-
Notifications
You must be signed in to change notification settings - Fork 3
/
.gitlab-ci.yml
189 lines (165 loc) · 6.09 KB
/
.gitlab-ci.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
# This file is a template, and might need editing before it works on your project.
# Auto DevOps
# This CI/CD configuration provides a standard pipeline for
# * building a Docker image (using a buildpack if necessary),
# * storing the image in the container registry,
# * running tests from a buildpack,
# * running code quality analysis,
# * creating a review app for each topic branch,
# * and continuous deployment to production
#
# Test jobs may be disabled by setting environment variables:
# * test: TEST_DISABLED
# * code_quality: CODE_QUALITY_DISABLED
# * license_management: LICENSE_MANAGEMENT_DISABLED
# * performance: PERFORMANCE_DISABLED
# * sast: SAST_DISABLED
# * dependency_scanning: DEPENDENCY_SCANNING_DISABLED
# * container_scanning: CONTAINER_SCANNING_DISABLED
# * dast: DAST_DISABLED
# * review: REVIEW_DISABLED
# * stop_review: REVIEW_DISABLED
#
# In order to deploy, you must have a Kubernetes cluster configured either
# via a project integration, or via group/project variables.
# KUBE_INGRESS_BASE_DOMAIN must also be set on the cluster settings,
# as a variable at the group or project level, or manually added below.
#
# Continuous deployment to production is enabled by default.
# If you want to deploy to staging first, set STAGING_ENABLED environment variable.
# If you want to enable incremental rollout, either manual or time based,
# set INCREMENTAL_ROLLOUT_MODE environment variable to "manual" or "timed".
# If you want to use canary deployments, set CANARY_ENABLED environment variable.
#
# If Auto DevOps fails to detect the proper buildpack, or if you want to
# specify a custom buildpack, set a project variable `BUILDPACK_URL` to the
# repository URL of the buildpack.
# e.g. BUILDPACK_URL=https://github.com/heroku/heroku-buildpack-ruby.git#v142
# If you need multiple buildpacks, add a file to your project called
# `.buildpacks` that contains the URLs, one on each line, in order.
# Note: Auto CI does not work with multiple buildpacks yet
image: alpine:latest
variables:
# KUBE_INGRESS_BASE_DOMAIN is the application deployment domain and should be set as a variable at the group or project level.
# KUBE_INGRESS_BASE_DOMAIN: domain.example.com
#POSTGRES_USER:
#POSTGRES_PASSWORD:
POSTGRES_DB: $CI_ENVIRONMENT_SLUG
POSTGRES_VERSION: 9.6.2
DOCKER_TLS_CERTDIR: ""
KUBERNETES_VERSION: 1.13.5
HELM_VERSION: 2.13.1
DOCKER_DRIVER: overlay2
ROLLOUT_RESOURCE_TYPE: deployment
stages:
- pre-build-test
- build
- test
- review
- dast
- staging
- canary
- production
- post-deployment-test
- incremental rollout 10%
- incremental rollout 25%
- incremental rollout 50%
- incremental rollout 100%
- performance
- cleanup
include:
- template: Jobs/Build.gitlab-ci.yml
#- template: Jobs/Test.gitlab-ci.yml
- template: Jobs/Code-Quality.gitlab-ci.yml
- template: Jobs/Deploy.gitlab-ci.yml
#- template: Jobs/Browser-Performance-Testing.gitlab-ci.yml
#- template: Security/DAST.gitlab-ci.yml
- template: Security/Container-Scanning.gitlab-ci.yml
#- template: Security/Dependency-Scanning.gitlab-ci.yml
#- template: Security/License-Management.gitlab-ci.yml
- template: Security/SAST.gitlab-ci.yml
test-server:
stage: performance
image: debian
script:
- cat environment_url.txt
- export CI_ENVIRONMENT_URL=$(cat environment_url.txt| sed 's/http:/https:/g')
- apt-get update && apt-get install -y apache2-utils curl
- which ab
- echo ${CI_ENVIRONMENT_URL}
- curl -kv ${CI_ENVIRONMENT_URL}/${TEST_PATH_2}
- ab -n 1000 -c 10 ${CI_ENVIRONMENT_URL}/${TEST_PATH_2}
- ab -n 100000 -c 100 ${CI_ENVIRONMENT_URL}/${TEST_PATH_2}
- ab -n 100000 -c 250 ${CI_ENVIRONMENT_URL}/${TEST_PATH_2}
artifacts:
paths: [environment_url.txt]
#except:
#- master
#- triggers
#- /^gke-.*$/
rules:
- if: '$CI_PIPELINE_SOURCE == "triggers"'
when: never
- if: '$CI_COMMIT_BRANCH =~ /^(gke|wp|csc|cz)-.*$/'
when: never
test-code:
stage: pre-build-test
image: dockerhub.ebi.ac.uk/tsi/base-images/dsds_server_base:v1.0.0
rules:
- if: '$CI_PIPELINE_SOURCE == "triggers"'
when: never
- if: '$CI_COMMIT_BRANCH =~ /^(gke|wp|csc|cz)-.*$/'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
script:
# setup database for testing
- yum install -y http://download.postgresql.org/pub/repos/yum/9.6/redhat/rhel-7-x86_64/pgdg-redhat-repo-latest.noarch.rpm
- yum install -y postgresql96-server postgresql96-contrib postgresql96
- su postgres -c 'PGDATA=/var/lib/pgsql/9.6/data /usr/pgsql-9.6/bin/pg_ctl initdb'
- su postgres -c '/usr/pgsql-9.6/bin/pg_ctl -D /var/lib/pgsql/9.6/data -l logfile start'
- sleep 10
- psql -U postgres -c "CREATE USER tester WITH PASSWORD 'test_password'"
- psql -U postgres -c "CREATE DATABASE dsds"
- psql -U postgres -c "GRANT ALL PRIVILEGES ON DATABASE dsds to tester"
- export DATABASE_URL="postgres://tester:test_password@localhost:5432/dsds"
# Seeding Data
- sh scripts/initDB.sh
# exporting variable for application
- export GLOBUS_CLIENT_ID=${K8S_SECRET_GLOBUS_CLIENT_ID}
- export GLOBUS_CLIENT_SECRET=${K8S_SECRET_GLOBUS_CLIENT_SECRET}
# Installing dependencies
- pip install --no-cache-dir -r requirements.txt
- pip install pytest pytest-asyncio pytest-trio pytest-tornasync pytest-cov
# Running test cases
- pytest --cov app/
# Override jobs to exclude certain condition
build:
rules:
- if: '$CI_PIPELINE_SOURCE == "triggers"'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
code_quality:
rules:
- if: '$CI_PIPELINE_SOURCE == "triggers"'
when: never
- if: '$CI_COMMIT_BRANCH =~ /^(gke|wp|csc|cz)-.*$/'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
container_scanning:
rules:
- if: '$CI_PIPELINE_SOURCE == "triggers"'
when: never
- if: '$CI_COMMIT_BRANCH =~ /^(gke|wp|csc|cz)-.*$/'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
sast:
rules:
- if: '$CI_PIPELINE_SOURCE == "triggers"'
when: never
- if: '$CI_COMMIT_BRANCH =~ /^(gke|wp|csc|cz)-.*$/'
when: never
- if: '$CI_COMMIT_TAG || $CI_COMMIT_BRANCH'
.dast:
except:
- master
- triggers