https://pastein.ru/t/EqA
Загрузка данных
Running with gitlab-runner 15.8.0 (12335144)
on gitlab-runner-gitlab-runner-5c5d8dfd84-mrhn4 3Sduy7zd, system ID: r_pxlbVZdKVDlV
Preparing the "kubernetes" executor
00:00
Using Kubernetes namespace: gitlab-runners
Using Kubernetes executor with image registry.rshbdev.ru/appfarm/infra/images/kube-client-apps:8.21.4 ...
Using attach strategy to execute scripts...
Preparing environment
00:06
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-04dd4t to be running, status is Pending
Waiting for pod gitlab-runners/runner-3sduy7zd-project-58532-concurrent-04dd4t to be running, status is Pending
ContainersNotInitialized: "containers with incomplete status: [init-permissions]"
ContainersNotReady: "containers with unready status: [build helper]"
ContainersNotReady: "containers with unready status: [build helper]"
Running on runner-3sduy7zd-project-58532-concurrent-04dd4t via gitlab-runner-gitlab-runner-5c5d8dfd84-mrhn4...
Getting source from Git repository
00:02
$ git config --global --add url."https://gitlab-ci-token:${CI_JOB_TOKEN}@${CI_SERVER_HOST}/".insteadOf "https://${CI_SERVER_HOST}" # collapsed multi-line command
Fetching changes with git depth set to 20...
Initialized empty Git repository in /builds/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/.git/
Created fresh repository.
Checking out 13869b63 as 6.9.2...
Skipping Git submodules setup
Downloading artifacts
00:04
Downloading artifacts for init_dojo (22500566)...
Downloading artifacts from coordinator... ok id=22500566 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for devsecops_antivirus_scan (22500567)...
Downloading artifacts from coordinator... ok id=22500567 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for secrets_gitleaks (22500568)...
Downloading artifacts from coordinator... ok id=22500568 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for sast_semgrep (22500569)...
Downloading artifacts from coordinator... ok id=22500569 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for sast_ptai (22500570)...
Downloading artifacts from coordinator... ok id=22500570 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for dockerfilegen (22500571)...
Downloading artifacts from coordinator... ok id=22500571 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for sca_scan (22500572)...
Downloading artifacts from coordinator... ok id=22500572 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for build (22500574)...
Downloading artifacts from coordinator... ok id=22500574 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for unit (22500576)...
Downloading artifacts from coordinator... ok id=22500576 responseStatus=200 OK token=64_sL3xx
Downloading artifacts for bca_trivy (22500579)...
Downloading artifacts from coordinator... ok id=22500579 responseStatus=200 OK token=64_sL3xx
Executing "step_script" stage of the job script
00:20
$ ( umask 0077; mkdir -p ~/.kube && echo "$KUBECONFIG_COMBINED" | base64 -d > ~/.kube/config )
$ if [[ ${IS_SENSITIVE_SYSTEM} = true ]]; then export K8S_CLUSTERS=$K8S_CLUSTERS_SENSITIVE; fi
$ echo 'IS_SENSITIVE_SYSTEM:' $IS_SENSITIVE_SYSTEM
IS_SENSITIVE_SYSTEM: true
$ echo 'TARGET_CLUSTERS:' $K8S_CLUSTERS
TARGET_CLUSTERS: rcsdstbl
$ set -x
++ echo '$ for CLUSTER in $K8S_CLUSTERS; do'
$ for CLUSTER in $K8S_CLUSTERS; do
++ for CLUSTER in $K8S_CLUSTERS
++ echo '$ export CLUSTER=$CLUSTER'
$ export CLUSTER=$CLUSTER
++ export CLUSTER=rcsdstbl
++ CLUSTER=rcsdstbl
++ echo '$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi'
$ if [[ ${CI_ENVIRONMENT_SLUG} = production ]]; then export NAMESPACE=isys-${ISYS_NAME}; else export NAMESPACE=isys-${ISYS_NAME}-${CI_ENVIRONMENT_SLUG}; fi
++ [[ production = production ]]
++ export NAMESPACE=isys-efr
++ NAMESPACE=isys-efr
++ echo '$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true'
$ read -r REVISION STATUS < <(helm --kube-context ${CLUSTER:-default} -n $NAMESPACE history $CI_PROJECT_NAME | tail -1 | cut -f1,3) || true
++ read -r REVISION STATUS
+++ helm --kube-context rcsdstbl -n isys-efr history cdi-person-service
+++ tail -1
+++ cut -f1,3
++ echo '$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi'
$ if [[ "$STATUS" =~ "pending" ]]; then helm --kube-context ${CLUSTER:-default} -n $NAMESPACE rollback $CI_PROJECT_NAME $REVISION || true; fi
++ [[ deployed =~ pending ]]
++ echo '$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"'
$ helmfile ${HELMFILE_DEFAULT_NAMESPACE:+--namespace $HELMFILE_DEFAULT_NAMESPACE} --environment ${CLUSTER:-default} -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set "additionalWorkloadAnnotations.gitlabPipeline=${CI_PIPELINE_URL}" --set "additionalWorkloadAnnotations.gitlabCommit=${CI_COMMIT_SHA}"
++ helmfile --environment rcsdstbl -f deploy/helmfile.yaml --log-level info apply --suppress-secrets --set additionalWorkloadAnnotations.gitlabPipeline=https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052 --set additionalWorkloadAnnotations.gitlabCommit=13869b63b0ab42012f09a79242fe7c6def13a86d
== /usr/local/link/helmfile: Initialize base deploy hierarchy in /builds/rshbintech/retail/frontsystem/efr/biz/cdi-person-service
no matches for path: envs/production/rcsdstbl/helmfile.yaml.gotmpl
Adding repo rshb-charts https://nexus.rshbdev.ru/repository/charts/
"rshb-charts" has been added to your repositories
Comparing release=vault-secrets-cdi-person-service, chart=rshb-charts/raw
Comparing release=psvc-cdi-person-service, chart=rshb-charts/raw
isys-efr, cdi-person-service, PlatformService (production.platform.ckpr.integrations.rshbintech.ru) has changed:
# Source: raw/templates/resources.yaml
apiVersion: production.platform.ckpr.integrations.rshbintech.ru/v1
kind: PlatformService
metadata:
labels:
app: raw
chart: raw-0.2.3-rshb.1.0.0
ci.build.image.app.farm/name: maven
ci.build.image.app.farm/version: 3.9.12-eclipse-temurin-21-rshb.0.2.0
ci.kubeclientapps.app.farm/version: 8.21.4
ci.runtime.image.app.farm/name: jre
ci.runtime.image.app.farm/version: 21.0.9_10-jre-jammy-rshb.1.0.0
ci.service.app.farm/lang: java
ci.service.app.farm/side: backend
- commitShortSHA: 02c73e9d
+ commitShortSHA: 13869b63
heritage: Helm
release: psvc-cdi-person-service
version: 6.9.2
name: cdi-person-service
spec:
cpuLimits: 500m
cpuRequests: 200m
description: Сервис для работы с карточкой клиента и согласиями, полученными из
топиков PUBLISH_CONSENT И PUBLISH_PERSON
disasterRecovery:
zones:
- rumsk1
- rumsk2
environment: PRODUCTION
informationSystemId: efr
istioSidecarSettings:
limits:
cpu: 400m
memory: 512Mi
requests:
cpu: 100m
memory: 128Mi
name: Сервис для работы с клиентским данными CDI (cdi-person-service)
projectPath: /rshbintech/retail/frontsystem/efr/biz/cdi-person-service
publicDomain: cdi-person-service
publishAPI: true
ramLimits: 512Mi
ramRequests: 128Mi
replicaCount: 1
serviceReference:
name: cdi-person-service
namespace: isys-efr
side: backend
updateStrategy: RollingUpdate
Comparing release=platform-database-cdi-person-service, chart=rshb-charts/raw
Comparing release=links-cdi-person-service, chart=rshb-charts/raw
Comparing release=cdi-person-service-rumsk1, chart=rshb-charts/base
isys-efr, cdi-person-service-rumsk1, Deployment (apps) has changed:
# Source: base/templates/workload.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cdi-person-service-rumsk1
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk1
chart: base-1.14.2
release: cdi-person-service-rumsk1
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk1"
annotations:
- gitlabCommit: 02c73e9d55718ee19d01dfd2ec82e8f3f5adb5b3
- gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3225445
- platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 02c73e9d
- platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3225445"
+ gitlabCommit: 13869b63b0ab42012f09a79242fe7c6def13a86d
+ gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052
+ platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 13869b63
+ platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3228052"
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: cdi-person-service
fullname: cdi-person-service-rumsk1
release: cdi-person-service-rumsk1
template:
metadata:
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk1
chart: base-1.14.2
release: cdi-person-service-rumsk1
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk1"
annotations:
checksum/configMapsEnv: "8740cc477a11b1421b99f03bffbc5a5f4fdacb75ca97b8b7d8f4672b6502b9e1"
checksum/secretEnv: "0e3f5d400ec944e3063c1c5c3c9888161192597f9835b3c929edaa3518a80327"
inject.istio.io/templates: "sidecar,custom"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
sidecar.istio.io/proxyCPU: "100m"
sidecar.istio.io/proxyCPULimit: "400m"
sidecar.istio.io/proxyMemory: "128Mi"
sidecar.istio.io/proxyMemoryLimit: "512Mi"
sidecar.istio.io/userVolume: "[{\"name\": \"wasmfilters-dir\",\"configMap\": {\"name\": \"efr-envoy-filters\"}}]"
sidecar.istio.io/userVolumeMount: "[{\"mountPath\":\"/var/local/lib/wasm-filters\",\"name\":\"wasmfilters-dir\"}]"
spec:
serviceAccountName: default
nodeSelector:
workload.topology.app.farm/zone: rumsk1
priorityClassName:
rumsk1
containers:
- name: app
image: registry.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service:6.9.2
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: cdi-person-service-rumsk1-app-cm-env
- secretRef:
name: cdi-person-service-rumsk1-app-secret-env
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 200m
memory: 128Mi
ports:
livenessProbe:
failureThreshold: 5
httpGet:
path: /health/liveness
port: 8080
initialDelaySeconds: 360
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/readiness
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
procMount: Default
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
securityContext:
fsGroup: 1001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
tolerations:
- effect: NoSchedule
key: workload.topology.app.farm/zone
operator: Exists
hostNetwork: false
volumes:
Comparing release=cdi-person-service-rumsk2, chart=rshb-charts/base
isys-efr, cdi-person-service-rumsk2, Deployment (apps) has changed:
# Source: base/templates/workload.yaml
apiVersion: apps/v1
kind: Deployment
metadata:
name: cdi-person-service-rumsk2
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk2
chart: base-1.14.2
release: cdi-person-service-rumsk2
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk2"
annotations:
- gitlabCommit: 02c73e9d55718ee19d01dfd2ec82e8f3f5adb5b3
- gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3225445
- platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 02c73e9d
- platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3225445"
+ gitlabCommit: 13869b63b0ab42012f09a79242fe7c6def13a86d
+ gitlabPipeline: https://gitlab.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service/-/pipelines/3228052
+ platform.ckpr.integrations.rshbintech.ru/gitlab-commit-sha: 13869b63
+ platform.ckpr.integrations.rshbintech.ru/gitlab-pipeline-id: "3228052"
spec:
strategy:
type: RollingUpdate
replicas: 1
selector:
matchLabels:
app: cdi-person-service
fullname: cdi-person-service-rumsk2
release: cdi-person-service-rumsk2
template:
metadata:
labels:
app: cdi-person-service
fullname: cdi-person-service-rumsk2
chart: base-1.14.2
release: cdi-person-service-rumsk2
heritage: Helm
isys: "efr"
psvc: "cdi-person-service"
version: "6.9.2"
workload.topology.app.farm/zone: "rumsk2"
annotations:
checksum/configMapsEnv: "4634201dcbb082a44b12e1d91f725ad96f5d693407eea2d67d8dc9e5adac9e5a"
checksum/secretEnv: "d10bf43ac1bdca531b308d08311174923f14e1eee134b64bc505b4c021ade412"
inject.istio.io/templates: "sidecar,custom"
prometheus.io/path: "/metrics"
prometheus.io/port: "8080"
prometheus.io/scrape: "true"
sidecar.istio.io/proxyCPU: "100m"
sidecar.istio.io/proxyCPULimit: "400m"
sidecar.istio.io/proxyMemory: "128Mi"
sidecar.istio.io/proxyMemoryLimit: "512Mi"
sidecar.istio.io/userVolume: "[{\"name\": \"wasmfilters-dir\",\"configMap\": {\"name\": \"efr-envoy-filters\"}}]"
sidecar.istio.io/userVolumeMount: "[{\"mountPath\":\"/var/local/lib/wasm-filters\",\"name\":\"wasmfilters-dir\"}]"
spec:
serviceAccountName: default
nodeSelector:
workload.topology.app.farm/zone: rumsk2
priorityClassName:
rumsk2
containers:
- name: app
image: registry.rshbdev.ru/rshbintech/retail/frontsystem/efr/biz/cdi-person-service:6.9.2
imagePullPolicy: IfNotPresent
envFrom:
- configMapRef:
name: cdi-person-service-rumsk2-app-cm-env
- secretRef:
name: cdi-person-service-rumsk2-app-secret-env
resources:
limits:
cpu: 500m
memory: 512Mi
requests:
cpu: 200m
memory: 128Mi
ports:
livenessProbe:
failureThreshold: 5
httpGet:
path: /health/liveness
port: 8080
initialDelaySeconds: 360
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
readinessProbe:
failureThreshold: 3
httpGet:
path: /health/readiness
port: 8080
initialDelaySeconds: 180
periodSeconds: 5
successThreshold: 1
timeoutSeconds: 1
securityContext:
allowPrivilegeEscalation: false
capabilities:
drop:
- ALL
privileged: false
procMount: Default
readOnlyRootFilesystem: false
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
securityContext:
fsGroup: 1001
fsGroupChangePolicy: OnRootMismatch
runAsGroup: 1001
runAsNonRoot: true
runAsUser: 1001
tolerations:
- effect: NoSchedule
key: workload.topology.app.farm/zone
operator: Exists
hostNetwork: false
volumes:
Comparing release=cdi-person-service, chart=rshb-charts/raw
Listing releases matching ^pjob-cdi-person-service$
Listing releases matching ^exsvc-cdi-person-service$
Listing releases matching ^data-cdi-person-service$
Listing releases matching ^assets-config-cdi-person-service$
Listing releases matching ^cdi-person-service-raw$
Listing releases matching ^cdi-person-service-grafana-dashboard$
Upgrading release=psvc-cdi-person-service, chart=rshb-charts/raw
Release "psvc-cdi-person-service" has been upgraded. Happy Helming!
NAME: psvc-cdi-person-service
LAST DEPLOYED: Wed Jun 10 09:11:45 2026
NAMESPACE: isys-efr
STATUS: deployed
REVISION: 32
TEST SUITE: None
Listing releases matching ^psvc-cdi-person-service$
psvc-cdi-person-service isys-efr 32 2026-06-10 09:11:45.210087867 +0000 UTC deployed raw-0.2.3-rshb.1.0.0 0.2.3
Upgrading release=cdi-person-service-rumsk1, chart=rshb-charts/base
Upgrading release=cdi-person-service-rumsk2, chart=rshb-charts/base
Release "cdi-person-service-rumsk1" has been upgraded. Happy Helming!
NAME: cdi-person-service-rumsk1
LAST DEPLOYED: Wed Jun 10 09:11:47 2026
NAMESPACE: isys-efr
STATUS: deployed
REVISION: 35
TEST SUITE: None
Listing releases matching ^cdi-person-service-rumsk1$
Release "cdi-person-service-rumsk2" has been upgraded. Happy Helming!
NAME: cdi-person-service-rumsk2
LAST DEPLOYED: Wed Jun 10 09:11:47 2026
NAMESPACE: isys-efr
STATUS: deployed
REVISION: 35
TEST SUITE: None
Listing releases matching ^cdi-person-service-rumsk2$
cdi-person-service-rumsk1 isys-efr 35 2026-06-10 09:11:47.529115586 +0000 UTC deployed base-1.14.2 1.0
cdi-person-service-rumsk2 isys-efr 35 2026-06-10 09:11:47.512979245 +0000 UTC deployed base-1.14.2 1.0
UPDATED RELEASES:
NAME CHART VERSION
psvc-cdi-person-service rshb-charts/raw 0.2.3-rshb.1.0.0
cdi-person-service-rumsk1 rshb-charts/base 1.14.2
cdi-person-service-rumsk2 rshb-charts/base 1.14.2
++ echo '$ done'
$ done
Uploading artifacts for successful job
00:01
Uploading artifacts...
deploy.env: found 1 matching artifact files and directories
Uploading artifacts as "dotenv" to coordinator... 201 Created id=22500581 responseStatus=201 Created token=64_sL3xx
Cleaning up project directory and file based variables
00:00
Job succeeded