-
Notifications
You must be signed in to change notification settings - Fork 3
/
.gitlab-ci.yml
90 lines (81 loc) · 2.39 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
image: docker.slock.it/build-images/node:11-alpine
variables:
COMMIT_IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
RELEASE_IMAGE_TAG: $CI_REGISTRY_IMAGE:latest
stages:
- package
- analysis
- deploy
package-docker:
stage: package
tags:
- short-jobs
services:
- docker:dind
image: docker.slock.it/build-images/deployment
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build --build-arg NPM_REGISTRY_TOKEN=${NPM_REGISTRY_TOKEN} --build-arg CI_COMMIT_SHA=${CI_COMMIT_SHA} -t $COMMIT_IMAGE_TAG .
- docker tag $COMMIT_IMAGE_TAG $RELEASE_IMAGE_TAG
- docker push $RELEASE_IMAGE_TAG
- docker push $COMMIT_IMAGE_TAG
vulnerabilities:
stage: analysis
tags:
- short-jobs
dependencies:
- package-docker
allow_failure: true
image: docker.slock.it/build-images/vulnerability-testing-tools
script:
- export TRIVY_AUTH_URL=$CI_REGISTRY
- export TRIVY_USERNAME=gitlab-ci-token
- export TRIVY_PASSWORD=$CI_JOB_TOKEN
- trivy -f json -o vulnerability_analysis.json --exit-code 1 $COMMIT_IMAGE_TAG
artifacts:
when: on_failure
paths:
- vulnerability_analysis.json
# Deployment template
.deploy-tmpl:
stage: deploy
tags:
- short-jobs
only:
- /^v[0-9]+.[0-9]+.[0-9]+(\-RC[0-9]+)?$/
except:
- branches
when: manual
allow_failure: false
image: docker.slock.it/build-images/deployment
services:
- docker:dind
script:
- cd Deployment
- rancher -w up -f docker-compose.yml -d --prune -p -s in3-server-setup-wizard -c --force-upgrade
# Production deployments
deploy-to-rancher:
extends:
- .deploy-tmpl
deploy-to-dockerhub:
stage: deploy
when: manual
only:
- /^v[0-9]+.[0-9]+.[0-9]+(\-RC[0-9]+)?$/
except:
- branches
tags:
- short-jobs
services:
- docker:dind
image: docker.slock.it/build-images/deployment
variables:
IMAGE_TAG: slockit/in3-server-setup:$CI_COMMIT_SHA
before_script:
- docker login -u ${DOCKERHUB_USERNAME} -p ${DOCKERHUB_PASSWORD} ${DOCKERHUB_REGISTRY}
script:
- docker pull $CI_REGISTRY_IMAGE:latest || true
- docker build --cache-from $CI_REGISTRY_IMAGE:latest --build-arg NPM_REGISTRY_TOKEN=${NPM_REGISTRY_TOKEN} --build-arg CI_COMMIT_SHA=${CI_COMMIT_SHA} -t $IMAGE_TAG .
- docker push $IMAGE_TAG
- docker tag $IMAGE_TAG slockit/in3-server-setup:latest
- docker push slockit/in3-server-setup:latest