engelsystem/.gitlab-ci.yml

536 lines
13 KiB
YAML
Raw Normal View History

image: php
variables:
2020-05-09 00:58:17 +02:00
TEST_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:${CI_COMMIT_REF_SLUG}
RELEASE_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:latest
MYSQL_DATABASE: engelsystem
MYSQL_USER: engel
MYSQL_PASSWORD: engelsystem
2017-11-25 10:53:50 +01:00
MYSQL_HOST: mariadb
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
2019-09-17 20:24:16 +02:00
MYSQL_INITDB_SKIP_TZINFO: "yes"
2018-08-20 23:21:02 +02:00
DOCROOT: /var/www/
2018-08-20 23:21:02 +02:00
stages:
2022-12-04 14:08:06 +01:00
- prepare
- validate
2018-08-20 23:21:02 +02:00
- build
- test
- release
- deploy
2020-05-09 13:08:53 +02:00
- deploy-production
2020-09-01 14:40:09 +02:00
- stop
2020-05-09 13:08:53 +02:00
2022-12-04 14:08:06 +01:00
.use_cache: &use_cache
cache:
key: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
paths:
- .yarn-cache/
- vendor/
2018-08-20 23:21:02 +02:00
2022-12-04 14:08:06 +01:00
# for jobs that depend on composer
.use_composer: &use_composer
<<: *use_cache
needs:
- composer install
before_script:
2022-12-04 14:08:06 +01:00
- composer install --no-ansi --no-progress
2022-12-04 14:08:06 +01:00
# for jobs that depend on yarn
.use_yarn: &use_yarn
<<: *use_cache
2022-11-27 16:39:15 +01:00
needs:
2022-12-04 14:08:06 +01:00
- yarn install
2022-11-26 14:50:15 +01:00
before_script:
2022-12-04 14:08:06 +01:00
- yarn install --check-frontend --cache-folder .yarn-cache
2022-11-26 14:50:15 +01:00
2022-12-04 14:08:06 +01:00
#
# Preparation
#
2020-05-13 18:40:03 +02:00
2022-12-04 14:08:06 +01:00
composer validate:
image: composer:latest
2022-12-04 14:08:06 +01:00
stage: prepare
script:
- composer --no-ansi validate --strict
2022-12-04 14:08:06 +01:00
composer install:
<<: *use_cache
image: composer:latest
stage: prepare
needs:
- composer audit
- composer validate
script:
- composer install --no-ansi --no-progress
composer audit:
image: php:latest
stage: prepare
needs:
- composer validate
before_script:
- curl -Ls https://github.com/symfony/cli/releases/latest/download/symfony_linux_amd64.gz | gzip -d > /bin/symfony
- chmod +x /bin/symfony
script:
- symfony check:security --no-ansi
yarn-validate:
image: node:alpine
2022-12-04 14:08:06 +01:00
stage: prepare
before_script:
- yarn global add package-json-validator
- export PATH=$PATH:~/.yarn/bin
script:
- pjv
2022-12-04 14:08:06 +01:00
yarn install:
<<: *use_cache
image: node:alpine
stage: prepare
needs:
- yarn-validate
- yarn audit
script:
- yarn install --check-frontend --cache-folder .yarn-cache
yarn audit:
image: node:alpine
stage: prepare
needs:
- yarn-validate
script:
- yarn audit
2021-07-10 16:18:10 +02:00
generate-version:
image: alpine
2022-12-04 14:08:06 +01:00
stage: prepare
2021-07-10 16:18:10 +02:00
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}_version"
expire_in: 1 day
paths:
- ./storage/app/VERSION
before_script:
- apk add -q git
script:
- >
VERSION="$(\
git describe --exact-match --tags HEAD 2> /dev/null\
|| (\
(git describe --abbrev=0 --tags | tr -d '\n')\
&& echo "-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}"\
)\
)"
2021-07-10 16:18:10 +02:00
- echo "${VERSION}"
- echo -n "${VERSION}" > storage/app/VERSION
2022-12-04 14:08:06 +01:00
#
# Validation
#
phpcs:
<<: *use_composer
image: composer:latest
stage: validate
script:
# tell phpcs the PHP version to check against
# we are using the min suppported version here
- ./vendor/bin/phpcs --config-set php_version 80100
2022-12-04 14:08:06 +01:00
- ./vendor/bin/phpcs -p --no-colors --basepath="$PWD"
phpstan:
<<: *use_composer
image: composer:latest
stage: validate
script:
- ./vendor/bin/phpstan --no-progress
yarn check:
<<: *use_yarn
image: node:alpine
stage: validate
script:
- yarn check
2022-12-22 18:28:51 +01:00
yarn lint:
2022-12-04 14:08:06 +01:00
<<: *use_yarn
image: node:alpine
stage: validate
script:
2023-01-29 17:02:53 +01:00
# Install git, so that tools can use .gitignore.
# Not done in before_script because of <<: *use_yarn.
- apk add --no-cache git
2022-12-04 14:08:06 +01:00
- yarn lint
2023-12-07 16:20:37 +01:00
translations lint:
image: alpine
stage: prepare
before_script:
- apk add gettext
script:
- find resources/lang -type f -name '*.po' -exec sh -c 'msgfmt "${1%.*}.po" -o"${1%.*}.mo"' shell {} \;
- '[[ $(find resources/lang -type f -name "*.po" | wc -l) == $(find resources/lang -type f -name "*.mo" | wc -l) ]]'
2020-05-09 13:08:53 +02:00
#
# Build
#
2021-07-10 16:18:10 +02:00
.container_template: &container_definition
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [ '' ]
2018-08-20 23:21:02 +02:00
before_script:
2021-07-10 16:18:10 +02:00
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}"
> /kaniko/.docker/config.json
build-image:
2021-07-10 16:18:10 +02:00
<<: *container_definition
2018-08-20 23:21:02 +02:00
stage: build
2020-09-01 14:40:09 +02:00
needs:
2022-12-04 14:08:06 +01:00
- phpcs
- phpstan
- composer validate
- yarn check
2022-12-22 18:28:51 +01:00
- yarn lint
2023-12-07 16:20:37 +01:00
- translations lint
2021-07-10 16:18:10 +02:00
- generate-version
dependencies:
- generate-version
2018-08-20 23:21:02 +02:00
script:
- /kaniko/executor --context ${CI_PROJECT_DIR}
2021-07-10 16:18:10 +02:00
--dockerfile ${CI_PROJECT_DIR}/docker/Dockerfile
--destination "${TEST_IMAGE}"
2023-04-01 19:21:34 +02:00
--cache=true
2020-05-09 13:08:53 +02:00
#
# Test
#
2018-08-20 23:21:02 +02:00
test:
image:
name: ${TEST_IMAGE}
entrypoint: [ '' ]
stage: test
2020-09-01 14:40:09 +02:00
needs: [ build-image ]
2018-08-20 23:21:02 +02:00
services:
- mariadb:10.2
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
expire_in: 1 week
2018-08-30 13:33:16 +02:00
when: always
paths:
- ./coverage/
- ./unittests.xml
reports:
junit: ./unittests.xml
coverage: '/^\s*Lines:\s*(\d+(?:\.\d+)?%)/'
2018-08-20 23:21:02 +02:00
before_script:
- apk add -q ${PHPIZE_DEPS} && pecl install pcov > /dev/null && docker-php-ext-enable pcov
2018-08-20 23:21:02 +02:00
- curl -sS https://getcomposer.org/installer | php -- --no-ansi --install-dir /usr/local/bin/ --filename composer
- cp -R tests/ phpunit.xml "${DOCROOT}"
2019-11-10 23:26:23 +01:00
- HOMEDIR=$PWD
2018-08-20 23:21:02 +02:00
- cd "${DOCROOT}"
2019-05-31 17:09:50 +02:00
- composer --no-ansi install
2018-09-02 17:56:19 +02:00
- ./bin/migrate
script:
2020-05-09 00:58:17 +02:00
- >-
php -d memory_limit=1024M -d pcov.enabled=1 -d pcov.directory=. vendor/bin/phpunit -vvv --colors=never
2020-05-09 00:58:17 +02:00
--coverage-text --coverage-html "${HOMEDIR}/coverage/"
--log-junit "${HOMEDIR}/unittests.xml"
after_script:
- sed -i 's~/var/www/~~' unittests.xml
2020-05-09 00:58:17 +02:00
- '"${DOCROOT}/bin/migrate" down'
2019-11-10 23:26:23 +01:00
dump-database:
image:
name: ${TEST_IMAGE}
entrypoint: [ '' ]
stage: test
needs: [ build-image ]
services:
- mariadb:10.2
artifacts:
expire_in: 1 week
paths:
- initial-install.sql
before_script:
- apk add -q mariadb-client
- HOMEDIR=$PWD
- cd "${DOCROOT}"
- ./bin/migrate
script:
2024-01-10 11:27:47 +01:00
- >-
mysql -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}"
-e 'UPDATE users SET api_key="" WHERE name="admin"'
- >-
mysqldump -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}"
> "${HOMEDIR}/initial-install.sql"
2021-07-10 16:18:10 +02:00
generate-assets:
image:
name: $TEST_IMAGE
entrypoint: [ '' ]
2021-07-10 16:18:10 +02:00
stage: test
needs: [ build-image ]
2021-07-10 16:18:10 +02:00
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}_assets"
expire_in: 1 day
paths:
- ./public/assets
script:
- mv /var/www/public/assets/ public/
2020-05-09 13:08:53 +02:00
#
# Release
#
2018-08-20 23:21:02 +02:00
release-image:
2021-07-10 16:18:10 +02:00
<<: *container_definition
2018-08-20 23:21:02 +02:00
stage: release
2020-09-01 14:40:09 +02:00
needs:
- test
dependencies: [ ]
2018-08-20 23:21:02 +02:00
script:
2023-04-01 19:21:34 +02:00
- echo -e "FROM ${TEST_IMAGE}"
| /kaniko/executor
--dockerfile /dev/stdin
--destination "${RELEASE_IMAGE}"
--cache=true
2018-08-20 23:21:02 +02:00
only:
2021-03-14 12:07:34 +01:00
- main
2017-10-22 17:04:07 +02:00
.deploy_template: &deploy_definition
2020-05-09 13:08:53 +02:00
stage: release
image:
name: ${TEST_IMAGE}
entrypoint: [ '' ]
before_script:
- apk add -q bash rsync openssh-client
2018-08-20 23:21:02 +02:00
build-release-file:
<<: *deploy_definition
2020-05-09 13:08:53 +02:00
stage: release
2020-09-01 14:40:09 +02:00
needs:
- build-image
2022-12-04 14:08:06 +01:00
- yarn audit
- composer audit
2020-09-01 14:40:09 +02:00
- test
- dump-database
2021-07-10 16:18:10 +02:00
- generate-assets
2020-09-01 14:40:09 +02:00
dependencies:
- build-image
- dump-database
2021-07-10 16:18:10 +02:00
- generate-assets
artifacts:
2020-05-09 13:08:53 +02:00
name: release_${CI_COMMIT_REF_SLUG}_${CI_JOB_ID}_${CI_COMMIT_SHA}
expire_in: 1 week
paths:
- ./release/
script:
- rsync -vAax "${DOCROOT}" "${DOCROOT}/.babelrc" "${DOCROOT}/.browserslistrc" "initial-install.sql" release/
2019-07-21 04:13:31 +02:00
- rsync -vAax public/assets release/public/
pages:
image: node:alpine
stage: release
2020-09-01 14:40:09 +02:00
needs: [ test ]
dependencies: [ test ]
script:
- rm -rf public
- mv coverage public
- cp unittests.xml public/
artifacts:
expire_in: 1 week
paths:
- public
only:
2021-03-14 12:07:34 +01:00
- main
variables:
GIT_STRATEGY: none
2020-05-09 13:08:53 +02:00
#
# Deploy staging
#
.deploy_template_script:
# Configure SSH
- &deploy_template_script |-
eval $(ssh-agent -s) && echo "${SSH_PRIVATE_KEY}" | ssh-add -
rsync -vAax public/assets ${DOCROOT}/public/
cd "${DOCROOT}"
deploy:
<<: *deploy_definition
2020-05-09 13:08:53 +02:00
stage: deploy
2020-09-01 14:40:09 +02:00
needs: &deploy_needs
- release-image
2021-07-10 16:18:10 +02:00
- generate-assets
2020-09-01 14:40:09 +02:00
dependencies: *deploy_needs
environment:
2021-11-27 12:21:28 +01:00
name: rsync-staging
deployment_tier: development
2018-08-20 23:21:02 +02:00
only:
2021-03-14 12:07:34 +01:00
- main
2017-10-22 17:04:07 +02:00
script:
# Check if deployment variables where set
2017-10-22 17:04:07 +02:00
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${STAGING_REMOTE}" ] || [ -z "${STAGING_REMOTE_PATH}" ]; then
2020-05-09 00:58:17 +02:00
echo "Skipping deployment"
2017-10-22 17:04:07 +02:00
exit
fi
2018-09-02 17:56:19 +02:00
- *deploy_template_script
# Deploy to server
2018-08-07 16:47:47 +02:00
- ./bin/deploy.sh -r "${STAGING_REMOTE}" -p "${STAGING_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
2017-10-22 17:04:07 +02:00
2020-05-09 13:08:53 +02:00
.kubectl_deployment: &kubectl_deployment
stage: deploy
image:
name: bitnami/kubectl:latest
2020-09-01 14:40:09 +02:00
entrypoint: [ '' ]
needs:
- test
- build-image
2020-05-09 13:08:53 +02:00
before_script:
- &kubectl_deployment_script |-
if [[ -z "${KUBE_INGRESS_BASE_DOMAIN}" ]]; then echo "Skipping deployment"; exit; fi
if [[ -n "${KUBE_CONTEXT}" ]]; then kubectl config use-context "${KUBE_CONTEXT}"; fi
if [[ -z "${KUBE_NAMESPACE}" ]]; then export KUBE_NAMESPACE=${CI_PROJECT_PATH_SLUG}-${CI_ENVIRONMENT_SLUG}; fi
2020-05-09 13:08:53 +02:00
.deploy_k8s: &deploy_k8s
<<: *kubectl_deployment
2020-09-01 14:40:09 +02:00
dependencies: [ ]
2020-05-09 13:08:53 +02:00
artifacts:
name: deployment.yaml
expire_in: 1 day
when: always
paths:
- deployment.yaml
script:
# CI_ENVIRONMENT_URL is the URL configured in the GitLab environment
- export CI_ENVIRONMENT_URL="${CI_ENVIRONMENT_URL:-https://${CI_PROJECT_PATH_SLUG}.${KUBE_INGRESS_BASE_DOMAIN}/}"
- export CI_IMAGE=$RELEASE_IMAGE
- export CI_INGRESS_CLASS=${CI_INGRESS_CLASS:-traefik}
- export CI_INGRESS_MATCH=${CI_INGRESS_MATCH:-$( if [[ "$CI_INGRESS_CLASS" == "nginx" ]]; then echo '/?(.*)'; fi )}
- export CI_INGRESS_TRAEFIK_ENTRYPOINT=${CI_INGRESS_TRAEFIK_ENTRYPOINT:-websecure}
2020-05-09 13:08:53 +02:00
- export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1)
- export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)')
- '[[ "${CI_INGRESS_PATH}" == /* ]] || export CI_INGRESS_PATH="/${CI_INGRESS_PATH}"'
2020-05-09 13:08:53 +02:00
- export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE
# Any available storage class like default, local-path (if you know what you are doing ;), longhorn etc.
2020-05-09 13:08:53 +02:00
- export CI_PVC_SC=${CI_PVC_SC:-"${CI_PVC_SC_LOCAL:-local-path}"}
- export CI_REPLICAS=${CI_REPLICAS_REVIEW:-${CI_REPLICAS:-2}}
- export CI_APP_NAME=${CI_APP_NAME:-Engelsystem}
- export CI_CLUSTER_ISSUER=${CI_CLUSTER_ISSUER:-letsencrypt}
- export CI_SETUP_ADMIN_PASSWORD=${CI_SETUP_ADMIN_PASSWORD}
2020-05-09 13:08:53 +02:00
- echo "Generating config"
2020-05-09 13:08:53 +02:00
- cp deployment.tpl.yaml deployment.yaml
- >-
for env in ${!CI_*}; do
sed -i "s#<${env}>#$( echo "${!env}" | head -n1 | sed -e 's~\\~\\\\~' -e 's~#~\\#~' )#g" deployment.yaml;
done
2020-05-09 13:08:53 +02:00
- echo "Checking namespace ${CI_KUBE_NAMESPACE}"
- kubectl get namespace "${CI_KUBE_NAMESPACE}" > /dev/null 2>&1 || kubectl create namespace "${CI_KUBE_NAMESPACE}"
2020-05-09 13:08:53 +02:00
- echo "Deploying to ${CI_ENVIRONMENT_URL}"
- kubectl -n "${CI_KUBE_NAMESPACE}" diff -f deployment.yaml || true
- kubectl -n "${CI_KUBE_NAMESPACE}" apply -f deployment.yaml
2020-05-09 13:08:53 +02:00
- >-
kubectl -n "${CI_KUBE_NAMESPACE}" wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m
2020-05-09 13:08:53 +02:00
-l app=$CI_PROJECT_PATH_SLUG -l tier=database
- >-
kubectl -n "${CI_KUBE_NAMESPACE}" wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m
2020-05-09 13:08:53 +02:00
-l app=$CI_PROJECT_PATH_SLUG -l tier=application -l commit=$CI_COMMIT_SHORT_SHA
.deploy_k8s_stop: &deploy_k8s_stop
<<: *kubectl_deployment
2020-09-01 14:40:09 +02:00
stage: stop
dependencies: [ ]
2020-05-09 13:08:53 +02:00
variables:
GIT_STRATEGY: none
when: manual
script:
- TARGETS=all,ingress,pvc,certificate
- kubectl -n "${KUBE_NAMESPACE}" delete $TARGETS -l app=$CI_PROJECT_PATH_SLUG -l environment=$CI_ENVIRONMENT_SLUG
2020-05-09 13:08:53 +02:00
deploy-k8s-review:
<<: *deploy_k8s
environment:
name: review/${CI_COMMIT_REF_NAME}
on_stop: stop-k8s-review
auto_stop_in: 1 week
url: https://${CI_PROJECT_PATH_SLUG}-review.${KUBE_INGRESS_BASE_DOMAIN}/${CI_COMMIT_REF_SLUG}
deployment_tier: development
2020-05-09 13:08:53 +02:00
variables:
CI_REPLICAS_REVIEW: 1
CI_APP_NAME: review/${CI_COMMIT_REF_NAME}
before_script:
- *kubectl_deployment_script
- RELEASE_IMAGE=$TEST_IMAGE
stop-k8s-review:
<<: *deploy_k8s_stop
2020-09-01 14:40:09 +02:00
needs: [ deploy-k8s-review ]
2020-05-09 13:08:53 +02:00
environment:
name: review/${CI_COMMIT_REF_NAME}
action: stop
deployment_tier: development
2020-05-09 13:08:53 +02:00
#
# Deploy production
#
2018-08-20 23:21:02 +02:00
deploy-production:
<<: *deploy_definition
2020-05-09 13:08:53 +02:00
stage: deploy-production
2020-09-01 14:40:09 +02:00
needs:
- test
2022-12-04 14:08:06 +01:00
- yarn audit
- composer audit
2020-09-01 14:40:09 +02:00
- build-image
2021-07-10 16:18:10 +02:00
- generate-assets
2020-09-01 14:40:09 +02:00
dependencies:
- build-image
2021-07-10 16:18:10 +02:00
- generate-assets
environment:
2021-11-27 12:21:28 +01:00
name: rsync-production
deployment_tier: production
when: manual
2018-08-20 23:21:02 +02:00
only:
2021-03-14 12:07:34 +01:00
- main
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${PRODUCTION_REMOTE}" ] || [ -z "${PRODUCTION_REMOTE_PATH}" ]; then
2020-05-09 00:58:17 +02:00
echo "Skipping deployment"
exit
fi
2018-09-02 17:56:19 +02:00
- *deploy_template_script
# Deploy to server
2018-08-07 16:47:47 +02:00
- ./bin/deploy.sh -r "${PRODUCTION_REMOTE}" -p "${PRODUCTION_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
2020-05-09 13:08:53 +02:00
deploy-k8s-production:
<<: *deploy_k8s
stage: deploy-production
2020-09-01 14:40:09 +02:00
needs:
- release-image
2022-12-04 14:08:06 +01:00
- yarn audit
- composer audit
2020-05-09 13:08:53 +02:00
environment:
name: production
on_stop: stop-k8s-production
when: manual
only:
2021-03-14 12:07:34 +01:00
- main
2020-05-09 13:08:53 +02:00
stop-k8s-production:
<<: *deploy_k8s_stop
2020-09-01 14:40:09 +02:00
needs: [ deploy-k8s-production ]
2020-05-09 13:08:53 +02:00
only:
2021-03-14 12:07:34 +01:00
- main
2020-05-09 13:08:53 +02:00
environment:
name: production
action: stop