-
Notifications
You must be signed in to change notification settings - Fork 29
/
.gitlab-ci.yml
83 lines (75 loc) · 2.31 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
variables:
DOCKER_TLS_CERTDIR: "/certs"
stages:
- build
- test
- release
- deploy
sast:
stage: test
sentry_upload:
image: getsentry/sentry-cli:latest
stage: release
rules:
- if: $CI_COMMIT_TAG && $SENTRY_ORG
script:
- sentry-cli releases new --finalize "$CI_COMMIT_REF_NAME"
- sentry-cli releases set-commits --auto "$CI_COMMIT_REF_NAME"
build:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
before_script:
- export APP_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//g')
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
script:
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME}"
--build-arg "SENTRY_DSN=$SENTRY_DSN"
--build-arg "APP_VERSION=$APP_TAG"
--ignore-var-run
tag_latest:
image:
name: gcr.io/go-containerregistry/crane:debug
entrypoint: [""]
stage: release
only:
- tags
before_script:
- crane auth login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
script:
- crane tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME latest
deploy_prod:
stage: deploy
image: alpine
environment:
name: production
url: https://time.amazingcat.net
only:
- tags
when: manual
before_script:
- 'which ssh-agent || ( apk add --update openssh )'
- eval $(ssh-agent -s)
- echo "$CI_KEY" | base64 -d | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
script:
- ssh $CI_USER@$CI_HOST 'cd /opt/services/cattr/tracker && docker compose pull'
- ssh $CI_USER@$CI_HOST 'cd /opt/services/cattr/tracker && docker compose up -d'
container_scanning:
variables:
CS_IMAGE: '$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME'
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
- template: Code-Quality.gitlab-ci.yml