-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.gitlab-ci.yml
91 lines (83 loc) · 3.35 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
stages:
- nodebuild
- test
- nginxbuild
include:
remote: https://code.ornl.gov/rse-deployment/rse-sharables/raw/master/.gitlab-ci-before_script.yml
variables:
NODE_URL: '${CI_REGISTRY_IMAGE}/ssm-fe-node'
NGINX_URL: '${CI_REGISTRY_IMAGE}/ssm-fe-nginx'
NODE_IMAGE_NAME: 'ssm-fe-node'
DOCKER_APP_WORKDIR: '/usr/local/src'
after_script:
- curl https://code.ornl.gov/rse-deployment/rse-sharables/-/raw/master/rse-bash-modules.sh
- source rse-bash-modules.sh
- func_rse_docker_cleanup
- sudo chown -R gitlab-runner .
nodebuild:
stage: nodebuild
script:
- func_rse_docker_cleanup
- docker login --username=$CI_REGISTRY_USER --password=$CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker build --build-arg ci=true -t $NODE_URL/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA .
- docker tag $NODE_URL/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA $NODE_URL/$CI_COMMIT_REF_NAME:latest
- docker push $NODE_URL/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
- docker push $NODE_URL/$CI_COMMIT_REF_NAME:latest
tags:
- rse-multi-builder
# fail if auditing returns 'high' or 'critical' vulnerabilities, report all vulnerabilities
test_audit:
stage: test
variables:
AUDIT_OUTFILE: 'audit-report.txt'
artifacts:
when: always
paths:
- audit-report.txt
script:
- func_rse_docker_cleanup
- docker login --username=$CI_REGISTRY_USER --password=$CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $NODE_URL/$CI_COMMIT_REF_NAME
- docker run --name $NODE_IMAGE_NAME $NODE_URL/$CI_COMMIT_REF_NAME sh -c "bin/audit.js" > $AUDIT_OUTFILE
tags:
- rse-multi-builder
test_lint:
stage: test
script:
- func_rse_docker_cleanup
- docker login --username=$CI_REGISTRY_USER --password=$CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $NODE_URL/$CI_COMMIT_REF_NAME
- docker run --name $NODE_IMAGE_NAME $NODE_URL/$CI_COMMIT_REF_NAME sh -c "yarn run assert-no-warnings"
tags:
- rse-multi-builder
test_jest:
stage: test
script:
- func_rse_docker_cleanup
- docker login --username=$CI_REGISTRY_USER --password=$CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $NODE_URL/$CI_COMMIT_REF_NAME
- docker run --name $NODE_IMAGE_NAME $NODE_URL/$CI_COMMIT_REF_NAME sh -c "yarn test --coverage"
tags:
- rse-multi-builder
nginxbuild:
stage: nginxbuild
script:
- func_rse_docker_cleanup
- docker login --username=$CI_REGISTRY_USER --password=$CI_REGISTRY_PASSWORD $CI_REGISTRY
- docker pull $NODE_URL/$CI_COMMIT_REF_NAME
# clear .env file before running the build, so development/test variables are not exposed in production
- docker run --name $NODE_IMAGE_NAME $NODE_URL/$CI_COMMIT_REF_NAME sh -c "echo '' > .env && yarn run build"
- sudo rm -rf deployment-ctx/build || true
- docker cp $NODE_IMAGE_NAME:$DOCKER_APP_WORKDIR/build deployment-ctx/build
# build stage begins here
# if you want to deploy directly to AWS S3, you will need to create a "deployment-ctx/build/config.js" file
- docker build -f deployment-ctx/Dockerfile -t $NGINX_URL/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA deployment-ctx/
- docker tag $NGINX_URL/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA $NGINX_URL/$CI_COMMIT_REF_NAME:latest
- docker push $NGINX_URL/$CI_COMMIT_REF_NAME:$CI_COMMIT_SHORT_SHA
- docker push $NGINX_URL/$CI_COMMIT_REF_NAME:latest
only:
- dev
- qa
- main
tags:
- rse-multi-builder