.gitlab-ci.yml 3.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121
  1. variables:
  2. PROJECT_NAME: glitchtip
  3. IMAGE_NAME: registry.gitlab.com/glitchtip/glitchtip-backend
  4. CONTAINER_TEST_IMAGE: registry.gitlab.com/glitchtip/glitchtip-backend:$CI_BUILD_REF_NAME
  5. PIP_DISABLE_PIP_VERSION_CHECK: "on"
  6. PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
  7. POETRY_VIRTUALENVS_CREATE: "false"
  8. POETRY_HOME: "/opt/poetry"
  9. POSTGRES_HOST_AUTH_METHOD: "trust"
  10. DEBUG: "true"
  11. include:
  12. - template: SAST.gitlab-ci.yml
  13. - template: Dependency-Scanning.gitlab-ci.yml
  14. - template: Secret-Detection.gitlab-ci.yml
  15. workflow:
  16. rules:
  17. - when: always
  18. test:
  19. image: python:3.11
  20. variables:
  21. SECRET_KEY: testing
  22. ENABLE_TEST_API: "true"
  23. ENABLE_OPEN_USER_REGISTRATION: "true"
  24. services:
  25. - postgres:15
  26. cache:
  27. key: ${CI_COMMIT_REF_SLUG}
  28. paths:
  29. - .cache/pip
  30. script:
  31. - curl -sSL https://install.python-poetry.org | python3 -
  32. - $POETRY_HOME/bin/poetry install --no-interaction --no-ansi
  33. - ./manage.py test
  34. rules:
  35. - if: $CI_PIPELINE_SOURCE != "schedule"
  36. lint:
  37. image: python:3.11
  38. script:
  39. - curl -sSL https://install.python-poetry.org | python3 -
  40. - $POETRY_HOME/bin/poetry install --no-interaction --no-ansi
  41. # - isort --check glitchtip not compatible with black :(
  42. # - pylint --load-plugins=pylint_django --django-settings-module=glitchtip.settings --disable=R glitchtip
  43. rules:
  44. - if: $CI_PIPELINE_SOURCE != "schedule"
  45. build:
  46. image: docker:20
  47. rules:
  48. # Run only on protected branches that are not tagged and not merge requests
  49. - if: '$CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_TAG =~ "/^$/"'
  50. services:
  51. - docker:20-dind
  52. script:
  53. - docker login -u gitlab-ci-token -p $CI_BUILD_TOKEN registry.gitlab.com
  54. - docker build -t $CONTAINER_TEST_IMAGE --build-arg IS_CI="True" .
  55. - docker push $CONTAINER_TEST_IMAGE
  56. rules:
  57. - if: $CI_PIPELINE_SOURCE != "schedule"
  58. buildx:
  59. image: docker:20-git
  60. variables:
  61. GIT_STRATEGY: none
  62. artifacts:
  63. paths:
  64. - buildx
  65. expire_in: 1 hour
  66. services:
  67. - docker:20-dind
  68. script:
  69. - export DOCKER_BUILDKIT=1
  70. - git clone https://github.com/docker/buildx.git ./docker-buildx
  71. - docker build --platform=local -o . ./docker-buildx
  72. rules:
  73. - if: $CI_PIPELINE_SOURCE =~ "schedule"
  74. when: never
  75. - if: $CI_COMMIT_TAG =~ /^v\d+.\d+.\d+/
  76. build_arm_x86:
  77. image: docker:20
  78. needs:
  79. - buildx
  80. services:
  81. - docker:20-dind
  82. before_script:
  83. - mkdir -p ~/.docker/cli-plugins
  84. - mv buildx ~/.docker/cli-plugins/docker-buildx
  85. - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
  86. script:
  87. - wget https://gitlab.com/api/v4/projects/15449363/jobs/artifacts/$CI_COMMIT_TAG/download?job=build-assets -O assets.zip
  88. - unzip assets.zip
  89. - rm assets.zip
  90. - mv dist/glitchtip-frontend/* dist/
  91. - rmdir dist/glitchtip-frontend/
  92. - VERSION=${CI_COMMIT_REF_NAME#*v}
  93. - echo "Build version $VERSION ci registry image $CI_REGISTRY_IMAGE commit ref $CI_COMMIT_REF_NAME"
  94. - docker login -u ${DOCKER_CI_REGISTRY_USER} -p ${DOCKER_CI_REGISTRY_PASSWORD}
  95. - docker buildx create --use
  96. - docker buildx build --platform linux/arm64/v8,linux/amd64 --push -t ${DOCKER_CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME} -t ${DOCKER_CI_REGISTRY_IMAGE}:latest --build-arg IS_CI="True" --build-arg GLITCHTIP_VERSION=$VERSION --build-arg COLLECT_STATIC="True" .
  97. rules:
  98. - if: $CI_PIPELINE_SOURCE =~ "schedule"
  99. when: never
  100. - if: '$CI_COMMIT_TAG =~ /^v\d+.\d+.\d+/ && $CI_COMMIT_REF_PROTECTED == "true"'
  101. update_deps:
  102. image: renovate/renovate:latest
  103. variables:
  104. RENOVATE_PLATFORM: gitlab
  105. RENOVATE_ENDPOINT: https://gitlab.com/api/v4
  106. RENOVATE_TOKEN: $GITLAB_ACCESS_TOKEN
  107. RENOVATE_REPOSITORIES: glitchtip/glitchtip-backend
  108. rules:
  109. - if: $CI_PIPELINE_SOURCE == "schedule"
  110. - if: $CI_PIPELINE_SOURCE != "schedule"
  111. when: manual
  112. script: renovate