123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117 |
- variables:
- PROJECT_NAME: glitchtip
- PIP_DISABLE_PIP_VERSION_CHECK: "on"
- PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"
- POETRY_VIRTUALENVS_CREATE: "false"
- POETRY_HOME: "/opt/poetry"
- POSTGRES_HOST_AUTH_METHOD: "trust"
- DEBUG: "true"
- include:
- - template: SAST.gitlab-ci.yml
- - template: Dependency-Scanning.gitlab-ci.yml
- - template: Secret-Detection.gitlab-ci.yml
- workflow:
- rules:
- - when: always
- test:
- image: python:3.12
- variables:
- SECRET_KEY: testing
- ENABLE_TEST_API: "true"
- ENABLE_OPEN_USER_REGISTRATION: "true"
- services:
- - postgres:16
- cache:
- key: ${CI_COMMIT_REF_SLUG}
- paths:
- - .cache/pip
- script:
- - curl -sSL https://install.python-poetry.org | python3 -
- - $POETRY_HOME/bin/poetry install --no-interaction --no-ansi
- - ./manage.py test
- rules:
- - if: $CI_PIPELINE_SOURCE != "schedule"
- lint:
- image: python:3.12
- script:
- - curl -sSL https://install.python-poetry.org | python3 -
- - $POETRY_HOME/bin/poetry install --no-interaction --no-ansi
- - ruff check glitchtip/ apps/
- rules:
- - if: $CI_PIPELINE_SOURCE != "schedule"
- build:
- image: docker:26
- rules:
- # Run only on protected branches that are not tagged and not merge requests
- - if: '$CI_PIPELINE_SOURCE != "merge_request_event" && $CI_COMMIT_REF_PROTECTED == "true" && $CI_COMMIT_TAG =~ "/^$/"'
- services:
- - docker:26-dind
- script:
- - docker login -u gitlab-ci-token -p $CI_JOB_TOKEN registry.gitlab.com
- - docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME//\//-} --build-arg IS_CI="True" .
- - docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME//\//-}
- rules:
- - if: $CI_PIPELINE_SOURCE != "schedule"
- buildx:
- image: docker:25-git
- variables:
- GIT_STRATEGY: none
- artifacts:
- paths:
- - buildx
- expire_in: 1 hour
- services:
- - docker:26-dind
- script:
- - export DOCKER_BUILDKIT=1
- - git clone https://github.com/docker/buildx.git ./docker-buildx
- - docker build --platform=local -o . ./docker-buildx
- rules:
- - if: $CI_PIPELINE_SOURCE =~ "schedule"
- when: never
- - if: $CI_COMMIT_TAG =~ /^v\d+.\d+.\d+/
- build_arm_x86:
- image: docker:26
- needs:
- - buildx
- services:
- - docker:26-dind
- before_script:
- - mkdir -p ~/.docker/cli-plugins
- - mv buildx ~/.docker/cli-plugins/docker-buildx
- - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
- script:
- - wget https://gitlab.com/api/v4/projects/15449363/jobs/artifacts/$CI_COMMIT_TAG/download?job=build-assets -O assets.zip
- - unzip assets.zip
- - rm assets.zip
- - mv dist/glitchtip-frontend/* dist/
- - rmdir dist/glitchtip-frontend/
- - VERSION=${CI_COMMIT_REF_NAME#*v}
- - MINOR_VERSION=$(echo "$CI_COMMIT_REF_NAME" | sed 's/\.[^.]*$//')
- - echo "Build version $VERSION ci registry image $CI_REGISTRY_IMAGE commit ref $CI_COMMIT_REF_NAME"
- - docker login -u ${DOCKER_CI_REGISTRY_USER} -p ${DOCKER_CI_REGISTRY_PASSWORD}
- - docker buildx create --use
- - docker buildx build --platform linux/arm64/v8,linux/amd64 --push -t ${DOCKER_CI_REGISTRY_IMAGE}:${CI_COMMIT_REF_NAME} -t ${DOCKER_CI_REGISTRY_IMAGE}:${MINOR_VERSION} -t ${DOCKER_CI_REGISTRY_IMAGE}:latest --build-arg IS_CI="True" --build-arg GLITCHTIP_VERSION=$VERSION --build-arg COLLECT_STATIC="True" .
- rules:
- - if: $CI_PIPELINE_SOURCE =~ "schedule"
- when: never
- - if: '$CI_COMMIT_TAG =~ /^v\d+.\d+.\d+/ && $CI_COMMIT_REF_PROTECTED == "true"'
- update_deps:
- image: renovate/renovate:37
- variables:
- RENOVATE_PLATFORM: gitlab
- RENOVATE_ENDPOINT: https://gitlab.com/api/v4
- RENOVATE_TOKEN: $GITLAB_ACCESS_TOKEN
- RENOVATE_REPOSITORIES: glitchtip/glitchtip-backend
- rules:
- - if: $CI_PIPELINE_SOURCE == "schedule"
- script: renovate
|