.circleci/config.yml

version: 2.1

# this allows to use CircleCI's dynamic configuration feature
setup: true

orbs:
  gcp-gcr: circleci/gcp-gcr@0.13.0

executors:
  base-cimg-executor:
    docker:
      - image: cimg/base:2022.07
  python-cimg-executor:
    docker:
      - image: cimg/python:3.10.4

commands:
  asdf_install:
    description: "Install tools using ASDF"
    parameters:
      tools:
        type: string
        description:
          "Newline separated list of tools to install. If empty, will install
          everything."
        default: ""
      cache_name:
        type: string
        description: "Name of asdf cache"
        default: "default"
    steps:
      - run:
          name: Install ASDF
          command: |
            git clone https://github.com/asdf-vm/asdf.git ~/.asdf --branch v0.10.2
            printf '\nsource "${HOME}/.asdf/asdf.sh"\n' >> "${BASH_ENV}"
            date +%m > ~/month
            date +%d > ~/day
      # We need to restore ASDF cache after installing, otherwise we will try to clone it to non-empty dir
      - restore_cache:
          name: Restore ASDF cache
          keys:
            - grafana-asdf-cache-v7-{{ checksum "~/month" }}-<<
              parameters.cache_name >>-{{ checksum ".tool-versions" }}
            - grafana-asdf-cache-v7-{{ checksum "~/month" }}-<<
              parameters.cache_name >>-
      - run:
          name: Install ASDF tools
          environment:
            TOOLS: << parameters.tools >>
          command: .circleci/scripts/asdf_install.sh
  asdf_save_cache:
    parameters:
      cache_name:
        type: string
        description: "Name of asdf cache"
        default: "default"
    steps:
      - save_cache:
          name: Save ASDF cache
          key:
            grafana-asdf-cache-v7-{{ checksum "~/month" }}-<<
            parameters.cache_name >>-{{ checksum ".tool-versions" }}
          paths:
            - ~/.asdf
  opsninja_install:
    parameters:
      branch:
        type: string
        default: main
        description: opsninja branch to install from
      fingerprint:
        type: string
        default: 10:d1:92:4e:2a:55:81:c9:82:c2:74:ce:6d:0e:e8:a8  # fluxninja/cloud R/O
        description: What SSH identity to use for accessing opsninja repository
    steps:
      - add_ssh_keys:
          fingerprints:
            - << parameters.fingerprint >>
      - run:
          name: Install opsninja and its dependencies
          command: |
            # We need R/O access to cloud repository to be able to fetch opsninja library
            # FIXME: make "releases" of opsninja library somehow, even as a separate repository
            # to limit exposure.
            export CLOUD_RO_KEY_FINGERPRINT="<< parameters.fingerprint >>"
            export GIT_SSH_COMMAND="ssh -i ~/.ssh/id_rsa_$(echo "${CLOUD_RO_KEY_FINGERPRINT}" | tr -d ':')"
            export SSH_AUTH_SOCK=""
            # Bust asdf cache as our opsninja version is always 0.0.0
            pip uninstall -y opsninja
            pip install 'git+ssh://git@github.com/fluxninja/cloud@<< parameters.branch >>#egg=opsninja&subdirectory=ops/apps/opsninja/'
            which asdf > /dev/null 2>&1 && asdf reshim

jobs:
  release-components:
    executor: base-cimg-executor
    steps:
      - checkout
      - asdf_install:
          cache_name: release
          tools: |-
            python
            gcloud
      - opsninja_install
      - run:
          name: Schedule release jobs
          working_directory: ops/apps/opsninja
          command: fn circleci trigger-release --tag << pipeline.git.tag >>
      - asdf_save_cache:
          cache_name: release
  build-push-add-tag:
    parameters:
      attach-workspace:
        type: boolean
        description: Boolean for whether or not to attach to an existing workspace
        default: false
      docker-context:
        type: string
        description: Path to the directory containing your build context, defaults to .
        default: .
      dockerfile:
        type: string
        description: Name of dockerfile to use, defaults to Dockerfile
        default: Dockerfile
      executor:
        type: executor
        description: executor to use for this job
        default: base-cimg-executor
      extra_build_args:
        type: string
        description: Extra flags to pass to docker build
        default: ""
      image:
        type: string
        description: A name for your Docker image
      path:
        type: string
        description: Path to the directory containing your Dockerfile, defaults to .
        default: .
      remote-docker-version:
        type: string
        description: Specify the remote docker version
        default: 20.10.14
      setup-remote-docker:
        type: boolean
        description: Setup and use CircleCI's remote Docker environment
        default: true
      tag:
        type: string
        description: A Docker image tag
        default: ${CIRCLE_SHA1:0:8}
      target-tag:
        type: string
        description: Additional image tag applied when job runs on fluxninja_micro_frontends branch
        default: latest
      use-docker-layer-caching:
        type: boolean
        description: Setup docker layer caching for optimized build
        default: false
      workspace-root:
        type: string
        description: >
          Workspace root path that is either an absolute path or a path relative
          to the working directory. Defaults to '.' (the working directory)
        default: .
    executor: <<parameters.executor>>
    environment:
      DOCKER_BUILDKIT: 1
    steps:
      - checkout
      - when:
          condition: <<parameters.setup-remote-docker>>
          steps:
            - setup_remote_docker:
                docker_layer_caching: <<parameters.use-docker-layer-caching>>
                version: <<parameters.remote-docker-version>>
      - gcp-gcr/gcr-auth
      - gcp-gcr/build-image:
          attach-workspace: <<parameters.attach-workspace>>
          docker-context: <<parameters.docker-context>>
          dockerfile: <<parameters.dockerfile>>
          extra_build_args: <<parameters.extra_build_args>>
          image: <<parameters.image>>
          path: <<parameters.path>>
          tag: <<parameters.tag>>
          workspace-root: <<parameters.workspace-root>>
      - gcp-gcr/push-image:
          image: <<parameters.image>>
          tag: <<parameters.tag>>
      - when:
          condition:
            equal: [fluxninja_micro_frontends, << pipeline.git.branch >>]
          steps:
            - gcp-gcr/tag-image:
                image: <<parameters.image>>
                source-tag: <<parameters.tag>>
                target-tag: <<parameters.target-tag>>
  update-environment:
    parameters:
      job-root:
        type: string
        default: "/home/circleci"
        description: The root folder of the job where all repositories will be cloned to
      manifests-repo:
        type: string
        default: git@github.com:fluxninja/argo-manifests.git
        description: ArgoCD manifests repository to update
      manifests-branch:
        type: string
        default: tests
        description: Branch to use when pushing deployment changes
      environment-path:
        type: string
        description: Path to the environment to update
      component:
        type: string
        default: ""
        description: Application component to update image and deployment code for
      update:
        type: string
        default: everything
        description: Whether to update 'images', 'deployment-code' or 'everything'
    executor: python-cimg-executor
    steps:
      - add_ssh_keys:
          fingerprints:
            - "f9:49:04:10:b1:77:16:b0:0e:c0:ba:21:0e:9d:fd:40"  # argo-manifests R/W
      - checkout
      - asdf_install:
          cache_name: release
          tools: |-
            python
            gcloud
      - gcp-gcr/gcr-auth
      - opsninja_install
      - run:
          name: Update application in the deployment
          environment:
            JOB_ROOT: << parameters.job-root >>
            UPDATE: << parameters.update >>
            MANIFESTS_BRANCH: << parameters.manifests-branch >>
            MANIFESTS_REPO: << parameters.manifests-repo >>
            COMPONENT: << parameters.component >>
            ENVIRONMENT_PATH: << parameters.environment-path >>
          command: .circleci/scripts/update_environment.sh

workflows:
  version: 2
  build-alpine:
    jobs:
      - build-push-add-tag:
          name: image-build-grafana-alpine
          image: cf-fn/grafana
      - update-environment:
          name: update-demo-environment
          filters:
            branches:
              only:
                - fluxninja_micro_frontends
          requires:
            - image-build-grafana-alpine
          environment-path: environments/demo/
          component: grafana
          update: images
      - update-environment:
          name: update-nightly-environment
          filters:
            branches:
              only:
                - fluxninja_micro_frontends
          requires:
            - image-build-grafana-alpine
          environment-path: environments/nightly/
          component: grafana
          update: images

  release-components:
    when:
      matches: { value: << pipeline.git.tag >>, pattern: "^releases/.+$" }
    jobs:
      - release-components:
          # both this and workflow's when is needed
          filters:
            branches:
              ignore: /.+/
            tags:
              only: /releases\/.+/