.gitlab-ci.yml 4.24 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12
variables:
    DOCKER_HOST: "tcp://docker-dind.gitlab:2375"
    POSTGRES_ENABLED: "false"
    CODE_QUALITY_DISABLED: "true"
    CONTAINER_SCANNING_DISABLED: "true"
    DAST_DISABLED: "true"
    DEPENDENCY_SCANNING_DISABLED: "true"
    LICENSE_MANAGEMENT_DISABLED: "true"
    PERFORMANCE_DISABLED: "true"
    SAST_DISABLED: "true"
    TEST_DISABLED: "true"

Dominik Hebeler's avatar
Dominik Hebeler committed
13 14
include:
  - template: Jobs/Build.gitlab-ci.yml
15
  - template: Jobs/Deploy.gitlab-ci.yml
Dominik Hebeler's avatar
Dominik Hebeler committed
16

17 18
stages:
  - prepare
Dominik Hebeler's avatar
Dominik Hebeler committed
19
  - build
20 21 22 23 24
  - deploy  # dummy stage to follow the template guidelines
  - review
  - dast
  - staging
  - canary
25
  - development
26 27 28 29 30
  - production
  - incremental rollout 10%
  - incremental rollout 25%
  - incremental rollout 50%
  - incremental rollout 100%
31 32 33
  - performance
  - cleanup

34

Dominik Hebeler's avatar
Dominik Hebeler committed
35 36 37
build:
  services:

38
# Prepares the secret files that we cannot or don't want to share with public
39 40 41 42 43 44 45
prepare_secrets:
  stage: prepare
  image: alpine:latest
  script: 
    - cp $ENVFILE .env
    - cp $SUMAS config/sumas.json
    - cp $SUMASEN config/sumasEn.json
Dominik Hebeler's avatar
Dominik Hebeler committed
46 47 48 49 50 51
    - cp $BLACKLISTURL config/blacklistUrl.txt
    - cp $BLACKLISTDOMAINS config/blacklistDomains.txt
    - cp $ADBLACKLISTURL config/adBlacklistUrl.txt
    - cp $ADBLACKLISTDOMAINS config/adBlacklistDomains.txt
    - cp $SPAM config/spam.txt
    - cp $USERSSEEDER database/seeds/UsersSeeder.php
52
    - cp database/useragents.sqlite.example database/useragents.sqlite
53
    - sed -i 's/^REDIS_PASSWORD=.*/REDIS_PASSWORD=null/g' .env
54 55 56 57
  artifacts:
    paths:
      - .env
      - config/sumas.json
Dominik Hebeler's avatar
Dominik Hebeler committed
58 59 60 61 62 63 64
      - config/sumasEn.json
      - config/blacklistUrl.txt
      - config/blacklistDomains.txt
      - config/adBlacklistUrl.txt
      - config/adBlacklistDomains.txt
      - config/spam.txt
      - database/seeds/UsersSeeder.php
65
      - database/useragents.sqlite
Dominik Hebeler's avatar
Dominik Hebeler committed
66 67
  only:
    - branches
68 69 70 71 72 73 74 75 76 77 78 79 80
    - tags

prepare_node:
  stage: prepare
  image: node:10
  before_script:
    - npm install
  script:
    - npm run prod
  artifacts:
    paths:
      - public/js/
      - public/css/
Dominik Hebeler's avatar
Dominik Hebeler committed
81
      - public/mix-manifest.json
82 83 84 85 86 87 88 89 90
  cache:
    # Cache per Branch
    key: "node-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
    paths:
      - node_modules
  only:
    - branches
    - tags

Dominik Hebeler's avatar
Dominik Hebeler committed
91 92 93 94 95 96 97 98 99 100 101
prepare_composer:
  stage: prepare
  image: prooph/composer:7.3
  script:
    - composer install
  artifacts:
    paths:
      - vendor
  cache:
    key: "composer-$CI_JOB_STAGE-$CI_COMMIT_REF_SLUG"
    paths:
102 103 104 105 106 107
      - vendor

review:
  variables:
    HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.tls.enabled=false --set ingress.annotations.kubernetes\.io/tls-acme="false" --set ingress.annotations.nginx\.ingress\.kubernetes\.io/ssl-redirect="false"
    ROLLOUT_RESOURCE_TYPE: deployment
108 109 110 111 112 113 114
  except:
    refs:
      - master
      - development
    variables:
      - $REVIEW_DISABLED

115 116 117 118 119 120 121
stop_review:
  except:
    refs:
      - master
      - development
    variables:
      - $REVIEW_DISABLED
122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160

.development: &development_template
  extends: .auto-deploy
  stage: development
  script:
    - auto-deploy check_kube_domain
    - auto-deploy download_chart
    - auto-deploy ensure_namespace
    - auto-deploy initialize_tiller
    - auto-deploy create_secret
    - auto-deploy deploy
    - auto-deploy delete canary
    - auto-deploy delete rollout
    - auto-deploy persist_environment_url
  environment:
    name: development
    url: https://$CI_PROJECT_PATH_SLUG.$KUBE_INGRESS_BASE_DOMAIN
  artifacts:
    paths: [environment_url.txt]

development:
  <<: *development_template
  only:
    refs:
      - development
    kubernetes: active
  variables:
    HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.annotations.certmanager\.k8s\.io/cluster-issuer=letsencrypt-prod
    ROLLOUT_RESOURCE_TYPE: deployment
  environment:
    name: development
    url: https://metager3.de
  except:
    variables:
      - $STAGING_ENABLED
      - $CANARY_ENABLED
      - $INCREMENTAL_ROLLOUT_ENABLED
      - $INCREMENTAL_ROLLOUT_MODE

161 162 163 164 165 166 167
    
production:
  variables:
    HELM_UPGRADE_EXTRA_ARGS: --set service.externalPort=80 --set service.internalPort=80 --set service.commonName= --set ingress.annotations.certmanager\.k8s\.io/cluster-issuer=letsencrypt-prod
    ROLLOUT_RESOURCE_TYPE: deployment
  environment:
    url: https://metager.de