2024-05-06 16:40:52 +02:00
|
|
|
image: docker.io/rust:slim-bookworm
|
2024-05-06 09:57:54 +02:00
|
|
|
|
|
|
|
|
services:
|
2024-05-06 10:14:47 +02:00
|
|
|
- name: docker.io/groonga/pgroonga:latest-alpine-12-slim
|
|
|
|
|
alias: postgres
|
2024-05-07 23:46:41 +02:00
|
|
|
pull_policy: if-not-present
|
2024-05-06 10:14:47 +02:00
|
|
|
- name: docker.io/redis:7-alpine
|
|
|
|
|
alias: redis
|
2024-05-07 23:46:41 +02:00
|
|
|
pull_policy: if-not-present
|
2024-05-06 09:57:54 +02:00
|
|
|
|
2024-05-06 22:24:45 +02:00
|
|
|
workflow:
|
|
|
|
|
rules:
|
|
|
|
|
- if: $CI_PROJECT_PATH == 'firefish/firefish'
|
|
|
|
|
when: always
|
|
|
|
|
- if: $CI_MERGE_REQUEST_PROJECT_PATH == 'firefish/firefish'
|
|
|
|
|
when: always
|
2024-05-07 22:26:59 +02:00
|
|
|
- if: $CI_PROJECT_PATH != 'firefish/firefish'
|
|
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- .gitlab-ci.yml
|
|
|
|
|
when: never
|
2024-05-06 22:24:45 +02:00
|
|
|
- when: never
|
|
|
|
|
|
2024-05-06 09:57:54 +02:00
|
|
|
cache:
|
|
|
|
|
paths:
|
2024-05-06 16:40:52 +02:00
|
|
|
- node_modules
|
2024-05-06 18:50:10 +02:00
|
|
|
# - /usr/local/cargo/registry/index
|
|
|
|
|
# - /usr/local/cargo/registry/cache
|
2024-05-06 16:40:52 +02:00
|
|
|
- target/debug/deps
|
|
|
|
|
- target/debug/build
|
2024-05-06 09:57:54 +02:00
|
|
|
|
|
|
|
|
stages:
|
2024-05-10 14:05:34 +02:00
|
|
|
- dependency
|
2024-05-06 12:08:28 +02:00
|
|
|
- test
|
2024-05-06 22:49:22 +02:00
|
|
|
- build
|
2024-05-11 01:41:33 +02:00
|
|
|
- scan
|
2024-05-06 09:57:54 +02:00
|
|
|
|
|
|
|
|
variables:
|
2024-05-06 16:40:52 +02:00
|
|
|
POSTGRES_DB: 'firefish_db'
|
|
|
|
|
POSTGRES_USER: 'firefish'
|
|
|
|
|
POSTGRES_PASSWORD: 'password'
|
|
|
|
|
POSTGRES_HOST_AUTH_METHOD: 'trust'
|
|
|
|
|
DEBIAN_FRONTEND: 'noninteractive'
|
|
|
|
|
CARGO_PROFILE_DEV_OPT_LEVEL: '0'
|
|
|
|
|
CARGO_PROFILE_DEV_LTO: 'off'
|
|
|
|
|
CARGO_PROFILE_DEV_DEBUG: 'none'
|
2024-05-09 16:19:35 +02:00
|
|
|
CARGO_TERM_COLOR: 'always'
|
2024-05-06 09:57:54 +02:00
|
|
|
|
|
|
|
|
default:
|
|
|
|
|
before_script:
|
2024-05-06 18:50:10 +02:00
|
|
|
- apt-get update && apt-get -y upgrade
|
|
|
|
|
- apt-get -y --no-install-recommends install curl
|
|
|
|
|
- curl -fsSL 'https://deb.nodesource.com/setup_18.x' | bash -
|
|
|
|
|
- apt-get install -y --no-install-recommends build-essential clang mold python3 perl nodejs postgresql-client
|
2024-05-06 09:57:54 +02:00
|
|
|
- corepack enable
|
|
|
|
|
- corepack prepare pnpm@latest --activate
|
|
|
|
|
- cp .config/ci.yml .config/default.yml
|
2024-05-06 18:50:10 +02:00
|
|
|
- cp ci/cargo/config.toml /usr/local/cargo/config.toml
|
2024-05-06 09:57:54 +02:00
|
|
|
- export PGPASSWORD="${POSTGRES_PASSWORD}"
|
|
|
|
|
- psql --host postgres --user "${POSTGRES_USER}" --dbname "${POSTGRES_DB}" --command 'CREATE EXTENSION pgroonga'
|
|
|
|
|
|
2024-05-11 01:41:33 +02:00
|
|
|
test:build:
|
2024-05-06 12:08:28 +02:00
|
|
|
stage: test
|
2024-05-07 10:36:23 +02:00
|
|
|
rules:
|
2024-05-10 14:39:13 +02:00
|
|
|
- if: $TEST == 'false'
|
|
|
|
|
when: never
|
2024-05-10 09:32:56 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop' || $CI_PIPELINE_SOURCE == 'merge_request_event'
|
2024-05-07 10:36:23 +02:00
|
|
|
changes:
|
|
|
|
|
paths:
|
2024-05-07 21:41:20 +02:00
|
|
|
- packages/backend/*
|
|
|
|
|
- packages/backend-rs/*
|
|
|
|
|
- packages/macro-rs/*
|
|
|
|
|
- packages/megalodon/*
|
2024-05-07 10:36:23 +02:00
|
|
|
- scripts/**/*
|
|
|
|
|
- package.json
|
|
|
|
|
- pnpm-lock.yaml
|
|
|
|
|
- Cargo.toml
|
|
|
|
|
- Cargo.lock
|
2024-05-10 14:39:13 +02:00
|
|
|
when: always
|
2024-05-11 01:41:33 +02:00
|
|
|
needs:
|
|
|
|
|
- job: cargo:clippy
|
|
|
|
|
optional: true
|
|
|
|
|
- job: cargo:test
|
|
|
|
|
optional: true
|
2024-05-06 09:57:54 +02:00
|
|
|
script:
|
2024-05-06 12:08:28 +02:00
|
|
|
- pnpm install --frozen-lockfile
|
2024-05-06 09:57:54 +02:00
|
|
|
- pnpm run build:debug
|
2024-05-06 12:08:28 +02:00
|
|
|
- pnpm run migrate
|
2024-05-06 21:58:59 +02:00
|
|
|
|
2024-05-11 01:41:33 +02:00
|
|
|
test:build:client_only:
|
2024-05-07 21:41:20 +02:00
|
|
|
stage: test
|
|
|
|
|
rules:
|
2024-05-10 14:39:13 +02:00
|
|
|
- if: $TEST == 'false'
|
|
|
|
|
when: never
|
2024-05-10 09:32:56 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop' || $CI_PIPELINE_SOURCE == 'merge_request_event'
|
2024-05-07 21:41:20 +02:00
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- packages/backend/*
|
|
|
|
|
- packages/backend-rs/*
|
|
|
|
|
- packages/macro-rs/*
|
|
|
|
|
- packages/megalodon/*
|
2024-05-10 09:32:56 +02:00
|
|
|
- scripts/**/*
|
|
|
|
|
- package.json
|
|
|
|
|
- pnpm-lock.yaml
|
2024-05-07 21:41:20 +02:00
|
|
|
- Cargo.toml
|
|
|
|
|
- Cargo.lock
|
|
|
|
|
when: never
|
2024-05-10 14:05:34 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop' || $CI_PIPELINE_SOURCE == 'merge_request_event'
|
|
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- packages/client/*
|
|
|
|
|
- packages/firefish-js/*
|
|
|
|
|
- packages/sw/*
|
|
|
|
|
- locales/**/*
|
|
|
|
|
when: always
|
2024-05-07 23:46:41 +02:00
|
|
|
services: []
|
2024-05-08 01:26:56 +02:00
|
|
|
before_script:
|
|
|
|
|
- apt-get update && apt-get -y upgrade
|
|
|
|
|
- apt-get -y --no-install-recommends install curl
|
|
|
|
|
- curl -fsSL 'https://deb.nodesource.com/setup_18.x' | bash -
|
|
|
|
|
- apt-get install -y --no-install-recommends build-essential python3 perl nodejs
|
|
|
|
|
- corepack enable
|
|
|
|
|
- corepack prepare pnpm@latest --activate
|
|
|
|
|
- cp .config/ci.yml .config/default.yml
|
2024-05-07 21:41:20 +02:00
|
|
|
script:
|
|
|
|
|
- pnpm install --frozen-lockfile
|
2024-05-07 21:49:13 +02:00
|
|
|
- pnpm --filter 'firefish-js' --filter 'client' --filter 'sw' run build:debug
|
2024-05-07 21:41:20 +02:00
|
|
|
|
2024-05-09 16:19:35 +02:00
|
|
|
build:container:
|
2024-05-06 22:49:22 +02:00
|
|
|
stage: build
|
|
|
|
|
image: docker.io/debian:bookworm-slim
|
2024-05-06 23:11:31 +02:00
|
|
|
services: []
|
2024-05-06 22:49:22 +02:00
|
|
|
rules:
|
2024-05-10 14:39:13 +02:00
|
|
|
- if: $BUILD == 'false'
|
|
|
|
|
when: never
|
2024-05-06 22:49:22 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop'
|
2024-05-07 11:34:18 +02:00
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- packages/**/*
|
|
|
|
|
- locales/**/*
|
|
|
|
|
- scripts/copy-assets.mjs
|
|
|
|
|
- package.json
|
|
|
|
|
- pnpm-lock.yaml
|
|
|
|
|
- Cargo.toml
|
|
|
|
|
- Cargo.lock
|
|
|
|
|
- Dockerfile
|
|
|
|
|
- .dockerignore
|
2024-05-10 14:39:13 +02:00
|
|
|
when: always
|
2024-05-11 01:41:33 +02:00
|
|
|
needs:
|
|
|
|
|
- job: test:build
|
|
|
|
|
optional: true
|
|
|
|
|
- job: test:build:client_only
|
|
|
|
|
optional: true
|
2024-05-07 10:30:57 +02:00
|
|
|
before_script:
|
2024-05-06 22:49:22 +02:00
|
|
|
- apt-get update && apt-get -y upgrade
|
2024-05-07 10:30:57 +02:00
|
|
|
- apt-get install -y --no-install-recommends buildah ca-certificates fuse-overlayfs
|
2024-05-06 23:11:31 +02:00
|
|
|
- buildah login --username "${CI_REGISTRY_USER}" --password "${CI_REGISTRY_PASSWORD}" "${CI_REGISTRY}"
|
2024-05-07 10:30:57 +02:00
|
|
|
- export IMAGE_TAG="${CI_REGISTRY}/${CI_PROJECT_PATH}/develop:not-for-production"
|
2024-05-07 22:28:41 +02:00
|
|
|
- export IMAGE_CACHE="${CI_REGISTRY}/${CI_PROJECT_PATH}/develop/cache"
|
2024-05-07 10:30:57 +02:00
|
|
|
script:
|
2024-05-07 22:20:16 +02:00
|
|
|
- |-
|
|
|
|
|
buildah build \
|
|
|
|
|
--isolation chroot \
|
|
|
|
|
--device /dev/fuse:rw \
|
|
|
|
|
--security-opt seccomp=unconfined \
|
|
|
|
|
--security-opt apparmor=unconfined \
|
|
|
|
|
--cap-add all \
|
|
|
|
|
--platform linux/amd64 \
|
|
|
|
|
--layers \
|
2024-05-07 22:28:41 +02:00
|
|
|
--cache-to "${IMAGE_CACHE}" \
|
|
|
|
|
--cache-from "${IMAGE_CACHE}" \
|
2024-05-07 22:20:16 +02:00
|
|
|
--tag "${IMAGE_TAG}" \
|
|
|
|
|
.
|
2024-05-07 10:30:57 +02:00
|
|
|
- buildah inspect "${IMAGE_TAG}"
|
2024-05-07 11:00:53 +02:00
|
|
|
- buildah push "${IMAGE_TAG}"
|
2024-05-06 22:49:22 +02:00
|
|
|
|
2024-05-09 16:19:35 +02:00
|
|
|
cargo:test:
|
2024-05-06 21:58:59 +02:00
|
|
|
stage: test
|
|
|
|
|
rules:
|
2024-05-10 14:39:13 +02:00
|
|
|
- if: $TEST == 'false'
|
|
|
|
|
when: never
|
|
|
|
|
- if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == 'main'
|
|
|
|
|
when: never
|
2024-05-10 09:32:56 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop' || $CI_PIPELINE_SOURCE == 'merge_request_event'
|
2024-05-06 21:58:59 +02:00
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- packages/backend-rs/**/*
|
|
|
|
|
- packages/macro-rs/**/*
|
|
|
|
|
- Cargo.toml
|
|
|
|
|
- Cargo.lock
|
2024-05-10 14:39:13 +02:00
|
|
|
when: always
|
2024-05-06 21:58:59 +02:00
|
|
|
script:
|
2024-05-09 16:19:35 +02:00
|
|
|
- curl -LsSf https://get.nexte.st/latest/linux | tar zxf - -C /usr/local/cargo/bin
|
2024-05-06 21:58:59 +02:00
|
|
|
- pnpm install --frozen-lockfile
|
|
|
|
|
- mkdir packages/backend-rs/built
|
|
|
|
|
- cp packages/backend-rs/index.js packages/backend-rs/built/index.js
|
|
|
|
|
- cp packages/backend-rs/index.d.ts packages/backend-rs/built/index.d.ts
|
|
|
|
|
- pnpm --filter='!backend-rs' run build:debug
|
2024-05-09 16:19:35 +02:00
|
|
|
- cargo test --doc
|
|
|
|
|
- cargo nextest run
|
2024-05-06 21:58:59 +02:00
|
|
|
|
2024-05-09 16:19:35 +02:00
|
|
|
cargo:clippy:
|
2024-05-06 21:58:59 +02:00
|
|
|
stage: test
|
|
|
|
|
rules:
|
2024-05-10 14:39:13 +02:00
|
|
|
- if: $TEST == 'false'
|
|
|
|
|
when: never
|
|
|
|
|
- if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == 'main'
|
|
|
|
|
when: never
|
2024-05-10 09:32:56 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop' || $CI_PIPELINE_SOURCE == 'merge_request_event'
|
2024-05-06 21:58:59 +02:00
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- packages/backend-rs/**/*
|
|
|
|
|
- packages/macro-rs/**/*
|
|
|
|
|
- Cargo.toml
|
|
|
|
|
- Cargo.lock
|
2024-05-10 14:39:13 +02:00
|
|
|
when: always
|
2024-05-07 23:54:43 +02:00
|
|
|
services: []
|
|
|
|
|
before_script:
|
2024-05-08 18:15:09 +02:00
|
|
|
- apt-get update && apt-get -y upgrade
|
2024-05-08 01:26:56 +02:00
|
|
|
- apt-get install -y --no-install-recommends build-essential clang mold perl
|
2024-05-07 23:54:43 +02:00
|
|
|
- cp ci/cargo/config.toml /usr/local/cargo/config.toml
|
2024-05-07 20:58:21 +02:00
|
|
|
- rustup component add clippy
|
2024-05-07 23:54:43 +02:00
|
|
|
script:
|
2024-05-06 21:58:59 +02:00
|
|
|
- cargo clippy -- -D warnings
|
2024-05-06 23:53:03 +02:00
|
|
|
|
|
|
|
|
renovate:
|
|
|
|
|
stage: dependency
|
|
|
|
|
image:
|
|
|
|
|
name: docker.io/renovate/renovate:37-slim
|
|
|
|
|
entrypoint: [""]
|
|
|
|
|
rules:
|
|
|
|
|
- if: $RENOVATE && $CI_PIPELINE_SOURCE == 'schedule'
|
|
|
|
|
services: []
|
|
|
|
|
before_script: []
|
|
|
|
|
script:
|
|
|
|
|
- renovate --platform gitlab --token "${API_TOKEN}" --endpoint "${CI_SERVER_URL}/api/v4" "${CI_PROJECT_PATH}"
|
2024-05-11 00:26:53 +02:00
|
|
|
|
|
|
|
|
sast:
|
2024-05-11 01:41:33 +02:00
|
|
|
stage: scan
|
|
|
|
|
services: []
|
|
|
|
|
before_script: []
|
2024-05-11 01:50:13 +02:00
|
|
|
variables:
|
|
|
|
|
SAST_EXCLUDED_PATHS: .git,.config,.gitlab,.vscode,ci,custom,dev,docs,locales,node_modules,target
|
2024-05-11 01:41:33 +02:00
|
|
|
|
|
|
|
|
container_scanning:
|
|
|
|
|
stage: scan
|
2024-05-11 00:26:53 +02:00
|
|
|
services: []
|
|
|
|
|
before_script: []
|
|
|
|
|
rules:
|
2024-05-11 01:41:33 +02:00
|
|
|
- if: $BUILD == 'false'
|
2024-05-11 00:26:53 +02:00
|
|
|
when: never
|
2024-05-11 01:41:33 +02:00
|
|
|
- if: $CI_COMMIT_BRANCH == 'develop'
|
|
|
|
|
changes:
|
|
|
|
|
paths:
|
|
|
|
|
- packages/**/*
|
|
|
|
|
- locales/**/*
|
|
|
|
|
- scripts/copy-assets.mjs
|
|
|
|
|
- package.json
|
|
|
|
|
- pnpm-lock.yaml
|
|
|
|
|
- Cargo.toml
|
|
|
|
|
- Cargo.lock
|
|
|
|
|
- Dockerfile
|
|
|
|
|
- .dockerignore
|
|
|
|
|
when: always
|
|
|
|
|
needs:
|
|
|
|
|
- build:container
|
|
|
|
|
variables:
|
|
|
|
|
CS_IMAGE: "${CI_REGISTRY}/${CI_PROJECT_PATH}/develop:not-for-production"
|
|
|
|
|
|
2024-05-11 00:26:53 +02:00
|
|
|
include:
|
|
|
|
|
- template: Security/SAST.gitlab-ci.yml
|
2024-05-11 01:41:33 +02:00
|
|
|
- template: Jobs/Container-Scanning.gitlab-ci.yml
|
