2021-06-01 03:58:50 +03:00
|
|
|
stages:
|
|
|
|
- build
|
2021-07-19 18:18:25 +03:00
|
|
|
- build docker image
|
2021-07-19 11:23:04 +03:00
|
|
|
- test
|
2021-07-11 14:43:48 +03:00
|
|
|
- upload artifacts
|
2021-05-13 10:57:11 +03:00
|
|
|
|
2021-03-13 22:00:13 +03:00
|
|
|
variables:
|
2022-10-29 15:32:22 +03:00
|
|
|
# Make GitLab CI go fast:
|
2021-03-13 22:00:13 +03:00
|
|
|
GIT_SUBMODULE_STRATEGY: recursive
|
2021-05-13 10:57:11 +03:00
|
|
|
FF_USE_FASTZIP: 1
|
2021-07-02 15:26:26 +03:00
|
|
|
CACHE_COMPRESSION_LEVEL: fastest
|
2021-08-13 18:20:40 +03:00
|
|
|
|
2021-07-19 18:18:25 +03:00
|
|
|
# --------------------------------------------------------------------- #
|
|
|
|
# Create and publish docker image #
|
|
|
|
# --------------------------------------------------------------------- #
|
|
|
|
|
|
|
|
.docker-shared-settings:
|
|
|
|
stage: "build docker image"
|
2022-10-29 15:32:22 +03:00
|
|
|
needs: []
|
2023-01-19 09:21:04 +03:00
|
|
|
tags: [ "docker" ]
|
2022-10-29 15:32:22 +03:00
|
|
|
variables:
|
|
|
|
# Docker in Docker:
|
2023-06-26 23:06:17 +03:00
|
|
|
DOCKER_BUILDKIT: 1
|
|
|
|
image:
|
|
|
|
name: docker.io/docker
|
2021-11-21 20:34:08 +03:00
|
|
|
services:
|
2023-06-26 23:06:17 +03:00
|
|
|
- name: docker.io/docker:dind
|
2023-05-21 23:41:08 +03:00
|
|
|
alias: docker
|
2021-07-19 18:18:25 +03:00
|
|
|
script:
|
2022-10-29 15:32:22 +03:00
|
|
|
- apk add openssh-client
|
|
|
|
- eval $(ssh-agent -s)
|
|
|
|
- mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
|
|
|
- printf "Host *\n\tStrictHostKeyChecking no\n\n" >> ~/.ssh/config
|
|
|
|
- sh .gitlab/setup-buildx-remote-builders.sh
|
|
|
|
# Authorize against this project's own image registry:
|
|
|
|
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
|
|
|
|
# Build multiplatform image and push to temporary tag:
|
2021-07-19 18:18:25 +03:00
|
|
|
- >
|
2022-10-29 15:32:22 +03:00
|
|
|
docker buildx build
|
|
|
|
--platform "linux/arm/v7,linux/arm64,linux/amd64"
|
2021-11-21 20:34:08 +03:00
|
|
|
--pull
|
2022-10-29 15:32:22 +03:00
|
|
|
--tag "$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
|
2021-11-21 20:34:08 +03:00
|
|
|
--push
|
2022-10-29 15:32:22 +03:00
|
|
|
--file "Dockerfile" .
|
|
|
|
# Build multiplatform image to deb stage and extract their .deb files:
|
|
|
|
- >
|
|
|
|
docker buildx build
|
|
|
|
--platform "linux/arm/v7,linux/arm64,linux/amd64"
|
|
|
|
--target "packager-result"
|
|
|
|
--output="type=local,dest=/tmp/build-output"
|
|
|
|
--file "Dockerfile" .
|
|
|
|
# Build multiplatform image to binary stage and extract their binaries:
|
|
|
|
- >
|
|
|
|
docker buildx build
|
|
|
|
--platform "linux/arm/v7,linux/arm64,linux/amd64"
|
|
|
|
--target "builder-result"
|
|
|
|
--output="type=local,dest=/tmp/build-output"
|
|
|
|
--file "Dockerfile" .
|
|
|
|
# Copy to GitLab container registry:
|
|
|
|
- >
|
|
|
|
docker buildx imagetools create
|
|
|
|
--tag "$CI_REGISTRY_IMAGE/$TAG"
|
|
|
|
--tag "$CI_REGISTRY_IMAGE/$TAG-bullseye"
|
|
|
|
--tag "$CI_REGISTRY_IMAGE/$TAG-commit-$CI_COMMIT_SHORT_SHA"
|
|
|
|
"$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
|
|
|
|
# if DockerHub credentials exist, also copy to dockerhub:
|
|
|
|
- if [ -n "${DOCKER_HUB}" ]; then docker login -u "$DOCKER_HUB_USER" -p "$DOCKER_HUB_PASSWORD" "$DOCKER_HUB"; fi
|
|
|
|
- >
|
|
|
|
if [ -n "${DOCKER_HUB}" ]; then
|
|
|
|
docker buildx imagetools create
|
|
|
|
--tag "$DOCKER_HUB_IMAGE/$TAG"
|
|
|
|
--tag "$DOCKER_HUB_IMAGE/$TAG-bullseye"
|
|
|
|
--tag "$DOCKER_HUB_IMAGE/$TAG-commit-$CI_COMMIT_SHORT_SHA"
|
|
|
|
"$CI_REGISTRY_IMAGE/temporary-ci-images:$CI_JOB_ID"
|
|
|
|
; fi
|
|
|
|
- mv /tmp/build-output ./
|
|
|
|
artifacts:
|
|
|
|
paths:
|
|
|
|
- "./build-output/"
|
2021-09-02 18:17:51 +03:00
|
|
|
|
2022-10-29 15:32:22 +03:00
|
|
|
docker:next:
|
2021-09-02 18:17:51 +03:00
|
|
|
extends: .docker-shared-settings
|
|
|
|
rules:
|
2022-10-29 15:32:22 +03:00
|
|
|
- if: '$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_BRANCH == "next"'
|
2021-11-21 20:34:08 +03:00
|
|
|
variables:
|
2022-10-29 15:32:22 +03:00
|
|
|
TAG: "matrix-conduit:next"
|
2021-11-26 01:36:44 +03:00
|
|
|
|
2022-10-29 15:32:22 +03:00
|
|
|
docker:master:
|
2021-11-26 01:36:44 +03:00
|
|
|
extends: .docker-shared-settings
|
|
|
|
rules:
|
2022-10-29 15:32:22 +03:00
|
|
|
- if: '$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_BRANCH == "master"'
|
2021-11-26 01:36:44 +03:00
|
|
|
variables:
|
2022-10-29 15:32:22 +03:00
|
|
|
TAG: "matrix-conduit:latest"
|
2021-08-13 18:20:40 +03:00
|
|
|
|
2022-10-29 15:32:22 +03:00
|
|
|
docker:tags:
|
2022-02-15 13:17:32 +03:00
|
|
|
extends: .docker-shared-settings
|
|
|
|
rules:
|
2022-10-29 15:32:22 +03:00
|
|
|
- if: "$BUILD_SERVER_SSH_PRIVATE_KEY && $CI_COMMIT_TAG"
|
2022-02-15 13:17:32 +03:00
|
|
|
variables:
|
2022-10-29 15:32:22 +03:00
|
|
|
TAG: "matrix-conduit:$CI_COMMIT_TAG"
|
2022-02-15 13:17:32 +03:00
|
|
|
|
|
|
|
|
2023-06-26 23:06:17 +03:00
|
|
|
docker build debugging:
|
|
|
|
extends: .docker-shared-settings
|
|
|
|
rules:
|
|
|
|
- if: "$CI_MERGE_REQUEST_TITLE =~ /.*[Dd]ocker.*/"
|
|
|
|
variables:
|
|
|
|
TAG: "matrix-conduit-docker-tests:latest"
|
|
|
|
|
2021-08-13 18:20:40 +03:00
|
|
|
# --------------------------------------------------------------------- #
|
|
|
|
# Run tests #
|
|
|
|
# --------------------------------------------------------------------- #
|
|
|
|
|
2022-10-29 15:32:22 +03:00
|
|
|
cargo check:
|
|
|
|
stage: test
|
2023-06-10 18:35:22 +03:00
|
|
|
image: docker.io/rust:1.70.0-bullseye
|
2022-10-29 15:32:22 +03:00
|
|
|
needs: []
|
|
|
|
interruptible: true
|
|
|
|
before_script:
|
|
|
|
- "rustup show && rustc --version && cargo --version" # Print version info for debugging
|
|
|
|
- apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
|
|
|
|
script:
|
|
|
|
- cargo check
|
|
|
|
|
|
|
|
|
2022-02-19 00:29:55 +03:00
|
|
|
.test-shared-settings:
|
2021-08-13 18:20:40 +03:00
|
|
|
stage: "test"
|
2021-11-21 20:34:08 +03:00
|
|
|
needs: []
|
2022-02-02 02:51:38 +03:00
|
|
|
image: "registry.gitlab.com/jfowl/conduit-containers/rust-with-tools:latest"
|
2021-11-21 20:34:08 +03:00
|
|
|
tags: ["docker"]
|
2021-08-13 18:20:40 +03:00
|
|
|
variables:
|
2021-12-14 13:16:02 +03:00
|
|
|
CARGO_INCREMENTAL: "false" # https://matklad.github.io/2021/09/04/fast-rust-builds.html#ci-workflow
|
2021-08-13 18:20:40 +03:00
|
|
|
interruptible: true
|
2022-02-19 00:29:55 +03:00
|
|
|
|
|
|
|
test:cargo:
|
|
|
|
extends: .test-shared-settings
|
2021-08-13 18:20:40 +03:00
|
|
|
before_script:
|
2022-10-29 15:32:22 +03:00
|
|
|
- apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
|
2021-08-13 18:20:40 +03:00
|
|
|
script:
|
2021-11-21 20:34:08 +03:00
|
|
|
- rustc --version && cargo --version # Print version info for debugging
|
2023-06-10 18:35:22 +03:00
|
|
|
- "cargo test --color always --workspace --verbose --locked --no-fail-fast"
|
2022-06-23 01:14:53 +03:00
|
|
|
|
|
|
|
test:clippy:
|
|
|
|
extends: .test-shared-settings
|
|
|
|
allow_failure: true
|
|
|
|
before_script:
|
|
|
|
- rustup component add clippy
|
2022-10-29 15:32:22 +03:00
|
|
|
- apt-get update && apt-get -y --no-install-recommends install libclang-dev # dependency for rocksdb
|
2022-06-23 01:14:53 +03:00
|
|
|
script:
|
|
|
|
- rustc --version && cargo --version # Print version info for debugging
|
|
|
|
- "cargo clippy --color always --verbose --message-format=json | gitlab-report -p clippy > $CI_PROJECT_DIR/gl-code-quality-report.json"
|
|
|
|
artifacts:
|
|
|
|
when: always
|
|
|
|
reports:
|
2021-11-21 20:34:08 +03:00
|
|
|
codequality: gl-code-quality-report.json
|
2021-08-13 18:20:40 +03:00
|
|
|
|
2022-02-19 00:29:55 +03:00
|
|
|
test:format:
|
|
|
|
extends: .test-shared-settings
|
|
|
|
before_script:
|
|
|
|
- rustup component add rustfmt
|
|
|
|
script:
|
|
|
|
- cargo fmt --all -- --check
|
|
|
|
|
2022-02-19 00:30:02 +03:00
|
|
|
test:audit:
|
|
|
|
extends: .test-shared-settings
|
|
|
|
allow_failure: true
|
|
|
|
script:
|
|
|
|
- cargo audit --color always || true
|
|
|
|
- cargo audit --stale --json | gitlab-report -p audit > gl-sast-report.json
|
|
|
|
artifacts:
|
|
|
|
when: always
|
|
|
|
reports:
|
|
|
|
sast: gl-sast-report.json
|
|
|
|
|
2022-02-15 20:33:20 +03:00
|
|
|
test:dockerlint:
|
|
|
|
stage: "test"
|
|
|
|
needs: []
|
2022-03-18 20:05:16 +03:00
|
|
|
image: "ghcr.io/hadolint/hadolint@sha256:6c4b7c23f96339489dd35f21a711996d7ce63047467a9a562287748a03ad5242" # 2.8.0-alpine
|
2022-02-15 20:33:20 +03:00
|
|
|
interruptible: true
|
|
|
|
script:
|
2022-03-18 20:05:16 +03:00
|
|
|
- hadolint --version
|
2022-02-15 20:33:20 +03:00
|
|
|
# First pass: Print for CI log:
|
|
|
|
- >
|
|
|
|
hadolint
|
|
|
|
--no-fail --verbose
|
|
|
|
./Dockerfile
|
|
|
|
# Then output the results into a json for GitLab to pretty-print this in the MR:
|
|
|
|
- >
|
|
|
|
hadolint
|
|
|
|
--format gitlab_codeclimate
|
|
|
|
--failure-threshold error
|
2022-10-29 15:32:22 +03:00
|
|
|
./Dockerfile > dockerlint.json
|
2022-02-15 20:33:20 +03:00
|
|
|
artifacts:
|
|
|
|
when: always
|
|
|
|
reports:
|
|
|
|
codequality: dockerlint.json
|
|
|
|
paths:
|
|
|
|
- dockerlint.json
|
|
|
|
rules:
|
|
|
|
- if: '$CI_COMMIT_REF_NAME != "master"'
|
|
|
|
changes:
|
|
|
|
- docker/*Dockerfile
|
|
|
|
- Dockerfile
|
|
|
|
- .gitlab-ci.yml
|
|
|
|
- if: '$CI_COMMIT_REF_NAME == "master"'
|
|
|
|
- if: '$CI_COMMIT_REF_NAME == "next"'
|
|
|
|
|
2021-07-02 15:26:26 +03:00
|
|
|
# --------------------------------------------------------------------- #
|
2021-07-11 14:43:48 +03:00
|
|
|
# Store binaries as package so they have download urls #
|
2021-07-02 15:26:26 +03:00
|
|
|
# --------------------------------------------------------------------- #
|
2021-06-01 03:58:50 +03:00
|
|
|
|
2022-10-29 15:32:22 +03:00
|
|
|
# DISABLED FOR NOW, NEEDS TO BE FIXED AT A LATER TIME:
|
|
|
|
|
|
|
|
#publish:package:
|
|
|
|
# stage: "upload artifacts"
|
|
|
|
# needs:
|
|
|
|
# - "docker:tags"
|
|
|
|
# rules:
|
|
|
|
# - if: "$CI_COMMIT_TAG"
|
|
|
|
# image: curlimages/curl:latest
|
|
|
|
# tags: ["docker"]
|
|
|
|
# variables:
|
|
|
|
# GIT_STRATEGY: "none" # Don't need a clean copy of the code, we just operate on artifacts
|
|
|
|
# script:
|
|
|
|
# - 'BASE_URL="${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/conduit-${CI_COMMIT_REF_SLUG}/build-${CI_PIPELINE_ID}"'
|
|
|
|
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_amd64/conduit "${BASE_URL}/conduit-x86_64-unknown-linux-gnu"'
|
|
|
|
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm_v7/conduit "${BASE_URL}/conduit-armv7-unknown-linux-gnu"'
|
|
|
|
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm64/conduit "${BASE_URL}/conduit-aarch64-unknown-linux-gnu"'
|
|
|
|
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_amd64/conduit.deb "${BASE_URL}/conduit-x86_64-unknown-linux-gnu.deb"'
|
|
|
|
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm_v7/conduit.deb "${BASE_URL}/conduit-armv7-unknown-linux-gnu.deb"'
|
|
|
|
# - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file build-output/linux_arm64/conduit.deb "${BASE_URL}/conduit-aarch64-unknown-linux-gnu.deb"'
|
2021-07-30 16:29:45 +03:00
|
|
|
|
2021-11-21 20:34:08 +03:00
|
|
|
# Avoid duplicate pipelines
|
|
|
|
# See: https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines
|
|
|
|
workflow:
|
|
|
|
rules:
|
|
|
|
- if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
|
|
|
|
- if: "$CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS"
|
|
|
|
when: never
|
|
|
|
- if: "$CI_COMMIT_BRANCH"
|
2022-02-15 13:17:46 +03:00
|
|
|
- if: "$CI_COMMIT_TAG"
|