-
Notifications
You must be signed in to change notification settings - Fork 101
/
Copy path.gitlab-ci.yml
179 lines (163 loc) · 5.4 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
stages:
- lint
- swagger
- test
- build
- deploy
variables:
SAST_IMAGE_SUFFIX: '-fips'
DOCKER_HOST: "tcp://docker:2375"
DOCKER_TLS_CERTDIR: ""
GOLANGCI_LINT_CACHE: ${CI_PROJECT_DIR}/.golangci-lint
GOMODCACHE: ${CI_PROJECT_DIR}/.cache/go-mod
GOCACHE: ${CI_PROJECT_DIR}/.cache/go-build
TESTCONTAINERS_HUB_IMAGE_NAME_PREFIX: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public
TESTCONTAINERS_RYUK_DISABLED: true
.go-lint-cache:
cache:
- key: lint-cache
paths:
- .golangci-lint/
- key: mod-cache
paths:
- .cache/
.go-test-cache:
cache:
- key: mod-cache
paths:
- .cache/
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml
.before_script: &pre
image: docker:27.3
stage: build
services:
- name: docker:27.3-dind
command: [ "--feature=containerd-snapshotter", "--experimental" ]
variables:
BUILDX_NO_DEFAULT_ATTESTATIONS: 1
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker run --privileged --rm opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/tonistiigi/binfmt --install all
lint-all:
image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/golangci/golangci-lint:v1.62.0
extends: .go-lint-cache
stage: lint
interruptible: true
needs: []
script:
- go env -w GO111MODULE=on
- go env -w GOPROXY=https://goproxy.cn,direct
- golangci-lint run --timeout=15m --build-tags=
- golangci-lint run --timeout=10m --build-tags=ee
- golangci-lint run --timeout=10m --build-tags=saas
- go run linters/gincontext/main.go -tags=
- go run linters/gincontext/main.go -tags=ee
- go run linters/gincontext/main.go -tags=saas
swagger-gen:
stage: swagger
interruptible: true
image: $CI_REGISTRY_IMAGE/docker-golang:1.23.3
needs: []
script:
- go env -w GO111MODULE=on
- go env -w GOPROXY=https://goproxy.cn,direct
- go install github.com/swaggo/swag/cmd/swag@latest
- make swag
test-all:
extends: .go-test-cache
stage: test
interruptible: true
image: $CI_REGISTRY_IMAGE/docker-golang:1.23.3
needs: []
services:
- name: docker:27.3-dind
script:
- go env -w GO111MODULE=on
- go env -w GOPROXY=https://goproxy.cn,direct
- go test -tags= ./...
- go test -tags=ee ./...
- go test -tags=saas ./...
build:stg:amd64:
image: docker:27.3
stage: build
services:
- docker:27.3-dind
script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} -t ${CI_REGISTRY_IMAGE}:latest --build-arg CSGHUB_TAGS=saas -f docker/Dockerfile-saas .
- docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}
- docker push ${CI_REGISTRY_IMAGE}:latest
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME # when commit to main branch
.build:stg:arm64:
<<: *pre
script:
- |
docker buildx build --platform linux/arm64 \
-t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} \
-t ${CI_REGISTRY_IMAGE}:latest \
--build-arg CSGHUB_TAGS=saas \
-f docker/Dockerfile-saas \
--push .
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME # when commit to main branch
build:prod:amd64:
image: docker:27.3
stage: build
services:
- docker:27.3-dind
script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} -t ${CI_REGISTRY_IMAGE}:latest --build-arg CSGHUB_TAGS=saas -f docker/Dockerfile-saas .
- docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
- docker push ${CI_REGISTRY_IMAGE}:latest
rules:
- if: $CI_COMMIT_TAG
.build:prod:arm64:
<<: *pre
script:
- |
docker buildx build --platform linux/arm64 \
-t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} \
-t ${CI_REGISTRY_IMAGE}:latest \
--build-arg CSGHUB_TAGS=saas \
-f docker/Dockerfile-saas \
--push .
rules:
- if: $CI_COMMIT_TAG
# trigger starhub-deploy project(only works for x86_64 arch)
trigger_deploy_stg1:
stage: deploy
needs: ['build:stg:amd64']
image: alpine:3.14
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME
script:
- |-
sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
apk add --no-cache curl
curl --fail-with-body \
--request POST \
--form "token=${STARHUB_DEPLOY_TRIGGER_TOKEN}" \
--form ref=main \
--form "variables[starhub_tag]=${CI_COMMIT_SHORT_SHA}" \
--form "variables[ENV_NAME]=stg1" \
https://git-devops.opencsg.com/api/v4/projects/58/trigger/pipeline
trigger_deploy_stg2:
stage: deploy
needs: ['build:stg:amd64']
image: alpine:3.14
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME
script:
- |-
sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
apk add --no-cache curl
curl --fail-with-body \
--request POST \
--form "token=${STARHUB_DEPLOY_TRIGGER_TOKEN}" \
--form ref=main \
--form "variables[starhub_tag]=${CI_COMMIT_SHORT_SHA}" \
--form "variables[ENV_NAME]=stg2" \
https://git-devops.opencsg.com/api/v4/projects/58/trigger/pipeline