-
Notifications
You must be signed in to change notification settings - Fork 130
/
.gitlab-ci.yml
134 lines (121 loc) · 3.98 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
stages:
- lint
- test
- build
- deploy
variables:
SAST_IMAGE_SUFFIX: '-fips'
DOCKER_HOST: "tcp://docker:2375"
DOCKER_TLS_CERTDIR: ""
GOLANGCI_LINT_CACHE: ${CI_PROJECT_DIR}/.golangci-lint
GOMODCACHE: ${CI_PROJECT_DIR}/.cache/go-mod
GOCACHE: ${CI_PROJECT_DIR}/.cache/go-build
TESTCONTAINERS_HUB_IMAGE_NAME_PREFIX: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public
TESTCONTAINERS_RYUK_DISABLED: true
cache:
paths:
- .golangci-lint/
- .cache/
include:
- template: Jobs/Secret-Detection.gitlab-ci.yml
.before_script: &pre
image: docker:27.3
stage: build
services:
- name: docker:27.3-dind
command: [ "--feature=containerd-snapshotter", "--experimental" ]
variables:
BUILDX_NO_DEFAULT_ATTESTATIONS: 1
before_script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker run --privileged --rm opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/tonistiigi/binfmt --install all
lint:
image: opencsg-registry.cn-beijing.cr.aliyuncs.com/opencsg_public/golangci/golangci-lint:v1.62.0
stage: lint
interruptible: true
needs: []
script:
- go env -w GO111MODULE=on
- go env -w GOPROXY=https://goproxy.cn,direct
- golangci-lint run --timeout=10m
test:
stage: test
interruptible: true
image: $CI_REGISTRY_IMAGE/docker-golang:1.21.0
needs: []
services:
- name: docker:27.3-dind
script:
- go env -w GO111MODULE=on
- go env -w GOPROXY=https://goproxy.cn,direct
- go test -coverprofile=coverage.out ./...
- go tool cover -html=coverage.out -o coverage.html
artifacts:
paths:
- coverage.out
- coverage.html
expire_in: 1 week
build:stg:amd64:
image: docker:27.3
stage: build
services:
- docker:27.3-dind
script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} -t ${CI_REGISTRY_IMAGE}:latest -f docker/Dockerfile .
- docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA}
- docker push ${CI_REGISTRY_IMAGE}:latest
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME # when commit to main branch
.build:stg:arm64:
<<: *pre
script:
- |
docker buildx build --platform linux/arm64 \
-t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_SHORT_SHA} \
-t ${CI_REGISTRY_IMAGE}:latest \
-f docker/Dockerfile \
--push .
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME # when commit to main branch
build:prod:amd64:
image: docker:27.3
stage: build
services:
- docker:27.3-dind
script:
- echo "$CI_REGISTRY_PASSWORD" | docker login -u $CI_REGISTRY_USER $CI_REGISTRY --password-stdin
- docker build -t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} -t ${CI_REGISTRY_IMAGE}:latest -f docker/Dockerfile .
- docker push ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG}
- docker push ${CI_REGISTRY_IMAGE}:latest
rules:
- if: $CI_COMMIT_TAG
.build:prod:arm64:
<<: *pre
script:
- |
docker buildx build --platform linux/arm64 \
-t ${CI_REGISTRY_IMAGE}:${CI_COMMIT_TAG} \
-t ${CI_REGISTRY_IMAGE}:latest \
-f docker/Dockerfile \
--push .
rules:
- if: $CI_COMMIT_TAG
# trigger starhub-deploy project(only works for x86_64 arch)
trigger_deploy_stg:
stage: deploy
needs: ['build:stg:amd64']
image: alpine:3.14
rules:
- if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH && $CI_COMMIT_BRANCH == $CI_COMMIT_REF_NAME
script:
- |-
sed -i 's/dl-cdn.alpinelinux.org/mirrors.aliyun.com/g' /etc/apk/repositories
apk add --no-cache curl
curl --fail-with-body \
--request POST \
--form "token=${STARHUB_DEPLOY_TRIGGER_TOKEN}" \
--form ref=main \
--form "variables[starhub_tag]=${CI_COMMIT_SHORT_SHA}" \
--form "variables[ENV_NAME]=stg" \
https://git-devops.opencsg.com/api/v4/projects/58/trigger/pipeline