-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy path.gitlab-ci.yml
77 lines (72 loc) · 1.65 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
image: docker.slock.it/build-images/node:10-alpine
stages:
- build
- package
- analysis
- deploy
# Job templates
build:
stage: build
tags:
- short-jobs
script:
- cd client
- sh /prepare.sh
- npm install
- CI=false
- npm run build
- CI=true
artifacts:
paths:
- client/build/
docker-package:
stage: package
tags:
- short-jobs
dependencies:
- build
image: docker
services:
- docker:dind
script:
- docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
- docker build -t $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME .
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME $CI_REGISTRY_IMAGE:latest
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
- docker push $CI_REGISTRY_IMAGE:latest
vulnerabilities:
stage: analysis
tags:
- short-jobs
dependencies:
- docker-package
allow_failure: true
image: docker.slock.it/build-images/vulnerability-testing-tools
script:
- export TRIVY_AUTH_URL=$CI_REGISTRY
- export TRIVY_USERNAME=gitlab-ci-token
- export TRIVY_PASSWORD=$CI_JOB_TOKEN
- trivy -f json -o vulnerability_analysis.json --exit-code 1 $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_NAME
artifacts:
paths:
- vulnerability_analysis.json
# Deployment template
.deploy-tmpl:
stage: deploy
tags:
- short-jobs
only:
- /^v[0-9]+.[0-9]+.[0-9]?$/
except:
- branches
allow_failure: false
image: docker.slock.it/build-images/deployment
services:
- docker:dind
script:
- cd deployment
- rancher -w up -f docker-compose.yml -d --prune -p -s in3-react-truffle-box -c --force-upgrade
# Production deployments
deploy-to-rancher:
extends:
- .deploy-tmpl