bacon/discord_bot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
bbb597f5f646a909dc10dac8fc3fdbb79bc808c4
discord_bot/.gitlab-ci.yml
bacon bbb597f5f6 docker
2024-03-21 02:42:40 +03:00

160 lines
4.5 KiB
YAML
Raw Blame History

stages:
- 'test'
- 'code_quality'
- 'build'
- 'deploy'
- 'push'
sast:
stage: 'test'
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST-IaC.gitlab-ci.yml
pytest:
stage: 'test'
image: python
only:
- test
cache:
paths:
- $CI_PROJECT_DIR/venv/
before_script:
- cd $CI_PROJECT_DIR
- pip install --upgrade --quiet pip
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
- pip install --quiet -U -r requirements.txt
script:
- pytest -v
qodana:
stage: 'code_quality'
needs: ['gemnasium-python-dependency_scanning', 'semgrep-sast', 'kics-iac-sast']
image:
name: jetbrains/qodana-python-community
entrypoint:
- ''
cache:
- key: qodana-2023.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
fallback_keys:
- qodana-2023.3-$CI_DEFAULT_BRANCH-
- qodana-2023.3-
paths:
- ".qodana/cache"
- $CI_PROJECT_DIR/venv
variables:
QODANA_TOKEN: "$qodana_token2"
before_script:
- pip install --upgrade --quiet pip
- cd $CI_PROJECT_DIR/
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
script:
- qodana --save-report --results-dir=$CI_PROJECT_DIR/.qodana/results --cache-dir=$CI_PROJECT_DIR/.qodana/cache
artifacts:
expose_as: 'Qodana report'
expire_in: 1 week
paths:
- ".qodana/results/"
variables:
# fill those if you have a proxy in your environment
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
services:
- name: docker:25.0.5-dind
entrypoint: [ "env", "-u", "DOCKER_HOST" ]
command: [ "dockerd-entrypoint.sh" ]
Build:
stage: build
image: docker:25.0.5-dind
services:
- docker:25.0.5-dind
before_script:
- echo "$CI_CONTAINER_REGISTRY"
- echo "$CI_REGISTRY"
# - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_CONTAINER_REGISTRY
script:
# fetches the latest image (not failing if image is not found)
# - docker pull $CI_REGISTRY_IMAGE:latest || true
# builds the project, passing proxy variables, using OCI labels
# notice the cache-from, which is going to use the image we just pulled locally
# the built image is tagged locally with the commit SHA, and then pushed to
# the GitLab registry
- docker build \
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE" \
--label "org.opencontainers.image.url=$CI_PROJECT_URL" \
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT" \
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA" \
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME" \
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA \
.
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
# Here, the goal is to tag the "master" branch as "latest"
#Push latest:
# variables:
# # We are just playing with Docker here.
# # We do not need GitLab to clone the source code.
# GIT_STRATEGY: none
# stage: push
# only:
# # Only "master" should be tagged "latest"
# - master
# script:
# # Because we have no guarantee that this job will be picked up by the same runner
# # that built the image in the previous step, we pull it again locally
# - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# # Then we tag it "latest"
# - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
# # Annnd we push it.
# - docker push $CI_REGISTRY_IMAGE:latest
#
## Finally, the goal here is to Docker tag any Git tag
## GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesome
#Push tag:
# variables:
# # Again, we do not need the source code here. Just playing with Docker.
# GIT_STRATEGY: none
# stage: push
# only:
# # We want this job to be run on tags only.
# - tags
# script:
# - docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# - docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
# - docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
push:
stage: 'deploy'
image: 'alpine'
needs: ['qodana']
only:
- master
before_script:
- apk add openssh-client > /dev/null
- eval $(ssh-agent -s)
- chmod 400 $SSH_PRIVATE_KEY
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- cp $SSH_PRIVATE_KEY ~/.ssh/id_rsa
- ssh-add ~/.ssh/id_rsa
script:
- ssh $BOT_HOST -oStrictHostKeyChecking=accept-new 'cd /opt/discord/tarkov && git pull'
Reference in New Issue View Git Blame Copy Permalink