-
Notifications
You must be signed in to change notification settings - Fork 19
/
.gitlab-ci.yml
196 lines (176 loc) · 7.29 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
image: docker:git
services:
- docker:dind
stages:
- deploy
- build
- catapult
- publiccode
- release
variables:
MAVEN_OPTS: "-Djava.awt.headless=true -Dsonar.host.url=$SONAR_HOST_URL"
MAVEN_CLI_OPTS: "-s .m2/settings.xml -DskipTests -Dmaven.repo.local=./.m2/repository -Dnexus.url=$NEXUS_URL -Dnexus.login=$NEXUS_USERNAME -Dnexus.pwd=$NEXUS_PASSWORD -Drepository.base.url=$CMIS_BASE_URL -Dsiper.url=$SIPER_URL -Dsiper.username=$SIPER_USERNAME -Dsiper.password=$SIPER_PASSWORD -Dpec.username=$PEC_USERNAME -Dpec.password=$PEC_PASSWORD -Dio.subscriptionkey=$IO_SUBSCRIPTIONKEY -Dpagopa.govpay.password=$GOVPAY_PASSWORD -Djava.awt.headless=true --batch-mode --errors --fail-at-end --show-version"
MAVEN_CLI_CENTRAL_OPTS: "-s .m2/settings.xml -Dmaven.repo.local=./.m2/repository -Pprod,maven-central,release-version,docs -Dnexus.url=$NEXUS_URL -Dsonatype.login=$SONATYPE_USERNAME -Dsonatype.pwd=$SONATYPE_PASSWORD -DskipTests --batch-mode --errors --fail-at-end --show-version"
CONTAINER_TEST_IMAGE: $CI_PROJECT_PATH:$CI_COMMIT_REF_NAME
CONTAINER_RELEASE_IMAGE: $CI_PROJECT_PATH:latest
cache:
paths:
- ./.m2/repository
# keep cache across branch
key: "$CI_PROJECT_PATH"
maven-deploy:
stage: deploy
image: maven:alpine
before_script:
- apk add --update nodejs nodejs-npm ttf-dejavu && rm -rf /var/cache/apk/*
script: "mvn clean deploy $MAVEN_CLI_OPTS -Pprod -Dspring.profiles.active=siper"
artifacts:
paths:
- cool-jconon-webapp/target/*.war
only:
variables:
- $CI_COMMIT_MESSAGE !~ /prepare release/ && $CI_COMMIT_MESSAGE !~ /prepare for next development iteration/
refs:
- master
maven-install:
stage: deploy
image: maven:alpine
script: "mvn clean install $MAVEN_CLI_OPTS"
artifacts:
paths:
- cool-jconon-webapp/target/*.war
except:
- master
- tags
maven-deploy-tag:
stage: deploy
image: maven:alpine
before_script:
- apk add --update nodejs nodejs-npm && rm -rf /var/cache/apk/*
script: "mvn clean deploy $MAVEN_CLI_OPTS -Pprod -DskipTests"
artifacts:
paths:
- cool-jconon-webapp/target/*.war
only:
- tags
#Ad ogni nuovo tag viene fatta la push sul docker hub.
docker-build-push-hub:
stage: build
script:
- docker build -t $CI_PROJECT_NAME:$CI_COMMIT_REF_NAME .
- docker login -u $DOCKER_HUB_USER -p $DOCKER_HUB_PASSWORD
- docker tag $CI_PROJECT_NAME:$CI_COMMIT_REF_NAME $DOCKER_HUB_ORGANIZATION/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME
- docker tag $CI_PROJECT_NAME:$CI_COMMIT_REF_NAME $DOCKER_HUB_ORGANIZATION/$CI_PROJECT_NAME:latest
- docker push $DOCKER_HUB_ORGANIZATION/$CI_PROJECT_NAME:$CI_COMMIT_REF_NAME
- docker push $DOCKER_HUB_ORGANIZATION/$CI_PROJECT_NAME:latest
only:
- tags
#Ad ogni nuovo commit sul master viene fatta la push sul docker registry locale.
docker-build-push-master:
stage: build
script:
- docker build -t $CONTAINER_TEST_IMAGE .
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker tag $CONTAINER_TEST_IMAGE $CI_REGISTRY/$CONTAINER_RELEASE_IMAGE
- docker push $CI_REGISTRY/$CONTAINER_RELEASE_IMAGE
allow_failure: true
only:
variables:
- $CI_COMMIT_MESSAGE !~ /prepare release/ && $CI_COMMIT_MESSAGE !~ /prepare for next development iteration/
refs:
- master
#Ad ogni nuovo commit sul branch viene fatta la push sul docker registry locale.
docker-build-push-branches:
stage: build
script:
- docker build -t $CONTAINER_TEST_IMAGE .
- docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN $CI_REGISTRY
- docker tag $CONTAINER_TEST_IMAGE $CI_REGISTRY/$CONTAINER_TEST_IMAGE
- docker push $CI_REGISTRY/$CONTAINER_TEST_IMAGE
except:
- tags
- master
#Aggiorno il container con l'immagine docker creata.
catapult-deploy-image:
stage: catapult
dependencies:
- docker-build-push-branches
- docker-build-push-master
allow_failure: true
before_script:
- apk add --update curl curl-dev && rm -rf /var/cache/apk/*
script:
- >
curl --fail -s -X POST $CATAPULT_URL -H 'Content-type:application/json' --data '{"id":"'"$CI_PROJECT_PATH:$CI_COMMIT_REF_NAME"'", "git":true}'
except:
variables:
- $CI_COMMIT_MESSAGE =~ /prepare release/ || $CI_COMMIT_MESSAGE =~ /prepare for next development iteration/
refs:
- tags
#il deploy su maven central dal tag solo se il deploy della release è fallito per qualche motivo.
perform-maven-central:
stage: release
image: maven:alpine
script:
# Add gpg private key
- 'which gnupg || ( apk add --update gnupg && rm -rf /var/cache/apk/*)'
- gpg -v --list-keys
- echo "pinentry-mode loopback" > /root/.gnupg/gpg.conf
- echo "allow-loopback-pinentry" > /root/.gnupg/gpg-agent.conf
- gpg --batch --import <(echo "$GPG_PRIVATE_KEY")
- mvn clean deploy -Dgpg.passphrase=$GPG_PASSPHRASE -DskipTests -Dresume=false $MAVEN_CLI_CENTRAL_OPTS
only:
- tags
when: manual
#la release è opzionale e manuale.
perform-maven-release-maven-central:
stage: release
image: maven:alpine
script:
- 'which git || (apk add --update git && rm -rf /var/cache/apk/*)'
# Install ssh-agent if not already installed, it is required by Docker.
# (change apt-get to yum if you use a CentOS-based image)
- 'which ssh-agent || ( apk add --update openssh-client && rm -rf /var/cache/apk/*)'
- 'which nodejs || (apk add --update nodejs nodejs-npm && rm -rf /var/cache/apk/*)'
# Run ssh-agent (inside the build environment)
- eval $(ssh-agent -s)
# Add the SSH key stored in GIT_SSH_PRIV_KEY variable to the agent store
- ssh-add <(echo "$GIT_SSH_PRIV_KEY")
# For Docker builds disable host key checking. Be aware that by adding that
# you are susceptible to man-in-the-middle attacks.
# WARNING: Use this only with the Docker executor, if you use it with shell
# you will overwrite your user's SSH config.
- mkdir -p ~/.ssh
- '[[ -f /.dockerenv ]] && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config'
- git config --global user.email "marco.spasiano@cnr.it"
- git config --global user.name "marco.spasiano"
- git checkout -B "$CI_BUILD_REF_NAME"
# Add gpg private key
- 'which gnupg || ( apk add --update gnupg && rm -rf /var/cache/apk/*)'
- gpg -v --list-keys
- echo "pinentry-mode loopback" > /root/.gnupg/gpg.conf
- echo "allow-loopback-pinentry" > /root/.gnupg/gpg-agent.conf
- gpg --batch --import <(echo "$GPG_PRIVATE_KEY")
- mvn release:clean release:prepare -DreleaseVersion=$MAVEN_RELEASE_VERSION -Darguments="-Dgpg.passphrase=$GPG_PASSPHRASE -DskipTests" -Dresume=false -B $MAVEN_CLI_CENTRAL_OPTS
- mvn release:perform -Darguments="-Dgpg.passphrase=$GPG_PASSPHRASE -DskipTests" -Dresume=false -B $MAVEN_CLI_CENTRAL_OPTS
- mvn se.bjurr.gitchangelog:git-changelog-maven-plugin:git-changelog
- mvn -Pchangelog scm:checkin
only:
variables:
- $CI_COMMIT_MESSAGE !~ /prepare release/ && $CI_COMMIT_MESSAGE !~ /prepare for next development iteration/
refs:
- master
when: manual
#validate publiccode.
publiccode:
stage: publiccode
allow_failure: false
image:
name: italia/publiccode-parser-go
entrypoint: [""]
script: pcvalidate publiccode.yml
only:
variables:
- $CI_COMMIT_MESSAGE !~ /prepare release/ && $CI_COMMIT_MESSAGE !~ /prepare for next development iteration/
refs:
- master