-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
156 lines (156 loc) · 3.25 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
image:
name: python:latest
pull_policy: always
variables:
PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
CODECOV_TOKEN: "ad646b4d-8d41-4b6c-912e-09a09ac2d097"
cache:
paths:
- .cache/pip
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
before_script:
- pip install tox
stages:
- linting
- locale
- unit-tests
- static-analysis
- documentation
- packaging
- publishing
pep8:
stage: linting
script:
- tox -e pep8
pylint:
stage: linting
allow_failure: true
script:
- tox -e pylint
locale:
stage: locale
allow_failure: true
# Check that pot file is up to date
script:
- cp radloggerpy/locale/radloggerpy.pot radloggerpy/locale/radloggerpy.pot.ref
- tox -e extract_messages
- tox -e update_catalog
- tox -e compile_catalog
- bash scripts/locale-diff.sh
- rm radloggerpy/locale/radloggerpy.pot.ref
artifacts:
when: always
paths:
- radloggerpy/locale/
expire_in: 7 days
lower_constraints:
stage: unit-tests
image: python:3.8-buster
dependencies:
- locale
script:
- tox -e py38-lower-constraints
unit_test_base:
stage: unit-tests
parallel:
matrix:
- PY_VERSION: [8, 9, 10]
dependencies:
- locale
image: python:3.${PY_VERSION}-buster
script:
- tox -e py3${PY_VERSION}
coverage:
stage: unit-tests
image: python:3.11-buster
dependencies:
- locale
script:
- pip install codecov
- tox -e coverage
- codecov -f coverage.xml
coverage: '/(?i)TOTAL.*? ([1-9]?\d(?:\.\d+)?\%)/'
artifacts:
reports:
coverage_report:
coverage_format: cobertura
path: coverage.xml
paths:
- htmlcov/*
expire_in: 7 days
sast:
variables:
SAST_EXCLUDED_ANALYZERS: brakeman, flawfinder, kubesec, nodejs-scan, phpcs-security-audit,
pmd-apex, security-code-scan, sobelow, spotbugs
stage: static-analysis
before_script:
- python3 --version
dependency_scanning:
stage: static-analysis
before_script:
- uname
secret_detection:
stage: static-analysis
before_script:
- uname
bandit:
stage: static-analysis
script:
- tox -e bandit
docs:
stage: documentation
script:
- tox -e docs
artifacts:
paths:
- doc/build/*
expire_in: 7 days
pages:
stage: documentation
dependencies:
- docs
needs:
- docs
script:
- mkdir public
- mv doc/build/html/* public/
rules:
- if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
artifacts:
paths:
- public
expire_in: 1h
config:
stage: documentation
script:
- tox -e genconfig
artifacts:
paths:
- etc/
expire_in: 7 days
build-wheel:
stage: packaging
script:
- tox -e build
dependencies:
- locale
artifacts:
paths:
- dist/
expire_in: 7 days
publish-wheel:
stage: publishing
dependencies:
- build-wheel
rules:
- if: '$CI_COMMIT_TAG && $CI_COMMIT_REF_PROTECTED == "true"'
variables:
TWINE_PASSWORD: "${CI_JOB_TOKEN}"
TWINE_USERNAME: "gitlab-ci-token"
script:
- pip install twine
- git status # check if clean
- python -m twine upload --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*