Loading maven-building.yml 0 → 100644 +31 −0 Original line number Diff line number Diff line variables: BUILDING_IMAGE: ${MAVEN_IMAGE_NAME}:${MAVEN_IMAGE_TAG} MAVEN_OPTS: -Dmaven.repo.local=.m2/repository SPRING_PROFILES_ACTIVE: test MAVEN_PROJECT_NAME: ${CI_PROJECT_NAME} MAVEN_GOALS: verify spring-boot:repackage TEST_COVERAGE_XPATH: //table[@id=\"coveragetable\"]/tfoot//td[@class=\"ctr2\"][1]/text() PROJECT_ROOT_PATH: '.' TEST_OUTPUT_PATH: target BUILD_OUTPUT_PATH: dist maven-build: stage: build image: ${BUILDING_IMAGE} cache: paths: - .m2/repository/ script: - mvn -pl :${MAVEN_PROJECT_NAME} -U -B clean ${MAVEN_GOALS} - coveragePath="${PROJECT_ROOT_PATH}/${TEST_OUTPUT_PATH}/site/jacoco/index.html" - coverage=$(xmllint --html --xpath "${TEST_COVERAGE_XPATH}" "${coveragePath}") - echo "Coverage: ${coverage}" after_script: - rm -r .m2/repository/es only: - branches artifacts: name: '${MAVEN_PROJECT_NAME}-${CI_COMMIT_REF_NAME}' expire_in: '6 months' paths: - ${PROJECT_ROOT_PATH}/${BUILD_OUTPUT_PATH}/*.jar packaging.yml 0 → 100644 +79 −0 Original line number Diff line number Diff line variables: PACKAGING_IMAGE: docker:stable DIND_IMAGE: docker:dind DOCKER_REGISTRY: ${CI_REGISTRY} DOCKER_REGISTRY_USER: gitlab-ci-token DOCKER_REGISTRY_PASS: ${CI_JOB_TOKEN} DOCKER_BUILD_ARGS: '' DOCKER_IMAGE_NAME: ${CI_REGISTRY_IMAGE} .docker: image: ${PACKAGING_IMAGE} variables: DOCKER_DRIVER: overlay2 DOCKER_DEFAULT_TAGGING: ${DOCKER_IMAGE_NAME}:${CI_COMMIT_SHA} services: - ${DIND_IMAGE} before_script: - docker login -u ${DOCKER_REGISTRY_USER} -p ${DOCKER_REGISTRY_PASS} ${DOCKER_REGISTRY} .docker-operations: stage: package extends: .docker after_script: - docker push ${DOCKER_IMAGE_NAME} .docker-operations-build: extends: .docker-operations script: - docker build ${DOCKER_BUILD_ARGS} -t ${DOCKER_DEFAULT_TAGGING} -t ${DOCKER_SPECIFIC_TAGGING} . docker-build-support-branch: extends: .docker-operations-build variables: DOCKER_SPECIFIC_TAGGING: ${DOCKER_IMAGE_NAME}:${CI_COMMIT_REF_NAME}-latest only: - branches except: - master - schedules docker-build-stable-branch: extends: .docker-operations-build variables: DOCKER_SPECIFIC_TAGGING: ${DOCKER_IMAGE_NAME}:latest only: - master except: - schedules docker-tag: extends: .docker-operations only: - tags script: - docker pull ${DOCKER_DEFAULT_TAGGING} - docker tag ${DOCKER_DEFAULT_TAGGING} ${DOCKER_IMAGE_NAME}:${CI_COMMIT_TAG} docker-scan: stage: test-package extends: .docker allow_failure: true only: - branches except: - schedules script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker pull ${DOCKER_DEFAULT_TAGGING} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${DOCKER_DEFAULT_TAGGING} || true artifacts: paths: [gl-sast-container-report.json] Loading
maven-building.yml 0 → 100644 +31 −0 Original line number Diff line number Diff line variables: BUILDING_IMAGE: ${MAVEN_IMAGE_NAME}:${MAVEN_IMAGE_TAG} MAVEN_OPTS: -Dmaven.repo.local=.m2/repository SPRING_PROFILES_ACTIVE: test MAVEN_PROJECT_NAME: ${CI_PROJECT_NAME} MAVEN_GOALS: verify spring-boot:repackage TEST_COVERAGE_XPATH: //table[@id=\"coveragetable\"]/tfoot//td[@class=\"ctr2\"][1]/text() PROJECT_ROOT_PATH: '.' TEST_OUTPUT_PATH: target BUILD_OUTPUT_PATH: dist maven-build: stage: build image: ${BUILDING_IMAGE} cache: paths: - .m2/repository/ script: - mvn -pl :${MAVEN_PROJECT_NAME} -U -B clean ${MAVEN_GOALS} - coveragePath="${PROJECT_ROOT_PATH}/${TEST_OUTPUT_PATH}/site/jacoco/index.html" - coverage=$(xmllint --html --xpath "${TEST_COVERAGE_XPATH}" "${coveragePath}") - echo "Coverage: ${coverage}" after_script: - rm -r .m2/repository/es only: - branches artifacts: name: '${MAVEN_PROJECT_NAME}-${CI_COMMIT_REF_NAME}' expire_in: '6 months' paths: - ${PROJECT_ROOT_PATH}/${BUILD_OUTPUT_PATH}/*.jar
packaging.yml 0 → 100644 +79 −0 Original line number Diff line number Diff line variables: PACKAGING_IMAGE: docker:stable DIND_IMAGE: docker:dind DOCKER_REGISTRY: ${CI_REGISTRY} DOCKER_REGISTRY_USER: gitlab-ci-token DOCKER_REGISTRY_PASS: ${CI_JOB_TOKEN} DOCKER_BUILD_ARGS: '' DOCKER_IMAGE_NAME: ${CI_REGISTRY_IMAGE} .docker: image: ${PACKAGING_IMAGE} variables: DOCKER_DRIVER: overlay2 DOCKER_DEFAULT_TAGGING: ${DOCKER_IMAGE_NAME}:${CI_COMMIT_SHA} services: - ${DIND_IMAGE} before_script: - docker login -u ${DOCKER_REGISTRY_USER} -p ${DOCKER_REGISTRY_PASS} ${DOCKER_REGISTRY} .docker-operations: stage: package extends: .docker after_script: - docker push ${DOCKER_IMAGE_NAME} .docker-operations-build: extends: .docker-operations script: - docker build ${DOCKER_BUILD_ARGS} -t ${DOCKER_DEFAULT_TAGGING} -t ${DOCKER_SPECIFIC_TAGGING} . docker-build-support-branch: extends: .docker-operations-build variables: DOCKER_SPECIFIC_TAGGING: ${DOCKER_IMAGE_NAME}:${CI_COMMIT_REF_NAME}-latest only: - branches except: - master - schedules docker-build-stable-branch: extends: .docker-operations-build variables: DOCKER_SPECIFIC_TAGGING: ${DOCKER_IMAGE_NAME}:latest only: - master except: - schedules docker-tag: extends: .docker-operations only: - tags script: - docker pull ${DOCKER_DEFAULT_TAGGING} - docker tag ${DOCKER_DEFAULT_TAGGING} ${DOCKER_IMAGE_NAME}:${CI_COMMIT_TAG} docker-scan: stage: test-package extends: .docker allow_failure: true only: - branches except: - schedules script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 - apk add -U wget ca-certificates - docker pull ${DOCKER_DEFAULT_TAGGING} - wget https://github.com/arminc/clair-scanner/releases/download/v8/clair-scanner_linux_amd64 - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${DOCKER_DEFAULT_TAGGING} || true artifacts: paths: [gl-sast-container-report.json]
