Update CI for native-image

This commit is contained in:
patdyn 2024-07-04 12:11:39 +02:00
parent af1b305bd5
commit 0293fea409

View file

@ -5,7 +5,7 @@ stages:
- upload - upload
.cljs-job: &cljs .cljs-job: &cljs
image: domaindrivenarchitecture/shadow-cljs image: "domaindrivenarchitecture/ddadevops-clj-cljs:4.11.3"
cache: cache:
key: ${CI_COMMIT_REF_SLUG} key: ${CI_COMMIT_REF_SLUG}
paths: paths:
@ -13,38 +13,38 @@ stages:
- .shadow-cljs/ - .shadow-cljs/
- .m2 - .m2
before_script: before_script:
- export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
- echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
- npm install - npm install
.clj-uploadjob: &clj .clj-uploadjob: &clj
image: domaindrivenarchitecture/lein image: "domaindrivenarchitecture/ddadevops-clj:4.11.3"
cache: cache:
key: ${CI_COMMIT_REF_SLUG} key: ${CI_COMMIT_REF_SLUG}
paths: paths:
- .m2 - .m2
before_script: before_script:
- export RELEASE_ARTIFACT_TOKEN=$MEISSA_REPO_BUERO_RW
- mkdir -p /root/.lein - mkdir -p /root/.lein
- echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
test-cljs:
<<: *cljs
stage: build_and_test
script:
- shadow-cljs compile test
- node target/node-tests.js
test-clj: test-clj:
<<: *clj <<: *clj
stage: build_and_test stage: build_and_test
script: script:
- lein test - pyb test_clj
test-cljs:
<<: *cljs
stage: build_and_test
script:
- pyb test_cljs
test-schema: test-schema:
<<: *clj <<: *clj
stage: build_and_test stage: build_and_test
script: script:
- lein uberjar - pyb test_schema
- java -jar target/uberjar/c4k-keycloak-standalone.jar src/test/resources/keycloak-test/valid-config.yaml src/test/resources/keycloak-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
artifacts: artifacts:
paths: paths:
- target/uberjar - target/uberjar
@ -53,8 +53,7 @@ report-frontend:
<<: *cljs <<: *cljs
stage: package stage: package
script: script:
- mkdir -p target/frontend-build - pyb report_frontend
- shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
artifacts: artifacts:
paths: paths:
- target/frontend-build/build-report.html - target/frontend-build/build-report.html
@ -63,11 +62,7 @@ package-frontend:
<<: *cljs <<: *cljs
stage: package stage: package
script: script:
- mkdir -p target/frontend-build - pyb package_frontend
- shadow-cljs release frontend
- cp public/js/main.js target/frontend-build/c4k-keycloak.js
- sha256sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha256
- sha512sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha512
artifacts: artifacts:
paths: paths:
- target/frontend-build - target/frontend-build
@ -76,47 +71,30 @@ package-uberjar:
<<: *clj <<: *clj
stage: package stage: package
script: script:
- sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha256 - pyb package_uberjar
- sha512sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha512
artifacts: artifacts:
paths: paths:
- target/uberjar - target/uberjar
sast: package-native:
variables:
SAST_EXCLUDED_ANALYZERS:
bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
pmd-apex, security-code-scan, sobelow, spotbugs
stage: security
before_script:
- mkdir -p builds && cp -r target/ builds/
include:
- template: Security/SAST.gitlab-ci.yml
upload-clj-release:
<<: *clj <<: *clj
stage: upload stage: package
rules:
- if: '$CI_COMMIT_TAG != null'
script: script:
- lein deploy - pyb package_native
release:
image: registry.gitlab.com/gitlab-org/release-cli:latest
stage: upload
rules:
- if: '$CI_COMMIT_TAG != null'
artifacts: artifacts:
paths: paths:
- target/uberjar - target/graalvm
- target/frontend-build
release-to-clojars:
<<: *clj
<<: *tag_only
stage: upload
script: script:
- apk --no-cache add curl - pyb upload_clj
- |
release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \ release-to-forgejo:
--assets-link "{\"name\":\"c4k-keycloak-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar\"}" \ <<: *clj
--assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha256\"}" \ <<: *tag_only
--assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha512\"}" \ stage: upload
--assets-link "{\"name\":\"c4k-keycloak.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js\"}" \ script:
--assets-link "{\"name\":\"c4k-keycloak.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha256\"}" \ - pyb publish_artifacts
--assets-link "{\"name\":\"c4k-keycloak.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha512\"}" \