-
-
Notifications
You must be signed in to change notification settings - Fork 35
/
.gitlab-ci.yml
101 lines (91 loc) · 2.78 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
services:
- postgres:14.5
variables:
POSTGRES_USER: phoenix
POSTGRES_DB: phoenix
POSTGRES_HOST_AUTH_METHOD: trust
LICENSE_FINDER_CLI_OPTS: '--recursive'
stages:
- test
- publish
- deploy
sast:
stage: test
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
migrate-and-test:
stage: test
variables:
DATABASE_URL: postgres://phoenix:phoenix@postgres:5432/phoenix
H_ORIGIN: http://localhost:5000
image:
name: ruby:3.0.6
script:
- gem install bundler
- gem install rails
- bundle install
- rails db:migrate
- rails server -d
- sleep 20
- kill $(cat tmp/pids/server.pid)
docker-nightly:
stage: publish
needs:
- migrate-and-test
image:
name: gcr.io/kaniko-project/executor:v1.9.0-debug
entrypoint:
- ''
script:
- /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}:nightly" --build-arg GIT_TAG=nightly
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
docker-prod:
stage: publish
needs:
- migrate-and-test
image:
name: gcr.io/kaniko-project/executor:v1.9.0-debug
entrypoint:
- ''
script:
- /kaniko/executor --context "${CI_PROJECT_DIR}" --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}" --destination "${CI_REGISTRY_IMAGE}:stable" --build-arg GIT_TAG=${CI_COMMIT_TAG}
rules:
- if: $CI_COMMIT_TAG
deploy-prod:
stage: deploy
image:
name: curlimages/curl
environment:
name: production
url: https://edit.tosdr.org
needs:
- docker-prod
script:
- curl -X POST $PORTAINER_WEBHOOK_URL_PROD
rules:
- if: $CI_COMMIT_TAG
deploy-staging:
stage: deploy
image:
name: curlimages/curl
environment:
name: staging
url: https://edit.staging.tosdr.org
needs:
- docker-nightly
script:
- curl -X POST $PORTAINER_WEBHOOK_URL_STAGING
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH