# https://about.gitlab.com/2017/09/12/vuejs-app-gitlab/ # https://medium.com/joolsoftware/connect-gitlab-with-digitaloceans-kubernetes-439076b9de17 # https://blog.lwolf.org/post/how-to-create-ci-cd-pipeline-with-autodeploy-k8s-gitlab-helm/ stages: - test - build - container_build - container_sast - renovate # to cache both npm modules and Cypress binary we use environment variables # to point at the folders we can list as paths in "cache" job settings variables: npm_config_cache: "$CI_PROJECT_DIR/.npm" CYPRESS_CACHE_FOLDER: "$CI_PROJECT_DIR/cache/Cypress" # cache using branch name # https://gitlab.com/help/ci/caching/index.md cache: key: ${CI_COMMIT_REF_SLUG} paths: - .npm - cache/Cypress - node_modules # Runnning E2E Test using docker compose and cypress e2e_test: image: docker:20.10.6 stage: test tags: - mat-web-runner retry: 2 services: - docker:20.10.6-dind variables: DOCKER_TLS_CERTDIR: "/certs" before_script: - docker info - apk add --update py-pip - pip install docker-compose~=1.23.0 script: - sh test/run_test_in_ci.sh artifacts: paths: - cypress/videos/ - tests/screenshots/ expire_in: 7 days only: - branches - schedules # Build the application .build_frontend_template: &build_frontend-template image: node:12 stage: build cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ before_script: - yarn install - yarn global add @quasar/cli script: - quasar build -m pwa artifacts: expire_in: 1 week paths: - dist/pwa build_frontend_with_placeholder_url: <<: *build_frontend-template variables: MAT2_API_URL_PROD: '$MAT_API_HOST_PLACEHOLDER' only: - master - develop - schedules - tags script: - export MAT2_API_URL_PROD='$MAT_API_HOST_PLACEHOLDER' - quasar build -m pwa # Publish the container in the registry .container-build-template: &container-build-template image: docker:20.10.6 tags: - mat-web-runner cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ services: - docker:20.10.6-dind variables: DOCKER_TLS_CERTDIR: "/certs" before_script: - echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY - echo $CI_COMMIT_REF_SLUG script: - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG . - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG stage: container_build build_container: <<: *container-build-template only: - master - develop build_tagged_container: <<: *container-build-template script: - docker build --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME . - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME only: - tags # Updates the dependencies in this project and creates automated merge requests renovate: stage: renovate variables: RENOVATE_TOKEN: $GITLAB_API_TOKEN image: name: renovate/renovate:19 entrypoint: [''] script: - node /usr/src/app/dist/renovate.js --platform gitlab --endpoint ${CI_API_V4_URL} --token ${GITLAB_API_TOKEN} ${CI_PROJECT_PATH} # Run a sast analysis over the container container_sast: stage: container_sast image: docker:20.10.6 services: - docker:20.10.6-dind variables: DOCKER_TLS_CERTDIR: "/certs" allow_failure: true before_script: - echo "Running Container SAST" script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair --restart on-failure arminc/clair-local-scan:v2.1.0_8cb406fdb7ae7dc6fed05032b036a365391aaf42 - apk add -U wget ca-certificates - docker pull $CI_REGISTRY_IMAGE:master - wget https://github.com/arminc/clair-scanner/releases/download/v12/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - while( ! wget -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; done - retries=0 - echo "Waiting for clair daemon to start" - while( ! wget -T 10 -q -O /dev/null http://docker:6060/v1/namespaces ) ; do sleep 1 ; echo -n "." ; if [ $retries -eq 10 ] ; then echo " Timeout, aborting." ; exit 1 ; fi ; retries=$(($retries+1)) ; done - ./clair-scanner --threshold="Negligible" -c http://docker:6060 --ip $(hostname -i) -r gl-container-scanning-report.json -l clair.log -w clair-whitelist.yml $CI_REGISTRY_IMAGE:master after_script: - cat gl-container-scanning-report.json artifacts: paths: [gl-container-scanning-report.json] only: - master