stages: - build_and_test - package - security - upload - image - integrationtest services: - docker:19.03.12-dind .only-master: &only-master rules: - if: '$CI_COMMIT_REF_NAME == "master"' when: always - when: never .cljs-job: &cljs image: domaindrivenarchitecture/shadow-cljs cache: key: ${CI_COMMIT_REF_SLUG} paths: - node_modules/ - .shadow-cljs/ - .m2 before_script: - echo "//registry.npmjs.org/:_authToken=$NPM_TOKEN" > ~/.npmrc - npm install .clj-uploadjob: &clj image: domaindrivenarchitecture/lein cache: key: ${CI_COMMIT_REF_SLUG} paths: - .m2 before_script: - mkdir -p /root/.lein - echo "{:auth {:repository-auth {#\"clojars\" {:username \"${CLOJARS_USER}\" :password \"${CLOJARS_TOKEN_DOMAINDRIVENARCHITECTURE}\" }}}}" > ~/.lein/profiles.clj test-cljs: <<: *cljs <<: *only-master stage: build_and_test script: - shadow-cljs compile test test-clj: <<: *clj <<: *only-master stage: build_and_test script: - lein test test-schema: <<: *clj <<: *only-master stage: build_and_test script: - lein uberjar - java -jar target/uberjar/c4k-nextcloud-standalone.jar valid-config.edn valid-auth.edn | kubeconform --kubernetes-version 1.19.0 --strict --skip "Certificate,CronJob" - artifacts: paths: - target/uberjar .report-frontend: <<: *cljs stage: package script: - mkdir -p target/frontend-build - shadow-cljs run shadow.cljs.build-report frontend target/frontend-build/build-report.html artifacts: paths: - target/frontend-build/build-report.html .package-frontend: <<: *cljs stage: package script: - mkdir -p target/frontend-build - shadow-cljs release frontend - cp public/js/main.js target/frontend-build/c4k-nextcloud.js - sha256sum target/frontend-build/c4k-nextcloud.js > target/frontend-build/c4k-nextcloud.js.sha256 - sha512sum target/frontend-build/c4k-nextcloud.js > target/frontend-build/c4k-nextcloud.js.sha512 artifacts: paths: - target/frontend-build package-uberjar: <<: *clj <<: *only-master stage: package script: - sha256sum target/uberjar/c4k-nextcloud-standalone.jar > target/uberjar/c4k-nextcloud-standalone.jar.sha256 - sha512sum target/uberjar/c4k-nextcloud-standalone.jar > target/uberjar/c4k-nextcloud-standalone.jar.sha512 artifacts: paths: - target/uberjar sast: <<: *only-master variables: SAST_EXCLUDED_ANALYZERS: bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit, pmd-apex, security-code-scan, sobelow, spotbugs stage: security before_script: - mkdir -p builds && cp -r target/ builds/ include: - template: Security/SAST.gitlab-ci.yml upload-clj-prerelease: <<: *clj stage: upload rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' script: - lein deploy clojars release: image: registry.gitlab.com/gitlab-org/release-cli:latest stage: upload rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null' artifacts: paths: - target/uberjar - target/frontend-build script: - apk --no-cache add curl - | release-cli create --name "Release $CI_COMMIT_TAG" --tag-name $CI_COMMIT_TAG \ --assets-link "{\"name\":\"c4k-nextcloud-standalone.jar\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-nextcloud-standalone.jar\"}" \ --assets-link "{\"name\":\"c4k-nextcloud-standalone.jar.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-nextcloud-standalone.jar.sha256\"}" \ --assets-link "{\"name\":\"c4k-nextcloud-standalone.jar.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/uberjar/c4k-nextcloud-standalone.jar.sha512\"}" \ --assets-link "{\"name\":\"c4k-nextcloud.js\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-nextcloud.js\"}" \ --assets-link "{\"name\":\"c4k-nextcloud.js.sha256\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-nextcloud.js.sha256\"}" \ --assets-link "{\"name\":\"c4k-nextcloud.js.sha512\",\"url\":\"https://gitlab.com/domaindrivenarchitecture/c4k-nextcloud/-/jobs/${CI_JOB_ID}/artifacts/file/target/frontend-build/c4k-nextcloud.js.sha512\"}" \ nextcloud-image-test-publish: image: domaindrivenarchitecture/devops-build:latest stage: image rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null' script: - cd infrastructure/docker-nextcloud && pyb image test publish backup-image-test-publish: image: domaindrivenarchitecture/devops-build:latest stage: image rules: - if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null' script: - cd infrastructure/docker-backup && pyb image test publish nextcloud-integrationtest: stage: integrationtest image: docker:latest rules: - if: '$CI_COMMIT_BRANCH == "integration-test-w-o-db-backup"' services: - docker:dind before_script: - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - apk add bash #- docker build --pull -t "$CI_REGISTRY_IMAGE" . #- docker run --name "$name" -d --privileged --tmpfs /run --tmpfs /var/run --restart always -e K3S_TOKEN=12345678901234 -e K3S_KUBECONFIG_OUTPUT=./kubeconfig.yaml -e K3S_KUBECONFIG_MODE=666 -v k3s-server:/var/lib/rancher/k3s:z -v $(pwd):/output:z -p 6443:6443 -p 80:80 -p 443:443 rancher/k3s server --cluster-init --tls-san k3stesthost --tls-san cloudhost #- docker run --privileged -dit --name c4k_test -v /var/run/docker.sock:/var/run/docker.sock $CI_REGISTRY_IMAGE - docker inspect -f '{{.State.Running}}' c4k_test script: - echo "---------- Integration test -------------" - ls -l - pwd - bash ./src/test/resources/local-integration-test/setup-docker.sh