forked from gorpipe/gor
-
Notifications
You must be signed in to change notification settings - Fork 0
/
.gitlab-ci.yml
254 lines (212 loc) · 6.12 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
#
# Gitlab build file for GOR.
#
include:
- project: wuxi-nextcode/sdev/gitlab-ci-scripts
file: /auto-ci-workflow/legacy.yml
variables:
DOCKER_DRIVER: overlay2
JAVA_BUILDER_IMAGE: registry.gitlab.com/wuxi-nextcode/sdev/build-images/java-17:latest
GIT_SUBMODULE_STRATEGY: none
GIT_DEPTH: 2
GRADLE_USER_HOME: "$CI_PROJECT_DIR/.gradle"
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
SECURITY_SCAN: "false"
SKIP_ECR: 'yes' # Skip the push to ECR step
# Vars needed for the Genuity Auto-CI
RELEASABLE_BRANCH: master # Optional (master is the default). If this matches the current branch, the built image will be releasable with a semver tag.
.publish-snapshot-version-from-commit:
before_script:
- export VERSION="$(cat VERSION)-SNAPSHOT"
# Triggers running on branch that should be releasable (by tagging later), must start with v so we don't pick merge requests.
.on-releasable-or-release-branch-only:
rules:
- if: $CI_COMMIT_REF_NAME == $RELEASABLE_BRANCH
- if: $CI_COMMIT_REF_NAME =~ /^release\/v(0|[1-9]\d*)\.(0|[1-9]\d*)$/
stages:
- build
- test
- publish
- promote
- release
- deploy
before_script:
- export GRADLE_USER_HOME=`pwd`/.gradle
.build_with_cache:
extends: .on-branches
image: "$JAVA_BUILDER_IMAGE"
tags:
- gitlab-build-01
variables:
# Vars for build resources
KUBERNETES_CPU_REQUEST: 2
KUBERNETES_CPU_LIMIT: 6
KUBERNETES_MEMORY_REQUEST: 2Gi
KUBERNETES_MEMORY_LIMIT: 6Gi
cache:
#key: "$CI_COMMIT_REF_NAME" # Cache per branch.
key:
files:
- gradle/wrapper/gradle-wrapper.properties # Cache per version of Gradle wrapper.
policy: pull
paths:
- .gradle/wrapper/
- .gradle/caches/
build:
extends: .build_with_cache
image: "$JAVA_BUILDER_IMAGE"
stage: build
variables:
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
script: ./gradlew classes
cache:
policy: pull-push
artifacts:
paths:
- "**/build/libs/*.jar"
.test:
extends: .build_with_cache
stage: test
variables:
GIT_SUBMODULE_STRATEGY: recursive
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
before_script:
- ln -s ${INTEGRATION_TESTS_SECRETS_ENV} tests/config/secrets.env
artifacts:
reports:
junit:
- "*/*/*/*/TEST-*.xml"
- "*/*/*/*/*/TEST-*.xml"
# Seems like ** does not work properly (even though it is used in the Gitlab docutmentation)
#- "**/build/test-results/test/**/TEST-*.xml"
# Is a litle bit faster, but does not publish test results!
build_test:
rules:
- when: never
extends:
- .build_with_cache
# - .test
stage: build
variables:
GIT_SUBMODULE_STRATEGY: recursive
GRADLE_OPTS: "-Dorg.gradle.daemon=false"
before_script:
- ln -s ${INTEGRATION_TESTS_SECRETS_ENV} tests/config/secrets.env
script: ./gradlew --continue test slowTest integrationTest
cache:
policy: pull-push
artifacts:
paths:
- "**/build/libs/*.jar"
reports:
junit:
- "*/*/*/*/TEST-*.xml"
- "*/*/*/*/*/TEST-*.xml"
# Seems like ** does not work properly (even though it is used in the Gitlab documentation)
#- "**/build/test-results/test/**/TEST-*.xml"
unittest:
extends: .test
script: ./gradlew --continue test
slowtest:
extends: .test
script: ./gradlew --continue slowTest
integrationtest:
extends: .test
script: ./gradlew --continue integrationTest
testcoverage:
rules:
- when: never
extends:
#- .on-releasable-or-release-branch-only
- .test
script: ./gradlew --continue jacocoTestReport
artifacts:
reports:
coverage_report:
coverage_format: cobertura
# gorscripts is top level and should include everything else.
path: "gorscripts/build/reports/jacoco/testCodeCoverageReport/cobertura.xml"
# This code quality block is needed to work around https://gitlab.com/gitlab-org/gitlab/issues/12274
code_quality:
extends:
- .on-releasable-or-release-branch-only
stage: test
tags:
- gitlab-build-01
variables:
KUBERNETES_CPU_REQUEST: 2
KUBERNETES_CPU_LIMIT: 6
KUBERNETES_MEMORY_REQUEST: 3Gi
KUBERNETES_MEMORY_LIMIT: 6Gi
TIMEOUT_SECONDS: "1200"
#CODECLIMATE_DEBUG: "1"
ENGINE_MEMORY_LIMIT_BYTES: "3221223823"
artifacts:
reports:
codequality: gl-code-quality-report.json
paths: [gl-code-quality-report.json]
expire_in: 1 week
dependency_scanning:
stage: test
tags:
- gitlab-build-01
variables:
KUBERNETES_CPU_REQUEST: 4
KUBERNETES_CPU_LIMIT: 6
KUBERNETES_MEMORY_REQUEST: 2Gi
KUBERNETES_MEMORY_LIMIT: 6Gi
DS_DEFAULT_ANALYZERS: "gemnasium-maven"
# There is no need to run tests or generate sphinx documentation for license management
# analysis, however, the license management plugin calls the build task so we have to manually
# disable tests and documentation generation.
SECURE_LOG_LEVEL: "debug"
GRADLE_OPTS: "-Dorg.gradle.daemon=false -Dskip.tests=true"
artifacts:
paths: [gl-dependency-scanning-report.json]
spotbugs-sast:
variables:
KUBERNETES_CPU_REQUEST: 4
KUBERNETES_CPU_LIMIT: 6
KUBERNETES_MEMORY_REQUEST: 2Gi
KUBERNETES_MEMORY_LIMIT: 6Gi
GRADLE_PATH: "$CI_PROJECT_DIR/gradlew"
SAST_JAVA_VERSION: "17"
JAVA_OPTS: "-Xmx4G"
SECURE_LOG_LEVEL: "debug"
GRADLE_OPTS: "-Dorg.gradle.daemon=false -Dorg.gradle.caching=true -Dskip.tests=true"
rules:
- if: '$SECURITY_SCAN == "true"'
.publish-base:
extends:
- .build_with_cache
stage: publish
script:
- ./gradlew publish -x test -x slowTest -x integrationTest -Pinclude.documentation -Pversion=${VERSION}
publish-snapshot:
extends:
- .publish-base
- .on-releasable-branch
- .publish-snapshot-version-from-commit
publish:
extends:
- .publish-base
- .on-semver-tag
# Disable default tasks that should not be triggered.
container_scanning:
rules:
- when: never
promote-container:
rules:
- when: never
tag-container:
rules:
- when: never
push-snapshot-to-dockerhub:
rules:
- when: never
push-feature-branch-docker-to-dockerhub:
rules:
- when: never
push-version-to-dockerhub:
rules:
- when: never