Add CI configuration for Kubernetes

Configure Gitlab CI to run on Kubernetes
according to the official documentation.
https://docs.gitlab.com/ee/ci/docker/using_docker_build.html#docker-in-docker-with-tls-enabled-in-kubernetes

These changes are needed because of the CI jobs
using Docker-in-Docker (dind).
As soon as Docker-in-Docker is replaced with Kaniko,
these changes can be reverted.

I documented what I did to set up the Kubernetes runner on the wiki:
https://wiki.qemu.org/Testing/CI/KubernetesRunners

Signed-off-by: Camilla Conte <cconte@redhat.com>
Message-Id: <20230407145252.32955-1-cconte@redhat.com>
Signed-off-by: Richard Henderson <richard.henderson@linaro.org>

diff --git a/.gitlab-ci.d/container-template.yml b/.gitlab-ci.d/container-template.yml
index 519b8a94822fd7d43091b50a3e5371f9b6b894ed..f55a9547410a6a80b332d8dff8e3eaa7873b64c6 100644 (file)
--- a/.gitlab-ci.d/container-template.yml
+++ b/.gitlab-ci.d/container-template.yml
@@ -1,14 +1,14 @@
 .container_job_template:
   extends: .base_job_template
-  image: docker:stable
+  image: docker:20.10.16
   stage: containers
   services:
-    - docker:dind
+    - docker:20.10.16-dind
   before_script:
     - export TAG="$CI_REGISTRY_IMAGE/qemu/$NAME:latest"
     - export COMMON_TAG="$CI_REGISTRY/qemu-project/qemu/qemu/$NAME:latest"
     - apk add python3
-    - docker info
+    - until docker info; do sleep 1; done
     - docker login $CI_REGISTRY -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD"
   script:
     - echo "TAG:$TAG"

diff --git a/.gitlab-ci.d/default.yml b/.gitlab-ci.d/default.yml
new file mode 100644 (file)
index 0000000..292be8b
--- /dev/null
+++ b/.gitlab-ci.d/default.yml
@@ -0,0 +1,3 @@
+default:
+  tags:
+    - $RUNNER_TAG

diff --git a/.gitlab-ci.d/opensbi.yml b/.gitlab-ci.d/opensbi.yml
index 9a651465d8a17cf52bb605732b31805412ae4387..5b0b47b57ba8a3a4eef531d01b8020e756a66b1f 100644 (file)
--- a/.gitlab-ci.d/opensbi.yml
+++ b/.gitlab-ci.d/opensbi.yml
@@ -42,17 +42,15 @@
 docker-opensbi:
   extends: .opensbi_job_rules
   stage: containers
-  image: docker:stable
+  image: docker:20.10.16
   services:
-    - docker:stable-dind
+    - docker:20.10.16-dind
   variables:
     GIT_DEPTH: 3
     IMAGE_TAG: $CI_REGISTRY_IMAGE:opensbi-cross-build
-    # We don't use TLS
-    DOCKER_HOST: tcp://docker:2375
-    DOCKER_TLS_CERTDIR: ""
   before_script:
     - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
+    - until docker info; do sleep 1; done
   script:
     - docker pull $IMAGE_TAG || true
     - docker build --cache-from $IMAGE_TAG --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA

diff --git a/.gitlab-ci.d/qemu-project.yml b/.gitlab-ci.d/qemu-project.yml
index a7ed447fe487ec23de12f6b4adf45ba77e596c81..57b175f5c23998e557e84aba513112f9e1046379 100644 (file)
--- a/.gitlab-ci.d/qemu-project.yml
+++ b/.gitlab-ci.d/qemu-project.yml
@@ -1,7 +1,24 @@
 # This file contains the set of jobs run by the QEMU project:
 # https://gitlab.com/qemu-project/qemu/-/pipelines
 
+variables:
+  RUNNER_TAG: ""
+
+workflow:
+  rules:
+    # Set additional variables when running on Kubernetes.
+    # https://wiki.qemu.org/Testing/CI/KubernetesRunners
+    - if: $RUNNER_TAG == "k8s"
+      variables:
+        DOCKER_HOST: tcp://docker:2376
+        DOCKER_TLS_CERTDIR: "/certs"
+        DOCKER_TLS_VERIFY: 1
+        DOCKER_CERT_PATH: "$DOCKER_TLS_CERTDIR/client"
+    # Run the pipeline in other cases.
+    - when: always
+
 include:
+  - local: '/.gitlab-ci.d/default.yml'
   - local: '/.gitlab-ci.d/base.yml'
   - local: '/.gitlab-ci.d/stages.yml'
   - local: '/.gitlab-ci.d/opensbi.yml'