mirror of
https://gitlab.com/allianceauth/allianceauth.git
synced 2025-07-09 04:20:17 +02:00
259 lines
6.6 KiB
YAML
259 lines
6.6 KiB
YAML
.only-default: &only-default
|
||
only:
|
||
- master
|
||
- branches
|
||
- merge_requests
|
||
|
||
stages:
|
||
- pre-commit
|
||
- gitlab
|
||
- test
|
||
- deploy
|
||
- docker
|
||
|
||
include:
|
||
- template: Dependency-Scanning.gitlab-ci.yml
|
||
- template: Security/SAST.gitlab-ci.yml
|
||
- template: Security/Secret-Detection.gitlab-ci.yml
|
||
|
||
before_script:
|
||
- apt-get update && apt-get install redis-server -y
|
||
- redis-server --daemonize yes
|
||
- python -V
|
||
- pip install wheel tox
|
||
|
||
pre-commit-check:
|
||
<<: *only-default
|
||
stage: pre-commit
|
||
image: python:3.11-bookworm
|
||
# variables:
|
||
# PRE_COMMIT_HOME: ${CI_PROJECT_DIR}/.cache/pre-commit
|
||
# cache:
|
||
# paths:
|
||
# - ${PRE_COMMIT_HOME}
|
||
script:
|
||
- pip install pre-commit
|
||
- pre-commit run --all-files
|
||
|
||
sast:
|
||
stage: gitlab
|
||
before_script: []
|
||
|
||
dependency_scanning:
|
||
stage: gitlab
|
||
before_script:
|
||
- apt-get update && apt-get install redis-server libmariadb-dev -y
|
||
- redis-server --daemonize yes
|
||
- python -V
|
||
- pip install wheel tox
|
||
|
||
secret_detection:
|
||
stage: gitlab
|
||
before_script: []
|
||
|
||
test-3.10-core:
|
||
<<: *only-default
|
||
image: python:3.10-bookworm
|
||
script:
|
||
- tox -e py310-core
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
|
||
test-3.11-core:
|
||
<<: *only-default
|
||
image: python:3.11-bookworm
|
||
script:
|
||
- tox -e py311-core
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
|
||
test-3.12-core:
|
||
<<: *only-default
|
||
image: python:3.12-bookworm
|
||
script:
|
||
- tox -e py312-core
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
|
||
test-3.13-core:
|
||
<<: *only-default
|
||
image: python:3.13-rc-bookworm
|
||
script:
|
||
- tox -e py313-core
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
allow_failure: true
|
||
|
||
test-3.10-all:
|
||
<<: *only-default
|
||
image: python:3.10-bookworm
|
||
script:
|
||
- tox -e py310-all
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
|
||
test-3.11-all:
|
||
<<: *only-default
|
||
image: python:3.11-bookworm
|
||
script:
|
||
- tox -e py311-all
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
|
||
|
||
test-3.12-all:
|
||
<<: *only-default
|
||
image: python:3.12-bookworm
|
||
script:
|
||
- tox -e py312-all
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
|
||
test-3.13-all:
|
||
<<: *only-default
|
||
image: python:3.13-rc-bookworm
|
||
script:
|
||
- tox -e py313-all
|
||
artifacts:
|
||
when: always
|
||
reports:
|
||
coverage_report:
|
||
coverage_format: cobertura
|
||
path: coverage.xml
|
||
allow_failure: true
|
||
|
||
build-test:
|
||
stage: test
|
||
image: python:3.12-bookworm
|
||
|
||
before_script:
|
||
- python -m pip install --upgrade pip
|
||
- python -m pip install --upgrade build
|
||
- python -m pip install --upgrade setuptools wheel
|
||
|
||
script:
|
||
- python -m build
|
||
|
||
artifacts:
|
||
when: always
|
||
name: "$CI_JOB_NAME-$CI_COMMIT_REF_SLUG"
|
||
paths:
|
||
- dist/*
|
||
expire_in: 1 year
|
||
|
||
test-docs:
|
||
<<: *only-default
|
||
image: python:3.12-bookworm
|
||
script:
|
||
- tox -e docs
|
||
|
||
deploy_production:
|
||
stage: deploy
|
||
image: python:3.12-bookworm
|
||
|
||
before_script:
|
||
- python -m pip install --upgrade pip
|
||
- python -m pip install --upgrade build
|
||
- python -m pip install --upgrade setuptools wheel twine
|
||
|
||
script:
|
||
- python -m build
|
||
- python -m twine upload dist/*
|
||
|
||
rules:
|
||
- if: $CI_COMMIT_TAG
|
||
|
||
build-image:
|
||
before_script: []
|
||
image: docker:27.0
|
||
stage: docker
|
||
services:
|
||
- docker:27-dind
|
||
script: |
|
||
CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
|
||
IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_SHORT_SHA
|
||
CURRENT_TAG=$CI_REGISTRY_IMAGE/auth:$CI_COMMIT_TAG
|
||
MINOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1-2)
|
||
MAJOR_TAG=$CI_REGISTRY_IMAGE/auth:$(echo $CI_COMMIT_TAG | cut -d '.' -f 1)
|
||
LATEST_TAG=$CI_REGISTRY_IMAGE/auth:latest
|
||
|
||
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||
docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
|
||
docker run --privileged --rm tonistiigi/binfmt --install all
|
||
docker buildx create --use --name new-builder
|
||
docker buildx build . --tag $IMAGE_TAG --tag $CURRENT_TAG --tag $MINOR_TAG --tag $MAJOR_TAG --tag $LATEST_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_VERSION=$(echo $CI_COMMIT_TAG | cut -c 2-)
|
||
rules:
|
||
- if: $CI_COMMIT_TAG
|
||
when: delayed
|
||
start_in: 10 minutes
|
||
|
||
build-image-dev:
|
||
before_script: []
|
||
image: docker:27
|
||
stage: docker
|
||
services:
|
||
- docker:27-dind
|
||
script: |
|
||
CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
|
||
IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_COMMIT_BRANCH-$CI_COMMIT_SHORT_SHA
|
||
|
||
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||
docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
|
||
docker run --privileged --rm tonistiigi/binfmt --install all
|
||
docker buildx create --use --name new-builder
|
||
docker buildx build . --tag $IMAGE_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_PACKAGE=git+https://gitlab.com/allianceauth/allianceauth@$CI_COMMIT_BRANCH
|
||
rules:
|
||
- if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == ""'
|
||
when: manual
|
||
- if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME != ""'
|
||
when: never
|
||
|
||
build-image-mr:
|
||
before_script: []
|
||
image: docker:27
|
||
stage: docker
|
||
services:
|
||
- docker:27-dind
|
||
script: |
|
||
CURRENT_DATE=$(echo $CI_COMMIT_TIMESTAMP | head -c 10 | tr -d -)
|
||
IMAGE_TAG=$CI_REGISTRY_IMAGE/auth:$CURRENT_DATE-$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME-$CI_COMMIT_SHORT_SHA
|
||
|
||
docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
|
||
docker run --privileged --rm tonistiigi/binfmt --uninstall qemu-*
|
||
docker run --privileged --rm tonistiigi/binfmt --install all
|
||
docker buildx create --use --name new-builder
|
||
docker buildx build . --tag $IMAGE_TAG --file docker/Dockerfile --platform linux/amd64,linux/arm64 --push --build-arg AUTH_PACKAGE=git+$CI_MERGE_REQUEST_SOURCE_PROJECT_URL@$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME
|
||
rules:
|
||
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
||
when: manual
|
||
- if: '$CI_PIPELINE_SOURCE != "merge_request_event"'
|
||
when: never
|