-
Notifications
You must be signed in to change notification settings - Fork 156
/
Copy path.gitlab-ci.yml
executable file
·329 lines (307 loc) · 15.2 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
stages:
- sync
- build-test
- test
- build-release
- release
- release-docs
image: docker:23.0.1
variables:
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
CI_REGISTRY_IMAGE: registry.internal.syslifters.com/reportcreator/reportcreator
DOCKER_HUB_IMAGE: syslifters/sysreptor
services:
- docker:27.1.2-dind
.depends_docker:
before_script:
- i=0; while [ "$i" -lt 12 ]; do docker info && break; sleep 5; i=$(( i + 1 )) ; done
- docker login -u $DOCKER_USERNAME -p $DOCKER_PASSWORD
- docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD registry.internal.syslifters.com
- export DOCKER_BUILDKIT=1
- docker buildx create --use
.deploy_docs:
image: python:latest
script:
- cd docs
- git clone https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/Syslifters/sysreptor-docs.git ghpages
- cd ghpages
- git config --global user.email $GITHUB_USER_MAIL
- git config --global user.name $GITHUB_USERNAME
- shopt -u dotglob
- rm -rf *
- cp -r ../site/* .
- git add .
- git commit -m "INIT"
- git reset $(git commit-tree HEAD^{tree} -m "INIT")
- git push --force
allow_failure:
exit_codes: 127
sync:
stage: sync
rules:
- if: $CI_COMMIT_BRANCH == "main"
variables:
GIT_STRATEGY: clone
script:
- apk add git
- git checkout -b $CI_COMMIT_BRANCH
- git remote add public https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/Syslifters/sysreptor.git
- git status
- git config --global user.email $GITHUB_USER_MAIL
- git config --global user.name $GITHUB_USERNAME
- git push public main
build-docs:
image: python:latest
stage: build-release
needs: []
artifacts:
when: always
paths:
- docs/site/
expire_in: 2 days
allow_failure:
exit_codes: 127
script:
- cd docs
- pip3 install -r requirements.txt
- set +e
- python3 -c 'from hooks import *; generate_software_lists()' || EXIT_CODE=$?
- set -e
# Publish latest version number
- VERSION_NUMBER_LEADING_ZEROS=`git tag | grep ^prod- | sort -r | head -n 1 | sed -nr 's/^(prod|test|ltest)-([0-9]+\.[0-9]+([\.ab][0-9]+)?)$/\2/p'`
- VERSION_NUMBER=$(python3 -c "from packaging.version import Version;print(Version('${VERSION_NUMBER_LEADING_ZEROS}'))")
- echo "$VERSION_NUMBER" > docs/latest.version
# Pack demo data archives
- for archive_dir in ../demo_data/*; do reptor packarchive "$archive_dir" -o "docs/assets/${archive_dir##*/}.tar.gz"; done
# Fetch remote docs from reptor CLI
- mkdir -p docs/cli && cd docs/cli
- git init && git remote add -f origin https://github.com/Syslifters/reptor.git
- git config core.sparseCheckout true
- echo "docs" >> .git/info/sparse-checkout
- git pull origin main
- mv docs/* .
- rm -rf docs .git
- cd ../..
# Build docs
- mkdocs build
build-test-api:
stage: build-test
extends: .depends_docker
script:
- ISO_WEEK=$(date +%V)
- |
for img in rendering api-dev; do
if ! docker manifest inspect $CI_REGISTRY_IMAGE/$img:$ISO_WEEK > /dev/null; then
docker buildx build --provenance false --build-arg BUILDKIT_INLINE_CACHE=1 --no-cache --pull --target=$img --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/$img:$ISO_WEEK .
else
docker buildx build --provenance false --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/rendering:$ISO_WEEK --cache-from $CI_REGISTRY_IMAGE/api-dev:$ISO_WEEK --target=$img --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/$img:$ISO_WEEK .
fi
done
- docker buildx build --provenance false --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/rendering:$ISO_WEEK --cache-from $CI_REGISTRY_IMAGE/api-dev:$ISO_WEEK --target=api-test --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/api-test:$CI_COMMIT_SHORT_SHA .
build-test-frontend:
stage: build-test
extends: .depends_docker
script:
- ISO_WEEK=$(date +%V)
- |
for img in pdfviewer frontend-base; do
if ! docker manifest inspect $CI_REGISTRY_IMAGE/$img:$ISO_WEEK > /dev/null; then
docker buildx build --provenance false --build-arg BUILDKIT_INLINE_CACHE=1 --no-cache --pull --target=$img --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/$img:$ISO_WEEK .
else
docker buildx build --provenance false --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/pdfviewer:$ISO_WEEK --cache-from $CI_REGISTRY_IMAGE/frontend-base:$ISO_WEEK --target=$img --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/$img:$ISO_WEEK .
fi
done
- docker buildx build --provenance false --build-arg BUILDKIT_INLINE_CACHE=1 --cache-from $CI_REGISTRY_IMAGE/pdfviewer:$ISO_WEEK --cache-from $CI_REGISTRY_IMAGE/frontend-base:$ISO_WEEK --target=frontend-test --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/frontend-test:$CI_COMMIT_SHORT_SHA .
test-api:
stage: test
needs: [build-test-api]
extends: .depends_docker
services:
- docker:20.10.16-dind
- postgres:14
artifacts:
when: always
paths:
- api/test-reports/junit.xml
- api/test-reports/coverage.xml
reports:
junit: api/test-reports/junit.xml
coverage_report:
coverage_format: cobertura
path: api/test-reports/coverage.xml
coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/' # Regex to match coverage report
variables:
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
POSTGRES_HOST_AUTH_METHOD: trust
script:
- mkdir api/test-reports
- chmod 777 api/test-reports
- docker run -e DATABASE_HOST=${POSTGRES_PORT_5432_TCP_ADDR} -e DATABASE_NAME=${POSTGRES_DB} -e DATABASE_USER=${POSTGRES_USER} -e DATABASE_PASSWORD=${POSTGRES_PASSWORD} -e ENABLED_PLUGINS='*' --mount=type=bind,source=$PWD/api/test-reports,target=/app/api/test-reports $CI_REGISTRY_IMAGE/api-test:$CI_COMMIT_SHORT_SHA pytest -n auto --junitxml=test-reports/junit.xml --cov=reportcreator_api --cov-report=term --cov-report=xml:test-reports/coverage.xml
test-frontend:
stage: test
needs: [build-test-frontend]
extends: .depends_docker
artifacts:
when: always
paths:
- packages/frontend/test-reports
reports:
junit: packages/frontend/test-reports/junit.xml
script:
- mkdir packages/frontend/test-reports
- docker run --mount=type=bind,source=$PWD/packages/frontend/test-reports,target=/app/packages/frontend/test-reports $CI_REGISTRY_IMAGE/frontend-test:$CI_COMMIT_SHORT_SHA npm run test
integration-test-frontend:
stage: test
image: docker:27.3.1
extends: .depends_docker
artifacts:
when: always
paths:
- packages2/frontend/test-reports
reports:
junit: packages2/frontend/test-reports/junit.xml
services:
- docker:27.3.1-dind
variables:
FF_NETWORK_PER_BUILD: "true"
DOCKER_HOST: tcp://docker:2375
DOCKER_TLS_CERTDIR: ""
POSTGRES_DB: postgres
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
DATABASE_HOST: postgres
POSTGRES_HOST_AUTH_METHOD: trust
SYSREPTOR_INTEGRATION_USER: reptor
script:
# Setup
- docker network create mynet
- docker pull postgres:15 -q
- docker pull mcr.microsoft.com/playwright:v1.49.0-noble -q
- docker pull $CI_REGISTRY_IMAGE/api-test:$CI_COMMIT_SHORT_SHA -q
- docker pull $CI_REGISTRY_IMAGE/frontend-test:$CI_COMMIT_SHORT_SHA -q
- docker cp $(docker create --name temp $CI_REGISTRY_IMAGE/frontend-test:$CI_COMMIT_SHORT_SHA):/app/packages/ packages2 && docker rm temp
# Run API + DB
- docker run --name postgres --rm --network=mynet --detach -e POSTGRES_DB=$POSTGRES_DB -e POSTGRES_USER=$POSTGRES_USER -e POSTGRES_PASSWORD=$POSTGRES_PASSWORD postgres:15
- docker run --name=api --rm --network=mynet --detach -e ENABLED_PLUGINS=* -e LICENSE=$SYSREPTOR_INTEGRATION_LICENSE -e SYSREPTOR_INTEGRATION_USER=$SYSREPTOR_INTEGRATION_USER -e DATABASE_HOST=postgres -e DATABASE_NAME=${POSTGRES_DB} -e DATABASE_USER=${POSTGRES_USER} -e DATABASE_PASSWORD=${POSTGRES_PASSWORD} -e DJANGO_SUPERUSER_PASSWORD=$SYSREPTOR_INTEGRATION_PASSWORD $CI_REGISTRY_IMAGE/api-test:$CI_COMMIT_SHORT_SHA
# Let the api migrations run...
- sleep 15
# Add Superuser
- docker exec api python3 manage.py createsuperuser --noinput --username=$SYSREPTOR_INTEGRATION_USER
# Run E2E Tests
- docker run --name=playwright --rm --network=mynet --mount=type=bind,source=$PWD/packages2/,target=/app/packages/ -w /app/packages/frontend/ -e FRONTEND_ADMIN_PASSWORD=$SYSREPTOR_INTEGRATION_PASSWORD -e FRONTEND_ADMIN_USER=$SYSREPTOR_INTEGRATION_USER -e LICENSE=$SYSREPTOR_INTEGRATION_LICENSE mcr.microsoft.com/playwright:v1.49.0-noble bash -c 'npx playwright test'
build-release:
stage: build-release
extends: .depends_docker
rules:
- if: $CI_COMMIT_TAG # Run this job when a tag is created
script:
# Parse version number, exit on invalid version number
- apk add python3 py3-pip
- VERSION_NUMBER_LEADING_ZEROS=$(echo "$CI_COMMIT_TAG" | sed -nr 's/^(prod|test|ltest)-([0-9]+\.[0-9]+([\.ab][0-9]+)?)$/\2/p')
- VERSION_NUMBER=$(python3 -c "from packaging.version import Version;print(Version('${VERSION_NUMBER_LEADING_ZEROS}'))")
- ISO_WEEK=$(date +%V)
# Ensure the version number is in the changelog for prod deployments
- |
if [[ $CI_COMMIT_TAG =~ '^prod-.*' ]]; then
grep -qE "^## (v${VERSION_NUMBER})" CHANGELOG.md || exit 1
TEST_CI_COMMIT_TAG=test-$VERSION_NUMBER_LEADING_ZEROS
cd languagetool
docker buildx imagetools create $CI_REGISTRY_IMAGE/languagetool:$TEST_CI_COMMIT_TAG --tag $CI_REGISTRY_IMAGE/languagetool:$CI_COMMIT_TAG
cd ..
# Build api image
docker buildx build --provenance false --build-arg VERSION="$VERSION_NUMBER" --build-arg TESTED_API_IMAGE="$CI_REGISTRY_IMAGE:$TEST_CI_COMMIT_TAG" --platform linux/amd64,linux/arm64 --push --target=api-prod -t $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
else
cd languagetool
docker buildx build --provenance false --platform linux/amd64,linux/arm64 --push -t $CI_REGISTRY_IMAGE/languagetool:$CI_COMMIT_TAG .
cd ..
docker buildx build --provenance false $BASE_IMAGE_BUILD_ARG --build-arg BUILDKIT_INLINE_CACHE=1 --build-arg VERSION="$VERSION_NUMBER" --cache-from $CI_REGISTRY_IMAGE/api-test:$CI_COMMIT_SHORT_SHA --cache-from $CI_REGISTRY_IMAGE/frontend-test:$CI_COMMIT_SHORT_SHA --target=api --platform linux/amd64,linux/arm64 --push --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG .
fi
release-gitlab-release:
stage: release
needs: [build-release]
image: registry.gitlab.com/gitlab-org/release-cli:latest
script:
- echo "works"
rules:
- if: $CI_COMMIT_TAG # Run this job when a tag is created
release:
tag_name: "$CI_COMMIT_TAG"
description: "$CI_COMMIT_TAG"
release-prod:
stage: release
needs: [build-release, build-docs]
extends:
- .depends_docker
variables:
GIT_STRATEGY: clone
rules:
- if: $CI_COMMIT_TAG =~ /^prod-.*/ # Run this job on prod deployments
script:
# Set version number
- apk add python3 py3-pip curl
- VERSION_NUMBER_LEADING_ZEROS=$(echo "$CI_COMMIT_TAG" | sed -nr 's/^(prod|test|ltest)-([0-9]+\.[0-9]+([\.ab][0-9]+)?)$/\2/p')
- VERSION_NUMBER=$(python3 -c "from packaging.version import Version;print(Version('${VERSION_NUMBER_LEADING_ZEROS}'))")
- RELEASE_NOTES=$(awk "/## v${VERSION_NUMBER}.*/{include=1; next} /## v.*/{include=0} include && NF" CHANGELOG.md)
- TEST_CI_COMMIT_TAG=test-$VERSION_NUMBER_LEADING_ZEROS
- sed -i "1s/^/SYSREPTOR_VERSION=${VERSION_NUMBER}\n/" deploy/.env
# Generate api notice file
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- CONTAINER_ID=$(docker create $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG)
- docker cp $CONTAINER_ID:/app/api/NOTICE api/NOTICE
# Delete unnecessary files
- rm -rf docs/docs/s docs/README.md docs/reporting_software.yml docs/wip docs/hooks.py dev .vscode api/.vscode
# Build container with copyleft source code
- docker buildx build --provenance false --build-arg PROD_API_IMAGE=$CI_REGISTRY_IMAGE:$CI_COMMIT_TAG --target=api-src --platform linux/amd64,linux/arm64 --push --tag $DOCKER_HUB_IMAGE:$VERSION_NUMBER-src .
# Push containers to Docker Hub
- docker buildx imagetools create $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG --tag $DOCKER_HUB_IMAGE:$VERSION_NUMBER
- docker buildx imagetools create $DOCKER_HUB_IMAGE:$VERSION_NUMBER --tag $DOCKER_HUB_IMAGE:latest
- docker buildx imagetools create $CI_REGISTRY_IMAGE/languagetool:$CI_COMMIT_TAG --tag $DOCKER_HUB_IMAGE-languagetool:$VERSION_NUMBER
- docker buildx imagetools create $CI_REGISTRY_IMAGE/languagetool:$CI_COMMIT_TAG --tag $DOCKER_HUB_IMAGE-languagetool:latest
# Publish to github
- apk add git github-cli
# Create a GitHub release with pre-built JS files
# Copy pre-built frontend files
- docker cp $CONTAINER_ID:/app/api/static api/src/
- docker cp $CONTAINER_ID:/app/api/frontend/index.html api/src/frontend/index.html
- sed -i "/^src\/static$/d" api/.gitignore
# Copy pre-built rendering files
- docker cp $CONTAINER_ID:/app/packages/rendering/dist packages/rendering/dist
- docker rm -v $CONTAINER_ID
- sed -i "/^dist$/d" packages/rendering/.gitignore
- rm -rf api/.vscode
# Create archive with prebuilt sources
- mkdir -p /tmp/sysreptor
- cp -r * .gitignore .dockerignore /tmp/sysreptor
# Prebuilt sources are deprecated, required for legacy update scripts. Delete in 08/2025.
- tar -czf /tmp/source-prebuilt.tar.gz -C /tmp --exclude=sysreptor/.git --exclude=sysreptor/demo_data --exclude=sysreptor/docs sysreptor
# Create archive with setup files
- tar -czf /tmp/setup.tar.gz -C /tmp --exclude=sysreptor/.git --exclude=sysreptor/deploy/.gitignore sysreptor/deploy sysreptor/update.sh sysreptor/LICENSE sysreptor/INSTALL.md
- git remote add public https://${GITHUB_USERNAME}:${GITHUB_TOKEN}@github.com/Syslifters/sysreptor.git
- git config --global user.email $GITHUB_USER_MAIL
- git config --global user.name $GITHUB_USERNAME
# Upload to GitHub
- "RELEASE_NOTES=$RELEASE_NOTES$(echo -n '\n\nClick here to go to the update instructions: https://docs.sysreptor.com/setup/updates/')"
- gh release create "${VERSION_NUMBER}" /tmp/source-prebuilt.tar.gz /tmp/setup.tar.gz --title="${VERSION_NUMBER}" --target="${CI_COMMIT_SHA}" --notes="$RELEASE_NOTES"
# Send notification for new release
- >
curl https://portal.sysreptor.com/api/v1/notifications/new/ \
-X POST \
-H "Authorization: Bearer ${SAASPANEL_API_TOKEN}" \
-H "Content-Type: application/json" \
-d "{\"title\": \"🎊 Update available\", \"text\": \"There's a new SysReptor version (v${VERSION_NUMBER}) waiting for you.\", \"active_until\": \"$(date -d "@$(( $(date +%s) + 30 * 24 * 60 * 60 ))" -I)\", \"link_url\": \"https://github.com/Syslifters/sysreptor/releases/tag/${VERSION_NUMBER}\", \"instance_conditions\": {\"version\": \"<${VERSION_NUMBER}\"} }"
release-docs:
stage: release
extends: .deploy_docs
needs: [build-docs]
rules:
- if: $CI_COMMIT_TAG || $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
when: manual
release-docs-on-prod-release:
stage: release
extends: .deploy_docs
rules:
- if: $CI_COMMIT_TAG =~ /^prod-.*/ # Run this job on prod deployments
needs: [release-prod, build-docs]