di improvements
This commit is contained in:
parent
4ef041bb54
commit
71795cc7a2
@ -20,26 +20,30 @@ build:docker:
|
|||||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
tags: [ docker ]
|
tags: [ docker ]
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env # COMMIT=`git rev-parse HEAD`
|
- echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env # COMMIT=`git rev-parse HEAD`
|
||||||
script:
|
script:
|
||||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
- IMAGE=$CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF
|
||||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${CI_BUILD_REF}
|
- docker build . --tag $IMAGE
|
||||||
|
- docker push $IMAGE
|
||||||
|
- echo "CS_IMAGE=$IMAGE" > container_scanning.env
|
||||||
|
artifacts:
|
||||||
|
reports:
|
||||||
|
dotenv: container_scanning.env
|
||||||
|
|
||||||
build:apt:
|
build:apt:
|
||||||
image: debian:bookworm-slim
|
image: debian:bookworm-slim
|
||||||
interruptible: true
|
interruptible: true
|
||||||
stage: build
|
stage: build
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_TAG
|
||||||
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH
|
||||||
changes:
|
changes:
|
||||||
- app/**/*
|
- app/**/*
|
||||||
- .DEBIAN/**/*
|
- .DEBIAN/**/*
|
||||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
|
- echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env
|
||||||
- source version.env
|
|
||||||
# install build dependencies
|
# install build dependencies
|
||||||
- apt-get update -qq && apt-get install -qq -y build-essential
|
- apt-get update -qq && apt-get install -qq -y build-essential
|
||||||
# create build directory for .deb sources
|
# create build directory for .deb sources
|
||||||
@ -60,8 +64,8 @@ build:apt:
|
|||||||
# cd into "build/"
|
# cd into "build/"
|
||||||
- cd build/
|
- cd build/
|
||||||
script:
|
script:
|
||||||
# set version based on value in "$VERSION" (which is set above from version.env)
|
# set version based on value in "$CI_BUILD_REF_NAME"
|
||||||
- sed -i -E 's/(Version\:\s)0.0/\1'"$VERSION"'/g' DEBIAN/control
|
- sed -i -E 's/(Version\:\s)0.0/\1'"$CI_BUILD_REF_NAME"'/g' DEBIAN/control
|
||||||
# build
|
# build
|
||||||
- dpkg -b . build.deb
|
- dpkg -b . build.deb
|
||||||
- dpkg -I build.deb
|
- dpkg -I build.deb
|
||||||
@ -82,7 +86,7 @@ build:pacman:
|
|||||||
- .PKGBUILD/**/*
|
- .PKGBUILD/**/*
|
||||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
|
- echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env
|
||||||
# install build dependencies
|
# install build dependencies
|
||||||
- pacman -Syu --noconfirm git
|
- pacman -Syu --noconfirm git
|
||||||
# create a build-user because "makepkg" don't like root user
|
# create a build-user because "makepkg" don't like root user
|
||||||
@ -108,6 +112,7 @@ test:
|
|||||||
stage: test
|
stage: test
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH
|
- if: $CI_COMMIT_BRANCH
|
||||||
|
- if: $CI_COMMIT_TAG
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
variables:
|
variables:
|
||||||
DATABASE: sqlite:///../app/db.sqlite
|
DATABASE: sqlite:///../app/db.sqlite
|
||||||
@ -192,28 +197,24 @@ code_quality:
|
|||||||
- if: $CODE_QUALITY_DISABLED
|
- if: $CODE_QUALITY_DISABLED
|
||||||
when: never
|
when: never
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
|
|
||||||
secret_detection:
|
secret_detection:
|
||||||
rules:
|
rules:
|
||||||
- if: $SECRET_DETECTION_DISABLED
|
- if: $SECRET_DETECTION_DISABLED
|
||||||
when: never
|
when: never
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
|
|
||||||
semgrep-sast:
|
semgrep-sast:
|
||||||
rules:
|
rules:
|
||||||
- if: $SAST_DISABLED
|
- if: $SAST_DISABLED
|
||||||
when: never
|
when: never
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
|
|
||||||
test_coverage:
|
test_coverage:
|
||||||
extends: test
|
extends: test
|
||||||
allow_failure: true
|
allow_failure: true
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
script:
|
script:
|
||||||
- pip install pytest pytest-cov
|
- pip install pytest pytest-cov
|
||||||
- coverage run -m pytest main.py
|
- coverage run -m pytest main.py
|
||||||
@ -232,43 +233,36 @@ container_scanning:
|
|||||||
- if: $CONTAINER_SCANNING_DISABLED
|
- if: $CONTAINER_SCANNING_DISABLED
|
||||||
when: never
|
when: never
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
|
|
||||||
gemnasium-python-dependency_scanning:
|
gemnasium-python-dependency_scanning:
|
||||||
rules:
|
rules:
|
||||||
- if: $DEPENDENCY_SCANNING_DISABLED
|
- if: $DEPENDENCY_SCANNING_DISABLED
|
||||||
when: never
|
when: never
|
||||||
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
- if: $CI_PIPELINE_SOURCE == "merge_request_event"
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
|
|
||||||
.deploy:
|
.deploy:
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
- if: $CI_COMMIT_TAG
|
- if: $CI_COMMIT_TAG
|
||||||
when: never
|
|
||||||
|
|
||||||
deploy:docker:
|
deploy:docker:
|
||||||
extends: .deploy
|
extends: .deploy
|
||||||
stage: deploy
|
stage: deploy
|
||||||
rules:
|
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
before_script:
|
before_script:
|
||||||
- echo "COMMIT=${CI_COMMIT_SHA}" >> version.env
|
- echo -e "VERSION=$CI_BUILD_REF_NAME\nCOMMIT=$CI_COMMIT_SHA" > version.env
|
||||||
- source version.env
|
- echo "Building docker image for commit $CI_COMMIT_SHA with version $CI_BUILD_REF_NAME"
|
||||||
- echo "Building docker image for commit ${COMMIT} with version ${VERSION}"
|
|
||||||
script:
|
script:
|
||||||
- echo "GitLab-Registry"
|
- echo "GitLab-Registry"
|
||||||
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION}
|
- docker build . --tag $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF_NAME
|
||||||
- docker build . --tag ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest
|
- docker build . --tag $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:latest
|
||||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:${VERSION}
|
- docker push $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:$CI_BUILD_REF_NAME
|
||||||
- docker push ${CI_REGISTRY}/${CI_PROJECT_PATH}/${CI_BUILD_REF_NAME}:latest
|
- docker push $CI_REGISTRY/$CI_PROJECT_PATH/$CI_BUILD_REF_NAME:latest
|
||||||
- echo "Docker-Hub"
|
- echo "Docker-Hub"
|
||||||
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
- docker login -u $PUBLIC_REGISTRY_USER -p $PUBLIC_REGISTRY_TOKEN
|
||||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
- docker build . --tag $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:$CI_BUILD_REF_NAME
|
||||||
- docker build . --tag $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
- docker build . --tag $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:latest
|
||||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:${VERSION}
|
- docker push $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:$CI_BUILD_REF_NAME
|
||||||
- docker push $PUBLIC_REGISTRY_USER/${CI_PROJECT_NAME}:latest
|
- docker push $PUBLIC_REGISTRY_USER/$CI_PROJECT_NAME:latest
|
||||||
|
|
||||||
deploy:apt:
|
deploy:apt:
|
||||||
# doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
|
# doc: https://git.collinwebdesigns.de/help/user/packages/debian_repository/index.md#install-a-package
|
||||||
@ -276,7 +270,7 @@ deploy:apt:
|
|||||||
image: debian:bookworm-slim
|
image: debian:bookworm-slim
|
||||||
stage: deploy
|
stage: deploy
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_TAG
|
||||||
needs:
|
needs:
|
||||||
- job: build:apt
|
- job: build:apt
|
||||||
artifacts: true
|
artifacts: true
|
||||||
@ -317,7 +311,7 @@ deploy:pacman:
|
|||||||
image: archlinux:base-devel
|
image: archlinux:base-devel
|
||||||
stage: deploy
|
stage: deploy
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
- if: $CI_COMMIT_TAG
|
||||||
needs:
|
needs:
|
||||||
- job: build:pacman
|
- job: build:pacman
|
||||||
artifacts: true
|
artifacts: true
|
||||||
@ -325,9 +319,9 @@ deploy:pacman:
|
|||||||
- source .PKGBUILD/PKGBUILD
|
- source .PKGBUILD/PKGBUILD
|
||||||
- source version.env
|
- source version.env
|
||||||
# fastapi-dls-1.0-1-any.pkg.tar.zst
|
# fastapi-dls-1.0-1-any.pkg.tar.zst
|
||||||
- BUILD_NAME=${pkgname}-${VERSION}-${pkgrel}-any.pkg.tar.zst
|
- BUILD_NAME=${pkgname}-${CI_BUILD_REF_NAME}-${pkgrel}-any.pkg.tar.zst
|
||||||
- PACKAGE_NAME=${pkgname}
|
- PACKAGE_NAME=${pkgname}
|
||||||
- PACKAGE_VERSION=${VERSION}
|
- PACKAGE_VERSION=${CI_BUILD_REF_NAME}
|
||||||
- PACKAGE_ARCH=any
|
- PACKAGE_ARCH=any
|
||||||
- EXPORT_NAME=${BUILD_NAME}
|
- EXPORT_NAME=${BUILD_NAME}
|
||||||
- 'echo "PACKAGE_NAME: ${PACKAGE_NAME}"'
|
- 'echo "PACKAGE_NAME: ${PACKAGE_NAME}"'
|
||||||
@ -339,19 +333,15 @@ deploy:pacman:
|
|||||||
release:
|
release:
|
||||||
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
image: registry.gitlab.com/gitlab-org/release-cli:latest
|
||||||
stage: .post
|
stage: .post
|
||||||
needs:
|
needs: [ test ]
|
||||||
- job: test
|
|
||||||
artifacts: true
|
|
||||||
rules:
|
rules:
|
||||||
- if: $CI_COMMIT_TAG
|
- if: $CI_COMMIT_TAG
|
||||||
when: never
|
|
||||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
|
||||||
script:
|
script:
|
||||||
- echo "Running release-job for $VERSION"
|
- echo "Running release-job for $CI_COMMIT_TAG"
|
||||||
release:
|
release:
|
||||||
name: $CI_PROJECT_TITLE $VERSION
|
name: $CI_PROJECT_TITLE $CI_COMMIT_TAG
|
||||||
description: Release of $CI_PROJECT_TITLE version $VERSION
|
description: Release of $CI_PROJECT_TITLE version $CI_COMMIT_TAG
|
||||||
tag_name: $VERSION
|
tag_name: $CI_COMMIT_TAG
|
||||||
ref: $CI_COMMIT_SHA
|
ref: $CI_COMMIT_SHA
|
||||||
assets:
|
assets:
|
||||||
links:
|
links:
|
||||||
|
@ -1 +0,0 @@
|
|||||||
VERSION=1.3.5
|
|
Loading…
Reference in New Issue
Block a user