2019-09-01 16:36:11 -06:00
|
|
|
variables:
|
|
|
|
GITLAB_CI_IMAGE_ALPINE: 'alpine:3.9'
|
2021-05-24 08:23:44 -06:00
|
|
|
GITLAB_CI_IMAGE_DOCKER: 'docker:20.10.6'
|
2020-03-29 06:56:17 -06:00
|
|
|
GITLAB_CI_IMAGE_NODE: 'node:13.12'
|
2022-04-16 12:52:30 -06:00
|
|
|
GITLAB_CI_IMAGE_PYTHON: 'python:3.9.12'
|
2022-01-11 01:21:58 -07:00
|
|
|
GITLAB_CI_IMAGE_OPENAPI_GENERATOR_CLI: 'openapitools/openapi-generator-cli:v5.3.0'
|
2020-10-30 17:22:56 -06:00
|
|
|
GITLAB_CI_IMAGE_SENTRY_CLI: 'getsentry/sentry-cli'
|
2019-09-01 16:36:11 -06:00
|
|
|
GITLAB_CI_PYPI_DOCKER_COMPOSE: 'docker-compose~=1.23.0'
|
2021-01-14 06:50:35 -07:00
|
|
|
GITLAB_CI_PYPI_TOX: 'tox~=3.20.0'
|
2017-09-08 09:42:21 -06:00
|
|
|
stages:
|
2019-09-30 13:50:14 -06:00
|
|
|
- schema
|
2019-09-30 14:19:36 -06:00
|
|
|
- api
|
2019-01-02 15:46:16 -07:00
|
|
|
- static
|
2019-01-02 16:14:56 -07:00
|
|
|
- build
|
2017-09-08 09:42:21 -06:00
|
|
|
- test
|
|
|
|
- deploy
|
2020-10-30 17:22:56 -06:00
|
|
|
- sentry_release
|
2018-11-23 09:48:20 -07:00
|
|
|
- trigger
|
2020-02-15 05:41:32 -07:00
|
|
|
- security
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'schema' stage
|
2019-09-30 13:50:14 -06:00
|
|
|
schema:
|
|
|
|
stage: schema
|
2020-09-25 09:09:26 -06:00
|
|
|
needs: []
|
2019-09-30 13:50:14 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
|
|
|
script:
|
|
|
|
- pip install --no-cache-dir --no-deps -r "requirements.txt" --force-reinstall .
|
2020-09-22 12:33:01 -06:00
|
|
|
- >-
|
2021-01-09 18:39:09 -07:00
|
|
|
./manage.py spectacular
|
|
|
|
--file satnogs-db-api-client/api-schema.yml
|
|
|
|
--validate
|
|
|
|
--fail-on-warn
|
2019-09-30 13:50:14 -06:00
|
|
|
artifacts:
|
|
|
|
expire_in: 1 week
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- satnogs-db-api-client
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'api' stage
|
2019-09-30 14:19:36 -06:00
|
|
|
api:
|
|
|
|
stage: api
|
2020-09-25 09:09:26 -06:00
|
|
|
needs:
|
|
|
|
- job: schema
|
|
|
|
artifacts: true
|
2019-09-30 14:19:36 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_OPENAPI_GENERATOR_CLI}
|
|
|
|
script:
|
|
|
|
- >-
|
|
|
|
docker-entrypoint.sh
|
|
|
|
generate
|
|
|
|
-i satnogs-db-api-client/api-schema.yml
|
|
|
|
-g python
|
|
|
|
-o satnogs-db-api-client
|
|
|
|
-c satnogs-db-api-client/openapi-generator-config.json
|
2020-09-21 04:13:06 -06:00
|
|
|
- >-
|
|
|
|
docker-entrypoint.sh
|
|
|
|
generate
|
|
|
|
-i satnogs-db-api-client/api-schema.yml
|
|
|
|
-g html2
|
|
|
|
-o satnogs-db-api-client/html2
|
|
|
|
-c satnogs-db-api-client/openapi-generator-config.json
|
2019-09-30 14:19:36 -06:00
|
|
|
artifacts:
|
|
|
|
expire_in: 1 week
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- satnogs-db-api-client
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'static' stage
|
2019-01-02 15:46:16 -07:00
|
|
|
static_js_css:
|
|
|
|
stage: static
|
2020-09-25 09:09:26 -06:00
|
|
|
needs: []
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_NODE}
|
2019-01-02 15:46:16 -07:00
|
|
|
script:
|
2019-04-26 06:57:50 -06:00
|
|
|
- npm ci
|
|
|
|
- node_modules/.bin/gulp
|
|
|
|
artifacts:
|
|
|
|
expire_in: 1 week
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- db/static/lib
|
2019-05-09 09:33:02 -06:00
|
|
|
static:
|
2019-04-27 03:20:22 -06:00
|
|
|
stage: static
|
2020-09-25 09:09:26 -06:00
|
|
|
needs: []
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
2019-04-27 03:20:22 -06:00
|
|
|
before_script:
|
2019-09-01 16:36:11 -06:00
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
2019-04-27 03:20:22 -06:00
|
|
|
script:
|
2019-09-01 16:10:47 -06:00
|
|
|
- tox -e "flake8,isort,yapf,pylint"
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'build' stage
|
2019-03-16 11:37:52 -06:00
|
|
|
docs:
|
|
|
|
stage: build
|
2020-09-25 09:09:26 -06:00
|
|
|
needs: []
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
2019-03-16 11:37:52 -06:00
|
|
|
before_script:
|
2019-09-20 09:00:31 -06:00
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
2019-03-16 11:37:52 -06:00
|
|
|
script:
|
2019-09-20 09:00:31 -06:00
|
|
|
- rm -rf docs/_build
|
|
|
|
- tox -e "docs"
|
2019-03-16 11:37:52 -06:00
|
|
|
artifacts:
|
|
|
|
expire_in: 1 week
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- docs/_build/html
|
2019-01-02 16:14:56 -07:00
|
|
|
build:
|
|
|
|
stage: build
|
2020-12-29 01:47:36 -07:00
|
|
|
needs:
|
|
|
|
- job: static_js_css
|
|
|
|
artifacts: true
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
2019-05-09 09:10:34 -06:00
|
|
|
before_script:
|
2019-09-01 16:36:11 -06:00
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
2019-01-02 16:14:56 -07:00
|
|
|
script:
|
|
|
|
- rm -rf dist
|
2019-09-01 16:10:47 -06:00
|
|
|
- tox -e build
|
2020-09-25 10:01:47 -06:00
|
|
|
artifacts:
|
|
|
|
expire_in: 1 week
|
|
|
|
when: always
|
|
|
|
paths:
|
|
|
|
- dist
|
|
|
|
build_api:
|
|
|
|
stage: build
|
|
|
|
needs:
|
|
|
|
- job: api
|
|
|
|
artifacts: true
|
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
|
|
|
before_script:
|
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
|
|
|
script:
|
2019-09-30 15:06:57 -06:00
|
|
|
- cd satnogs-db-api-client
|
|
|
|
- rm -rf dist
|
2020-02-13 15:34:58 -07:00
|
|
|
- tox -e build
|
2019-01-02 16:14:56 -07:00
|
|
|
artifacts:
|
|
|
|
expire_in: 1 week
|
|
|
|
when: always
|
|
|
|
paths:
|
2019-09-30 16:06:36 -06:00
|
|
|
- satnogs-db-api-client/dist
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'test' stage
|
2017-09-08 09:42:21 -06:00
|
|
|
test:
|
|
|
|
stage: test
|
2020-12-29 01:47:36 -07:00
|
|
|
needs:
|
|
|
|
- job: static_js_css
|
|
|
|
artifacts: true
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
2019-01-07 05:41:53 -07:00
|
|
|
before_script:
|
2019-09-01 16:36:11 -06:00
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
2017-09-08 09:42:21 -06:00
|
|
|
script:
|
2019-09-01 16:10:47 -06:00
|
|
|
- tox -e deps,pytest
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'deploy' stage
|
2018-11-10 06:06:50 -07:00
|
|
|
docker:
|
|
|
|
stage: deploy
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_DOCKER}
|
2018-11-10 06:06:50 -07:00
|
|
|
services:
|
2019-09-01 16:36:11 -06:00
|
|
|
- ${GITLAB_CI_IMAGE_DOCKER}-dind
|
2018-11-10 06:06:50 -07:00
|
|
|
before_script:
|
|
|
|
- apk --update add py-pip
|
2019-09-01 16:36:11 -06:00
|
|
|
- pip install "$GITLAB_CI_PYPI_DOCKER_COMPOSE"
|
2018-11-10 06:06:50 -07:00
|
|
|
script:
|
2019-03-16 08:01:41 -06:00
|
|
|
- |
|
|
|
|
[ -z "$CI_REGISTRY_IMAGE" ] || {
|
2019-09-01 15:23:52 -06:00
|
|
|
CACHE_IMAGE="$CI_REGISTRY_IMAGE/satnogs-db:$CI_COMMIT_REF_NAME"
|
2019-03-16 08:01:41 -06:00
|
|
|
[ -z "$CI_COMMIT_TAG" ] || CACHE_IMAGE="$CI_REGISTRY_IMAGE/satnogs-db:latest"
|
|
|
|
export CACHE_IMAGE
|
|
|
|
}
|
2019-02-11 09:36:21 -07:00
|
|
|
- docker-compose -f docker-compose.yml -f docker-compose.cache.yml pull cache_image || true
|
|
|
|
- docker-compose -f docker-compose.yml -f docker-compose.cache.yml build --pull
|
2018-11-23 09:32:51 -07:00
|
|
|
- |
|
|
|
|
[ -z "$CI_REGISTRY_IMAGE" ] || {
|
|
|
|
docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
|
|
|
|
docker tag satnogs-db:latest $CI_REGISTRY_IMAGE/satnogs-db:$CI_COMMIT_REF_NAME
|
|
|
|
docker push $CI_REGISTRY_IMAGE/satnogs-db:$CI_COMMIT_REF_NAME
|
2019-03-16 08:01:41 -06:00
|
|
|
[ -z "$CI_COMMIT_TAG" ] || {
|
|
|
|
docker tag satnogs-db:latest $CI_REGISTRY_IMAGE/satnogs-db:latest
|
|
|
|
docker push $CI_REGISTRY_IMAGE/satnogs-db:latest
|
|
|
|
}
|
2018-11-23 09:32:51 -07:00
|
|
|
}
|
|
|
|
[ -z "$DOCKERHUB_PASSWORD" ] || {
|
|
|
|
docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASSWORD
|
|
|
|
docker tag satnogs-db:latest librespace/satnogs-db:$CI_COMMIT_REF_NAME
|
|
|
|
docker push librespace/satnogs-db:$CI_COMMIT_REF_NAME
|
2019-03-16 08:01:41 -06:00
|
|
|
[ -z "$CI_COMMIT_TAG" ] || {
|
|
|
|
docker tag satnogs-db:latest librespace/satnogs-db:latest
|
|
|
|
docker push librespace/satnogs-db:latest
|
|
|
|
}
|
2018-11-23 09:32:51 -07:00
|
|
|
}
|
2018-11-10 06:06:50 -07:00
|
|
|
only:
|
2018-11-22 12:45:52 -07:00
|
|
|
refs:
|
|
|
|
- master
|
2019-03-16 08:01:41 -06:00
|
|
|
- tags
|
2019-09-22 09:14:53 -06:00
|
|
|
deploy:
|
|
|
|
stage: deploy
|
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
|
|
|
before_script:
|
2020-02-13 15:34:58 -07:00
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
2019-09-22 09:14:53 -06:00
|
|
|
script:
|
|
|
|
- rm -rf dist
|
2020-02-13 15:34:58 -07:00
|
|
|
- tox -e "upload"
|
2019-09-22 09:14:53 -06:00
|
|
|
only:
|
|
|
|
refs:
|
|
|
|
- tags
|
|
|
|
variables:
|
|
|
|
- $PYPI_USERNAME
|
|
|
|
- $PYPI_PASSWORD
|
2019-12-24 11:45:56 -07:00
|
|
|
except:
|
|
|
|
- triggers
|
2020-03-29 14:08:12 -06:00
|
|
|
deploy_api:
|
|
|
|
stage: deploy
|
|
|
|
image: ${GITLAB_CI_IMAGE_PYTHON}
|
|
|
|
before_script:
|
|
|
|
- pip install "$GITLAB_CI_PYPI_TOX"
|
|
|
|
script:
|
|
|
|
- cd satnogs-db-api-client
|
|
|
|
- rm -rf dist
|
|
|
|
- tox -e "upload"
|
|
|
|
only:
|
|
|
|
refs:
|
|
|
|
- tags
|
|
|
|
variables:
|
|
|
|
- $PYPI_USERNAME
|
|
|
|
- $PYPI_PASSWORD
|
|
|
|
except:
|
|
|
|
- triggers
|
2020-09-25 10:39:19 -06:00
|
|
|
pages:
|
|
|
|
stage: deploy
|
|
|
|
image: ${GITLAB_CI_IMAGE_ALPINE}
|
|
|
|
script:
|
|
|
|
- mv docs/_build/html/ public/
|
2020-12-29 03:40:55 -07:00
|
|
|
- mv satnogs-db-api-client/html2/ public/api/
|
2020-09-25 10:39:19 -06:00
|
|
|
artifacts:
|
|
|
|
paths:
|
|
|
|
- public
|
|
|
|
only:
|
|
|
|
- tags
|
|
|
|
|
2020-10-30 17:22:56 -06:00
|
|
|
# 'sentry_release' stage
|
|
|
|
sentry_release:
|
|
|
|
stage: sentry_release
|
|
|
|
image: ${GITLAB_CI_IMAGE_SENTRY_CLI}
|
|
|
|
script:
|
|
|
|
- sentry-cli releases new --finalize -p ${CI_PROJECT_NAME} ${CI_PROJECT_NAME}@${CI_COMMIT_TAG}
|
|
|
|
- sentry-cli releases set-commits --auto ${CI_PROJECT_NAME}@${CI_COMMIT_TAG}
|
|
|
|
only:
|
|
|
|
refs:
|
|
|
|
- tags
|
|
|
|
variables:
|
|
|
|
- $SENTRY_AUTH_TOKEN
|
|
|
|
- $SENTRY_ORG
|
|
|
|
|
2020-09-25 10:39:19 -06:00
|
|
|
# 'trigger' stage
|
2019-01-11 18:44:07 -07:00
|
|
|
trigger_master:
|
2018-11-23 09:48:20 -07:00
|
|
|
stage: trigger
|
2020-09-25 10:39:46 -06:00
|
|
|
needs:
|
|
|
|
- job: docker
|
|
|
|
artifacts: false
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_ALPINE}
|
2018-11-23 09:48:20 -07:00
|
|
|
before_script:
|
|
|
|
- apk add --no-cache curl
|
|
|
|
script:
|
2020-10-26 12:24:36 -06:00
|
|
|
- PIPELINE_TRIGGERS_MASTER=$(echo "$PIPELINE_TRIGGERS_MASTER" | sed 's/{{CI_COMMIT_SHORT_SHA}}/'"$CI_COMMIT_SHORT_SHA"'/g')
|
2019-01-11 18:44:07 -07:00
|
|
|
- for trigger in $PIPELINE_TRIGGERS_MASTER; do curl -X POST "$trigger"; done
|
2018-11-23 09:48:20 -07:00
|
|
|
only:
|
|
|
|
refs:
|
|
|
|
- master
|
2019-01-11 18:44:07 -07:00
|
|
|
variables:
|
|
|
|
- $PIPELINE_TRIGGERS_MASTER
|
2019-03-16 08:01:41 -06:00
|
|
|
trigger_latest:
|
2019-01-11 18:44:07 -07:00
|
|
|
stage: trigger
|
2020-09-25 10:39:46 -06:00
|
|
|
needs:
|
|
|
|
- job: docker
|
|
|
|
artifacts: false
|
2019-09-01 16:36:11 -06:00
|
|
|
image: ${GITLAB_CI_IMAGE_ALPINE}
|
2019-01-11 18:44:07 -07:00
|
|
|
before_script:
|
|
|
|
- apk add --no-cache curl
|
|
|
|
script:
|
2020-10-26 12:24:36 -06:00
|
|
|
- PIPELINE_TRIGGERS_LATEST=$(echo "$PIPELINE_TRIGGERS_LATEST" | sed 's/{{CI_COMMIT_TAG}}/'"$CI_COMMIT_TAG"'/g')
|
2019-03-16 08:01:41 -06:00
|
|
|
- for trigger in $PIPELINE_TRIGGERS_LATEST; do curl -X POST "$trigger"; done
|
2019-01-11 18:44:07 -07:00
|
|
|
only:
|
|
|
|
refs:
|
2019-03-16 08:01:41 -06:00
|
|
|
- tags
|
2018-11-23 09:48:20 -07:00
|
|
|
variables:
|
2019-03-16 08:01:41 -06:00
|
|
|
- $PIPELINE_TRIGGERS_LATEST
|
2020-09-25 10:39:19 -06:00
|
|
|
|
|
|
|
# 'security' stage
|
|
|
|
include:
|
|
|
|
- template: Security/Container-Scanning.gitlab-ci.yml
|
|
|
|
- template: Security/Dependency-Scanning.gitlab-ci.yml
|
|
|
|
- template: Security/SAST.gitlab-ci.yml
|
|
|
|
- template: Security/Secret-Detection.gitlab-ci.yml
|
2020-09-25 10:43:48 -06:00
|
|
|
- template: Security/License-Scanning.gitlab-ci.yml
|
2020-09-25 10:39:19 -06:00
|
|
|
container_scanning:
|
|
|
|
stage: security
|
|
|
|
needs:
|
|
|
|
- job: docker
|
|
|
|
artifacts: false
|
|
|
|
variables:
|
|
|
|
CI_APPLICATION_REPOSITORY: ${CI_REGISTRY_IMAGE}/satnogs-db
|
|
|
|
CI_APPLICATION_TAG: ${CI_COMMIT_REF_NAME}
|
|
|
|
rules:
|
|
|
|
- if: $CI_REGISTRY_IMAGE && $CI_COMMIT_BRANCH == "master"
|
|
|
|
- if: $CI_REGISTRY_IMAGE && $CI_COMMIT_TAG
|
|
|
|
dependency_scanning:
|
|
|
|
stage: security
|
|
|
|
needs:
|
|
|
|
- job: api
|
|
|
|
artifacts: true
|
|
|
|
variables:
|
|
|
|
DS_DEFAULT_ANALYZERS: 'gemnasium,gemnasium-python,retire.js'
|
|
|
|
gemnasium-python-dependency_scanning:
|
|
|
|
before_script:
|
|
|
|
- apt-get -q update
|
|
|
|
- apt-get -qy install libmariadb-dev python3-pil libjpeg-dev
|
|
|
|
sast:
|
|
|
|
stage: security
|
|
|
|
needs:
|
|
|
|
- job: api
|
|
|
|
artifacts: true
|
2020-09-25 14:45:09 -06:00
|
|
|
variables:
|
|
|
|
SAST_DISABLE_BABEL: 'true'
|
2020-09-25 10:39:19 -06:00
|
|
|
secret_detection:
|
|
|
|
stage: security
|
|
|
|
needs:
|
|
|
|
- job: api
|
|
|
|
artifacts: true
|
2020-09-25 10:43:48 -06:00
|
|
|
license_scanning:
|
|
|
|
stage: security
|
|
|
|
needs:
|
|
|
|
- job: api
|
|
|
|
artifacts: true
|
2020-12-29 01:47:36 -07:00
|
|
|
- job: static_js_css
|
|
|
|
artifacts: true
|