iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
engelsystem/.gitlab-ci.yml

423 lines
10 KiB
YAML
Raw Blame History

image: php
variables:
TEST_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:${CI_COMMIT_REF_SLUG}
RELEASE_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:latest
MYSQL_DATABASE: engelsystem
MYSQL_USER: engel
MYSQL_PASSWORD: engelsystem
MYSQL_HOST: mariadb
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
MYSQL_INITDB_SKIP_TZINFO: "yes"
DOCROOT: /var/www/
stages:
- validate
- build
- test
- release
- deploy
- deploy-production
- stop
#
# Validation
#
check-style:
image: composer:latest
stage: validate
before_script:
- composer --no-ansi global require slevomat/coding-standard squizlabs/php_codesniffer phpstan/phpdoc-parser:"1.5.*"
- export PATH=$PATH:$COMPOSER_HOME/vendor/bin
script:
- phpcs -p --no-colors --basepath="$PWD"
check-editorconfig:
image: mstruebing/editorconfig-checker
stage: validate
script:
- ec -v
validate-composer:
image: composer:latest
stage: validate
script:
- composer --no-ansi validate --strict
validate-yarn:
image: node:alpine
stage: validate
before_script:
- yarn global add package-json-validator
- export PATH=$PATH:~/.yarn/bin
script:
- pjv
generate-version:
image: alpine
stage: validate
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}_version"
expire_in: 1 day
paths:
- ./storage/app/VERSION
before_script:
- apk add -q git
script:
- VERSION="$(git describe --abbrev=0 --tags)-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}"
- echo "${VERSION}"
- echo -n "${VERSION}" > storage/app/VERSION
#
# Build
#
.container_template: &container_definition
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [ '' ]
before_script:
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}"
> /kaniko/.docker/config.json
build-image:
<<: *container_definition
stage: build
needs:
- check-editorconfig
- check-style
- generate-version
- validate-composer
- validate-yarn
dependencies:
- generate-version
script:
- /kaniko/executor --context ${CI_PROJECT_DIR}
--dockerfile ${CI_PROJECT_DIR}/docker/Dockerfile
--destination "${TEST_IMAGE}"
#
# Test
#
audit-composer:
image: php:latest
stage: test
needs: [ ]
before_script:
- curl -Ls https://github.com/symfony/cli/releases/latest/download/symfony_linux_amd64.gz | gzip -d > /bin/symfony
- chmod +x /bin/symfony
script:
- symfony check:security --no-ansi
audit-yarn:
image: node:alpine
stage: test
needs: [ ]
script:
- yarn audit
test:
image:
name: ${TEST_IMAGE}
entrypoint: [ '' ]
stage: test
needs: [ build-image ]
services:
- mariadb:10.2
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
expire_in: 1 week
when: always
paths:
- ./coverage/
- ./unittests.xml
reports:
junit: ./unittests.xml
coverage: '/^\s*Lines:\s*(\d+(?:\.\d+)?%)/'
before_script:
- apk add -q ${PHPIZE_DEPS} && pecl install pcov > /dev/null && docker-php-ext-enable pcov
- curl -sS https://getcomposer.org/installer | php -- --no-ansi --install-dir /usr/local/bin/ --filename composer
- cp -R tests/ phpunit.xml "${DOCROOT}"
- HOMEDIR=$PWD
- cd "${DOCROOT}"
- composer --no-ansi install
- ./bin/migrate
script:
- >-
php -d pcov.enabled=1 -d pcov.directory=. vendor/bin/phpunit -vvv --colors=never
--coverage-text --coverage-html "${HOMEDIR}/coverage/"
--log-junit "${HOMEDIR}/unittests.xml"
after_script:
- '"${DOCROOT}/bin/migrate" down'
dump-database:
image:
name: ${TEST_IMAGE}
entrypoint: [ '' ]
stage: test
needs: [ build-image ]
services:
- mariadb:10.2
artifacts:
expire_in: 1 week
paths:
- initial-install.sql
before_script:
- apk add -q mariadb-client
- HOMEDIR=$PWD
- cd "${DOCROOT}"
- ./bin/migrate
script:
- >-
mysqldump -h "${MYSQL_HOST}" -u "${MYSQL_USER}" -p"${MYSQL_PASSWORD}" "${MYSQL_DATABASE}"
> "${HOMEDIR}/initial-install.sql"
generate-assets:
image:
name: $TEST_IMAGE
entrypoint: [ '' ]
stage: test
needs: [ build-image ]
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}_assets"
expire_in: 1 day
paths:
- ./public/assets
script:
- mv /var/www/public/assets/ public/
#
# Release
#
release-image:
<<: *container_definition
stage: release
needs:
- test
dependencies: [ ]
script:
- echo -e "FROM ${TEST_IMAGE}" | /kaniko/executor --dockerfile /dev/stdin --destination "${RELEASE_IMAGE}"
only:
- main
.deploy_template: &deploy_definition
stage: release
image:
name: ${TEST_IMAGE}
entrypoint: [ '' ]
before_script:
- apk add -q bash rsync openssh-client
build-release-file:
<<: *deploy_definition
stage: release
needs:
- build-image
- audit-yarn
- audit-composer
- test
- dump-database
- generate-assets
dependencies:
- build-image
- dump-database
- generate-assets
artifacts:
name: release_${CI_COMMIT_REF_SLUG}_${CI_JOB_ID}_${CI_COMMIT_SHA}
expire_in: 1 week
paths:
- ./release/
script:
- rsync -vAax "${DOCROOT}" "${DOCROOT}/.babelrc" "${DOCROOT}/.browserslistrc" "initial-install.sql" release/
- rsync -vAax public/assets release/public/
pages:
image: node:alpine
stage: release
needs: [ test ]
dependencies: [ test ]
script:
- rm -rf public
- mv coverage public
- cp unittests.xml public/
artifacts:
expire_in: 1 week
paths:
- public
only:
- main
variables:
GIT_STRATEGY: none
#
# Deploy staging
#
.deploy_template_script:
# Configure SSH
- &deploy_template_script |-
eval $(ssh-agent -s) && echo "${SSH_PRIVATE_KEY}" | ssh-add -
rsync -vAax public/assets ${DOCROOT}/public/
cd "${DOCROOT}"
deploy:
<<: *deploy_definition
stage: deploy
needs: &deploy_needs
- release-image
- generate-assets
dependencies: *deploy_needs
environment:
name: rsync-staging
only:
- main
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${STAGING_REMOTE}" ] || [ -z "${STAGING_REMOTE_PATH}" ]; then
echo "Skipping deployment"
exit
fi
- *deploy_template_script
# Deploy to server
- ./bin/deploy.sh -r "${STAGING_REMOTE}" -p "${STAGING_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
.kubectl_deployment: &kubectl_deployment
stage: deploy
image:
name: bitnami/kubectl:latest
entrypoint: [ '' ]
needs:
- test
- build-image
before_script:
- &kubectl_deployment_script if [[ -z "${KUBE_INGRESS_BASE_DOMAIN}" ]]; then echo "Skipping deployment"; exit; fi
.deploy_k8s: &deploy_k8s
<<: *kubectl_deployment
dependencies: [ ]
artifacts:
name: deployment.yaml
expire_in: 1 day
when: always
paths:
- deployment.yaml
script:
# CI_ENVIRONMENT_URL is the URL configured in the GitLab environment
- export CI_ENVIRONMENT_URL="${CI_ENVIRONMENT_URL:-https://${CI_PROJECT_PATH_SLUG}.${KUBE_INGRESS_BASE_DOMAIN}/}"
- export CI_IMAGE=$RELEASE_IMAGE
- export CI_INGRESS_DOMAIN=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?\K([^/]+)' | head -n1)
- export CI_INGRESS_PATH=$(echo "$CI_ENVIRONMENT_URL" | grep -oP '(?:https?://)?(?:[^/])+\K(.*)')
- export CI_KUBE_NAMESPACE=$KUBE_NAMESPACE
# Any available storage class like default, local-path (if you know what you are doing ;), longhorn etc.
- export CI_PVC_SC=${CI_PVC_SC:-"${CI_PVC_SC_LOCAL:-local-path}"}
- export CI_REPLICAS=${CI_REPLICAS_REVIEW:-${CI_REPLICAS:-2}}
- export CI_APP_NAME=${CI_APP_NAME:-Engelsystem}
- export CI_CLUSTER_ISSUER=${CI_CLUSTER_ISSUER:-letsencrypt}
- export CI_SETUP_ADMIN_PASSWORD=${CI_SETUP_ADMIN_PASSWORD}
- cp deployment.tpl.yaml deployment.yaml
- >-
for env in ${!CI_*}; do
sed -i "s#<${env}>#$( echo "${!env}" | head -n1 | sed -e 's~\\~\\\\~' -e 's~#~\\#~' )#g" deployment.yaml;
done
- echo "Deploying to ${CI_ENVIRONMENT_URL}"
- kubectl apply -f deployment.yaml
- >-
kubectl -n $CI_KUBE_NAMESPACE wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m
-l app=$CI_PROJECT_PATH_SLUG -l tier=database
- >-
kubectl -n $CI_KUBE_NAMESPACE wait --for=condition=Ready pods --timeout=${CI_WAIT_TIMEOUT:-5}m
-l app=$CI_PROJECT_PATH_SLUG -l tier=application -l commit=$CI_COMMIT_SHORT_SHA
.deploy_k8s_stop: &deploy_k8s_stop
<<: *kubectl_deployment
stage: stop
dependencies: [ ]
variables:
GIT_STRATEGY: none
when: manual
script:
- kubectl delete all,ingress,pvc -l app=$CI_PROJECT_PATH_SLUG -l environment=$CI_ENVIRONMENT_SLUG
deploy-k8s-review:
<<: *deploy_k8s
environment:
name: review/${CI_COMMIT_REF_NAME}
on_stop: stop-k8s-review
auto_stop_in: 1 week
url: https://${CI_PROJECT_PATH_SLUG}-review.${KUBE_INGRESS_BASE_DOMAIN}/${CI_COMMIT_REF_SLUG}
variables:
CI_REPLICAS_REVIEW: 1
CI_APP_NAME: review/${CI_COMMIT_REF_NAME}
before_script:
- *kubectl_deployment_script
- RELEASE_IMAGE=$TEST_IMAGE
stop-k8s-review:
<<: *deploy_k8s_stop
needs: [ deploy-k8s-review ]
environment:
name: review/${CI_COMMIT_REF_NAME}
action: stop
#
# Deploy production
#
deploy-production:
<<: *deploy_definition
stage: deploy-production
needs:
- test
- audit-yarn
- audit-composer
- build-image
- generate-assets
dependencies:
- build-image
- generate-assets
environment:
name: rsync-production
when: manual
only:
- main
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${PRODUCTION_REMOTE}" ] || [ -z "${PRODUCTION_REMOTE_PATH}" ]; then
echo "Skipping deployment"
exit
fi
- *deploy_template_script
# Deploy to server
- ./bin/deploy.sh -r "${PRODUCTION_REMOTE}" -p "${PRODUCTION_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
deploy-k8s-production:
<<: *deploy_k8s
stage: deploy-production
needs:
- release-image
- audit-yarn
- audit-composer
environment:
name: production
on_stop: stop-k8s-production
when: manual
only:
- main
stop-k8s-production:
<<: *deploy_k8s_stop
needs: [ deploy-k8s-production ]
only:
- main
environment:
name: production
action: stop
Reference in New Issue View Git Blame Copy Permalink