bacon/discord_bot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
641ab7c3fb4dfc7e989eaaafdfb023a00cff0180
discord_bot/.gitlab-ci.yml
bacon 641ab7c3fb docker
2024-03-21 00:27:30 +03:00

166 lines
5.3 KiB
YAML
Raw Blame History

# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
- 'test'
- 'code_quality'
- 'build'
- 'deploy'
- 'push'
sast:
stage: 'test'
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST-IaC.gitlab-ci.yml
pytest:
stage: 'test'
image: python
only:
- test
cache:
paths:
- $CI_PROJECT_DIR/venv/
before_script:
- cd $CI_PROJECT_DIR
- pip install --upgrade --quiet pip
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
- pip install --quiet -U -r requirements.txt
script:
- pytest -v
qodana:
stage: 'code_quality'
needs: ['gemnasium-python-dependency_scanning', 'semgrep-sast', 'kics-iac-sast']
image:
name: jetbrains/qodana-python-community
entrypoint:
- ''
cache:
- key: qodana-2023.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
fallback_keys:
- qodana-2023.3-$CI_DEFAULT_BRANCH-
- qodana-2023.3-
paths:
- ".qodana/cache"
- $CI_PROJECT_DIR/venv
variables:
QODANA_TOKEN: "$qodana_token2"
before_script:
- pip install --upgrade --quiet pip
- cd $CI_PROJECT_DIR/
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
script:
- qodana --save-report --results-dir=$CI_PROJECT_DIR/.qodana/results --cache-dir=$CI_PROJECT_DIR/.qodana/cache
artifacts:
expose_as: 'Qodana report'
expire_in: 1 week
paths:
- ".qodana/results/"
variables:
# fill those if you have a proxy in your environment
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
# Use this if your GitLab runner does not use socket binding
# services:
# - docker:dind
services:
- name: docker:24.0.5-dind
entrypoint: [ "env", "-u", "DOCKER_HOST" ]
command: [ "dockerd-entrypoint.sh" ]
Build:
stage: build
image: docker@sha256:c8bb6fa5388b56304dd770c4bc0478de81ce18540173b1a589178c0d31bfce90
services:
- docker:dind@sha256:c8bb6fa5388b56304dd770c4bc0478de81ce18540173b1a589178c0d31bfce90
script:
# fetches the latest image (not failing if image is not found)
- docker pull $CI_REGISTRY_IMAGE:latest || true
# builds the project, passing proxy variables, using OCI labels
# notice the cache-from, which is going to use the image we just pulled locally
# the built image is tagged locally with the commit SHA, and then pushed to
# the GitLab registry
- >
docker build
--pull
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
.
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Here, the goal is to tag the "master" branch as "latest"
#Push latest:
# variables:
# # We are just playing with Docker here.
# # We do not need GitLab to clone the source code.
# GIT_STRATEGY: none
# stage: push
# only:
# # Only "master" should be tagged "latest"
# - master
# script:
# # Because we have no guarantee that this job will be picked up by the same runner
# # that built the image in the previous step, we pull it again locally
# - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# # Then we tag it "latest"
# - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
# # Annnd we push it.
# - docker push $CI_REGISTRY_IMAGE:latest
#
## Finally, the goal here is to Docker tag any Git tag
## GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesome
#Push tag:
# variables:
# # Again, we do not need the source code here. Just playing with Docker.
# GIT_STRATEGY: none
# stage: push
# only:
# # We want this job to be run on tags only.
# - tags
# script:
# - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
# - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
push:
stage: 'deploy'
image: 'alpine'
needs: ['qodana']
only:
- master
before_script:
- apk add openssh-client > /dev/null
- eval $(ssh-agent -s)
- chmod 400 $SSH_PRIVATE_KEY
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- cp $SSH_PRIVATE_KEY ~/.ssh/id_rsa
- ssh-add ~/.ssh/id_rsa
script:
- ssh $BOT_HOST -oStrictHostKeyChecking=accept-new 'cd /opt/discord/tarkov && git pull'
Reference in New Issue View Git Blame Copy Permalink