engelsystem/.gitlab-ci.yml

207 lines
5.4 KiB
YAML

image: php
variables:
DOCKER_DRIVER: overlay2
TEST_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:${CI_COMMIT_REF_SLUG}
TEST_IMAGE_NGINX: ${CI_REGISTRY_IMAGE}/nginx:${CI_COMMIT_REF_SLUG}
RELEASE_IMAGE: ${CI_REGISTRY_IMAGE}/engelsystem:latest
RELEASE_IMAGE_NGINX: ${CI_REGISTRY_IMAGE}/nginx:latest
MYSQL_DATABASE: engelsystem
MYSQL_USER: engel
MYSQL_PASSWORD: engelsystem
MYSQL_HOST: mariadb
MYSQL_RANDOM_ROOT_PASSWORD: "yes"
MYSQL_INITDB_SKIP_TZINFO: "yes"
DOCROOT: /var/www/
stages:
- validate
- build
- test
- release
- deploy
check-style:
image: composer:latest
stage: validate
before_script:
- composer --no-ansi global require squizlabs/php_codesniffer
- export PATH=$PATH:$COMPOSER_HOME/vendor/bin
script:
- phpcs -p --no-colors --basepath="$PWD"
validate-composer:
image: composer:latest
stage: validate
script:
- composer --no-ansi validate --strict
validate-yarn:
image: node:alpine
stage: validate
before_script:
- yarn global add package-json-validator
- export PATH=$PATH:~/.yarn/bin
script:
- pjv
.docker_template: &docker_definition
image: docker:18
services:
- docker:18-dind
tags:
- dind
before_script:
- docker login -u gitlab-ci-token -p "${CI_JOB_TOKEN}" "${CI_REGISTRY}"
build-image-nginx:
<<: *docker_definition
stage: build
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}_assets"
expire_in: 1 day
paths:
- ./public/assets
script:
- docker build --pull -t "${TEST_IMAGE_NGINX}" -f docker/nginx/Dockerfile .
- docker push "${TEST_IMAGE_NGINX}"
- instance=$(docker create "${TEST_IMAGE_NGINX}")
- docker cp "${instance}:/var/www/public/assets" public/
- docker rm "${instance}"
build-image:
<<: *docker_definition
stage: build
script:
- apk add -q git
- VERSION="$(git describe --abbrev=0 --tags)-${CI_COMMIT_REF_NAME}+${CI_PIPELINE_ID}.${CI_COMMIT_SHORT_SHA}"
- docker build --pull --build-arg VERSION="${VERSION}" -t "${TEST_IMAGE}" -f docker/Dockerfile .
- docker push "${TEST_IMAGE}"
audit-composer:
image: ${TEST_IMAGE}
stage: test
before_script:
- curl -sSo /usr/local/bin/security-checker https://get.sensiolabs.org/security-checker.phar
- chmod +x /usr/local/bin/security-checker
- cd "${DOCROOT}"
script:
- security-checker --no-ansi security:check
audit-yarn:
image: node:10-alpine
stage: test
script:
- yarn audit
test:
image: ${TEST_IMAGE}
stage: test
services:
- mariadb:10.2
artifacts:
name: "${CI_JOB_NAME}_${CI_JOB_ID}"
expire_in: 1 week
when: always
paths:
- ./coverage/
- ./unittests.xml
reports:
junit: ./unittests.xml
coverage: '/^\s*Lines:\s*(\d+(?:\.\d+)?%)/'
before_script:
- apk add -q ${PHPIZE_DEPS} && pecl install pcov > /dev/null && docker-php-ext-enable pcov
- curl -sS https://getcomposer.org/installer | php -- --no-ansi --install-dir /usr/local/bin/ --filename composer
- cp -R tests/ phpunit.xml "${DOCROOT}"
- HOMEDIR=$PWD
- cd "${DOCROOT}"
- composer --no-ansi install
- ./bin/migrate
script:
- >-
php -d pcov.enabled=1 vendor/bin/phpunit -vvv --colors=never
--coverage-text --coverage-html "${HOMEDIR}/coverage/"
--log-junit "${HOMEDIR}/unittests.xml"
after_script:
- '"${DOCROOT}/bin/migrate" down'
release-image:
<<: *docker_definition
stage: release
script:
- docker pull "${TEST_IMAGE}"
- docker tag "${TEST_IMAGE}" "${RELEASE_IMAGE}"
- docker push "${RELEASE_IMAGE}"
only:
- master
release-image-nginx:
<<: *docker_definition
stage: release
script:
- docker pull "${TEST_IMAGE_NGINX}"
- docker tag "${TEST_IMAGE_NGINX}" "${RELEASE_IMAGE_NGINX}"
- docker push "${RELEASE_IMAGE_NGINX}"
only:
- master
.deploy_template: &deploy_definition
stage: deploy
image: ${TEST_IMAGE}
before_script:
- apk add -q bash rsync openssh-client
.deploy_template_script:
# Configure SSH
- &deploy_template_script |-
eval $(ssh-agent -s) && echo "${SSH_PRIVATE_KEY}" | ssh-add -
rsync -vAax public/assets ${DOCROOT}/public/
cd "${DOCROOT}"
build-release-file:
<<: *deploy_definition
stage: deploy
artifacts:
name: "release_${CI_COMMIT_REF_SLUG}_${CI_JOB_ID}_${CI_COMMIT_SHA}"
expire_in: 1 week
paths:
- ./release/
script:
- rsync -vAax "${DOCROOT}" "${DOCROOT}/.babelrc" "${DOCROOT}/.browserslistrc" release/
- rsync -vAax public/assets release/public/
deploy-staging:
<<: *deploy_definition
environment:
name: staging
only:
- master
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${STAGING_REMOTE}" ] || [ -z "${STAGING_REMOTE_PATH}" ]; then
echo "Skipping deployment"
exit
fi
- *deploy_template_script
# Deploy to server
- ./bin/deploy.sh -r "${STAGING_REMOTE}" -p "${STAGING_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"
deploy-production:
<<: *deploy_definition
environment:
name: production
when: manual
only:
- master
script:
# Check if deployment variables where set
- |-
if [ -z "${SSH_PRIVATE_KEY}" ] || [ -z "${PRODUCTION_REMOTE}" ] || [ -z "${PRODUCTION_REMOTE_PATH}" ]; then
echo "Skipping deployment"
exit
fi
- *deploy_template_script
# Deploy to server
- ./bin/deploy.sh -r "${PRODUCTION_REMOTE}" -p "${PRODUCTION_REMOTE_PATH}" -i "${CI_JOB_ID}-${CI_COMMIT_SHA}"