first commit
This commit is contained in:
Noor E Ilahi
108
.gitlab-ci.yml
Normal file
108
.gitlab-ci.yml
Normal file
@@ -0,0 +1,108 @@
|
||||
variables:
|
||||
DOCKER_TLS_CERTDIR: "/certs"
|
||||
|
||||
stages:
|
||||
- build
|
||||
- pages
|
||||
- test
|
||||
- release
|
||||
- deploy
|
||||
|
||||
sast:
|
||||
stage: test
|
||||
|
||||
sentry_upload:
|
||||
image: getsentry/sentry-cli:latest
|
||||
stage: release
|
||||
rules:
|
||||
- if: $CI_COMMIT_TAG && $SENTRY_ORG
|
||||
script:
|
||||
- sentry-cli releases new --finalize "$CI_COMMIT_REF_NAME"
|
||||
- sentry-cli releases set-commits --auto "$CI_COMMIT_REF_NAME"
|
||||
|
||||
build:
|
||||
image:
|
||||
name: gcr.io/kaniko-project/executor:debug
|
||||
entrypoint: [""]
|
||||
stage: build
|
||||
before_script:
|
||||
- export APP_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//g')
|
||||
- mkdir -p /kaniko/.docker
|
||||
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
|
||||
script:
|
||||
- >-
|
||||
/kaniko/executor
|
||||
--context "${CI_PROJECT_DIR}"
|
||||
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
|
||||
--destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}"
|
||||
--build-arg "SENTRY_DSN=$SENTRY_DSN"
|
||||
--build-arg "APP_VERSION=$APP_TAG"
|
||||
--ignore-var-run
|
||||
|
||||
tag_latest:
|
||||
image:
|
||||
name: gcr.io/go-containerregistry/crane:debug
|
||||
entrypoint: [""]
|
||||
stage: release
|
||||
only:
|
||||
- tags
|
||||
before_script:
|
||||
- crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||
script:
|
||||
- crane tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME latest
|
||||
|
||||
pages :
|
||||
stage: pages
|
||||
when: manual
|
||||
image: node:18-alpine
|
||||
only:
|
||||
- tags
|
||||
before_script:
|
||||
- apk add yarn
|
||||
- yarn
|
||||
- rm -rf public
|
||||
- mkdir public
|
||||
script:
|
||||
- node_modules/apidoc/bin/apidoc -i app -t ./resources/template-apidoc -o
|
||||
public
|
||||
artifacts:
|
||||
paths:
|
||||
# The folder that contains the files to be exposed at the Page URL
|
||||
- public
|
||||
# rules:
|
||||
# This ensures that only pushes to the default branch will trigger
|
||||
# a pages deploy
|
||||
# - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
||||
|
||||
|
||||
deploy_prod:
|
||||
stage: deploy
|
||||
image: alpine
|
||||
environment:
|
||||
name: production
|
||||
url: https://time.amazingcat.net
|
||||
only:
|
||||
- tags
|
||||
when: manual
|
||||
before_script:
|
||||
- 'which ssh-agent || ( apk add --update openssh )'
|
||||
- eval $(ssh-agent -s)
|
||||
- echo "$CI_KEY" | base64 -d | ssh-add -
|
||||
- mkdir -p ~/.ssh
|
||||
- chmod 700 ~/.ssh
|
||||
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
|
||||
script:
|
||||
- ssh $CI_USER@$CI_HOST 'cd /opt/services/cattr/tracker && docker compose pull'
|
||||
- ssh $CI_USER@$CI_HOST 'cd /opt/services/cattr/tracker && docker compose up -d'
|
||||
|
||||
container_scanning:
|
||||
variables:
|
||||
CS_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME'
|
||||
|
||||
include:
|
||||
- template: Security/SAST.gitlab-ci.yml
|
||||
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
||||
- template: Security/Secret-Detection.gitlab-ci.yml
|
||||
- template: Security/License-Scanning.gitlab-ci.yml
|
||||
- template: Security/Container-Scanning.gitlab-ci.yml
|
||||
- template: Code-Quality.gitlab-ci.yml
|
||||
Reference in New Issue
Block a user