109 lines
2.8 KiB
YAML
109 lines
2.8 KiB
YAML
variables:
|
|
DOCKER_TLS_CERTDIR: "/certs"
|
|
|
|
stages:
|
|
- build
|
|
- pages
|
|
- test
|
|
- release
|
|
- deploy
|
|
|
|
sast:
|
|
stage: test
|
|
|
|
sentry_upload:
|
|
image: getsentry/sentry-cli:latest
|
|
stage: release
|
|
rules:
|
|
- if: $CI_COMMIT_TAG && $SENTRY_ORG
|
|
script:
|
|
- sentry-cli releases new --finalize "$CI_COMMIT_REF_NAME"
|
|
- sentry-cli releases set-commits --auto "$CI_COMMIT_REF_NAME"
|
|
|
|
build:
|
|
image:
|
|
name: gcr.io/kaniko-project/executor:debug
|
|
entrypoint: [""]
|
|
stage: build
|
|
before_script:
|
|
- export APP_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//g')
|
|
- mkdir -p /kaniko/.docker
|
|
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
|
|
script:
|
|
- >-
|
|
/kaniko/executor
|
|
--context "${CI_PROJECT_DIR}"
|
|
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
|
|
--destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}"
|
|
--build-arg "SENTRY_DSN=$SENTRY_DSN"
|
|
--build-arg "APP_VERSION=$APP_TAG"
|
|
--ignore-var-run
|
|
|
|
tag_latest:
|
|
image:
|
|
name: gcr.io/go-containerregistry/crane:debug
|
|
entrypoint: [""]
|
|
stage: release
|
|
only:
|
|
- tags
|
|
before_script:
|
|
- crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
script:
|
|
- crane tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME latest
|
|
|
|
pages :
|
|
stage: pages
|
|
when: manual
|
|
image: node:18-alpine
|
|
only:
|
|
- tags
|
|
before_script:
|
|
- apk add yarn
|
|
- yarn
|
|
- rm -rf public
|
|
- mkdir public
|
|
script:
|
|
- node_modules/apidoc/bin/apidoc -i app -t ./resources/template-apidoc -o
|
|
public
|
|
artifacts:
|
|
paths:
|
|
# The folder that contains the files to be exposed at the Page URL
|
|
- public
|
|
# rules:
|
|
# This ensures that only pushes to the default branch will trigger
|
|
# a pages deploy
|
|
# - if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
|
|
|
|
|
deploy_prod:
|
|
stage: deploy
|
|
image: alpine
|
|
environment:
|
|
name: production
|
|
url: https://time.amazingcat.net
|
|
only:
|
|
- tags
|
|
when: manual
|
|
before_script:
|
|
- 'which ssh-agent || ( apk add --update openssh )'
|
|
- eval $(ssh-agent -s)
|
|
- echo "$CI_KEY" | base64 -d | ssh-add -
|
|
- mkdir -p ~/.ssh
|
|
- chmod 700 ~/.ssh
|
|
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
|
|
script:
|
|
- ssh $CI_USER@$CI_HOST 'cd /opt/services/cattr/tracker && docker compose pull'
|
|
- ssh $CI_USER@$CI_HOST 'cd /opt/services/cattr/tracker && docker compose up -d'
|
|
|
|
container_scanning:
|
|
variables:
|
|
CS_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME'
|
|
|
|
include:
|
|
- template: Security/SAST.gitlab-ci.yml
|
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
|
- template: Security/License-Scanning.gitlab-ci.yml
|
|
- template: Security/Container-Scanning.gitlab-ci.yml
|
|
- template: Code-Quality.gitlab-ci.yml
|