Skip to content

Commit

Permalink
Merge pull request #468 from reactioncommerce/ci-fix
Browse files Browse the repository at this point in the history 
chore: fix/update CI config
  • Loading branch information
@aldeed
aldeed authored Nov 26, 2019
2 parents 1508ad4 + 88868af commit 0e72bdd
Show file tree
Hide file tree
Showing 4 changed files with 94 additions and 248 deletions.
50 changes: 0 additions & 50 deletions .circleci/bin/docker-tags
View file

This file was deleted.

252 changes: 76 additions & 176 deletions .circleci/config.yml
View file
Original file line number Diff line number Diff line change
@@ -1,196 +1,100 @@
# This CircleCI configuration uses workflows to fan-out to multiple jobs. The
# workflow is Dockerized. The first job builds the Docker image which is used
# in all future steps.
#
# Assumes that the Docker image is published to Docker Hub.
version: 2

# The following stanza defines a map named defaults with a variable that may be
# inserted using the YAML merge (<<: *) key later in the file to save some
# typing. See http://yaml.org/type/merge.html for details.
defaults: &defaults
environment:
- DOCKER_REPOSITORY: "reactioncommerce/styleguide"
- DOCKER_NAMESPACE: "reactioncommerce"
- DOCKER_NAME: "styleguide"

CI_SCRIPTS: 'npx --quiet --package @reactioncommerce/[email protected]'
DOCKER_REPOSITORY: "reactioncommerce/styleguide"
DOCKER_NAMESPACE: "reactioncommerce"
DOCKER_NAME: "styleguide"
docker:
- image: circleci/node:8-stretch
- image: circleci/node:8.11.4-stretch

jobs:
docker-build:
install-dependencies:
<<: *defaults
steps:
- checkout
- setup_remote_docker
- run:
name: Discover Docker Tags
command: |
mkdir -p docker-cache
.circleci/bin/docker-tags "$CIRCLE_SHA1" "$CIRCLE_BRANCH" \
> docker-cache/docker-tags.txt
cat docker-cache/docker-tags.txt
- restore_cache:
keys:
- node-modules-v3-{{ checksum "package.json" }}-{{ checksum "yarn.lock" }}
- node-modules-v3-{{ .Branch }}
- run:
name: Docker Build
command: |
docker build \
--build-arg "BUILD_COMPARE_URL=$CIRCLE_COMPARE_URL" \
--build-arg "BUILD_DATE=$(date -u '+%Y-%m-%dT%H:%M:%SZ')" \
--build-arg "BUILD_ENV=test" \
--build-arg "BUILD_NUMBER=$CIRCLE_BUILD_NUM" \
--build-arg "BUILD_PLATFORM=circleci" \
--build-arg "BUILD_PLATFORM_PROJECT_REPONAME=$CIRCLE_PROJECT_REPONAME" \
--build-arg "BUILD_PLATFORM_PROJECT_USERNAME=$CIRCLE_PROJECT_USERNAME" \
--build-arg "BUILD_PULL_REQUESTS=$CI_PULL_REQUESTS" \
--build-arg "BUILD_TRIGGERED_BY_TAG=$CIRCLE_TAG" \
--build-arg "BUILD_URL=$CIRCLE_BUILD_URL" \
--build-arg "CIRCLE_WORKFLOW_ID=$CIRCLE_WORKFLOW_ID" \
--build-arg "CIRCLE_WORKFLOW_JOB_ID=$CIRCLE_WORKFLOW_JOB_ID" \
--build-arg "CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS=$CIRCLE_WORKFLOW_UPSTREAM_JOB_IDS" \
--build-arg "CIRCLE_WORKSPACE_ID=$CIRCLE_WORKSPACE_ID" \
--build-arg "GIT_REPOSITORY_URL=$CIRCLE_REPOSITORY_URL" \
--build-arg "GIT_SHA1=$CIRCLE_SHA1" \
--build-arg "LICENSE=Apache-2.0" \
--build-arg "VCS_REF=$CIRCLE_SHA1" \
--build-arg "VENDOR=Reaction Commerce" \
-t "$DOCKER_REPOSITORY:$CIRCLE_SHA1" .
mkdir -p docker-cache
docker save \
-o docker-cache/docker-image.tar \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1"
name: Install Style Guide NPM dependencies
command: yarn install
- run:
name: Save Test .env for Workspace Jobs
command: cp .env.example docker-cache/.env
- persist_to_workspace:
root: docker-cache
name: Install Package NPM dependencies
command: cd package && yarn install
- save_cache:
key: node-modules-v3-{{ checksum "package.json" }}-{{ checksum "yarn.lock" }}
paths:
- node_modules
- save_cache:
key: node-modules-v3-{{ .Branch }}
paths:
- docker-image.tar
- docker-tags.txt
- .env
- node_modules
- save_cache:
key: node-modules-package-v3-{{ checksum "package/package.json" }}-{{ checksum "package/yarn.lock" }}
paths:
- package/node_modules
- save_cache:
key: node-modules-package-v3-{{ .Branch }}
paths:
- package/node_modules

docker-push:
dockerfile-lint:
<<: *defaults
steps:
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
command: |
docker load < docker-cache/docker-image.tar
- run:
name: Tag Docker Image
command: |
cat docker-cache/docker-tags.txt \
| xargs -t -I % \
docker tag \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
"$DOCKER_REPOSITORY:%"
- run:
# Creates a new Docker repository. This is not strictly required if
# the Docker Hub defaults are set appropriately.
name: Create Private Docker Hub Repository
command: |
# Fetch a login token from environment credentials.
TOKEN=$(curl \
-H "Content-Type: application/json" \
-X POST \
-d "{\"username\":\"$DOCKER_USER\",\"password\":\"$DOCKER_PASS\"}" \
-s \
https://hub.docker.com/v2/users/login/ \
| jq -r .token)
# Try to create the private repo. It exits with success on fail.
curl \
-H "Authorization: JWT $TOKEN" \
-H "Content-Type: application/json" \
-d "{\"namespace\":\"$DOCKER_NAMESPACE\",
\"name\":\"$DOCKER_NAME\",
\"description\":\"$DESCRIPTION\",
\"full_description\":\"\",
\"is_private\":false}" \
https://hub.docker.com/v2/repositories/
- checkout
- setup_remote_docker:
docker_layer_caching: true
- run:
name: Docker Push
command: |
docker login -u "$DOCKER_USER" -p "$DOCKER_PASS"
docker push "$DOCKER_REPOSITORY:$CIRCLE_SHA1"
cat docker-cache/docker-tags.txt \
| xargs -t -I % \
docker push "$DOCKER_REPOSITORY:%"
name: Lint Dockerfiles
command: ${CI_SCRIPTS} lint-dockerfiles

lint:
eslint:
<<: *defaults
steps:
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
command: |
docker load < docker-cache/docker-image.tar
- checkout
- restore_cache:
keys:
- node-modules-v3-{{ checksum "package.json" }}-{{ checksum "yarn.lock" }}
- node-modules-v3-{{ .Branch }}
- restore_cache:
keys:
- node-modules-package-v3-{{ checksum "package/package.json" }}-{{ checksum "package/yarn.lock" }}
- node-modules-package-v3-{{ .Branch }}
- run:
name: Lint
command: |
docker run \
--env-file docker-cache/.env \
--name reactionapp_web_1 \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
yarn run lint
name: Lint JavaScript
command: yarn run lint

test:
<<: *defaults
steps:
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
command: |
docker load < docker-cache/docker-image.tar
- run:
name: Test
command: |
docker run \
--env-file docker-cache/.env \
--name reactionapp_web_1 \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
yarn run test
- checkout
- restore_cache:
keys:
- node-modules-v3-{{ checksum "package.json" }}-{{ checksum "yarn.lock" }}
- node-modules-v3-{{ .Branch }}
- restore_cache:
keys:
- node-modules-package-v3-{{ checksum "package/package.json" }}-{{ checksum "package/yarn.lock" }}
- node-modules-package-v3-{{ .Branch }}
- run:
name: Copy test artifacts from Remote Docker
command: |
docker cp \
reactionapp_web_1:/usr/local/src/reaction-app/reports \
reports
- store_test_results:
path: reports/junit
- store_artifacts:
path: reports
name: Run Unit Tests
command: yarn run test -w 1

snyk-security:
docker-build-push:
<<: *defaults
steps:
- setup_remote_docker
- attach_workspace:
at: docker-cache
- run:
name: Load Docker Image
command: |
docker load < docker-cache/docker-image.tar
- checkout
- setup_remote_docker:
docker_layer_caching: true
- run:
name: Snyk
command: |
# Snyk doesn't look up the directory tree for node_modules as
# NodeJS does so we have to take some extra measures to test in the
# Docker image. Copy package.json up a directory so that it is a
# sibling to node_modules, then run snyk test.
docker run \
--env-file docker-cache/.env \
-e "SNYK_TOKEN=$SNYK_TOKEN" \
--name reactionapp_web_1 \
"$DOCKER_REPOSITORY:$CIRCLE_SHA1" \
sh -c "snyk test"
name: Build and push production Docker image
command: ${CI_SCRIPTS} docker-build-tag-push . ${DOCKER_REPOSITORY}

publish-npm-package:
docker:
Expand All @@ -212,30 +116,26 @@ workflows:
version: 2
build_and_test:
jobs:
- docker-build:
context: reaction-build-read
- docker-push:
context: reaction-publish-docker
requires:
- docker-build
- lint:
context: reaction-validation
- install-dependencies
- dockerfile-lint
- eslint:
requires:
- docker-build
- install-dependencies
- test:
context: reaction-validation
requires:
- docker-build
- snyk-security:
context: reaction-validation
- install-dependencies
- docker-build-push:
context: reaction-publish-docker
requires:
- docker-build
- dockerfile-lint
- eslint
- test
- publish-npm-package:
context: reaction-publish-semantic-release
requires:
- lint
- dockerfile-lint
- eslint
- test
- snyk-security
filters:
branches:
only: master
1 change: 1 addition & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -76,6 +76,7 @@ COPY --chown=node . $APP_SOURCE_DIR
# The project directory will be mounted during development. Therefore, we'll
# install dependencies into an external directory (one level up.) This works
# because Node traverses up the fs to find node_modules.
# hadolint ignore=DL3003
RUN set -ex; \
if [ "$BUILD_ENV" = "production" ]; then \
yarn install \
Expand Down
Loading

0 comments on commit 0e72bdd

Please sign in to comment.