-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
116 lines (106 loc) · 3.3 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
stages:
- lint
- test
- build
- deploy
- review
- dast
- staging
- canary
- production
- incremental rollout 10%
- incremental rollout 25%
- incremental rollout 50%
- incremental rollout 100%
- performance
- cleanup
lint:
stage: lint
image: node:18-alpine
before_script:
- apk add git
- git checkout $CI_COMMIT_BRANCH
- git config user.name metahkg-bot
- git config user.email bot@metahkg.org
- git remote set-url origin https://root:$gitlab_token@gitlab.com/$CI_PROJECT_PATH
script:
- yarn install
- yarn lint
- git commit -a -m lint || exit 0
- git push origin $CI_COMMIT_BRANCH
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_COMMIT_AUTHOR != "metahkg-bot <bot@metahkg.org>" && ($CI_COMMIT_BRANCH == "dev" || $CI_COMMIT_BRANCH == "master")
sast:
stage: test
docker-build:
image: docker:latest
stage: build
services:
- docker:dind
before_script:
- apk add nodejs-current
- docker pull tonistiigi/binfmt:latest
- docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
- docker run --privileged --rm tonistiigi/binfmt --install all
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- version=$(node -e 'console.log(require("./package.json").version)')
- major=$(node -e "console.log('${version}'.split('.')[0])")
- minor=$(node -e "console.log('${version}'.split('.').slice(0, 2).join('.'))")
- docker buildx create --use
- docker buildx build --push --pull --platform linux/amd64,linux/arm64 -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:latest" -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$CI_COMMIT_SHORT_SHA" -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$version" -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$major" -t "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH:$minor" .
rules:
- if: $CI_COMMIT_TAG
when: never
- if: "$CI_COMMIT_BRANCH"
exists:
- Dockerfile
tagging:
image: alpine:latest
stage: deploy
allow_failure: true
before_script:
- apk add git
script:
- git config --global user.name metahkg-bot
- git config --global user.email bot@metahkg.org
- tag=$(cat package.json | grep version | grep -Eo "[[:digit:]]+\.[[:digit:]]+\.[[:digit:]]+")
- if [ $CI_COMMIT_BRANCH = "dev" ]; then tag=${tag}-dev; fi;
- git tag "$tag"
- git push --tags https://root:$gitlab_token@$CI_SERVER_HOST/$CI_PROJECT_PATH.git HEAD:${CI_COMMIT_BRANCH}
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_COMMIT_AUTHOR != "metahkg-bot <bot@metahkg.org>" && ($CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "dev")
changes:
- package.json
container_scanning:
stage: review
needs: ["docker-build"]
variables:
GIT_STRATEGY: fetch
CI_APPLICATION_REPOSITORY: "$CI_REGISTRY_IMAGE/$CI_COMMIT_BRANCH"
CI_APPLICATION_TAG: $CI_COMMIT_SHORT_SHA
CLAIR_OUTPUT: High
artifacts:
paths:
- gl-container-scanning-report.json
test:
stage: test
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH
code_quality:
stage: test
rules:
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH
build:
stage: build
retry: 2
include:
- template: Auto-DevOps.gitlab-ci.yml