From 78223873ddbb9a18265f0a3972e9e234a83f3042 Mon Sep 17 00:00:00 2001
From: Martin Weise <martin.weise@tuwien.ac.at>
Date: Thu, 7 Mar 2024 16:42:54 +0000
Subject: [PATCH] Updated CI/CD
---
.gitlab-ci.yml | 1003 +++++++++++++++++++++++++-----------------------
1 file changed, 517 insertions(+), 486 deletions(-)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index bb1844c55e..b655115b07 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -15,495 +15,526 @@ cache:
key: ${CI_BUILD_REF_NAME}
paths:
- final/
+ - .m2/
stages:
-# - build
-# - test
-# - docs
+ - build
+ - test
+ - docs
- release
-# - scan
-
-#build-metadata-service:
-# image: maven:3-openjdk-17
-# stage: build
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-#
-#build-analyse-service:
-# image: python:3.9-slim
-# stage: build
-# variables:
-# PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
-# script:
-# - "pip install pipenv"
-# - "pipenv install gunicorn && pipenv install --dev --system --deploy"
-#
-#build-data-service:
-# image: maven:3-openjdk-17
-# stage: build
-# needs:
-# - build-metadata-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
-#
-#build-frontend:
-# image: node:14-alpine
-# stage: build
-# script:
-# - "yarn config set network-timeout 600000 -g"
-# - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
-# - "yarn --cwd ./dbrepo-ui run build"
-#
-#build-search-service:
-# image: python:3.10-alpine
-# stage: build
-# script:
-# - "pip install pipenv"
-# - "cd dbrepo-search-service && pipenv install --system --deploy"
-#
-#build-docker:
-# image: docker.io/docker:24-dind
-# stage: build
-# before_script:
-# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
-# script:
-# - "cp .env.unix.example .env"
-# - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
-# - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
-# - "docker compose build --parallel"
-#
-#build-helm:
-# image: docker.io/docker:24-dind
-# stage: build
-# before_script:
-# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
-# script:
-# - apk add sed helm curl
-# - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
-# - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
-# - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
-# - helm package ./helm-charts/dbrepo --destination ./build
-#
-#test-metadata-service:
-# image: maven:3-openjdk-17
-# stage: test
-# needs:
-# - build-metadata-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
-# - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
-# - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
-# coverage: '/Total.*?([0-9]{1,3})%/'
-#
-#test-data-service:
-# image: maven:3-openjdk-17
-# stage: test
-# needs:
-# - build-data-service
-# script:
-# - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
-# - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
-# - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
-# - ./dbrepo-data-service/rest-service/target/surefire-reports/
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
-# coverage: '/Total.*?([0-9]{1,3})%/'
-#
-#test-analyse-service:
-# image: python:3.9-slim
-# stage: test
-# variables:
-# PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
-# needs:
-# - build-analyse-service
-# script:
-# - "pip install pipenv"
-# - "pipenv install gunicorn && pipenv install --dev --system --deploy"
-# - cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt
-# - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-analyse-service/report.xml
-# - ./dbrepo-analyse-service/coverage.txt
-# expire_in: 1 days
-# reports:
-# junit: ./dbrepo-analyse-service/report.xml
-# coverage: '/TOTAL.*?([0-9]{1,3})%/'
-#
-#test-frontend:
-# image: node:14-alpine
-# stage: test
-# needs:
-# - build-frontend
-# script:
-# - "yarn --cwd ./dbrepo-ui install"
-# - "yarn --cwd ./dbrepo-ui run test:unit || true"
-# - "yarn --cwd ./dbrepo-ui run coverage || true"
-# - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
-# artifacts:
-# when: always
-# paths:
-# - ./dbrepo-ui/coverage/
-# expire_in: 1 days
-# reports:
-# coverage_report:
-# coverage_format: cobertura
-# path: ./dbrepo-ui/coverage/cobertura-coverage.xml
-# coverage: '/TOTAL.*?([0-9]{1,3})%/'
-#
-#scan-analyse-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-analyse-service-report.json
-#
-#scan-authentication-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-authentication-service-report.json
-#
-#scan-broker-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-broker-service-report.json
-#
-#scan-gateway-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim
-# - trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-gateway-service-report.json
-#
-#scan-metadata-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-metadata-service-report.json
-#
-#scan-data-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-data-service-report.json
-#
-#scan-search-db:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-search-db-report.json
-#
-#scan-search-dashboard:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
-# - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-search-dashboard-report.json
-#
-#scan-search-db-init:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-search-db-init-report.json
-#
-#scan-data-db:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
-# - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-data-db-report.json
-#
-#scan-metadata-db:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-metadata-db-report.json
-#
-#scan-ui:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-ui-report.json
-#
-#scan-storage-service:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59
-# - trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-storage-service-report.json
-#
-#scan-storage-service-init:
-# image: bitnami/trivy:latest
-# stage: scan
-# only:
-# refs:
-# - master
-# - release-v1.4
-# allow_failure: true
-# script:
-# - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
-# - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
-# - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
-# cache:
-# paths:
-# - .trivycache/
-# artifacts:
-# when: always
-# expire_in: 1 days
-# reports:
-# container_scanning: ./.trivy/trivy-storage-service-init-report.json
-#
-#docs-registry:
-# stage: docs
-# image: docker.io/python:3.11-slim
-# only:
-# refs:
-# - /^release-.*/
-# script:
-# - pip install -r ./requirements.txt
-# - python3 .docs/docker/release.py
-
-#release-images:
-# stage: release
-# image: docker:24-dind
-# needs:
-# - test-metadata-service
-# - test-data-service
-# - test-analyse-service
-# - test-frontend
-# only:
-# refs:
-# - /^release-.*/
-# before_script:
-# - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
-# - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
-# script:
-# - "ifconfig eth0 mtu 1450 up"
-# - "apk add make bash"
-# - "TAG=${APP_VERSION} make release"
-
-#release-chart:
-# stage: release
-# image: docker:24-dind
-# only:
-# refs:
-# - /^release-.*/
-# before_script:
-# - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
-# script:
-# - apk add sed helm curl
-# - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
-# - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
-# - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
-# - helm package ./helm-charts/dbrepo --destination ./build
-# - helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
+ - scan
+
+build-metadata-service:
+ image: maven:3-openjdk-17
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+
+build-analyse-service:
+ image: python:3.9-slim
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ variables:
+ PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
+ script:
+ - "pip install pipenv"
+ - "pipenv install gunicorn && pipenv install --dev --system --deploy"
+
+build-data-service:
+ image: maven:3-openjdk-17
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ needs:
+ - build-metadata-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-data-service/pom.xml clean package -Dstyle.color=always -DskipTests"
+
+build-frontend:
+ image: node:14-alpine
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ script:
+ - "yarn config set network-timeout 600000 -g"
+ - "yarn --cwd ./dbrepo-ui install --legacy-peer-deps"
+ - "yarn --cwd ./dbrepo-ui run build"
+
+build-search-service:
+ image: python:3.10-alpine
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ script:
+ - "pip install pipenv"
+ - "cd dbrepo-search-service && pipenv install --system --deploy"
+
+build-docker:
+ image: docker.io/docker:24-dind
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ before_script:
+ - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
+ script:
+ - "cp .env.unix.example .env"
+ - "docker build -t dbrepo-metadata-service:build --target build dbrepo-metadata-service"
+ - "docker build -t dbrepo-data-service:build --target build dbrepo-data-service"
+ - "docker compose build --parallel"
+
+build-helm:
+ image: docker.io/docker:24-dind
+ stage: build
+ only:
+ refs:
+ - dev
+ - master
+ before_script:
+ - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
+ script:
+ - apk add sed helm curl
+ - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+ - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+ - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
+ - helm package ./helm-charts/dbrepo --destination ./build
+
+test-metadata-service:
+ image: maven:3-openjdk-17
+ stage: test
+ only:
+ refs:
+ - dev
+ - master
+ needs:
+ - build-metadata-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean test -Dstyle.color=always verify"
+ - "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
+ - ./dbrepo-metadata-service/rest-service/target/surefire-reports/
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
+ coverage: '/Total.*?([0-9]{1,3})%/'
+
+test-data-service:
+ image: maven:3-openjdk-17
+ stage: test
+ only:
+ refs:
+ - dev
+ - master
+ needs:
+ - build-data-service
+ script:
+ - "mvn -f ./dbrepo-metadata-service/pom.xml clean install -Dstyle.color=always -DskipTests"
+ - "mvn -f ./dbrepo-data-service/pom.xml clean test verify -Dstyle.color=always"
+ - "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-data-service/report/target/site/jacoco-aggregate/
+ - ./dbrepo-data-service/rest-service/target/surefire-reports/
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
+ coverage: '/Total.*?([0-9]{1,3})%/'
+
+test-analyse-service:
+ image: python:3.9-slim
+ stage: test
+ only:
+ refs:
+ - dev
+ - master
+ variables:
+ PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
+ needs:
+ - build-analyse-service
+ script:
+ - "pip install pipenv"
+ - "pipenv install gunicorn && pipenv install --dev --system --deploy"
+ - cd ./dbrepo-analyse-service/ && coverage run -m pytest test/test_determine_dt.py test/test_determine_pk.py test/test_s3_client.py --junitxml=report.xml && coverage html --omit="test/*" && coverage report --omit="test/*" > ./coverage.txt
+ - "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-analyse-service/report.xml
+ - ./dbrepo-analyse-service/coverage.txt
+ expire_in: 1 days
+ reports:
+ junit: ./dbrepo-analyse-service/report.xml
+ coverage: '/TOTAL.*?([0-9]{1,3})%/'
+
+test-frontend:
+ image: node:14-alpine
+ stage: test
+ only:
+ refs:
+ - dev
+ - master
+ needs:
+ - build-frontend
+ script:
+ - "yarn --cwd ./dbrepo-ui install"
+ - "yarn --cwd ./dbrepo-ui run test:unit || true"
+ - "yarn --cwd ./dbrepo-ui run coverage || true"
+ - "cat ./dbrepo-ui/coverage/cobertura-coverage.xml | grep -o 'line-rate=\"[0-9.]*' | head -1 || true"
+ artifacts:
+ when: always
+ paths:
+ - ./dbrepo-ui/coverage/
+ expire_in: 1 days
+ reports:
+ coverage_report:
+ coverage_format: cobertura
+ path: ./dbrepo-ui/coverage/cobertura-coverage.xml
+ coverage: '/TOTAL.*?([0-9]{1,3})%/'
+
+scan-analyse-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-analyse-service-report.json docker.io/dbrepo/analyse-service:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/analyse-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/analyse-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-analyse-service-report.json
+
+scan-authentication-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-authentication-service-report.json docker.io/dbrepo/authentication-service:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/authentication-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/authentication-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-authentication-service-report.json
+
+scan-broker-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-broker-service-report.json docker.io/dbrepo/broker-service:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/broker-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/broker-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-broker-service-report.json
+
+scan-gateway-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-gateway-service-report.json docker.io/nginx:1.25.0-alpine-slim
+ - trivy image --insecure --exit-code 0 docker.io/nginx:1.25.0-alpine-slim
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/nginx:1.25.0-alpine-slim
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-gateway-service-report.json
+
+scan-metadata-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-service-report.json docker.io/dbrepo/metadata-service:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-metadata-service-report.json
+
+scan-data-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-service-report.json docker.io/dbrepo/data-service:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/data-service:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/data-service:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-data-service-report.json
+
+scan-search-db:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-report.json docker.io/dbrepo/search-db:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-search-db-report.json
+
+scan-search-dashboard:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-dashboard-report.json docker.io/opensearchproject/opensearch-dashboards:2.10.0
+ - trivy image --insecure --exit-code 0 docker.io/opensearchproject/opensearch-dashboards:2.10.0
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/opensearchproject/opensearch-dashboards:2.10.0
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-search-dashboard-report.json
+
+scan-search-db-init:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-search-db-init-report.json docker.io/dbrepo/search-db-init:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/search-db-init:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/search-db-init:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-search-db-init-report.json
+
+scan-data-db:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-data-db-report.json docker.io/bitnami/mariadb:11.2.2-debian-11-r0
+ - trivy image --insecure --exit-code 0 docker.io/bitnami/mariadb:11.2.2-debian-11-r0
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/bitnami/mariadb:11.2.2-debian-11-r0
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-data-db-report.json
+
+scan-metadata-db:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-metadata-db-report.json docker.io/dbrepo/metadata-db:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/metadata-db:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/metadata-db:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-metadata-db-report.json
+
+scan-ui:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-ui-report.json docker.io/dbrepo/ui:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/ui:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/ui:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-ui-report.json
+
+scan-storage-service:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-report.json docker.io/chrislusf/seaweedfs:3.59
+ - trivy image --insecure --exit-code 0 docker.io/chrislusf/seaweedfs:3.59
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/chrislusf/seaweedfs:3.59
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-storage-service-report.json
+
+scan-storage-service-init:
+ image: bitnami/trivy:latest
+ stage: scan
+ only:
+ refs:
+ - master
+ allow_failure: true
+ script:
+ - trivy image --insecure --exit-code 0 --format template --template "@.trivy/gitlab.tpl" -o ./.trivy/trivy-storage-service-init-report.json docker.io/dbrepo/storage-service-init:latest
+ - trivy image --insecure --exit-code 0 docker.io/dbrepo/storage-service-init:latest
+ - trivy image --insecure --exit-code 1 --severity CRITICAL docker.io/dbrepo/storage-service-init:latest
+ cache:
+ paths:
+ - .trivycache/
+ artifacts:
+ when: always
+ expire_in: 1 days
+ reports:
+ container_scanning: ./.trivy/trivy-storage-service-init-report.json
+
+docs-registry:
+ stage: docs
+ image: docker.io/python:3.11-slim
+ only:
+ refs:
+ - /^release-.*/
+ script:
+ - pip install -r ./requirements.txt
+ - python3 .docs/docker/release.py
+
+release-images:
+ stage: release
+ image: docker:24-dind
+ needs:
+ - test-metadata-service
+ - test-data-service
+ - test-analyse-service
+ - test-frontend
+ only:
+ refs:
+ - /^release-.*/
+ before_script:
+ - echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
+ - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+ script:
+ - "ifconfig eth0 mtu 1450 up"
+ - "apk add make bash"
+ - "TAG=${APP_VERSION} make release"
+
+release-chart:
+ stage: release
+ image: docker:24-dind
+ only:
+ refs:
+ - /^release-.*/
+ before_script:
+ - echo "$CI_REGISTRY2_PASSWORD" | docker login --username "$CI_REGISTRY2_USER" --password-stdin $CI_REGISTRY2_URL
+ script:
+ - apk add sed helm curl
+ - 'sed -i -e "s/^version:.*/version: \"${CHART_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+ - 'sed -i -e "s/^appVersion:.*/appVersion: \"${APP_VERSION}\"/g" ./helm-charts/dbrepo/Chart.yaml'
+ - find ./helm-charts -type f -exec sed -i -e "s/__CHARTVERSION__/${CHART_VERSION}/g" {} \;
+ - helm package ./helm-charts/dbrepo --destination ./build
+ - helm push "./build/dbrepo-${CHART_VERSION}.tgz" "oci://${CI_REGISTRY2_URL}/helm"
release-docs:
stage: release
--
GitLab