ngencerf-server/.gitlab-ci.yml at development · NGWPC/ngencerf-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
# GitLab CI/CD configuration file for Ngencerf Server repository
include:
  - template: Jobs/Container-Scanning.gitlab-ci.yml

stages:
  - build
  - unit_test
  - sonarqube
  - test
  - deploy

image: registry.sh.nextgenwaterprediction.com/infrastructure/docker/docker:latest

variables:
    DOCKER_IMAGE_NAME: $CI_REGISTRY_IMAGE
    DOCKER_IMAGE_TAG: $CI_COMMIT_REF_NAME

build:
  stage: build
  script:
    - echo "Preparing to build ${CI_PROJECT_NAME} docker images.. "
    - echo $GITLAB_TOKEN > ~/.gitlab_token
    - echo "Logging in to Gitlab Container Registry..."
    - echo $CI_JOB_TOKEN | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
    - echo "Building ${CI_PROJECT_NAME} docker image.. "
    - |
      if [[ -n "$CI_COMMIT_TAG" ]]; then
        docker compose build --no-cache --build-arg CREATE_INPUT_TAG="$CI_COMMIT_TAG" --build-arg RUN_SWE_TAG="$CI_COMMIT_TAG"
      else
        docker compose build --no-cache
      fi
    - docker tag $DOCKER_IMAGE_NAME:latest $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG
    - docker push $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG
    - echo "Building ${CI_PROJECT_NAME} Production docker image.. "
    - |
      if [[ -n "$CI_COMMIT_TAG" ]]; then
        docker compose -f production-pw.yaml build --no-cache --build-arg CREATE_INPUT_TAG="$CI_COMMIT_TAG" --build-arg RUN_SWE_TAG="$CI_COMMIT_TAG"
      else
        docker compose -f production-pw.yaml build --no-cache
      fi
    - docker tag $DOCKER_IMAGE_NAME:latest $DOCKER_IMAGE_NAME:prod
    - docker logout

unit-test:
  stage: unit_test
  image: $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG
  script:
    # TODO add unit tests when available
    - echo "Running Unit Tests..."

sonarqube:
  stage: sonarqube
  image:
    name: registry.sh.nextgenwaterprediction.com/infrastructure/sonar-scanner-cli/sonar-scanner-cli:5.0.1
    entrypoint: [""]
  variables:
    # Defines the location of the analysis task cache
    SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar"
    # Shallow cloning needs to be disabled.
    # See https://docs.sonarqube.org/latest/analysis/gitlab-cicd/.
    GIT_DEPTH: 0
  cache:
    key: "${CI_JOB_NAME}"
    paths:
      - .sonar/cache
  script:
    - sonar-scanner -X -Dsonar.verbose=true
  allow_failure: true # FIXME

container_scanning:
  stage: test
  needs:
    - build
  variables:
    SECURE_LOG_LEVEL: info
    CS_SEVERITY_THRESHOLD: UNKNOWN
    CS_IMAGE: $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG

container_scanning_prod:
  extends: container_scanning
  stage: test
  needs:
    - build
  variables:
    SECURE_LOG_LEVEL: info
    CS_SEVERITY_THRESHOLD: UNKNOWN
    CS_IMAGE: $DOCKER_IMAGE_NAME:prod

deploy:
  stage: deploy
  script:
    - echo "Logging in to Gitlab Container Registry to push the image..."
    - echo $CI_JOB_TOKEN | docker login -u $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
    - echo "Pushing to the docker registry"
    - docker tag $DOCKER_IMAGE_NAME:$DOCKER_IMAGE_TAG $DOCKER_IMAGE_NAME:latest
    - docker push $DOCKER_IMAGE_NAME:latest
    - docker push $DOCKER_IMAGE_NAME:prod
    - docker logout
  rules:
    - if: '$CI_COMMIT_BRANCH == "development"'