-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
233 lines (206 loc) · 6.44 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
stages:
- lint
- build
- test
- release
- configure
- deploy
# https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
.if-default-branch-refs: &if-default-branch-refs
if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
.if-tag: &if-tag
if: '$CI_COMMIT_TAG'
.if-merge-request: &if-merge-request
if: '$CI_MERGE_REQUEST_IID'
# Workflow
###########
workflow:
rules:
- <<: *if-tag
variables:
# Override the IMAGE_SHA variable on tag pipelines to avoid both the default
# branch pipeline and tag pipeline overriding each other's images arbitrarily when
# they are both running at the same time on master.
IMAGE_SHA: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
- <<: *if-default-branch-refs
- <<: *if-merge-request
include:
- project: 'labs/salt-automation'
file:
- '/gitlab-ci-templates/common/rules.v1.yml'
- '/gitlab-ci-templates/common/saltbert.v1.yml'
- '/gitlab-ci-templates/common/config-updater-meta.v1.yml'
- '/gitlab-ci-templates/common/conventional-commits-meta.v1.yml'
- '/gitlab-ci-templates/common/conventional-commits-changelog-meta.v1.yml'
- '/gitlab-ci-templates/common/docker-build.v1.yml'
variables:
RELEASE_REGISTRY: docker.io
RELEASE_REGISTRY_IMAGE: index.docker.io/magentaaps/aka-selvbetjening
IMAGE_SHA: ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHA}
IMAGE_TAG: magentaaps/aka-selvbetjening:${CI_COMMIT_TAG}
VERSION: PIPELINE
DOCKERFILE: $CI_PROJECT_DIR/docker/Dockerfile
# Lint stage
#############
.lint-default: &lint-default
stage: lint
needs: []
image: python:3.12
Lint Commits:
extends: .lint:commits
variables:
CONFIG: '{ extends: [''@commitlint/config-conventional''], ignores: [(message) => message.includes(''suggestion(s)'')], }'
Lint Python:
<<: *lint-default
before_script:
- pip3 install flake8
- pip3 install black==24.4.1
- pip3 install isort==5.13.2
script:
- flake8 --max-line-length 88 --ignore E501,E226,E203,W503 --exclude=migrations akap/
- black --check --diff --exclude=migrations akap/
- isort -c --profile black --diff --skip migrations akap/
Lint Dockerfiles:
<<: *lint-default
image: hadolint/hadolint:latest-debian
before_script:
- apt-get -y update
- apt-get -y install --no-install-recommends git
script:
- git ls-files --exclude='Dockerfile*' --ignored | xargs --max-lines=1 hadolint
Lint REUSE compliance:
extends: .lint-default
image:
name: fsfe/reuse:latest
entrypoint: [""]
script:
- reuse lint
# Test stage
#############
.test-default: &test-default
stage: test
needs: ["Build"]
dependencies: []
image: ${IMAGE_SHA}
services:
- name: postgres:13
alias: db
variables:
POSTGRES_USER: selvbetjening
POSTGRES_PASSWORD: selvbetjening
POSTGRES_DB: selvbetjening
POSTGRES_HOST: db
DJANGO_TIMEZONE: Europe/Copenhagen
DJANGO_SECRET_KEY: zuvd9h*iw+hhefxld(bqq*^7_ksk0(jy^1*fe=b_7(9p*=hn5$
RUN_MIGRATIONS: "true"
DJANGO_LANGUAGE_COOKIE_DOMAIN: "localhost"
HOST_DOMAIN: "http://localhost"
SAML_ENABLED: "true"
SAML_SP_ENTITY_ID: http://localhost:8000/saml/metadata/
SAML_SP_LOGIN_CALLBACK_URI: http://localhost:8000/login/callback
SAML_SP_LOGOUT_CALLBACK_URI: http://localhost:8000/logout/callback/
SAML_SP_CERTIFICATE: /ssl/sp/selfsigned.crt
SAML_SP_KEY: /ssl/sp/selfsigned.key
SAML_IDP_ENTITY_ID: http://localhost:8080/simplesaml/saml2/idp/metadata.php
SAML_IDP_LOGIN_URI: http://localhost:8080/simplesaml/saml2/idp/SSOService.php
SAML_IDP_LOGOUT_URI: http://localhost:8080/simplesaml/saml2/idp/SingleLogoutService.php
SAML_IDP_CERTIFICATE: /ssl/idp/selfsigned.crt
SAML_IDP_METADATA: http://localhost:8080/simplesaml/saml2/idp/metadata.php
SAML_CONTACT_TECHNICAL_NAME: Tester
SAML_CONTACT_TECHNICAL_EMAIL: [email protected]
SAML_CONTACT_SUPPORT_NAME: Tester
SAML_CONTACT_SUPPORT_EMAIL: [email protected]
SKIP_IDP_METADATA: "true"
Unittest:
<<: *test-default
script:
- cd akap
- coverage run --source='.' --omit=manage.py,project/wsgi.py,*/admin.py manage.py test
- coverage report --show-missing --fail-under=74
- coverage xml
coverage: '/^TOTAL.+?(\d+\%)$/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: /akap/coverage.xml
allow_failure: false
Mypy:
<<: *test-default
script:
- cd akap
- mypy --config mypy.ini ./
Django check:
<<: *test-default
script:
- cd akap
- python3 manage.py check aka fordring konto løntræk nedskrivning obligatorisk_pension rentenota udbytte
# Release stage
###############
.release-default:
stage: release
image: alpine
needs: ["Unittest", "Mypy", "Django check"]
dependencies: []
before_script:
# install skopeo
- apk add skopeo
Release image:
extends:
- .rules:semver-all
- .release-default
script:
- skopeo copy
--src-creds=${CI_REGISTRY_USER}:${CI_REGISTRY_PASSWORD}
--dest-creds=${RELEASE_REGISTRY_USER}:${RELEASE_REGISTRY_PASSWORD}
"docker://${IMAGE_SHA}"
"docker://${IMAGE_TAG}"
# Configure stage
#################
# We roll master out to test, so no need to update config
Configure test:
stage: configure
extends:
- .rules:semver-all
- .config:endpoint-with-tag
needs: ["Release image"]
variables:
# Matches routing in config-updater/config_updater/akap/main.py in salt repo
ENDPOINT: akap/salt/update-test
Configure production:
stage: configure
extends:
- .rules:semver-core
- .config:endpoint-with-tag
needs: ["Release image"]
variables:
# Matches routing in config-updater/config_updater/akap/main.py in salt repo
ENDPOINT: akap/salt/update-production
# Deploy stage
##############
Deploy test:
stage: deploy
when: manual
extends:
- .rules:semver-all
- .saltbert
needs: ["Release image", "Configure test"]
variables:
SALTBERT_ORCHESTRATION: groenland.aka_selvbetjening.service-test
SALTBERT_URL: https://saltmaster.groenland.magentahosted.dk
environment:
name: test
url: "https://test.akap.sullissivik.gl"
Deploy production:
stage: deploy
when: manual
extends:
- .rules:semver-core
- .saltbert
needs: ["Release image", "Configure production"]
variables:
SALTBERT_ORCHESTRATION: groenland.aka_selvbetjening.service-prod
SALTBERT_URL: https://saltmaster.groenland.magentahosted.dk
environment:
name: production
url: "https://akap.sullissivik.gl"