fragaLY/.gitlab-ci.yml

## .gitlab-ci.yml
---
stages:
  - semver
  - build
  - test
  - linting
  - version-push
  - docker
  - security
  - deploy

image: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/oraclelinux-openjdk11-buildtools:latest
variables:
  ARTIFACTORY_URL: ${K8S_SECRET_ARTIFACTORY_URL}
  ARTIFACTORY_LOGIN: ${K8S_SECRET_ARTIFACTORY_LOGIN}
  ARTIFACTORY_PASSWORD: ${K8S_SECRET_ARTIFACTORY_PASSWORD}
  GITLAB_ACCESS_TOKEN: ${K8S_SECRET_GITLAB_ACCESS_TOKEN}
  IMAGE_NAME: vk-sample-service
before_script:
  - export GRADLE_USER_HOME=`pwd`/.gradle

semver:
  stage: semver
  image:
    name: ${K8S_SECRET_ARTIFACTORY_URL}/go-semantic-release:latest
    entrypoint: [ "" ]
  script:
    - echo "OLD_VERSION=$(go-semantic-release last)" > build.env
    - echo "NEW_VERSION=$(go-semantic-release next)" >> build.env
  only:
    refs:
      - master
      - deploy
  except:
    - tags
  artifacts:
    expire_in: 1h
    paths:
      - .version
    reports:
      dotenv: build.env

build:
  stage: build
  only:
    refs:
      - merge_requests
      - master
      - develop
      - deploy
  before_script:
    - |
      if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
        sed -i -e "/^version/s~=.*~=${NEW_VERSION}~" gradle.properties
      fi
    - artifactory-credentials.sh
  script:
    - gradle build -x integrationTest
  artifacts:
    expire_in: 1h
    paths:
      - build/classes
      - build/libs

test:
  stage: test
  only:
    refs:
      - merge_requests
      - master
      - develop
  tags:
    - docker
    - testing
  services:
    - docker:dind
  dependencies:
    - build
  variables:
    DOCKER_HOST: "tcp://docker:2375"
    DOCKER_TLS_CERTDIR: ""
    DOCKER_DRIVER: overlay2
  before_script:
    - docker-credentials.sh
    - artifactory-credentials.sh
  script:
    - gradle check

version-push:
  stage: version-push
  image:
    name: ${K8S_SECRET_ARTIFACTORY_URL}/repotools:latest
    entrypoint: [ "" ]
  only:
    refs:
      - master
      - deploy
  except:
    - tags
  dependencies:
    - semver
  before_script:
    - echo -e "[user]\n\tname = \"SemVer Robot\"\n\temail = \"auto_semver_robot@gmail.com\"\n" > ~/.gitconfig
    - ssh-keyscan ${CI_SERVER_HOST} > ~/.ssh/known_hosts
    - sed -e '$a\' ${SSH_KEY} > ~/.ssh/id_rsa
    - chmod 600 ~/.ssh/id_rsa
  script:
    - |
      if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
          git clone -b ${CI_COMMIT_BRANCH} git@${CI_SERVER_HOST}:${CI_PROJECT_PATH}.git
          cp .version ${CI_PROJECT_NAME}/
          cd ${CI_PROJECT_NAME}

          # Update gradle.properties
          sed -i -e "/^version/s~=.*~=${NEW_VERSION}~" gradle.properties
          export COMMIT_PUSHED=$(git commit -am "[skip ci] Update gradle.properties version to $NEW_VERSION" | grep "^nothing" | wc -l)

          # Push new version
          export COMMIT_HASH=$(git log -1 --pretty=tformat:"%H" --shortstat | head -n1)
          if [ $COMMIT_PUSHED -eq "0" ]; then
            yq eval '.next.commit = env(COMMIT_HASH)' -i .version
            git push
          fi
          /bin/go-semantic-release release
      else
          echo No new version. Skipping...
      fi

sonar-lint:
  stage: linting
  dependencies:
    - build
    - test
  image:
    name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/sonar-scanner-cli:latest
    entrypoint: [ "" ]
  only:
    refs:
      - merge_requests
      - master
      - develop
  except:
    - tags
  script:
    - sonar-scanner -Dsonar.projectKey=VK-SAMPLE-SERVICE -Dsonar.java.binaries=build/ -Dsonar.java.libraries=build/libs/application.jar

dockerfile-lint:
  stage: linting
  dependencies:
    - build
  image: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/hadolint:latest
  only:
    refs:
      - merge_requests
      - master
      - develop
  script:
    - hadolint docker/Dockerfile

docker-push:
  stage: docker
  needs:
    - semver
    - build
  dependencies:
    - build
    - semver
  only:
    refs:
      - master
      - deploy
  image:
    name: ${K8S_SECRET_ARTIFACTORY_URL}/docker-buildtools:latest
    entrypoint: [""]
  variables:
    TARGET: build/libs
    DOCKERFILE: docker/Dockerfile
  before_script:
    - sh /docker-credentials.sh
  script:
    - |
      /kaniko/executor --context ${TARGET} \
      --dockerfile ${DOCKERFILE} \
      --destination ${ARTIFACTORY_URL}/${IMAGE_NAME}:${NEW_VERSION}

docker-image-scan:
  stage: security
  dependencies:
    - semver
    - docker-push
  image:
    name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/grype:latest
    entrypoint: [ "" ]
  only:
    refs:
      - master
      - deploy
  before_script:
    - sh /docker-credentials.sh
  script:
    - grype ${ARTIFACTORY_URL}/${IMAGE}:${NEW_VERSION} -o table

deploy:
  stage: deploy
  image:
    name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/repotools:latest
    entrypoint: [ "" ]
  dependencies:
    - semver
    - docker-image-scan
  only:
    refs:
      - master
      - deploy
  variables:
    DEPLOY_CLUSTER: dev1
    DEPLOY_REPO_NAME: cluster-management
    DEPLOY_SERVICE_NAME: vk-sample-service
  before_script:
    - echo -e "[user]\n\tname = \"SemVer Robot\"\n\temail = \"auto_semver_robot@gmail.com\"\n" > ~/.gitconfig
    - mkdir -p ~/.ssh
    - ssh-keyscan ${CI_SERVER_HOST} > ~/.ssh/known_hosts
    - sed -e '$a\' ${SSH_KEY} > ~/.ssh/id_rsa
    - chmod 600 ~/.ssh/id_rsa
  script:
    - |
      if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
          git clone -b master git@${CI_SERVER_HOST}:${REPO_GROUP}/
          ${DEPLOY_REPO_NAME}.git
          cd ${DEPLOY_REPO_NAME}
          yq -i eval '.image.tag = env(NEW_VERSION)' ${DEPLOY_CLUSTER}/${DEPLOY_SERVICE_NAME}.yaml
          git commit -am "Update ${DEPLOY_SERVICE_NAME} version to ${NEW_VERSION}"
          git push
      else
          echo No new version. Skipping...
      fi

## .release.yml
commitFormat: "conventional"
branch:
  master: "release"
  deploy: "rc"
release: "gitlab"
gitlab:
  repo: "company/service/vk-sample-service"
  customUrl: "https://git.company.com/"
  tagPrefix: ""

## gradle.properties
version=1.0.1-rc.17
group=by.vk.sample
release.useAutomaticVersion=true
artifactory_url=https://artifactory.company.com/artifactory/
artifactory_repoKey=company-maven-virtual
	---
	stages:
	- semver
	- build
	- test
	- linting
	- version-push
	- docker
	- security
	- deploy

	image: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/oraclelinux-openjdk11-buildtools:latest
	variables:
	ARTIFACTORY_URL: ${K8S_SECRET_ARTIFACTORY_URL}
	ARTIFACTORY_LOGIN: ${K8S_SECRET_ARTIFACTORY_LOGIN}
	ARTIFACTORY_PASSWORD: ${K8S_SECRET_ARTIFACTORY_PASSWORD}
	GITLAB_ACCESS_TOKEN: ${K8S_SECRET_GITLAB_ACCESS_TOKEN}
	IMAGE_NAME: vk-sample-service
	before_script:
	- export GRADLE_USER_HOME=`pwd`/.gradle

	semver:
	stage: semver
	image:
	name: ${K8S_SECRET_ARTIFACTORY_URL}/go-semantic-release:latest
	entrypoint: [ "" ]
	script:
	- echo "OLD_VERSION=$(go-semantic-release last)" > build.env
	- echo "NEW_VERSION=$(go-semantic-release next)" >> build.env
	only:
	refs:
	- master
	- deploy
	except:
	- tags
	artifacts:
	expire_in: 1h
	paths:
	- .version
	reports:
	dotenv: build.env

	build:
	stage: build
	only:
	refs:
	- merge_requests
	- master
	- develop
	- deploy
	before_script:
	- \|
	if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
	sed -i -e "/^version/s~=.*~=${NEW_VERSION}~" gradle.properties
	fi
	- artifactory-credentials.sh
	script:
	- gradle build -x integrationTest
	artifacts:
	expire_in: 1h
	paths:
	- build/classes
	- build/libs

	test:
	stage: test
	only:
	refs:
	- merge_requests
	- master
	- develop
	tags:
	- docker
	- testing
	services:
	- docker:dind
	dependencies:
	- build
	variables:
	DOCKER_HOST: "tcp://docker:2375"
	DOCKER_TLS_CERTDIR: ""
	DOCKER_DRIVER: overlay2
	before_script:
	- docker-credentials.sh
	- artifactory-credentials.sh
	script:
	- gradle check

	version-push:
	stage: version-push
	image:
	name: ${K8S_SECRET_ARTIFACTORY_URL}/repotools:latest
	entrypoint: [ "" ]
	only:
	refs:
	- master
	- deploy
	except:
	- tags
	dependencies:
	- semver
	before_script:
	- echo -e "[user]\n\tname = \"SemVer Robot\"\n\temail = \"auto_semver_robot@gmail.com\"\n" > ~/.gitconfig
	- ssh-keyscan ${CI_SERVER_HOST} > ~/.ssh/known_hosts
	- sed -e '$a\' ${SSH_KEY} > ~/.ssh/id_rsa
	- chmod 600 ~/.ssh/id_rsa
	script:
	- \|
	if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
	git clone -b ${CI_COMMIT_BRANCH} git@${CI_SERVER_HOST}:${CI_PROJECT_PATH}.git
	cp .version ${CI_PROJECT_NAME}/
	cd ${CI_PROJECT_NAME}

	# Update gradle.properties
	sed -i -e "/^version/s~=.*~=${NEW_VERSION}~" gradle.properties
	export COMMIT_PUSHED=$(git commit -am "[skip ci] Update gradle.properties version to $NEW_VERSION" \| grep "^nothing" \| wc -l)

	# Push new version
	export COMMIT_HASH=$(git log -1 --pretty=tformat:"%H" --shortstat \| head -n1)
	if [ $COMMIT_PUSHED -eq "0" ]; then
	yq eval '.next.commit = env(COMMIT_HASH)' -i .version
	git push
	fi
	/bin/go-semantic-release release
	else
	echo No new version. Skipping...
	fi

	sonar-lint:
	stage: linting
	dependencies:
	- build
	- test
	image:
	name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/sonar-scanner-cli:latest
	entrypoint: [ "" ]
	only:
	refs:
	- merge_requests
	- master
	- develop
	except:
	- tags
	script:
	- sonar-scanner -Dsonar.projectKey=VK-SAMPLE-SERVICE -Dsonar.java.binaries=build/ -Dsonar.java.libraries=build/libs/application.jar

	dockerfile-lint:
	stage: linting
	dependencies:
	- build
	image: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/hadolint:latest
	only:
	refs:
	- merge_requests
	- master
	- develop
	script:
	- hadolint docker/Dockerfile

	docker-push:
	stage: docker
	needs:
	- semver
	- build
	dependencies:
	- build
	- semver
	only:
	refs:
	- master
	- deploy
	image:
	name: ${K8S_SECRET_ARTIFACTORY_URL}/docker-buildtools:latest
	entrypoint: [""]
	variables:
	TARGET: build/libs
	DOCKERFILE: docker/Dockerfile
	before_script:
	- sh /docker-credentials.sh
	script:
	- \|
	/kaniko/executor --context ${TARGET} \
	--dockerfile ${DOCKERFILE} \
	--destination ${ARTIFACTORY_URL}/${IMAGE_NAME}:${NEW_VERSION}

	docker-image-scan:
	stage: security
	dependencies:
	- semver
	- docker-push
	image:
	name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/grype:latest
	entrypoint: [ "" ]
	only:
	refs:
	- master
	- deploy
	before_script:
	- sh /docker-credentials.sh
	script:
	- grype ${ARTIFACTORY_URL}/${IMAGE}:${NEW_VERSION} -o table

	deploy:
	stage: deploy
	image:
	name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/repotools:latest
	entrypoint: [ "" ]
	dependencies:
	- semver
	- docker-image-scan
	only:
	refs:
	- master
	- deploy
	variables:
	DEPLOY_CLUSTER: dev1
	DEPLOY_REPO_NAME: cluster-management
	DEPLOY_SERVICE_NAME: vk-sample-service
	before_script:
	- echo -e "[user]\n\tname = \"SemVer Robot\"\n\temail = \"auto_semver_robot@gmail.com\"\n" > ~/.gitconfig
	- mkdir -p ~/.ssh
	- ssh-keyscan ${CI_SERVER_HOST} > ~/.ssh/known_hosts
	- sed -e '$a\' ${SSH_KEY} > ~/.ssh/id_rsa
	- chmod 600 ~/.ssh/id_rsa
	script:
	- \|
	if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then
	git clone -b master git@${CI_SERVER_HOST}:${REPO_GROUP}/
	${DEPLOY_REPO_NAME}.git
	cd ${DEPLOY_REPO_NAME}
	yq -i eval '.image.tag = env(NEW_VERSION)' ${DEPLOY_CLUSTER}/${DEPLOY_SERVICE_NAME}.yaml
	git commit -am "Update ${DEPLOY_SERVICE_NAME} version to ${NEW_VERSION}"
	git push
	else
	echo No new version. Skipping...
	fi
	commitFormat: "conventional"
	branch:
	master: "release"
	deploy: "rc"
	release: "gitlab"
	gitlab:
	repo: "company/service/vk-sample-service"
	customUrl: "https://git.company.com/"
	tagPrefix: ""
	version=1.0.1-rc.17
	group=by.vk.sample
	release.useAutomaticVersion=true
	artifactory_url=https://artifactory.company.com/artifactory/
	artifactory_repoKey=company-maven-virtual