release process (Merge p…

…ull request #1472) * Fix errors GitLab is throwing for container_scanning and phpcs-security-audit-sast when running from git tags * Show current version on the Admin dashboard * Add RELEASE_PROCESS documentation * Constrain deployment to live environments to tags pipeline only * Allow operators to select the EC2 types for web, bastion and RDS intances when provisioning an environment Refs: #1416
gigascience · Nov 6, 2023 · 9c012f7 · 9c012f7
2 parents 9b27e63 + e36b5a9
commit 9c012f7
Show file tree

Hide file tree

Showing 34 changed files with 346 additions and 736 deletions.
diff --git a/.gitignore b/.gitignore
@@ -109,3 +109,6 @@ php-conf/appconfig.ini
 
 # config
 params-local.php
+
+# release related artefacts
+VERSION
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
@@ -58,6 +58,11 @@ variables:
 
 image: docker:$DOCKER_VERSION
 
+.tag_only:
+  rules:
+    - if: $CI_COMMIT_TAG
+
+
 include:
   - template: Security/SAST.gitlab-ci.yml
   - template: Security/Container-Scanning.gitlab-ci.yml
@@ -105,7 +110,7 @@ before_script:
   - '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && env | grep "^CI_" > $APPLICATION/.ci_env'
   - '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && env | grep -v "SAST" | grep -v "^DOCKER" | grep -v "^CI" | grep -v "^LOCAL_COMPOSE" | grep -v "^GITLAB" | grep -v "==" | grep -E "^[a-zA-Z0-9_]+=.+" | grep -viE "(password|email|tester|secret|key|user|app_id|client_id|token|tls)" > $APPLICATION/.env'
   - '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && env | grep -v "SAST" | grep -v "^DOCKER" | grep -v "^CI" | grep -v "^LOCAL_COMPOSE" | grep -v "^GITLAB" | grep -v "==" | grep -E "^[a-zA-Z0-9_]+=.+" | grep -v "ANALYTICS_PRIVATE_KEY" | grep -viE "tls" | grep -iE "(password|email|tester|secret|key|user|app_id|client_id|token)" > $APPLICATION/.secrets'
-  - '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && time apk add --no-cache py-pip bash curl jq'
+  - '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && time apk add --no-cache py-pip bash curl jq git'
   # Pin docker-compose version to stop installation error
   - '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && time pip install docker-compose~=1.23.0'
 
@@ -140,7 +145,9 @@ sd_warmcache:
 ld_gigadb:
   variables:
     GIGADB_ENV: "live"
-  extends: .deploy
+  extends: 
+    - .tag_only
+    - .deploy
   stage: live deploy
   tags:
     - $GITLAB_USER_LOGIN
@@ -163,4 +170,6 @@ ld_warmcache:
   needs: ["ld_gigadb"]
   environment:
     name: "live"
-    url: $REMOTE_HOME_URL
+    url: $REMOTE_HOME_URL
+  rules:
+    - if: $CI_COMMIT_TAG
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,11 +4,12 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 
 ## Unreleased
 
+- Fix #1416: Enable Gitlab tag pipeline and document release process
 - Feat #1362: Add "skip to main" link
 - Fix #1444: Make tideways build and deploy automatically for the production staging gigadb website
 - Docs #1421: Update production deployment SOP, investigate terraform state synchronisation issues and create troubleshooting guide for the deployment process
 - Feat #1460: Admin dashboard updated to same more modern look as the public side
-- Fix #1102: On sample admin form, save all valid sample attributes while showing errors for non-existent attributes- Feat #1460: Update admin dashboard styles to modern look
+- Fix #1102: On sample admin form, save all valid sample attributes while showing errors for non-existent attributes
 - Feat #1434: Setup playwright local environment for automated accessibility testing
 - Feat #1443: Make ansible playbooks can execute plays separately by adding tags
 - Fix #1428: Increase resilience of provisioning by extracting saving EC2 IP addresses as standalone bootstrap plays
@@ -32,3 +33,11 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
 - Fix #1338: Enable persistent IP address using EIP for bastion hosts on AWS deployments
 - Feat #580: Provision monitoring infrastructure with Prometheus and Grafana
 - Feat #1282: Upgraded yii1.1 version to `1.1.28`, yii2 version to `2.0.48.1`, postgreSQL engine version to `14.8`, postgreSQL client version to `14`
+
+## v3.1.0 - 2017-01-18 - 83f9cf8
+
+- for historical record
+
+## v3.0.0 - 2016-05-12 - 5d89e0f
+
+- for historical record
diff --git a/docs/CREATE_CENTOS_BASE_BOX.md b/docs/CREATE_CENTOS_BASE_BOX.md