-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
114 lines (100 loc) · 3.03 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
image: docker:latest
services:
- docker:dind
stages:
- build
- test
- deploy
include:
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
variables:
SECURE_LOG_LEVEL: info
DS_JAVA_VERSION: 11
DOCKER_DRIVER: overlay
CONTAINER_IMAGE: smartcommunitylab/challenges-generator:$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA
CONTAINER_IMAGE_LATEST: smartcommunitylab/challenges-generator:$CI_COMMIT_REF_NAME-latest
CS_IMAGE: smartcommunitylab/challenges-generator:$CI_COMMIT_REF_NAME-latest
CONTAINER_CACHE_IMAGE: smartcommunitylab/challenges-generator:cache
SAST_JAVA_VERSION: 11
# update-backend-cache-image:
# stage: build
# variables:
# BUILDKIT_PROGRESS: plain
# DOCKER_BUILDKIT: 1
# script:
# - docker login -u $DHUB_USER -p $DHUB_PASS
# - docker build --build-arg REPO=$CI_COMMIT_REF_NAME -f Dockerfile-cache -t $CONTAINER_CACHE_IMAGE .
# - docker push $CONTAINER_CACHE_IMAGE
# rules:
# - changes:
# - pom.xml
backend-container-build:
stage: build
script:
- docker login -u $DHUB_USER -p $DHUB_PASS
- DOCKER_BUILDKIT=1 docker build -f Dockerfile --build-arg REPO=$CI_COMMIT_REF_NAME -t $CONTAINER_IMAGE -t $CONTAINER_IMAGE_LATEST . --no-cache
- docker push $CONTAINER_IMAGE
- docker push $CONTAINER_IMAGE_LATEST
only:
- playAndGo-dev
- playAndGo-prod
- master
artifacts:
expire_in: 1 week
container_scanning:
stage: test
variables:
DOCKER_IMAGE: smartcommunitylab/challenges-generator:$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA
DOCKERFILE_PATH: "Dockerfile"
GIT_STRATEGY: fetch
DOCKER_USER: ""
DOCKER_PASSWORD: ""
artifacts:
expire_in: 1 week
dependencies:
- backend-container-build
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
spotbugs-sast:
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
semgrep-sast:
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
nodejs-scan-sast:
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
gemnasium-maven-dependency_scanning:
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
gemnasium-dependency_scanning:
rules:
- if: '$CI_COMMIT_REF_NAME == "master"'
deploy-dev:
stage: deploy
image: smartcommunitylab/kubectl-alpine:latest
environment:
name: dslab
script:
- echo "deploy backend"
- kubectl -n playngo-dev set image deployments/challenges-generator challenges-generator=$CONTAINER_IMAGE --record=true
- kubectl -n playngo-dev rollout status deployment challenges-generator
only:
- playAndGo-dev
artifacts:
expire_in: 1 week
deploy-prod:
stage: deploy
image: smartcommunitylab/kubectl-alpine:latest
environment:
name: dslab
script:
- echo "deploy backend"
- kubectl -n playngo-prod set image deployments/challenges-generator challenges-generator=$CONTAINER_IMAGE --record=true
- kubectl -n playngo-prod rollout status deployment challenges-generator
only:
- playAndGo-prod
artifacts:
expire_in: 1 week