-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
197 lines (158 loc) · 5.16 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
# -------------------------------------------------------------------------------------
# Summary: Define the main CI/CD pipeline for this project.
# Created: 2021-11-13 11:35:08
# Author: Bryant Finney (https://bryant-finney.github.io/about)
# -------------------------------------------------------------------------------------
variables:
POSTGRES_DB:
description: Set the name of the postgres database to use for tests
value: canary
POSTGRES_PASSWORD:
description: This value is masked and controls access to the test database
POSTGRES_USER:
description: Name the DB account by this value
value: django
stages:
- qa
- build
- test
include:
- template: Security/SAST.gitlab-ci.yml
- template: Code-Quality.gitlab-ci.yml
.parallel python versions:
parallel:
matrix:
- PY_MAJOR: 3
PY_MINOR: [7, 8, 9, 10]
code_quality:
stage: qa
needs: []
artifacts:
paths: [gl-code-quality-report.json]
expire_in: 90 days
code_quality html report:
stage: qa
extends: [code_quality]
variables:
REPORT_FORMAT: html
artifacts:
paths: [gl-code-quality-report.html]
expire_in: 90 days
pre-commit:
before_script:
- pip3 install poetry
- chmod +x .envrc && . ./.envrc
extends: [.parallel python versions]
image: "$CI_REGISTRY_IMAGE/python:${PY_MAJOR}.${PY_MINOR}"
needs: []
script:
- pre-commit run --all
stage: qa
build image:
# build the image using GitLab's docker-in-docker solution
after_script: [docker logout $CI_REGISTRY]
before_script:
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
- docker pull $FULL_LATEST_TAG || echo "failed to pull image $FULL_LATEST_TAG"
image: docker:20.10
needs: []
script:
- >
docker build \
--tag $FULL_COMMIT_TAG \
--tag $FULL_LATEST_TAG \
--cache-from $FULL_LATEST_TAG \
--target $BUILD_TARGET \
--file $DOCKERFILE_PATH .
- docker push $FULL_LATEST_TAG
- docker push $FULL_COMMIT_TAG
services: ["docker:20.10-dind"]
stage: build
variables:
DOCKERFILE_PATH: ./api/Dockerfile
# child jobs may override this variable in order to specify a different image name;
# note: this includes the registry name and image name, but not the version tag
FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE
# override this variable to build a different target
BUILD_TARGET: dev
# define version tags for `latest` (floating tag) and the specific commit
LATEST_TAG: ${BUILD_TARGET}-latest
COMMIT_TAG: ${BUILD_TARGET}-$CI_COMMIT_SHORT_SHA
# define the full RepoTags for the image
FULL_LATEST_TAG: $FULL_IMAGE_NAME:$LATEST_TAG
FULL_COMMIT_TAG: $FULL_IMAGE_NAME:$COMMIT_TAG
build prod image:
# build the minimal production image of the API
extends: [build image]
variables:
BUILD_TARGET: prod
build db image:
# build the database image
extends: [build image]
variables:
DOCKERFILE_PATH: ./db/Dockerfile
FULL_IMAGE_NAME: $CI_REGISTRY_IMAGE/db
build prod db image:
# build the `prod` db image
extends: [build db image]
variables:
BUILD_TARGET: prod
sast:
stage: test
needs: []
check startup:
# verify that no migrations were missed, migrations can be performed, and that a test
# user can be created
image:
name: $CI_REGISTRY_IMAGE:dev-$CI_COMMIT_SHORT_SHA
# override the entrypoint for this CI job
entrypoint: [""]
needs:
- build image
- build db image
script:
- django-admin makemigrations
# if changes to the models defined by this project result in a migration, this step
# will fail
- git add . && git diff --exit-code HEAD
- django-admin migrate --no-input
- django-admin collectstatic --no-input
- django-admin createsuperuser --no-input --username gitlab-runner --email gitlab-runner@junk.com
services:
- name: $CI_REGISTRY_IMAGE/db:dev-$CI_COMMIT_SHORT_SHA
alias: db
stage: test
variables:
CANARY_CORE_DB_HOST: db
CANARY_CORE_DB_NAME: $POSTGRES_DB
CANARY_CORE_DB_PASSWORD: $POSTGRES_PASSWORD
CANARY_CORE_DB_USER: $POSTGRES_USER
POSTGRES_DB: $POSTGRES_DB
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_USER: $POSTGRES_USER
tox:
# run the test suite on each supported Python version
before_script:
- pip3 install poetry
- poetry install --no-interaction
extends: [.parallel python versions]
image: "$CI_REGISTRY_IMAGE/python:${PY_MAJOR}.${PY_MINOR}"
# NOTE: this is needed for the referenced services property
needs: [build db image]
script:
- pytest
# keep the CI configuration DRY by referencing the previous job definition
services: !reference [check startup, services]
stage: test
# NOTE: the variables here should include all variables from `check startup` (above)
variables:
CANARY_CORE_DB_HOST:
!reference [check startup, variables, CANARY_CORE_DB_HOST]
CANARY_CORE_DB_NAME: $POSTGRES_DB
CANARY_CORE_DB_PASSWORD: $POSTGRES_PASSWORD
CANARY_CORE_DB_USER: $POSTGRES_USER
POSTGRES_DB: $POSTGRES_DB
POSTGRES_PASSWORD: $POSTGRES_PASSWORD
POSTGRES_USER: $POSTGRES_USER
# install to the system, since we're inside a Docker container
POETRY_VIRTUALENVS_CREATE: "false"