crafty-4/.gitlab-ci.yml
2022-06-10 14:45:48 +01:00

236 lines
7.4 KiB
YAML

# Crafty Controller 4.0 - Lint & Build Pipes
# [Maintainer: Zedifus(https://gitlab.com/Zedifus)]
###################################################
# yamllint disable rule:line-length
---
stages:
- lint
- test
- prod-deployment
- dev-deployment
variables:
DOCKER_HOST: tcp://docker:2376
DOCKER_TLS_CERTDIR: "/certs"
docker-build-dev:
image: docker:latest
services:
- name: docker:dind
stage: dev-deployment
tags:
- docker_priv
rules:
- if: $CI_COMMIT_BRANCH == 'dev'
environment:
name: development
before_script:
- |
apk --no-cache add jq
MAJOR=$(cat app/config/version.json | jq '.major' )
MINOR=$(cat app/config/version.json | jq '.minor' )
SUB=$(cat app/config/version.json | jq '.sub' )
META=$(cat app/config/version.json | jq -r '.meta' )
- |
apk --no-cache add curl
latest_tag=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | sed -Ene '/^ *"tag_name": *"(v.+)",$/s//\1/p')
echo "Using buildx version $latest_tag"
curl -sSLo docker-buildx "https://github.com/docker/buildx/releases/download/$latest_tag/buildx-$latest_tag.linux-amd64"
chmod a+x docker-buildx
mkdir -p ~/.docker/cli-plugins
mv docker-buildx ~/.docker/cli-plugins/docker-buildx
docker version
- docker run --rm --privileged aptman/qus -- -r
- docker run --rm --privileged aptman/qus -s -- -p aarch64 x86_64
- echo $CI_BUILD_TOKEN | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
script:
- |
tag=":$CI_COMMIT_REF_SLUG"
VERSION="${MAJOR}.${MINOR}.${SUB}-${META}"
- |
echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
echo "Crafty Version: $VERSION"
- docker context create tls-environment
- docker buildx create --name zedBuilder --use tls-environment
- docker buildx build
--cache-from type=registry,ref="$CI_REGISTRY_IMAGE${tag}"
--build-arg BUILDKIT_INLINE_CACHE=1
--build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")"
--build-arg "BUILD_REF=${CI_COMMIT_SHA}"
--build-arg "CRAFTY_VER=${VERSION}"
--tag "$CI_REGISTRY_IMAGE${tag}"
--platform linux/arm64/v8,linux/amd64
--push .
after_script:
- |
docker buildx rm zedBuilder && echo "Successfully Stopped builder instance" || echo "Failed to stop builder instance."
docker context rm tls-environment || true
echo "Please review multi-arch manifests are present:"
docker buildx imagetools inspect "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
docker-build-prod:
image: docker:latest
services:
- name: docker:dind
stage: prod-deployment
tags:
- docker_priv
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
environment:
name: production
before_script:
- |
apk --no-cache add jq
MAJOR=$(cat app/config/version.json | jq '.major' )
MINOR=$(cat app/config/version.json | jq '.minor' )
SUB=$(cat app/config/version.json | jq '.sub' )
META=$(cat app/config/version.json | jq -r '.meta' )
- |
apk --no-cache add curl
latest_tag=$(curl -s https://api.github.com/repos/docker/buildx/releases/latest | sed -Ene '/^ *"tag_name": *"(v.+)",$/s//\1/p')
echo "Using buildx version $latest_tag"
curl -sSLo docker-buildx "https://github.com/docker/buildx/releases/download/$latest_tag/buildx-$latest_tag.linux-amd64"
chmod a+x docker-buildx
mkdir -p ~/.docker/cli-plugins
mv docker-buildx ~/.docker/cli-plugins/docker-buildx
docker version
- docker run --rm --privileged aptman/qus -- -r
- docker run --rm --privileged aptman/qus -s -- -p aarch64 x86_64
- echo $CI_BUILD_TOKEN | docker login -u "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY
script:
- |
tag=""
VERSION="${MAJOR}.${MINOR}.${SUB}-${META}"
- |
echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
echo "Crafty Version: $VERSION"
- docker context create tls-environment
- docker buildx create --name zedBuilder --use tls-environment
- docker buildx build
--cache-from type=registry,ref="$CI_REGISTRY_IMAGE${tag}"
--build-arg BUILDKIT_INLINE_CACHE=1
--build-arg "BUILD_DATE=$(date +"%Y-%m-%dT%H:%M:%SZ")"
--build-arg "BUILD_REF=${CI_COMMIT_SHA}"
--build-arg "CRAFTY_VER=${VERSION}"
--tag "$CI_REGISTRY_IMAGE${tag}"
--platform linux/arm64/v8,linux/amd64
--push .
after_script:
- |
docker buildx rm zedBuilder && echo "Successfully Stopped builder instance" || echo "Failed to stop builder instance."
docker context rm tls-environment || true
echo "Please review multi-arch manifests are present:"
docker buildx imagetools inspect "$CI_REGISTRY_IMAGE${tag}"
win-dev-build:
stage: dev-deployment
tags:
- win64
cache:
paths:
- .venv/
rules:
- if: "$CI_COMMIT_BRANCH == 'dev'"
environment:
name: development
script:
- |
$ErrorActionPreference = "Stop"
py -m venv .venv
.venv\Scripts\activate.ps1
pip install pyinstaller
pip install -r requirements.txt
- pyinstaller -F main.py
--distpath .
--icon app\frontend\static\assets\images\Crafty_4-0_Logo_square.ico
--name "crafty_commander"
--paths .venv\Lib\site-packages
--hidden-import cryptography
--hidden-import cffi
--hidden-import apscheduler
--collect-all tzlocal
--collect-all tzdata
--collect-all pytz
--collect-all six
# Download latest:
# | https://gitlab.com/crafty-controller/crafty-4/-/jobs/artifacts/dev/download?job=win-dev-build
artifacts:
name: "crafty-${CI_RUNNER_TAGS}-${CI_COMMIT_BRANCH}_${CI_COMMIT_SHORT_SHA}"
paths:
- app\
- .\crafty_commander.exe
exclude:
- app\classes\**\*
win-prod-build:
stage: prod-deployment
tags:
- win64
cache:
paths:
- .venv/
rules:
- if: "$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH"
environment:
name: production
script:
- |
$ErrorActionPreference = "Stop"
py -m venv .venv
.venv\Scripts\activate.ps1
pip install pyinstaller
pip install -r requirements.txt
- pyinstaller -F main.py
--distpath .
--icon app\frontend\static\assets\images\Crafty_4-0_Logo_square.ico
--name "crafty_commander"
--paths .venv\Lib\site-packages
--hidden-import cryptography
--hidden-import cffi
--hidden-import apscheduler
--collect-all tzlocal
--collect-all tzdata
--collect-all pytz
--collect-all six
# Download latest:
# | https://gitlab.com/crafty-controller/crafty-4/-/jobs/artifacts/master/download?job=win-prod-build
artifacts:
name: "crafty-${CI_RUNNER_TAGS}-${CI_COMMIT_BRANCH}_${CI_COMMIT_SHORT_SHA}"
paths:
- app\
- .\crafty_commander.exe
exclude:
- app\classes\**\*
sast:
variables:
SAST_EXCLUDED_PATHS: spec, test, tests, tmp, migrations, vendors
SAST_BANDIT_EXCLUDED_PATHS: "'*/migrations/*, */vendors/*'"
SAST_EXCLUDED_ANALYZERS: semgrep
stage: test
tags:
- docker
secret_detection:
variables:
SECRET_DETECTION_EXCLUDED_PATHS: migrations, vendors
tags:
- docker
gemnasium-dependency_scanning:
tags:
- docker
gemnasium-python-dependency_scanning:
tags:
- docker
include:
- local: ./.gitlab/lint.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml