reduce ci duplications

This commit is contained in:
jem 2021-02-10 16:04:56 +01:00
parent 2b2def54b7
commit 2516c03058

View file

@ -1,41 +1,46 @@
image: node:lts-buster
stages:
- test
- package
- security
- upload
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
default:
.cljs-job: &cljs
image: node:lts-buster
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
before_script:
- apt update && apt -qqy install openjdk-11-jre-headless
- npm install
- npm install -g --save-dev shadow-cljs
.js-job: &js-upload
image: node:lts-buster
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- node_modules/
before_script:
- echo _auth=$NPM_PUBLSH_KEY >> .npmrc
- echo email=$NPM_PUBLSH_MAIL >> .npmrc
- echo always-auth=true >> .npmrc
- mkdir -p target/npm-build/mastodon_bot
- cp target/mastodon-bot.js target/npm-build/mastodon_bot/
- cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
- cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
- cp package.json target/npm-build/mastodon_bot/
- cp README.md target/npm-build/mastodon_bot/
build:
<<: *cljs
stage: test
script:
- shadow-cljs compile test
sast:
variables:
SAST_EXCLUDED_ANALYZERS:
bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
pmd-apex, security-code-scan, sobelow, spotbugs
stage: test
before_script:
- echo "scan security"
include:
- template: Security/SAST.gitlab-ci.yml
package:
<<: *cljs
stage: package
rules:
- if: '$CI_COMMIT_BRANCH == "master"'
artifacts:
paths:
- target/
@ -45,38 +50,31 @@ package:
- sha256sum target/mastodon-bot.js > target/mastodon-bot.js.sha256
- sha512sum target/mastodon-bot.js > target/mastodon-bot.js.sha512
sast:
variables:
SAST_EXCLUDED_ANALYZERS:
bandit, brakeman, flawfinder, gosec, kubesec, phpcs-security-audit,
pmd-apex, security-code-scan, sobelow, spotbugs
stage: security
before_script:
- mkdir -p builds && cp -r target/ builds/
include:
- template: Security/SAST.gitlab-ci.yml
upload-prerelease:
<<: *js-upload
stage: upload
rules:
- if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG == null'
before_script:
- echo _auth=$NPM_PUBLSH_KEY >> .npmrc
- echo email=$NPM_PUBLSH_MAIL >> .npmrc
- echo always-auth=true >> .npmrc
script:
- mkdir -p target/npm-build/mastodon_bot
- cp target/mastodon-bot.js target/npm-build/mastodon_bot/
- cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
- cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
- cp package.json target/npm-build/mastodon_bot/
- cp README.md target/npm-build/mastodon_bot/
- npm version --no-git-tag-version prerelease
- npm publish ./target/npm-build/mastodon_bot --access public
upload-release:
<<: *js-upload
stage: upload
rules:
- if: '$CI_COMMIT_BRANCH == "master" && $CI_COMMIT_TAG != null'
before_script:
- echo _auth=$NPM_PUBLSH_KEY >> .npmrc
- echo email=$NPM_PUBLSH_MAIL >> .npmrc
- echo always-auth=true >> .npmrc
script:
- mkdir -p target/npm-build/mastodon_bot
- cp target/mastodon-bot.js target/npm-build/mastodon_bot/
- cp target/mastodon-bot.js.sha256 target/npm-build/mastodon_bot/
- cp target/mastodon-bot.js.sha512 target/npm-build/mastodon_bot/
- cp package.json target/npm-build/mastodon_bot/
- cp README.md target/npm-build/mastodon_bot/
- npm version --no-git-tag-version $CI_COMMIT_TAG
- npm publish ./target/npm-build/mastodon_bot --access public