-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
144 lines (126 loc) · 4.51 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
before_script:
- mkdir -p ~/.docker
- echo ${DOCKER_AUTH_CONFIG} > ~/.docker/config.json
stages:
- build
- tagging
- deploy
variables:
BUILDVERSION: ${CI_PIPELINE_ID}
SERVICE_IMAGE: harbor.rnds.pro/rnds/gitlab-janitor
SERVICE_TAG: ${CI_COMMIT_SHORT_SHA}
CURRENT_TAG: ${CI_COMMIT_SHORT_SHA}
# MIXINS
.runner:
image: harbor.rnds.pro/dockerhub/rnds/gitlab-runner:latest
include:
- project: 'aggredator/support/composer'
file: '/templates/tagging.yml'
- project: 'aggredator/support/composer'
file: '/templates/publish-readme-to-harbor.yml'
build:gem:
extends: .runner
stage: build
variables:
BUILDVERSION: ${CI_PIPELINE_ID}
script:
- bundle config set --local path 'vendor/bundle'
- bundle install --jobs=3 && bundle package --all
- gem build `ls | grep gemspec` && gem install `ls | grep -e '.gem$'`
cache:
paths:
- vendor/bundle
- vendor/cache
artifacts:
name: "gem"
paths:
- ./*.gem
only:
- master
build:docker:
extends: .runner
stage: build
script:
- export OC_IMAGE_CREATED=$(date --rfc-3339=seconds)
- export OC_IMAGE_VERSION=$(cat lib/gitlab_janitor/version.rb | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+')
- export OC_IMAGE_REVISION=${CI_COMMIT_SHORT_SHA}
- test -n "${CI_COMMIT_REF_SLUG}" && export OC_IMAGE_REFNAME=${CI_COMMIT_REF_SLUG}
- test -n "${CI_COMMIT_TAG}" && export OC_IMAGE_REFNAME=${CI_COMMIT_TAG}
- docker-compose pull -q || true
- SERVICE_TAG=lastest docker-compose pull -q || true
- docker-compose build --force-rm --pull
- docker-compose push
# TAGGING STAGE
tagging:tags:
extends: .tagging_tags
variables:
IMAGE: ${SERVICE_IMAGE}
tagging:branches:
extends: .tagging_branches
variables:
IMAGE: ${SERVICE_IMAGE}
tagging:master:
extends: .tagging_master
variables:
IMAGE: ${SERVICE_IMAGE}
tagging:version:
extends: .tagging
variables:
IMAGE: ${SERVICE_IMAGE}
before_script:
- export VERSION=$(cat lib/gitlab_janitor/version.rb | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+')
- echo "TAG=${VERSION}" > .env.tagging
only:
- master
deploy:dockerhub:
extends: .runner
stage: deploy
script:
- export VERSION=$(cat lib/gitlab_janitor/version.rb | grep -o -E '[0-9]+\.[0-9]+\.[0-9]+')
- docker pull ${SERVICE_IMAGE}:latest
- docker tag ${SERVICE_IMAGE}:latest rnds/gitlab-janitor:latest
- docker push rnds/gitlab-janitor:latest
- docker pull ${SERVICE_IMAGE}:${VERSION}
- docker tag ${SERVICE_IMAGE}:${VERSION} rnds/gitlab-janitor:${VERSION}
- docker push rnds/gitlab-janitor:${VERSION}
only:
- master
deploy:rubygems:
extends: .runner
stage: deploy
script:
- mkdir -p ~/.gem
- 'echo ":rubygems_api_key: ${RUBYGEMS_KEY}" > ~/.gem/credentials'
- chmod 600 ~/.gem/credentials
- export GEMFILE=`ls *.gem | tail -n 1`
- gem push $GEMFILE
only:
- master
deploy:badges:
extends: .runner
stage: deploy
allow_failure: true
variables:
BRANCH_LOCK: ci/${CI_PROJECT_NAME}/${CI_COMMIT_REF_SLUG}
ENV_LOCK: ci/${CI_PROJECT_NAME}/${CI_ENVIRONMENT_SLUG}
BADGES_URL: https://lysander.rnds.pro/api/v1/badges/janitor
URL: https://github.com/RND-SOFT/gitlab-janitor
cache:
paths:
- vendor/bundle
- vendor/cache
policy: pull
script:
- bundle config set --local path 'vendor/bundle'
- bundle install --jobs=3
- bundle audit update
- bundle audit || true
- bundle outdated --only-explicit --no-pre --group default || true
- vulnerable=$(bundle audit | grep "Name:" | sort | uniq | wc -l) || true
- outdated=$(bundle outdated --only-explicit --no-pre --group default | grep "*" | wc -l) || true
- quality=$(rubycritic -f lint lib | tail -n 1 | cut -d ' ' -f2) || true
- curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"vulnerable\", \"color\":\"red\", \"message\":\"${vulnerable} gems\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_vulnerable.json" || true
- curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"outdated\", \"color\":\"orange\", \"message\":\"${outdated} gems\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_outdated.json" || true
- curl -X PUT -m 3.0 --oauth2-bearer ${BADGE_TOKEN} -H "Content-Type:application/json" -d "{\"badge\":{\"label\":\"quality\", \"color\":\"lightgray\", \"message\":\"${quality}%\", \"redirect_url\":\"${URL}\"}}" "${BADGES_URL}_quality.json" || true
only:
- master