-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
105 lines (93 loc) · 2.54 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
image: docker:20.10.7
variables:
CONTAINER_TEST_IMAGE: $CI_REGISTRY_IMAGE/redpot:$CI_COMMIT_REF_SLUG-$CI_COMMIT_SHORT_SHA
CONTAINER_RELEASE_IMAGE: $CI_REGISTRY_IMAGE/redpot:latest
# only run bandit (for now)
SAST_EXCLUDED_ANALYZERS: "eslint,semgrep"
stages:
- build
- test
- lint
- release
- staging
- production
build:
stage: build
services:
- docker:20.10.7-dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $CONTAINER_RELEASE_IMAGE || true
- docker build --cache-from $CONTAINER_RELEASE_IMAGE --tag $CONTAINER_TEST_IMAGE .
- docker push $CONTAINER_TEST_IMAGE
pytest:
stage: test
image: $CONTAINER_TEST_IMAGE
script:
# XMLRunner to generate results for gitlab
- coverage run manage.py test --noinput
after_script:
# must be in the after section to be run even if tests fail
- coverage xml
# text output to capture the total
- coverage report
artifacts:
when: always
reports:
junit: test_results.xml
cobertura: coverage.xml
services:
- name: mcr.microsoft.com/mssql/server:2019-latest
alias: mssql
variables:
# MSSQL config
MSSQL_SA_PASSWORD: Test@only
ACCEPT_EULA: Y
missing-migration-check:
stage: test
image: $CONTAINER_TEST_IMAGE
script:
- python manage.py makemigrations --check --dry-run --settings redpot.migration_check_settings
allow_failure: true
include:
- template: Security/SAST.gitlab-ci.yml
python-safety:
stage: lint
needs: []
image: pipelinecomponents/python-safety:latest
script:
- safety check --full-report -r requirements.txt
release-image:
stage: release
services:
- docker:20.10.7-dind
script:
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $CONTAINER_TEST_IMAGE
- docker tag $CONTAINER_TEST_IMAGE $CONTAINER_RELEASE_IMAGE
- docker push $CONTAINER_RELEASE_IMAGE
only:
- master
.deploy:
script:
- export REDPOT_IMAGE=$CONTAINER_TEST_IMAGE
- export SETTINGS_TIMESTAMP=$(date +%s)
- cp $SECRETS_FILE secrets.env
- docker stack deploy --compose-file ./docker/docker-compose.prod.yml $DOCKER_STACK_NAME
# Poll the stack in order to log and fail on service rollbacks
- ./docker/docker-stack-wait.sh $DOCKER_STACK_NAME
deploy-staging:
stage: staging
extends: .deploy
environment: staging
tags:
- django-staging
deploy-production:
stage: production
extends: .deploy
environment: production
tags:
- django-production
only:
- master
when: manual