bacon/discord_bot
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c8d2f7c344edfabd5a9dc83eb04b8f5193149694
discord_bot/.gitlab-ci.yml
bacon 734427d16f docker
2024-03-21 10:59:41 +03:00

159 lines
4.4 KiB
YAML
Raw Blame History

stages:
- 'test'
- 'code_quality'
- 'build'
- 'deploy'
- 'push'
sast:
stage: 'test'
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/SAST-IaC.gitlab-ci.yml
pytest:
stage: 'test'
image: python
only:
- test
cache:
paths:
- $CI_PROJECT_DIR/venv/
before_script:
- cd $CI_PROJECT_DIR
- pip install --upgrade --quiet pip
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
- pip install --quiet -U -r requirements.txt
script:
- pytest -v
qodana:
stage: 'code_quality'
needs: ['gemnasium-python-dependency_scanning', 'semgrep-sast', 'kics-iac-sast']
image:
name: jetbrains/qodana-python-community
entrypoint:
- ''
cache:
- key: qodana-2023.3-$CI_DEFAULT_BRANCH-$CI_COMMIT_REF_SLUG
fallback_keys:
- qodana-2023.3-$CI_DEFAULT_BRANCH-
- qodana-2023.3-
paths:
- ".qodana/cache"
- $CI_PROJECT_DIR/venv
variables:
QODANA_TOKEN: "$qodana_token2"
before_script:
- pip install --upgrade --quiet pip
- cd $CI_PROJECT_DIR/
- python -m venv venv
- chmod u+x venv/bin/activate
- source venv/bin/activate
script:
- qodana --save-report --results-dir=$CI_PROJECT_DIR/.qodana/results --cache-dir=$CI_PROJECT_DIR/.qodana/cache
artifacts:
expose_as: 'Qodana report'
expire_in: 1 week
paths:
- ".qodana/results/"
variables:
# fill those if you have a proxy in your environment
DOCKER_HOST: tcp://docker:2375/
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
services:
- name: docker:25.0.5-dind
entrypoint: [ "env", "-u", "DOCKER_HOST" ]
Build:
stage: build
image: docker:25.0.5-dind
services:
- docker:25.0.5-dind
before_script:
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
# fetches the latest image (not failing if image is not found)
- docker pull $CI_REGISTRY_IMAGE:latest || true
# builds the project, passing proxy variables, using OCI labels
# notice the cache-from, which is going to use the image we just pulled locally
# the built image is tagged locally with the commit SHA, and then pushed to
# the GitLab registry
- >
docker build
--pull
--label "org.opencontainers.image.title=$CI_PROJECT_TITLE"
--label "org.opencontainers.image.url=$CI_PROJECT_URL"
--label "org.opencontainers.image.created=$CI_JOB_STARTED_AT"
--label "org.opencontainers.image.revision=$CI_COMMIT_SHA"
--label "org.opencontainers.image.version=$CI_COMMIT_REF_NAME"
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
.
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
# Here, the goal is to tag the "master" branch as "latest"
Push latest:
variables:
# We are just playing with Docker here.
# We do not need GitLab to clone the source code.
GIT_STRATEGY: none
stage: push
only:
# Only "master" should be tagged "latest"
- master
script:
# Because we have no guarantee that this job will be picked up by the same runner
# that built the image in the previous step, we pull it again locally
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
# Then we tag it "latest"
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:latest
# Annnd we push it.
- docker push $CI_REGISTRY_IMAGE:latest
# Finally, the goal here is to Docker tag any Git tag
# GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesome
Push tag:
variables:
# Again, we do not need the source code here. Just playing with Docker.
GIT_STRATEGY: none
stage: push
only:
# We want this job to be run on tags only.
- tags
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
push:
stage: 'deploy'
image: 'alpine'
needs: ['qodana']
only:
- master
before_script:
- apk add openssh-client > /dev/null
- eval $(ssh-agent -s)
- chmod 400 $SSH_PRIVATE_KEY
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- cp $SSH_PRIVATE_KEY ~/.ssh/id_rsa
- ssh-add ~/.ssh/id_rsa
script:
- ssh $BOT_HOST -oStrictHostKeyChecking=accept-new 'cd /opt/discord/tarkov && git pull'
Reference in New Issue View Git Blame Copy Permalink