-
Notifications
You must be signed in to change notification settings - Fork 14
/
Copy path.gitlab-ci.yml
108 lines (100 loc) · 2.52 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
image: docker.slock.it/build-images/node:10-alpine
stages:
- build
- package
- analysis
- deploy
- mirror
# Job templates
ui-build:
stage: build
tags:
- short-jobs
script:
- sh /prepare.sh
- npm install
- CI="" npm run build
artifacts:
name: build-ui
paths:
- build/
docker-package:
stage: package
tags:
- short-jobs
image: docker
only:
- master
- develop
- tags
services:
- docker:dind
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
vulnerabilities:
stage: analysis
tags:
- short-jobs
dependencies:
- docker-package
allow_failure: true
image: docker.slock.it/build-images/vulnerability-testing-tools
script:
- export TRIVY_AUTH_URL=$CI_REGISTRY
- export TRIVY_USERNAME=gitlab-ci-token
- export TRIVY_PASSWORD=$CI_JOB_TOKEN
- trivy -f json -o vulnerability_analysis.json --exit-code 1 $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
artifacts:
paths:
- vulnerability_analysis.json
.deploy-tmpl:
stage: deploy
except:
- branches
tags:
- deployment
image: docker.slock.it/build-images/deployment
services:
- docker:dind
script:
- rancher -w up -d --prune -p -s piet-${TARGET} -c --force-upgrade
- sentry-cli releases new -p piet piet@${CI_COMMIT_REF_NAME}
- sentry-cli releases deploys piet@${CI_COMMIT_REF_NAME} new -e ${TARGET}
- sentry-cli releases set-commits --auto piet@${CI_COMMIT_REF_NAME}
deploy-to-stage:
extends: .deploy-tmpl
dependencies:
- docker-package
only:
- /^v[0-9]+.[0-9]+.[0-9]+-(alpha|beta|rc)\.[0-9]+$/
variables:
TARGET: stage
deploy-to-production:
extends: .deploy-tmpl
dependencies:
- docker-package
only:
- /^v[0-9]+.[0-9]+.[0-9]+$/
variables:
TARGET: production
mirror-to-github:
stage: mirror
when: manual
tags:
- short-jobs
only:
- master
- /^v[0-9]+.[0-9]+.[0-9]+$/
script:
- echo -e "$GITHUB_PUSH_KEY" > /gitkey
- chmod 0400 /gitkey
- export GIT_SSH_COMMAND="/usr/bin/ssh -o StrictHostKeyChecking=no -i /gitkey"
- git branch -D ext-master || true
- git checkout -b ext-master
- git remote rm external || true
- git remote add external [email protected]:slockit/piet.git
- git status
- git push -u --force external ext-master:master
- git push --force external --tags