3

I am working on a cypress project. I have set up a pipeline in GitLab. My application only works over private network connected via Open VPN.

Can some one guide me how to add that in .gitlab-ci.yml file ???

My .gitlab-ci.yml is :

image: cypress/base:10

stages:
  - test
test:
  stage: test
  script:
    - npm install
    - npm run test

and my package.json is as follows:

{
  "name": "cypresspackage",
  "version": "1.0.0",
  "description": "",
  "main": "index.js",
  "scripts": {
    "clean:reports": "rm -R -f cypress/reports && mkdir cypress/reports && mkdir cypress/reports/mochareports",
    "pretest": "npm run clean:reports",
    "scripts": "cypress run --spec cypress/integration/dummy.feature",
    "combine-reports": "mochawesome-merge ./cypress/reports/mocha/*.json > cypress/reports/mochareports/report.json",
    "generate-report": "marge cypress/reports/mochareports/report.json -f report -o cypress/reports/mochareports",
    "report:copyScreenshots": "cp -r cypress/screenshots cypress/reports/mochareports/assets",
    "posttest": "npm run report:copyScreenshots && npm run combine-reports && npm run generate-report",
    "test": "npm run scripts || npm run posttest"
  },
  "author": "",
  "license": "ISC",
  "devDependencies": {
    "cypress": "^6.3.0",
    "cypress-audit": "^0.3.0",
    "cypress-cucumber-preprocessor": "^4.0.1",
    "cypress-multi-reporters": "^1.4.0",
    "cypress-xpath": "^1.6.2",
    "mocha": "^8.2.1",
    "mochawesome": "^6.2.1",
    "mochawesome-merge": "^4.2.0",
    "mochawesome-report-generator": "^5.1.0"
  },
  "dependencies": {
    "lambdatest-cypress-cli": "^1.0.1"
  },
  "cypress-cucumber-preprocessor": {
    "nonGlobalStepDefinitions": true
  }
}
bucky barns
  • 357
  • 5
  • 17
  • Where do your `gitlab-runner` runs? What type of runner is it? Do you expect to open and close the VPN connection on each run? – emi Feb 19 '21 at 12:14
  • I guess gitlab provides the runner at run time. Is there a option where I can choose the runner ? And yes I would like to connect to the VPN and close the VPN connection once my pipeline is completed. – bucky barns Feb 19 '21 at 12:34

1 Answers1

6

I guess gitlab provides the runner at run time

I guess you are using GitLab's SaaS. This means your VPN would be opened in a non-private environment. For example, some GitLab admins should have access to your VPN connection and, depending on how GitLab is configured in their backyard, some other GitLab users may have access to your private network. I'd avoid that. If you insist on that, you'd better use your project's Secrets feature to save your OpenVPN client authentication, so it remains private.

Is there a option where I can choose the runner?

Sure. You can register a runner running on your own servers (or even at home on-demand). It depends on where and how this runner is being used (Docker? Kubernetes? Debian? etc). Take a look into Registering a GitLab Runner. You'll need to generate a token from your project's configuration and then install the runner using that token.

GitLab CI

Once you have your own runner installed and configured (ensuring it runs when needed), you'll need to configure your VPN start/stop in the pipeline. Here, I copy a piece of code found on GitLab's forum:

before_script:
  ##
  ## VPN
  ## Inspiration from: https://torguard.net/knowledgebase.php?action=displayarticle&id=138
  ## And http://forum.gitlab.com/t/connect-vpn-during-ci-cd/7585
  ## Content from Variables to files: https://stackoverflow.com/a/49418265/4396362
  ## Waiting for opnevpn connect would be better than sleeping, the closest would be https://askubuntu.com/questions/28733/how-do-i-run-a-script-after-openvpn-has-connected-successfully
  ## Maybe this would work https://unix.stackexchange.com/questions/403202/create-bash-script-to-wait-and-then-run
  ##
  - which openvpn || (apt-get update -y -qq && apt-get install -y -qq openvpn) # Install openvpn if not available.
  - cat <<< $CLIENT_OVPN > /etc/openvpn/client.conf # Move vpn config from gitlab variable to config file.
  - cat <<< $VPN_U > /etc/openvpn/pass.txt # Move vpn user from gitlab variable to pass file.
  - cat <<< $VPN_P >> /etc/openvpn/pass.txt # Move vpn password from gitlab variable to pass file.
  - cat <<< "auth-user-pass /etc/openvpn/pass.txt" >> /etc/openvpn/client.conf # Tell vpn config to use password file.
  - cat <<< "log /etc/openvpn/client.log" >> /etc/openvpn/client.conf # Tell vpn config to use log file.
  - openvpn --config /etc/openvpn/client.conf --daemon # Start openvpn with config as a deamon.
  - sleep 30s # Wait for some time so the vpn can connect before doing anything else.
  - cat /etc/openvpn/client.log # Print the vpn log.
  - ping -c 1 <IP> # Ping the server I want to deploy to. If not available this stops the deployment process.

After this, you can add an after_script section to stop the OpenVPN daemon, or using a special closing job which includes a when: always, to ensure the VPN connection is closed even if the build failed.

You can also try other solutions, depending on your environment.

emi
  • 2,786
  • 1
  • 16
  • 24