.gitlab-ci.yml 2.82 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12
variables:
    DOCKER_HOST: "tcp://docker-dind.gitlab:2375"
    POSTGRES_ENABLED: "false"
    CODE_QUALITY_DISABLED: "true"
    CONTAINER_SCANNING_DISABLED: "true"
    DAST_DISABLED: "true"
    DEPENDENCY_SCANNING_DISABLED: "true"
    LICENSE_MANAGEMENT_DISABLED: "true"
    PERFORMANCE_DISABLED: "true"
    SAST_DISABLED: "true"
    TEST_DISABLED: "true"

Dominik Hebeler's avatar
Dominik Hebeler committed
13 14
include:
  - template: Jobs/Build.gitlab-ci.yml
Dominik Hebeler's avatar
Dominik Hebeler committed
15
  - template: Jobs/Deploy.gitlab-ci.yml
Dominik Hebeler's avatar
Dominik Hebeler committed
16

17 18
stages:
  - prepare
Dominik Hebeler's avatar
Dominik Hebeler committed
19
  - build
Dominik Hebeler's avatar
Dominik Hebeler committed
20 21 22 23 24 25 26 27 28 29
  - deploy  # dummy stage to follow the template guidelines
  - review
  - dast
  - staging
  - canary
  - production
  - incremental rollout 10%
  - incremental rollout 25%
  - incremental rollout 50%
  - incremental rollout 100%
Dominik Hebeler's avatar
Dominik Hebeler committed
30 31 32
  - performance
  - cleanup

33

Dominik Hebeler's avatar
Dominik Hebeler committed
34 35 36
build:
  services:

37
# Prepares the secret files that we cannot or don't want to share with public
38 39 40 41 42 43 44
prepare_secrets:
  stage: prepare
  image: alpine:latest
  script: 
    - cp $ENVFILE .env
    - cp $SUMAS config/sumas.json
    - cp $SUMASEN config/sumasEn.json
Dominik Hebeler's avatar
Dominik Hebeler committed
45 46 47 48 49 50
    - cp $BLACKLISTURL config/blacklistUrl.txt
    - cp $BLACKLISTDOMAINS config/blacklistDomains.txt
    - cp $ADBLACKLISTURL config/adBlacklistUrl.txt
    - cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
    - cp $SPAM config/spam.txt
    - cp $USERSSEEDER database/seeds/UsersSeeder.php
51
    - sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
52 53 54 55
  artifacts:
    paths:
      - .env
      - config/sumas.json
Dominik Hebeler's avatar
Dominik Hebeler committed
56 57 58 59 60 61 62 63 64
      - config/sumasEn.json
      - config/blacklistUrl.txt
      - config/blacklistDomains.txt
      - config/adBlacklistUrl.txt
      - config/adBlacklistDomains.txt
      - config/spam.txt
      - database/seeds/UsersSeeder.php
  only:
    - branches
65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86
    - tags

prepare_node:
  stage: prepare
  image: node:10
  before_script:
    - npm install
  script:
    - npm run prod
  artifacts:
    paths:
      - public/js/
      - public/css/
  cache:
    # Cache per Branch
    key: "node-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
    paths:
      - node_modules
  only:
    - branches
    - tags

Dominik Hebeler's avatar
Dominik Hebeler committed
87 88 89 90 91 92 93 94 95 96 97
prepare_composer:
  stage: prepare
  image: prooph/composer:7.3
  script:
    - composer install
  artifacts:
    paths:
      - vendor
  cache:
    key: "composer-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
    paths:
Dominik Hebeler's avatar
Dominik Hebeler committed
98 99 100 101 102 103 104 105 106 107 108 109 110
      - vendor

review:
  variables:
    HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.tls.enabled=false --set ingress.annotations.kubernetes\.io/tls-acme="false" --set ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect="false"
    ROLLOUT_RESOURCE_TYPE: deployment
    
production:
  variables:
    HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.annotations.certmanager\.k8s\.io/cluster-issuer=letsencrypt-prod
    ROLLOUT_RESOURCE_TYPE: deployment
  environment:
    url: https://metager.de