Gitlab CI
Integrate with Gitlab CI for storing and retrieving passwords, certificates and other sensitive information during the CI/DC process
A couple of setups are needed to use Onboardbase in a Gitlab CI environment.
First, you must create a project on Onboardbase and set up the required environments. This guide will assume three environments: build, development, and production.
Head over to your Gitlab Project, under Settings > CICD > Variables Section
Create a new variable called ONBOARDBASE_TOKEN
, and use a service token generated from here as the value
Next, on GitlabCI YAML config, use a runner that supports NodeJS or add an installation command to your before script from onboardbase.sh, that installs Onboardbase:
before_script:
- curl -Ss https://files.onboardbase.com/install.sh | bash - && source ~/.bashrc
- onboardbase config:set --token=$ONBOARDBASE_TOKEN --scope /
Now, create a folder called ci-scripts
in your project root folder and add as many stages as required. In this guide, we would assume a build and deploy stage and two deploy environments(deploy and build).
mkdir ci-scripts
touch ./ci-scripts/{build,deploy-dev,deploy-prod}.sh // create build.sh, deploy-dev.sh, deploy-prod.sh
chmod +x ./ci-scripts/{build,deploy-dev,deploy-prod}.sh // makes the files executable
# save the below in every file
# !#/bin/bash
# printenv
# twoline to do everything above
mkdir ci-scripts
for i in ci-scripts/{build,deploy-dev,deploy-prod}.sh; do touch $i; chmod +x $i; echo -e $'!#/bin/sh\n\nprintenv' > $i; done;
# test the script
cat ci-scripts/build.sh
cat ci-script/deploy-dev.sh
cat ci-scripts/deploy-prod.sh
We need to set up the pipelines and stages. Start with a build stage.
Firstly, we set the context for the CLI by pointing the project name and environment to what we have set up on Onboardbase.
Now extend the gitlab-ci.yml
with the section below:
build_project:
stage: build
script:
- onboardbase config:set -scope / -p $ONBOARDBASE_PROJECT_NAME -e $ONBOARDBASE_BUILD_ENVIRONMENT
- onboardbase run "./ci-scripts/build.sh"
This should ensure that once a new push is made to the repo, the build stage runs by running the ci-scripts/build.sh
script with the right environment variables from Onboardbase.
Next, we set up the build-dev stage, which runs the build-dev.sh
script when there is a change in the dev branch on Gitlab.
Extend the gitlab-ci.yml
with the below yaml config.
deploy_dev:
stage: deploy
script:
- onboardbase config:set -scope / -p $ONBOARDBASE_PROJECT_NAME -e $ONBOARDBASE_DEVELOPMENT_ENVIRONMENT
- onboardbase run './ci-scripts/deploy-dev.sh'
only:
- dev
We would do the same thing for the production environment, only changing the script, environment, and branch name.
deploy_prod:
stage: deploy
script:
- onboardbase config:set -scope / -p $ONBOARDBASE_PROJECT_NAME -e $ONBOARDBASE_PRODUCTION_ENVIRONMENT
- onboardbase run './ci-scripts/deploy-prod.sh'
only:
- main
The final script would look like this:
image: centos:alpine
stages:
- build
- deploy
cache:
paths:
- node_modules/
before_script:
- curl -Ss https://files.onboardbase.com/install.sh | bash - && source ~/.bashrc
- onboardbase config:set --token=$ONBOARDBASE_TOKEN --scope /
build_project:
stage: build
script:
- onboardbase run "./ci-scripts/build.sh" -p $BUILD_PROJECT_NAME -e $BUILD_ENVIRONMENT
deploy_dev:
stage: deploy
script:
- onboardbase run './ci-scripts/deploy-dev.sh' -p $ONBOARDBASE_PROJECT_NAME -e $ONBOARDBASE_DEVELOPMENT_ENVIRONMENT
only:
- dev
deploy_prod:
stage: deploy
script:
- onboardbase run './ci-scripts/deploy-prod.sh' -p $ONBOARDBASE_PROJECT_NAME -e $ONBOARDBASE_PRODUCTION_ENVIRONMENT
only:
- master
NB: You can execute commands without pulling the files to a bash script. Having the commands in the script ensures the scripts are testable outside the CI environment and more maintainable. So, the onboardbase run ./ci-scripts/deploy-prod.sh
can still be onboardbase run 'printenv'
Updated about 2 months ago