-
Notifications
You must be signed in to change notification settings - Fork 10
/
.gitlab-ci.yml
135 lines (120 loc) · 3.67 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
# Jobs defined here use the idp/ci docker image from ECR by default.
# Images are built via the identity-devops GitLab pipeline.
variables:
BUNDLER_VERSION: "2.3.13"
ECR_REGISTRY: '${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com'
SAML_SINATRA_CI_SHA: 'sha256:fc49828b6a7b03a65bf286eed4c0fd4de0b0e83169dc60cfd024920d60faa8a8'
default:
image: '${ECR_REGISTRY}/saml_sinatra/ci@${SAML_SINATRA_CI_SHA}'
.bundle_install: &bundle_install
- gem install bundler --version $BUNDLER_VERSION
- bundle check || bundle install --deployment --jobs=4 --retry=3 --without deploy development doc production --path vendor/bundle
.yarn_install: &yarn_install
- yarn install --frozen-lockfile --ignore-engines --cache-folder .yarn-cache
.yarn_production_install: &yarn_production_install
- yarn install --production --frozen-lockfile --ignore-engines --cache-folder .yarn-cache
.deploy_script: &deploy_script
- *bundle_install
- bundle exec rake login:deploy_json
- cf8 login -a https://api.fr.cloud.gov -u "e1fdd211-f191-40e8-99c7-4e7164d9ae76" -p $CF8_PASS -o "gsa-login-prototyping" -s "$SPACE"
- cf8 push $SPACE-identity-saml-sinatra -b ruby_buildpack
.build_cache:
- &ruby_cache
key:
files:
- Gemfile.lock
paths:
- vendor/bundle
policy: pull
- &yarn_cache
key:
files:
- yarn.lock
paths:
- .yarn-cache/
policy: pull
- &yarn_production_cache
key:
files:
- yarn.lock
paths:
- .yarn-cache/
policy: pull
stages:
- .pre
- test
- deploy
workflow:
rules:
- if: '$CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "web"'
- if: '$CI_COMMIT_BRANCH == "main"'
- if: $CI_COMMIT_TAG
when: never
install_dependencies:
stage: .pre
variables:
RAILS_ENV: test
SKIP_YARN_INSTALL: 'true'
cache:
- <<: *ruby_cache
policy: pull-push
- <<: *yarn_cache
policy: pull-push
script:
- *bundle_install
- *yarn_install
- bundle exec rake login:deploy_json
test_release:
stage: test
needs:
- job: install_dependencies
cache:
- <<: *ruby_cache
- <<: *yarn_cache
script:
- *bundle_install
- *yarn_install
- make test
artifacts:
paths:
- /tmp/test-results
build-ci-image:
stage: .pre
interruptible: true
needs: []
tags:
- build-pool
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: ['']
rules:
# Build when there are changes to the Dockerfile
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH || $CI_PIPELINE_SOURCE == "merge_request_event" || $CI_PIPELINE_SOURCE == "web"'
changes:
compare_to: 'refs/heads/main'
paths:
- dockerfiles/ci.Dockerfile
script:
- mkdir -p /kaniko/.docker
- |-
KANIKOCFG="\"credsStore\":\"ecr-login\""
if [ "x${http_proxy}" != "x" -o "x${https_proxy}" != "x" ]; then
KANIKOCFG="${KANIKOCFG}, \"proxies\": { \"default\": { \"httpProxy\": \"${http_proxy}\", \"httpsProxy\": \"${https_proxy}\", \"noProxy\": \"${no_proxy}\"}}"
fi
KANIKOCFG="{ ${KANIKOCFG} }"
echo "${KANIKOCFG}" > /kaniko/.docker/config.json
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/dockerfiles/ci.Dockerfile"
--destination "${ECR_REGISTRY}/saml_sinatra/ci:latest"
--destination "${ECR_REGISTRY}/saml_sinatra/ci:${CI_COMMIT_SHA}"
--build-arg "http_proxy=${http_proxy}" --build-arg "https_proxy=${https_proxy}" --build-arg "no_proxy=${no_proxy}"
deploy_to_cloudgov:
stage: deploy
rules:
- if: '$CI_COMMIT_BRANCH == "main"'
script: *deploy_script
parallel:
matrix:
- SPACE: [prod, staging, int, dev, dm]