bacon/discord_bot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
7faad7df235084a529934e4f738f2459ac18b97b
discord_bot/.gitlab-ci.yml
bacon 7faad7df23 docker
2024-03-20 23:58:32 +03:00

174 lines
5.6 KiB
YAML
Raw Blame History

# You can override the included template(s) by including variable overrides
# SAST customization: https://docs.gitlab.com/ee/user/application_security/sast/#customizing-the-sast-settings
# Secret Detection customization: https://docs.gitlab.com/ee/user/application_security/secret_detection/#customizing-settings
# Dependency Scanning customization: https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings
# Container Scanning customization: https://docs.gitlab.com/ee/user/application_security/container_scanning/#customizing-the-container-scanning-settings
# Note that environment variables can be set in several places
# See https://docs.gitlab.com/ee/ci/variables/#cicd-variable-precedence
stages:
- 'test'
- 'code_quality'
- 'build'
- 'deploy'
- 'push'
sast:
stage: 'test'
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST-IaC.gitlab-ci.yml
pytest:
stage: 'test'
image: python
only:
- test
cache:
paths:
- $CI_PROJECT_DIR/venv/
before_script:
- cd $CI_PROJECT_DIR
- pip install --upgrade --quiet pip
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
- pip install --quiet -U -r requirements.txt
script:
- pytest -v
qodana:
stage: 'code_quality'
needs: ['gemnasium-python-dependency_scanning', 'semgrep-sast', 'kics-iac-sast']
image:
name: jetbrains/qodana-python-community
entrypoint:
- ''
cache:
- key: qodana-2023.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
fallback_keys:
- qodana-2023.3-$CI_DEFAULT_BRANCH-
- qodana-2023.3-
paths:
- ".qodana/cache"
- $CI_PROJECT_DIR/venv
variables:
QODANA_TOKEN: "$qodana_token2"
before_script:
- pip install --upgrade --quiet pip
- cd $CI_PROJECT_DIR/
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
script:
- qodana --save-report --results-dir=$CI_PROJECT_DIR/.qodana/results --cache-dir=$CI_PROJECT_DIR/.qodana/cache
artifacts:
expose_as: 'Qodana report'
expire_in: 1 week
paths:
- ".qodana/results/"
variables:
# fill those if you have a proxy in your environment
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
# Use this if your GitLab runner does not use socket binding
# services:
# - docker:dind
services:
- name: docker:24.0.5-dind
entrypoint: [ "env", "-u", "DOCKER_HOST" ]
command: [ "dockerd-entrypoint.sh" ]
Build:
image: docker:24.0.5
stage: build
before_script:
# docker login asks for the password to be passed through stdin for security
# we use $CI_REGISTRY_PASSWORD here which is a special variable provided by GitLab
# https://docs.gitlab.com/ce/ci/variables/predefined_variables.html
- echo -n $CI_REGISTRY_PASSWORD | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
script:
# fetches the latest image (not failing if image is not found)
- docker pull $CI_REGISTRY_IMAGE:latest || true
# builds the project, passing proxy variables, using OCI labels
# notice the cache-from, which is going to use the image we just pulled locally
# the built image is tagged locally with the commit SHA, and then pushed to
# the GitLab registry
- >
docker build
--pull
--build-arg http_proxy=$http_proxy
--build-arg https_proxy=$https_proxy
--build-arg no_proxy=$no_proxy
--cache-from $CI_REGISTRY_IMAGE:latest
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
.
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Here, the goal is to tag the "master" branch as "latest"
Push latest:
variables:
# We are just playing with Docker here.
# We do not need GitLab to clone the source code.
GIT_STRATEGY: none
stage: push
only:
# Only "master" should be tagged "latest"
- master
script:
# Because we have no guarantee that this job will be picked up by the same runner
# that built the image in the previous step, we pull it again locally
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Then we tag it "latest"
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
# Annnd we push it.
- docker push $CI_REGISTRY_IMAGE:latest
# Finally, the goal here is to Docker tag any Git tag
# GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesome
Push tag:
variables:
# Again, we do not need the source code here. Just playing with Docker.
GIT_STRATEGY: none
stage: push
only:
# We want this job to be run on tags only.
- tags
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
push:
stage: 'deploy'
image: 'alpine'
needs: ['qodana']
only:
- master
before_script:
- apk add openssh-client > /dev/null
- eval $(ssh-agent -s)
- chmod 400 $SSH_PRIVATE_KEY
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- cp $SSH_PRIVATE_KEY ~/.ssh/id_rsa
- ssh-add ~/.ssh/id_rsa
script:
- ssh $BOT_HOST -oStrictHostKeyChecking=accept-new 'cd /opt/discord/tarkov && git pull'
Reference in New Issue View Git Blame Copy Permalink