stages: - first - build_and_test - package - security - upload .cljs-job: &cljs image: domaindrivenarchitecture/shadow-cljs cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ - .shadow-cljs/ - .m2 before_script: - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc - npm install .clj-uploadjob: &clj image: clojure:lein-2.7.1-alpine cache: key: ${CI_COMMIT_REF_SLUG} paths: - .m2 before_script: - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_PASSWORD}\" }}}}" > ~/.lein/profiles.clj test-cljs: <<: *cljs stage: build_and_test script: - shadow-cljs compile test test-clj: <<: *clj stage: build_and_test script: - lein test report-frontend: <<: *cljs stage: package script: - mkdir -p target/frontend-build - shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html artifacts: paths: - target/frontend-build/build-report.html package-frontend: <<: *cljs stage: package script: - mkdir -p target/frontend-build - shadow-cljs release frontend - cp public/js/main.js target/frontend-build/k8s-keycloak.js - sha256sum target/frontend-build/k8s-keycloak.js > target/frontend-build/k8s-keycloak.js.sha256 - sha512sum target/frontend-build/k8s-keycloak.js > target/frontend-build/k8s-keycloak.js.sha512 artifacts: paths: - target/frontend-build package-uberjar: <<: *clj stage: package script: - lein uberjar - sha256sum target/uberjar/k8s-keycloak-standalone.jar > target/uberjar/k8s-keycloak-standalone.jar.sha256 - sha512sum target/uberjar/k8s-keycloak-standalone.jar > target/uberjar/k8s-keycloak-standalone.jar.sha512 artifacts: paths: - target/uberjar sast: variables: SAST_EXCLUDED_ANALYZERS: bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit, pmd-apex, security-code-scan, sobelow, spotbugs stage: security before_script: - mkdir -p builds && cp -r target/ builds/ include: - template: Security/SAST.gitlab-ci.yml upload-clj-prerelease: <<: *clj stage: upload rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' script: - lein deploy clojars release: image: registry.gitlab.com/gitlab-org/release-cli:latest stage: upload rules: - if: '$CI_COMMIT_TAG != null' artifacts: paths: - target/uberjar - target/frontend-build script: - apk --no-cache add curl - | release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \ --assets-link "{\"name\":\"k8s-keycloak-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/k8s-keycloak-standalone.jar\"}" \ --assets-link "{\"name\":\"k8s-keycloak-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/k8s-keycloak-standalone.jar.sha256\"}" \ --assets-link "{\"name\":\"k8s-keycloak-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/k8s-keycloak-standalone.jar.sha512\"}" \ --assets-link "{\"name\":\"k8s-keycloak.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/k8s-keycloak.js\"}" \ --assets-link "{\"name\":\"k8s-keycloak.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/k8s-keycloak.js.sha256\"}" \ --assets-link "{\"name\":\"k8s-keycloak.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/k8s-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/k8s-keycloak.js.sha512\"}" \