feat: enable gitlab promethues and add grafana #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Infrastructure CI/CD pipeline | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| paths-ignore: ["**/*.md"] | |
| pull_request: | |
| branches: [ "main" ] | |
| paths-ignore: ["**/*.md"] | |
| workflow_dispatch: | |
| jobs: | |
| Test-Scan-Apply-infrastructure: | |
| env: | |
| ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }} | |
| ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }} | |
| ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }} | |
| ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }} | |
| TF_VAR_ssh_pub_key_file: "./id_rsa.pub" | |
| TF_VAR_admin_user: "ubuntu" | |
| defaults: | |
| run: | |
| working-directory: ./infrastructure | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Init | |
| run: | | |
| terraform init | |
| - name: Validate | |
| run: | | |
| terraform validate | |
| - name: Install tfsec for scanning | |
| run: | |
| go install github.com/aquasecurity/tfsec/cmd/tfsec@latest > /dev/null 2>&1 | |
| - name: scan | |
| run: | | |
| export PATH=$PATH:$HOME/go/bin | |
| tfsec | |
| continue-on-error: true | |
| - name: setup SSH | |
| run: | | |
| echo ${{ secrets.SSH_PUB_KEY }} > ./id_rsa.pub | |
| chmod 600 ./id_rsa.pub | |
| - name: plan | |
| run: | | |
| terraform plan | |
| - name: apply | |
| if: github.event_name == 'push' | |
| run: | | |
| terraform apply -auto-approve | |
| - name: save azure VMs public ip address | |
| if: github.event_name == 'push' | |
| run: terraform output > virtual_machines.ini | |
| - name: Upload virtual_machines.ini | |
| if: github.event_name == 'push' | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: virtual machines ip address | |
| path: ./infrastructure/virtual_machines.ini | |
| retention-days: 1 | |
| Configure-GitLab-EE: | |
| env: | |
| ANSIBLE_HOST_KEY_CHECKING: False | |
| defaults: | |
| run: | |
| working-directory: ./playbooks | |
| runs-on: ubuntu-latest | |
| needs: Test-Scan-Apply-infrastructure | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| run: | | |
| cat << EOF > ./id_rsa | |
| ${{ secrets.SSH_PRIVATE_KEY}} | |
| EOF | |
| chmod 600 ./id_rsa | |
| - name: Install ansible | |
| run: | | |
| sudo apt update > /dev/null 2>&1 | |
| sudo apt install ansible -y > /dev/null 2>&1 | |
| - name: Download virtual_machines.ini | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: virtual machines ip address | |
| path: ./playbooks | |
| - name: set the required environments | |
| run: | | |
| cat << EOF > .env | |
| ROOT_PASSWD=${{ secrets.GITLAB_ROOT_PASSWD }} | |
| RUNNER_REGISTRATION_TOKEN=${{ secrets.GITLAB_RUNNER_REGISTRATION_TOKEN }} | |
| GITLAB_URL=http://$(cat virtual_machines.ini | grep main_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n') | |
| EOF | |
| cat << EOF > inventory.ini | |
| [gitlab-instance] | |
| $(cat virtual_machines.ini | grep main_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n') ansible_user=ubuntu ansible_ssh_private_key_file=./id_rsa | |
| [gitlab-runner] | |
| $(cat virtual_machines.ini | grep runner_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n') ansible_user=ubuntu ansible_ssh_private_key_file=./id_rsa | |
| EOF | |
| cat inventory.ini | |
| cat << EOF > gitlab.rb | |
| external_url 'http://$(cat virtual_machines.ini | grep main_vm | awk -F' = "' '{print $2}' | sed 's/"$//' | tr -d '\n')' | |
| gitlab_rails['initial_root_password'] = "${{ secrets.GITLAB_ROOT_PASSWD }}" | |
| gitlab_rails['initial_shared_runners_registration_token'] = "${{ secrets.GITLAB_RUNNER_REGISTRATION_TOKEN }}" | |
| # Enable Prometheus monitoring | |
| prometheus['enable'] = true | |
| prometheus['listen_address'] = '0.0.0.0:9090' | |
| # Enable Node Exporter for system metrics | |
| node_exporter['enable'] = true | |
| node_exporter['listen_address'] = '0.0.0.0:9100' | |
| # Enable Redis Exporter | |
| redis_exporter['enable'] = true | |
| redis_exporter['listen_address'] = '0.0.0.0:9121' | |
| # Enable Postgres Exporter | |
| postgres_exporter['enable'] = true | |
| postgres_exporter['listen_address'] = '0.0.0.0:9187' | |
| # Enable GitLab Exporter | |
| gitlab_exporter['enable'] = true | |
| gitlab_exporter['listen_address'] = '0.0.0.0:9168' | |
| EOF | |
| cat gitlab.rb | |
| - name: Configure GitLab EE | |
| run: ansible-playbook -i inventory.ini Gitlab-instance.yml | |
| - name: Configure GitLab Runner | |
| run: | | |
| cat .env | |
| ansible-playbook -i inventory.ini Gitlab-runner.yml | |