forked from gigascience/gigadb-website
-
Notifications
You must be signed in to change notification settings - Fork 1
/
.gitlab-ci.yml
148 lines (137 loc) · 6.1 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
stages:
- conformance and security
- build for test
- test
- staging build
- staging deploy
- acceptance
- live build
- live deploy
- operations
variables:
# When using dind service we need to instruct docker, to talk with the
# daemon started inside of the service. The daemon is available with
# a network connection instead of the default /var/run/docker.sock socket.
#
# The 'docker' hostname is the alias of the service container as described at
# https://docs.gitlab.com/ee/ci/docker/using_docker_images.html#accessing-the-services
#
# Note that if you're using Kubernetes executor, the variable should be set to
# tcp://localhost:2375 because of how Kubernetes executor connects services
# to the job container
DOCKER_HOST: tcp://docker:2375/
# When using dind, it's wise to use the overlayfs driver for
# improved performance.
DOCKER_DRIVER: overlay2
# See https://github.com/docker-library/docker/pull/166
DOCKER_TLS_CERTDIR: ""
# the configuration script needs to know that we are not in DEV environment anymore
# so it doesn't try to access
GIGADB_ENV: CI
# .env is only for dev, elsewhere we just list the variables here
APPLICATION: "$CI_PROJECT_DIR"
YII_PATH: "/var/www/vendor/yiisoft/yii"
YII2_PATH: "/var/www/vendor/yiisoft/yii2"
DATA_SAVE_PATH: "/builds/$CI_PROJECT_PATH/containers-data"
DOCKER_VERSION: "20.10.12"
NGINX_VERSION: "1.21.3"
PHP_VERSION: "7.4.33"
APCU_VERSION: "5.1.21"
NODE_VERSION: "20.11.0"
YII_VERSION: "1.1.28"
YII2_VERSION: "2.0.48"
POSTGRES_VERSION: "14.8"
HOME_URL: "gigadb.gigasciencejournal.com"
FILES_PUBLIC_URL: "http://gigadb.gigasciencejournal.com"
PUBLIC_HTTP_PORT: "80"
PUBLIC_HTTPS_PORT: "443"
COMPOSE_FILE: "ops/deployment/docker-compose.yml:ops/deployment/docker-compose.ci.yml"
COMPOSE_PROJECT_NAME: ${CI_PROJECT_NAME}
COVERALLS_RUN_LOCALLY: "1"
MAIN_BRANCH: "develop"
GITLAB_PRIVATE_TOKEN: $CI_BUILD_TOKEN
GITLAB_UPSTREAM_PROJECT_ID: "7041674"
CSV_DIR: "production_like"
YII_ENV_DEV: "true"
SERVER_HOSTNAME: "gigadb.gigasciencejournal.com"
image: docker:$DOCKER_VERSION
.tag_only:
rules:
- if: $CI_COMMIT_TAG
include:
- template: Security/SAST.gitlab-ci.yml
- template: Jobs/Container-Scanning.gitlab-ci.yml
- local: "ops/pipelines/gigadb-build-jobs.yml"
- local: "ops/pipelines/gigadb-test-jobs.yml"
- local: "ops/pipelines/gigadb-conformance-security-jobs.yml"
- local: "ops/pipelines/gigadb-deploy-jobs.yml"
- local: "ops/pipelines/gigadb-operations-jobs.yml"
- local: "ops/pipelines/gitlab-tideways-jobs.yml"
- local: "gigadb/app/tools/files-url-updater/gitlab-config.yml"
- local: "gigadb/app/tools/excel-spreadsheet-uploader/gitlab-config-build-staging.yml"
- local: "gigadb/app/tools/excel-spreadsheet-uploader/gitlab-config-deploy-staging.yml"
- local: "gigadb/app/tools/excel-spreadsheet-uploader/gitlab-config-build-live.yml"
- local: "gigadb/app/tools/excel-spreadsheet-uploader/gitlab-config-deploy-live.yml"
- local: "gigadb/app/tools/readme-generator/gitlab-config-test.yml"
- local: "gigadb/app/tools/readme-generator/gitlab-config-build-staging.yml"
- local: "gigadb/app/tools/readme-generator/gitlab-config-deploy-staging.yml"
- local: "gigadb/app/tools/readme-generator/gitlab-config-build-live.yml"
- local: "gigadb/app/tools/readme-generator/gitlab-config-deploy-live.yml"
- local: "gigareview/gitlab-config.yml"
- local: "gigadb/app/tools/files-metadata-console/gitlab-config-ci-build.yml"
- local: "gigadb/app/tools/files-metadata-console/gitlab-config-ci-test.yml"
- local: "gigadb/app/tools/files-metadata-console/gitlab-config-staging-build.yml"
- local: "gigadb/app/tools/files-metadata-console/gitlab-config-staging-deploy.yml"
- local: "gigadb/app/tools/files-metadata-console/gitlab-config-live-build.yml"
- local: "gigadb/app/tools/files-metadata-console/gitlab-config-live-deploy.yml"
- local: "fuw/docker-pure-ftpd/gitlab-config-staging-build.yml"
- local: "fuw/docker-pure-ftpd/gitlab-config-staging-deploy.yml"
- local: "fuw/docker-pure-ftpd/gitlab-config-live-build.yml"
- local: "fuw/docker-pure-ftpd/gitlab-config-live-deploy.yml"
services:
- docker:${DOCKER_VERSION}-dind
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- vendor/
- bin/
- composer.lock
- fuw/app/vendor/
- fuw/app/bin/
- fuw/app/composer.lock
- gigadb/app/worker/file-worker/vendor
- gigadb/app/worker/file-worker/composer.lock
- gigadb/app/client/web/node_modules
before_script:
- '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && env | grep "^CI_" > $APPLICATION/.ci_env'
- '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && env | grep -v "SAST" | grep -v "^DOCKER" | grep -v "^CI" | grep -v "^LOCAL_COMPOSE" | grep -v "^GITLAB" | grep -v "==" | grep -E "^[a-zA-Z0-9_]+=.+" | grep -viE "(password|email|tester|secret|key|user|app_id|client_id|token|tls)" > $APPLICATION/.env'
- '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && env | grep -v "SAST" | grep -v "^DOCKER" | grep -v "^CI" | grep -v "^LOCAL_COMPOSE" | grep -v "^GITLAB" | grep -v "==" | grep -E "^[a-zA-Z0-9_]+=.+" | grep -v "ANALYTICS_PRIVATE_KEY" | grep -viE "tls" | grep -iE "(password|email|tester|secret|key|user|app_id|client_id|token)" > $APPLICATION/.secrets'
- '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && time apk add --no-cache py-pip bash curl jq git'
# Pin docker-compose version to stop installation error
- '[[ $CI_JOB_NAME != *sast* ]] && [[ $CI_JOB_NAME != container_scanning* ]] && time pip install docker-compose~=1.23.0'
sd_gigadb:
variables:
GIGADB_ENV: "staging"
extends: .deploy
stage: staging deploy
needs: ["base_images","build_staging"]
tags:
- $GITLAB_USER_LOGIN
environment:
name: "staging"
url: $REMOTE_HOME_URL
on_stop: sd_teardown
ld_gigadb:
variables:
GIGADB_ENV: "live"
extends:
- .tag_only
- .deploy
stage: live deploy
tags:
- $GITLAB_USER_LOGIN
needs: ["base_images","build_live"]
environment:
name: "live"
deployment_tier: production
url: $REMOTE_HOME_URL