.circleci/config.yml
version: 2.1
default-docker-node: &default-docker-node
docker:
- image: circleci/node:12.14.0
environment:
TZ: "/usr/share/zoneinfo/America/New_York"
CC_TEST_REPORTER_ID: $CC_TEST_REPORTER_ID
COMPOSE_FILE_NAME: circleci-docker-compose.yml
API_REPO_NAME: state-talentmap-api
API_REPO_BRANCH: staging
PUBLIC_URL: /talentmap/
STATIC_PATH: /home/circleci/project/public
API_ROOT: http://app:8000/
jobs:
build:
<<: *default-docker-node
steps:
- checkout
- restore_cache:
keys:
- dependency-cache-{{ .Environment.CACHE_VERSION }}-{{ .Branch }}-{{ checksum "yarn.lock" }}
# fallback to using the latest cache if no exact match is found
- dependency-cache-
- run: mkdir ~/.npm-global
- run: npm config set prefix '~/.npm-global'
- run: export PATH=~/.npm-global/bin:$PATH
- run: yarn install --pure-lockfile
- save_cache:
key: dependency-cache-{{ .Branch }}-{{ checksum "yarn.lock" }}
paths:
- ./node_modules
- ~/.cache/yarn
docker-build:
<<: *default-docker-node
steps:
- setup_remote_docker
- checkout
- run:
name: Docker Build
command: |
docker login -u $DOCKER_USER -p $DOCKER_PASS
BRANCH=${CIRCLE_BRANCH//\//-}
TAG=$BRANCH-$CIRCLE_SHA1
DOCKER_HUB_REPO=${CIRCLE_PROJECT_REPONAME,,}
docker build -t talentmap/$DOCKER_HUB_REPO:$TAG .
docker push talentmap/$DOCKER_HUB_REPO:$TAG
yarn:
<<: *default-docker-node
parallelism: 16
resource_class: large
steps:
- checkout
- run: curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
- run: chmod +x ./cc-test-reporter
- run: ./cc-test-reporter before-build
- run: chmod +x ./certs/certs.sh
- run: cd certs && ./certs.sh
- run: cd ..
- restore_cache:
key: dependency-cache-{{ .Environment.CACHE_VERSION }}-{{ .Branch }}-{{ checksum "yarn.lock" }}
- run: mkdir ~/.npm-global
- run: mkdir ~/junit
- run: npm config set prefix '~/.npm-global'
- run: export PATH=~/.npm-global/bin:$PATH
- run: yarn install --pure-lockfile
- run:
name: Jest Test Coverage
command: |
TEST=$(circleci tests glob "src/**/*.test.{js,jsx}" | circleci tests split --split-by=timings)
yarn test $TEST -- --ci --reporters=default --reporters=jest-junit --coverageReporters=lcov
environment:
JEST_JUNIT_OUTPUT_NAME: "reports/jest/test-results.xml"
- run:
name: Code Climate Test Coverage
command: |
./cc-test-reporter format-coverage -t lcov -o "coverage/codeclimate.$CIRCLE_NODE_INDEX.json"
- persist_to_workspace:
root: coverage
paths:
- codeclimate.*.json
- run:
command: cp reports/jest/test-results.xml ~/junit/junit.xml
when: always
- store_test_results:
path: reports
- store_test_results:
path: ~/junit
- store_artifacts:
path: coverage/lcov.info
destination: coverage/lcov.info
- store_artifacts:
path: ~/junit
upload-coverage:
<<: *default-docker-node
steps:
- attach_workspace:
at: ~/project
- run:
name: Install Code Climate Test Reporter
command: |
curl -L https://codeclimate.com/downloads/test-reporter/test-reporter-latest-linux-amd64 > ./cc-test-reporter
chmod +x ./cc-test-reporter
- run:
command: |
./cc-test-reporter sum-coverage --output - codeclimate.*.json | ./cc-test-reporter upload-coverage --debug --input -
site:
# use machine executor to get 7.5gb instead of 4gb RAM and avoid "Exited with code exit status 137" memory error
machine:
image: ubuntu-2004:202111-02
resource_class: large
steps:
- checkout
- run:
name: Use nvm
command: |
echo 'conf_force_conffold=YES' | sudo tee -a /etc/ucf.conf
(yes || true) | sudo apt-get update && sudo apt-get upgrade
(yes || true) | sudo apt-get install build-essential libssl-dev -y
curl -o- https://raw.githubusercontent.com/nvm-sh/nvm/v0.39.1/install.sh | bash
export NVM_DIR="/opt/circleci/.nvm"
[ -s "$NVM_DIR/nvm.sh" ] && \. "$NVM_DIR/nvm.sh" # This loads nvm
[ -s "$NVM_DIR/bash_completion" ] && \. "$NVM_DIR/bash_completion" # This loads nvm bash_completion
nvm install 12.13.0
nvm use 12.13.0
- run: sudo apt install yarn
- run: node --version
- restore_cache:
key: dependency-cache-{{ .Environment.CACHE_VERSION }}-{{ .Branch }}-{{ checksum "yarn.lock" }}
- run: yarn install --pure-lockfile
- run:
name: Build site
command: FAST_BUILD=1 && yarn build
- run:
name: Zip artifact
command: zip talentmap.zip -r build/*
- store_artifacts:
path: talentmap.zip
destination: talentmap.zip
server:
<<: *default-docker-node
steps:
- checkout
- restore_cache:
key: dependency-cache-{{ .Environment.CACHE_VERSION }}-{{ .Branch }}-{{ checksum "yarn.lock" }}
- run: mkdir ~/.npm-global
- run: npm config set prefix '~/.npm-global'
- run: export PATH=~/.npm-global/bin:$PATH
- run:
name: Build server
command: mkdir server && cp package.json src/server.js src/saml2-config.js src/routes.js server/
- run:
name: Install dependencies
command: yarn install --production=true --no-lockfile --modules-folder server/node_modules/
environment:
NOYARNPOSTINSTALL: 1
- run:
name: Zip artifact
command: zip talentmap-server.zip -r server/*
- store_artifacts:
path: talentmap-server.zip
destination: talentmap-server.zip
# Disabled see 1368 pa11y:
# <<: *default-docker-node
# steps:
# - setup_remote_docker
# - checkout
# - run:
# name: Replace placeholders in Compose file
# command: |
# TAG=$CIRCLE_BRANCH-$CIRCLE_SHA1
# sed -i "s#@@LABEL@@#${TAG}#g" $COMPOSE_FILE_NAME
# sed -i "s#@@REPO_NAME@@#${CIRCLE_PROJECT_REPONAME,,}#g" $COMPOSE_FILE_NAME
# sed -i "s#@@API_REPO_NAME@@#${API_REPO_NAME}#g" $COMPOSE_FILE_NAME
# sed -i "s#@@API_REPO_BRANCH@@#${API_REPO_BRANCH}#g" $COMPOSE_FILE_NAME
# - run:
# name: Initialize Dummy Data Container
# command: |
# docker-compose -f $COMPOSE_FILE_NAME create data
# docker cp . data:/app
# - run:
# name: Migrate DB
# command: |
# docker-compose -f $COMPOSE_FILE_NAME \
# run app bash -c \
# "./wait-for-postgres.sh db && python manage.py migrate"
# - run:
# name: Run Yarn
# command: |
# docker-compose -f $COMPOSE_FILE_NAME \
# run web yarn
# - run:
# name: Start Server
# command: docker-compose -f $COMPOSE_FILE_NAME up -d
# - run:
# name: Run Pa11y
# command: |
# docker run --name pa11y --network container:web \
# --volumes-from data -t talentmap/pa11y-ci \
# pa11y-ci -c /app/.pa11yci
zap:
<<: *default-docker-node
steps:
- setup_remote_docker
- checkout
- run:
name: Replace placeholders in Compose file
command: |
TAG=$CIRCLE_BRANCH-$CIRCLE_SHA1
sed -i "s#@@LABEL@@#${TAG}#g" $COMPOSE_FILE_NAME
sed -i "s#@@REPO_NAME@@#${CIRCLE_PROJECT_REPONAME}#g" $COMPOSE_FILE_NAME
sed -i "s#@@API_REPO_NAME@@#${API_REPO_NAME}#g" $COMPOSE_FILE_NAME
sed -i "s#@@API_REPO_BRANCH@@#${API_REPO_BRANCH}#g" $COMPOSE_FILE_NAME
- run:
name: Initialize Dummy Data Container
command: |
docker-compose -f $COMPOSE_FILE_NAME create data
docker cp . data:/app
- run:
name: Migrate DB
command: |
docker-compose -f $COMPOSE_FILE_NAME \
run app bash -c \
"./wait-for-postgres.sh db && python manage.py migrate"
- run:
name: Run Yarn
command: |
docker-compose -f $COMPOSE_FILE_NAME \
run web yarn
- run:
name: Start Server
command: docker-compose -f $COMPOSE_FILE_NAME up -d
- run:
name: Run ZAP
command: |
docker run --name zap --network container:web \
-v /zap/wrk/ \
-t owasp/zap2docker-weekly \
zap-baseline.py -d \
-t http://web:3000/ \
-w "zap_results.md" \
-z "-Xmx4g"
push-stable:
<<: *default-docker-node
steps:
- setup_remote_docker
- run:
name: Push Stable Docker Image
command: |
BRANCH=${CIRCLE_BRANCH//\//-}
TAG=$BRANCH-$CIRCLE_SHA1
DOCKER_HUB_REPO=${CIRCLE_PROJECT_REPONAME,,}
docker login -u $DOCKER_USER -p $DOCKER_PASS
docker pull talentmap/$DOCKER_HUB_REPO:$TAG
docker tag talentmap/$DOCKER_HUB_REPO:$TAG talentmap/$DOCKER_HUB_REPO:$BRANCH
docker push talentmap/$DOCKER_HUB_REPO:$BRANCH
deploy:
<<: *default-docker-node
steps:
- add_ssh_keys
- run:
command: ssh -o StrictHostKeyChecking=no ec2-user@ec2-52-90-191-174.compute-1.amazonaws.com ./deploy.sh
workflows:
version: 2
build_and_test:
jobs:
# - build
# - docker-build:
# requires:
# - build
# filters:
# branches:
# only:
# - dev
# - staging
# - master
- yarn
- upload-coverage:
requires:
- yarn
- site:
requires:
- yarn
- server:
requires:
- yarn
# Disabled see 1368 - pa11y:
# requires:
# - docker-build
- deploy:
requires:
- yarn
filters:
branches:
only: dev
# - zap:s
# requires:
# - docker-build
# filters:
# tags:
# only: /^zap.*/
# branches:
# ignore: /.*/
#- push-stable:
# requires:
# - yarn
# # Disabled see 1368 - pa11y
# filters:
# branches:
# only:
# - dev
# - staging
# - master