stages: - build_and_test - package - security - upload .cljs-job: &cljs image: domaindrivenarchitecture/shadow-cljs cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ - .shadow-cljs/ - .m2 before_script: - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc - npm install .clj-uploadjob: &clj image: domaindrivenarchitecture/lein cache: key: ${CI_COMMIT_REF_SLUG} paths: - .m2 before_script: - mkdir -p /root/.lein - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj test-cljs: <<: *cljs stage: build_and_test script: - shadow-cljs compile test test-clj: <<: *clj stage: build_and_test script: - lein test test-schema: <<: *clj stage: build_and_test script: - lein uberjar - java -jar target/uberjar/c4k-keycloak-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate - artifacts: paths: - target/uberjar report-frontend: <<: *cljs stage: package script: - mkdir -p target/frontend-build - shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html artifacts: paths: - target/frontend-build/build-report.html package-frontend: <<: *cljs stage: package script: - mkdir -p target/frontend-build - shadow-cljs release frontend - cp public/js/main.js target/frontend-build/c4k-keycloak.js - sha256sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha256 - sha512sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha512 artifacts: paths: - target/frontend-build package-uberjar: <<: *clj stage: package script: - sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha256 - sha512sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha512 artifacts: paths: - target/uberjar sast: variables: SAST_EXCLUDED_ANALYZERS: bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit, pmd-apex, security-code-scan, sobelow, spotbugs stage: security before_script: - mkdir -p builds && cp -r target/ builds/ include: - template: Security/SAST.gitlab-ci.yml upload-clj-release: <<: *clj stage: upload rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null' script: - lein deploy clojars release: image: registry.gitlab.com/gitlab-org/release-cli:latest stage: upload rules: - if: '$CI_COMMIT_TAG != null' artifacts: paths: - target/uberjar - target/frontend-build script: - apk --no-cache add curl - | release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \ --assets-link "{\"name\":\"c4k-keycloak-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar\"}" \ --assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha256\"}" \ --assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha512\"}" \ --assets-link "{\"name\":\"c4k-keycloak.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js\"}" \ --assets-link "{\"name\":\"c4k-keycloak.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha256\"}" \ --assets-link "{\"name\":\"c4k-keycloak.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha512\"}" \