Versions Compared

Old Version 3

changes.mady.by.user Jonathan Coles (CSCS)

Saved on

compared with

New Version Current

changes.mady.by.user Andreas Fink (CSCS)

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Page properties
hiddentrue
MaintainerVCUE
Last Reviewed

 

Reviewed by

Jonathan Coles (CSCS) 

Status

Status
colourBlue
titleKB PUBLIC

Table of Contents

Introduction

...

  1. Register your project with CSCS: The first step to use containerized CI/CD is to register your Git repository with CSCS. Please open an Service Desk ticket for this step. Once your project has been registered you will be provided with a webhook-secret.
  2. Set up CI: Head to the CI overview page, login with your CSCS credentials, and go to the newly registered project.
  3. Add FirecREST tokens: Open the Admin config, and follow the guide (click on the small black triangle next to Firecrest client ID). Enter all fields for FirecREST, i.e., client-id, client-secret and default Slurm account for job submission. (If you don't already know how to obtain FirecREST credentials, you can find more information on How to create FirecREST clients on the Developer Portal.)
  4. (Optional) Private project: If your Git repository is a private repository make sure to check the Private repository box and follow the instructions to add an SSH key to your Git repository.
  5. Add notification token: On the setup page you will also find the field Notification token. The token is live tested, and you will see a green checkmark when the token is valid and can be used by the CI. It is mandatory to add a token so that your Git repository will be notified about the status of the build jobs. You cannot save anything as long as the notification token is invalid. (Click on the small triangle to get further instructions)
  6. Add webhook: On the setup page you will find the Setup webhook details button. If you click on it you will see all the entries which have to be added to a new webhook in your Git repository. Follow the link given there to your repository, and add the webhook with the given entries.
  7. Default trusted users and default CI-enabled branches: Provide the default list of trusted users and CI-enabled branches. The global configuration will apply to all pipelines that do not overwrite it explicitly.
  8. Pipeline default: Your first pipeline has the name default. Click on Pipeline default to see the pipeline setup details. The name can be chosen freely but it cannot contain whitespaces (a short descriptive name). Update the entry point, trusted users and CI-enabled branches.
  9. Submit your changes
  10. (Optional) Add other pipelines: Add other pipelines with a different entry point if you need more pipelines.
  11. Add entry point yaml files to Git repository: Commit the yaml entry point files to your repository. You should get notifications about the build status in your repository if everything is correct. See the Hello World Tutorial for a simple yaml-file.

...

  • Send a POST request to the middleware curl -X POST -u 'repository_id:webhook_secret' --data-binary @data.yaml https://cicd-ext-mw.cscs.ch/ci/pipeline/trigger - replace repository_id and webhook_secret with your credentials
  • To trigger a pull-request use ref: 'pr:<pr-number> 
  • To trigger a tag use ref: 'tag:<tag-name> 
  • To trigger on a specific commit SHA use ref: 'sha:<commit-sha>' 

Understanding the underlying workflow

...

Many variables exist during a pipeline run, they are documented at Gitlab's predefined variables. Additionally to CI variables available through Gitlab, there are a few CSCS specific pipeline variables:

Variable

Value

Additional information

CSCS_REGISTRY

jfrog.svc.cscs.ch

CSCS internal registry, preferred registry to store your container images

CSCS_REGISTRY_PATH 

jfrog.svc.cscs.ch/docker-ci-ext/<repository-id>

The prefix path in the CSCS internal container image registry, to which your pipeline has write access. Within this prefix, you can choose any directory structure. Images that are pushed to a path matching **/public/** , can be pulled by anybody within CSCS network

CSCS_CI_MW_URL

https://cicd-ext-mw.cscs.ch/ci

The URL of the middleware, the orchestrator software.

CSCS_CI_DEFAULT_SLURM_ACCOUNT

d123

The project to which accounting will go to. It is set up on the CI setup page in the Admin section. It can be overwritten via SLURM_ACCOUNT for individual jobs.

CSCS_CI_ORIG_CLONE_URL

https://github.com/my-org/my-project (public project)

git@github.com:my-org/my-project (private project)

Clone URL for git. This is needed for some implementation details of the gitlab-runner custom executor. This is the clone URL of the registered project, i.e. this is not the clone URL of the mirror project.

Example projects

Here are a couple of projects which use this CI setup. Please have a look there for more advanced usage:

...