-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
223 lines (208 loc) · 6.37 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
stages:
- Init
- Test
- Build
- Scan
- Push
- Emit
variables:
GIT_USER: oauth
GIT_PASS: wkfyce_xQuqD8d4gFRmu
DOCKER_REGISTRY_NAME: registry.nasctech.com
DOCKER_REGISTRY_USER: nasc-registry
DOCKER_REGISTRY_PASS: Qwerty1@
IMAGE_NAME: plasticine
BUILD: latest
BUILD_DIR: /tmp/build/app
SW_EXPIRE_DATE: YYYY-MM-DD
1. Set Build:
stage: Init
tags:
- k8s-helm
before_script:
- GIT_PATH=https://$GIT_USER:[email protected]/nasc/streamline-v2/plasticine.git
- DIR_PATH=$BUILD_DIR/plasticine
script:
- |
sudo rm -rf $BUILD_DIR/plasticine
git clone --branch $BRANCH $GIT_PATH $DIR_PATH
cd $BUILD_DIR/plasticine
BUILD_LATEST=$(git rev-list HEAD --count)
BUILD_CONFIG=$([ "$BUILD" == "latest" ] && echo $BUILD_LATEST || echo $BUILD)
for i in $(eval echo {0..$((BUILD_LATEST-BUILD_CONFIG))})
do
BUILD=$(git rev-list HEAD~$i --count)
if [ "$BUILD" -le "$BUILD_CONFIG" ]; then
git reset --hard $(git rev-list HEAD~$i -n1); break
fi
done
only:
variables:
- '$BRANCH != null'
2. Set Extensions:
stage: Init
tags:
- k8s-helm
before_script:
- GIT_PATH=https://$GIT_USER:[email protected]/nasc/streamline-v2/extensions
- DIR_PATH=$BUILD_DIR/plasticine/backend/extensions/plugins/list
script:
- git clone --single-branch --branch develop $GIT_PATH/plugin_telegram.git $DIR_PATH/plugin_telegram
- git clone --single-branch --branch develop $GIT_PATH/plugin_inventory.git $DIR_PATH/plugin_inventory
- git clone --single-branch --branch develop $GIT_PATH/plugin_odbc.git $DIR_PATH/plugin_odbc
# TODO: update index options for field
# - git clone --single-branch --branch develop $GIT_PATH/plugin_fts.git $DIR_PATH/plugin_fts
- git clone --single-branch --branch develop $GIT_PATH/plugin_sso_server.git $DIR_PATH/plugin_sso_server
- git clone --single-branch --branch develop $GIT_PATH/plugin_psql.git $DIR_PATH/plugin_psql
# - git clone --single-branch --branch develop $GIT_PATH/plugin_firebase.git $DIR_PATH/plugin_firebase
only:
variables:
- '$BRANCH != null'
1. Test Backend:
stage: Test
tags:
- k8s-helm
script:
- docker-compose -f backend/docker-compose.yml run backend-dev yarn install
- docker-compose -f backend/docker-compose.yml run backend-dev yarn test
after_script:
- docker-compose -f backend/docker-compose.yml rm -f backend-dev && echo $CI_PROJECT_DIR
only:
variables:
- '$BRANCH != null'
allow_failure: true
2. Test Frontend:
stage: Test
tags:
- k8s-helm
script:
- docker-compose -f frontend/docker-compose.yml run frontend-dev yarn install
- docker-compose -f frontend/docker-compose.yml run frontend-dev yarn test
after_script:
- docker-compose -f frontend/docker-compose.yml run frontend-dev yarn test:clear
- docker-compose -f frontend/docker-compose.yml rm -f frontend-dev && echo $CI_PROJECT_DIR
only:
variables:
- '$BRANCH != null'
allow_failure: true
1. Build Backend:
stage: Build
tags:
- k8s-helm
before_script:
- |
IMAGES=$(docker images -aq --filter="reference=*$DOCKER_REGISTRY_NAME/$IMAGE_NAME/backend*")
[ ! -z $IMAGES ] && docker rmi $IMAGES
script:
- TAG=$DOCKER_REGISTRY_NAME/$IMAGE_NAME/backend:$BRANCH.extended.$BUILD
- cd $BUILD_DIR/plasticine/backend && DOCKER_BUILDKIT=1 docker build --secret id=SW_EXPIRE_DATE --no-cache -t $TAG .
only:
variables:
- '$BRANCH != null'
2. Build Frontend:
stage: Build
tags:
- k8s-helm
before_script:
- |
IMAGES=$(docker images -aq --filter="reference=*$DOCKER_REGISTRY_NAME/$IMAGE_NAME/frontend*")
[ ! -z $IMAGES ] && docker rmi $IMAGES
script:
- TAG=$DOCKER_REGISTRY_NAME/$IMAGE_NAME/frontend:$BRANCH.extended.$BUILD
- docker build --no-cache -f ./frontend/Dockerfile -t $TAG $BUILD_DIR/plasticine
only:
variables:
- '$BRANCH != null'
1. Scan Backend:
stage: Scan
tags:
- k8s-helm
script:
- TAG=$DOCKER_REGISTRY_NAME/$IMAGE_NAME/backend:$BRANCH.extended.$BUILD
- trivy image --exit-code 1 $TAG
only:
variables:
- '$BRANCH != null'
allow_failure: true
2. Scan Frontend:
stage: Scan
tags:
- k8s-helm
script:
- TAG=$DOCKER_REGISTRY_NAME/$IMAGE_NAME/frontend:$BRANCH.extended.$BUILD
- trivy image --exit-code 1 $TAG
only:
variables:
- '$BRANCH != null'
allow_failure: true
1. Push Backend:
stage: Push
tags:
- k8s-helm
script:
- TAG=$DOCKER_REGISTRY_NAME/$IMAGE_NAME/backend:$BRANCH.extended.$BUILD
- docker push $TAG
only:
variables:
- '$BRANCH != null'
2. Push Frontend:
stage: Push
tags:
- k8s-helm
script:
- TAG=$DOCKER_REGISTRY_NAME/$IMAGE_NAME/frontend:$BRANCH.extended.$BUILD
- docker push $TAG
only:
variables:
- '$BRANCH != null'
Autodeploy (develop):
stage: Emit
tags:
- k8s-helm
before_script:
- CONFIGS="dev/co2-srv1 dev/co2-srv2 dev/sandbox-stage"
- WEBHOOK="https://repo.networktechnologies.online/api/v4/projects/115/trigger/pipeline"
- TOKEN="92a3c8d0901f4d71231280796836ad"
script:
- |
for CONFIG in ${CONFIGS}; do
curl -X POST -F ref="refs/heads/master" \
-F "variables[CONFIG]=$CONFIG" \
-F token="$TOKEN" $WEBHOOK -v
done
only:
variables:
- '$BRANCH == "develop"'
Autodeploy (master):
stage: Emit
tags:
- k8s-helm
before_script:
- CONFIGS="dev/co2-master"
- WEBHOOK="https://repo.networktechnologies.online/api/v4/projects/115/trigger/pipeline"
- TOKEN="92a3c8d0901f4d71231280796836ad"
script:
- |
for CONFIG in ${CONFIGS}; do
curl -X POST -F ref="refs/heads/master" \
-F "variables[CONFIG]=$CONFIG" \
-F token="$TOKEN" $WEBHOOK -v
done
only:
variables:
- '$BRANCH == "master"'
Publish Release (develop):
stage: Emit
tags:
- k8s-helm
before_script:
- WEBHOOK="https://staging.sd.nasc.space/api/v1/web_service/call/git_service?token=4b331631bd650f18bf1ca918e3ef6493"
script:
- |
curl -X POST --data "GIT_PATH=$CI_PROJECT_URL" \
--data "GIT_PASS=$GIT_PASS" \
--data "BRANCH=$BRANCH" $WEBHOOK -v \
--data "object_kind=publish_release_nasc_trigger"
only:
variables:
- '$BRANCH == "develop"'