diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e223ab42b703e513d892cce7eb053c388635824e..be177c155a1a8842977af49df39110175f389439 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -33,8 +33,9 @@ stages: - test - release - runway_staging + - e2e-gstg - runway_production - - e2e + - e2e-gprd .scanners: &scanners stage: verify @@ -128,7 +129,7 @@ publish-image: # End-to-end test with a WIF pool that is set up to use the glgo production instance as OIDC provider. .e2e-gprd: image: gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine - stage: e2e + stage: e2e-gprd identity: google_cloud script: - gcloud config set project $GOOGLE_CLOUD_PROJECT_ID @@ -146,3 +147,36 @@ gprd-nightly: needs: [] rules: - if: $CI_PIPELINE_SOURCE == "schedule" && $E2E_NIGHTLY_RUN == "true" + +gstg-post-deploy: + image: gcr.io/google.com/cloudsdktool/google-cloud-cli:alpine + stage: e2e-gstg + needs: [] # TODO: remove before merge + services: + - name: registry.gitlab.com/gitlab-org/architecture/gitlab-gcp-integration/glgo/glgo-token-service:v0.2.0 + alias: sts + identity: google_cloud + id_tokens: + GITLAB_WLIF_TOKEN: + aud: https://glgo.staging.runway.gitlab.net + variables: + GITLAB_WLIF_ENDPOINT: https://glgo.staging.runway.gitlab.net + GITLAB_WLIF_TOKEN_FILE: "${CI_PROJECT_DIR}.tmp/GITLAB_WLIF_TOKEN" + before_script: + - TMPDIR=$(mktemp -d) + - | + echo '{ + "type": "external_account", + "audience": "//iam.googleapis.com/projects/604150606412/locations/global/workloadIdentityPools/glgo-e2e-ci-testing/providers/gstg", + "subject_token_type": "urn:ietf:params:oauth:token-type:id_token", + "token_url": "https://sts.googleapis.com/v1/token", + "credential_source": { + "url": "http://sts:8083/" + } + }' > $TMPDIR/config.json + - cat $TMPDIR/config.json + - echo "${GITLAB_WLIF_TOKEN}" > "${GITLAB_WLIF_TOKEN_FILE}" + - gcloud auth login --cred-file=$TMPDIR/config.json + script: + - gcloud config set project $GOOGLE_CLOUD_PROJECT_ID + - gcloud compute zones list --limit 1