Skip to content
Snippets Groups Projects
Normal view Permalink
.gitlab-ci.yml 4.11 KiB
Newer Older
Hannes Feldt's avatar
L2SS-1583: Continuously record BST/SST/XST on station minio
Hannes Feldt committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 
default:
  image: $CI_REGISTRY_IMAGE/ci-build-runner:$CI_COMMIT_REF_SLUG
  cache:
    paths:
      - .cache/pip
      # Do not cache .tox, to recreate virtualenvs for every step

stages:
  - prepare
  - lint
  - test
  - package
  - images
  - integration
  - publish # publish instead of deploy
  - deploy

# Caching of dependencies to speed up builds
variables:
  PIP_CACHE_DIR: "$CI_PROJECT_DIR/.cache/pip"

include:
  - template: Security/SAST.gitlab-ci.yml
  - template: Security/Dependency-Scanning.gitlab-ci.yml
  - template: Security/Secret-Detection.gitlab-ci.yml

# Prepare image to run ci on
trigger_prepare:
  stage: prepare
  trigger:
    strategy: depend
    include: .prepare.gitlab-ci.yml

run_black:
  stage: lint
  script:
    - tox -e black

run_flake8:
  stage: lint
  script:
    - tox -e pep8

run_pylint:
  stage: lint
  script:
    - tox -e pylint

sast:
  variables:
    SAST_EXCLUDED_ANALYZERS: brakeman, flawfinder, kubesec, nodejs-scan, phpcs-security-audit,
      pmd-apex, security-code-scan, sobelow, spotbugs
  stage: test

dependency_scanning:
  # override default before_script, job won't have Python available
  before_script:
    - uname

secret_detection:
  # override default before_script, job won't have Python available
  before_script:
    - uname

# Basic setup for all Python versions for which we don't have a base image
.run_unit_test_version_base:
  before_script:
    - python --version # For debugging
    - python -m pip install --upgrade pip
    - pip install --upgrade tox twine

# Run all unit tests for Python versions except the base image
run_unit_tests:
  extends: .run_unit_test_version_base
  stage: test
  image: python:3.${PY_VERSION}
  script:
    - tox -e py3${PY_VERSION}
  parallel:
    matrix: # use the matrix for testing
      - PY_VERSION: [11, 12]

# Run code coverage on the base image thus also performing unit tests
run_unit_tests_coverage:
  stage: test
  script:
    - tox -e coverage
  coverage: '/(?i)total.*? (100(?:\.0+)?\%|[1-9]?\d(?:\.\d+)?\%)$/'
  artifacts:
    reports:
      coverage_report:
        coverage_format: cobertura
        path: coverage.xml
    paths:
      - htmlcov/*

package_files:
  stage: package
  artifacts:
    expire_in: 1w
    paths:
      - dist/*
  script:
    - tox -e build

package_docs:
  stage: package
  allow_failure: true
  artifacts:
    expire_in: 1w
    paths:
      - docs/build/*
  script:
    - tox -e docs

docker_build:
  stage: images
  image: docker:latest
  needs:
    - package_files
  services:
    - name: docker:dind
  script:
    - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
Hannes Feldt's avatar
L2SS-1618: Fix lifecycle configuration  
Hannes Feldt committed
125 
    - docker build -f docker/package/Dockerfile . --build-arg BUILD_ENV=copy --tag $CI_REGISTRY_IMAGE/stingray:$CI_COMMIT_REF_SLUG
Hannes Feldt's avatar
L2SS-1583: Continuously record BST/SST/XST on station minio
Hannes Feldt committed
126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 
    - docker push $CI_REGISTRY_IMAGE/stingray:$CI_COMMIT_REF_SLUG

run_integration_tests:
  stage: integration
  allow_failure: true
  needs:
    - package_files
  script:
    - echo "make sure to move out of source dir"
    - echo "install package from filesystem (or use the artefact)"
    - echo "run against foreign systems (e.g. databases, cwl etc.)"
    - exit 1

publish_on_gitlab:
  stage: publish
  environment: gitlab
  needs:
    - package_files
  when: manual
  rules:
    - if: $CI_COMMIT_TAG
  script:
    - echo "run twine for gitlab"
    - |
      TWINE_PASSWORD=${CI_JOB_TOKEN} \
      TWINE_USERNAME=gitlab-ci-token \
      python -m twine upload \
      --repository-url ${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/pypi dist/*

publish_to_readthedocs:
  stage: publish
  allow_failure: true
  environment: readthedocs
  needs:
    - package_docs
  when: manual
  rules:
    - if: $CI_COMMIT_TAG
  script:
    - echo "scp docs/* ???"
    - exit 1

deploy_nomad:
  stage: deploy
  image:
    name: hashicorp/levant
    entrypoint: [ "" ]
  when: manual
  rules:
    - if: $CI_COMMIT_TAG
  parallel:
    matrix:
      - STATION:
          - cs001
  environment:
    name: $STATION
  script:
    - |
      levant deploy \
        -address="http://${STATION}c.control.lofar:4646" \
        -var-file=infra/env.yaml \
Hannes Feldt's avatar
L2SS-1618: Fix lifecycle configuration  
Hannes Feldt committed
187 
        -var image_tag="$CI_COMMIT_REF_SLUG" \
Hannes Feldt's avatar
L2SS-1583: Continuously record BST/SST/XST on station minio
Hannes Feldt committed
188 
        infra/jobs/station/stingray.levant.nomad