mirror of
https://gitlab.dit.htwk-leipzig.de/htwk-software/htwkalender.git
synced 2025-07-16 09:38:49 +02:00
262 lines
7.2 KiB
YAML
262 lines
7.2 KiB
YAML
# You can override the included template(s) by including variable overrides
|
|
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
|
|
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/pipeline/#customization
|
|
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
|
|
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
|
|
# Note that environment variables can be set in several places
|
|
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
|
|
stages:
|
|
- lint
|
|
- build
|
|
- test
|
|
- sonarqube-check
|
|
- oci-build
|
|
- deploy
|
|
- deploy-dev
|
|
lint-frontend:
|
|
image: node:lts
|
|
stage: lint
|
|
rules:
|
|
- changes:
|
|
- frontend/**/*
|
|
script:
|
|
- cd frontend
|
|
- npm i
|
|
- npm run lint-no-fix
|
|
lint-data-manager:
|
|
stage: lint
|
|
image: golangci/golangci-lint:latest
|
|
rules:
|
|
- changes:
|
|
- services/data-manager/**/*
|
|
script:
|
|
- cd services/data-manager
|
|
- go mod download
|
|
- golangci-lint --version
|
|
- golangci-lint run -v --skip-dirs=migrations --timeout=5m
|
|
lint-ical:
|
|
stage: lint
|
|
image: golangci/golangci-lint:latest
|
|
rules:
|
|
- changes:
|
|
- services/ical/**/*
|
|
script:
|
|
- cd services/ical
|
|
- go mod download
|
|
- golangci-lint --version
|
|
- golangci-lint run -v --skip-dirs=migrations --timeout=5m
|
|
build-data-manager:
|
|
image: golang:alpine
|
|
stage: build
|
|
rules:
|
|
- changes:
|
|
- services/data-manager/**/*
|
|
script:
|
|
- cd services/data-manager
|
|
- go build -o htwkalender
|
|
artifacts:
|
|
paths:
|
|
- data-manager/htwkalender
|
|
- data-manager/go.sum
|
|
- data-manager/go.mod
|
|
build-ical:
|
|
image: golang:alpine
|
|
stage: build
|
|
rules:
|
|
- changes:
|
|
- services/ical/**/*
|
|
script:
|
|
- cd services/ical
|
|
- go build -o htwkalender-ical
|
|
artifacts:
|
|
paths:
|
|
- data-manager/htwkalender-ical
|
|
- data-manager/go.sum
|
|
- data-manager/go.mod
|
|
sonarqube-data-manager:
|
|
stage: sonarqube-check
|
|
image:
|
|
name: sonarsource/sonar-scanner-cli:5.0
|
|
entrypoint:
|
|
- ''
|
|
variables:
|
|
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
|
|
GIT_DEPTH: '0'
|
|
cache:
|
|
key: "${CI_JOB_NAME}"
|
|
paths:
|
|
- ".sonar/cache"
|
|
script:
|
|
- cd services/data-manager
|
|
- sonar-scanner
|
|
allow_failure: true
|
|
only:
|
|
- merge_requests
|
|
- master
|
|
- main
|
|
- develop
|
|
build-frontend:
|
|
image: node:lts
|
|
stage: build
|
|
rules:
|
|
- changes:
|
|
- frontend/**/*
|
|
script:
|
|
- cd frontend
|
|
- npm i
|
|
- npm run build
|
|
artifacts:
|
|
paths:
|
|
- frontend/build
|
|
test-data-manager:
|
|
image: golang:alpine
|
|
stage: test
|
|
rules:
|
|
- changes:
|
|
- services/data-manager/**/*
|
|
script:
|
|
- cd services/data-manager
|
|
- go test -v ./...
|
|
dependencies:
|
|
- build-data-manager
|
|
test-ical:
|
|
image: golang:alpine
|
|
stage: test
|
|
rules:
|
|
- changes:
|
|
- services/ical/**/*
|
|
script:
|
|
- cd services/ical
|
|
- go test -v ./...
|
|
dependencies:
|
|
- build-ical
|
|
test-frontend:
|
|
image: node:lts
|
|
stage: test
|
|
rules:
|
|
- changes:
|
|
- frontend/**/*
|
|
script:
|
|
- cd frontend
|
|
- npm i
|
|
- npm run test
|
|
dependencies:
|
|
- lint-frontend
|
|
build-data-manager-image:
|
|
stage: oci-build
|
|
image: docker:latest
|
|
services:
|
|
- docker:dind
|
|
tags:
|
|
- image
|
|
variables:
|
|
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-data-manager"
|
|
DOCKER_HOST: tcp://docker:2376
|
|
DOCKER_TLS_CERTDIR: "/certs"
|
|
DOCKER_TLS_VERIFY: 1
|
|
DOCKER_CERT_PATH: "/certs/client"
|
|
before_script:
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
script:
|
|
- docker build --pull -t $IMAGE_TAG -f ./services/data-manager/Dockerfile --target
|
|
prod ./services
|
|
- docker push $IMAGE_TAG
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
|
|
changes:
|
|
- services/data-manager/**/*
|
|
build-ical-image:
|
|
stage: oci-build
|
|
image: docker:latest
|
|
services:
|
|
- docker:dind
|
|
tags:
|
|
- image
|
|
variables:
|
|
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-ical"
|
|
DOCKER_HOST: tcp://docker:2376
|
|
DOCKER_TLS_CERTDIR: "/certs"
|
|
DOCKER_TLS_VERIFY: 1
|
|
DOCKER_CERT_PATH: "/certs/client"
|
|
before_script:
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
script:
|
|
- docker build --pull -t $IMAGE_TAG -f ./services/ical/Dockerfile --target prod
|
|
./services
|
|
- docker push $IMAGE_TAG
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
|
|
changes:
|
|
- services/ical/**/*
|
|
build-frontend-image:
|
|
stage: oci-build
|
|
image: docker:latest
|
|
services:
|
|
- docker:dind
|
|
tags:
|
|
- image
|
|
variables:
|
|
IMAGE_TAG: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG-frontend"
|
|
DOCKER_HOST: tcp://docker:2376
|
|
DOCKER_TLS_CERTDIR: "/certs"
|
|
DOCKER_TLS_VERIFY: 1
|
|
DOCKER_CERT_PATH: "/certs/client"
|
|
before_script:
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
|
- cd ./frontend
|
|
script:
|
|
- docker build --pull -t $IMAGE_TAG -f ./Dockerfile --target prod .
|
|
- docker push $IMAGE_TAG
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "main" || $CI_COMMIT_BRANCH == "development"
|
|
changes:
|
|
- frontend/**/*
|
|
deploy-dev:
|
|
stage: deploy-dev
|
|
image: alpine:latest
|
|
before_script:
|
|
- apk add --no-cache openssh-client sed
|
|
- eval $(ssh-agent -s)
|
|
- ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r')
|
|
script:
|
|
- sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.dev.yml
|
|
- 'scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.dev.yml
|
|
./reverseproxy.dev.conf $CI_SSH_USER@$CI_SSH_DEV_HOST:/home/$CI_SSH_USER/docker/htwkalender/
|
|
|
|
'
|
|
- 'ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_DEV_HOST
|
|
"cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER
|
|
-p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.dev.yml
|
|
down && docker compose -f ./docker-compose.dev.yml up -d --remove-orphans && docker
|
|
logout"
|
|
|
|
'
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "development"
|
|
deploy-all:
|
|
stage: deploy
|
|
image: alpine:latest
|
|
before_script:
|
|
- apk add --no-cache openssh-client sed
|
|
- eval $(ssh-agent -s)
|
|
- ssh-add <(echo "$CI_SSH_KEY" | tr -d '\r')
|
|
script:
|
|
- sed -i -e "s|DOCKER_REGISTRY_REPO|$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG|" docker-compose.prod.yml
|
|
- 'scp -P $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR ./docker-compose.prod.yml
|
|
./reverseproxy.conf $CI_SSH_USER@$CI_SSH_HOST:/home/$CI_SSH_USER/docker/htwkalender/
|
|
|
|
'
|
|
- 'ssh -p $CI_SSH_PORT -o StrictHostKeyChecking=no -o LogLevel=ERROR $CI_SSH_USER@$CI_SSH_HOST
|
|
"cd /home/$CI_SSH_USER/docker/htwkalender/ && docker login -u $CI_REGISTRY_USER
|
|
-p $CI_REGISTRY_PASSWORD $CI_REGISTRY && docker compose -f ./docker-compose.prod.yml
|
|
down && docker compose -f ./docker-compose.prod.yml up -d --remove-orphans &&
|
|
docker logout && docker exec --user root htwkalender-htwkalender-frontend-1 /bin/sh
|
|
-c \"echo ''google-site-verification: $GOOGLE_VERIFICATION.html'' > ./$GOOGLE_VERIFICATION.html\"
|
|
"
|
|
|
|
'
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH == "main"
|
|
include:
|
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|