mirror of
https://gitlab.com/PronounsPage/PronounsPage.git
synced 2025-08-03 02:56:45 -04:00
218 lines
7.3 KiB
YAML
218 lines
7.3 KiB
YAML
stages:
|
|
- 'test'
|
|
- 'build'
|
|
- 'deploy'
|
|
|
|
workflow:
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH
|
|
- if: $CI_COMMIT_TAG
|
|
|
|
check:
|
|
stage: test
|
|
needs: []
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH
|
|
image: node:22.16.0
|
|
before_script:
|
|
- set -o pipefail
|
|
- export NODE_ENV=development
|
|
- >
|
|
start_section () {
|
|
current_section=$1;
|
|
echo -e "\e[0Ksection_start:`date +%s`:${current_section//[^a-zA-Z0-9]/-}\r\e[0K$current_section";
|
|
};
|
|
end_section () {
|
|
echo -e "\e[0Ksection_end:`date +%s`:${current_section//[^a-zA-Z0-9]/-}\r\e[0K";
|
|
};
|
|
failures=();
|
|
record_failure () {
|
|
exit_code=$?;
|
|
name=${1:-$current_section};
|
|
echo -e "\033[0;31m$name failed with exit code $exit_code\033[0m"; failures+=("$name");
|
|
};
|
|
- >
|
|
if [ $INSTALL_BUILD_DEPENDENCIES ]; then
|
|
apt-get update -y
|
|
apt-get install build-essential libcairo2-dev libpango1.0-dev libjpeg-dev libgif-dev librsvg2-dev -y
|
|
fi
|
|
script:
|
|
- start_section "Install Dependencies & Setup Environment"
|
|
- echo "https://gitlab-ci-token:${CI_JOB_TOKEN}@gitlab.com" > ~/.git-credentials
|
|
- git config --global credential.helper store
|
|
- corepack enable pnpm
|
|
- make install || record_failure
|
|
- end_section
|
|
|
|
- start_section "Type checking"
|
|
- pnpm nuxi typecheck || record_failure
|
|
- end_section
|
|
|
|
- start_section "Unit Tests"
|
|
- pnpm vitest --reporter=default --reporter=junit --outputFile=junit.xml --coverage || record_failure
|
|
- end_section
|
|
|
|
- start_section "Check linting rules"
|
|
- pnpm lint --format gitlab --color --fix | grep -v "^\S*warn" || record_failure
|
|
- end_section
|
|
|
|
- start_section "Check for fixable problems"
|
|
- git diff --stat --exit-code || record_failure
|
|
- end_section
|
|
|
|
# calls scripts to check for simple issues while disabling actual work (e.g. no publishing to third party)
|
|
# some scripts are left out because they need special configuration or are not safe to smoke test
|
|
- start_section "Smoke test server scripts"
|
|
- pnpm run-file server/migrate.ts || record_failure "Smoke test migrate"
|
|
- pnpm run-file server/calendarBot.ts en,pl,es,pt,de,nl,fr,ja,ru,sv,lad,ua,vi "" || record_failure "Smoke test calendarBot"
|
|
- pnpm run-file server/cleanupAccounts.ts || record_failure "Smoke test cleanupAccounts"
|
|
- pnpm run-file server/notify.ts || record_failure "Smoke test notify"
|
|
- pnpm run-file server/stats.ts || record_failure "Smoke test stats"
|
|
- pnpm run-file server/subscriptions.ts || record_failure "Smoke test subscriptions"
|
|
- end_section
|
|
|
|
- >
|
|
if [[ ${failures[@]} ]]; then
|
|
echo -e "\033[0;31mSome checks have failed:";
|
|
printf -- "- %s\n" "${failures[@]}";
|
|
echo -en "\033[0m";
|
|
false;
|
|
fi
|
|
coverage: /All files[^|]*\|[^|]*\s+([\d\.]+)/
|
|
artifacts:
|
|
reports:
|
|
junit: junit.xml
|
|
coverage_report:
|
|
coverage_format: cobertura
|
|
path: coverage/cobertura-coverage.xml
|
|
codequality: gl-codequality.json
|
|
timeout: 20m
|
|
|
|
build:
|
|
stage: build
|
|
needs: []
|
|
tags: ['build']
|
|
rules:
|
|
- if: $CI_COMMIT_REF_PROTECTED == 'true'
|
|
image: node:22.16.0
|
|
variables:
|
|
# calendar can be mounted to supply its containing build-time sources
|
|
GIT_CLEAN_FLAGS: '-fx -e calendar'
|
|
script:
|
|
# see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#ssh-keys-when-using-the-docker-executor
|
|
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
|
|
- eval $(ssh-agent -s)
|
|
- ssh-add
|
|
# see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#verifying-the-ssh-host-keys
|
|
- cp "$SSH_KNOWN_HOSTS" ~/.ssh/known_hosts
|
|
- chmod 644 ~/.ssh/known_hosts
|
|
|
|
- corepack enable pnpm
|
|
- make build
|
|
artifacts:
|
|
access: developer
|
|
paths:
|
|
- '.nuxt/tsconfig.json'
|
|
- '.output'
|
|
- 'locale'
|
|
- 'migrations'
|
|
- 'public/fonts'
|
|
- 'public/logo/logo.svg'
|
|
- 'public/logo/logo-primary.svg'
|
|
- 'public/bg.png'
|
|
- 'server'
|
|
- 'src'
|
|
- '.npmrc'
|
|
- '.nvmrc'
|
|
- 'LICENSE.md'
|
|
- 'Makefile'
|
|
- 'package.json'
|
|
- 'pnpm-lock.yaml'
|
|
- 'run-wrapper.sh'
|
|
- 'tsconfig.json'
|
|
exclude:
|
|
- 'locale/*/docs/*'
|
|
- 'locale/*/img/*'
|
|
timeout: 20m
|
|
|
|
.deploy: &deploy
|
|
stage: 'deploy'
|
|
tags: ['deploy']
|
|
needs:
|
|
-
|
|
job: 'build'
|
|
artifacts: false
|
|
image: node:22.16.0
|
|
before_script:
|
|
# see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#ssh-keys-when-using-the-docker-executor
|
|
- 'command -v ssh-agent >/dev/null || ( apt-get update -y && apt-get install openssh-client -y )'
|
|
- eval $(ssh-agent -s)
|
|
- chmod 400 "$SSH_PRIVATE_KEY"
|
|
- ssh-add "$SSH_PRIVATE_KEY"
|
|
- mkdir -p ~/.ssh
|
|
- chmod 700 ~/.ssh
|
|
# see https://docs.gitlab.com/ee/ci/jobs/ssh_keys.html#verifying-the-ssh-host-keys
|
|
- cp "$SSH_KNOWN_HOSTS" ~/.ssh/known_hosts
|
|
- chmod 644 ~/.ssh/known_hosts
|
|
script:
|
|
- ssh $SSH_USER@$SSH_HOST "cd ~/www/$ENVIRONMENT_DOMAIN; deployer deploy $CI_COMMIT_SHA"
|
|
timeout: 10m
|
|
|
|
deploy production:
|
|
<<: *deploy
|
|
rules:
|
|
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH && $DEPLOY_TARGET == 'production'
|
|
- if: $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH
|
|
when: manual
|
|
environment:
|
|
name: production
|
|
url: https://$ENVIRONMENT_DOMAIN
|
|
variables:
|
|
ENVIRONMENT_DOMAIN: 'pronouns.page'
|
|
|
|
.deploy-test: &deploy-test
|
|
<<: *deploy
|
|
rules:
|
|
- if: $CI_COMMIT_TAG =~ /^deploy-.*/ && $CI_COMMIT_TAG_MESSAGE == $DEPLOY_NAME
|
|
- if: $CI_COMMIT_REF_PROTECTED == 'true' && $DEPLOY_TARGET == $DEPLOY_NAME
|
|
- if: $CI_COMMIT_REF_PROTECTED == 'true'
|
|
when: manual
|
|
environment:
|
|
name: test/$ENVIRONMENT_INSTANCE
|
|
url: https://$ENVIRONMENT_DOMAIN
|
|
allow_failure: true
|
|
|
|
deploy test:
|
|
<<: *deploy-test
|
|
variables:
|
|
DEPLOY_NAME: 'test'
|
|
ENVIRONMENT_INSTANCE: 'default'
|
|
ENVIRONMENT_DOMAIN: 'test.pronouns.page'
|
|
|
|
deploy test/pink:
|
|
<<: *deploy-test
|
|
variables:
|
|
DEPLOY_NAME: 'test/pink'
|
|
ENVIRONMENT_INSTANCE: 'pink'
|
|
ENVIRONMENT_DOMAIN: 'test-pink.pronouns.page'
|
|
|
|
deploy test/purple:
|
|
<<: *deploy-test
|
|
variables:
|
|
DEPLOY_NAME: 'test/purple'
|
|
ENVIRONMENT_INSTANCE: 'purple'
|
|
ENVIRONMENT_DOMAIN: 'test-purple.pronouns.page'
|
|
|
|
include:
|
|
- template: Jobs/Secret-Detection.gitlab-ci.yml
|
|
# - template: Jobs/Container-Scanning.gitlab-ci.yml --- TODO: Configure Images
|
|
- template: Jobs/Dependency-Scanning.gitlab-ci.yml
|
|
- template: Jobs/SAST.gitlab-ci.yml
|
|
- template: Jobs/SAST-IaC.gitlab-ci.yml
|
|
|
|
variables:
|
|
AST_ENABLE_MR_PIPELINES: true
|
|
DS_EXCLUDED_ANALYZERS: gemnasium-python
|
|
DS_MAX_DEPTH: 4
|
|
CS_QUIET: true
|