new ci

.gitlab-ci.yml

@@ -5,11 +5,17 @@ stages:
   - upload
   - image
 
-services:
+.img: &img
-  - docker:19.03.12-dind
+  image: "domaindrivenarchitecture/ddadevops-dind:4.1.0"
+  services:
+    - docker:dind
+  before_script:
+  - export IMAGE_DOCKERHUB_USER=$DOCKERHUB_USER
+  - export IMAGE_DOCKERHUB_PASSWORD=$DOCKERHUB_PASSWORD
+  - export IMAGE_TAG=$CI_COMMIT_TAG
 
 .cljs-job: &cljs
-  image: domaindrivenarchitecture/shadow-cljs
+  image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.3.0"
   cache:
     key: ${CI_COMMIT_REF_SLUG}
     paths:
@@ -20,8 +26,8 @@ services:
     - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
     - npm install
 
-.clj-uploadjob: &clj
+.clj-job: &clj
-  image: domaindrivenarchitecture/lein
+  image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.3.0"
   cache:
     key: ${CI_COMMIT_REF_SLUG}
     paths:
@@ -30,25 +36,29 @@ services:
     - mkdir -p /root/.lein
     - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
 
-test-cljs:
+.tag_only: &tag_only
-  <<: *cljs
+  rules:
-  stage: build_and_test
+    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
-  script:
+      when: never
-    - shadow-cljs compile test
+    - if: '$CI_COMMIT_TAG =~ /^[0-9]+\.[0-9]+\.[0-9]+$/'
-    - node target/node-tests.js
 
 test-clj:
   <<: *clj
   stage: build_and_test
   script:
-    - lein test
+    - pyb test_clj
+
+test-cljs:
+  <<: *cljs
+  stage: build_and_test
+  script:
+    - pyb test_cljs
 
 test-schema:
   <<: *clj
   stage: build_and_test
   script:
-    - lein uberjar
+    - pyb test_schema
-    - java -jar target/uberjar/c4k-jitsi-standalone.jar src/test/resources/jitsi-test/valid-config.yaml src/test/resources/jitsi-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
   artifacts:
     paths:
       - target/uberjar
@@ -57,8 +67,7 @@ report-frontend:
   <<: *cljs
   stage: package
   script:
-    - mkdir -p target/frontend-build
+    - pyb report_frontend
-    - shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
   artifacts:
     paths:
       - target/frontend-build/build-report.html
@@ -67,11 +76,7 @@ package-frontend:
   <<: *cljs
   stage: package
   script:
-    - mkdir -p target/frontend-build
+    - pyb package_frontend
-    - shadow-cljs release frontend
-    - cp public/js/main.js target/frontend-build/c4k-jitsi.js
-    - sha256sum target/frontend-build/c4k-jitsi.js > target/frontend-build/c4k-jitsi.js.sha256
-    - sha512sum target/frontend-build/c4k-jitsi.js > target/frontend-build/c4k-jitsi.js.sha512
   artifacts:
     paths:
       - target/frontend-build
@@ -80,36 +85,22 @@ package-uberjar:
   <<: *clj
   stage: package
   script:
-    - sha256sum target/uberjar/c4k-jitsi-standalone.jar > target/uberjar/c4k-jitsi-standalone.jar.sha256
+    - pyb package_uberjar
-    - sha512sum target/uberjar/c4k-jitsi-standalone.jar > target/uberjar/c4k-jitsi-standalone.jar.sha512
   artifacts:
     paths:
       - target/uberjar
 
-sast:
-  variables:
-    SAST_EXCLUDED_ANALYZERS:
-      bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
-      pmd-apex, security-code-scan, sobelow, spotbugs
-  stage: security
-  before_script:
-    - mkdir -p builds && cp -r target/ builds/
-include:
-  - template: Security/SAST.gitlab-ci.yml
-
 upload-clj-release:
   <<: *clj
+  <<: *tag_only
   stage: upload
-  rules:
-    - if: '$CI_COMMIT_TAG != null'
   script:
-    - lein deploy
+    - pyb upload_clj
 
 release:
   image: registry.gitlab.com/gitlab-org/release-cli:latest
   stage: upload
-  rules:
+  <<: *tag_only
-    - if: '$CI_COMMIT_TAG != null'
   artifacts:
     paths:
       - target/uberjar
@@ -126,9 +117,8 @@ release:
         --assets-link "{\"name\":\"c4k-jitsi.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-jitsi/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-jitsi.js.sha512\"}" \
 
 jitsi-image-test-publish:
-  image: domaindrivenarchitecture/devops-build:latest
+  <<: *img
+  <<: *tag_only
   stage: image
-  rules:
-    - if: '$CI_COMMIT_TAG != null'
   script:
     - cd infrastructure/docker-jitsi-web && pyb image test publish

build.py

@@ -0,0 +1,165 @@
+from os import environ
+from subprocess import run
+from pybuilder.core import init, task
+from ddadevops import *
+
+default_task = "dev"
+
+name = "c4k-jitsi"
+MODULE = "not-used"
+PROJECT_ROOT_PATH = "."
+
+
+@init
+def initialize(project):
+    input = {
+        "name": name,
+        "module": MODULE,
+        "stage": "notused",
+        "project_root_path": PROJECT_ROOT_PATH,
+        "build_types": [],
+        "mixin_types": ["RELEASE"],
+        "release_primary_build_file": "project.clj",
+        "release_secondary_build_files": [
+            "package.json",
+        ],
+    }
+
+    build = ReleaseMixin(project, input)
+    build.initialize_build_dir()
+
+
+@task
+def test_clj(project):
+    run("lein test", shell=True, check=True)
+
+
+@task
+def test_cljs(project):
+    run("shadow-cljs compile test", shell=True, check=True)
+    run("node target/node-tests.js", shell=True, check=True)
+
+
+@task
+def test_schema(project):
+    run("lein uberjar", shell=True, check=True)
+    run(
+        "java -jar target/uberjar/c4k-jitsi-standalone.jar "
+        + "src/test/resources/jitsi-test/valid-config.yaml "
+        + "src/test/resources/jitsi-test/valid-auth.yaml | "
+        + "kubeconform --kubernetes-version 1.23.0 --strict --skip Certificate -",
+        shell=True,
+        check=True,
+    )
+
+
+@task
+def report_frontend(project):
+    run("mkdir -p target/frontend-build", shell=True, check=True)
+    run(
+        "shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html",
+        shell=True,
+        check=True,
+    )
+
+
+@task
+def package_frontend(project):
+    run("mkdir -p target/frontend-build", shell=True, check=True)
+    run("shadow-cljs release frontend", shell=True, check=True)
+    run(
+        "cp public/js/main.js target/frontend-build/c4k-jitsi.js",
+        shell=True,
+        check=True,
+    )
+    run(
+        "sha256sum target/frontend-build/c4k-jitsi.js > target/frontend-build/c4k-jitsi.js.sha256",
+        shell=True,
+        check=True,
+    )
+    run(
+        "sha512sum target/frontend-build/c4k-jitsi.js > target/frontend-build/c4k-jitsi.js.sha512",
+        shell=True,
+        check=True,
+    )
+
+
+@task
+def package_uberjar(project):
+    run(
+        "sha256sum target/uberjar/c4k-jitsi-standalone.jar > target/uberjar/c4k-jitsi-standalone.jar.sha256",
+        shell=True,
+        check=True,
+    )
+    run(
+        "sha512sum target/uberjar/c4k-jitsi-standalone.jar > target/uberjar/c4k-jitsi-standalone.jar.sha512",
+        shell=True,
+        check=True,
+    )
+
+
+@task
+def upload_clj(project):
+    run("lein deploy", shell=True, check=True)
+
+
+@task
+def lint(project):
+    run(
+        "lein eastwood",
+        shell=True,
+        check=True,
+    )
+    run(
+        "lein ancient check",
+        shell=True,
+        check=True,
+    )
+
+
+@task
+def patch(project):
+    linttest(project, "PATCH")
+    release(project)
+
+
+@task
+def minor(project):
+    linttest(project, "MINOR")
+    release(project)
+
+
+@task
+def major(project):
+    linttest(project, "MAJOR")
+    release(project)
+
+
+@task
+def dev(project):
+    linttest(project, "NONE")
+
+
+@task
+def prepare(project):
+    build = get_devops_build(project)
+    build.prepare_release()
+
+
+@task
+def tag(project):
+    build = get_devops_build(project)
+    build.tag_bump_and_push_release()
+
+
+def release(project):
+    prepare(project)
+    tag(project)
+
+
+def linttest(project, release_type):
+    build = get_devops_build(project)
+    build.update_release_type(release_type)
+    test_clj(project)
+    test_cljs(project)
+    lint(project)