-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
128 lines (115 loc) · 2.17 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
image: node:14
stages:
- Prepare
- Lint
- Test
- Build
- Security
- Deploy
cache: &global_cache
key:
files:
- package-lock.json
paths:
- node_modules
policy: pull
prepare:
stage: Prepare
cache:
# inherit global_cache properties, override policy
<<: *global_cache
policy: pull-push
before_script:
- node --version
- npm --version
script:
- npm install
dependencies: []
lint:
except:
- schedules
stage: Lint
script:
- npm run eslint:ci
- npm run stylelint:ci
dependencies: []
test:
except:
- schedules
stage: Test
script:
- npm run test:ci
dependencies: []
build:
except:
- schedules
- tags
stage: Build
script:
- npm run build
dependencies: []
build_prod:
only:
- tags
stage: Build
before_script:
- cat "$ENV_FILE_PRODUCTION" > ./.env.production.local
script:
- npm run build
artifacts:
paths:
- build/
dependencies: []
audit:
except:
- schedules
stage: Security
script:
- npm audit
dependencies: []
lockfile_lint:
except:
- schedules
stage: Security
script:
- npm run lockfile-lint
dependencies: []
snyk_test:
only:
refs:
- schedules
variables:
- $IS_WEEKLY_RUN != "true"
stage: Security
before_script:
- npm run snyk:auth "$SNYK_TOKEN"
script:
- npm run snyk:test
snyk_monitor:
only:
refs:
- schedules
variables:
- $IS_WEEKLY_RUN == "true"
stage: Security
before_script:
- npm run snyk:auth "$SNYK_TOKEN"
script:
- npm run snyk:monitor
deploy:
only:
- tags
stage: Deploy
before_script:
- 'which ssh-agent || (apt-get update -y && apt-get install openssh-client -y)'
- eval $(ssh-agent -s)
- ssh-add <(echo "$SERVER_SSH_PRIVATE_KEY_ENCODED" | base64 --decode)
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- ssh-keyscan "$SERVER_URL" >> ~/.ssh/known_hosts
- chmod 644 ~/.ssh/known_hosts
script:
- scp -r build "$SERVER_USER"@"$SERVER_URL":/home/$SERVER_USER/air-monitoring-frontend
- ssh "$SERVER_USER"@"$SERVER_URL" "sudo /home/$SERVER_USER/air-monitoring-frontend/redeploy.sh"
dependencies:
- build_prod