engelsystem/.gitlab-ci.yml

422 lines
10 KiB
YAML

image: php
variables:
DOCKER_DRIVER: overlay2
TEST_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:${CI_COMMIT_REF_SLUG}
TEST_IMAGE_NGINX: ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_REF_SLUG}
RELEASE_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:latest
RELEASE_IMAGE_NGINX: ${CI_REGISTRY_IMAGE}/nginx:latest
MYSQL_DATABASE: engelsystem
MYSQL_USER: engel
MYSQL_PASSWORD: engelsystem
MYSQL_HOST: mariadb
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
MYSQL_INITDB_SKIP_TZINFO: "yes"
DOCROOT: /var/www/
stages:
- validate
- build
- test
- release
- deploy
- deploy-production
- stop
#
# Validation
#
check-style:
image: composer:latest
stage: validate
before_script:
- composer --no-ansi global require squizlabs/php_codesniffer
- export PATH=$PATH:$COMPOSER_HOME/vendor/bin
script:
- phpcs -p --no-colors --basepath="$PWD"
check-editorconfig:
image: mstruebing/editorconfig-checker
stage: validate
script:
- ec -v
validate-composer:
image: composer:latest
stage: validate
script:
- composer --no-ansi validate --strict
validate-yarn:
image: node:alpine
stage: validate
before_script:
- yarn global add package-json-validator
- export PATH=$PATH:~/.yarn/bin
script:
- pjv
#
# Build
#
.docker_template: &docker_definition
image: docker:18
services:
- docker:18-dind
tags:
- dind
before_script:
- docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}"
build-image-nginx:
<<: *docker_definition
stage: build
needs:
- check-editorconfig
- validate-yarn
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}_assets"
expire_in: 1 day
paths:
- ./public/assets
script:
- docker build --pull -t "${TEST_IMAGE_NGINX}" -f docker/nginx/Dockerfile .
- docker push "${TEST_IMAGE_NGINX}"
- instance=$(docker create "${TEST_IMAGE_NGINX}")
- docker cp "${instance}:/var/www/public/assets" public/
- docker rm "${instance}"
build-image:
<<: *docker_definition
stage: build
needs:
- check-editorconfig
- validate-composer
- check-style
script:
- apk add -q git
- VERSION="$(git describe --abbrev=0 --tags)-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}"
- docker build --pull --build-arg VERSION="${VERSION}" -t "${TEST_IMAGE}" -f docker/Dockerfile .
- docker push "${TEST_IMAGE}"
#
# Test
#
audit-composer:
image: php:latest
stage: test
needs: [ ]
before_script:
- curl -Ls https://github.com/symfony/cli/releases/latest/download/symfony_linux_amd64.gz | gzip -d > /bin/symfony
- chmod +x /bin/symfony
script:
- symfony check:security --no-ansi
audit-yarn:
image: node:alpine
stage: test
needs: [ ]
script:
- yarn audit
test:
image: ${TEST_IMAGE}
stage: test
needs: [ build-image ]
services:
- mariadb:10.2
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
expire_in: 1 week
when: always
paths:
- ./coverage/
- ./unittests.xml
reports:
junit: ./unittests.xml
coverage: '/^\s*Lines:\s*(\d+(?:\.\d+)?%)/'
before_script:
- apk add -q ${PHPIZE_DEPS} && pecl install pcov > /dev/null && docker-php-ext-enable pcov
- curl -sS https://getcomposer.org/installer | php -- --no-ansi --install-dir /usr/local/bin/ --filename composer
- cp -R tests/ phpunit.xml "${DOCROOT}"
- HOMEDIR=$PWD
- cd "${DOCROOT}"
- composer --no-ansi install
- ./bin/migrate
script:
- >-
php -d pcov.enabled=1 vendor/bin/phpunit -vvv --colors=never
--coverage-text --coverage-html "${HOMEDIR}/coverage/"
--log-junit "${HOMEDIR}/unittests.xml"
after_script:
- '"${DOCROOT}/bin/migrate" down'
dump-database:
image: ${TEST_IMAGE}
stage: test
needs: [ build-image ]
services:
- mariadb:10.2
artifacts:
expire_in: 1 week
paths:
- initial-install.sql
before_script:
- apk add -q mariadb-client
- HOMEDIR=$PWD
- cd "${DOCROOT}"
- ./bin/migrate
script:
- >-
mysqldump -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}"
> "${HOMEDIR}/initial-install.sql"
#
# Release
#
release-image:
<<: *docker_definition
stage: release
needs: [ test ]
dependencies: [ ]
script:
- docker pull "${TEST_IMAGE}"
- docker tag "${TEST_IMAGE}" "${RELEASE_IMAGE}"
- docker push "${RELEASE_IMAGE}"
only:
- main
release-image-nginx:
<<: *docker_definition
stage: release
needs:
- test
- build-image-nginx
dependencies: [ ]
script:
- docker pull "${TEST_IMAGE_NGINX}"
- docker tag "${TEST_IMAGE_NGINX}" "${RELEASE_IMAGE_NGINX}"
- docker push "${RELEASE_IMAGE_NGINX}"
only:
- main
.deploy_template: &deploy_definition
stage: release
image: ${TEST_IMAGE}
before_script:
- apk add -q bash rsync openssh-client
build-release-file:
<<: *deploy_definition
stage: release
needs:
- build-image
- build-image-nginx
- audit-yarn
- audit-composer
- test
- dump-database
dependencies:
- build-image
- build-image-nginx
- dump-database
artifacts:
name: release_${CI_COMMIT_REF_SLUG}_${CI_JOB_ID}_${CI_COMMIT_SHA}
expire_in: 1 week
paths:
- ./release/
script:
- rsync -vAax "${DOCROOT}" "${DOCROOT}/.babelrc" "${DOCROOT}/.browserslistrc" "initial-install.sql" release/
- rsync -vAax public/assets release/public/
pages:
image: node:alpine
stage: release
needs: [ test ]
dependencies: [ test ]
script:
- rm -rf public
- mv coverage public
- cp unittests.xml public/
artifacts:
expire_in: 1 week
paths:
- public
only:
- main
variables:
GIT_STRATEGY: none
#
# Deploy staging
#
.deploy_template_script:
# Configure SSH
- &deploy_template_script |-
eval $(ssh-agent -s) && echo "${SSH_PRIVATE_KEY}" | ssh-add -
rsync -vAax public/assets ${DOCROOT}/public/
cd "${DOCROOT}"
deploy:
<<: *deploy_definition
stage: deploy
needs: &deploy_needs
- release-image
- build-image-nginx
dependencies: *deploy_needs
environment:
name: staging
only:
- main
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${STAGING_REMOTE}" ] || [ -z "${STAGING_REMOTE_PATH}" ]; then
echo "Skipping deployment"
exit
fi
- *deploy_template_script
# Deploy to server
- ./bin/deploy.sh -r "${STAGING_REMOTE}" -p "${STAGING_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
.kubectl_deployment: &kubectl_deployment
stage: deploy
image:
name: bitnami/kubectl:latest
entrypoint: [ '' ]
needs:
- test
- build-image
- build-image-nginx
before_script:
- &kubectl_deployment_script if [[ -z "${KUBE_INGRESS_BASE_DOMAIN}" ]]; then echo "Skipping deployment"; exit; fi
.deploy_k8s: &deploy_k8s
<<: *kubectl_deployment
dependencies: [ ]
artifacts:
name: deployment.yaml
expire_in: 1 day
when: always
paths:
- deployment.yaml
script:
# CI_ENVIRONMENT_URL is the URL configured in the GitLab environment
- export CI_ENVIRONMENT_URL="${CI_ENVIRONMENT_URL:-https://${CI_PROJECT_PATH_SLUG}.${KUBE_INGRESS_BASE_DOMAIN}/}"
- export CI_IMAGE=$RELEASE_IMAGE
- export CI_IMAGE_NGINX=$RELEASE_IMAGE_NGINX
- export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1)
- export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)')
- export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE
# Any available storage class like default, local-path (if you know what you are doing ;), longhorn etc.
- export CI_PVC_SC=${CI_PVC_SC:-"${CI_PVC_SC_LOCAL:-local-path}"}
- export CI_REPLICAS=${CI_REPLICAS_REVIEW:-${CI_REPLICAS:-2}}
- export CI_APP_NAME=${CI_APP_NAME:-Engelsystem}
- export CI_CLUSTER_ISSUER=${CI_CLUSTER_ISSUER:-letsencrypt}
- export CI_SETUP_ADMIN_PASSWORD=${CI_SETUP_ADMIN_PASSWORD}
- cp deployment.tpl.yaml deployment.yaml
- for env in ${!CI_*}; do sed -i "s#<${env}>#$(echo "${!env}"|head -n1)#g" deployment.yaml; done
- echo "Deploying to ${CI_ENVIRONMENT_URL}"
- kubectl apply -f deployment.yaml
- >-
kubectl -n $CI_KUBE_NAMESPACE wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m
-l app=$CI_PROJECT_PATH_SLUG -l tier=database
- >-
kubectl -n $CI_KUBE_NAMESPACE wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m
-l app=$CI_PROJECT_PATH_SLUG -l tier=application -l commit=$CI_COMMIT_SHORT_SHA
.deploy_k8s_stop: &deploy_k8s_stop
<<: *kubectl_deployment
stage: stop
dependencies: [ ]
variables:
GIT_STRATEGY: none
when: manual
script:
- kubectl delete all,ingress,pvc -l app=$CI_PROJECT_PATH_SLUG -l environment=$CI_ENVIRONMENT_SLUG
deploy-k8s-review:
<<: *deploy_k8s
environment:
name: review/${CI_COMMIT_REF_NAME}
on_stop: stop-k8s-review
auto_stop_in: 1 week
url: https://${CI_PROJECT_PATH_SLUG}-review.${KUBE_INGRESS_BASE_DOMAIN}/${CI_COMMIT_REF_SLUG}
variables:
CI_REPLICAS_REVIEW: 1
CI_APP_NAME: review/${CI_COMMIT_REF_NAME}
before_script:
- *kubectl_deployment_script
- RELEASE_IMAGE=$TEST_IMAGE
- RELEASE_IMAGE_NGINX=$TEST_IMAGE_NGINX
stop-k8s-review:
<<: *deploy_k8s_stop
needs: [ deploy-k8s-review ]
environment:
name: review/${CI_COMMIT_REF_NAME}
action: stop
#
# Deploy production
#
deploy-production:
<<: *deploy_definition
stage: deploy-production
needs:
- test
- audit-yarn
- audit-composer
- build-image
- build-image-nginx
dependencies:
- build-image
- build-image-nginx
environment:
name: production
when: manual
only:
- main
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${PRODUCTION_REMOTE}" ] || [ -z "${PRODUCTION_REMOTE_PATH}" ]; then
echo "Skipping deployment"
exit
fi
- *deploy_template_script
# Deploy to server
- ./bin/deploy.sh -r "${PRODUCTION_REMOTE}" -p "${PRODUCTION_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
deploy-k8s-production:
<<: *deploy_k8s
stage: deploy-production
needs:
- release-image
- release-image-nginx
- audit-yarn
- audit-composer
environment:
name: production
on_stop: stop-k8s-production
when: manual
only:
- main
stop-k8s-production:
<<: *deploy_k8s_stop
needs: [ deploy-k8s-production ]
only:
- main
environment:
name: production
action: stop