Differences

This shows you the differences between two versions of the page.

--- devops:ci [2022/03/22 09:22] – created robberth
+++ devops:ci [2022/09/02 14:04] (current) – external edit 127.0.0.1
@@ Line 1: / Line 1: @@
 ====== Continuous Integration (CI) ======
+===== Introduction =====
 The basic idea of CI is that whenever you push a commit, tests start running automatically on some server. \\
 If the tests pass, you have a bit more confidence that the code that you pushed doesn't break other things in the codebase. \\
@@ Line 10: / Line 10: @@
+===== Authorization to clone git repos =====
+Just like a normal git user, the CI pipeline also needs to prove it has the authority to clone a repository. \\
+As we know, there are 2 main ways to do that: over HTTPS (user/password), or over SSH (private/public key). \\
+In our case, the rosinstall files are defined using SSH (git@someurl), so that is what's used in the CI as well. \\
+=== SSH ===
+Best practice is to use [[https://docs.gitlab.com/ee/user/project/deploy_keys/index.html|deploy keys]] and put the private key in the [[https://docs.gitlab.com/ee/ci/variables/index.html#add-a-cicd-variable-to-a-project|CI variables]]. This is what we are doing.
+=== HTTPS ===
+You can use the environment variable $CI_JOB_TOKEN for free. It's included. You don't have to do anything.
+<code yaml>
+some_early_stage:
+  script:
+    - git clone https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.instance/group/project.git
+</code>
+==== Propagating CI triggers ====
+We want the main pipeline to be triggered if a commit happens in ANY of the repositories that the pipeline depends on. \\
+This can be achieved by putting the following ''.gitlab-ci.yml'' in each of those repos, in the right branch of course (i.e. the branch the pipeline uses).
+<code yaml>
+trigger-main:
+  trigger:
+    project: robotlab/heron/heron-ci
+    branch: main
+    strategy: depend
+</code>
+I learned that here: https://docs.gitlab.com/ee/ci/pipelines/multi_project_pipelines.html