-
Notifications
You must be signed in to change notification settings - Fork 5
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
175 lines (167 loc) · 5.73 KB
/
.gitlab-ci.yml
File metadata and controls
175 lines (167 loc) · 5.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
image:
name: igloo-containers.tools.kobalt.fr/containers/maven-igloo:3.9-eclipse-temurin-25
variables:
MAVEN_OPTS: "-Xmx1536m"
JAVA_TOOL_OPTIONS: "-Duser.language=fr -Duser.country=FR -Duser.timezone=Europe/Paris -Dfile.encoding=UTF-8"
stages:
# build includes tests
- build
- deploy
- analyze
- init
- dependency-check
maven-build:
stage: build
environment: staging
script:
- "mvn spotless:check"
- "mvn -U clean package"
artifacts:
when: always
paths:
- "**/target/surefire-reports/TEST-*.xml"
reports:
junit:
- "**/target/surefire-reports/TEST-*.xml"
rules:
- if: $CI_COMMIT_BRANCH == "owasp"
when: never
- if: $CI_PIPELINE_SOURCE == "api"
when: never
- when: on_success
tags:
- docker
services:
- name: docker:28-dind
variables:
# Instruct Testcontainers to use the daemon of DinD, use port 2375 for non-tls connections.
DOCKER_HOST: "tcp://docker:2375"
# Instruct Docker not to start over TLS.
DOCKER_TLS_CERTDIR: ""
# Improve performance with overlayfs.
DOCKER_DRIVER: overlay2
# test project initialisation from basic-app
# Generate project named basic-application
# Diff with basic-application to check
# Build new project
# Not done: test are not launched
# Need to launched after deploy as igloo artifacts are needed.
test-init:
stage: init
needs: ['maven-deploy']
script:
- apt-get update
- apt-get install -y libxml2-utils
- cd tools/igloo-project-init
- hatch fmt
- hatch run types:check
# check forbidden logger name in log4j2 properties
- grep -qEr '.*basicapp.*=' --include log4j2*properties --exclude-dir target && { echo "Do not use basicapp in logger name (incompatible with project init)"; exit 1; }
- >
hatch run igloo-project-init
-v --debug --check-diff --check-build
--igloo-url "$CI_PROJECT_DIR"
basic-application org.iglooproject.archetype CURRENT_IGLOO_VERSION basicapp
BasicApplication basicApplication "Basic Application" basic_application
rules:
- if: $CI_PIPELINE_SOURCE == "api"
when: never
- if: $CI_COMMIT_BRANCH == "dev"
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
tags:
- docker
basic-application-init:
stage: build
script:
- apt-get update
- apt-get install -y libxml2-utils
- cd tools/igloo-project-init
- export GIT_USER="token"
- export GIT_PASSWORD="$GIT_ACCESS_TOKEN"
- '[ "$DRY_RUN" == "true" ] && DRY_RUN_ARGS=--dry-run || DRY_RUN_ARGS=""'
- >
hatch run igloo-project-init
-v --debug --check-build
--igloo-url "$CI_PROJECT_DIR" $DRY_RUN_ARGS
--target-url "$GIT_HTTPS_REPO_PROJECT" --target-branch ${TARGET_BRANCH:-main}
--target-username kobalt-admin --target-email infra@kobalt.fr
"$ARTIFACT_ID" "$GROUP_ID" "$VERSION" "$PACKAGE"
"$ARCHETYPE_APPLICATION_NAME_PREFIX" "$ARCHETYPE_SPRING_ANNOTATION_VALUE_PREFIX" "$ARCHETYPE_FULL_APPLICTION_NAME" "$ARCHETYPE_DATABASE_PREFIX"
rules:
- if: $CI_PIPELINE_SOURCE == "api"
tags:
- docker
maven-deploy:
stage: deploy
environment: staging
script:
- IGLOO_VERSION=$(mvn -Dexec.executable='echo' -Dexec.args='${project.version}' --non-recursive exec:exec -q)
- if [[ $IGLOO_VERSION =~ "SNAPSHOT" ]] || [[ $CI_COMMIT_TAG =~ ^v ]]; then
mvn -U deploy -DperformRelease -Ddistribution=igloo-release -DskipTests;
else
echo "can't deploy non version SNAPSHOT on branch job"; exit 0;
fi
rules:
- if: $CI_PIPELINE_SOURCE == "api"
when: never
- if: $CI_COMMIT_TAG
- if: $CI_COMMIT_BRANCH == "dev"
- if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
- if: $CI_COMMIT_BRANCH =~ /^hf-.*$/
tags:
- docker
sonar-analyze:
needs: []
stage: analyze
environment: staging
script:
- mvn -U verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar
-Dsonar.projectBranch=dev
-DskipTests
-Dsonar.host.url="https://sonar.tools.kobalt.fr"
rules:
- if: $CI_PIPELINE_SOURCE == "api"
when: never
- if: $CI_COMMIT_BRANCH == "owasp"
when: never
- when: on_success
tags:
- docker
# dependency check job. owasp-suppressions-pending is used to check vulnerabilities every days without known CVE.
# on new release, owasp branch is reset with igloo-release script
igloo-dependency-check:
allow_failure: true
stage: dependency-check
script:
- SUPPRESSION_URL_PENDING=https://raw.githubusercontent.com/igloo-project/igloo-parent/refs/heads/dev/owasp-suppressions-pending.xml;
- if [ $CI_COMMIT_BRANCH == "owasp" ] && [ $CI_PIPELINE_SOURCE == "schedule" ]; then
SUPPRESSION_FILES=../owasp-suppressions.xml,$SUPPRESSION_URL_PENDING;
else
SUPPRESSION_FILES=../owasp-suppressions.xml;
fi
- 'cd basic-application && mvn clean package -DskipTests org.owasp:dependency-check-maven:check -U
-DnodeAnalyzerEnabled=false -DyarnAuditAnalyzerEnabled=false -DassemblyAnalyzerEnabled=false
-DsuppressionFiles=$SUPPRESSION_FILES
-DnvdApiKey=$OWASP_API_KEY
-DossIndexUsername=roland.foucher@kobalt.fr -DossIndexPassword=$OWASP_OSS_INDEX_TOKEN
-Dformats=HTML,JUNIT -DfailBuildOnCVSS=0 -DjunitFailOnCVSS=0'
artifacts:
when: always
paths:
- '*/basic-application-app/target/dependency-check-junit.xml'
- '*/basic-application-app/target/dependency-check-report.html'
reports:
junit:
- '*/basic-application-app/target/dependency-check-junit.xml'
rules:
- if: $CI_PIPELINE_SOURCE == "api"
when: never
- if: $CI_COMMIT_BRANCH == "dev"
when: manual
- if: $CI_COMMIT_BRANCH =~ /^hf-.*$/
when: manual
- if: $CI_COMMIT_BRANCH =~ /^ft-.*-deploy$/
when: manual
- if: $CI_COMMIT_BRANCH == "main"
- if: $CI_COMMIT_BRANCH == "owasp" && $CI_PIPELINE_SOURCE == "schedule"