Created
October 8, 2021 11:40
-
-
Save fragaLY/a34dd624acc437381b3d4ef5f3e0bfd5 to your computer and use it in GitHub Desktop.
Gitlab CI/CD example
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
stages: | |
- semver | |
- build | |
- test | |
- linting | |
- version-push | |
- docker | |
- security | |
- deploy | |
image: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/oraclelinux-openjdk11-buildtools:latest | |
variables: | |
ARTIFACTORY_URL: ${K8S_SECRET_ARTIFACTORY_URL} | |
ARTIFACTORY_LOGIN: ${K8S_SECRET_ARTIFACTORY_LOGIN} | |
ARTIFACTORY_PASSWORD: ${K8S_SECRET_ARTIFACTORY_PASSWORD} | |
GITLAB_ACCESS_TOKEN: ${K8S_SECRET_GITLAB_ACCESS_TOKEN} | |
IMAGE_NAME: vk-sample-service | |
before_script: | |
- export GRADLE_USER_HOME=`pwd`/.gradle | |
semver: | |
stage: semver | |
image: | |
name: ${K8S_SECRET_ARTIFACTORY_URL}/go-semantic-release:latest | |
entrypoint: [ "" ] | |
script: | |
- echo "OLD_VERSION=$(go-semantic-release last)" > build.env | |
- echo "NEW_VERSION=$(go-semantic-release next)" >> build.env | |
only: | |
refs: | |
- master | |
- deploy | |
except: | |
- tags | |
artifacts: | |
expire_in: 1h | |
paths: | |
- .version | |
reports: | |
dotenv: build.env | |
build: | |
stage: build | |
only: | |
refs: | |
- merge_requests | |
- master | |
- develop | |
- deploy | |
before_script: | |
- | | |
if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then | |
sed -i -e "/^version/s~=.*~=${NEW_VERSION}~" gradle.properties | |
fi | |
- artifactory-credentials.sh | |
script: | |
- gradle build -x integrationTest | |
artifacts: | |
expire_in: 1h | |
paths: | |
- build/classes | |
- build/libs | |
test: | |
stage: test | |
only: | |
refs: | |
- merge_requests | |
- master | |
- develop | |
tags: | |
- docker | |
- testing | |
services: | |
- docker:dind | |
dependencies: | |
- build | |
variables: | |
DOCKER_HOST: "tcp://docker:2375" | |
DOCKER_TLS_CERTDIR: "" | |
DOCKER_DRIVER: overlay2 | |
before_script: | |
- docker-credentials.sh | |
- artifactory-credentials.sh | |
script: | |
- gradle check | |
version-push: | |
stage: version-push | |
image: | |
name: ${K8S_SECRET_ARTIFACTORY_URL}/repotools:latest | |
entrypoint: [ "" ] | |
only: | |
refs: | |
- master | |
- deploy | |
except: | |
- tags | |
dependencies: | |
- semver | |
before_script: | |
- echo -e "[user]\n\tname = \"SemVer Robot\"\n\temail = \"auto_semver_robot@gmail.com\"\n" > ~/.gitconfig | |
- ssh-keyscan ${CI_SERVER_HOST} > ~/.ssh/known_hosts | |
- sed -e '$a\' ${SSH_KEY} > ~/.ssh/id_rsa | |
- chmod 600 ~/.ssh/id_rsa | |
script: | |
- | | |
if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then | |
git clone -b ${CI_COMMIT_BRANCH} git@${CI_SERVER_HOST}:${CI_PROJECT_PATH}.git | |
cp .version ${CI_PROJECT_NAME}/ | |
cd ${CI_PROJECT_NAME} | |
# Update gradle.properties | |
sed -i -e "/^version/s~=.*~=${NEW_VERSION}~" gradle.properties | |
export COMMIT_PUSHED=$(git commit -am "[skip ci] Update gradle.properties version to $NEW_VERSION" | grep "^nothing" | wc -l) | |
# Push new version | |
export COMMIT_HASH=$(git log -1 --pretty=tformat:"%H" --shortstat | head -n1) | |
if [ $COMMIT_PUSHED -eq "0" ]; then | |
yq eval '.next.commit = env(COMMIT_HASH)' -i .version | |
git push | |
fi | |
/bin/go-semantic-release release | |
else | |
echo No new version. Skipping... | |
fi | |
sonar-lint: | |
stage: linting | |
dependencies: | |
- build | |
- test | |
image: | |
name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/sonar-scanner-cli:latest | |
entrypoint: [ "" ] | |
only: | |
refs: | |
- merge_requests | |
- master | |
- develop | |
except: | |
- tags | |
script: | |
- sonar-scanner -Dsonar.projectKey=VK-SAMPLE-SERVICE -Dsonar.java.binaries=build/ -Dsonar.java.libraries=build/libs/application.jar | |
dockerfile-lint: | |
stage: linting | |
dependencies: | |
- build | |
image: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/hadolint:latest | |
only: | |
refs: | |
- merge_requests | |
- master | |
- develop | |
script: | |
- hadolint docker/Dockerfile | |
docker-push: | |
stage: docker | |
needs: | |
- semver | |
- build | |
dependencies: | |
- build | |
- semver | |
only: | |
refs: | |
- master | |
- deploy | |
image: | |
name: ${K8S_SECRET_ARTIFACTORY_URL}/docker-buildtools:latest | |
entrypoint: [""] | |
variables: | |
TARGET: build/libs | |
DOCKERFILE: docker/Dockerfile | |
before_script: | |
- sh /docker-credentials.sh | |
script: | |
- | | |
/kaniko/executor --context ${TARGET} \ | |
--dockerfile ${DOCKERFILE} \ | |
--destination ${ARTIFACTORY_URL}/${IMAGE_NAME}:${NEW_VERSION} | |
docker-image-scan: | |
stage: security | |
dependencies: | |
- semver | |
- docker-push | |
image: | |
name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/grype:latest | |
entrypoint: [ "" ] | |
only: | |
refs: | |
- master | |
- deploy | |
before_script: | |
- sh /docker-credentials.sh | |
script: | |
- grype ${ARTIFACTORY_URL}/${IMAGE}:${NEW_VERSION} -o table | |
deploy: | |
stage: deploy | |
image: | |
name: ${DOCKER_REGISTRY}:${DOCKER_REGISTRY_PORT}/repotools:latest | |
entrypoint: [ "" ] | |
dependencies: | |
- semver | |
- docker-image-scan | |
only: | |
refs: | |
- master | |
- deploy | |
variables: | |
DEPLOY_CLUSTER: dev1 | |
DEPLOY_REPO_NAME: cluster-management | |
DEPLOY_SERVICE_NAME: vk-sample-service | |
before_script: | |
- echo -e "[user]\n\tname = \"SemVer Robot\"\n\temail = \"auto_semver_robot@gmail.com\"\n" > ~/.gitconfig | |
- mkdir -p ~/.ssh | |
- ssh-keyscan ${CI_SERVER_HOST} > ~/.ssh/known_hosts | |
- sed -e '$a\' ${SSH_KEY} > ~/.ssh/id_rsa | |
- chmod 600 ~/.ssh/id_rsa | |
script: | |
- | | |
if [ "$OLD_VERSION" != "$NEW_VERSION" ]; then | |
git clone -b master git@${CI_SERVER_HOST}:${REPO_GROUP}/ | |
${DEPLOY_REPO_NAME}.git | |
cd ${DEPLOY_REPO_NAME} | |
yq -i eval '.image.tag = env(NEW_VERSION)' ${DEPLOY_CLUSTER}/${DEPLOY_SERVICE_NAME}.yaml | |
git commit -am "Update ${DEPLOY_SERVICE_NAME} version to ${NEW_VERSION}" | |
git push | |
else | |
echo No new version. Skipping... | |
fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commitFormat: "conventional" | |
branch: | |
master: "release" | |
deploy: "rc" | |
release: "gitlab" | |
gitlab: | |
repo: "company/service/vk-sample-service" | |
customUrl: "https://git.company.com/" | |
tagPrefix: "" |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
version=1.0.1-rc.17 | |
group=by.vk.sample | |
release.useAutomaticVersion=true | |
artifactory_url=https://artifactory.company.com/artifactory/ | |
artifactory_repoKey=company-maven-virtual |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment