-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
283 lines (272 loc) · 12.3 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
image: quay.io/tike/alpine-oc-node
variables:
npm_config_cache: "$CI_PROJECT_DIR/.npm"
# Define a hidden job to be used with extends
# Better than default to avoid activating cache for all jobs
.dependencies_cache:
cache:
key:
files:
- package-lock.json
paths:
- .npm
policy: pull
# Define the stages
stages:
- setup
- test
- dependency-check
- sonarqube-check
- deploy
# Define the process for setup stage
setup:
stage: setup
tags:
- ohtu-build-3
script:
- npm ci
extends: .dependencies_cache
cache:
policy: pull-push
artifacts:
expire_in: 1h
paths:
- node_modules
# Define the process for test stage
# Create Postgres container for the tests
test:
stage: test
services:
- postgres:12.2-alpine
variables:
POSTGRES_DB: ${DATABASE}
POSTGRES_USER: ${POSTGRES_USER}
POSTGRES_PASSWORD: ${PASSWORD}
POSTGRES_HOST_AUTH_METHOD: trust
tags:
- ohtu-build-3
script:
- CI=true npm run coverage
coverage: /All files\s*\|\s*([\d\.]+)/
artifacts:
name: lataamo-ilmoittamo-coverage
paths:
- coverage
expire_in: 1 hour
sonarqube-check:
stage: sonarqube-check
tags:
- ohtu-build-3
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [ "" ]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
only:
- main
needs:
- job: dependency-check
artifacts: true
dependency-check:
stage: dependency-check
only:
- main
tags:
- ohtu-build-3
image:
name: owasp/dependency-check-action:latest
entrypoint: [""]
script:
- >
/usr/share/dependency-check/bin/dependency-check.sh
--project unitube-ilmoittamo --scan .
--format JSON --format HTML -nvdApiKey $NVD_API_KEY
artifacts:
when: always
expire_in: 1 week
paths:
- dependency-check-report.json
- dependency-check-report.html
# Define the process for deploy stage to development environment
# Development environment uses https://webcast-test.it.helsinki.fi (OpenCast test environment)
deploy_dev:
stage: deploy
tags:
- ohtu-build-3
environment:
name: development
only:
- main
except:
# Skip deploy when scheduled npm audit and outdated scans are executed.
- schedules
script:
# set home path for openshift 1001 user
- export HOME=/home/1001
# before any action, I connect to the OpenShift server with the appropriate credentials
- oc login https://$OPENSHIFT_ADDR_TEST:$OPENSHIFT_PORT --token=$OPENSHIFT_TOKEN_TEST
- oc project poistamo
- oc set env deploy/ilmoittamo-dev OPENSHIFT_NODEJS_IP=$OPENSHIFT_NODEJS_IP
- oc set env deploy/ilmoittamo-dev OPENSHIFT_NODEJS_PORT=$OPENSHIFT_NODEJS_PORT
# add secrets here
- oc delete secret generic ilmoittamo-dev-password --ignore-not-found
- oc create secret generic ilmoittamo-dev-password --from-literal=PASSWORD=$ILMOITTAMO_DEV_PASSWORD
- oc delete secret generic ilmoittamo-opencast-dev-password --ignore-not-found
- oc create secret generic ilmoittamo-opencast-dev-password --from-literal=ILMOITTAMO_OPENCAST_PASS=$ILMOITTAMO_OPENCAST_PASS_DEV
- oc delete secret generic ilmoittamo-api-gw-key --ignore-not-found
- oc create secret generic ilmoittamo-api-gw-key --from-literal=IAM_GROUPS_API_KEY=$IAM_GROUPS_API_KEY_TEST
# list environment variables here
# postgres environment variables
- oc set env --from=secret/ilmoittamo-dev-password deploy/ilmoittamo-dev
- oc set env deploy/ilmoittamo-dev POSTGRES_USER=$ILMOITTAMO_DEV_USER_NAME
- oc set env deploy/ilmoittamo-dev PORT=$ILMOITTAMO_DEV_PORT
- oc set env deploy/ilmoittamo-dev HOST=$ILMOITTAMO_DEV_HOST
- oc set env deploy/ilmoittamo-dev DATABASE=$ILMOITTAMO_DEV_DATABASE
- oc set env deploy/ilmoittamo-dev SSL=$ILMOITTAMO_DEV_SSL
- oc set env deploy/ilmoittamo-dev TZ="Europe/Helsinki"
# opencast environment variables
- oc set env --from=secret/ilmoittamo-opencast-dev-password deploy/ilmoittamo-dev
- oc set env deploy/ilmoittamo-dev ILMOITTAMO_OPENCAST_USER=$ILMOITTAMO_OPENCAST_USER_DEV
- oc set env deploy/ilmoittamo-dev ILMOITTAMO_OPENCAST_HOST=$ILMOITTAMO_OPENCAST_HOST_DEV
# email sender environment variables
- oc set env deploy/ilmoittamo-dev ILMOITTAMO_EMAIL_SENDER_HOST=$ILMOITTAMO_EMAIL_SENDER_HOST_DEV
# api-gateway environment variables
- oc set env deploy/ilmoittamo-dev IAM_GROUPS_HOST=$IAM_GROUPS_HOST_TEST
- oc set env --from=secret/ilmoittamo-api-gw-key deploy/ilmoittamo-dev
# cronJobThirteenDays variable
- oc set env deploy/ilmoittamo-dev CRON_START_TIME_THIRTEEN_DAYS="30 1 1,14,27 * *"
# cronJobSixDays variable
- oc set env deploy/ilmoittamo-dev CRON_START_TIME_SIX_DAYS="30 1 1,7,13,19,25,31 * *"
# cronJobThreeDays variable
- oc set env deploy/ilmoittamo-dev CRON_START_TIME_THREE_DAYS="30 1 1,4,7,10,13,16,19,22,25,28,31 * *"
# start build process in OpenShift
- oc start-build ilmoittamo-dev --from-dir=. --follow
# patch openshift buildConfig file
- oc patch bc/ilmoittamo-dev --patch '{"spec":{"successfulBuildsHistoryLimit":1}}'
- oc patch bc/ilmoittamo-dev --patch '{"spec":{"failedBuildsHistoryLimit":1}}'
# set pod memory quota to 100 MB and limit to 500 MB
- oc set resources deploy/ilmoittamo-dev --limits=memory=500Mi --requests=memory=100Mi
# Test environment uses https://webcast-dev.it.helsinki.fi (OpenCast devel environment, used for Version Switching)
deploy_test:
stage: deploy
tags:
- ohtu-build-3
environment:
name: test
only:
- test
except:
# Skip deploy when scheduled npm audit and outdated scans are executed.
- schedules
script:
# set home path for openshift 1001 user
- export HOME=/home/1001
# before any action, I connect to the OpenShift server with the appropriate credentials
- oc login https://$OPENSHIFT_ADDR_TEST:$OPENSHIFT_PORT --token=$OPENSHIFT_TOKEN_TEST
- oc project poistamo
- oc set env deploy/ilmoittamo-test OPENSHIFT_NODEJS_IP=$OPENSHIFT_NODEJS_IP
- oc set env deploy/ilmoittamo-test OPENSHIFT_NODEJS_PORT=$OPENSHIFT_NODEJS_PORT
# add secrets here
- oc delete secret generic ilmoittamo-test-password --ignore-not-found
- oc create secret generic ilmoittamo-test-password --from-literal=PASSWORD=$ILMOITTAMO_TEST_PASSWORD
- oc delete secret generic ilmoittamo-opencast-test-password --ignore-not-found
- oc create secret generic ilmoittamo-opencast-test-password --from-literal=ILMOITTAMO_OPENCAST_PASS=$ILMOITTAMO_OPENCAST_PASS_TEST
- oc delete secret generic ilmoittamo-api-gw-key --ignore-not-found
- oc create secret generic ilmoittamo-api-gw-key --from-literal=IAM_GROUPS_API_KEY=$IAM_GROUPS_API_KEY_TEST
# list environment variables here
# postgres environment variables
- oc set env --from=secret/ilmoittamo-test-password deploy/ilmoittamo-test
- oc set env deploy/ilmoittamo-test POSTGRES_USER=$ILMOITTAMO_TEST_USER_NAME
- oc set env deploy/ilmoittamo-test PORT=$ILMOITTAMO_TEST_PORT
- oc set env deploy/ilmoittamo-test HOST=$ILMOITTAMO_TEST_HOST
- oc set env deploy/ilmoittamo-test DATABASE=$ILMOITTAMO_TEST_DATABASE
- oc set env deploy/ilmoittamo-test SSL=$ILMOITTAMO_TEST_SSL
- oc set env deploy/ilmoittamo-test TZ="Europe/Helsinki"
# opencast environment variables
- oc set env --from=secret/ilmoittamo-opencast-test-password deploy/ilmoittamo-test
- oc set env deploy/ilmoittamo-test ILMOITTAMO_OPENCAST_USER=$ILMOITTAMO_OPENCAST_USER_TEST
- oc set env deploy/ilmoittamo-test ILMOITTAMO_OPENCAST_HOST=$ILMOITTAMO_OPENCAST_HOST_TEST
# email sender environment variables
- oc set env deploy/ilmoittamo-test ILMOITTAMO_EMAIL_SENDER_HOST=$ILMOITTAMO_EMAIL_SENDER_HOST_TEST
# api-gateway environment variables
- oc set env deploy/ilmoittamo-test IAM_GROUPS_HOST=$IAM_GROUPS_HOST_TEST
- oc set env --from=secret/ilmoittamo-api-gw-key deploy/ilmoittamo-test
# cronJobThirteenDays variable
- oc set env deploy/ilmoittamo-test CRON_START_TIME_THIRTEEN_DAYS="30 1 1,14,27 * *"
# cronJobSixDays variable
- oc set env deploy/ilmoittamo-test CRON_START_TIME_SIX_DAYS="30 1 1,7,13,19,25,31 * *"
# cronJobThreeDays variable
- oc set env deploy/ilmoittamo-test CRON_START_TIME_THREE_DAYS="30 1 1,4,7,10,13,16,19,22,25,28,31 * *"
# start build process in OpenShift
- oc start-build ilmoittamo-test --from-dir=. --follow
# patch openshift buildConfig file
- oc patch bc/ilmoittamo-test --patch '{"spec":{"successfulBuildsHistoryLimit":1}}'
- oc patch bc/ilmoittamo-test --patch '{"spec":{"failedBuildsHistoryLimit":1}}'
# set pod memory quota to 100 MB and limit to 500 MB
- oc set resources deploy/ilmoittamo-test --limits=memory=500Mi --requests=memory=100Mi
# Production environment uses https://webcast.it.helsinki.fi (OpenCast production environment)
deploy_prod:
stage: deploy
tags:
- ohtu-build-3
environment:
name: production
only:
- prod
when: manual
except:
# Skip deploy when scheduled npm audit and outdated scans are executed.
- schedules
script:
# set home path for openshift 1001 user
- export HOME=/home/1001
# before any action, I connect to the OpenShift server with the appropriate credentials
- oc login https://$OPENSHIFT_ADDR_PROD:$OPENSHIFT_PORT --token=$OPENSHIFT_TOKEN_PROD
- oc project poistamo
- oc set env deploy/ilmoittamo-prod OPENSHIFT_NODEJS_IP=$OPENSHIFT_NODEJS_IP
- oc set env deploy/ilmoittamo-prod OPENSHIFT_NODEJS_PORT=$OPENSHIFT_NODEJS_PORT
# add secrets here
- oc delete secret generic ilmoittamo-prod-password --ignore-not-found
- oc create secret generic ilmoittamo-prod-password --from-literal=PASSWORD=$ILMOITTAMO_PROD_PASSWORD
- oc delete secret generic ilmoittamo-opencast-prod-password --ignore-not-found
- oc create secret generic ilmoittamo-opencast-prod-password --from-literal=ILMOITTAMO_OPENCAST_PASS=$ILMOITTAMO_OPENCAST_PASS_PROD
- oc delete secret generic ilmoittamo-api-gw-key --ignore-not-found
- oc create secret generic ilmoittamo-api-gw-key --from-literal=IAM_GROUPS_API_KEY=$IAM_GROUPS_API_KEY_PROD
# list environment variables here
# postgres environment variables
- oc set env --from=secret/ilmoittamo-prod-password deploy/ilmoittamo-prod
- oc set env deploy/ilmoittamo-prod POSTGRES_USER=$ILMOITTAMO_PROD_USER_NAME
- oc set env deploy/ilmoittamo-prod PORT=$ILMOITTAMO_PROD_PORT
- oc set env deploy/ilmoittamo-prod HOST=$ILMOITTAMO_PROD_HOST
- oc set env deploy/ilmoittamo-prod DATABASE=$ILMOITTAMO_PROD_DATABASE
- oc set env deploy/ilmoittamo-prod SSL=$ILMOITTAMO_PROD_SSL
- oc set env deploy/ilmoittamo-prod TZ="Europe/Helsinki"
# opencast environment variables
- oc set env --from=secret/ilmoittamo-opencast-prod-password deploy/ilmoittamo-prod
- oc set env deploy/ilmoittamo-prod ILMOITTAMO_OPENCAST_USER=$ILMOITTAMO_OPENCAST_USER_PROD
- oc set env deploy/ilmoittamo-prod ILMOITTAMO_OPENCAST_HOST=$ILMOITTAMO_OPENCAST_HOST_PROD
# email sender environment variables
- oc set env deploy/ilmoittamo-prod ILMOITTAMO_EMAIL_SENDER_HOST=$ILMOITTAMO_EMAIL_SENDER_HOST_PROD
# api-gateway environment variables
- oc set env deploy/ilmoittamo-prod IAM_GROUPS_HOST=$IAM_GROUPS_HOST_PROD
- oc set env --from=secret/ilmoittamo-api-gw-key deploy/ilmoittamo-prod
# cronJobThirteenDays variable
- oc set env deploy/ilmoittamo-prod CRON_START_TIME_THIRTEEN_DAYS="30 1 1,14,27 * *"
# cronJobSixDays variable
- oc set env deploy/ilmoittamo-prod CRON_START_TIME_SIX_DAYS="30 1 1,7,13,19,25,31 * *"
# cronJobThreeDays variable
- oc set env deploy/ilmoittamo-prod CRON_START_TIME_THREE_DAYS="30 1 1,4,7,10,13,16,19,22,25,28,31 * *"
# start build process in OpenShift
- oc start-build ilmoittamo-prod --from-dir=. --follow
# patch openshift buildConfig file
- oc patch bc/ilmoittamo-prod --patch '{"spec":{"successfulBuildsHistoryLimit":1}}'
- oc patch bc/ilmoittamo-prod --patch '{"spec":{"failedBuildsHistoryLimit":1}}'
# set pod memory quota to 100 MB and limit to 500 MB
- oc set resources deploy/ilmoittamo-prod --limits=memory=500Mi --requests=memory=100Mi