forked from Netflix/lemur
-
Notifications
You must be signed in to change notification settings - Fork 2
/
.gitlab-ci.yml
98 lines (92 loc) · 2.6 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
variables:
CURRENT_CI_IMAGE: registry.ddbuild.io/lemur-ci:0.2.5
KUBERNETES_SERVICE_ACCOUNT_OVERWRITE: lemur
stages:
- test
- build-stage-image
- build-prod-image
- gbilite
test:
image: $CURRENT_CI_IMAGE
stage: test
timeout: 30m
rules:
- if: $GBILITE_GITLAB_ACTION != "gbilite-get-images" && $GBILITE_GITLAB_ACTION != "gbilite-build-image"
tags: ["arch:amd64"]
variables:
POSTGRES_DB: lemur
POSTGRES_USER: lemur
POSTGRES_PASSWORD: lemur
POSTGRES_HOST_AUTH_METHOD: trust
# Enable colors in pytest output: https://github.com/pytest-dev/pytest/issues/7443
PY_COLORS: 1
# Enable colors in chalk output: https://github.com/chalk/chalk#chalklevel
FORCE_COLOR: 1
services:
- registry.ddbuild.io/images/mirror/postgres:12.7
script:
# Setup virtualenv
- python3 -m venv ~/env && \
- source ~/env/bin/activate && \
- python3 -m pip install --upgrade pip setuptools coveralls bandit
# Run tests
- make test
- bandit -r . -ll -ii -x lemur/tests/,docs
- xvfb-run make test-js
build-stage-image:
image: $CURRENT_CI_IMAGE
stage: build-stage-image
when: on_success
rules:
- if: ($CI_COMMIT_TAG == null && $GBILITE_GITLAB_ACTION == null)
timeout: 2h
tags: ["arch:amd64"]
variables:
CI_ENABLE_CONTAINER_IMAGE_BUILDS: "true"
id_tokens:
DDSIGN_ID_TOKEN:
aud: image-integrity
script:
- CHECKOUT_REF=$CI_COMMIT_SHA GBILITE_ENV=staging GBILITE_IMAGE_TO_BUILD="lemur:v${CI_PIPELINE_ID}-${CI_COMMIT_SHORT_SHA}" /bin/bash .campaigns/build_and_push_image.sh
# build a prod image when we create a new tag
build-prod-image:
image: $CURRENT_CI_IMAGE
stage: build-prod-image
when: on_success
timeout: 2h
rules:
- if: $CI_COMMIT_TAG
tags: ["arch:amd64"]
variables:
CI_ENABLE_CONTAINER_IMAGE_BUILDS: "true"
id_tokens:
DDSIGN_ID_TOKEN:
aud: image-integrity
script:
- GBILITE_ENV=prod GBILITE_IMAGE_TO_BUILD="lemur:$CI_COMMIT_TAG" /bin/bash .campaigns/build_and_push_image.sh
gbilite-get-images:
image: $CURRENT_CI_IMAGE
stage: gbilite
rules:
- if: $GBILITE_GITLAB_ACTION == "gbilite-get-images"
tags: ["arch:amd64"]
script:
- /bin/bash .campaigns/get_images.sh > .campaigns/allimages.txt
artifacts:
paths:
- .campaigns/allimages.txt
gbilite-build-image:
image: $CURRENT_CI_IMAGE
stage: gbilite
timeout: 2h
rules:
- if: $GBILITE_GITLAB_ACTION == "gbilite-build-image"
tags: ["arch:amd64"]
script:
- /bin/bash .campaigns/build_and_push_image.sh
id_tokens:
DDSIGN_ID_TOKEN:
aud: image-integrity
artifacts:
paths:
- .campaigns/image_info.txt