-
Notifications
You must be signed in to change notification settings - Fork 2
/
ploigosWorkflowTypical.yml
279 lines (250 loc) · 7.05 KB
/
ploigosWorkflowTypical.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
###########################################
## Ploigos GitLab CI Workflow - Standard ##
###########################################
# Do not build tags, or the tag source step will rerun the pipeline
workflow:
rules:
- if: $CI_COMMIT_TAG
when: never
- when: always
# Checkout on branch/tag (instead of commit hash) to prevent detached head
default:
before_script:
- 'git checkout $CI_COMMIT_REF_NAME'
include:
## TODO: Using variables in the 'include' is locked behind a (default off) feature flag -- see final comment of:
## https://gitlab.com/gitlab-org/gitlab/-/issues/24811
# - remote: '$remote_url/-/raw/$gitlabLibraryVersion/var/ploigos_variables.yml'
# Ploigos + GitLab Runner variable setup
- remote: 'https://gitlab.apps.tssc.rht-set.com/ploigos/ploigos-gitlab-library/-/raw/main/var/ploigos_variables.yml'
- remote: 'https://gitlab.apps.tssc.rht-set.com/ploigos/ploigos-gitlab-library/-/raw/main/var/ploigos_gitlab_variables.yml'
# Templates
- remote: 'https://gitlab.apps.tssc.rht-set.com/ploigos/ploigos-gitlab-library/-/raw/main/templates/ploigos_step_runner.yml'
- remote: 'https://gitlab.apps.tssc.rht-set.com/ploigos/ploigos-gitlab-library/-/raw/main/templates/setup_workflow_step_runner.yml'
- remote: 'https://gitlab.apps.tssc.rht-set.com/ploigos/ploigos-gitlab-library/-/raw/main/templates/setup_pgp_keys.yml'
# These stages come from the includes above
stages:
# setup
- setup:setup_workflow_step_runner
- setup:setup_pgp_keys
# ci
- ci:generate_metadata
- ci:tag_source
- ci:run_unit_tests
- ci:package_application
- ci:static_code_analysis
- ci:push_application
- ci:create_container_image
- ci:static_image_scan
- ci:push_container
# dev
- dev:deploy
- dev:run_user_acceptance_tests
# test
- test:deploy
- test:run_user_acceptance_tests
# prod
- prod:deploy
# report
- report
###########
## SETUP ##
###########
## TODO: Relying on first step to know if the pipeline should kick off or not, because the rules
## syntax has multiple issues, e.g.: can't merge rules between job & its 'extends'; rules not
## defaulting back to "when: on_success" if all other rule matches fail. See NOTE at top of
## file. These rules lives in the job being extended here.
##
## Cases where pipeline should not be run:
## 1. When a tag is pushed. If tag pushes are run, then the tag_source step in PSR will cause the
## pipeline to be run twice for the same commit.
## 2. When a merge request is opened. A merge request can only be opened for a commit that has
## been pushed -- which means that the pipeline will have already run for that commit.
setup_workflow_step_runner:
extends:
- .setup_workflow_step_runner
stage: setup:setup_workflow_step_runner
image: '$workflowWorkerImageDefault'
setup_pgp_keys:
extends:
- .setup_pgp_keys
stage: setup:setup_pgp_keys
dependencies:
- setup_workflow_step_runner
image: '$workflowWorkerImageDefault'
########
## CI ##
########
generate_metadata:
extends:
- .ploigos_step_runner
stage: ci:generate_metadata
dependencies:
- setup_pgp_keys
- setup_workflow_step_runner
image: '$workflowWorkerImageDefault'
variables:
stepName: 'generate-metadata'
tag_source:
extends:
- .ploigos_step_runner
stage: ci:tag_source
dependencies:
- generate_metadata
image: '$workflowWorkerImageDefault'
variables:
stepName: 'tag-source'
run_unit_tests:
extends:
- .ploigos_step_runner
stage: ci:run_unit_tests
dependencies:
- tag_source
image: '$workflowWorkerImageUnitTest'
variables:
stepName: 'unit-test'
package_application:
extends:
- .ploigos_step_runner
stage: ci:package_application
dependencies:
- run_unit_tests
image: '$workflowWorkerImagePackage'
variables:
stepName: 'package'
static_code_analysis:
extends:
- .ploigos_step_runner
stage: ci:static_code_analysis
dependencies:
- package_application
image: '$workflowWorkerImageStaticCodeAnalysis'
variables:
stepName: 'static-code-analysis'
push_application:
extends:
- .ploigos_step_runner
stage: ci:push_application
dependencies:
- static_code_analysis
image: '$workflowWorkerImagePushArtifacts'
variables:
stepName: 'push-artifacts'
create_container_image:
extends:
- .ploigos_step_runner
stage: ci:create_container_image
dependencies:
- push_application
image: '$workflowWorkerImageContainerOperations'
variables:
stepName: 'create-container-image'
static_image_scan:vulnerability:
extends:
- .ploigos_step_runner
stage: ci:static_image_scan
dependencies:
- create_container_image
image: '$workflowWorkerImageContainerImageStaticVulnerabilityScan'
variables:
stepName: 'container-image-static-vulnerability-scan'
push_container:
extends:
- .ploigos_step_runner
stage: ci:push_container
dependencies:
- static_image_scan:vulnerability
image: '$workflowWorkerImageContainerOperations'
variables:
stepName: 'push-container-image'
#########
## DEV ##
#########
deploy_to_dev:
extends:
- .ploigos_step_runner
rules:
- if: $CI_COMMIT_REF_NAME =~ /^feature\/.+$|^PR-.+$/
# - if: $CI_COMMIT_REF_NAME =~ /$devGitRefPatterns/
when: on_success
stage: dev:deploy
dependencies:
- push_container
image: '$workflowWorkerImageDeploy'
variables:
stepName: 'deploy'
environment: $envNameDev
run_user_acceptance_tests_dev:
extends:
- .ploigos_step_runner
rules:
- if: $CI_COMMIT_REF_NAME =~ /^feature\/.+$|^PR-.+$/
# - if: $CI_COMMIT_REF_NAME =~ /$devGitRefPatterns/
when: on_success
stage: dev:run_user_acceptance_tests
dependencies:
- deploy_to_dev
image: '$workflowWorkerImageUAT'
variables:
stepName: 'uat'
environment: $envNameDev
##########
## TEST ##
##########
deploy_to_test:
extends:
- .ploigos_step_runner
rules:
- if: $CI_COMMIT_REF_NAME =~ /^main$/
# - if: $CI_COMMIT_REF_NAME =~ /$releaseGitRefPatterns/
when: on_success
stage: test:deploy
dependencies:
- push_container
image: '$workflowWorkerImageDeploy'
variables:
stepName: 'deploy'
environment: $envNameTest
run_user_acceptance_tests_test:
extends:
- .ploigos_step_runner
rules:
- if: $CI_COMMIT_REF_NAME =~ /^main$/
# - if: $CI_COMMIT_REF_NAME =~ /$releaseGitRefPatterns/
when: on_success
stage: test:run_user_acceptance_tests
dependencies:
- deploy_to_test
image: '$workflowWorkerImageUAT'
variables:
stepName: 'uat'
environment: $envNameTest
##########
## PROD ##
##########
deploy_to_prod:
extends:
- .ploigos_step_runner
stage: prod:deploy
rules:
- if: $CI_COMMIT_REF_NAME =~ /^main$/
# - if: $CI_COMMIT_REF_NAME =~ /$releaseGitRefPatterns/
when: on_success
dependencies:
- push_container
image: '$workflowWorkerImageDeploy'
variables:
stepName: 'deploy'
environment: $envNameProd
############
## REPORT ##
############
report:
extends:
- .ploigos_step_runner
stage: report
rules:
- when: always
image: '$workflowWorkerImageDefault'
variables:
stepName: 'report'