diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 7b1eef96..75f20909 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -13,198 +13,6 @@ variables: DOCKER_HOST: tcp://docker:2376 DOCKER_TLS_CERTDIR: "/certs" -docker-build-dev: - image: docker:latest - services: - - name: docker:dind - stage: dev-deployment - tags: - - docker_priv - rules: - - if: $CI_COMMIT_BRANCH == 'dev' - environment: - name: development - before_script: - - | - apk --no-cache add jq - MAJOR=$(cat app/config/version.json | jq '.major' ) - MINOR=$(cat app/config/version.json | jq '.minor' ) - SUB=$(cat app/config/version.json | jq '.sub' ) - META=$(cat app/config/version.json | jq -r '.meta' ) - - | - apk --no-cache add curl - latest_tag=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | sed -Ene '/^ *"tag_name": *"(v.+)",$/s//\1/p') - echo "Using buildx version $latest_tag" - curl -sSLo docker-buildx "https://github.com/docker/buildx/releases/download/$latest_tag/buildx-$latest_tag.linux-amd64" - chmod a+x docker-buildx - mkdir -p ~/.docker/cli-plugins - mv docker-buildx ~/.docker/cli-plugins/docker-buildx - docker version - - docker run --rm --privileged aptman/qus -- -r - - docker run --rm --privileged aptman/qus -s -- -p aarch64 x86_64 - - echo $CI_BUILD_TOKEN | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY - script: - - | - tag=":$CI_COMMIT_REF_SLUG" - VERSION="${MAJOR}.${MINOR}.${SUB}-${META}" - - | - echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" - echo "Crafty Version: $VERSION" - - docker context create tls-environment - - docker buildx create --name zedBuilder --use tls-environment - - docker buildx build - --cache-from type=registry,ref="$CI_REGISTRY_IMAGE${tag}" - --build-arg BUILDKIT_INLINE_CACHE=1 - --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" - --build-arg "BUILD_REF=${CI_COMMIT_SHA}" - --build-arg "CRAFTY_VER=${VERSION}" - --tag "$CI_REGISTRY_IMAGE${tag}" - --platform linux/arm64/v8,linux/amd64 - --push . - after_script: - - | - docker buildx rm zedBuilder && echo "Successfully Stopped builder instance" || echo "Failed to stop builder instance." - docker context rm tls-environment || true - echo "Please review multi-arch manifests are present:" - docker buildx imagetools inspect "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" - -docker-build-prod: - image: docker:latest - services: - - name: docker:dind - stage: prod-deployment - tags: - - docker_priv - rules: - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH - environment: - name: production - before_script: - - | - apk --no-cache add jq - MAJOR=$(cat app/config/version.json | jq '.major' ) - MINOR=$(cat app/config/version.json | jq '.minor' ) - SUB=$(cat app/config/version.json | jq '.sub' ) - META=$(cat app/config/version.json | jq -r '.meta' ) - - | - apk --no-cache add curl - latest_tag=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | sed -Ene '/^ *"tag_name": *"(v.+)",$/s//\1/p') - echo "Using buildx version $latest_tag" - curl -sSLo docker-buildx "https://github.com/docker/buildx/releases/download/$latest_tag/buildx-$latest_tag.linux-amd64" - chmod a+x docker-buildx - mkdir -p ~/.docker/cli-plugins - mv docker-buildx ~/.docker/cli-plugins/docker-buildx - docker version - - docker run --rm --privileged aptman/qus -- -r - - docker run --rm --privileged aptman/qus -s -- -p aarch64 x86_64 - - echo $CI_BUILD_TOKEN | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY - script: - - | - tag="" - VERSION="${MAJOR}.${MINOR}.${SUB}-${META}" - - | - echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" - echo "Crafty Version: $VERSION" - - docker context create tls-environment - - docker buildx create --name zedBuilder --use tls-environment - - docker buildx build - --cache-from type=registry,ref="$CI_REGISTRY_IMAGE${tag}" - --build-arg BUILDKIT_INLINE_CACHE=1 - --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" - --build-arg "BUILD_REF=${CI_COMMIT_SHA}" - --build-arg "CRAFTY_VER=${VERSION}" - --tag "$CI_REGISTRY_IMAGE${tag}" - --platform linux/arm64/v8,linux/amd64 - --push . - after_script: - - | - docker buildx rm zedBuilder && echo "Successfully Stopped builder instance" || echo "Failed to stop builder instance." - docker context rm tls-environment || true - echo "Please review multi-arch manifests are present:" - docker buildx imagetools inspect "$CI_REGISTRY_IMAGE${tag}" - -win-dev-build: - stage: dev-deployment - tags: - - win64 - cache: - paths: - - .venv/ - rules: - - if: "$CI_COMMIT_BRANCH == 'dev'" - environment: - name: development - script: - - | - $ErrorActionPreference = "Stop" - py -m venv .venv - .venv\Scripts\activate.ps1 - pip install pyinstaller - pip install -r requirements.txt - - pyinstaller -F main.py - --distpath . - --icon app\frontend\static\assets\images\Crafty_4-0_Logo_square.ico - --name "crafty_commander" - --paths .venv\Lib\site-packages - --hidden-import cryptography - --hidden-import cffi - --hidden-import apscheduler - --collect-all tzlocal - --collect-all tzdata - --collect-all pytz - --collect-all six - - # Download latest: - # | https://gitlab.com/crafty-controller/crafty-4/-/jobs/artifacts/dev/download?job=win-dev-build - artifacts: - name: "crafty-${CI_RUNNER_TAGS}-${CI_COMMIT_BRANCH}_${CI_COMMIT_SHORT_SHA}" - paths: - - app\ - - .\crafty_commander.exe - exclude: - - app\classes\**\* - -win-prod-build: - stage: prod-deployment - tags: - - win64 - cache: - paths: - - .venv/ - rules: - - if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH" - environment: - name: production - script: - - | - $ErrorActionPreference = "Stop" - py -m venv .venv - .venv\Scripts\activate.ps1 - pip install pyinstaller - pip install -r requirements.txt - - pyinstaller -F main.py - --distpath . - --icon app\frontend\static\assets\images\Crafty_4-0_Logo_square.ico - --name "crafty_commander" - --paths .venv\Lib\site-packages - --hidden-import cryptography - --hidden-import cffi - --hidden-import apscheduler - --collect-all tzlocal - --collect-all tzdata - --collect-all pytz - --collect-all six - - # Download latest: - # | https://gitlab.com/crafty-controller/crafty-4/-/jobs/artifacts/master/download?job=win-prod-build - artifacts: - name: "crafty-${CI_RUNNER_TAGS}-${CI_COMMIT_BRANCH}_${CI_COMMIT_SHORT_SHA}" - paths: - - app\ - - .\crafty_commander.exe - exclude: - - app\classes\**\* - sast: variables: SAST_EXCLUDED_PATHS: spec, test, tests, tmp, migrations, vendors @@ -230,6 +38,8 @@ gemnasium-python-dependency_scanning: include: - local: ./.gitlab/lint.yml + - local: ./.gitlab/docker-build.yml + - local: ./.gitlab/windows-build.yml - template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml diff --git a/.gitlab/docker-build.yml b/.gitlab/docker-build.yml new file mode 100644 index 00000000..483865ff --- /dev/null +++ b/.gitlab/docker-build.yml @@ -0,0 +1,110 @@ +--- +docker-build-dev: + image: docker:latest + services: + - name: docker:dind + stage: dev-deployment + tags: + - docker_priv + rules: + - if: $CI_COMMIT_BRANCH == 'dev' + environment: + name: development + before_script: + - | + apk --no-cache add jq + MAJOR=$(cat app/config/version.json | jq '.major' ) + MINOR=$(cat app/config/version.json | jq '.minor' ) + SUB=$(cat app/config/version.json | jq '.sub' ) + META=$(cat app/config/version.json | jq -r '.meta' ) + - | + apk --no-cache add curl + latest_tag=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | sed -Ene '/^ *"tag_name": *"(v.+)",$/s//\1/p') + echo "Using buildx version $latest_tag" + curl -sSLo docker-buildx "https://github.com/docker/buildx/releases/download/$latest_tag/buildx-$latest_tag.linux-amd64" + chmod a+x docker-buildx + mkdir -p ~/.docker/cli-plugins + mv docker-buildx ~/.docker/cli-plugins/docker-buildx + docker version + - docker run --rm --privileged aptman/qus -- -r + - docker run --rm --privileged aptman/qus -s -- -p aarch64 x86_64 + - echo $CI_BUILD_TOKEN | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY + script: + - | + tag=":$CI_COMMIT_REF_SLUG" + VERSION="${MAJOR}.${MINOR}.${SUB}-${META}" + - | + echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + echo "Crafty Version: $VERSION" + - docker context create tls-environment + - docker buildx create --name zedBuilder --use tls-environment + - docker buildx build + --cache-from type=registry,ref="$CI_REGISTRY_IMAGE${tag}" + --build-arg BUILDKIT_INLINE_CACHE=1 + --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" + --build-arg "BUILD_REF=${CI_COMMIT_SHA}" + --build-arg "CRAFTY_VER=${VERSION}" + --tag "$CI_REGISTRY_IMAGE${tag}" + --platform linux/arm64/v8,linux/amd64 + --push . + after_script: + - | + docker buildx rm zedBuilder && echo "Successfully Stopped builder instance" || echo "Failed to stop builder instance." + docker context rm tls-environment || true + echo "Please review multi-arch manifests are present:" + docker buildx imagetools inspect "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG" + +docker-build-prod: + image: docker:latest + services: + - name: docker:dind + stage: prod-deployment + tags: + - docker_priv + rules: + - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH + environment: + name: production + before_script: + - | + apk --no-cache add jq + MAJOR=$(cat app/config/version.json | jq '.major' ) + MINOR=$(cat app/config/version.json | jq '.minor' ) + SUB=$(cat app/config/version.json | jq '.sub' ) + META=$(cat app/config/version.json | jq -r '.meta' ) + - | + apk --no-cache add curl + latest_tag=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | sed -Ene '/^ *"tag_name": *"(v.+)",$/s//\1/p') + echo "Using buildx version $latest_tag" + curl -sSLo docker-buildx "https://github.com/docker/buildx/releases/download/$latest_tag/buildx-$latest_tag.linux-amd64" + chmod a+x docker-buildx + mkdir -p ~/.docker/cli-plugins + mv docker-buildx ~/.docker/cli-plugins/docker-buildx + docker version + - docker run --rm --privileged aptman/qus -- -r + - docker run --rm --privileged aptman/qus -s -- -p aarch64 x86_64 + - echo $CI_BUILD_TOKEN | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY + script: + - | + tag="" + VERSION="${MAJOR}.${MINOR}.${SUB}-${META}" + - | + echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + echo "Crafty Version: $VERSION" + - docker context create tls-environment + - docker buildx create --name zedBuilder --use tls-environment + - docker buildx build + --cache-from type=registry,ref="$CI_REGISTRY_IMAGE${tag}" + --build-arg BUILDKIT_INLINE_CACHE=1 + --build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")" + --build-arg "BUILD_REF=${CI_COMMIT_SHA}" + --build-arg "CRAFTY_VER=${VERSION}" + --tag "$CI_REGISTRY_IMAGE${tag}" + --platform linux/arm64/v8,linux/amd64 + --push . + after_script: + - | + docker buildx rm zedBuilder && echo "Successfully Stopped builder instance" || echo "Failed to stop builder instance." + docker context rm tls-environment || true + echo "Please review multi-arch manifests are present:" + docker buildx imagetools inspect "$CI_REGISTRY_IMAGE${tag}" diff --git a/.gitlab/windows-build.yml b/.gitlab/windows-build.yml new file mode 100644 index 00000000..b652a113 --- /dev/null +++ b/.gitlab/windows-build.yml @@ -0,0 +1,82 @@ +--- +win-dev-build: + stage: dev-deployment + tags: + - win64 + cache: + paths: + - .venv/ + rules: + - if: "$CI_COMMIT_BRANCH == 'dev'" + environment: + name: development + script: + - | + $ErrorActionPreference = "Stop" + py -m venv .venv + .venv\Scripts\activate.ps1 + pip install pyinstaller + pip install -r requirements.txt + - pyinstaller -F main.py + --distpath . + --icon app\frontend\static\assets\images\Crafty_4-0_Logo_square.ico + --name "crafty_commander" + --paths .venv\Lib\site-packages + --hidden-import cryptography + --hidden-import cffi + --hidden-import apscheduler + --collect-all tzlocal + --collect-all tzdata + --collect-all pytz + --collect-all six + + # Download latest: + # | https://gitlab.com/crafty-controller/crafty-4/-/jobs/artifacts/dev/download?job=win-dev-build + artifacts: + name: "crafty-${CI_RUNNER_TAGS}-${CI_COMMIT_BRANCH}_${CI_COMMIT_SHORT_SHA}" + paths: + - app\ + - .\crafty_commander.exe + exclude: + - app\classes\**\* + +win-prod-build: + stage: prod-deployment + tags: + - win64 + cache: + paths: + - .venv/ + rules: + - if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH" + environment: + name: production + script: + - | + $ErrorActionPreference = "Stop" + py -m venv .venv + .venv\Scripts\activate.ps1 + pip install pyinstaller + pip install -r requirements.txt + - pyinstaller -F main.py + --distpath . + --icon app\frontend\static\assets\images\Crafty_4-0_Logo_square.ico + --name "crafty_commander" + --paths .venv\Lib\site-packages + --hidden-import cryptography + --hidden-import cffi + --hidden-import apscheduler + --collect-all tzlocal + --collect-all tzdata + --collect-all pytz + --collect-all six + + # Download latest: + # | https://gitlab.com/crafty-controller/crafty-4/-/jobs/artifacts/master/download?job=win-prod-build + artifacts: + name: "crafty-${CI_RUNNER_TAGS}-${CI_COMMIT_BRANCH}_${CI_COMMIT_SHORT_SHA}" + paths: + - app\ + - .\crafty_commander.exe + exclude: + - app\classes\**\*