4.3 KiB
GitLab CI/CD for pcp-ballistics-service
This document describes the pilot GitLab CI/CD setup for pcp-ballistics-service.
It is intentionally scoped to one service so the same structure can be reused later for other services in this monorepo.
Pipeline behavior
The root pipeline is defined in .gitlab-ci.yml and includes the service-specific jobs from .gitlab/ci/pcp-ballistics-service.yml.
Pipeline creation is limited by workflow: rules:
- merge request: create a pipeline only when
pcp-ballistics-serviceor its dependencies changed - push to
dev: create a pipeline only whenpcp-ballistics-serviceor its dependencies changed - push to
master: create a pipeline only whenpcp-ballistics-serviceor its dependencies changed
No deploy jobs are created for merge requests.
Jobs
The pilot flow has four stages:
-
ballistics:testRuns:services:pcp-ballistics-service:testoutside Docker. Publishes JUnit and HTML/JaCoCo reports. -
ballistics:buildRuns:services:pcp-ballistics-service:bootJaroutside Docker. Publishesbuild/libs/*.jaras an artifact. -
ballistics:imageBuilds and pushes the Docker image with Kaniko using the jar artifact from the previous stage. Tags:${CI_COMMIT_SHORT_SHA}${CI_COMMIT_REF_SLUG}-${CI_COMMIT_SHORT_SHA}
-
deploy jobs
ballistics:deploy:devballistics:deploy:master
Both are manual and use Helm:
helm upgrade --install --wait --atomic --timeout.
Branch behavior
dev
Push to dev:
- runs test, build and image jobs
- exposes a manual deploy button to the
devenvironment
master
Push to master:
- runs test, build and image jobs
- exposes a manual deploy button to the
masterenvironment
merge request
Merge request pipeline:
- runs test and build only
- does not create deploy jobs
rules:changes scope
The pilot dependency map for pcp-ballistics-service includes:
services/pcp-ballistics-service/**/*libs/pcp-types-lib/**/*libs/ballistics-lib/**/*config-repo/pcp-ballistics-service.yamlconfig-repo/application*.yaml- Gradle root files and wrapper
- CI files
charts/pcp-ballistics-service/**/*
This is the pattern to reuse later for other services: service directory + direct shared libraries + service config + CI/Helm files.
Helm deploy model
The chart lives in charts/pcp-ballistics-service.
The deployment model is kubeconfig-based, not GitLab Agent-based. This keeps the pilot setup simple and practical. A later migration to GitLab Agent is still possible because deploy logic is already isolated in dedicated jobs.
Required GitLab CI/CD variables
Registry auth uses standard GitLab registry variables:
CI_REGISTRYCI_REGISTRY_USERCI_REGISTRY_PASSWORD
Deploy jobs require:
-
BALLISTICS_KUBE_CONFIG_DEV -
BALLISTICS_KUBE_NAMESPACE_DEV -
BALLISTICS_CONFIG_SERVER_URI_DEV -
BALLISTICS_KUBE_CONTEXT_DEVoptional -
BALLISTICS_CONFIG_LABEL_DEVoptional, defaults tomaster -
BALLISTICS_SPRING_PROFILE_DEVoptional, defaults todev -
BALLISTICS_KUBE_CONFIG_MASTER -
BALLISTICS_KUBE_NAMESPACE_MASTER -
BALLISTICS_CONFIG_SERVER_URI_MASTER -
BALLISTICS_KUBE_CONTEXT_MASTERoptional -
BALLISTICS_CONFIG_LABEL_MASTERoptional, defaults tomaster -
BALLISTICS_SPRING_PROFILE_MASTERoptional, defaults todev
BALLISTICS_KUBE_CONFIG_* must contain base64-encoded kubeconfig content.
Config server and Vault
Runtime secrets are not duplicated in GitLab CI.
The Helm chart only passes bootstrap parameters needed by Spring Cloud Config:
CONFIG_SERVER_URISPRING_PROFILES_ACTIVESPRING_CLOUD_CONFIG_LABELCONFIG_SERVER_FAIL_FAST
pcp-ballistics-service continues to obtain runtime configuration and secrets through spring-cloud-config-server and Vault at runtime.
How to scale this to other services
To onboard another service later:
- create a dedicated
.gitlab/ci/<service>.yml - define that service's
rules:changes - add a dedicated Helm chart
- keep the same stage structure:
test -> build -> image -> manual deploy - keep config-service/Vault integration at runtime, without copying secrets into GitLab