-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy path.gitlab-ci.yml
113 lines (103 loc) · 2.87 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
include:
- template: Jobs/Container-Scanning.gitlab-ci.yml
variables:
DOCKER_DAEMON_ARGS: -g /cache/docker
DOCKER_DRIVER: overlay2
DEPLOYMENT_SCRIPT: https://gitlab.ceh.ac.uk/scripts/deployment/raw/master/puppet-deploy.sh
NODE_KEY: catalogue_version
NODE_VALUE: $CI_COMMIT_REF_NAME
stages:
- test
- scan
- build
- deploy
default:
before_script:
- set -euo pipefail
test_java:
stage: test
image: gradle:8.12.1-jdk23-alpine
script: gradle test --no-daemon
artifacts:
when: always
reports:
junit: java/build/test-results/test/**/TEST-*.xml
test_web:
stage: test
image: registry.gitlab.ceh.ac.uk/eip/headless_chrome:0.1
script:
- cd web/
- npm install -g npm@10.8.2
- npm ci --no-audit
- npm run standard
- npm test
artifacts:
when: always
reports:
junit: web/TESTS-*.xml
test_application:
stage: test
image: docker:20.10.5
before_script:
- set -euo pipefail
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
services:
- name: docker:20.10.5-dind
alias: docker
script:
- docker build --target prod -t $CI_REGISTRY_IMAGE/app:$CI_COMMIT_SHA .
- docker push $CI_REGISTRY_IMAGE/app:$CI_COMMIT_SHA
container_scanning:
stage: scan
allow_failure: true
variables:
CS_IMAGE: $CI_REGISTRY_IMAGE/app:$CI_COMMIT_SHA
CS_REGISTRY_USER: gitlab-ci-token
CS_REGISTRY_PASSWORD: $CI_JOB_TOKEN
CS_SEVERITY_THRESHOLD: 'high'
before_script:
- sudo apt-get update -y && sudo apt-get install -y jq
script:
- gtcs scan
- SEVERITY_COUNT=$(jq '.vulnerabilities | map(select(.severity=="High" or .severity=="Critical")) | length' gl-container-scanning-report.json )
- >
if [[ $SEVERITY_COUNT -gt 0 ]]
then
echo "High/critical severity found"; exit 1
else
echo "No vulnerabilities found"
fi
build_application:
stage: build
image: docker:20.10.5
services:
- name: docker:20.10.5-dind
alias: docker
before_script:
- set -euo pipefail
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
script:
- docker build --target prod -t $CI_REGISTRY_IMAGE/app:$CI_COMMIT_REF_NAME .
- docker build --target datalabs -t $CI_REGISTRY_IMAGE/app:$CI_COMMIT_REF_NAME-datalabs .
- docker push $CI_REGISTRY_IMAGE/app --all-tags
only:
- tags
build_solr:
extends: build_application
script:
- docker build -t $CI_REGISTRY_IMAGE/solr:$CI_COMMIT_REF_NAME solr
- docker tag $CI_REGISTRY_IMAGE/solr:$CI_COMMIT_REF_NAME $CI_REGISTRY_IMAGE/solr:$CI_COMMIT_REF_NAME-datalabs
- docker push $CI_REGISTRY_IMAGE/solr --all-tags
deploy_production:
image: ruby:2
stage: deploy
variables:
SERVER: cig-prod.nerc-lancaster.ac.uk
environment:
name: production
url: https://catalogue.ceh.ac.uk/eidc/documents
script:
- curl $DEPLOYMENT_SCRIPT | bash
only:
- tags
when: manual