image: php variables: TEST_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:${CI_COMMIT_REF_SLUG} RELEASE_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:latest MYSQL_DATABASE: engelsystem MYSQL_USER: engel MYSQL_PASSWORD: engelsystem MYSQL_HOST: mariadb MYSQL_RANDOM_ROOT_PASSWORD: "yes" MYSQL_INITDB_SKIP_TZINFO: "yes" DOCROOT: /var/www/ stages: - validate - build - test - release - deploy - deploy-production - stop # # Validation # check-style: image: composer:latest stage: validate before_script: - composer --no-ansi global require slevomat/coding-standard squizlabs/php_codesniffer phpstan/phpdoc-parser:"1.5.*" - export PATH=$PATH:$COMPOSER_HOME/vendor/bin script: - phpcs -p --no-colors --basepath="$PWD" check-editorconfig: image: mstruebing/editorconfig-checker stage: validate script: - ec -v validate-composer: image: composer:latest stage: validate script: - composer --no-ansi validate --strict validate-yarn: image: node:alpine stage: validate before_script: - yarn global add package-json-validator - export PATH=$PATH:~/.yarn/bin script: - pjv generate-version: image: alpine stage: validate artifacts: name: "${CI_JOB_NAME}_${CI_JOB_ID}_version" expire_in: 1 day paths: - ./storage/app/VERSION before_script: - apk add -q git script: - VERSION="$(git describe --abbrev=0 --tags)-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}" - echo "${VERSION}" - echo -n "${VERSION}" > storage/app/VERSION # # Build # .container_template: &container_definition image: name: gcr.io/kaniko-project/executor:debug entrypoint: [ '' ] before_script: - mkdir -p /kaniko/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json build-image: <<: *container_definition stage: build needs: - check-editorconfig - check-style - generate-version - validate-composer - validate-yarn dependencies: - generate-version script: - /kaniko/executor --context ${CI_PROJECT_DIR} --dockerfile ${CI_PROJECT_DIR}/docker/Dockerfile --destination "${TEST_IMAGE}" # # Test # audit-composer: image: php:latest stage: test needs: [ ] before_script: - curl -Ls https://github.com/symfony/cli/releases/latest/download/symfony_linux_amd64.gz | gzip -d > /bin/symfony - chmod +x /bin/symfony script: - symfony check:security --no-ansi audit-yarn: image: node:alpine stage: test needs: [ ] script: - yarn audit test: image: name: ${TEST_IMAGE} entrypoint: [ '' ] stage: test needs: [ build-image ] services: - mariadb:10.2 artifacts: name: "${CI_JOB_NAME}_${CI_JOB_ID}" expire_in: 1 week when: always paths: - ./coverage/ - ./unittests.xml reports: junit: ./unittests.xml coverage: '/^\s*Lines:\s*(\d+(?:\.\d+)?%)/' before_script: - apk add -q ${PHPIZE_DEPS} && pecl install pcov > /dev/null && docker-php-ext-enable pcov - curl -sS https://getcomposer.org/installer | php -- --no-ansi --install-dir /usr/local/bin/ --filename composer - cp -R tests/ phpunit.xml "${DOCROOT}" - HOMEDIR=$PWD - cd "${DOCROOT}" - composer --no-ansi install - ./bin/migrate script: - >- php -d pcov.enabled=1 -d pcov.directory=. vendor/bin/phpunit -vvv --colors=never --coverage-text --coverage-html "${HOMEDIR}/coverage/" --log-junit "${HOMEDIR}/unittests.xml" after_script: - '"${DOCROOT}/bin/migrate" down' dump-database: image: name: ${TEST_IMAGE} entrypoint: [ '' ] stage: test needs: [ build-image ] services: - mariadb:10.2 artifacts: expire_in: 1 week paths: - initial-install.sql before_script: - apk add -q mariadb-client - HOMEDIR=$PWD - cd "${DOCROOT}" - ./bin/migrate script: - >- mysqldump -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}" > "${HOMEDIR}/initial-install.sql" generate-assets: image: name: $TEST_IMAGE entrypoint: [ '' ] stage: test needs: [ build-image ] artifacts: name: "${CI_JOB_NAME}_${CI_JOB_ID}_assets" expire_in: 1 day paths: - ./public/assets script: - mv /var/www/public/assets/ public/ # # Release # release-image: <<: *container_definition stage: release needs: - test dependencies: [ ] script: - echo -e "FROM ${TEST_IMAGE}" | /kaniko/executor --dockerfile /dev/stdin --destination "${RELEASE_IMAGE}" only: - main .deploy_template: &deploy_definition stage: release image: name: ${TEST_IMAGE} entrypoint: [ '' ] before_script: - apk add -q bash rsync openssh-client build-release-file: <<: *deploy_definition stage: release needs: - build-image - audit-yarn - audit-composer - test - dump-database - generate-assets dependencies: - build-image - dump-database - generate-assets artifacts: name: release_${CI_COMMIT_REF_SLUG}_${CI_JOB_ID}_${CI_COMMIT_SHA} expire_in: 1 week paths: - ./release/ script: - rsync -vAax "${DOCROOT}" "${DOCROOT}/.babelrc" "${DOCROOT}/.browserslistrc" "initial-install.sql" release/ - rsync -vAax public/assets release/public/ pages: image: node:alpine stage: release needs: [ test ] dependencies: [ test ] script: - rm -rf public - mv coverage public - cp unittests.xml public/ artifacts: expire_in: 1 week paths: - public only: - main variables: GIT_STRATEGY: none # # Deploy staging # .deploy_template_script: # Configure SSH - &deploy_template_script |- eval $(ssh-agent -s) && echo "${SSH_PRIVATE_KEY}" | ssh-add - rsync -vAax public/assets ${DOCROOT}/public/ cd "${DOCROOT}" deploy: <<: *deploy_definition stage: deploy needs: &deploy_needs - release-image - generate-assets dependencies: *deploy_needs environment: name: rsync-staging only: - main script: # Check if deployment variables where set - |- if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${STAGING_REMOTE}" ] || [ -z "${STAGING_REMOTE_PATH}" ]; then echo "Skipping deployment" exit fi - *deploy_template_script # Deploy to server - ./bin/deploy.sh -r "${STAGING_REMOTE}" -p "${STAGING_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}" .kubectl_deployment: &kubectl_deployment stage: deploy image: name: bitnami/kubectl:latest entrypoint: [ '' ] needs: - test - build-image before_script: - &kubectl_deployment_script if [[ -z "${KUBE_INGRESS_BASE_DOMAIN}" ]]; then echo "Skipping deployment"; exit; fi .deploy_k8s: &deploy_k8s <<: *kubectl_deployment dependencies: [ ] artifacts: name: deployment.yaml expire_in: 1 day when: always paths: - deployment.yaml script: # CI_ENVIRONMENT_URL is the URL configured in the GitLab environment - export CI_ENVIRONMENT_URL="${CI_ENVIRONMENT_URL:-https://${CI_PROJECT_PATH_SLUG}.${KUBE_INGRESS_BASE_DOMAIN}/}" - export CI_IMAGE=$RELEASE_IMAGE - export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1) - export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)') - export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE # Any available storage class like default, local-path (if you know what you are doing ;), longhorn etc. - export CI_PVC_SC=${CI_PVC_SC:-"${CI_PVC_SC_LOCAL:-local-path}"} - export CI_REPLICAS=${CI_REPLICAS_REVIEW:-${CI_REPLICAS:-2}} - export CI_APP_NAME=${CI_APP_NAME:-Engelsystem} - export CI_CLUSTER_ISSUER=${CI_CLUSTER_ISSUER:-letsencrypt} - export CI_SETUP_ADMIN_PASSWORD=${CI_SETUP_ADMIN_PASSWORD} - cp deployment.tpl.yaml deployment.yaml - >- for env in ${!CI_*}; do sed -i "s#<${env}>#$( echo "${!env}" | head -n1 | sed -e 's~\\~\\\\~' -e 's~#~\\#~' )#g" deployment.yaml; done - echo "Deploying to ${CI_ENVIRONMENT_URL}" - kubectl apply -f deployment.yaml - >- kubectl -n $CI_KUBE_NAMESPACE wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m -l app=$CI_PROJECT_PATH_SLUG -l tier=database - >- kubectl -n $CI_KUBE_NAMESPACE wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m -l app=$CI_PROJECT_PATH_SLUG -l tier=application -l commit=$CI_COMMIT_SHORT_SHA .deploy_k8s_stop: &deploy_k8s_stop <<: *kubectl_deployment stage: stop dependencies: [ ] variables: GIT_STRATEGY: none when: manual script: - kubectl delete all,ingress,pvc -l app=$CI_PROJECT_PATH_SLUG -l environment=$CI_ENVIRONMENT_SLUG deploy-k8s-review: <<: *deploy_k8s environment: name: review/${CI_COMMIT_REF_NAME} on_stop: stop-k8s-review auto_stop_in: 1 week url: https://${CI_PROJECT_PATH_SLUG}-review.${KUBE_INGRESS_BASE_DOMAIN}/${CI_COMMIT_REF_SLUG} variables: CI_REPLICAS_REVIEW: 1 CI_APP_NAME: review/${CI_COMMIT_REF_NAME} before_script: - *kubectl_deployment_script - RELEASE_IMAGE=$TEST_IMAGE stop-k8s-review: <<: *deploy_k8s_stop needs: [ deploy-k8s-review ] environment: name: review/${CI_COMMIT_REF_NAME} action: stop # # Deploy production # deploy-production: <<: *deploy_definition stage: deploy-production needs: - test - audit-yarn - audit-composer - build-image - generate-assets dependencies: - build-image - generate-assets environment: name: rsync-production when: manual only: - main script: # Check if deployment variables where set - |- if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${PRODUCTION_REMOTE}" ] || [ -z "${PRODUCTION_REMOTE_PATH}" ]; then echo "Skipping deployment" exit fi - *deploy_template_script # Deploy to server - ./bin/deploy.sh -r "${PRODUCTION_REMOTE}" -p "${PRODUCTION_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}" deploy-k8s-production: <<: *deploy_k8s stage: deploy-production needs: - release-image - audit-yarn - audit-composer environment: name: production on_stop: stop-k8s-production when: manual only: - main stop-k8s-production: <<: *deploy_k8s_stop needs: [ deploy-k8s-production ] only: - main environment: name: production action: stop