93 lines
2.8 KiB
YAML
93 lines
2.8 KiB
YAML
|
include:
|
|||
|
- template: Security/SAST.gitlab-ci.yml
|
|||
|
|
|||
|
sast:
|
|||
|
stage: build
|
|||
|
|
|||
|
nodejs-scan-sast:
|
|||
|
rules:
|
|||
|
- if: $SAST_DISABLED
|
|||
|
when: never
|
|||
|
- if: $CI_COMMIT_BRANCH != "develop"
|
|||
|
when: never
|
|||
|
- if: $CI_COMMIT_BRANCH &&
|
|||
|
$SAST_DEFAULT_ANALYZERS =~ /nodejs-scan/
|
|||
|
exists:
|
|||
|
- 'package.json'
|
|||
|
|
|||
|
eslint-sast:
|
|||
|
rules:
|
|||
|
- if: $SAST_DISABLED
|
|||
|
when: never
|
|||
|
- if: $CI_COMMIT_BRANCH != "develop"
|
|||
|
when: never
|
|||
|
- if: $CI_COMMIT_BRANCH &&
|
|||
|
$SAST_DEFAULT_ANALYZERS =~ /eslint/
|
|||
|
exists:
|
|||
|
- '**/*.html'
|
|||
|
- '**/*.js'
|
|||
|
- '**/*.jsx'
|
|||
|
- '**/*.ts'
|
|||
|
- '**/*.tsx'
|
|||
|
|
|||
|
|
|||
|
stages:
|
|||
|
- build
|
|||
|
- deploy
|
|||
|
|
|||
|
dev-build-job:
|
|||
|
stage: build
|
|||
|
only:
|
|||
|
- develop
|
|||
|
- merge_requests
|
|||
|
image: docker:stable
|
|||
|
variables:
|
|||
|
POSTGRES_USER: postgres
|
|||
|
POSTGRES_PASSWORD: password
|
|||
|
POSTGRES_DB: demo_server
|
|||
|
services:
|
|||
|
- name: registry.lawsnote.com/postgres:13-pgroonga
|
|||
|
alias: postgres
|
|||
|
- name: redis:5-alpine
|
|||
|
alias: redis
|
|||
|
script:
|
|||
|
# 用 DATE-CI_COMMIT_SHA 當做 docker image 的 tag
|
|||
|
- DOCKER_IMAGE_TAG=$(date +%Y%m%d%H%M%S)-${CI_COMMIT_SHA:0:8}
|
|||
|
- DOCKER_BUILDKIT=1 docker build
|
|||
|
--ssh default="$SSH_PRIVATE_KEY"
|
|||
|
--build-arg CI_COMMIT_SHA="$CI_COMMIT_SHA"
|
|||
|
-t registry.lawsnote.com/professorx-dev:$DOCKER_IMAGE_TAG .
|
|||
|
# 使用 build 好的 image 測試
|
|||
|
- docker run
|
|||
|
--rm
|
|||
|
-e DB_HOST=$POSTGRES_PORT_5432_TCP_ADDR
|
|||
|
-e DB_USER=postgres
|
|||
|
-e DB_PASSWORD=password
|
|||
|
-e DB_NAME=demo_server
|
|||
|
-e REDIS_HOST=$REDIS_PORT_6379_TCP_ADDR
|
|||
|
-e SMS_VENDER=empty
|
|||
|
-e NODE_ENV=test
|
|||
|
registry.lawsnote.com/professorx-dev:$DOCKER_IMAGE_TAG yarn test-with-db
|
|||
|
# push docker image
|
|||
|
- docker push registry.lawsnote.com/professorx-dev:$DOCKER_IMAGE_TAG
|
|||
|
# tag latest
|
|||
|
- docker tag registry.lawsnote.com/professorx-dev:$DOCKER_IMAGE_TAG registry.lawsnote.com/professorx-dev:latest
|
|||
|
- docker push registry.lawsnote.com/professorx-dev:latest
|
|||
|
# delete local image
|
|||
|
- docker rmi registry.lawsnote.com/professorx-dev:latest
|
|||
|
# 執行 Galactus 來刪除不必要的 image,只保留 10 個舊版
|
|||
|
- docker run --rm --env TARGET_IMAGE=professorx-dev --env KEEP_COUNT=10 --env FORCE=1 registry.lawsnote.com/galactus:latest
|
|||
|
tags:
|
|||
|
- docker
|
|||
|
|
|||
|
dev-deploy-job:
|
|||
|
stage: deploy
|
|||
|
only:
|
|||
|
- develop
|
|||
|
script:
|
|||
|
- docker pull registry.lawsnote.com/professorx-dev:latest
|
|||
|
- if [ "$(docker inspect -f '{{.State.Running}}' professorx-dev 2> /dev/null)" == "true" ]; then docker rm -f -v professorx-dev; fi
|
|||
|
- docker run --detach --restart always --log-driver=json-file --log-opt max-size=16m --log-opt max-file=2 --publish 30041:10230 --name professorx-dev --env-file "$DEV_SERVICE_ENV" registry.lawsnote.com/professorx-dev:latest
|
|||
|
tags:
|
|||
|
- office
|