-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
179 lines (163 loc) · 5 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
image: eclipse-temurin:22-jdk
variables:
ORG_GRADLE_PROJECT_ci: 'true'
CI_DEBUG_SERVICES: "true"
PROXY: $HTTPS_PROXY_HOST
# Verification (tests and code analysis) is unnecessary on 'develop' &
# 'main', because only verified MRs can be merged into those branches.
.verification:
rules:
- if: $CI_COMMIT_BRANCH == "main"
when: never
- if: $CI_COMMIT_BRANCH == "develop"
when: never
- when: on_success
stages:
- build
- check
- docker_image
- integration_test
- deployment
workflow:
rules:
- if: $CI_MERGE_REQUEST_ID
when: never
- when: always
before_script:
- GRADLE_USER_HOME="$(pwd)/.gradle"
- export GRADLE_USER_HOME
build:
stage: build
rules:
- when: on_success
script:
- env
- ./gradlew -i -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME build -x check
- echo "PROJECT_VERSION=$(./gradlew -q properties --property version| awk '/^version:/ {print $2}')" >> variables.env
interruptible: true
artifacts:
expire_in: 1 week
reports:
dotenv: variables.env
paths:
- build/libs
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: push
test:
stage: check
rules:
- !reference [.verification, rules]
script: ./gradlew -i test
interruptible: true
artifacts:
when: always
reports:
junit: build/test-results/test/**/TEST-*.xml
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: pull
check:
stage: check
rules:
- !reference [.verification, rules]
script:
- ./gradlew -i check -x test
interruptible: true
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: pull
docker_image:
stage: docker_image
rules:
- when: on_success
needs:
- build
image:
name: gcr.io/kaniko-project/executor:v1.23.2-debug
entrypoint: [""]
variables:
IMAGE_NAME: eu.gcr.io/veo-projekt/veo-accounts
# this does not work in Gitlab < 15.7, so we need the before_script workaround
# GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN
before_script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GCR_ACCESS_TOKEN}
script:
- |-
DESTINATION_ARG="--destination $IMAGE_NAME:gitlab-git-${CI_COMMIT_SHA} --destination $IMAGE_NAME:pipeline-id-${CI_PIPELINE_ID}"
if [ -n "$CI_COMMIT_TAG" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:$CI_COMMIT_TAG";
if [ "$CI_COMMIT_REF_NAME" = "main" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:latest"; fi;
fi;
if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:develop"; fi;
- /kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
$DESTINATION_ARG
--build-arg VEO_ACCOUNTS_VERSION="${PROJECT_VERSION}"
--label org.opencontainers.image.version="${PROJECT_VERSION}"
--label org.opencontainers.image.revision=${CI_COMMIT_SHA}
interruptible: true
http_rest_tests:
stage: integration_test
needs:
- docker_image
rules:
- !reference [.verification, rules]
services:
- name: eu.gcr.io/veo-projekt/veo-accounts:pipeline-id-${CI_PIPELINE_ID}
alias: veo-accounts
variables:
VEO_ACCOUNTS_KEYCLOAK_MAILING_ENABLED: 'false'
VEO_ACCOUNTS_RABBITMQ_SUBSCRIBE: 'true'
VEO_CORS_ORIGINS: 'https://*.verinice.example, https://frontend.somewhereelse.example'
# FIXME: Read this from CI/CD settings
JDK_JAVA_OPTIONS: -Dhttp.proxyHost=$PROXY -Dhttp.proxyPort=3128 -Dhttps.proxyHost=${PROXY} -Dhttps.proxyPort=3128 -Dhttps.proxySet=true -Dhttp.proxySet=true
variables:
VEO_RESTTEST_BASEURL: http://veo-accounts:8099
VEO_ACCOUNTS_KEYCLOAK_PROXYHOST: $PROXY
VEO_ACCOUNTS_KEYCLOAK_CLIENTS_SERVICE_SECRET: $KEYCLOAK_CLIENTS_SERVICE_SECRET
VEO_ACCOUNTS_RABBITMQ_SUBSCRIBE: 'false'
SPRING_RABBITMQ_HOST: $RABBITMQ_HOST
SPRING_RABBITMQ_USERNAME: $RABBITMQ_USERNAME
SPRING_RABBITMQ_PASSWORD: $RABBITMQ_PASSWORD
VEO_ACCOUNTS_RABBITMQ_QUEUES_VEOSUBSCRIPTIONS: VEO_ACCOUNTS_REST_TEST_VEOSUBSCRIPTIONS_PIPELINE_${CI_PIPELINE_ID}
VEO_ACCOUNTS_RABBITMQ_ROUTING_KEY_PREFIX: VEO_TEST_PIPELINE_${CI_PIPELINE_ID}.
VEO_ACCOUNTS_RABBITMQ_QUEUE_AUTODELETE: 'true'
VEO_ACCOUNTS_AUTH_APIKEYS_CLIENTINIT: $CLIENT_INIT_API_KEY
script:
- ./gradlew -i -Dhttp.nonProxyHosts="localhost|veo-accounts" -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME restTest
interruptible: true
artifacts:
when: always
reports:
junit: build/test-results/restTest/*.xml
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: pull
trigger_deployment:
stage: deployment
only:
- develop
- main
trigger:
project: veo/verinice-veo-deployment