-
Notifications
You must be signed in to change notification settings - Fork 2
/
.gitlab-ci.yml
211 lines (196 loc) · 6.46 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
image: eclipse-temurin:21-jdk
variables:
ORG_GRADLE_PROJECT_ci: 'true'
CI_DEBUG_SERVICES: "true"
PROXY: $HTTPS_PROXY_HOST
AUTH_URL: $OIDC_URL_DEV/realms/$OIDC_REALM_DEV
# Verification (tests and code analysis) is unnecessary on 'develop' &
# 'master', because only verified MRs can be merged into those branches.
.verification:
rules:
- if: $CI_COMMIT_BRANCH == "master"
when: never
- if: $CI_COMMIT_BRANCH == "develop"
when: never
- when: on_success
stages:
- build
- check
- docker_image
- integration_test
- deployment
workflow:
rules:
- if: $CI_MERGE_REQUEST_ID
when: never
- when: always
before_script:
- GRADLE_USER_HOME="$(pwd)/.gradle"
- export GRADLE_USER_HOME
build:
stage: build
rules:
- when: on_success
script:
- env
- ./gradlew -i -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME build -x check
- echo "PROJECT_VERSION=$(./gradlew -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME -q properties --property version| awk '/^version:/ {print $2}')" >> variables.env
interruptible: true
artifacts:
expire_in: 1 week
reports:
dotenv: variables.env
paths:
- veo-rest/build/libs
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: push
test:
stage: check
rules:
- !reference [.verification, rules]
script: ./gradlew -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME -i test
interruptible: true
services:
- name: postgres:13.14-alpine
alias: db
variables:
POSTGRES_USER: test
POSTGRES_PASSWORD: test
variables:
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/postgres
SPRING_DATASOURCE_DRIVERCLASSNAME: org.postgresql.Driver
SPRING_RABBITMQ_HOST: $RABBITMQ_HOST
SPRING_RABBITMQ_USERNAME: $RABBITMQ_USERNAME
SPRING_RABBITMQ_PASSWORD: $RABBITMQ_PASSWORD
VEO_MESSAGE_ROUTINGKEYPREFIX: "VEO_TEST_PIPELINE_${CI_PIPELINE_ID}."
VEO_MESSAGE_QUEUES_VEO: "VEO_TEST_${CI_PIPELINE_ID}"
VEO_MESSAGE_QUEUES_VEOSUBSCRIPTIONS: "VEO_TEST_VEOSUBSCRIPTIONS_${CI_PIPELINE_ID}"
artifacts:
when: always
reports:
junit: '*/build/test-results/test/**/TEST-*.xml'
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: pull
check:
stage: check
rules:
- !reference [ .verification, rules ]
script:
- ./gradlew -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME -i check -x test
interruptible: true
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: pull
docker_image:
stage: docker_image
needs:
- build
rules:
- when: on_success
image:
name: gcr.io/kaniko-project/executor:v1.23.2-debug
entrypoint: [""]
variables:
IMAGE_NAME: eu.gcr.io/veo-projekt/veo
# this does not work in Gitlab < 15.7, so we need the before_script workaround
# GOOGLE_APPLICATION_CREDENTIALS: $GCR_ACCESS_TOKEN
before_script:
- export GOOGLE_APPLICATION_CREDENTIALS=${GCR_ACCESS_TOKEN}
script:
- |-
DESTINATION_ARG="--destination $IMAGE_NAME:git-${CI_COMMIT_SHA} --destination $IMAGE_NAME:pipeline-id-${CI_PIPELINE_ID}"
if [ -n "$CI_COMMIT_TAG" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:$CI_COMMIT_TAG";
if [ "$CI_COMMIT_REF_NAME" = "main" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:latest"; fi;
fi;
if [ "$CI_COMMIT_REF_NAME" = "develop" ]; then export DESTINATION_ARG="$DESTINATION_ARG --destination $IMAGE_NAME:develop"; fi;
- /kaniko/executor
--cache=true
--cache-copy-layers
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
$DESTINATION_ARG
--build-arg VEO_VERSION="${PROJECT_VERSION}"
--label org.opencontainers.image.version="${PROJECT_VERSION}"
--label org.opencontainers.image.revision=${CI_COMMIT_SHA}
interruptible: true
http_rest_tests:
needs:
- docker_image
stage: integration_test
rules:
- !reference [ .verification, rules ]
services:
- name: postgres:13.14-alpine
alias: db
variables:
POSTGRES_PASSWORD: test
POSTGRES_USER: test
- name: eu.gcr.io/veo-projekt/veo:pipeline-id-${CI_PIPELINE_ID}
alias: veo
variables:
JDK_JAVA_OPTIONS: -Dhttp.proxyHost=$PROXY -Dhttp.proxyPort=3128 -Dhttps.proxyHost=$PROXY -Dhttps.proxyPort=3128 -Dhttps.proxySet=true
LOGGING_LEVEL_ROOT: WARN
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/postgres
SPRING_DATASOURCE_USERNAME: test
SPRING_DATASOURCE_PASSWORD: test
SPRING_JACKSON_DESERIALIZATION_FAIL_ON_UNKNOWN_PROPERTIES: 'true'
SPRING_PROFILES_ACTIVE: background-tasks, plain-logging
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_ISSUER_URI: $AUTH_URL
SPRING_SECURITY_OAUTH2_RESOURCESERVER_JWT_JWK_SET_URI: $AUTH_URL/protocol/openid-connect/certs
VEO_CORS_ORIGINS: https://*.verinice.example, https://frontend.somewhereelse.example
VEO_DEFAULT_DOMAINTEMPLATE_NAMES: DS-GVO,test-domain
VEO_ETAG_SALT: zuL4Q8JKdy
variables:
FF_NETWORK_PER_BUILD: 1
SPRING_DATASOURCE_URL: jdbc:postgresql://db:5432/postgres
SPRING_RABBITMQ_HOST: $RABBITMQ_HOST
SPRING_RABBITMQ_PASSWORD: $RABBITMQ_PASSWORD
SPRING_RABBITMQ_USERNAME: $RABBITMQ_USERNAME
VEO_MESSAGE_CONSUME_AUTODELETE: 'true'
VEO_MESSAGE_QUEUES_VEO: VEO_REST_TEST_VEO_PIPELINE_${CI_PIPELINE_ID}
VEO_MESSAGE_QUEUES_VEOSUBSCRIPTIONS: VEO_REST_TEST_VEOSUBSCRIPTIONS_PIPELINE_${CI_PIPELINE_ID}
VEO_MESSAGE_ROUTINGKEYPREFIX: VEO_REST_TEST_PIPELINE_${CI_PIPELINE_ID}.
VEO_RESTTEST_BASEURL: http://veo:8070
VEO_RESTTEST_CLIENTID: $OIDC_CLIENT_DEV
VEO_RESTTEST_OIDCURL: $OIDC_URL_DEV
VEO_RESTTEST_PROXYHOST: $PROXY
VEO_RESTTEST_REALM: $OIDC_REALM_DEV
script:
- ./gradlew -i -Dhttp.nonProxyHosts="localhost|veo" -PciBuildNumber=$CI_PIPELINE_ID -PciJobName=$CI_PROJECT_NAME/$CI_COMMIT_REF_NAME restTest
interruptible: true
artifacts:
when: always
reports:
junit: veo-rest/build/test-results/restTest/*.xml
cache:
- key: gradle
paths:
- .gradle
- key: $CI_PROJECT_PATH
paths:
- build
policy: pull
trigger_deployment:
stage: deployment
only:
- develop
- main
trigger:
project: veo/verinice-veo-deployment