Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
Portal
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Iterations
Wiki
Requirements
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Test cases
Artifacts
Deploy
Releases
Package registry
Container registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Issue analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
EIP
Labrador
Portal
Merge requests
!65
Switch to a shared CI file
Code
Review changes
Check out branch
Open in Workspace
Download
Patches
Plain diff
Expand sidebar
Merged
Switch to a shared CI file
shared-ci
into
development
Overview
0
Commits
1
Pipelines
41
Changes
2
Merged
Switch to a shared CI file
Ruben Backx
requested to merge
shared-ci
into
development
11 months ago
Overview
0
Commits
1
Pipelines
41
Changes
2
See
https://gitlab.ewi.tudelft.nl/eip/labrador/shared-ci
Edited
11 months ago
by
Ruben Backx
0
0
Merge request reports
Compare
development
version 15
f36b0a41
11 months ago
version 14
a3c125cc
11 months ago
version 13
4529fd22
11 months ago
version 12
88e30f15
11 months ago
version 11
97735399
11 months ago
version 10
6c078cab
11 months ago
version 9
963c1b66
11 months ago
version 8
079dd305
11 months ago
version 7
4e85db51
11 months ago
version 6
2e40a238
11 months ago
version 5
383c7add
11 months ago
version 4
e9a0704d
11 months ago
version 3
3c6d3806
11 months ago
version 2
d9661553
11 months ago
version 1
c82f81ab
11 months ago
development (base)
and
latest version
latest version
7c40f39a
1 commit,
10 months ago
version 15
f36b0a41
1 commit,
11 months ago
version 14
a3c125cc
1 commit,
11 months ago
version 13
4529fd22
1 commit,
11 months ago
version 12
88e30f15
1 commit,
11 months ago
version 11
97735399
1 commit,
11 months ago
version 10
6c078cab
1 commit,
11 months ago
version 9
963c1b66
1 commit,
11 months ago
version 8
079dd305
1 commit,
11 months ago
version 7
4e85db51
1 commit,
11 months ago
version 6
2e40a238
1 commit,
11 months ago
version 5
383c7add
1 commit,
11 months ago
version 4
e9a0704d
1 commit,
11 months ago
version 3
3c6d3806
1 commit,
11 months ago
version 2
d9661553
1 commit,
11 months ago
version 1
c82f81ab
1 commit,
11 months ago
2 files
+
26
−
290
Inline
Compare changes
Side-by-side
Inline
Show whitespace changes
Show one file at a time
Files
2
.gitlab-ci.yml
+
9
−
288
View file @ 7c40f39a
Edit in single-file editor
Open in Web IDE
Show full file
@@ -16,297 +16,18 @@
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
image
:
gradle:jdk21
variables
:
DOCKER_TLS_CERTDIR
:
"
/certs"
DOCKER_DRIVER
:
overlay2
# The names of the stages we use
stages
:
-
build
-
prepare
-
test
-
review
-
gitlab reports
-
publish
-
deploy
# Default build cache settings to extend from
.build_cached
:
cache
:
key
:
"
gradle-build"
paths
:
# Only cache the gradle directory, as we do not use a shared cache
-
.gradle/
# - build/
# - generated/
policy
:
pull-push
.gitlab_reporter
:
stage
:
gitlab reports
needs
:
-
gradle_build
# Runs gradle build without tests or checks
gradle_build
:
extends
:
.build_cached
stage
:
build
rules
:
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID ||
$CI_PIPELINE_SOURCE == "push" ||
$CI_PIPELINE_SOURCE == "trigger"
cache
:
policy
:
pull-push
artifacts
:
name
:
build
expire_in
:
6 hours
paths
:
-
build/
script
:
-
gradle --build-cache build testClasses -x test -x licenseMain -x licenseTest -x spotlessJava -x spotlessCheck
# Run tests
gradle_test
:
extends
:
.build_cached
stage
:
test
needs
:
-
gradle_build
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID ||
$CI_PIPELINE_SOURCE == "push"
cache
:
policy
:
pull-push
coverage
:
'
/Code
coverage:
\d+\.\d+/'
artifacts
:
name
:
Coverage report
expire_in
:
6 hours
paths
:
-
codecov/
reports
:
junit
:
build/test-results/test/TEST-*.xml
coverage_report
:
coverage_format
:
cobertura
path
:
build/reports/jacoco/test/jacocoTestReport.xml
script
:
-
./gradlew test
after_script
:
# Rerun with none of the dependent tasks to ensure creation of the report
# without having to recheck whether the code has compiled (it has in build cache).
-
./gradlew jacocoTestReport -x processResources -x compileJava -x classes --rerun-tasks
# Print out the coverage percentage from the test report.
-
awk -F"," '{ instructions += $4 + $5; covered += $5 } END { print covered, "/", instructions, " instructions covered"; print "Code coverage:", 100*covered/instructions }' build/reports/jacoco/test/jacocoTestReport.csv ||
true
-
cp -r build/reports codecov
# Run spotless
gradle_spotless
:
extends
:
.build_cached
needs
:
-
gradle_build
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID ||
$CI_PIPELINE_SOURCE == "push"
artifacts
:
name
:
spotless
expose_as
:
Spotless Diagnosis
expire_in
:
7 days
paths
:
-
spotless-diagnose-java/
stage
:
review
script
:
-
./gradlew spotlessCheck
after_script
:
-
cp -r build/spotless-diagnose-java spotless-diagnose-java/
# Run license check
gradle_licenses
:
extends
:
.build_cached
needs
:
-
gradle_build
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID ||
$CI_PIPELINE_SOURCE == "push"
stage
:
review
script
:
-
./gradlew licenseMain
-
./gradlew licenseTest
# Publish the JAR for Portal
publish_jar
:
extends
:
.build_cached
stage
:
publish
rules
:
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID ||
$CI_PIPELINE_SOURCE == "push" ||
$CI_PIPELINE_SOURCE == "trigger"
needs
:
-
gradle_build
artifacts
:
name
:
portal
expose_as
:
Portal JAR
expire_in
:
7 days
paths
:
-
portal.jar
script
:
-
cp build/libs/portal-*.jar ./portal.jar
# Include templates for security scans and code quality reports
include
:
-
template
:
Jobs/Code-Quality.gitlab-ci.yml
-
template
:
Security/SAST.gitlab-ci.yml
-
template
:
Security/DAST.gitlab-ci.yml
-
template
:
Security/Dependency-Scanning.gitlab-ci.yml
-
template
:
Security/Secret-Detection.gitlab-ci.yml
# Runs the code quality reporter
code_quality
:
extends
:
-
.build_cached
-
.gitlab_reporter
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger" ||
$CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID
stage
:
gitlab reports
# Runs the SAST checks and reporter.
spotbugs-sast
:
variables
:
COMPILE
:
"
false"
allow_failure
:
true
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger" ||
$CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master" ||
$CI_COMMIT_BRANCH == "development" ||
$CI_MERGE_REQUEST_ID
stage
:
gitlab reports
needs
:
-
gradle_build
dependencies
:
-
gradle_build
-
project
:
"
eip/labrador/shared-ci"
ref
:
"
main"
file
:
"
.gitlab-ci-template.yaml"
# Run the DAST security checks and reporter.
# Currently set to manual as it requires a test environment to be up and running.
dast
:
extends
:
-
.build_cached
-
.gitlab_reporter
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger" ||
$CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master"
when
:
manual
stage
:
gitlab reports
variables
:
DAST_VERSION
:
latest
variables
:
APP_NAME
:
portal
# job for deploying on staging
deploy_staging
:
image
:
getsentry/sentry-cli
stage
:
deploy
dependencies
:
-
publish_jar
before_script
:
-
'
which
ssh-agent
||
(
apk
add
--update
openssh-client
)'
-
eval $(ssh-agent -s)
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
-
echo "$SSH_PRIVATE_KEY_STAGING" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
ssh-keyscan eiptest.ewi.tudelft.nl >> ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
script
:
-
scp portal.jar deployer-tam@eiptest.ewi.tudelft.nl:/var/www/portal/
-
ssh deployer-tam@eiptest.ewi.tudelft.nl sudo /bin/systemctl restart portal
environment
:
name
:
staging
url
:
https://portal.eiptest.ewi.tudelft.nl
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger" ||
$CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "development"
variables
:
USER
:
"
deployer-tam"
# Manual job for deploying on labrador.tudelft.nl
deploy
:
image
:
getsentry/sentry-cli
stage
:
deploy
dependencies
:
-
publish_jar
before_script
:
-
'
which
ssh-agent
||
(
apk
add
--update
openssh-client
)'
-
eval $(ssh-agent -s)
##
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
-
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
-
mkdir -p ~/.ssh
-
chmod 700 ~/.ssh
-
ssh-keyscan labrador.tudelft.nl >> ~/.ssh/known_hosts
-
chmod 644 ~/.ssh/known_hosts
script
:
-
start=$(date +%s)
-
export SENTRY_URL=$SENTRY_URL
-
export SENTRY_ORG=$SENTRY_GIT_ORG
-
export SENTRY_AUTH_TOKEN=$SENTRY_GIT_AUTH_TOKEN
-
export SENTRY_PROJECT=$SENTRY_GIT_PROJECT
-
export SENTRY_RELEASE_VERSION=`sentry-cli releases propose-version`
-
echo "proposed version is $SENTRY_RELEASE_VERSION"
-
sentry-cli releases set-commits $SENTRY_RELEASE_VERSION --auto
-
sentry-cli releases new $SENTRY_RELEASE_VERSION
-
ssh deploy@labrador.tudelft.nl cp /var/www/portal/portal.jar /var/www/portal/portal.jar.bak
-
scp portal.jar deploy@labrador.tudelft.nl:/var/www/portal/
-
ssh deploy@labrador.tudelft.nl sudo /bin/systemctl restart portal
-
sentry-cli releases finalize $SENTRY_RELEASE_VERSION
-
now=$(date +%s)
-
sentry-cli releases deploys $SENTRY_RELEASE_VERSION new -e production -t $((now-start))
environment
:
name
:
production
url
:
https://labrador.tudelft.nl
rules
:
-
if
:
$CI_PIPELINE_SOURCE == "trigger" ||
$CI_MERGE_REQUEST_EVENT_TYPE == "merge_train"
when
:
never
-
if
:
$CI_COMMIT_BRANCH == "master"
when
:
manual
variables
:
URL
:
"
labrador.tudelft.nl"
\ No newline at end of file
Loading