CI/CD Pipeline

mr-check: extends: .mr_check_dotnet rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'

build-dev: extends: .docker_build_all variables: IMAGE_TAG: dev rules: - if: '$CI_COMMIT_REF_NAME == $DEV_BRANCH' build-uat: extends: .docker_build_all variables: IMAGE_TAG: uat rules: - if: '$CI_COMMIT_REF_NAME == $UAT_BRANCH' when: manual build-prod: extends: .docker_build_all variables: IMAGE_TAG: ${CI_COMMIT_TAG:-latest} rules: - if: '$CI_COMMIT_TAG' when: manual

deploy-dev: extends: .helm_deploy_dev needs: [build-dev] rules: - if: '$ENABLE_DEV_DEPLOY == "true"' deploy-prod: extends: .helm_deploy_prod needs: [build-prod] rules: - if: '$ENABLE_PROD_DEPLOY == "true"' when: manual

# pfl01y25-be-app/.gitlab-ci.yml include: - project: 'shining-tree/devops/ci-templates' ref: develop file: 'pipelines/dotnet-service.yml' - project: 'shining-tree/devops/ci-templates' ref: develop file: 'jobs/gitops-update.yml' default: tags: - pfl-docker variables: SERVICE_NAME: "pfl-be-api" HELM_RELEASE_NAME: "pfl-be-api" # Registry REGISTRY_URL: "registry.shiningtree.co" IMAGE_PATH: "photo-flow/backend/pfl01y25-be-app" # Components ENABLE_API_COMPONENT: "true" ENABLE_GRPC_COMPONENT: "false" # Helm Chart HELM_CHART_OCI: "oci://registry.gitlab.com/nextera-devops/nera-helm-chart/helm/shin-service" HELM_CHART_VERSION: "1.0.0" # Values files DEV_VALUES_FILE: "devops/IaC/environments/dev.yaml" UAT_VALUES_FILE: "devops/IaC/environments/uat.yaml" PROD_VALUES_FILE: "devops/IaC/environments/prod.yaml" # Branches DEV_BRANCH: "develop" UAT_BRANCH: "uat" PROD_BRANCH_PRIMARY: "main" # Namespaces DEV_NAMESPACE: "photoflow-dev" UAT_NAMESPACE: "photoflow-uat" PROD_NAMESPACE: "photoflow" # Toggle ENABLE_DEV_DEPLOY: "true" ENABLE_PROD_DEPLOY: "true"

# pfl01y25-fe-web/.gitlab-ci.yml include: - project: 'shining-tree/devops/ci-templates' ref: develop file: 'pipelines/angular-app.yml' variables: SERVICE_NAME: "pfl-fe-web" IMAGE_PATH: "photo-flow/frontend/pfl01y25-fe-web" DEV_NAMESPACE: "photoflow-dev"

# Auto-compute IMAGE_TAG from DEPLOY_ENV case "$DEPLOY_ENV" in dev) IMAGE_TAG="dev" ;; beta) IMAGE_TAG="beta" ;; uat) IMAGE_TAG="uat" ;; prod) IMAGE_TAG="${CI_COMMIT_TAG:-latest}" ;; esac # Resolve namespace case "$DEPLOY_ENV" in dev) NAMESPACE="${DEV_NAMESPACE}" ;; uat) NAMESPACE="${UAT_NAMESPACE}" ;; prod) NAMESPACE="${PROD_NAMESPACE}" ;; esac # Helm deploy helm upgrade --install $HELM_RELEASE_NAME $CHART \ -n $NAMESPACE \ -f $HELM_VALUES_BASE/_global.yaml \ -f $HELM_VALUES_BASE/_ingress.yaml \ -f $HELM_VALUES_BASE/environments/$DEPLOY_ENV.yaml \ --set image.tag="$IMAGE_TAG" \ --set image.repository="$IMAGE_REPO"

devops/IaC/ ├── _global.yaml # Global settings ├── _ingress.yaml # Ingress configuration ├── _containers/ # Container definitions │ ├── api.yaml │ └── worker.yaml └── environments/ ├── dev.yaml # Dev overrides ├── uat.yaml # UAT overrides └── prod.yaml # Production settings

# List releases helm history $HELM_RELEASE_NAME -n $NAMESPACE # Rollback to previous helm rollback $HELM_RELEASE_NAME -n $NAMESPACE # Rollback to specific revision helm rollback $HELM_RELEASE_NAME 5 -n $NAMESPACE

# View rollout history kubectl rollout history deployment/$DEPLOY_NAME -n $NAMESPACE # Rollback to previous kubectl rollout undo deployment/$DEPLOY_NAME -n $NAMESPACE # Rollback to specific revision kubectl rollout undo deployment/$DEPLOY_NAME --to-revision=2 -n $NAMESPACE

# Check pipeline status gitlab-runner status # View pod logs kubectl logs -n $NAMESPACE deployment/$DEPLOY_NAME # Check Helm release helm get values $HELM_RELEASE_NAME -n $NAMESPACE # Describe failing pod kubectl describe pod -n $NAMESPACE -l app=$DEPLOY_NAME

container-scan: stage: check image: aquasec/trivy:latest script: - trivy image --severity HIGH,CRITICAL $IMAGE_NAME:$IMAGE_TAG