Loading .gitlab-ci.yml +38 −20 Original line number Diff line number Diff line Loading @@ -17,22 +17,22 @@ maven-build: ELASTIC_XPACKSECURITYUSER: ${DEV_ELASTIC_XPACKSECURITYUSER} only: - branches except: - master cache: paths: - .m2/repository/ script: - mvn verify spring-boot:repackage -B - "COVERAGE=$(xmllint --html --xpath '//table[@id=\"coveragetable\"]/tfoot//td[@class=\"ctr2\"][1]/text()' target/site/jacoco/index.html)" - 'echo "Coverage: ${COVERAGE}"' after_script: - rm -r .m2/repository/es artifacts: name: "${CI_PROJECT_NAME}" name: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_NAME}" expire_in: '6 months' paths: - dist/*.jar docker-build-commit: docker-build-commit-non-master-branches: stage: package image: docker:stable variables: Loading @@ -52,7 +52,7 @@ docker-build-commit: -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-tag: docker-build-commit-master-branch: stage: package image: docker:stable variables: Loading @@ -62,7 +62,7 @@ docker-build-tag: services: - docker:dind only: - tags - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - > Loading @@ -70,6 +70,20 @@ docker-build-tag: -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} docker-tag-already-built-image: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - tags script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container_scanning: stage: test-package image: docker:stable Loading @@ -80,8 +94,6 @@ container_scanning: - docker:stable-dind only: - branches except: - master script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 Loading @@ -92,7 +104,9 @@ container_scanning: - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] Loading @@ -110,16 +124,18 @@ deploy-dev: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} SPRING_DATASOURCE_PASSWORD=${DEV_SPRING_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} ELASTIC_XPACKSECURITYUSER=${DEV_ELASTIC_XPACKSECURITYUSER} environment: name: dev url: https://appdev.${DEV_PUBLIC_HOSTNAME}/api/${CI_PROJECT_NAME} url: https://appdev.${DEV_PUBLIC_HOSTNAME}/${CI_PROJECT_NAME} only: - dev when: manual deploy-supporting-branch: stage: deploy Loading @@ -135,14 +151,15 @@ deploy-supporting-branch: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} SPRING_DATASOURCE_PASSWORD=${DEV_SPRING_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} ELASTIC_XPACKSECURITYUSER=${DEV_ELASTIC_XPACKSECURITYUSER} environment: name: dev url: https://appdev.${DEV_PUBLIC_HOSTNAME}/api/${CI_PROJECT_NAME} url: https://appdev.${DEV_PUBLIC_HOSTNAME}/${CI_PROJECT_NAME} only: - branches except: Loading @@ -167,11 +184,12 @@ deploy-pro: deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=prod SPRING_DATASOURCE_USERNAME=${PRO_SPRING_DATASOURCE_USERNAME} SPRING_DATASOURCE_PASSWORD=${PRO_SPRING_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${PRO_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${PRO_JOBS_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${PRO_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${PRO_JOBS_DATASOURCE_PASSWORD} ELASTIC_XPACKSECURITYUSER=${PRO_ELASTIC_XPACKSECURITYUSER} environment: name: pro url: https://${PRO_PUBLIC_HOSTNAME}/api/${CI_PROJECT_NAME} url: https://${PRO_PUBLIC_HOSTNAME}/${CI_PROJECT_NAME} only: - tags - master when: manual Loading
.gitlab-ci.yml +38 −20 Original line number Diff line number Diff line Loading @@ -17,22 +17,22 @@ maven-build: ELASTIC_XPACKSECURITYUSER: ${DEV_ELASTIC_XPACKSECURITYUSER} only: - branches except: - master cache: paths: - .m2/repository/ script: - mvn verify spring-boot:repackage -B - "COVERAGE=$(xmllint --html --xpath '//table[@id=\"coveragetable\"]/tfoot//td[@class=\"ctr2\"][1]/text()' target/site/jacoco/index.html)" - 'echo "Coverage: ${COVERAGE}"' after_script: - rm -r .m2/repository/es artifacts: name: "${CI_PROJECT_NAME}" name: "${CI_PROJECT_NAME}-${CI_COMMIT_REF_NAME}" expire_in: '6 months' paths: - dist/*.jar docker-build-commit: docker-build-commit-non-master-branches: stage: package image: docker:stable variables: Loading @@ -52,7 +52,7 @@ docker-build-commit: -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}-latest . - docker push ${CI_REGISTRY_IMAGE} docker-build-tag: docker-build-commit-master-branch: stage: package image: docker:stable variables: Loading @@ -62,7 +62,7 @@ docker-build-tag: services: - docker:dind only: - tags - master script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - > Loading @@ -70,6 +70,20 @@ docker-build-tag: -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} -t ${CI_REGISTRY_IMAGE}:latest . - docker push ${CI_REGISTRY_IMAGE} docker-tag-already-built-image: stage: package image: docker:stable variables: DOCKER_DRIVER: overlay2 services: - docker:dind only: - tags script: - docker login -u gitlab-ci-token -p ${CI_JOB_TOKEN} ${CI_REGISTRY} - docker tag ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} - docker push ${CI_REGISTRY_IMAGE} container_scanning: stage: test-package image: docker:stable Loading @@ -80,8 +94,6 @@ container_scanning: - docker:stable-dind only: - branches except: - master script: - docker run -d --name db arminc/clair-db:latest - docker run -p 6060:6060 --link db:postgres -d --name clair arminc/clair-local-scan:v2.0.1 Loading @@ -92,7 +104,9 @@ container_scanning: - mv clair-scanner_linux_amd64 clair-scanner - chmod +x clair-scanner - touch clair-whitelist.yml - ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true - > ./clair-scanner -c http://docker:6060 --ip $(hostname -i) -r gl-sast-container-report.json -l clair.log -w clair-whitelist.yml ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA} || true artifacts: paths: [gl-sast-container-report.json] Loading @@ -110,16 +124,18 @@ deploy-dev: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} SPRING_DATASOURCE_PASSWORD=${DEV_SPRING_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} ELASTIC_XPACKSECURITYUSER=${DEV_ELASTIC_XPACKSECURITYUSER} environment: name: dev url: https://appdev.${DEV_PUBLIC_HOSTNAME}/api/${CI_PROJECT_NAME} url: https://appdev.${DEV_PUBLIC_HOSTNAME}/${CI_PROJECT_NAME} only: - dev when: manual deploy-supporting-branch: stage: deploy Loading @@ -135,14 +151,15 @@ deploy-supporting-branch: - docker:dind script: - > deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=pre SPRING_DATASOURCE_USERNAME=${DEV_SPRING_DATASOURCE_USERNAME} SPRING_DATASOURCE_PASSWORD=${DEV_SPRING_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${DEV_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${DEV_JOBS_DATASOURCE_PASSWORD} ELASTIC_XPACKSECURITYUSER=${DEV_ELASTIC_XPACKSECURITYUSER} environment: name: dev url: https://appdev.${DEV_PUBLIC_HOSTNAME}/api/${CI_PROJECT_NAME} url: https://appdev.${DEV_PUBLIC_HOSTNAME}/${CI_PROJECT_NAME} only: - branches except: Loading @@ -167,11 +184,12 @@ deploy-pro: deploy.sh IMAGE_NAME=${IMAGE_NAME} IMAGE_TAG=${IMAGE_TAG} COMPOSE_FILE=${COMPOSE_FILE} SPRING_PROFILES_ACTIVE=prod SPRING_DATASOURCE_USERNAME=${PRO_SPRING_DATASOURCE_USERNAME} SPRING_DATASOURCE_PASSWORD=${PRO_SPRING_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${PRO_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${PRO_JOBS_DATASOURCE_PASSWORD} JOBS_DATASOURCE_USERNAME=${PRO_JOBS_DATASOURCE_USERNAME} JOBS_DATASOURCE_PASSWORD=${PRO_JOBS_DATASOURCE_PASSWORD} ELASTIC_XPACKSECURITYUSER=${PRO_ELASTIC_XPACKSECURITYUSER} environment: name: pro url: https://${PRO_PUBLIC_HOSTNAME}/api/${CI_PROJECT_NAME} url: https://${PRO_PUBLIC_HOSTNAME}/${CI_PROJECT_NAME} only: - tags - master when: manual
