forked from oxolo/oxapi-python
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy path.gitlab-ci.yml
More file actions
239 lines (221 loc) · 7.39 KB
/
.gitlab-ci.yml
File metadata and controls
239 lines (221 loc) · 7.39 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
# This file is a template, and might need editing before it works on your project.
# see https://docs.gitlab.com/ee/ci/yaml/README.html for all available options
# the default image will be used only if you have not define `image` in the stage
# this image has docker commands installed. Since we use socket binding in Gitlab runner, we do not need docker-dind
image: docker:20.10.5
# the before_script will be run if you have not defined any before_script in the stage
before_script:
- echo "Before script section"
variables:
PYTHON_VERS: "3.8.8"
DOCKER_TLS_CERTDIR: "/certs"
stages:
- build
- linting
- test
- push
- documentation
- upload
build-development-image:
stage: build
before_script:
- docker info # this line will be run to be sure that you have access to docker daemon within a container
- echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
script:
# fetches the latest image (not failing if image is not found)
- docker pull $CI_REGISTRY_IMAGE:latest || true
- >
docker build
--pull
--cache-from $CI_REGISTRY_IMAGE:latest
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA .
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
tags:
- DOCKER
black:
stage: linting
image: python:$PYTHON_VERS-alpine
before_script:
- /sbin/apk add --no-cache --virtual .deps gcc musl-dev
- pip install black==22.3.0
script: black --check .
isort:
stage: linting
image: registry.gitlab.com/mafda/python-linting
script:
- isort . --check-only
pylint:
# Runs a pylint for code quality
stage: linting
image: python:$PYTHON_VERS-alpine
before_script:
- /sbin/apk add --no-cache --virtual .deps gcc musl-dev
- pip install pylint pylint-exit anybadge
script:
- mkdir ./pylint
- pylint --output-format=text oxapi | tee ./pylint/pylint.log || pylint-exit $?
- PYLINT_SCORE=$(sed -n 's/^Your code has been rated at \([-0-9.]*\)\/.*/\1/p' ./pylint/pylint.log)
- anybadge --label=Pylint --file=pylint/pylint.svg --value=$PYLINT_SCORE 2=red 4=orange 8=yellow 10=green
- echo "Pylint score is $PYLINT_SCORE"
artifacts:
paths:
- ./pylint/
docformatter:
stage: linting
image: python:$PYTHON_VERS-alpine
before_script:
- /sbin/apk add --no-cache --virtual .deps gcc musl-dev
- pip install docformatter==1.4
script:
- docformatter --check -r .
pytest:
stage: test
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
before_script:
- pip install anybadge
script:
- pytest -v --cov-fail-under=95 --cov=oxapi --cov-report=term --cov-report html:tests/coverage --junit-xml=tests/report.xml tests | tee tests/coverage.txt
- COVERAGE=$(grep -P "TOTAL.*\s+(\d+\%)" tests/coverage.txt | sed 's/.* //' | sed 's/%//')
- anybadge --label=coverage --file=tests/coverage.svg --value=$COVERAGE 20=red 40=orange 70=yellow 90=green
artifacts:
when: always
paths:
- ./tests/
reports:
junit: tests/report.xml
coverage: '/^TOTAL.+?(\d+\%)$/'
tags:
- CPU
sonarqube-check:
image:
name: sonarsource/sonar-scanner-cli:latest
entrypoint: [""]
variables:
SONAR_USER_HOME: "${CI_PROJECT_DIR}/.sonar" # Defines the location of the analysis task cache
GIT_DEPTH: "0" # Tells git to fetch all the branches of the project, required by the analysis task
SONAR_HOST_URL: "${SONAR_HOST_URL}"
SONAR_TOKEN: "${SONAR_TOKEN}"
cache:
key: "${CI_JOB_NAME}"
paths:
- .sonar/cache
script:
- sonar-scanner -Dsonar.qualitygate.wait=true -Dsonar.projectKey="${CI_PROJECT_NAME}"
allow_failure: true
docker-hadolint:
stage: linting
image: hadolint/hadolint:latest-debian
script:
- mkdir -p reports
- hadolint --ignore DL3008 --ignore DL3013 -f gitlab_codeclimate Dockerfile > reports/hadolint-$(md5sum Dockerfile | cut -d" " -f1).json
artifacts:
name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
expire_in: 1 day
when: always
reports:
codequality:
- "reports/*"
paths:
- "reports/*"
# Here, the goal is to tag the "main" branch as "latest"
Push latest:
variables:
# We are just playing with Docker here.
# We do not need GitLab to clone the source code.
GIT_STRATEGY: none
stage: push
only:
# Only "main" should be tagged "latest"
- main
before_script:
- docker info # this line will be run to be sure that you have access to docker daemon within a container
- echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
script:
# Because we have no guarantee that this job will be picked up by the same runner
# that built the image in the previous step, we pull it again locally
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
# Then we tag it "latest"
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA $CI_REGISTRY_IMAGE:latest
# And we push it.
- docker push $CI_REGISTRY_IMAGE:latest
tags:
- DOCKER
build-package:
only:
- tags
stage: push
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
variables:
TWINE_USERNAME: "${TWINE_USERNAME}"
TWINE_PASSWORD: "${TWINE_PASSWORD}"
before_script:
- apt-get update
- apt-get install python3.8-venv
script:
- pip install build twine
- python -m build
- twine upload -u $TWINE_USERNAME -p $TWINE_PASSWORD dist/*
# Finally, the goal here is to Docker tag any Git tag
# GitLab will start a new pipeline everytime a Git tag is created, which is pretty awesome
Push tag:
variables:
# we do not need the source code here. Just playing with Docker.
GIT_STRATEGY: none
stage: push
only:
# We want this job to be run on tags only.
- tags
before_script:
- docker info # this line will be run to be sure that you have access to docker daemon within a container
- echo -n $CI_JOB_TOKEN | docker login -u gitlab-ci-token --password-stdin $CI_REGISTRY
script:
- docker pull $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
- docker tag $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
- docker push $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG
tags:
- DOCKER
pages:
stage: documentation
image: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
only:
- main
script:
- cd docs_src
- sphinx-apidoc -o apidoc/ -H "API" -f ../oxapi [ ../oxapi/abstract/* ../oxapi/utils.py ../oxapi/error.py ]
- make html
- cp -r _build/html/ ../public/
artifacts:
paths:
- public
upload-to-s3:
stage: documentation
only:
- main
needs:
- pages
image:
name: banst/awscli
entrypoint: [""]
script:
- aws configure set region us-east-1
- aws s3 sync public/ s3://github-oxapi-python-doc/
upload_badge_artifacts:
stage: upload
only:
- main
needs:
- pytest
- pylint
variables:
AWS_ACCESS_KEY_ID: ${AWS_ACCESS_KEY_ID}
AWS_SECRET_ACCESS_KEY: ${AWS_SECRET_ACCESS_KEY}
AWS_DEFAULT_REGION: 'eu-central-1'
GIT_STRATEGY: none
image: registry.gitlab.com/gitlab-org/cloud-deploy/aws-base:latest
script:
- export AWS_ACCESS_KEY_ID=${AWS_ACCESS_KEY_ID}
- export AWS_SECRET_ACCESS_KEY=${AWS_SECRET_ACCESS_KEY}
- aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
- aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
- aws s3 cp ./pylint/pylint.svg s3://github-public-storage/oxapi-python-pylint.svg
- aws s3 cp ./tests/coverage.svg s3://github-public-storage/oxapi-python-coverage.svg