102 lines
2.6 KiB
YAML
102 lines
2.6 KiB
YAML
image: node:16
|
|
|
|
stages:
|
|
- build
|
|
- test
|
|
- publish
|
|
- deploy
|
|
|
|
npm:
|
|
stage: build
|
|
cache:
|
|
- key:
|
|
files:
|
|
- package-lock.json
|
|
paths:
|
|
- node_modules
|
|
policy: pull-push
|
|
- key: $CI_PIPELINE_ID
|
|
paths:
|
|
- dist
|
|
policy: push
|
|
script:
|
|
- npm install
|
|
- npm run build
|
|
artifacts:
|
|
paths:
|
|
- dist
|
|
expire_in: 1 week
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH
|
|
|
|
audit:
|
|
stage: test
|
|
cache:
|
|
- key:
|
|
files:
|
|
- package-lock.json
|
|
paths:
|
|
- node_modules
|
|
policy: pull
|
|
script:
|
|
- echo "vulnerabilities_high $(npm audit | grep -oE '[0-9]+ high' | grep -oE '[0-9]+' || echo 0)" > metrics.txt
|
|
- echo "vulnerabilities_medium $(npm audit | grep -oE '[0-9]+ moderate' | grep -oE '[0-9]+' || echo 0)" >> metrics.txt
|
|
- echo "vulnerabilities_low $(npm audit | grep -oE '[0-9]+ low' | grep -oE '[0-9]+' || echo 0)" >> metrics.txt
|
|
artifacts:
|
|
reports:
|
|
metrics: metrics.txt
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH
|
|
|
|
registry:
|
|
stage: publish
|
|
image: docker
|
|
cache:
|
|
- key: $CI_PIPELINE_ID
|
|
paths:
|
|
- dist
|
|
policy: pull
|
|
before_script:
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
|
|
script:
|
|
- TAG=$([ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ] && echo "latest" || echo "$CI_COMMIT_BRANCH" | sed -E "s/[_/]/-/g")
|
|
- docker build --no-cache -t "$CI_REGISTRY_IMAGE:$TAG" .
|
|
- docker push "$CI_REGISTRY_IMAGE:$TAG"
|
|
rules:
|
|
- if: $CI_COMMIT_BRANCH
|
|
allow_failure: true
|
|
|
|
tag:
|
|
stage: publish
|
|
image:
|
|
name: alpine/git
|
|
entrypoint: [ "" ]
|
|
cache: [ ]
|
|
before_script:
|
|
- git remote set-url origin https://ReleaseBot:$DEPLOY_TOKEN@gitlab.zakscode.com/$CI_PROJECT_PATH.git
|
|
script:
|
|
- VERSION=$(cat package.json | grep version | grep -Eo ':.+' | grep -Eo '[[:alnum:]\.\/\-]+')
|
|
- git tag -f $VERSION $CI_COMMIT_SHA
|
|
- git push -f origin $VERSION
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
|
allow_failure: true
|
|
|
|
production:
|
|
stage: deploy
|
|
image: docker
|
|
cache: []
|
|
variables:
|
|
SERVICE_NAME: 291st_website
|
|
before_script:
|
|
- docker login -u $CI_REGISTRY_USER -p $CI_JOB_TOKEN $CI_REGISTRY
|
|
- TAG=$([ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ] && echo "latest" || echo "$CI_COMMIT_BRANCH" | sed -E "s/[_/]/-/g")
|
|
script:
|
|
- docker pull "$CI_REGISTRY_IMAGE:$TAG"
|
|
- docker service update --force --with-registry-auth --image "$CI_REGISTRY_IMAGE:$TAG" "$SERVICE_NAME" || echo "Continuing in background"
|
|
allow_failure: true
|
|
rules:
|
|
- if: '$CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH'
|
|
- if: '$CI_COMMIT_BRANCH && $CI_COMMIT_BRANCH != $CI_DEFAULT_BRANCH'
|
|
when: manual
|