HowTo: Automated CI/CD with GitLab-CI and Balena

Langhalsdino · January 30, 2020, 11:33am

This should be a quick guide on how to get the CI/CD pipeline running inside GitLab.

We have a software stack that should be automatically deployed to our production, staging and dev devices as soon as someone pushes a new commit or release. So very similar to the BalenaCloud build server only that this is available for OpenBalena too.

Challenges

balena deploy needs docker and a running version of balenc-cli.
OpenBalena has custom certificates that need to be integrated

Balena and Docker in Docker

Since dind is only provided on alpine images and the balena-cli can not be installed on alpine we need to find a different way to get this working. Luckily the gitlab-ci.yml has severices that enable us to deploy services (other containers) around our stage task.

build-container:
  image: ubuntu:bionic
  stage: deploy
  services:
    - name: docker:dind
      alias: docker
  script:
    - echo "$CRT" > balena.crt
    - echo "$YML" > ~/.balenarc.yml
    - apt-get update
    - apt-get install -y wget unzip
    # Setup Balena
    - export NODE_EXTRA_CA_CERTS="$PWD/balena.crt"
    - export DEBUG=1
    - wget https://github.com/balena-io/balena-cli/releases/download/v11.23.0/balena-cli-v11.23.0-linux-x64-standalone.zip -O balena.zip
    - unzip balena.zip
    - cp balena-cli/balena ./
    - ./balena login --credentials --email $BALENA_EMAIL --password $BALENA_PASSWORD
    # Setup docker
    - export DOCKER_HOST=tcp://docker:2375
    - apt-get install docker.io -y
    # Build an deploy image
    - ./balena deploy ....
  after_script:
    - rm balena.crt
    - rm ~/.balenarc.yml
  only:
    - master

Custom certs integrated into the dind container

Since the repository needs custom certs the only way is to integrate them into the dind container, therefore build your own one and replace the docker service with your container.

services:
    - name: path/to/your/dind:latest
      alias: docker

Build the container:

ADD balena.crt /usr/local/share/ca-certificates/balena.crt
RUN chmod 644 /usr/local/share/ca-certificates/balena.crt && update-ca-certificates

ENV DOCKER_TLS_CERTDIR = /certs

I could not finde anything i wanted to put this here, in case some one else is looking for a similar way.

I case i was just to stupid to google it, feel free to poste the link of a guide regarding this challenges in the comment.

Topic		Replies	Views
Best Way to Build Balena Images in Gitlab CI balenaOS	4	1075	December 18, 2020
Canary deployment on Balena using GitLab CI/CD Project help	4	1436	August 21, 2020
GitLab runner on balena devices for continuous integration testing Project help gitlab	8	3655	November 24, 2023
Preloading a container on Gitlab CICD using dind + TLS fails, unable to Error: unable to verify the first certificate Product support gitlab , balena-cli	7	269	February 8, 2023
Balena CLI in Docker Container Product support dockerfile	4	1387	December 10, 2018