verinice-veo-history/.gitlab-ci.yml at master · SerNet/verinice-veo-history · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
image: eclipse-temurin:25-jdk

variables:
  ORG_GRADLE_PROJECT_ci: 'true'
  CI_DEBUG_SERVICES: "true"
  PROXY: $HTTPS_PROXY_HOST

# Verification (tests and code analysis) is unnecessary on 'develop' &
# 'master', because only verified MRs can be merged into those branches.
.verification:
  rules:
    - if: $CI_COMMIT_BRANCH == "master"
      when: never
    - if: $CI_COMMIT_BRANCH == "develop"
      when: never
    - when: on_success

stages:
  - build
  - check
  - docker_image
  - deployment

workflow:
  rules:
    - if: $CI_MERGE_REQUEST_ID
      when: never
    - when: always

before_script:
  - GRADLE_USER_HOME="$(pwd)/.gradle"
  - export GRADLE_USER_HOME

build:
  stage: build
  rules:
    - when: on_success
  script:
    - env
    - ./gradlew -i -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME build -x check
    - echo "PROJECT_VERSION=$(./gradlew -q properties --property version| awk '/^version:/ {print $2}')" >> variables.env
  interruptible: true
  artifacts:
    expire_in: 1 week
    reports:
      dotenv: variables.env
    paths:
      - build/libs
  cache:
    - key: gradle
      paths:
        - .gradle
    - key: $CI_PROJECT_PATH
      paths:
        - build
      policy: push

determine-destinations:
  before_script: []
  image:
    name: alpine/git
    entrypoint: [ "" ]
  stage: build
  script:
    - |-
      IMAGE_NAME="eu.gcr.io/veo-projekt/veo-history"
      DESTINATION_ARG="--destination $IMAGE_NAME:gitlab-git-${CI_COMMIT_SHA} --destination $IMAGE_NAME:pipeline-id-${CI_PIPELINE_ID}"
      if echo "$CI_COMMIT_TAG" | grep -Eq '^[0-9]+\.[0-9]+\.[0-9]+$'; then
        DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:$CI_COMMIT_TAG"
        git fetch --tags
        LATEST_TAG=$(git tag --list | grep -E '^[0-9]+\.[0-9]+\.[0-9]+$' | sort -V | tail -n1)
        if [ "$CI_COMMIT_TAG" = "$LATEST_TAG" ]; then
          DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:latest"
        fi
      fi
      if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then
        DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:develop"
      fi

      echo "DESTINATION_ARG=$DESTINATION_ARG" > destinations.env
  artifacts:
    reports:
      dotenv: destinations.env
    expire_in: 1 hour

test:
  stage: check
  rules:
    - !reference [.verification, rules]
  script:
  - ./gradlew -i test jacotura
  - awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print 100*covered/instructions, "% covered" }' build/reports/jacoco/test/jacocoTestReport.csv
  interruptible: true
  services:
  - name: postgres:13.14-alpine
    alias: db
    variables:
      POSTGRES_USER: test
      POSTGRES_PASSWORD: test
  variables:
    SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/postgres
    SPRING_DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
  artifacts:
    when: always
    reports:
      junit: build/test-results/test/**/TEST-*.xml
      coverage_report:
        coverage_format: cobertura
        path: build/reports/cobertura.xml
  coverage: '/([0-9]{1,3}.[0-9]*).%.covered/'
  cache:
    - key: gradle
      paths:
        - .gradle
    - key: $CI_PROJECT_PATH
      paths:
        - build
      policy: pull

check:
  stage: check
  rules:
    - !reference [.verification, rules]
  script:
    - ./gradlew -i check -x test
  interruptible: true
  cache:
    - key: gradle
      paths:
        - .gradle
    - key: $CI_PROJECT_PATH
      paths:
        - build
      policy: pull

docker_image:
  stage: docker_image
  rules:
    - when: on_success
  needs:
   - build
   - determine-destinations
  image:
    name: gcr.io/kaniko-project/executor:v1.24.0-debug
    entrypoint: [""]

  variables:
    # this does not work in Gitlab < 15.7, so we need the before_script workaround
    # GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN

  before_script:
    - export GOOGLE_APPLICATION_CREDENTIALS=${GCR_ACCESS_TOKEN}

  script:
    - /kaniko/executor
      --context "${CI_PROJECT_DIR}"
      --dockerfile "${CI_PROJECT_DIR}/Dockerfile"
      $DESTINATION_ARG
      --build-arg VEO_HISTORY_VERSION="${PROJECT_VERSION}"
      --label org.opencontainers.image.version="${PROJECT_VERSION}"
      --label org.opencontainers.image.revision=${CI_COMMIT_SHA}

  interruptible: true

update-values:
  stage: deployment
  rules:
    - if: '$CI_COMMIT_BRANCH == "develop"'
      variables:
        VALUES_FILE: 'dev-values.yaml'
        IMAGE_TAG: 'gitlab-git-${CI_COMMIT_SHA}'
    - if: '$CI_COMMIT_TAG'
      variables:
        VALUES_FILE: 'stage-values.yaml'
        IMAGE_TAG: '${CI_COMMIT_TAG}'
    - when: never
  trigger:
    project: veo/verinice-veo-argocd
    branch: main
    strategy: mirror
    inputs:
      valuesFile: $VALUES_FILE
      imageTag: $IMAGE_TAG
      serviceName: 'history'

trigger_deployment:
  stage: deployment
  only:
    - develop
    - tags
  trigger:
    project: veo/verinice-veo-deployment