.only-default: &only-default only: - master - branches - merge_requests stages: - pre-commit - gitlab - test - deploy - docker include: - template: Dependency-Scanning.gitlab-ci.yml - template: Security/SAST.gitlab-ci.yml - template: Security/Secret-Detection.gitlab-ci.yml before_script: - apt-get update && apt-get install redis-server -y - redis-server --daemonize yes - python -V - pip install wheel tox pre-commit-check: <<: *only-default stage: pre-commit image: python:3.11-bookworm # variables: # PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit # cache: # paths: # - ${PRE_COMMIT_HOME} script: - pip install pre-commit - pre-commit run --all-files sast: stage: gitlab before_script: [] dependency_scanning: stage: gitlab before_script: - apt-get update && apt-get install redis-server libmariadb-dev -y - redis-server --daemonize yes - python -V - pip install wheel tox secret_detection: stage: gitlab before_script: [] test-3.8-core: <<: *only-default image: python:3.8-bookworm script: - tox -e py38-core artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.9-core: <<: *only-default image: python:3.9-bookworm script: - tox -e py39-core artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.10-core: <<: *only-default image: python:3.10-bookworm script: - tox -e py310-core artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.11-core: <<: *only-default image: python:3.11-bookworm script: - tox -e py311-core artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.12-core: <<: *only-default image: python:3.12-bookworm script: - tox -e py312-core artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.8-all: <<: *only-default image: python:3.8-bookworm script: - tox -e py38-all artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.9-all: <<: *only-default image: python:3.9-bookworm script: - tox -e py39-all artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.10-all: <<: *only-default image: python:3.10-bookworm script: - tox -e py310-all artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml test-3.11-all: <<: *only-default image: python:3.11-bookworm script: - tox -e py311-all artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/' test-3.12-all: <<: *only-default image: python:3.12-bookworm script: - tox -e py312-all artifacts: when: always reports: coverage_report: coverage_format: cobertura path: coverage.xml build-test: stage: test image: python:3.11-bookworm before_script: - python -m pip install --upgrade pip - python -m pip install --upgrade build - python -m pip install --upgrade setuptools wheel script: - python -m build artifacts: when: always name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG" paths: - dist/* expire_in: 1 year test-docs: <<: *only-default image: python:3.11-bookworm script: - tox -e docs deploy_production: stage: deploy image: python:3.11-bookworm before_script: - python -m pip install --upgrade pip - python -m pip install --upgrade build - python -m pip install --upgrade setuptools wheel twine script: - python -m build - python -m twine upload dist/* rules: - if: $CI_COMMIT_TAG build-image: before_script: [] image: docker:24.0 stage: docker services: - docker:24.0-dind script: | CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -) IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_SHORT_SHA CURRENT_TAG=$CI_REGISTRY_IMAGE/auth:$CI_COMMIT_TAG MINOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1-2) MAJOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1) LATEST_TAG=$CI_REGISTRY_IMAGE/auth:latest docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-* docker run --privileged --rm tonistiigi/binfmt --install all docker buildx create --use --name new-builder docker buildx build . --tag $IMAGE_TAG --tag $CURRENT_TAG --tag $MINOR_TAG --tag $MAJOR_TAG --tag $LATEST_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_VERSION=$(echo $CI_COMMIT_TAG | cut -c 2-) rules: - if: $CI_COMMIT_TAG when: delayed start_in: 10 minutes build-image-dev: before_script: [] image: docker:24.0 stage: docker services: - docker:24.0-dind script: | CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -) IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-* docker run --privileged --rm tonistiigi/binfmt --install all docker buildx create --use --name new-builder docker buildx build . --tag $IMAGE_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_PACKAGE=git+https://gitlab.com/allianceauth/allianceauth@$CI_COMMIT_BRANCH rules: - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == ""' when: manual - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != ""' when: never build-image-mr: before_script: [] image: docker:24.0 stage: docker services: - docker:24.0-dind script: | CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -) IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-* docker run --privileged --rm tonistiigi/binfmt --install all docker buildx create --use --name new-builder docker buildx build . --tag $IMAGE_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_PACKAGE=git+$CI_MERGE_REQUEST_SOURCE_PROJECT_URL@$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME rules: - if: '$CI_PIPELINE_SOURCE == "merge_request_event"' when: manual - if: '$CI_PIPELINE_SOURCE != "merge_request_event"' when: never