infrastructure/python-gitlab-management
2
0
Fork 0
Code Issues Pull Requests Actions Projects Releases 29 Wiki Activity
Files
master
python-gitlab-management/.gitlab-ci.yml

507 lines
15 KiB
YAML
Raw Permalink Blame History

variables:
CI_BRANCH: $CI_COMMIT_BRANCH
stages:
- Verify
- Unit Testing
- package
- build
- test
- validate
- release
- publish
.PythonImageBuildModuleBefore_Script: &PythonImageBuildModuleBefore_Script |
pip install --user --upgrade setuptools wheel
pip install -r requirements.txt
pip install -r test/requirements_unittest.pip
apt-get update && apt-get install -y --no-install-recommends git
git --version
GIT_PYTHON_GIT_EXECUTABLE=$(which git)
echo $GIT_PYTHON_GIT_EXECUTABLE
echo $PATH
PATH=$PATH:$GIT_PYTHON_GIT_EXECUTABLE
PyLint:
stage: Verify
image: python:3.6.9-slim
before_script:
- *PythonImageBuildModuleBefore_Script
- python3 setup.py egg_info sdist bdist_wheel
script:
- python3 -m pylint --exit-zero --output-format=pylint_gitlab.GitlabCodeClimateReporter gitlab_management test *.py > gl-code-quality-report.json
- python3 -m pylint --exit-zero --output-format=pylint_gitlab.GitlabPagesHtmlReporter gitlab_management test *.py > gl-code-quality-report.html
- PyPIScore=$(python3 -m pylint --exit-zero gitlab_management test *.py | sed -n 's/^Your code has been rated at \([-0-9./]*\).*/\1/p')
- |
echo "{
\"PyLintScore\": \"$PyPIScore\"
}
" > badge_pylint.json
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: always
artifacts:
expire_in: 60 days
paths:
- gl-code-quality-report.json
- gl-code-quality-report.html
- badge_pylint.json
reports:
codequality: gl-code-quality-report.json
Unit Test:
stage: Unit Testing
image: python:3.6.9-slim
before_script:
- *PythonImageBuildModuleBefore_Script
- python3 setup.py egg_info sdist bdist_wheel
script:
- coverage run --parallel-mode --branch --context=Unit_Testing --source gitlab_management test/test_unit.py
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: always
artifacts:
expire_in: 3 days
paths:
- Unit.JUnit.xml
- gitlab_management/*.cover
- .coverage*
reports:
junit: Unit.JUnit.xml
Function Test:
stage: Unit Testing
image: python:3.6.9-slim
before_script:
- *PythonImageBuildModuleBefore_Script
- python3 setup.py egg_info sdist bdist_wheel
script:
- coverage run --parallel-mode --branch --context=Function_Testing --source gitlab_management test/test_function.py
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: always
artifacts:
expire_in: 3 days
paths:
- Function.JUnit.xml
- gitlab_management/*.cover
- .coverage*
reports:
junit: Function.JUnit.xml
Integration Test:
stage: Unit Testing
image: python:3.6.9-slim
before_script:
- *PythonImageBuildModuleBefore_Script
- python3 setup.py egg_info sdist bdist_wheel
script:
- coverage run --parallel-mode --branch --context=Integration_Testing --source gitlab_management test/test_integration.py
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: always
artifacts:
expire_in: 3 days
paths:
- Integration.JUnit.xml
- gitlab_management/*.cover
- .coverage*
reports:
junit: Integration.JUnit.xml
Coverage:
stage: package
image: python:3.6.9-slim
variables:
COVERAGE_DIR: public/$CI_COMMIT_BRANCH/coverage
before_script:
- *PythonImageBuildModuleBefore_Script
- python3 setup.py egg_info sdist bdist_wheel
script:
- coverage combine --append
- coverage report
- coverage html --show-contexts -d public/$CI_COMMIT_BRANCH/coverage
- coverage json -o badge_coverage.json
- coverage xml -o UnitTesting_coverage.xml
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: on_success
dependencies:
- Unit Test
- Function Test
- Integration Test
artifacts:
expire_in: 60 days
when: on_success
paths:
- UnitTesting_coverage.xml
- public/*
- badge_coverage.json
reports:
cobertura: UnitTesting_coverage.xml
gitlab-management_package:
stage: package
image: python:3.6.9-slim
variables:
GIT_PYTHON_GIT_EXECUTABLE: /bin/git
before_script:
- *PythonImageBuildModuleBefore_Script
- git --version
- python3 -m pip install --user --upgrade twine
script:
- python3 setup.py egg_info sdist bdist_wheel
after_script:
- python3 -m twine upload --verbose --repository-url https://gitlab.com/api/v4/projects/19099644/packages/pypi --username $LOCAL_PYPI_USER --password $LOCAL_PYPI_PASSWORD dist/*
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
changes:
- gitlab_management/*.py
- setup.py
- README.md
- CONTRIBUTING.md
when: on_success
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
artifacts:
expire_in: 3 days
when: on_success
paths:
- dist/*
- gitlab_management/__init__.py
- dockerfile
Docker_Build-Alpine:
stage: build
image: docker:latest
services:
- docker:19.03.11-dind
before_script:
- docker info
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
script:
- docker build . --no-cache --tag $CI_REGISTRY_IMAGE/gitlab-management:$CI_COMMIT_SHA
after_script:
- docker push $CI_REGISTRY_IMAGE/gitlab-management:$CI_COMMIT_SHA
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
changes:
- gitlab_management/*.py
- setup.py
- README.md
- CONTRIBUTING.md
when: on_success
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
dependencies:
- gitlab-management_package
tags:
- docker
include:
- template: Dependency-Scanning.gitlab-ci.yml
- template: Container-Scanning.gitlab-ci.yml
- template: License-Scanning.gitlab-ci.yml
- template: SAST.gitlab-ci.yml
pages:
stage: test
dependencies:
- Coverage
script:
- echo coverage reports to gitlab pages
artifacts:
paths:
- public
expire_in: 3 days
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: on_success
variables:
SAST_DEFAULT_ANALYZERS: "bandit"
# to activate security MR approvals: https://docs.gitlab.com/ee/user/application_security/index.html#enabling-security-approvals-within-a-project
bandit-sast:
dependencies:
- gitlab-management_package
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: $CI_COMMIT_BRANCH
changes:
- gitlab_management/*.py
- setup.py
when: on_success
allow_failure: false
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
Scan gitlab-management-Alpine:
extends: container_scanning
variables:
CI_APPLICATION_REPOSITORY: $CI_REGISTRY_IMAGE/gitlab-management
dependencies:
- gitlab-management_package
- Docker_Build-Alpine
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: $CI_COMMIT_BRANCH
changes:
- gitlab_management/*.py
- setup.py
when: on_success
allow_failure: false
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
container_scanning:
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: $CI_COMMIT_BRANCH
when: never
gemnasium-python-dependency_scanning:
variables:
DS_PYTHON_VERSION: 3
PIP_REQUIREMENTS_FILE: requirements.txt
dependencies:
- gitlab-management_package
- Docker_Build-Alpine
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: $CI_COMMIT_BRANCH
changes:
- setup.py
- requirements.txt
- requirements.pip
when: on_success
allow_failure: false
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
artifacts:
paths:
- gl-dependency-scanning-report.json
reports:
dependency_scanning: gl-dependency-scanning-report.json
# to activate licence approvals: https://docs.gitlab.com/ee/user/application_security/#enabling-license-approvals-within-a-project
license_scanning:
variables:
LM_PYTHON_VERSION: 3
dependencies:
- gitlab-management_package
- Docker_Build-Alpine
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: $CI_COMMIT_BRANCH
changes:
- setup.py
when: on_success
allow_failure: false
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
Documentation:
stage: validate
image: readthedocs/build:latest
script:
# 'dist/version' not required to validate the docs
- rm -vf $CI_PROJECT_DIR/dist/version
- rm -vf $CI_PROJECT_DIR/gitlab_management/__init__.py
- rm -vf $CI_PROJECT_DIR/dockerfile
- bash $CI_PROJECT_DIR/test/validation-build-docs.sh
dependencies:
- gitlab-management_package
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH == "master" || $CI_COMMIT_BRANCH == "development"'
when: always
- if: '$CI_COMMIT_BRANCH != "master"'
changes:
- gitlab_management/*.py
- setup.py
- docs/*
- README.md
- CONTRIBUTING.md
when: on_success
.ReleaseScript: &ReleaseScript |
release-cli create --name "Module version $Release_TAG" --description "
This GitLab tag matches the python version.
**Merge Request:** [MR-$CI_MERGE_REQUEST_ID]($CI_MERGE_REQUEST_PROJECT_URL/-/merge_requests/$CI_MERGE_REQUEST_ID)
**Milestone:** $CI_MERGE_REQUEST_MILESTONE
**Build Pipeline:** [Pipeline-$CI_PIPELINE_ID]($CI_PIPELINE_URL)
**Commit:** $CI_COMMIT_SHA
**Module Version:** $Release_TAG
**PyPi Module Link (pip)** https://pypi.org/project/gitlab-management/$Release_TAG/
**Docker Hub:** https://hub.docker.com/r/nofusscomputing/gitlab-management
This release supercedes previous versions" --tag-name $Release_TAG
GitLab-Release:
stage: release
image: registry.gitlab.com/gitlab-org/release-cli
variables:
GIT_STRATEGY: none
script:
- Release_TAG=$(cat $CI_PROJECT_DIR/dist/version)
- *ReleaseScript
after_script:
- export
dependencies:
- gitlab-management_package
- Docker_Build-Alpine
rules:
- if: $CI_COMMIT_TAG
when: never
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH == "master"'
when: on_success
allow_failure: false
- if: '$CI_COMMIT_BRANCH == "development"'
when: on_success
allow_failure: false
- if: '$CI_COMMIT_BRANCH != "master" && $CI_COMMIT_BRANCH != "development"'
when: manual
allow_failure: true
environment:
name: Release-PyPi
PyPi:
stage: publish
image: python:3.6.9-slim
variables:
GIT_STRATEGY: none
before_script:
- python3 -m pip install --user --upgrade twine
- pip3 download gitlab_management==$CI_COMMIT_TAG -f --pre --no-deps --index-url https://$LOCAL_PYPI_USER:$LOCAL_PYPI_PASSWORD@gitlab.com/api/v4/projects/19099644/packages/pypi/simple/ -d dist/
- pip3 download gitlab_management==$CI_COMMIT_TAG --no-binary ":all:" -f --pre --no-deps --index-url https://$LOCAL_PYPI_USER:$LOCAL_PYPI_PASSWORD@gitlab.com/api/v4/projects/19099644/packages/pypi/simple/ -d dist/ --isolated || true
script:
- python3 -m twine upload --verbose --username __token__ --password $NFC_TOKEN_PYPI dist/*
dependencies:
- gitlab-management_package
- Docker_Build-Alpine
- GitLab-Release
rules:
- if: $CI_COMMIT_TAG
when: on_success
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: never
environment:
name: Release-PyPi
Docker Hub:
stage: publish
image: docker:latest
services:
- docker:19.03.11-dind
before_script:
- export
- docker login $CI_REGISTRY -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD
- docker pull $CI_REGISTRY_IMAGE/gitlab-management:$CI_COMMIT_SHA
- docker logout $CI_REGISTRY
script:
# - Release_TAG=$(cat $CI_PROJECT_DIR/dist/version)
- docker login docker.io -u nofusscomputing -p $NFC_DOCKERHUB_TOKEN
- if [ "m$(echo $CI_BUILD_REF_NAME | grep rc)" == "m$CI_BUILD_REF_NAME" ]; then Branch_TAG=dev; else Branch_TAG=stable; fi
- echo Branch tag is $Branch_TAG
- docker image ls
- docker image tag $CI_REGISTRY_IMAGE/gitlab-management:$CI_COMMIT_SHA nofusscomputing/gitlab-management:$CI_BUILD_TAG
- docker image tag $CI_REGISTRY_IMAGE/gitlab-management:$CI_COMMIT_SHA nofusscomputing/gitlab-management:$Branch_TAG
- docker image ls
- docker push nofusscomputing/gitlab-management:$Branch_TAG
- docker push nofusscomputing/gitlab-management:$CI_BUILD_TAG
rules:
- if: $CI_COMMIT_TAG
when: on_success
- if: $CI_MERGE_REQUEST_IID
when: never
- if: '$CI_COMMIT_BRANCH'
when: never
dependencies:
- gitlab-management_package
- Docker_Build-Alpine
- GitLab-Release
tags:
- docker
environment:
name: Release-DockerHub
Reference in New Issue View Git Blame Copy Permalink