-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
95 lines (89 loc) · 2.17 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
stages:
- test
- build
- deploy
variables:
SAST_IMAGE_SUFFIX: "-fips"
BASE_IMAGE: "alpine:3.18.4"
DOCKER_DIND_IMAGE: "docker:24.0.7-dind"
IMAGE_NAME: "$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG"
PLATFORMS: linux/amd64,linux/arm64
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml
- template: Jobs/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Jobs/Code-Quality.gitlab-ci.yml
test-lint:
stage: test
image: node:current-alpine
cache:
- paths:
- node_modules/
- .yarn
before_script:
- yarn config set cache-folder .yarn
- yarn install --frozen-lockfile
script:
- yarn lint
- yarn prettier
needs: []
test-tests:
stage: test
image: node:current-alpine
cache:
- paths:
- node_modules/
- .yarn
before_script:
- yarn config set cache-folder .yarn
- yarn install --frozen-lockfile
script:
- yarn test:ci
coverage: '/All files[^|]*\|[^|]*\s+([\d\.]+)/'
artifacts:
when: always
reports:
junit:
- junit.xml
needs: []
build-push:
stage: build
services:
- "$DOCKER_DIND_IMAGE"
image: "$DOCKER_DIND_IMAGE"
before_script:
- docker run --rm --privileged tonistiigi/binfmt
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" "$CI_REGISTRY"
script:
- docker buildx create --use
- docker buildx build
--platform "$PLATFORMS"
--build-arg BASE_IMAGE=$BASE_IMAGE
--file Dockerfile
--tag "$IMAGE_NAME"
--provenance=false
--push
.
only:
- branches
- tags
needs: ["test-lint", "test-tests"]
publish-content:
stage: deploy
image: alpine:latest
before_script:
- "command -v ssh-agent >/dev/null || ( apk add --update openssh )"
- eval $(ssh-agent -s)
- echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- ssh $SSH_USER@$SSH_HOST "docker compose pull website && docker compose up -d website && exit"
only:
- beep
environment:
name: production
url: https://777.tf
needs: ["build-push"]