Skip to content
Snippets Groups Projects
Verified Commit 78223873 authored by Martin Weise's avatar Martin Weise
Browse files

Updated CI/CD

parent 9d4c8df6
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
Showing
with 517 additions and 486 deletions
.gitlab-ci.yml
+ 517
486
View file @ 78223873
...@@ -15,495 +15,526 @@ cache: ...@@ -15,495 +15,526 @@ cache:
key: ${CI_BUILD_REF_NAME} key: ${CI_BUILD_REF_NAME}
paths: paths:
- final/ - final/
- .m2/
stages: stages:
# - build - build
# - test - test
# - docs - docs
- release - release
# - scan - scan
#build-metadata-service: build-metadata-service:
# image: maven:3-openjdk-17 image: maven:3-openjdk-17
# stage: build stage: build
# script: only:
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" refs:
# - dev
#build-analyse-service: - master
# image: python:3.9-slim script:
# stage: build - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
# variables:
# PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile" build-analyse-service:
# script: image: python:3.9-slim
# - "pip install pipenv" stage: build
# - "pipenv install gunicorn && pipenv install --dev --system --deploy" only:
# refs:
#build-data-service: - dev
# image: maven:3-openjdk-17 - master
# stage: build variables:
# needs: PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
# - build-metadata-service script:
# script: - "pip install pipenv"
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" - "pipenv install gunicorn && pipenv install --dev --system --deploy"
# - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
# build-data-service:
#build-frontend: image: maven:3-openjdk-17
# image: node:14-alpine stage: build
# stage: build only:
# script: refs:
# - "yarn config set network-timeout 600000 -g" - dev
# - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps" - master
# - "yarn --cwd ./dbrepo-ui run build" needs:
# - build-metadata-service
#build-search-service: script:
# image: python:3.10-alpine - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
# stage: build - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
# script:
# - "pip install pipenv" build-frontend:
# - "cd dbrepo-search-service && pipenv install --system --deploy" image: node:14-alpine
# stage: build
#build-docker: only:
# image: docker.io/docker:24-dind refs:
# stage: build - dev
# before_script: - master
# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL script:
# script: - "yarn config set network-timeout 600000 -g"
# - "cp .env.unix.example .env" - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
# - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service" - "yarn --cwd ./dbrepo-ui run build"
# - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
# - "docker compose build --parallel" build-search-service:
# image: python:3.10-alpine
#build-helm: stage: build
# image: docker.io/docker:24-dind only:
# stage: build refs:
# before_script: - dev
# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL - master
# script: script:
# - apk add sed helm curl - "pip install pipenv"
# - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml' - "cd dbrepo-search-service && pipenv install --system --deploy"
# - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
# - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \; build-docker:
# - helm package ./helm-charts/dbrepo --destination ./build image: docker.io/docker:24-dind
# stage: build
#test-metadata-service: only:
# image: maven:3-openjdk-17 refs:
# stage: test - dev
# needs: - master
# - build-metadata-service before_script:
# script: - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" script:
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify" - "cp .env.unix.example .env"
# - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'" - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
# artifacts: - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
# when: always - "docker compose build --parallel"
# paths:
# - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/ build-helm:
# - ./dbrepo-metadata-service/rest-service/target/surefire-reports/ image: docker.io/docker:24-dind
# expire_in: 1 days stage: build
# reports: only:
# junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml refs:
# coverage: '/Total.*?([0-9]{1,3})%/' - dev
# - master
#test-data-service: before_script:
# image: maven:3-openjdk-17 - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
# stage: test script:
# needs: - apk add sed helm curl
# - build-data-service - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
# script: - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests" - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
# - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always" - helm package ./helm-charts/dbrepo --destination ./build
# - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
# artifacts: test-metadata-service:
# when: always image: maven:3-openjdk-17
# paths: stage: test
# - ./dbrepo-data-service/report/target/site/jacoco-aggregate/ only:
# - ./dbrepo-data-service/rest-service/target/surefire-reports/ refs:
# expire_in: 1 days - dev
# reports: - master
# junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml needs:
# coverage: '/Total.*?([0-9]{1,3})%/' - build-metadata-service
# script:
#test-analyse-service: - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
# image: python:3.9-slim - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
# stage: test - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
# variables: artifacts:
# PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile" when: always
# needs: paths:
# - build-analyse-service - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
# script: - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
# - "pip install pipenv" expire_in: 1 days
# - "pipenv install gunicorn && pipenv install --dev --system --deploy" reports:
# - cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
# - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'" coverage: '/Total.*?([0-9]{1,3})%/'
# artifacts:
# when: always test-data-service:
# paths: image: maven:3-openjdk-17
# - ./dbrepo-analyse-service/report.xml stage: test
# - ./dbrepo-analyse-service/coverage.txt only:
# expire_in: 1 days refs:
# reports: - dev
# junit: ./dbrepo-analyse-service/report.xml - master
# coverage: '/TOTAL.*?([0-9]{1,3})%/' needs:
# - build-data-service
#test-frontend: script:
# image: node:14-alpine - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
# stage: test - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
# needs: - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
# - build-frontend artifacts:
# script: when: always
# - "yarn --cwd ./dbrepo-ui install" paths:
# - "yarn --cwd ./dbrepo-ui run test:unit || true" - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
# - "yarn --cwd ./dbrepo-ui run coverage || true" - ./dbrepo-data-service/rest-service/target/surefire-reports/
# - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true" expire_in: 1 days
# artifacts: reports:
# when: always junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
# paths: coverage: '/Total.*?([0-9]{1,3})%/'
# - ./dbrepo-ui/coverage/
# expire_in: 1 days test-analyse-service:
# reports: image: python:3.9-slim
# coverage_report: stage: test
# coverage_format: cobertura only:
# path: ./dbrepo-ui/coverage/cobertura-coverage.xml refs:
# coverage: '/TOTAL.*?([0-9]{1,3})%/' - dev
# - master
#scan-analyse-service: variables:
# image: bitnami/trivy:latest PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
# stage: scan needs:
# only: - build-analyse-service
# refs: script:
# - master - "pip install pipenv"
# - release-v1.4 - "pipenv install gunicorn && pipenv install --dev --system --deploy"
# allow_failure: true - cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt
# script: - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest artifacts:
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest when: always
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest paths:
# cache: - ./dbrepo-analyse-service/report.xml
# paths: - ./dbrepo-analyse-service/coverage.txt
# - .trivycache/ expire_in: 1 days
# artifacts: reports:
# when: always junit: ./dbrepo-analyse-service/report.xml
# expire_in: 1 days coverage: '/TOTAL.*?([0-9]{1,3})%/'
# reports:
# container_scanning: ./.trivy/trivy-analyse-service-report.json test-frontend:
# image: node:14-alpine
#scan-authentication-service: stage: test
# image: bitnami/trivy:latest only:
# stage: scan refs:
# only: - dev
# refs: - master
# - master needs:
# - release-v1.4 - build-frontend
# allow_failure: true script:
# script: - "yarn --cwd ./dbrepo-ui install"
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest - "yarn --cwd ./dbrepo-ui run test:unit || true"
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest - "yarn --cwd ./dbrepo-ui run coverage || true"
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
# cache: artifacts:
# paths: when: always
# - .trivycache/ paths:
# artifacts: - ./dbrepo-ui/coverage/
# when: always expire_in: 1 days
# expire_in: 1 days reports:
# reports: coverage_report:
# container_scanning: ./.trivy/trivy-authentication-service-report.json coverage_format: cobertura
# path: ./dbrepo-ui/coverage/cobertura-coverage.xml
#scan-broker-service: coverage: '/TOTAL.*?([0-9]{1,3})%/'
# image: bitnami/trivy:latest
# stage: scan scan-analyse-service:
# only: image: bitnami/trivy:latest
# refs: stage: scan
# - master only:
# - release-v1.4 refs:
# allow_failure: true - master
# script: allow_failure: true
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest script:
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
# cache: - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
# paths: cache:
# - .trivycache/ paths:
# artifacts: - .trivycache/
# when: always artifacts:
# expire_in: 1 days when: always
# reports: expire_in: 1 days
# container_scanning: ./.trivy/trivy-broker-service-report.json reports:
# container_scanning: ./.trivy/trivy-analyse-service-report.json
#scan-gateway-service:
# image: bitnami/trivy:latest scan-authentication-service:
# stage: scan image: bitnami/trivy:latest
# only: stage: scan
# refs: only:
# - master refs:
# - release-v1.4 - master
# allow_failure: true allow_failure: true
# script: script:
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
# - trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
# cache: cache:
# paths: paths:
# - .trivycache/ - .trivycache/
# artifacts: artifacts:
# when: always when: always
# expire_in: 1 days expire_in: 1 days
# reports: reports:
# container_scanning: ./.trivy/trivy-gateway-service-report.json container_scanning: ./.trivy/trivy-authentication-service-report.json
#
#scan-metadata-service: scan-broker-service:
# image: bitnami/trivy:latest image: bitnami/trivy:latest
# stage: scan stage: scan
# only: only:
# refs: refs:
# - master - master
# - release-v1.4 allow_failure: true
# allow_failure: true script:
# script: - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest cache:
# cache: paths:
# paths: - .trivycache/
# - .trivycache/ artifacts:
# artifacts: when: always
# when: always expire_in: 1 days
# expire_in: 1 days reports:
# reports: container_scanning: ./.trivy/trivy-broker-service-report.json
# container_scanning: ./.trivy/trivy-metadata-service-report.json
# scan-gateway-service:
#scan-data-service: image: bitnami/trivy:latest
# image: bitnami/trivy:latest stage: scan
# stage: scan only:
# only: refs:
# refs: - master
# - master allow_failure: true
# - release-v1.4 script:
# allow_failure: true - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim
# script: - trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest cache:
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest paths:
# cache: - .trivycache/
# paths: artifacts:
# - .trivycache/ when: always
# artifacts: expire_in: 1 days
# when: always reports:
# expire_in: 1 days container_scanning: ./.trivy/trivy-gateway-service-report.json
# reports:
# container_scanning: ./.trivy/trivy-data-service-report.json scan-metadata-service:
# image: bitnami/trivy:latest
#scan-search-db: stage: scan
# image: bitnami/trivy:latest only:
# stage: scan refs:
# only: - master
# refs: allow_failure: true
# - master script:
# - release-v1.4 - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
# allow_failure: true - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
# script: - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest cache:
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest paths:
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest - .trivycache/
# cache: artifacts:
# paths: when: always
# - .trivycache/ expire_in: 1 days
# artifacts: reports:
# when: always container_scanning: ./.trivy/trivy-metadata-service-report.json
# expire_in: 1 days
# reports: scan-data-service:
# container_scanning: ./.trivy/trivy-search-db-report.json image: bitnami/trivy:latest
# stage: scan
#scan-search-dashboard: only:
# image: bitnami/trivy:latest refs:
# stage: scan - master
# only: allow_failure: true
# refs: script:
# - master - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
# - release-v1.4 - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
# allow_failure: true - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
# script: cache:
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0 paths:
# - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0 - .trivycache/
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0 artifacts:
# cache: when: always
# paths: expire_in: 1 days
# - .trivycache/ reports:
# artifacts: container_scanning: ./.trivy/trivy-data-service-report.json
# when: always
# expire_in: 1 days scan-search-db:
# reports: image: bitnami/trivy:latest
# container_scanning: ./.trivy/trivy-search-dashboard-report.json stage: scan
# only:
#scan-search-db-init: refs:
# image: bitnami/trivy:latest - master
# stage: scan allow_failure: true
# only: script:
# refs: - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
# - master - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
# - release-v1.4 - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
# allow_failure: true cache:
# script: paths:
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest - .trivycache/
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest artifacts:
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest when: always
# cache: expire_in: 1 days
# paths: reports:
# - .trivycache/ container_scanning: ./.trivy/trivy-search-db-report.json
# artifacts:
# when: always scan-search-dashboard:
# expire_in: 1 days image: bitnami/trivy:latest
# reports: stage: scan
# container_scanning: ./.trivy/trivy-search-db-init-report.json only:
# refs:
#scan-data-db: - master
# image: bitnami/trivy:latest allow_failure: true
# stage: scan script:
# only: - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
# refs: - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
# - master - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
# - release-v1.4 cache:
# allow_failure: true paths:
# script: - .trivycache/
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0 artifacts:
# - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0 when: always
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0 expire_in: 1 days
# cache: reports:
# paths: container_scanning: ./.trivy/trivy-search-dashboard-report.json
# - .trivycache/
# artifacts: scan-search-db-init:
# when: always image: bitnami/trivy:latest
# expire_in: 1 days stage: scan
# reports: only:
# container_scanning: ./.trivy/trivy-data-db-report.json refs:
# - master
#scan-metadata-db: allow_failure: true
# image: bitnami/trivy:latest script:
# stage: scan - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
# only: - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
# refs: - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
# - master cache:
# - release-v1.4 paths:
# allow_failure: true - .trivycache/
# script: artifacts:
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest when: always
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest expire_in: 1 days
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest reports:
# cache: container_scanning: ./.trivy/trivy-search-db-init-report.json
# paths:
# - .trivycache/ scan-data-db:
# artifacts: image: bitnami/trivy:latest
# when: always stage: scan
# expire_in: 1 days only:
# reports: refs:
# container_scanning: ./.trivy/trivy-metadata-db-report.json - master
# allow_failure: true
#scan-ui: script:
# image: bitnami/trivy:latest - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
# stage: scan - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
# only: - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
# refs: cache:
# - master paths:
# - release-v1.4 - .trivycache/
# allow_failure: true artifacts:
# script: when: always
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest expire_in: 1 days
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest reports:
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest container_scanning: ./.trivy/trivy-data-db-report.json
# cache:
# paths: scan-metadata-db:
# - .trivycache/ image: bitnami/trivy:latest
# artifacts: stage: scan
# when: always only:
# expire_in: 1 days refs:
# reports: - master
# container_scanning: ./.trivy/trivy-ui-report.json allow_failure: true
# script:
#scan-storage-service: - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
# image: bitnami/trivy:latest - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
# stage: scan - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
# only: cache:
# refs: paths:
# - master - .trivycache/
# - release-v1.4 artifacts:
# allow_failure: true when: always
# script: expire_in: 1 days
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59 reports:
# - trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59 container_scanning: ./.trivy/trivy-metadata-db-report.json
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
# cache: scan-ui:
# paths: image: bitnami/trivy:latest
# - .trivycache/ stage: scan
# artifacts: only:
# when: always refs:
# expire_in: 1 days - master
# reports: allow_failure: true
# container_scanning: ./.trivy/trivy-storage-service-report.json script:
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
#scan-storage-service-init: - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
# image: bitnami/trivy:latest - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
# stage: scan cache:
# only: paths:
# refs: - .trivycache/
# - master artifacts:
# - release-v1.4 when: always
# allow_failure: true expire_in: 1 days
# script: reports:
# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest container_scanning: ./.trivy/trivy-ui-report.json
# - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest scan-storage-service:
# cache: image: bitnami/trivy:latest
# paths: stage: scan
# - .trivycache/ only:
# artifacts: refs:
# when: always - master
# expire_in: 1 days allow_failure: true
# reports: script:
# container_scanning: ./.trivy/trivy-storage-service-init-report.json - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59
# - trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59
#docs-registry: - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
# stage: docs cache:
# image: docker.io/python:3.11-slim paths:
# only: - .trivycache/
# refs: artifacts:
# - /^release-.*/ when: always
# script: expire_in: 1 days
# - pip install -r ./requirements.txt reports:
# - python3 .docs/docker/release.py container_scanning: ./.trivy/trivy-storage-service-report.json
#release-images: scan-storage-service-init:
# stage: release image: bitnami/trivy:latest
# image: docker:24-dind stage: scan
# needs: only:
# - test-metadata-service refs:
# - test-data-service - master
# - test-analyse-service allow_failure: true
# - test-frontend script:
# only: - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
# refs: - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
# - /^release-.*/ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
# before_script: cache:
# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL paths:
# - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL - .trivycache/
# script: artifacts:
# - "ifconfig eth0 mtu 1450 up" when: always
# - "apk add make bash" expire_in: 1 days
# - "TAG=${APP_VERSION} make release" reports:
container_scanning: ./.trivy/trivy-storage-service-init-report.json
#release-chart:
# stage: release docs-registry:
# image: docker:24-dind stage: docs
# only: image: docker.io/python:3.11-slim
# refs: only:
# - /^release-.*/ refs:
# before_script: - /^release-.*/
# - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL script:
# script: - pip install -r ./requirements.txt
# - apk add sed helm curl - python3 .docs/docker/release.py
# - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
# - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml' release-images:
# - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \; stage: release
# - helm package ./helm-charts/dbrepo --destination ./build image: docker:24-dind
# - helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm" needs:
- test-metadata-service
- test-data-service
- test-analyse-service
- test-frontend
only:
refs:
- /^release-.*/
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
- echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
script:
- "ifconfig eth0 mtu 1450 up"
- "apk add make bash"
- "TAG=${APP_VERSION} make release"
release-chart:
stage: release
image: docker:24-dind
only:
refs:
- /^release-.*/
before_script:
- echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
script:
- apk add sed helm curl
- 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
- 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
- find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
- helm package ./helm-charts/dbrepo --destination ./build
- helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
release-docs: release-docs:
stage: release stage: release
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment