Merge branch 'set-dependency-scanning-config-1' into 'development'

Set dependency scanning config 1

See merge request htwk-software/htwkalender!83
This commit is contained in:
Elmar Kresse
2024-10-19 14:12:03 +00:00

View File

@ -13,250 +13,234 @@
#You should have received a copy of the GNU Affero General Public License
#along with this program. If not, see <https://www.gnu.org/licenses/>.
stages:
- lint
- build
- test
- sonarqube-check
- oci-build
- deploy
- deploy-dev # New stage for development deployment
- lint
- build
- test
- sonarqube-check
- oci-build
- deploy
- deploy-dev
lint-frontend:
image: node:lts
stage: lint
rules:
- changes:
- frontend/**/*
- changes:
- frontend/**/*
script:
- cd frontend
- npm i
- npm run lint-no-fix
- cd frontend
- npm i
- npm run lint-no-fix
lint-data-manager:
stage: lint
image: golangci/golangci-lint:latest
rules:
- changes:
- services/data-manager/**/*
- changes:
- services/data-manager/**/*
script:
- cd services/data-manager
- go mod download
- golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m
- cd services/data-manager
- go mod download
- golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m
lint-ical:
stage: lint
image: golangci/golangci-lint:latest
rules:
- changes:
- services/ical/**/*
- changes:
- services/ical/**/*
script:
- cd services/ical
- go mod download
- golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m
- cd services/ical
- go mod download
- golangci-lint --version
- golangci-lint run -v --skip-dirs=migrations --timeout=5m
build-data-manager:
image: golang:alpine
stage: build
rules:
- changes:
- services/data-manager/**/*
- changes:
- services/data-manager/**/*
script:
- cd services/data-manager
- go build -o htwkalender
- cd services/data-manager
- go build -o htwkalender
artifacts:
paths:
- data-manager/htwkalender
- data-manager/go.sum
- data-manager/go.mod
- data-manager/htwkalender
- data-manager/go.sum
- data-manager/go.mod
build-ical:
image: golang:alpine
stage: build
rules:
- changes:
- services/ical/**/*
- changes:
- services/ical/**/*
script:
- cd services/ical
- go build -o htwkalender-ical
- cd services/ical
- go build -o htwkalender-ical
artifacts:
paths:
- data-manager/htwkalender-ical
- data-manager/go.sum
- data-manager/go.mod
- data-manager/htwkalender-ical
- data-manager/go.sum
- data-manager/go.mod
sonarqube-data-manager:
stage: sonarqube-check
image:
name: sonarsource/sonar-scanner-cli:5.0
entrypoint: [""]
entrypoint:
- ''
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
GIT_DEPTH: '0'
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
- ".sonar/cache"
script:
- cd services/data-manager
- sonar-scanner
- cd services/data-manager
- sonar-scanner
allow_failure: true
only:
- merge_requests
- master
- main
- develop
- merge_requests
- master
- main
- develop
build-frontend:
image: node:lts
stage: build
rules:
- changes:
- frontend/**/*
script:
- cd frontend
- npm i
- npm run build
artifacts:
paths:
- frontend/build
image: node:lts
stage: build
rules:
- changes:
- frontend/**/*
script:
- cd frontend
- npm i
- npm run build
artifacts:
paths:
- frontend/build
test-data-manager:
image: golang:alpine
stage: test
rules:
- changes:
- services/data-manager/**/*
- changes:
- services/data-manager/**/*
script:
- cd services/data-manager
- go test -v ./...
- cd services/data-manager
- go test -v ./...
dependencies:
- build-data-manager
- build-data-manager
test-ical:
image: golang:alpine
stage: test
rules:
- changes:
- services/ical/**/*
- changes:
- services/ical/**/*
script:
- cd services/ical
- go test -v ./...
- cd services/ical
- go test -v ./...
dependencies:
- build-ical
- build-ical
test-frontend:
image: node:lts
stage: test
rules:
- changes:
- frontend/**/*
- changes:
- frontend/**/*
script:
- cd frontend
- npm i
- npm run test
- cd frontend
- npm i
- npm run test
dependencies:
- lint-frontend
- lint-frontend
build-data-manager-image:
stage: oci-build
image: docker:latest
services:
- docker:dind
- docker:dind
tags:
- image
- image
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-data-manager
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-data-manager"
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "/certs/client"
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build --pull -t $IMAGE_TAG -f ./services/data-manager/Dockerfile --target prod ./services
- docker push $IMAGE_TAG
- docker build --pull -t $IMAGE_TAG -f ./services/data-manager/Dockerfile --target
prod ./services
- docker push $IMAGE_TAG
rules:
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes:
- services/data-manager/**/*
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes:
- services/data-manager/**/*
build-ical-image:
stage: oci-build
image: docker:latest
services:
- docker:dind
- docker:dind
tags:
- image
- image
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-ical
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-ical"
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "/certs/client"
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- docker build --pull -t $IMAGE_TAG -f ./services/ical/Dockerfile --target prod ./services
- docker push $IMAGE_TAG
- docker build --pull -t $IMAGE_TAG -f ./services/ical/Dockerfile --target prod
./services
- docker push $IMAGE_TAG
rules:
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes:
- services/ical/**/*
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes:
- services/ical/**/*
build-frontend-image:
stage: oci-build
image: docker:latest
services:
- docker:dind
- docker:dind
tags:
- image
- image
variables:
IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-frontend
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-frontend"
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
DOCKER_TLS_VERIFY: 1
DOCKER_CERT_PATH: "/certs/client"
before_script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- cd ./frontend
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- cd ./frontend
script:
- docker build --pull -t $IMAGE_TAG -f ./Dockerfile --target prod .
- docker push $IMAGE_TAG
- docker build --pull -t $IMAGE_TAG -f ./Dockerfile --target prod .
- docker push $IMAGE_TAG
rules:
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes:
- frontend/**/*
# Development deployment job
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
changes:
- frontend/**/*
deploy-dev:
stage: deploy-dev # New stage for development deployment
stage: deploy-dev
image: alpine:latest
before_script:
- apk add --no-cache openssh-client sed # install dependencies
- eval $(ssh-agent -s) # set some ssh variables
- ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r')
- apk add --no-cache openssh-client sed
- eval $(ssh-agent -s)
- ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r')
script:
# replace some placeholders
- sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.dev.yml # Assuming you have a separate docker-compose file for development
# upload necessary files to the dev server
- >
scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.dev.yml ./reverseproxy.dev.conf
$CI_SSH_USER@$CI_SSH_DEV_HOST:/home/$CI_SSH_USER/docker/htwkalender/
# ssh to the dev server and start the service
- >
ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_DEV_HOST
"cd /home/$CI_SSH_USER/docker/htwkalender/ &&
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY &&
docker compose -f ./docker-compose.dev.yml down && docker compose -f ./docker-compose.dev.yml up -d --remove-orphans && docker logout"
- sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.dev.yml
- 'scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.dev.yml
./reverseproxy.dev.conf $CI_SSH_USER@$CI_SSH_DEV_HOST:/home/$CI_SSH_USER/docker/htwkalender/
'
- 'ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_DEV_HOST
"cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER
-p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.dev.yml
down && docker compose -f ./docker-compose.dev.yml up -d --remove-orphans && docker
logout"
'
rules:
- if: $CI_COMMIT_BRANCH == "development" # Only execute for the development branch
- if: $CI_COMMIT_BRANCH == "development"
deploy-all:
stage: deploy
image: alpine:latest
@ -280,3 +264,5 @@ deploy-all:
docker exec --user root htwkalender-htwkalender-frontend-1 /bin/sh -c \"echo 'google-site-verification: $GOOGLE_VERIFICATION.html' > ./$GOOGLE_VERIFICATION.html\" "
rules:
- if: $CI_COMMIT_BRANCH == "main"
include:
- template: Security/Dependency-Scanning.gitlab-ci.yml