-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy path.gitlab-ci.yml
159 lines (154 loc) · 6.56 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
# DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
#
# Copyright (c) 2022 Axway Software SA and its affiliates. All rights reserved.
#
default:
before_script:
- if [ -z "$DOCKER_TAG" ]; then
- eval export DOCKER_TAG=$CI_COMMIT_REF_NAME
- fi
- echo Using DOCKER_TAG=$DOCKER_TAG
stages:
- build
- test
- security
- push
build:
stage: build
script:
- if [ -n "$INSTALL_KIT" ]; then
- echo Build using version=$BUILD_VERSION, revision=$BUILD_REVISION, and kit=$INSTALL_KIT
- docker build -t $IMAGE_CFT:$DOCKER_TAG --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
--build-arg BUILD_VERSION=$BUILD_VERSION
--build-arg BUILD_REVISION=$BUILD_REVISION
--build-arg INSTALL_KIT=$INSTALL_KIT
docker
- elif [ -n "$URL_BASE" ]; then
- if [ -n "$PACKAGE" ]; then
- echo Build using version=$BUILD_VERSION, revision=$BUILD_REVISION, url=$URL_BASE and package=$PACKAGE
- docker build -t $IMAGE_CFT:$DOCKER_TAG --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
--build-arg BUILD_VERSION=$BUILD_VERSION
--build-arg BUILD_REVISION=$BUILD_REVISION
--build-arg URL_BASE=$URL_BASE
--build-arg PACKAGE=$PACKAGE
docker
- else
- echo Build using version=$BUILD_VERSION, revision=$BUILD_REVISION, and url=$URL_BASE
- docker build -t $IMAGE_CFT:$DOCKER_TAG --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ')
--build-arg BUILD_VERSION=$BUILD_VERSION
--build-arg BUILD_REVISION=$BUILD_REVISION
--build-arg URL_BASE=$URL_BASE
docker
- fi
- else
- echo INSTALL_KIT or URL_BASE must be defined, aborting...
- exit 1
- fi
test:
stage: test
before_script:
- if [ -z "$DOCKER_TAG" ]; then
- eval export DOCKER_TAG=$CI_COMMIT_REF_NAME
- fi
- echo Using DOCKER_TAG=$DOCKER_TAG
- docker login $RELEASE_REGISTRY_URL -u $ARTIFACTORY_CI_USER -p $ARTIFACTORY_CI_API_KEY
script:
- cd test
- docker network prune --force
- echo test001_basic_run...
- docker-compose -f docker-compose-01.test.yml down -v
- docker-compose -f docker-compose-01.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate sut || FAILED=true
- docker-compose -f docker-compose-01.test.yml logs || true
# redo a set of smoke tests with a runtime that already exists
- docker-compose -f docker-compose-01.test.yml down
- if [ ${FAILED} ]; then
- exit 1
- fi
- docker-compose -f docker-compose-01.test.yml up --abort-on-container-exit --remove-orphans
- docker-compose -f docker-compose-01.test.yml down -v
- echo test002 upgrade using external curl command...
# Run an old CFT image, add data (transfers and config), export the databases invoking the /export REST API
- docker-compose -f docker-compose-02-pre-upgrade.test.yml down -v
- docker-compose -f docker-compose-02-pre-upgrade.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate sut || FAILED=true
- docker-compose -f docker-compose-02-pre-upgrade.test.yml logs || true
- docker-compose -f docker-compose-02-pre-upgrade.test.yml down
- if [ ${FAILED} ]; then
- exit 1
- fi
# Run the new CFT image
- docker-compose -f docker-compose-03-upgrade.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate sut || FAILED=true
- docker-compose -f docker-compose-03-upgrade.test.yml logs || true
- docker-compose -f docker-compose-03-upgrade.test.yml down -v
- if [ ${FAILED} ]; then
- exit 1
- fi
- echo test003 upgrade using pre-upgrade-job hook...
# Run an old CFT image and add data (transfers and config)
- docker compose -f docker-compose-04-hook-pre-upgrade.test.yml down -v
- docker compose -f docker-compose-04-hook-pre-upgrade.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate sut || FAILED=true
- docker compose -f docker-compose-04-hook-pre-upgrade.test.yml logs || true
- if [ ${FAILED} ]; then
- exit 1
- fi
# Run the pre-upgrade-job hook from a new CFT image and then stop the old CFT
- docker compose -f docker-compose-05-hook-pre-upgrade-job.test.yml up --build --abort-on-container-exit || FAILED=true
- docker compose -f docker-compose-05-hook-pre-upgrade-job.test.yml logs || true
- docker compose -f docker-compose-04-hook-pre-upgrade.test.yml down
- if [ ${FAILED} ]; then
- exit 1
- fi
# Run the new CFT image
- docker compose -f docker-compose-03-upgrade.test.yml up --build --abort-on-container-exit --remove-orphans --force-recreate sut || FAILED=true
- docker compose -f docker-compose-03-upgrade.test.yml logs || true
- docker compose -f docker-compose-03-upgrade.test.yml down -v
- cd ..
security:
stage: security
rules:
- if: $CI_PIPELINE_SOURCE == "trigger"
script:
- if [ -n "${SKIP_SECURITY}" -a "${SKIP_SECURITY}" = "1" ]; then
- echo "Skip security scan"
- else
# Scan the image and store the URL of the scan results.
# The image name scanned is not deterministic; retrieve it from the output...
- twistcli images scan -u $TWISTLOCK_USER -p "$TWISTLOCK_PASSWORD" --address $TWISTLOCK_URL --details --output-file analysis.json $IMAGE_CFT:$DOCKER_TAG
- echo ">>>> analysis.json"
- cat analysis.json | jq .
- echo "<<<< analysis.json"
# Upload the scan result to SRM
- "curl --insecure -H \"Authorization: Bearer $SRM_APIKEY\" -H \"Accept: application/json\" -X POST --form \"file=@analysis.json\" ${SRM_URL}/${SRM_PROJECTID}/analysis"
# Remove scan results.
- rm -f analysis.json
- fi
push:
stage: push
before_script:
- if [ -z "$DOCKER_TAG" ]; then
- eval export DOCKER_TAG=$CI_COMMIT_REF_NAME
- fi
- echo Using DOCKER_TAG=$DOCKER_TAG
- docker login $REGISTRY_URL -u $ARTIFACTORY_CI_USER -p $ARTIFACTORY_CI_API_KEY
script:
- docker tag $IMAGE_CFT:$DOCKER_TAG $REGISTRY_URL/$IMAGE_CFT:$DOCKER_TAG
- docker push $REGISTRY_URL/$IMAGE_CFT:$DOCKER_TAG
# Additional tag with DOCKER_ADD_TAG
- if [ -n "$DOCKER_ADD_TAG" ]; then
- docker tag $IMAGE_CFT:$DOCKER_TAG $REGISTRY_URL/$IMAGE_CFT:$DOCKER_ADD_TAG
- docker push $REGISTRY_URL/$IMAGE_CFT:$DOCKER_ADD_TAG
- fi
push-latest:
stage: push
only:
refs:
# Push the "latest" mutable Docker version only when tagging
- /^\d+.\d+.\d+\-?/
before_script:
- if [ -z "$DOCKER_TAG" ]; then
- eval export DOCKER_TAG=$CI_COMMIT_REF_NAME
- fi
- echo Using DOCKER_TAG=$DOCKER_TAG
- docker login $REGISTRY_URL -u $ARTIFACTORY_CI_USER -p $ARTIFACTORY_CI_API_KEY
script:
- docker tag $IMAGE_CFT:$DOCKER_TAG $REGISTRY_URL/$IMAGE_CFT:latest
- docker push $REGISTRY_URL/$IMAGE_CFT:latest