c4k-keycloak/.gitlab-ci.yml

122 lines
4.2 KiB
YAML

stages:
- build_and_test
- package
- security
- upload
.cljs-job: &cljs
image: domaindrivenarchitecture/shadow-cljs
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
- .shadow-cljs/
- .m2
before_script:
- echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc
- npm install
.clj-uploadjob: &clj
image: domaindrivenarchitecture/lein
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- .m2
before_script:
- mkdir -p /root/.lein
- echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj
test-cljs:
<<: *cljs
stage: build_and_test
script:
- shadow-cljs compile test
- node target/node-tests.js
test-clj:
<<: *clj
stage: build_and_test
script:
- lein test
test-schema:
<<: *clj
stage: build_and_test
script:
- lein uberjar
- java -jar target/uberjar/c4k-keycloak-standalone.jar src/test/resources/keycloak-test/valid-config.yaml src/test/resources/keycloak-test/valid-auth.yaml | kubeconform --kubernetes-version 1.19.0 --strict --skip Certificate -
artifacts:
paths:
- target/uberjar
report-frontend:
<<: *cljs
stage: package
script:
- mkdir -p target/frontend-build
- shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html
artifacts:
paths:
- target/frontend-build/build-report.html
package-frontend:
<<: *cljs
stage: package
script:
- mkdir -p target/frontend-build
- shadow-cljs release frontend
- cp public/js/main.js target/frontend-build/c4k-keycloak.js
- sha256sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha256
- sha512sum target/frontend-build/c4k-keycloak.js > target/frontend-build/c4k-keycloak.js.sha512
artifacts:
paths:
- target/frontend-build
package-uberjar:
<<: *clj
stage: package
script:
- sha256sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha256
- sha512sum target/uberjar/c4k-keycloak-standalone.jar > target/uberjar/c4k-keycloak-standalone.jar.sha512
artifacts:
paths:
- target/uberjar
sast:
variables:
SAST_EXCLUDED_ANALYZERS:
bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
pmd-apex, security-code-scan, sobelow, spotbugs
stage: security
before_script:
- mkdir -p builds && cp -r target/ builds/
include:
- template: Security/SAST.gitlab-ci.yml
upload-clj-release:
<<: *clj
stage: upload
rules:
- if: '$CI_COMMIT_TAG != null'
script:
- lein deploy
release:
image: registry.gitlab.com/gitlab-org/release-cli:latest
stage: upload
rules:
- if: '$CI_COMMIT_TAG != null'
artifacts:
paths:
- target/uberjar
- target/frontend-build
script:
- apk --no-cache add curl
- |
release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \
--assets-link "{\"name\":\"c4k-keycloak-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar\"}" \
--assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha256\"}" \
--assets-link "{\"name\":\"c4k-keycloak-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-keycloak-standalone.jar.sha512\"}" \
--assets-link "{\"name\":\"c4k-keycloak.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js\"}" \
--assets-link "{\"name\":\"c4k-keycloak.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha256\"}" \
--assets-link "{\"name\":\"c4k-keycloak.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-keycloak/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-keycloak.js.sha512\"}" \