image: node:16 stages: - build - test - publish - deploy npm: stage: build cache: - key: files: - package-lock.json paths: - node_modules policy: pull-push - key: $CI_PIPELINE_ID paths: - dist policy: push script: - npm install - npm run build artifacts: paths: - dist expire_in: 1 week rules: - if: $CI_COMMIT_BRANCH audit: stage: test cache: - key: files: - package-lock.json paths: - node_modules policy: pull script: - echo "vulnerabilities_high $(npm audit | grep -oE '[0-9]+ high' | grep -oE '[0-9]+' || echo 0)" > metrics.txt - echo "vulnerabilities_medium $(npm audit | grep -oE '[0-9]+ moderate' | grep -oE '[0-9]+' || echo 0)" >> metrics.txt - echo "vulnerabilities_low $(npm audit | grep -oE '[0-9]+ low' | grep -oE '[0-9]+' || echo 0)" >> metrics.txt artifacts: reports: metrics: metrics.txt rules: - if: $CI_COMMIT_BRANCH registry: stage: publish image: docker cache: - key: $CI_PIPELINE_ID paths: - dist policy: pull before_script: - docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY script: - TAG=$([ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ] && echo "latest" || echo "$CI_COMMIT_BRANCH" | sed -E "s/[_/]/-/g") - docker build --no-cache -t "$CI_REGISTRY_IMAGE:$TAG" . - docker push "$CI_REGISTRY_IMAGE:$TAG" rules: - if: $CI_COMMIT_BRANCH allow_failure: true tag: stage: publish image: name: alpine/git entrypoint: [ "" ] cache: [ ] before_script: - git remote set-url origin https://ReleaseBot:$DEPLOY_TOKEN@gitlab.zakscode.com/$CI_PROJECT_PATH.git script: - VERSION=$(cat package.json | grep version | grep -Eo ':.+' | grep -Eo '[[:alnum:]\.\/\-]+') - git tag -f $VERSION $CI_COMMIT_SHA - git push -f origin $VERSION rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' allow_failure: true production: stage: deploy image: docker cache: [] variables: SERVICE_NAME: phone-reminders_api before_script: - docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY - TAG=$([ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ] && echo "latest" || echo "$CI_COMMIT_BRANCH" | sed -E "s/[_/]/-/g") script: - docker pull "$CI_REGISTRY_IMAGE:$TAG" - docker service update --force --with-registry-auth --image "$CI_REGISTRY_IMAGE:$TAG" "$SERVICE_NAME" || echo "Continuing in background" allow_failure: true rules: - if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH' - if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH' when: manual