variables: GITLAB_CI_IMAGE_ALPINE: 'alpine:3.9' GITLAB_CI_IMAGE_DOCKER: 'docker:20.10.6' GITLAB_CI_IMAGE_NODE: 'node:13.12' GITLAB_CI_IMAGE_PYTHON: 'python:3.9.12' GITLAB_CI_IMAGE_OPENAPI_GENERATOR_CLI: 'openapitools/openapi-generator-cli:v5.3.0' GITLAB_CI_IMAGE_SENTRY_CLI: 'getsentry/sentry-cli' GITLAB_CI_PYPI_DOCKER_COMPOSE: 'docker-compose~=1.23.0' GITLAB_CI_PYPI_TOX: 'tox~=3.20.0' stages: - schema - api - static - build - test - deploy - sentry_release - trigger - security # 'schema' stage schema: stage: schema needs: [] image: ${GITLAB_CI_IMAGE_PYTHON} script: - pip install --no-cache-dir --no-deps -r "requirements.txt" --force-reinstall . - >- ./manage.py spectacular --file satnogs-db-api-client/api-schema.yml --validate --fail-on-warn artifacts: expire_in: 1 week when: always paths: - satnogs-db-api-client # 'api' stage api: stage: api needs: - job: schema artifacts: true image: ${GITLAB_CI_IMAGE_OPENAPI_GENERATOR_CLI} script: - >- docker-entrypoint.sh generate -i satnogs-db-api-client/api-schema.yml -g python -o satnogs-db-api-client -c satnogs-db-api-client/openapi-generator-config.json - >- docker-entrypoint.sh generate -i satnogs-db-api-client/api-schema.yml -g html2 -o satnogs-db-api-client/html2 -c satnogs-db-api-client/openapi-generator-config.json artifacts: expire_in: 1 week when: always paths: - satnogs-db-api-client # 'static' stage static_js_css: stage: static needs: [] image: ${GITLAB_CI_IMAGE_NODE} script: - npm ci - node_modules/.bin/gulp artifacts: expire_in: 1 week when: always paths: - db/static/lib static: stage: static needs: [] image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - tox -e "flake8,isort,yapf,pylint" # 'build' stage docs: stage: build needs: [] image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - rm -rf docs/_build - tox -e "docs" artifacts: expire_in: 1 week when: always paths: - docs/_build/html build: stage: build needs: - job: static_js_css artifacts: true image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - rm -rf dist - tox -e build artifacts: expire_in: 1 week when: always paths: - dist build_api: stage: build needs: - job: api artifacts: true image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - cd satnogs-db-api-client - rm -rf dist - tox -e build artifacts: expire_in: 1 week when: always paths: - satnogs-db-api-client/dist # 'test' stage test: stage: test needs: - job: static_js_css artifacts: true image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - tox -e deps,pytest # 'deploy' stage docker: stage: deploy image: ${GITLAB_CI_IMAGE_DOCKER} services: - ${GITLAB_CI_IMAGE_DOCKER}-dind before_script: - apk --update add py-pip - pip install "$GITLAB_CI_PYPI_DOCKER_COMPOSE" script: - | [ -z "$CI_REGISTRY_IMAGE" ] || { CACHE_IMAGE="$CI_REGISTRY_IMAGE/satnogs-db:$CI_COMMIT_REF_NAME" [ -z "$CI_COMMIT_TAG" ] || CACHE_IMAGE="$CI_REGISTRY_IMAGE/satnogs-db:latest" export CACHE_IMAGE } - docker-compose -f docker-compose.yml -f docker-compose.cache.yml pull cache_image || true - docker-compose -f docker-compose.yml -f docker-compose.cache.yml build --pull - | [ -z "$CI_REGISTRY_IMAGE" ] || { docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY docker tag satnogs-db:latest $CI_REGISTRY_IMAGE/satnogs-db:$CI_COMMIT_REF_NAME docker push $CI_REGISTRY_IMAGE/satnogs-db:$CI_COMMIT_REF_NAME [ -z "$CI_COMMIT_TAG" ] || { docker tag satnogs-db:latest $CI_REGISTRY_IMAGE/satnogs-db:latest docker push $CI_REGISTRY_IMAGE/satnogs-db:latest } } [ -z "$DOCKERHUB_PASSWORD" ] || { docker login -u $DOCKERHUB_USER -p $DOCKERHUB_PASSWORD docker tag satnogs-db:latest librespace/satnogs-db:$CI_COMMIT_REF_NAME docker push librespace/satnogs-db:$CI_COMMIT_REF_NAME [ -z "$CI_COMMIT_TAG" ] || { docker tag satnogs-db:latest librespace/satnogs-db:latest docker push librespace/satnogs-db:latest } } only: refs: - master - tags deploy: stage: deploy image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - rm -rf dist - tox -e "upload" only: refs: - tags variables: - $PYPI_USERNAME - $PYPI_PASSWORD except: - triggers deploy_api: stage: deploy image: ${GITLAB_CI_IMAGE_PYTHON} before_script: - pip install "$GITLAB_CI_PYPI_TOX" script: - cd satnogs-db-api-client - rm -rf dist - tox -e "upload" only: refs: - tags variables: - $PYPI_USERNAME - $PYPI_PASSWORD except: - triggers pages: stage: deploy image: ${GITLAB_CI_IMAGE_ALPINE} script: - mv docs/_build/html/ public/ - mv satnogs-db-api-client/html2/ public/api/ artifacts: paths: - public only: - tags # 'sentry_release' stage sentry_release: stage: sentry_release image: ${GITLAB_CI_IMAGE_SENTRY_CLI} script: - sentry-cli releases new --finalize -p ${CI_PROJECT_NAME} ${CI_PROJECT_NAME}@${CI_COMMIT_TAG} - sentry-cli releases set-commits --auto ${CI_PROJECT_NAME}@${CI_COMMIT_TAG} only: refs: - tags variables: - $SENTRY_AUTH_TOKEN - $SENTRY_ORG # 'trigger' stage trigger_master: stage: trigger needs: - job: docker artifacts: false image: ${GITLAB_CI_IMAGE_ALPINE} before_script: - apk add --no-cache curl script: - PIPELINE_TRIGGERS_MASTER=$(echo "$PIPELINE_TRIGGERS_MASTER" | sed 's/{{CI_COMMIT_SHORT_SHA}}/'"$CI_COMMIT_SHORT_SHA"'/g') - for trigger in $PIPELINE_TRIGGERS_MASTER; do curl -X POST "$trigger"; done only: refs: - master variables: - $PIPELINE_TRIGGERS_MASTER trigger_latest: stage: trigger needs: - job: docker artifacts: false image: ${GITLAB_CI_IMAGE_ALPINE} before_script: - apk add --no-cache curl script: - PIPELINE_TRIGGERS_LATEST=$(echo "$PIPELINE_TRIGGERS_LATEST" | sed 's/{{CI_COMMIT_TAG}}/'"$CI_COMMIT_TAG"'/g') - for trigger in $PIPELINE_TRIGGERS_LATEST; do curl -X POST "$trigger"; done only: refs: - tags variables: - $PIPELINE_TRIGGERS_LATEST # 'security' stage include: - template: Security/Container-Scanning.gitlab-ci.yml - template: Security/Dependency-Scanning.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml - template: Security/License-Scanning.gitlab-ci.yml container_scanning: stage: security needs: - job: docker artifacts: false variables: CI_APPLICATION_REPOSITORY: ${CI_REGISTRY_IMAGE}/satnogs-db CI_APPLICATION_TAG: ${CI_COMMIT_REF_NAME} rules: - if: $CI_REGISTRY_IMAGE && $CI_COMMIT_BRANCH == "master" - if: $CI_REGISTRY_IMAGE && $CI_COMMIT_TAG dependency_scanning: stage: security needs: - job: api artifacts: true variables: DS_DEFAULT_ANALYZERS: 'gemnasium,gemnasium-python,retire.js' gemnasium-python-dependency_scanning: before_script: - apt-get -q update - apt-get -qy install libmariadb-dev python3-pil libjpeg-dev sast: stage: security needs: - job: api artifacts: true variables: SAST_DISABLE_BABEL: 'true' secret_detection: stage: security needs: - job: api artifacts: true license_scanning: stage: security needs: - job: api artifacts: true - job: static_js_css artifacts: true