ComposeGL/.gitlab-ci.yml at master · karmakrafts/ComposeGL · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
workflow:
  auto_cancel:
    on_new_commit: interruptible
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
    - if: $CI_PIPELINE_SOURCE == "push"
    - if: $CI_PIPELINE_SOURCE == "schedule"

stages:
  - build
  - security
  - publish

variables:
  GRADLE_OPTS: -Dorg.gradle.daemon=false

# ------------------------------ Conditions

.if-merge-request-or-main: &if-merge-request-or-main
  - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
  - if: $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
  - if: $CI_PIPELINE_SOURCE == "schedule"
    when: never

.if-main: &if-main
  - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
  - if: $CI_PIPELINE_SOURCE == "schedule"
    when: never

.if-release: &if-release
  - if: '$CI_COMMIT_TAG =~ /^\d+.\d+.\d+.*/'
  - if: $CI_PIPELINE_SOURCE == "schedule"
    when: never

# ------------------------------ Security

security:
  stage: security
  interruptible: true
  needs: [ ]
  variables:
    TRIVY_CACHE_DIR: ".trivycache/"
  cache:
    paths:
      - .trivycache/
  rules:
    - if: $CI_PIPELINE_SOURCE == "merge_request_event"
      allow_failure: true
    - if: '$CI_COMMIT_TAG =~ /^\d+.\d+.\d+.*/'
      allow_failure: false
    - if: $CI_PIPELINE_SOURCE == "schedule"
      allow_failure: false
  artifacts:
    when: always
    reports:
      dependency_scanning: report.json
  script:
    - trivy repo ./ --exit-code 0
    - trivy repo ./ --exit-code 0 --format template --template "@/contrib/gitlab.tpl" --output report.json
    - trivy repo ./ --exit-code 1 --severity CRITICAL
  tags:
    - linux

# ------------------------------ Build

build:
  stage: build
  interruptible: true
  rules:
    - *if-merge-request-or-main
  script:
    - ./gradlew clean build --stacktrace
  tags:
    - macos

# ------------------------------ Publish

publish-gitlab:
  stage: publish
  rules:
    - *if-main
    - *if-release
  script:
    - ./gradlew publishAllPublicationsToGitLabRepository
  tags:
    - macos

publish-central:
  stage: publish
  rules:
    - *if-main
    - *if-release
  script:
    - ./gradlew publishToSonatype closeAndReleaseStagingRepositories
  tags:
    - macos

publish-documentation:
  stage: publish
  rules:
    - *if-release
  script:
    - ./gradlew -DpublishDocs.root=/var/www/docs/composegl publishDocs
  tags:
    - linux