You've already forked RekomenciBackend
Merge branch 'main' of https://gitlab.com/prod-hackathon-moscow/hackaton
This commit is contained in:
doas root
+77
-32
@@ -2,6 +2,7 @@ stages:
|
||||
- build
|
||||
- test
|
||||
- security
|
||||
- tag
|
||||
- deploy
|
||||
|
||||
variables:
|
||||
@@ -102,11 +103,10 @@ cache:
|
||||
when: never
|
||||
|
||||
.webhook-template: &webhook-config
|
||||
stage: deploy
|
||||
image: curlimages/curl:latest
|
||||
script:
|
||||
- |
|
||||
curl -s -X POST \
|
||||
curl -sf -X POST \
|
||||
-H "Content-Type: application/json" \
|
||||
-H "Authorization: Bearer $WEBHOOK_SECRET_TOKEN" \
|
||||
-H "Webhook-Identifier: $WEBHOOK_BYPASS_TOKEN" \
|
||||
@@ -125,8 +125,6 @@ cache:
|
||||
- |
|
||||
docker buildx create --use
|
||||
docker buildx build . \
|
||||
-t $IMAGE_NAME:latest \
|
||||
-t $IMAGE_NAME:$CI_COMMIT_REF_SLUG \
|
||||
-t $IMAGE_NAME:$CI_COMMIT_SHA \
|
||||
-f $CONTAINERFILE --target $BUILDTARGET --push \
|
||||
--cache-from type=registry,ref=$IMAGE_NAME-cache \
|
||||
@@ -141,6 +139,36 @@ cache:
|
||||
when: manual
|
||||
allow_failure: true
|
||||
|
||||
.tag-template: &tag-config
|
||||
<<: *docker-job
|
||||
stage: tag
|
||||
script:
|
||||
- |
|
||||
set -euo pipefail
|
||||
IMAGE="$IMAGE_NAME:$CI_COMMIT_SHA"
|
||||
docker pull "$IMAGE"
|
||||
|
||||
if [ -n "${CI_COMMIT_TAG:-}" ]; then
|
||||
docker tag "$IMAGE" "$IMAGE_NAME:$CI_COMMIT_TAG"
|
||||
docker push "$IMAGE_NAME:$CI_COMMIT_TAG"
|
||||
fi
|
||||
|
||||
if [ -n "${CI_COMMIT_BRANCH:-}" ]; then
|
||||
docker tag "$IMAGE" "$IMAGE_NAME:$CI_COMMIT_REF_SLUG"
|
||||
docker push "$IMAGE_NAME:$CI_COMMIT_REF_SLUG"
|
||||
|
||||
if [ "$CI_COMMIT_BRANCH" = "$CI_DEFAULT_BRANCH" ]; then
|
||||
docker tag "$IMAGE" "$IMAGE_NAME:latest"
|
||||
docker push "$IMAGE_NAME:latest"
|
||||
fi
|
||||
fi
|
||||
rules:
|
||||
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH
|
||||
- if: $CI_COMMIT_TAG
|
||||
- if: $CI_PIPELINE_SOURCE == 'merge_request_event'
|
||||
when: manual
|
||||
allow_failure: true
|
||||
|
||||
.uv-job: &uv-job
|
||||
image: debian:trixie-slim
|
||||
cache:
|
||||
@@ -156,33 +184,6 @@ cache:
|
||||
- curl -LsSf https://astral.sh/uv/install.sh | sh
|
||||
- export PATH="$HOME/.local/bin:$PATH"
|
||||
|
||||
sast-filesystem:
|
||||
<<: *trivy-fs-scan
|
||||
|
||||
sast-image-runtime:
|
||||
<<: *trivy-image-scan
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend
|
||||
IMAGE_TYPE: runtime
|
||||
dependencies:
|
||||
- build-runtime
|
||||
|
||||
sast-image-tests:
|
||||
<<: *trivy-image-scan
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend-tests
|
||||
IMAGE_TYPE: tests
|
||||
dependencies:
|
||||
- build-tests
|
||||
|
||||
sast-image-migrations:
|
||||
<<: *trivy-image-scan
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend-migrations
|
||||
IMAGE_TYPE: migrations
|
||||
dependencies:
|
||||
- build-migrations
|
||||
|
||||
build-runtime:
|
||||
<<: *build-config
|
||||
variables:
|
||||
@@ -236,7 +237,7 @@ test:
|
||||
) | tee -a compose.log &
|
||||
- LOGS_PID=$!
|
||||
- |
|
||||
REGISTRY_PREFIX=$CI_REGISTRY_IMAGE \
|
||||
REGISTRY_PREFIX=$CI_REGISTRY_IMAGE IMAGE_TAG=$CI_COMMIT_SHA \
|
||||
docker compose -f compose.yaml -f compose.prod.yaml \
|
||||
$PROFILES up -d --quiet-pull --quiet-build 2>&1 | tee compose.log
|
||||
- |
|
||||
@@ -272,8 +273,51 @@ test:
|
||||
- build-tests
|
||||
- build-migrations
|
||||
|
||||
sast-filesystem:
|
||||
<<: *trivy-fs-scan
|
||||
|
||||
sast-image-runtime:
|
||||
<<: *trivy-image-scan
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend
|
||||
IMAGE_TYPE: runtime
|
||||
dependencies:
|
||||
- build-runtime
|
||||
|
||||
sast-image-tests:
|
||||
<<: *trivy-image-scan
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend-tests
|
||||
IMAGE_TYPE: tests
|
||||
dependencies:
|
||||
- build-tests
|
||||
|
||||
sast-image-migrations:
|
||||
<<: *trivy-image-scan
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend-migrations
|
||||
IMAGE_TYPE: migrations
|
||||
dependencies:
|
||||
- build-migrations
|
||||
|
||||
tag-runtime:
|
||||
<<: *tag-config
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend
|
||||
|
||||
tag-tests:
|
||||
<<: *tag-config
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend-tests
|
||||
|
||||
tag-migrations:
|
||||
<<: *tag-config
|
||||
variables:
|
||||
IMAGE_NAME: $BASE_IMAGE_NAME/backend-migrations
|
||||
|
||||
webhook-migrations-deploy:
|
||||
<<: *webhook-config
|
||||
stage: deploy
|
||||
variables:
|
||||
WEBHOOK_URL: $WEBHOOK_URL_MIGRATIONS
|
||||
resource_group: staging
|
||||
@@ -283,6 +327,7 @@ webhook-migrations-deploy:
|
||||
|
||||
webhook-backend-deploy:
|
||||
<<: *webhook-config
|
||||
stage: deploy
|
||||
variables:
|
||||
WEBHOOK_URL: $WEBHOOK_URL_BACKEND
|
||||
environment:
|
||||
|
||||
+3
-3
@@ -1,9 +1,9 @@
|
||||
services:
|
||||
backend:
|
||||
image: "${REGISTRY_PREFIX}/backend"
|
||||
image: "${REGISTRY_PREFIX}/backend:${IMAGE_TAG}"
|
||||
|
||||
tests:
|
||||
image: "${REGISTRY_PREFIX}/backend-tests"
|
||||
image: "${REGISTRY_PREFIX}/backend-tests:${IMAGE_TAG}"
|
||||
|
||||
migrations:
|
||||
image: "${REGISTRY_PREFIX}/backend-migrations"
|
||||
image: "${REGISTRY_PREFIX}/backend-migrations:${IMAGE_TAG}"
|
||||
|
||||
Reference in New Issue
Block a user