.gitlab-ci.yml
variables:
DOCKER_TLS_CERTDIR: "/certs"
stages:
- build
- test
- release
- deploy
sast:
stage: test
sentry:
image: getsentry/sentry-cli:latest
stage: release
rules:
- if: $CI_COMMIT_TAG && $SENTRY_ORG
before_script:
- export DOCKER_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//g')
script:
- sentry-cli releases new --finalize "$DOCKER_TAG"
- sentry-cli releases set-commits --auto "$DOCKER_TAG"
build:
image:
name: gcr.io/kaniko-project/executor:debug
entrypoint: [""]
stage: build
before_script:
- export DOCKER_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//g')
- mkdir -p /kaniko/.docker
- echo "{\"auths\":{\"${CI_REGISTRY}\":{\"auth\":\"$(printf "%s:%s" "${CI_REGISTRY_USER}" "${CI_REGISTRY_PASSWORD}" | base64 | tr -d '\n')\"}}}" > /kaniko/.docker/config.json
script:
- >-
/kaniko/executor
--context "${CI_PROJECT_DIR}"
--dockerfile "${CI_PROJECT_DIR}/Dockerfile"
--destination "${CI_REGISTRY_IMAGE}:${DOCKER_TAG}"
--build-arg "SENTRY_DSN=$SENTRY_DSN"
--build-arg "APP_VERSION=$DOCKER_TAG"
mark_release:
image: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:20
tags:
- privileged
stage: release
only:
- tags
services:
- name: ${CI_DEPENDENCY_PROXY_DIRECT_GROUP_IMAGE_PREFIX}/docker:20-dind
alias: docker
before_script:
- echo $CI_REGISTRY_PASSWORD | docker login --username $CI_REGISTRY_USER --password-stdin $CI_REGISTRY
- export DOCKER_TAG=$(echo "$CI_COMMIT_REF_NAME" | sed 's/^v//g')
script:
- docker pull $CI_REGISTRY_IMAGE:$DOCKER_TAG
- docker image tag $CI_REGISTRY_IMAGE:$DOCKER_TAG $CI_REGISTRY_IMAGE:latest
- docker push $CI_REGISTRY_IMAGE:latest
deploy_prod:
stage: deploy
image: alpine
environment:
name: production
url: https://time.amazingcat.net
only:
- tags
when: manual
before_script:
- 'which ssh-agent || ( apk add --update openssh )'
- eval $(ssh-agent -s)
- echo "$CI_KEY" | base64 -d | ssh-add -
- mkdir -p ~/.ssh
- chmod 700 ~/.ssh
- echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
script:
- ssh $CI_USER@$CI_HOST 'cd /mnt/hdd/services/cattr && docker compose pull'
- ssh $CI_USER@$CI_HOST 'cd /mnt/hdd/services/cattr && docker compose up -d'
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/Dependency-Scanning.gitlab-ci.yml
- template: Security/Secret-Detection.gitlab-ci.yml
- template: Security/License-Scanning.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml