variables: PROJECT_NAME: glitchtip PIP_DISABLE_PIP_VERSION_CHECK: "on" POSTGRES_HOST_AUTH_METHOD: "trust" UV_VERSION: 0.4 BASE_LAYER: bookworm UV_SYSTEM_PYTHON: "true" UV_PYTHON_DOWNLOADS: "never" UV_PROJECT_ENVIRONMENT: "/usr/local" UV_CACHE_DIR: ".uv-cache" DEBUG: "true" include: - template: SAST.gitlab-ci.yml - template: Dependency-Scanning.gitlab-ci.yml - template: Secret-Detection.gitlab-ci.yml workflow: rules: - when: always test: image: ghcr.io/astral-sh/uv:$UV_VERSION-python$PYTHON_VERSION-$BASE_LAYER variables: SECRET_KEY: testing ENABLE_TEST_API: "true" ENABLE_OPEN_USER_REGISTRATION: "true" services: - postgres:$POSTGRES_VERSION cache: - key: ${CI_COMMIT_REF_SLUG}${VERSION} files: - uv.lock paths: - $UV_CACHE_DIR cache: paths: - .cache/pip script: - uv sync --frozen --no-install-project - uv run ./manage.py test - uv cache prune --ci rules: - if: $CI_PIPELINE_SOURCE != "schedule" parallel: matrix: - PYTHON_VERSION: '3.11' POSTGRES_VERSION: '13' - PYTHON_VERSION: '3.12' POSTGRES_VERSION: '16' lint: image: python:3.13-slim script: - pip install ruff - ruff check glitchtip/ apps/ rules: - if: $CI_PIPELINE_SOURCE != "schedule" build: image: docker:27 rules: # Run only on protected branches that are not tagged and not merge requests - if: '$CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_TAG =~ "/^$/"' services: - docker:27-dind script: - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME//\//-} --build-arg IS_CI="True" . - docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME//\//-} rules: - if: $CI_PIPELINE_SOURCE != "schedule" buildx: image: docker:25-git variables: GIT_STRATEGY: none artifacts: paths: - buildx expire_in: 1 hour services: - docker:27-dind script: - export DOCKER_BUILDKIT=1 - git clone https://github.com/docker/buildx.git ./docker-buildx - docker build --platform=local -o . ./docker-buildx rules: - if: $CI_PIPELINE_SOURCE =~ "schedule" when: never - if: $CI_COMMIT_TAG =~ /^v\d+.\d+.\d+/ build_arm_x86: image: docker:27 needs: - buildx services: - docker:27-dind before_script: - mkdir -p ~/.docker/cli-plugins - mv buildx ~/.docker/cli-plugins/docker-buildx - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes script: - wget https://gitlab.com/api/v4/projects/15449363/jobs/artifacts/$CI_COMMIT_TAG/download?job=build-assets -O assets.zip - unzip assets.zip - rm assets.zip - mv dist/glitchtip-frontend/browser/* dist/ - rmdir dist/glitchtip-frontend/browser/ - VERSION=${CI_COMMIT_REF_NAME#*v} - MINOR_VERSION=$(echo "$CI_COMMIT_REF_NAME" | sed 's/\.[^.]*$//') - echo "Build version $VERSION ci registry image $CI_REGISTRY_IMAGE commit ref $CI_COMMIT_REF_NAME" - docker login -u ${DOCKER_CI_REGISTRY_USER} -p ${DOCKER_CI_REGISTRY_PASSWORD} - docker buildx create --use - docker buildx build --platform linux/arm64/v8,linux/amd64 --push -t ${DOCKER_CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME} -t ${DOCKER_CI_REGISTRY_IMAGE}:${MINOR_VERSION} -t ${DOCKER_CI_REGISTRY_IMAGE}:latest --build-arg IS_CI="True" --build-arg GLITCHTIP_VERSION=$VERSION --build-arg COLLECT_STATIC="True" . rules: - if: $CI_PIPELINE_SOURCE =~ "schedule" when: never - if: '$CI_COMMIT_TAG =~ /^v\d+.\d+.\d+/ && $CI_COMMIT_REF_PROTECTED == "true"' update_deps: image: renovate/renovate:39 variables: RENOVATE_PLATFORM: gitlab RENOVATE_ENDPOINT: https://gitlab.com/api/v4 RENOVATE_TOKEN: $GITLAB_ACCESS_TOKEN RENOVATE_REPOSITORIES: glitchtip/glitchtip-backend rules: - if: $CI_PIPELINE_SOURCE == "schedule" script: renovate