-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
140 lines (127 loc) · 4.7 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
stages:
- test and code analysis
- build
- deploy
workflow:
rules:
- if: '$CI_COMMIT_BRANCH == "develop"'
variables:
ENVIRONMENT_NAME: DEVELOPMENT
BACKEND_PORT: "5555" # WORKAROUND -> numeric without quotes causes <Pipeline cannot be run. Something went wrong on our end. Please try again.>
- if: '$CI_COMMIT_BRANCH == "master"'
variables:
ENVIRONMENT_NAME: PRODUCTION
BACKEND_PORT: "5000"
- when: always
variables:
TAG_LATEST: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:latest
TAG_COMMIT: $CI_REGISTRY_IMAGE/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
.configuration:
image: $CI_REGISTRY_IMAGE/cicd-image
before_script:
- make build-dev
- . venv/bin/activate
- which pip
- python3 -V
- pip -V
- mkdir -p artifacts
#==============================| TESTS AND CODE ANALYSIS |==============================
Lint code:
stage: test and code analysis
extends: .configuration
allow_failure: true
script:
- echo [ Running pylint ]
- find -type f -name "*.py" -not -path "./venv/*" | xargs pylint
Check code using black:
stage: test and code analysis
extends: .configuration
allow_failure: true
script:
- echo [ Running black ]
- black . --check --diff --color
Check imports order:
stage: test and code analysis
extends: .configuration
allow_failure: true
script:
- echo [ Running isort ]
- isort . --check --diff --color
Launch tests:
stage: test and code analysis
extends: .configuration
script:
- echo [ Testing the steam-deals backend ]
- python3 -m pytest tests/
--junitxml=report.xml
artifacts:
when: always
reports:
junit: report.xml
coverage_report:
coverage_format: cobertura
path: artifacts/coverage.xml
paths:
- artifacts/
sonarcloud check:
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
stage: test and code analysis
needs: [ "Launch tests" ] # for artifacts/coverage.xml report
variables:
GIT_STRATEGY: clone # clone entire repo instead of reusing workspace
GIT_DEPTH: 0 # avoid shallow clone to give sonar all the info it needs
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner
#==============================| BUILD |==============================
Build and push docker image:
image: docker:20.10.13
stage: build
needs: [ "Launch tests" ]
variables:
DOCKER_DRIVER: overlay2
DOCKER_TLS_CERTDIR: "" # Create the certificates inside this directory for both the server and client.
services:
- docker:20.10.13-dind
script:
- echo [ Building a docker image started. ]
- docker build -t $TAG_COMMIT -t $TAG_LATEST -f Dockerfile.$ENVIRONMENT_NAME .
- echo $CI_BUILD_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY # -p gives <WARNING! Using --password via the CLI is insecure. Use --password-stdin.>
- docker push $TAG_COMMIT
- docker push $TAG_LATEST
only:
- develop
- master
#==============================| DEPLOY |==============================
Deploy to azure server:
image: alpine:latest
stage: deploy
needs: [ "Build and push docker image" ]
script:
- echo [ Deploying to $ENVIRONMENT_NAME on port $BACKEND_PORT started. ]
- chmod 400 $ID_RSA
- apk update && apk add openssh-client
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY"
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker pull $TAG_COMMIT"
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker container rm -f ${ENVIRONMENT_NAME}_BACKEND || true"
- |
if [ "$ENVIRONMENT_NAME" == "PRODUCTION" ]; then
scp -i $ID_RSA -o StrictHostKeyChecking=no $SECRETS $SERVER_USER@$SERVER_IP:~/.secrets.toml
ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p $BACKEND_PORT:$BACKEND_PORT -v ~/.secrets.toml:/app/.secrets.toml --restart always --name ${ENVIRONMENT_NAME}_BACKEND $TAG_COMMIT"
else
ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker run -d -p $BACKEND_PORT:$BACKEND_PORT --restart always --name ${ENVIRONMENT_NAME}_BACKEND $TAG_COMMIT"
fi
- ssh -i $ID_RSA -o StrictHostKeyChecking=no $SERVER_USER@$SERVER_IP "docker exec ${ENVIRONMENT_NAME}_BACKEND git diff --name-only | xargs docker exec ${ENVIRONMENT_NAME}_BACKEND git update-index --assume-unchanged"
environment:
name: $ENVIRONMENT_NAME
url: http://$SERVER_IP:$BACKEND_PORT
only:
- develop
- master
when: manual