How to convert circleci pipeline to gitlab

dport2531 · June 21, 2022, 1:50pm

Hi everyone! I need help with migrating circleci pipeline to gitlab. I read GitLab Docs , but it’s not enough for migration. Below is a copy of my script. Very appreciated for any help. Thank you

version: 2
jobs:
build:
working_directory: ~/sti
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- checkout:
path: ~/sti
- restore_cache:
keys:
- gradle-v2-{{ checksum “build.gradle” }}
- gradle-v2-
- run:
name: Gradle build process.
command: ./gradlew build --refresh-dependencies
- save_cache:
key: gradle-v2-{{ checksum “build.gradle” }}
paths:
- .gradle
- /root/.gradle
- save_cache:
key: build-{{ .Branch }}-{{ .Revision }}
paths:
- ~/sti

deploy-release:
working_directory: /
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:aws-cli
environment:
AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_TAGGING
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_TAGGING
steps:
- run:
name: Retag stage image for prod
command: |
IMAGE_LIST=$(aws ecr --region $AWS_DEFAULT_REGION list-images --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CIRCLE_PROJECT_REPONAME --filter tagStatus=TAGGED | jq .imageIds | jq . | jq .imageTag | grep rc-${CIRCLE_TAG} | sort -n)
LATEST_SG_TAG=echo $IMAGE_LIST | awk '{print $NF}'
MANIFEST=$(aws ecr --region $AWS_DEFAULT_REGION batch-get-image --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CIRCLE_PROJECT_REPONAME --image-ids imageTag=$LATEST_SG_TAG --query ‘images.imageManifest’ --output text)
PROD_TAG=${CIRCLE_TAG////-}.${CIRCLE_BUILD_NUM}
aws ecr --region $AWS_DEFAULT_REGION put-image --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CIRCLE_PROJECT_REPONAME --image-tag $PROD_TAG --image-manifest “$MANIFEST”

deploy-release-candidate:
working_directory: ~/sti/src
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- add_ssh_keys
- restore_cache:
keys:
- build-{{ .Branch }}-{{ .Revision }}
- build-{{ .Branch }}-
- build-
- run: pip3 install awscli
- run:
name: Install Docker client ( we don’t want docker in the container )
command: |
set -x
VER=“17.09.1-ce”
curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
tar -xz -C /tmp -f /tmp/docker-$VER.tgz
mv /tmp/docker/* /usr/bin
chmod +x /usr/bin/dockerd
- run: dockerd &
- setup-docker-engine:
version: 17.11.0-ce
- run: eval $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- run:
name: Build and deploy latest image to ECR
command: |
IMAGE_TAG=${CIRCLE_BRANCH/release//rc-}.${CIRCLE_BUILD_NUM}
docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG …
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG

deploy-branch:
working_directory: ~/sti/src
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- add_ssh_keys
- restore_cache:
keys:
- build-{{ .Branch }}-{{ .Revision }}
- build-{{ .Branch }}-
- build-
- run: pip3 install awscli
- run:
name: Install Docker client ( we don’t want docker in the container )
command: |
set -x
VER=“17.09.1-ce”
curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
tar -xz -C /tmp -f /tmp/docker-$VER.tgz
mv /tmp/docker/* /usr/bin
chmod +x /usr/bin/dockerd
- run: dockerd &
- setup-docker-engine:
version: 17.11.0-ce
- run: eval $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- run:
name: Build and deploy latest image to ECR
command: |
IMAGE_TAG=${CIRCLE_BRANCH////-}
docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG …
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG

deploy-latest:
working_directory: ~/sti/src
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- add_ssh_keys
- restore_cache:
keys:
- build-{{ .Branch }}-{{ .Revision }}
- build-{{ .Branch }}-
- build-
- run: pip3 install awscli
- run:
name: Install Docker client ( we don’t want docker in the container )
command: |
set -x
VER=“17.09.1-ce”
curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
tar -xz -C /tmp -f /tmp/docker-$VER.tgz
mv /tmp/docker/* /usr/bin
chmod +x /usr/bin/dockerd
- run: dockerd &
- setup-docker-engine:
version: 17.11.0-ce
- run: eval $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- run:
name: Build and deploy latest image to ECR
command: |
IMAGE_TAG=latest
docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG …
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG

workflows:
version: 2
build-deploy:
jobs:
- build
- deploy-release:
filters:
tags:
only: /^v./
branches:
ignore: /./
- deploy-release-candidate:
requires:
- build
filters:
tags:
ignore: /./
branches:
only: /^release./
- deploy-branch:
requires:
- build
filters:
branches:
ignore:
- /^master./
- /^release./
- deploy-latest:
requires:
- build
filters:
branches:
only: master

dnsmichi · June 21, 2022, 5:49pm

Hi,

I’d suggest starting small and select one job you’d like to migrate, and then iterate from there. Please also edit your post to use code blocks encapsulated with 3 backticks in Markdown and keep the indent in the config.yaml file - without indent, it is hard to guess which syntax applies in a YAML file.

```
config line 1
config line 2
```

Analyse the first job

Looking at the first job, let’s start analysing while reading the migration docs in parallel. Migrating from CircleCI | GitLab Below steps are marked with # 1) and so on.

version: 2
jobs:
build: # 1) job name in CircleCI, follow https://docs.gitlab.com/ee/ci/migration/circleci.html#jobs 
working_directory: ~/sti
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11 # 2) image path built using cI/CD variables. They need to be specified in the project settings > CI/CD > Variables https://docs.gitlab.com/ee/ci/migration/circleci.html#docker-image-definition 
steps:
- checkout:
path: ~/sti
- restore_cache: # 3) caching - ignore that for now, you can add that later once the pipeline works. https://docs.gitlab.com/ee/ci/caching/ + https://docs.gitlab.com/ee/ci/migration/circleci.html#caching
keys:
- gradle-v2-{{ checksum “build.gradle” }}
- gradle-v2-
- run:
name: Gradle build process. # 4) Job names don't exist in GitLab but you can copy it over into a comment 
command: ./gradlew build --refresh-dependencies # 5) This command will be executed, same as `script` in GitLab https://docs.gitlab.com/ee/ci/migration/circleci.html#jobs
- save_cache:
key: gradle-v2-{{ checksum “build.gradle” }}
paths:
- .gradle
- /root/.gradle
- save_cache:
key: build-{{ .Branch }}-{{ .Revision }}
paths:
- ~/sti

Let’s follow the marked steps above from 1) to 5)

I highly recommend using the pipeline editor to live lint the GitLab CI/CD configuration. Pipeline Editor | GitLab

Job migration, step by step

# 1) Job name
build:
  # 2) Image
  image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
  # 3) cache (later) https://docs.gitlab.com/ee/ci/migration/circleci.html#caching
  # 4) job name as comment or echo in the job output (later)
  # 5) command/script execution
  script:
    - ./gradlew build --refresh-dependencies

Refining the iteration with the job name inline as echo print

# 1) Job name
build:
  # 2) Image
  image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
  # 3) cache (later) https://docs.gitlab.com/ee/ci/migration/circleci.html#caching
  # 4) job name as comment or echo in the job output
  # 5) command/script execution
  script:
    - echo "Starting Gradle build process"
    - ./gradlew build --refresh-dependencies

Adding caching

# global gradle cache between jobs 
cache:
  key: $CI_COMMIT_REF_SLUG
  paths:
    - .gradle

# 1) Job name
build:
  # 2) Image
  image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
  # 3) cache https://docs.gitlab.com/ee/ci/migration/circleci.html#caching 

  # 4) job name as comment or echo in the job output
  # 5) command/script execution
  script:
    - echo "Starting Gradle build process"
    - ./gradlew build --refresh-dependencies

More migration steps

The procedure is the same for all existing jobs - identify the keywords, and migrate them step by step, commit and run from the pipeline editor view.

Note that you don’t need checkout working directories, GitLab runner clones the repository from the server and everything is there upon script command execution. before_script can be helpful to install additional dependencies, if any.

Cheers,
Michael

dport2531 · June 21, 2022, 7:25pm

Thank you

dport2531 · June 21, 2022, 7:26pm

Thank you Michael!

dport2531 · June 23, 2022, 12:01pm

Hi Michael! Sorry bothering you, how to migrate “command” option from circleci to gitlab pipeline? Do I need to use script?

Thank you

dnsmichi · June 23, 2022, 12:07pm

Yes, suggest following the documentation steps for specific keywords, in the above example I’ve also added docs URLs next to the 1) to 5). notes.

dport2531 · June 23, 2022, 12:38pm

Sorry, missed it.

dport2531 · June 28, 2022, 5:13pm

Hi everyone! I migrating from circleci to gitlab ci pipeline and have question about artifacts. In circleci I have script for artifacts, but it’s not located in the main script.

Currently I’m getting this error and possibly it related to artifacts which is missing:

This is a Dockerfile

How to add artifacts to gitlab pipeline script globally, so it will use by any deploy stage in the script. Thank you

dport2531 · July 4, 2022, 2:00pm

Hi Michael! I have a question about workflows. I read circleci migrating to gitlab few times, but still confused. At the end of circleci script I have workflows

How to add this workflow to new gitlab script? Should I use rules?

Thank you!

dnsmichi · July 4, 2022, 5:46pm

Hi,

The equivalent of workflows are stages.
The filters need to be translated in rules.

Also, please share raw text with code blocks, we cannot copy-paste from screenshots which makes answers slow and less detailed. I’ve once reverse-engineered a properly indented config based on the screenshots and initial share to help finish the migration.

Workflow base

Workflows are specified independently of the job definitions. The pattern follows workflows > workflowname > jobs > jobnames as a list > requires (stages) and filters (rules).

workflows:
  version: 2
  build-deploy:
    jobs:
    - build
    - deploy-release:
        filters:
          tags:
            only: /^v./
          branches:
            ignore: /./
    - deploy-release-candidate:
        requires:
          - build
        filters:
          tags:
            ignore: /./
          branches:
            only: /^release./
    - deploy-branch:
        requires:
          - build
        filters:
          branches:
            ignore:
              - /^master./
              - /^release./
    - deploy-latest:
        requires:
        - build
        filters:
          branches:
            only: master

Migration: Workflows and Stages

# Map the stages based on the workflow job dependencies. Stages are executed one after the other. 

# deploy-release does not require "build" (maybe it should and we need to fix the problem of deploying a release where no build has happened)
# deploy-release-candidate requires "build"
# deploy-branch requires "build" 

stages:
  - build
  - test
  - deploy

build:
  stage: build # in build-deploy workflow above
  # ... more job details here, left out for better readability  

deploy-release:
  stage: deploy # requires build to continue 
  # ... more job details here, left out for better readability 

deploy-release-candidate:
  stage: deploy # requires build to continue 
  # ... more job details here, left out for better readability 

deploy-branch: 
  stage: deploy # requires build to continue 
  # ... more job details here, left out for better readability 

deploy-latest: 
  stage: deploy # requires build to continue 
  # ... more job details here, left out for better readability

Migration: Filters and Rules

First step: Copy the filters into the job definitions as a comment and work on changing them one by one. Otherwise, it’s confusing to try to convert them all at once from the global workflow definition.

Open the documentation for job rules with rules: Choose when to run jobs | GitLab

stages:
  - build
  - test
  - deploy

build:
  stage: build 

deploy-release:
  stage: deploy 
#         filters:
#          tags:
#            only: /^v./
#          branches:
#            ignore: /./


deploy-release-candidate:
  stage: deploy  
#         filters:
#          tags:
#            ignore: /./
#        branches:
#            only: /^release./

deploy-branch: 
  stage: deploy 
#         filters:
#          branches:
#            ignore:
#              - /^master./
#              - /^release./


deploy-latest: 
  stage: deploy
#         filters:
#          branches:
#            only: master

Follow the next steps to analyse and migrate the rules of each job.

First job deploy-release

deploy-release:
  stage: deploy 
#         filters:
#          tags:
#            only: /^v./
#          branches:
#            ignore: /./

Conditions:

Match a tag pattern
Ignore branches with a dot (regex may need to be updated to RE2

deploy-release:
  stage: deploy 
    - if: $CI_COMMIT_TAG =~ /^v./
      when: never 
    - if: $CI_COMMIT_REF_NAME =~ /./

Invalid RE2 regex, needs fixes.

deploy-release:
  stage: deploy 
    - if: $CI_COMMIT_TAG =~ /^v\./
      when: never 
    - if: $CI_COMMIT_REF_NAME =~ /\./

Next job deploy-release-candidate

deploy-release-candidate:
  stage: deploy  
#         filters:
#          tags:
#            ignore: /./
#        branches:
#            only: /^release./

Conditions:

Do not run when the tag contains a dot. Not sure about this regex, might need explanations when exactly the job should be run.
Only run on release branches.

deploy-release-candidate:
  stage: deploy  
  rules:
    - if: $CI_COMMIT_TAG =~ /./
      when: never 
    - if: $CI_COMMIT_REF_NAME =~ /^release./

Indeed, the regular expression is not valid, verified in the pipeline editor. In order to match a dot, it needs to be escaped properly.

Also applies to the release regex.

deploy-release-candidate:
  stage: deploy  
  rules:
    - if: $CI_COMMIT_TAG =~ /\./
      when: never 
    - if: $CI_COMMIT_REF_NAME =~ /^release\./

Next job deploy-branch

deploy-branch: 
  stage: deploy 
#         filters:
#          branches:
#            ignore:
#              - /^master./
#              - /^release./

Conditions: Do not run specific branch regex. Use when: never to first match the rule and then tell GitLab to ignore the job run when matched. Example in `.gitlab-ci.yml` keyword reference | GitLab

deploy-branch: 
  stage: deploy 
  rules:
    - if: $CI_COMMIT_REF_NAME =~ /^master./ || $CI_COMMIT_REF_NAME =~ /^release./
      when: never

Regex need the dot escaping too, see the screenshots above with the pipeline editor.

deploy-branch: 
  stage: deploy 
  rules:
    - if: $CI_COMMIT_REF_NAME =~ /^master\./ || $CI_COMMIT_REF_NAME =~ /^release\./
      when: never

Next job deploy-latest

deploy-latest: 
  stage: deploy
#         filters:
#          branches:
#            only: master

Suggest using the CI_DEFAULT_BRANCH variable, this uses what is configured as the default branch in the project settings, and makes migration to main easier.

deploy-latest: 
  stage: deploy
  rules:
    - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

Steps left to do

Follow the learning path in the steps above and understand stages and rules, the knowledge will be helpful when you’ll need to extend the GitLab CI/CD configuration in the future.

I’ve only tested the CI rules for syntax validity; there might be adjustments needed when added to the final pipeline job definitions. Recommend using the Pipeline Editor in the GitLab UI to build and edit the pipeline.

Cheers,
Michael

dport2531 · July 4, 2022, 8:47pm

Hi Michael! Thank you very much for your assistance! Based on your explanation I modified current .gitlab-ci.yml file. I don’t know how to upload an original file, it accepting just images or screenshots. Let me know if that format is correct:

stages:
- build
- deploy # List of stages for jobs, and their order of execution

global gradle cache between jobs

cache:
key: $CI_COMMIT_REF_SLUG
paths:
- .gradle/

1) Job Name build

build:
stage: build
image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
script:
- echo “Starting Gradle build process”
- ./gradlew build --refresh-dependencies
artifacts:
paths:
- build/libs/*.jar

2) Job Name deploy-release

deploy-release:
stage: deploy
image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:aws-cli
script:
- echo “Retag stage image for prod”
- IMAGE_LIST=$(aws ecr --region $AWS_DEFAULT_REGION list-images --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CI_PROJECT_NAME --filter tagStatus=TAGGED | jq .imageIds | jq . | jq .imageTag | grep rc-${CI_COMMIT_TAG} | sort -n)
- LATEST_SG_TAG=echo $IMAGE_LIST | awk '{print $NF}'
- MANIFEST=$(aws ecr --region $AWS_DEFAULT_REGION batch-get-image --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CI_PROJECT_NAME --image-ids imageTag=$LATEST_SG_TAG --query ‘images.imageManifest’ --output text)
- PROD_TAG=${CI_COMMIT_TAG////-}.${CI_JOB_ID}
- aws ecr --region $AWS_DEFAULT_REGION put-image --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CI_PROJECT_NAME --image-tag $PROD_TAG --image-manifest “$MANIFEST”
rules:
- if: $CI_COMMIT_TAG =~ /^v./
when: never
- if: $CI_COMMIT_REF_NAME =~ /./

3) Job Name deploy-release-candidate

deploy-release-candidate:
stage: deploy
image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
script:
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- echo “Build and deploy latest image to ECR”
- IMAGE_TAG=${CI_COMMIT_BRANCH/release//rc-}.${CI_ID_JOB}
- docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CI_PROJECT_NAME:$IMAGE_TAG .
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CI_PROJECT_NAME:$IMAGE_TAG
rules:
- if: $CI_COMMIT_TAG =~ /./
when: never
- if: $CI_COMMIT_REF_NAME =~ /^release./

4) Job Name deploy-branch

deploy-branch:
stage: deploy
image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
script:
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- echo “Build and deploy latest image to ECR”
- IMAGE_TAG=${CI_COMMIT_BRANCH////-}
- docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CI_PROJECT_NAME:$IMAGE_TAG .
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CI_PROJECT_NAME:$IMAGE_TAG
rules:
- if: $CI_COMMIT_REF_NAME =~ /^master./ || $CI_COMMIT_REF_NAME =~ /^release./
when: never

4) Job Name deploy-latest

deploy-latest:
stage: deploy
image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
script:
- aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com
- echo “Build and deploy latest image to ECR”
- IMAGE_TAG=latest
- docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CI_PROJECT_NAME:$IMAGE_TAG .
- docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CI_PROJECT_NAME:$IMAGE_TAG
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH

============================================================================

This is a circleci file:

version: 2
jobs:
build:
working_directory: ~/sti
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- checkout:
path: ~/sti
- restore_cache:
keys:
- gradle-v2-{{ checksum “build.gradle” }}
- gradle-v2-
- run:
name: Gradle build process.
command: ./gradlew build --refresh-dependencies
- save_cache:
key: gradle-v2-{{ checksum “build.gradle” }}
paths:
- .gradle
- /root/.gradle
- save_cache:
key: build-{{ .Branch }}-{{ .Revision }}
paths:
- ~/sti

deploy-release:
working_directory: /
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:aws-cli
environment:
AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID_TAGGING
AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY_TAGGING
steps:
- run:
name: Retag stage image for prod
command: |
IMAGE_LIST=$(aws ecr --region $AWS_DEFAULT_REGION list-images --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CIRCLE_PROJECT_REPONAME --filter tagStatus=TAGGED | jq .imageIds | jq . | jq .imageTag | grep rc-${CIRCLE_TAG} | sort -n)
LATEST_SG_TAG=echo $IMAGE_LIST | awk '{print $NF}'
MANIFEST=$(aws ecr --region $AWS_DEFAULT_REGION batch-get-image --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CIRCLE_PROJECT_REPONAME --image-ids imageTag=$LATEST_SG_TAG --query ‘images.imageManifest’ --output text)
PROD_TAG=${CIRCLE_TAG////-}.${CIRCLE_BUILD_NUM}
aws ecr --region $AWS_DEFAULT_REGION put-image --registry-id $AWS_ACCOUNT_ID --repository-name sti/$CIRCLE_PROJECT_REPONAME --image-tag $PROD_TAG --image-manifest “$MANIFEST”

deploy-release-candidate:
working_directory: ~/sti/src
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- add_ssh_keys
- restore_cache:
keys:
- build-{{ .Branch }}-{{ .Revision }}
- build-{{ .Branch }}-
- build-
- run: pip3 install awscli
- run:
name: Install Docker client ( we don’t want docker in the container )
command: |
set -x
VER=“17.09.1-ce”
curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
tar -xz -C /tmp -f /tmp/docker-$VER.tgz
mv /tmp/docker/* /usr/bin
chmod +x /usr/bin/dockerd
- run: dockerd &
- setup-docker-engine:
version: 17.11.0-ce
- run: eval $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- run:
name: Build and deploy latest image to ECR
command: |
IMAGE_TAG=${CIRCLE_BRANCH/release//rc-}.${CIRCLE_BUILD_NUM}
docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG …
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG

deploy-branch:
working_directory: ~/sti/src
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- add_ssh_keys
- restore_cache:
keys:
- build-{{ .Branch }}-{{ .Revision }}
- build-{{ .Branch }}-
- build-
- run: pip3 install awscli
- run:
name: Install Docker client ( we don’t want docker in the container )
command: |
set -x
VER=“17.09.1-ce”
curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
tar -xz -C /tmp -f /tmp/docker-$VER.tgz
mv /tmp/docker/* /usr/bin
chmod +x /usr/bin/dockerd
- run: dockerd &
- setup-docker-engine:
version: 17.11.0-ce
- run: eval $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- run:
name: Build and deploy latest image to ECR
command: |
IMAGE_TAG=${CIRCLE_BRANCH////-}
docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG …
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG

deploy-latest:
working_directory: ~/sti/src
docker:
- image: $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/base:jdk-11
steps:
- add_ssh_keys
- restore_cache:
keys:
- build-{{ .Branch }}-{{ .Revision }}
- build-{{ .Branch }}-
- build-
- run: pip3 install awscli
- run:
name: Install Docker client ( we don’t want docker in the container )
command: |
set -x
VER=“17.09.1-ce”
curl -L -o /tmp/docker-$VER.tgz https://download.docker.com/linux/static/stable/x86_64/docker-$VER.tgz
tar -xz -C /tmp -f /tmp/docker-$VER.tgz
mv /tmp/docker/* /usr/bin
chmod +x /usr/bin/dockerd
- run: dockerd &
- setup-docker-engine:
version: 17.11.0-ce
- run: eval $(aws ecr get-login --region $AWS_DEFAULT_REGION --no-include-email)
- run:
name: Build and deploy latest image to ECR
command: |
IMAGE_TAG=latest
docker build -t $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG …
docker push $AWS_ACCOUNT_ID.dkr.ecr.$AWS_DEFAULT_REGION.amazonaws.com/sti/$CIRCLE_PROJECT_REPONAME:$IMAGE_TAG

workflows:
version: 2
build-deploy:
jobs:
- build
- deploy-release:
filters:
tags:
only: /^v./
branches:
ignore: /./
- deploy-release-candidate:
requires:
- build
filters:
tags:
ignore: /./
branches:
only: /^release./
- deploy-branch:
requires:
- build
filters:
branches:
ignore:
- /^master./
- /^release./
- deploy-latest:
requires:
- build
filters:
branches:
only: master