.gitlab-ci.yml 4.53 KB
Newer Older
jfriedli's avatar
jfriedli committed
1
# https://about.gitlab.com/2017/09/12/vuejs-app-gitlab/
jfriedli's avatar
jfriedli committed
2 3 4
# https://medium.com/joolsoftware/connect-gitlab-with-digitaloceans-kubernetes-439076b9de17
# https://blog.lwolf.org/post/how-to-create-ci-cd-pipeline-with-autodeploy-k8s-gitlab-helm/
stages:
jfriedli's avatar
jfriedli committed
5
  - test
jfriedli's avatar
jfriedli committed
6
  - build
jfriedli's avatar
jfriedli committed
7
  - container_build
jfriedli's avatar
jfriedli committed
8
  - container_sast
jfriedli's avatar
jfriedli committed
9 10
  - renovate

11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26
# to cache both npm modules and Cypress binary we use environment variables
# to point at the folders we can list as paths in "cache" job settings
variables:
  npm_config_cache: "$CI_PROJECT_DIR/.npm"
  CYPRESS_CACHE_FOLDER: "$CI_PROJECT_DIR/cache/Cypress"

# cache using branch name
# https://gitlab.com/help/ci/caching/index.md
cache:
  key: ${CI_COMMIT_REF_SLUG}
  paths:
    - .npm
    - cache/Cypress
    - node_modules

# Runnning E2E Test using docker compose and cypress
jfriedli's avatar
jfriedli committed
27
e2e_test:
28
  image: docker:20.10.6
jfriedli's avatar
jfriedli committed
29
  stage: test
jfriedli's avatar
jfriedli committed
30 31
  tags:
    - mat-web-runner
jfriedli's avatar
jfriedli committed
32
  retry: 2
jfriedli's avatar
jfriedli committed
33
  services:
34
    - docker:20.10.6-dind
jfriedli's avatar
jfriedli committed
35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50
  variables:
    DOCKER_TLS_CERTDIR: "/certs"
  before_script:
    - docker info
    - apk add --update py-pip
    - pip install docker-compose~=1.23.0
  script:
    - sh test/run_test_in_ci.sh
  artifacts:
    paths:
      - cypress/videos/
      - tests/screenshots/
    expire_in: 7 days
  only:
    - branches
    - schedules
51 52

# Build the application
jfriedli's avatar
jfriedli committed
53 54 55
.build_frontend_template: &build_frontend-template
  image: node:12
  stage: build
56 57 58 59
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
jfriedli's avatar
jfriedli committed
60 61 62 63 64 65 66 67 68 69 70 71 72 73
  before_script:
    - yarn install
    - yarn global add @quasar/cli
  script:
    - quasar build -m pwa
  artifacts:
    expire_in: 1 week
    paths:
      - dist/pwa

build_frontend_with_placeholder_url:
  <<: *build_frontend-template
  variables:
    MAT2_API_URL_PROD: '$MAT_API_HOST_PLACEHOLDER'
jfriedli's avatar
jfriedli committed
74 75 76 77 78
  only:
    - master
    - develop
    - schedules
    - tags
jfriedli's avatar
jfriedli committed
79 80 81
  script:
    - export MAT2_API_URL_PROD='$MAT_API_HOST_PLACEHOLDER'
    - quasar build -m pwa
82

83
# Publish the container in the registry
jfriedli's avatar
jfriedli committed
84
.container-build-template: &container-build-template
85
  image: docker:20.10.6
jfriedli's avatar
jfriedli committed
86 87
  tags:
    - mat-web-runner
88 89 90 91
  cache:
    key: ${CI_COMMIT_REF_SLUG}
    paths:
      - node_modules/
jfriedli's avatar
jfriedli committed
92
  services:
93
    - docker:20.10.6-dind
jfriedli's avatar
jfriedli committed
94
  variables:
jfriedli's avatar
jfriedli committed
95
    DOCKER_TLS_CERTDIR: "/certs"
jfriedli's avatar
jfriedli committed
96
  before_script:
jfriedli's avatar
jfriedli committed
97
    - echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
jfriedli's avatar
jfriedli committed
98
    - echo $CI_COMMIT_REF_SLUG
jfriedli's avatar
jfriedli committed
99
  script:
jfriedli's avatar
jfriedli committed
100
    - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG .
jfriedli's avatar
jfriedli committed
101
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
jfriedli's avatar
jfriedli committed
102
  stage: container_build
jfriedli's avatar
jfriedli committed
103

jfriedli's avatar
jfriedli committed
104 105
build_container:
  <<: *container-build-template
jfriedli's avatar
jfriedli committed
106
  only:
jfriedli's avatar
jfriedli committed
107 108
    - master
    - develop
jfriedli's avatar
jfriedli committed
109

jfriedli's avatar
jfriedli committed
110 111 112
build_tagged_container:
  <<: *container-build-template
  script:
jfriedli's avatar
jfriedli committed
113
    - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME .
jfriedli's avatar
jfriedli committed
114 115 116 117
    - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
  only:
    - tags

118
# Updates the dependencies in this project and creates automated merge requests
jfriedli's avatar
jfriedli committed
119
renovate:
jfriedli's avatar
jfriedli committed
120
  stage: renovate
jfriedli's avatar
jfriedli committed
121
  variables:
jfriedli's avatar
jfriedli committed
122 123 124 125
    RENOVATE_TOKEN: $GITLAB_API_TOKEN
  image:
    name: renovate/renovate:19
    entrypoint: ['']
jfriedli's avatar
jfriedli committed
126
  script:
jfriedli's avatar
jfriedli committed
127
    - node /usr/src/app/dist/renovate.js --platform gitlab --endpoint ${CI_API_V4_URL} --token ${GITLAB_API_TOKEN} ${CI_PROJECT_PATH}
jfriedli's avatar
jfriedli committed
128

jfriedli's avatar
jfriedli committed
129

130
# Run a sast analysis over the container
jfriedli's avatar
jfriedli committed
131 132
container_sast:
  stage: container_sast
133
  image: docker:20.10.6
jfriedli's avatar
jfriedli committed
134
  services:
135
    - docker:20.10.6-dind
jfriedli's avatar
jfriedli committed
136
  variables:
jfriedli's avatar
jfriedli committed
137
    DOCKER_TLS_CERTDIR: "/certs"
jfriedli's avatar
jfriedli committed
138 139 140 141
  allow_failure: true
  before_script:
    - echo "Running Container SAST"
  script:
jfriedli's avatar
jfriedli committed
142 143
    - docker run -d --name db arminc/clair-db:latest
    - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.1.0_8cb406fdb7ae7dc6fed05032b036a365391aaf42
jfriedli's avatar
jfriedli committed
144
    - apk add -U wget ca-certificates
jfriedli's avatar
jfriedli committed
145
    - docker pull $CI_REGISTRY_IMAGE:master
jfriedli's avatar
jfriedli committed
146
    - wget https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64
jfriedli's avatar
jfriedli committed
147 148 149
    - mv clair-scanner_linux_amd64 clair-scanner
    - chmod +x clair-scanner
    - touch clair-whitelist.yml
jfriedli's avatar
jfriedli committed
150
    - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done
jfriedli's avatar
jfriedli committed
151 152
    - retries=0
    - echo "Waiting for clair daemon to start"
jfriedli's avatar
jfriedli committed
153 154
    - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done
    - ./clair-scanner --threshold="Negligible" -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $CI_REGISTRY_IMAGE:master
jfriedli's avatar
jfriedli committed
155 156 157 158 159 160
  after_script:
    - cat gl-container-scanning-report.json
  artifacts:
    paths: [gl-container-scanning-report.json]
  only:
    - master