variables:
BUILD_VERSION: ""
HOSTALIASES: "./hosts"
DOCKER_HOST: "unix:///var/run/dind/docker.sock"
DOCKER_VERSION: "27"
TESTCONTAINERS_RYUK_DISABLED: "false"
ALPINE_VERSION: "3.21"
PYTHON_VERSION: "3.11"
JAVA_VERSION: "17"
NODE_VERSION: "18"
SONARQUBE_VERSION: "10.0"
BUN_VERSION: "1.1.40"
DOC_VERSION: "1.7"
APP_VERSION: "1.7.3"
CHART_VERSION: "1.7.3"
SUPPORTED_VERSIONS: "[\"1.7.0\",\"1.7.1\",\"1.7.2\",\"1.7.3\"]"
CACHE_FALLBACK_KEY: "${CI_DEFAULT_BRANCH}"
# This will supress any download for dependencies and plugins or upload messages which would clutter the console log.
# `showDateTime` will show the passed time in milliseconds. You need to specify `--batch-mode` to make this work.
MAVEN_OPTS: "-Dhttps.protocols=TLSv1.2 -Dmaven.repo.local=$CI_PROJECT_DIR/.m2/repository -Dorg.slf4j.simpleLogger.log.org.apache.maven.cli.transfer.Slf4jMavenTransferListener=WARN -Dorg.slf4j.simpleLogger.showDateTime=true -Djava.awt.headless=true -Dstyle.color=always"
# As of Maven 3.3.0 instead of this you may define these options in `.mvn/maven.config` so the same config is used
# when running from the command line.
# `installAtEnd` and `deployAtEnd` are only effective with recent version of the corresponding plugins.
MAVEN_CLI_OPTS: "--batch-mode --errors --fail-at-end --show-version -DinstallAtEnd=true -DdeployAtEnd=true"
image: debian:12-slim
# Cache downloaded dependencies and plugins between builds.
# To keep cache across branches add 'key: "$CI_JOB_NAME"'
cache:
key: ${CI_COMMIT_REF_SLUG}
paths:
- .m2/repository
workflow:
rules:
- if: $CI_COMMIT_REF_NAME == "dev"
variables:
BUILD_VERSION: "-dev.git.${CI_COMMIT_SHORT_SHA}"
- when: always
stages:
- lint
- build
- test
- docs
- clean
- release
- verify
- scan
lint-docker-compose:
image: docker.io/alpine:${ALPINE_VERSION}
stage: lint
variables:
VERSION: 4.45.1
BINARY: yq_linux_amd64
before_script:
- 'apk --no-cache add bash wget'
- 'wget https://github.com/mikefarah/yq/releases/download/v${VERSION}/${BINARY} -O /usr/bin/yq && chmod +x /usr/bin/yq'
script:
- "bash .scripts/check-compose.sh"
- "diff <(yq '.volumes' docker-compose.yml) <(yq '.volumes' .docker/docker-compose.yml)"
- "IGNORE_IMAGE=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-analyse-service'"
- "IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-auth-db'"
- "IGNORE_IMAGE=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-auth-service'"
- "IGNORE_VOLUMES=1 IGNORE_IMAGE=1 bash .scripts/check-service.sh 'dbrepo-auth-service-init'"
- "IGNORE_IMAGE=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-broker-service'"
- "IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-dashboard-service'"
- "bash .scripts/check-service.sh 'dbrepo-data-db'"
- "IGNORE_IMAGE=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-data-service'"
- "IGNORE_VOLUMES=1 bash .scripts/check-service.sh 'dbrepo-gateway-service'"
- "IGNORE_VOLUMES=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-identity-service'"
- "IGNORE_VOLUMES=1 bash .scripts/check-service.sh 'dbrepo-metadata-db'"
- "IGNORE_IMAGE=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-metadata-service'"
- "IGNORE_VOLUMES=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-metric-db'"
- "IGNORE_IMAGE=1 bash .scripts/check-service.sh 'dbrepo-search-db'"
- "IGNORE_IMAGE=1 IGNORE_PORTS=1 bash .scripts/check-service.sh 'dbrepo-search-service'"
- "IGNORE_IMAGE=1 bash .scripts/check-service.sh 'dbrepo-search-service-init'"
- "IGNORE_VOLUMES=1 bash .scripts/check-service.sh 'dbrepo-storage-service'"
- "IGNORE_VOLUMES=1 IGNORE_IMAGE=1 bash .scripts/check-service.sh 'dbrepo-storage-service-init'"
- "IGNORE_IMAGE=1 bash .scripts/check-service.sh 'dbrepo-ui'"
- "IGNORE_VOLUMES=1 bash .scripts/check-service.sh 'dbrepo-upload-service'"
lint-helm-chart:
image: docker.io/alpine:${ALPINE_VERSION}
stage: lint
before_script:
- apk --no-cache add helm git bash
- cp ./helm/dbrepo/values.schema.json ./CI_values.schema.json
- helm plugin install https://github.com/losisin/helm-values-schema-json.git
- helm package ./helm/seaweedfs --destination ./build
- helm registry login --username "${CI_REGISTRY_USER}" --password "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY_URL}"
- helm registry login --username "${CI_REGISTRY2_USER}" --password "${CI_REGISTRY2_PASSWORD}" "${CI_REGISTRY2_URL}"
script:
- bash .scripts/check-helm.sh
- helm lint ./helm/dbrepo
- helm schema -input ./helm/dbrepo/values.yaml -output ./helm/dbrepo/values.schema.json
- diff ./CI_values.schema.json ./helm/dbrepo/values.schema.json
artifacts:
when: always
paths:
- ./helm/dbrepo/values.schema.json
expire_in: 1 days
lint-helm-readme:
image: docker.io/node:${NODE_VERSION}-alpine${ALPINE_VERSION}
stage: lint
before_script:
- apk --no-cache add alpine-sdk bash git
- cp ./helm/dbrepo/README.md ./CI_README.md
- git clone https://github.com/bitnami/readme-generator-for-helm
- (cd ./readme-generator-for-helm && npm install && npm install -g pkg && pkg . -o /usr/local/sbin/readme-generator)
script:
- readme-generator --readme ./helm/dbrepo/README.md --values ./helm/dbrepo/values.yaml
- diff ./CI_README.md ./helm/dbrepo/README.md
artifacts:
when: always
paths:
- ./helm/dbrepo/README.md
expire_in: 1 days
lint-helm-files:
image: docker.io/alpine:${ALPINE_VERSION}
stage: lint
script:
- diff dbrepo-metadata-db/1_setup-schema.sql helm/dbrepo/files/01-setup-schema.sql
lint-open-api-version:
image: docker.io/alpine:${ALPINE_VERSION}
stage: lint
variables:
VERSION: 4.45.1
BINARY: yq_linux_amd64
before_script:
- echo "${DOC_VERSION}" > ./doc-version.txt
- echo "${APP_VERSION}" > ./app-version.txt
- 'apk --no-cache add bash wget'
- 'wget https://github.com/mikefarah/yq/releases/download/v${VERSION}/${BINARY} -O /usr/bin/yq && chmod +x /usr/bin/yq'
script:
- yq '.externalDocs.url' ./.docs/.openapi/api.base.yaml | grep -o "${DOC_VERSION}" > ./openapi-doc-version.txt
- diff ./openapi-doc-version.txt ./doc-version.txt
- yq '.info.version' ./.docs/.openapi/api.base.yaml | grep -o "${APP_VERSION}" > ./openapi-app-version.txt
- diff ./openapi-app-version.txt ./app-version.txt
build-metadata-service:
image: maven:3-openjdk-${JAVA_VERSION}
stage: build
only:
- merge_requests
- master
script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install $MAVEN_OPTS -DskipTests"
# Compiled classes are needed for SonarQube in later stages
artifacts:
when: always
paths:
- ./dbrepo-metadata-service/test/target/classes
- ./dbrepo-metadata-service/services/target/classes
- ./dbrepo-metadata-service/repositories/target/classes
- ./dbrepo-metadata-service/rest-service/target/classes
- ./dbrepo-metadata-service/api/target/classes
- ./dbrepo-metadata-service/oai/target/classes
- ./dbrepo-metadata-service/entities/target/classes
expire_in: 1 days
build-analyse-service:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: build
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
script:
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
build-lib:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: build
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./lib/python/Pipfile"
script:
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
build-data-service:
image: maven:3-openjdk-${JAVA_VERSION}
stage: build
only:
- merge_requests
- master
needs:
- build-metadata-service
dependencies:
- build-metadata-service
before_script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install $MAVEN_OPTS -DskipTests"
script:
- "mvn -f ./dbrepo-data-service/pom.xml clean package $MAVEN_OPTS -DskipTests"
# Compiled classes are needed for SonarQube in later stages
artifacts:
when: always
paths:
- ./dbrepo-data-service/services/target/classes
- ./dbrepo-data-service/rest-service/target/classes
- ./dbrepo-data-service/querystore/target/classes
expire_in: 1 days
build-ui:
image: oven/bun:${BUN_VERSION}-alpine
stage: build
only:
- merge_requests
- master
script:
- "cd ./dbrepo-ui && bun install && bun run build"
build-search-service:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: build
only:
- merge_requests
- master
before_script:
- "pip install pipenv"
script:
- "cd dbrepo-search-service && pipenv install --system --deploy"
build-images:
image: docker.io/docker:${DOCKER_VERSION}-dind
stage: build
only:
- merge_requests
- master
before_script:
- "apk add --no-cache make"
- echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
script:
- docker build -q --network=host -t dbrepo-metadata-service:build --target build dbrepo-metadata-service
- docker build -q --network=host -t dbrepo-data-service:build --target build dbrepo-data-service
- docker compose build -q --parallel
build-helm:
image: docker.io/docker:${DOCKER_VERSION}-dind
stage: build
only:
- merge_requests
- tags
- /^release-.*/
before_script:
- apk add --no-cache helm make
- echo "$CI_REGISTRY_PASSWORD" | docker login --username "$CI_REGISTRY_USER" --password-stdin $CI_REGISTRY_URL
script:
- make build-helm
test-metadata-service:
image: maven:3-openjdk-${JAVA_VERSION}
stage: test
only:
- merge_requests
- master
needs:
- build-metadata-service
dependencies:
- build-metadata-service
script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean test verify $MAVEN_OPTS"
- "cat ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
artifacts:
when: always
paths:
- ./dbrepo-metadata-service/report/target/site/jacoco-aggregate/
- ./dbrepo-metadata-service/rest-service/target/surefire-reports/
expire_in: 1 days
reports:
junit: ./dbrepo-metadata-service/rest-service/target/surefire-reports/TEST-*.xml
coverage: '/Total.*?([0-9]{1,3})%/'
test-data-service:
image: maven:3-openjdk-${JAVA_VERSION}
stage: test
only:
- merge_requests
- master
needs:
- build-data-service
dependencies:
- build-data-service
script:
- "mvn -f ./dbrepo-metadata-service/pom.xml clean install -DskipTests $MAVEN_OPTS"
- "mvn -f ./dbrepo-data-service/pom.xml clean test verify $MAVEN_OPTS"
- "cat ./dbrepo-data-service/report/target/site/jacoco-aggregate/index.html | grep -o 'Total[^%]*%' | sed 's/<.*>/ /; s/Total/Jacoco Coverage Total:/'"
artifacts:
when: always
paths:
- ./dbrepo-data-service/report/target/site/jacoco-aggregate/
- ./dbrepo-data-service/rest-service/target/surefire-reports/
expire_in: 1 days
reports:
junit: ./dbrepo-data-service/rest-service/target/surefire-reports/TEST-*.xml
coverage: '/Total.*?([0-9]{1,3})%/'
test-analyse-service:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: test
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
needs:
- build-analyse-service
dependencies:
- build-analyse-service
script:
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
- cd ./dbrepo-analyse-service/ && coverage run --rcfile=.coveragerc -m pytest tests/test_determine_dt.py tests/test_determine_pk.py tests/test_s3_client.py && coverage html && coverage xml && coverage report > ./coverage.txt
- "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts:
when: always
paths:
- ./dbrepo-analyse-service/coverage.xml
- ./dbrepo-analyse-service/coverage.txt
expire_in: 1 days
reports:
junit: ./dbrepo-analyse-service/coverage.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/'
test-auth-service-init:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: test
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./dbrepo-auth-service/init/Pipfile"
before_script:
- "apk add --no-cache alpine-sdk gcc python3-dev mariadb-connector-c-dev"
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
script:
- cd ./dbrepo-auth-service/init/ && coverage run --rcfile=.coveragerc -m pytest tests/test_unit_app.py && coverage html && coverage xml && coverage report > ./coverage.txt
- "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts:
when: always
paths:
- ./dbrepo-auth-service/init/coverage.xml
- ./dbrepo-auth-service/init/coverage.txt
expire_in: 1 days
reports:
junit: ./dbrepo-auth-service/init/coverage.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/'
test-search-service:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: test
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./dbrepo-search-service/Pipfile"
needs:
- build-search-service
dependencies:
- build-search-service
before_script:
- "cp -r ./dbrepo-search-service/init/clients ./dbrepo-search-service"
- "cp -r ./dbrepo-search-service/init/omlib ./dbrepo-search-service"
- "cp -r ./dbrepo-search-service/init/tests/rsa ./dbrepo-search-service/tests"
- "cp ./dbrepo-search-service/init/tests/test_keycloak_client.py ./dbrepo-search-service/tests"
- "cp ./dbrepo-search-service/init/tests/test_opensearch_client.py ./dbrepo-search-service/tests"
- "cp ./dbrepo-search-service/init/friendly_names_overrides.json ./dbrepo-search-service/friendly_names_overrides.json"
script:
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
- cd ./dbrepo-search-service/ && coverage run --rcfile=.coveragerc -m pytest tests/test_app.py tests/test_jwt.py tests/test_opensearch_client.py tests/test_keycloak_client.py && coverage html && coverage xml && coverage report > ./coverage.txt
- "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts:
when: always
paths:
- ./dbrepo-search-service/coverage.xml
- ./dbrepo-search-service/coverage.txt
expire_in: 1 days
reports:
junit: ./dbrepo-search-service/coverage.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/'
test-search-service-init:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: test
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./dbrepo-search-service/init/Pipfile"
needs:
- build-search-service
dependencies:
- build-search-service
script:
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
- cd ./dbrepo-search-service/init/ && coverage run --rcfile=.coveragerc -m pytest tests/test_app.py tests/test_keycloak_client.py tests/test_opensearch_client.py && coverage html && coverage xml && coverage report > ./coverage.txt
- "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts:
when: always
paths:
- ./dbrepo-search-service/coverage.xml
- ./dbrepo-search-service/coverage.txt
expire_in: 1 days
reports:
junit: ./dbrepo-search-service/coverage.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/'
test-lib:
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
stage: test
only:
- merge_requests
- master
variables:
PIPENV_PIPFILE: "./lib/python/Pipfile"
needs:
- build-lib
dependencies:
- build-lib
script:
- "pip install pipenv"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
- cd ./lib/python/ && coverage run --rcfile=.coveragerc -m pytest tests/test_unit_container.py tests/test_unit_messages.py tests/test_unit_image.py tests/test_unit_concept.py tests/test_unit_database.py tests/test_unit_identifier.py tests/test_unit_license.py tests/test_unit_query.py tests/test_unit_rest_client.py tests/test_unit_table.py tests/test_unit_user.py tests/test_unit_view.py tests/test_unit_unit.py && coverage html && coverage xml && coverage report > ./coverage.txt
- "cat ./coverage.txt | grep -o 'TOTAL[^%]*%'"
artifacts:
when: always
paths:
- ./lib/python/coverage.xml
- ./lib/python/coverage.txt
expire_in: 1 days
reports:
junit: ./lib/python/coverage.xml
coverage: '/TOTAL.*?([0-9]{1,3})%/'
test-ui:
image: docker.io/docker:${DOCKER_VERSION}-dind
stage: test
only:
- merge_requests
- master
needs:
- build-ui
dependencies:
- build-ui
before_script:
- "apk add --no-cache bash apache2-utils"
- "docker compose build dbrepo-ui"
- "docker run --name dbrepo-ui -e NODE_OPTIONS='--max_old_space_size=256' -p 3000:3000 -d dbrepo-ui:latest"
script:
- "sleep 30"
- "ENDPOINT=http://localhost:3000 bash ./dbrepo-ui/tests/test_heap.sh"
clean-images:
stage: clean
image: docker:${DOCKER_VERSION}-dind
only:
refs:
- tags
- dev
before_script:
- "docker logout ${CI_REGISTRY_URL}"
- "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin ${CI_REGISTRY_URL}"
- "docker logout ${CI_REGISTRY2_URL}"
- "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin ${CI_REGISTRY2_URL}"
- "apk add --no-cache wget bash"
- "wget -O /usr/local/sbin/regctl https://github.com/regclient/regclient/releases/download/v0.8.2/regctl-linux-amd64"
- "chmod +x /usr/local/sbin/regctl"
script:
- bash ./.gitlab/remove-unsupported-images.sh
release-images:
stage: release
image: docker:${DOCKER_VERSION}-dind
dependencies:
- clean-images
- test-analyse-service
- test-auth-service-init
- test-data-service
- test-lib
- test-metadata-service
- test-search-service
- test-search-service-init
- test-ui
only:
- tags
- dev
before_script:
- "docker logout ${CI_REGISTRY_URL}"
- "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin ${CI_REGISTRY_URL}"
- "docker logout ${CI_REGISTRY2_URL}"
- "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin ${CI_REGISTRY2_URL}"
script:
- docker build -q --network=host -t dbrepo-metadata-service:build --target build dbrepo-metadata-service
- docker build -q --network=host -t dbrepo-data-service:build --target build dbrepo-data-service
- docker compose build -q --parallel
- docker tag dbrepo-analyse-service:latest "${CI_REGISTRY2_URL}/analyse-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-dashboard-service:latest "${CI_REGISTRY2_URL}/dashboard-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-ui:latest "${CI_REGISTRY2_URL}/ui:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-data-service:latest "${CI_REGISTRY2_URL}/data-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-auth-service-init:latest "${CI_REGISTRY2_URL}/auth-service-init:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-metadata-service:latest "${CI_REGISTRY2_URL}/metadata-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-search-db:latest "${CI_REGISTRY2_URL}/search-db:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-search-service:latest "${CI_REGISTRY2_URL}/search-service:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-search-service-init:latest "${CI_REGISTRY2_URL}/search-service-init:${APP_VERSION}${BUILD_VERSION}"
- docker tag dbrepo-storage-service-init:latest "${CI_REGISTRY2_URL}/storage-service-init:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/analyse-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/dashboard-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/ui:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/data-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/auth-service-init:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/search-db:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/metadata-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/search-service:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/search-service-init:${APP_VERSION}${BUILD_VERSION}"
- docker push "${CI_REGISTRY2_URL}/storage-service-init:${APP_VERSION}${BUILD_VERSION}"
release-helm:
stage: release
image: docker:${DOCKER_VERSION}-dind
only:
- tags
needs:
- build-helm
dependencies:
- build-helm
before_script:
- "apk add --no-cache sed helm make gpg gpg-agent"
- "docker logout ${CI_REGISTRY_URL}"
- "echo ${CI_REGISTRY_PASSWORD} | docker login --username ${CI_REGISTRY_USER} --password-stdin ${CI_REGISTRY_URL}"
- "docker logout ${CI_REGISTRY2_URL}"
- "echo ${CI_REGISTRY2_PASSWORD} | docker login --username ${CI_REGISTRY2_USER} --password-stdin ${CI_REGISTRY2_URL}"
- "mkdir -m 0700 -p ~/.gnupg"
- echo "${CI_GPG_SECRING}" | base64 -d > ~/.gnupg/secring.gpg
- echo "${CI_GPG_PUBRING}" | base64 -d > ~/.gnupg/pubring.gpg
- echo "${CI_GPG_OWNER_TRUST}" | base64 -d > ~/.gnupg/trustdb.gpg
- helm registry login --username "${CI_REGISTRY_USER}" --password "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY_URL}"
- helm registry login --username "${CI_REGISTRY2_USER}" --password "${CI_REGISTRY2_PASSWORD}" "${CI_REGISTRY2_URL}"
- make build-helm
- ls -la ~/.gnupg
- "gpg --import-ownertrust ~/.gnupg/trustdb.gpg"
- "helm package ./helm/dbrepo --sign --key 'Martin Weise' --keyring ~/.gnupg/secring.gpg --destination ./build"
- "helm plugin install https://github.com/sigstore/helm-sigstore"
script:
- "helm push ./build/dbrepo-${CHART_VERSION}.tgz oci://${CI_REGISTRY2_URL}/helm"
- "helm sigstore upload --keyring ~/.gnupg/pubring.gpg ./build/dbrepo-${CHART_VERSION}.tgz"
release-docs:
stage: release
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
only:
refs:
- /^release-.*/
before_script:
- "apk add --no-cache alpine-sdk bash sed wget openssh jq curl"
- "pip install pipenv"
- "pipenv install --dev --system --deploy"
- "mkdir -p ./final/${DOC_VERSION}/rest"
- "mkdir -p ./final/${APP_VERSION}"
script:
- "make gen-lib-doc gen-docs-doc package-config"
- "cp -r ./lib/python/docs/build/html ./final/${DOC_VERSION}/python" # sphinx
- "cp .docs/.openapi/api.yaml ./final/${DOC_VERSION}/rest/api.yaml" # openapi
- "cp .docs/.openapi/swagger-ui.html ./final/${DOC_VERSION}/rest/index.html" # openapi
- "cp .docs/.openapi/custom.css ./final/${DOC_VERSION}/rest/custom.css" # openapi
- "cp -r ./site/* ./final/${DOC_VERSION}" # mkdocs
- "cp .docker/dist.tar.gz ./final/${APP_VERSION}/dist.tar.gz" # dist
- "cp .docs/index.html.tpl ./final/index.html" # redirect patch docs
- sed -i "s/DOC_VERSION/$DOC_VERSION/g" ./final/index.html
- "bash ./.gitlab/gen-badge.sh"
- eval $(ssh-agent -s)
- "mkdir -p /root/.ssh"
- echo "$CI_KEY_PRIVATE" > /root/.ssh/id_rsa && chmod 0600 /root/.ssh/id_rsa
- echo "$CI_KEY_PUBLIC" > /root/.ssh/id_rsa.pub
- echo "$CI_DOC_ID" > ~/.ssh/known_hosts
- tar czf ./final.tar.gz ./final
- "scp -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa final.tar.gz $CI_DOC_USER@$CI_DOC_IP:final.tar.gz"
- "scp -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa versions.json $CI_DOC_USER@$CI_DOC_IP:/system/user/ifs/infrastructures/public_html/dbrepo/versions.json"
- "scp -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa .docs/index.html.tpl $CI_DOC_USER@$CI_DOC_IP:/system/user/ifs/infrastructures/public_html/dbrepo/index.html"
- 'ssh -oHostKeyAlgorithms=+ssh-rsa -oPubkeyAcceptedAlgorithms=+ssh-rsa $CI_DOC_USER@$CI_DOC_IP "rm -rf /system/user/ifs/infrastructures/public_html/dbrepo/${DOC_VERSION}; tar xzf ./final.tar.gz; rm -f ./final.tar.gz; cp -r ./final/* /system/user/ifs/infrastructures/public_html/dbrepo; rm -rf ./final"'
release-libs:
stage: release
image: docker.io/python:${PYTHON_VERSION}-alpine${ALPINE_VERSION}
only:
- tags
variables:
PIPENV_PIPFILE: "./dbrepo-analyse-service/Pipfile"
before_script:
- "apk add sed bash"
- "pip install pipenv twine build"
- "pipenv install gunicorn && pipenv install --dev --system --deploy"
script:
- bash ./lib/python/package.sh
- bash ./lib/python/release.sh
verify-install-script:
image: docker.io/docker:${DOCKER_VERSION}-dind
stage: verify
only:
refs:
- /^release-.*/
variables:
SKIP_CHECKS: 1
before_script:
- "apk add bash curl"
script:
- "curl -sSL https://gitlab.phaidra.org/fair-data-austria-db-repository/fda-services/-/raw/release-${DOC_VERSION}/install.sh | bash | grep 'Success!'"
verify-dist:
image: docker.io/alpine:${ALPINE_VERSION}
stage: verify
only:
refs:
- /^release-.*/
before_script:
- "apk add curl"
script:
- "curl -v --output /dev/null --fail https://www.ifs.tuwien.ac.at/infrastructures/dbrepo/${APP_VERSION}/dist.tar.gz"
scan-sonarqube:
image: sonarsource/sonar-scanner-cli:${SONARQUBE_VERSION}
stage: scan
only:
- master
needs:
- build-data-service
- build-metadata-service
dependencies:
- build-data-service
- build-metadata-service
script:
- 'sonar-scanner -Dsonar.token="${CI_SONAR_TOKEN}"'
allow_failure: true
cache:
policy: pull
key: "${CI_COMMIT_SHORT_SHA}"
paths:
- sonar-scanner/