flask-azure-oauth/.gitlab-ci.yml at master · malleum-inc/flask-azure-oauth · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---

# == Notes ==

# - GitLab automatically passes artifacts from previous stages by default
# - Set required secret variables at: https://gitlab.data.bas.ac.uk/web-apps/flask-extensions/flask-azure-oauth/-/settings/ci_cd

# = Secret variables
# - Variables are grouped by section in KEY: "value" format (e.g. FOO: "bar")
#   Sensitive values are represented by "[Sensitive]"
#
# - PyPi (production) - create tokens at https://pypi.org/manage/account/
# > PYPI_TOKEN (protected): "[Sensitive]"
#
# - PyPi (staging) - create tokens at https://test.pypi.org/manage/account/
# > PYPI_TEST_TOKEN (protected): "[Sensitive]"

# == Global settings ==

stages:
  - 💥 setup
  - 🧪 test
  - 📦 package
  - 🚚 publish

variables:
  APP_NAME: flask-azure-oauth

image:
  name: docker-registry.data.bas.ac.uk/web-apps/flask-extensions/flask-azure-oauth:latest
  entrypoint: [""]

# == Jobs ==

version:
  stage: 💥 setup
  image:
    name: docker-registry.data.bas.ac.uk/magic/infrastructure/python-version-parser:latest
    entrypoint: [""]
  before_script:
    - "python3 /usr/src/app/python_version_parser $(git describe --tags) > _version && export VERSION=$(cat _version)"
    - "export VERSION=${VERSION:-0.0.0}"
  script:
    - 'echo $VERSION'
    - 'echo "VERSION=$VERSION" >> build.env'
  needs: []
  artifacts:
    reports:
      dotenv: build.env

tests:
  stage: 🧪 test
  before_script:
    - "cp support/python-tests-junit/tests.py ./"
  script:
    - "python ./tests.py"
  needs: []
  artifacts:
    reports:
      junit: test-results.xml

black:
  stage: 🧪 test
  script:
    - "black --check flask_azure_oauth/"
  needs: []

bandit:
  stage: 🧪 test
  script:
    - "bandit -r ."
  needs: []

package:
  stage: 📦 package
  script:
    - "poetry version $VERSION"
    - 'poetry build'
  needs:
    - job: tests
    - job: version
      artifacts: true
  artifacts:
    paths:
      - dist
    expire_in: 1 week

pypi-testing:
  stage: 🚚 publish
  before_script:
    - "poetry config pypi-token.pypi-testing $PYPI_TEST_TOKEN --local"
  script:
    - "poetry version $VERSION"
    - "poetry publish --repository pypi-testing --no-interaction"
  needs:
    - job: version
      artifacts: true
    - job: package
      artifacts: true
  only:
    - master
  environment:
    name: staging
    url: https://test.pypi.org/project/flask-azure-oauth/

pypi:
  stage: 🚚 publish
  before_script:
    - "poetry config pypi-token.pypi $PYPI_TOKEN --local"
    - "poetry version $VERSION"
  script:
    - "poetry publish --repository pypi --no-interaction"
  needs:
    - job: version
      artifacts: true
    - job: package
      artifacts: true
  only:
    - tags
  environment:
    name: production
    url: https://pypi.org/project/flask-azure-oauth/