-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
166 lines (144 loc) · 3.67 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
stages:
- devenv
- test
- lint
- style
- deploy
workflow:
rules:
- if: $CI_PIPELINE_SOURCE == "push"
variables:
GIT_DEPTH: 0
.nix:
image: registry.gitlab.com/cynerd/gitlab-ci-nix
tags:
- docker
cache:
key: "nix"
paths:
- ".nix-cache"
before_script:
- gitlab-ci-nix-cache-before
after_script:
- gitlab-ci-nix-cache-after
## Development environment #####################################################
devenv:
stage: devenv
extends: .nix
script:
- nix develop -c true
## Test stage ##################################################################
.test:
stage: test
extends: .nix
needs: ["devenv"]
tests:
extends: .test
script:
- nix develop --quiet -c pytest -v --junitxml=report.xml --cov=. --cov-report xml:coverage.xml --cov-report html:coverage --cov-report term
artifacts:
reports:
junit: report.xml
coverage_report:
coverage_format: cobertura
path: coverage.xml
paths:
- 'coverage/'
coverage: '/^TOTAL.*\s+([^\s]+)%$/'
nix-build:
extends: .test
script:
- nix build
nix-check:
extends: .test
script:
- nix flake check
include:
- template: Security/Secret-Detection.gitlab-ci.yml
## Linters #####################################################################
.lint:
stage: lint
extends: .nix
needs: ["devenv"]
pylint:
extends: .lint
script:
- nix develop --quiet -c pylint --output-format=colorized .
mypy:
extends: .lint
script:
- mkdir .mypy-cache
- nix develop --quiet -c mypy --cache-dir .mypy-cache --install-types --non-interactive .
## Style stage #################################################################
.style:
stage: style
extends: .nix
needs: ["devenv"]
allow_failure: true
black:
extends: .style
script:
- nix develop --quiet -c black --diff --check .
isort:
extends: .style
script:
- nix develop --quiet -c isort --diff --check .
pydocstyle:
extends: .style
script:
- nix develop --quiet -c pydocstyle --match='(?!tests/)*.py' .
editorconfig-checker:
extends: .style
script:
- nix develop --quiet -c editorconfig-checker -exclude '.nix-cache/.*'
gitlint:
extends: .style
script:
- git fetch
- nix develop --quiet -c gitlint --commits origin/master..$CI_COMMIT_SHA
## Release creation ############################################################
.deploy:
stage: deploy
rules:
- if: '$CI_COMMIT_TAG'
needs:
- job: tests
artifacts: false
release:
extends: .deploy
image: "registry.gitlab.com/gitlab-org/release-cli:latest"
before_script:
- apk update
- apk add bash curl jq py3-pip
- pip install yq
script:
- bash .release.sh
gitlab-pypi:
extends: [.nix, .deploy]
script:
- nix develop --quiet -c python3 -m build
- TWINE_PASSWORD=$CI_JOB_TOKEN TWINE_USERNAME=gitlab-ci-token nix develop --quiet -c twine upload --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*
pages:
stage: deploy
extends: .nix
rules:
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
needs: ["devenv"]
script:
- git fetch
- nix develop --quiet -c sphinx-multiversion docs public
- | # Add index.html to public root to redirect to $CI_DEFUALT_BRANCH/index.html
cat >public/index.html << EOF
<!DOCTYPE html>
<html>
<head>
<title>Redirecting to $CI_DEFAULT_BRANCH branch</title>
<meta charset="utf-8">
<meta http-equiv="refresh" content="0; url=./$CI_DEFAULT_BRANCH/index.html">
<link rel="canonical" href="$CI_PAGES_URL/$CI_DEFAULT_BRANCH/index.html">
</head>
</html>
EOF
artifacts:
paths:
- public