image: git.pleroma.social:5050/pleroma/pleroma/ci-base variables: &global_variables # Only used for the release ELIXIR_VER: 1.12.3 POSTGRES_DB: pleroma_test POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres DB_HOST: postgres DB_PORT: "5432" MIX_ENV: test workflow: rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS when: never - if: $CI_COMMIT_BRANCH cache: &global_cache_policy key: files: - mix.lock paths: - deps - _build stages: - build - lint - test - check-changelog - benchmark - deploy - release - docker - docker-combine before_script: - echo $MIX_ENV - rm -rf _build/*/lib/pleroma - mix deps.get after_script: - rm -rf _build/*/lib/pleroma check-changelog: stage: check-changelog image: alpine rules: - if: $CI_MERGE_REQUEST_SOURCE_PROJECT_PATH == 'pleroma/pleroma' && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == 'weblate-extract' when: never - if: $CI_MERGE_REQUEST_SOURCE_PROJECT_PATH == 'pleroma/pleroma' && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME == 'weblate' when: never - if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop" before_script: '' after_script: '' cache: {} script: - apk add git - sh ./tools/check-changelog .build_changes_policy: rules: - changes: - ".gitlab-ci.yml" - "**/*.ex" - "**/*.exs" - "mix.lock" .using-ci-base: tags: - amd64 build-1.12.3: extends: - .build_changes_policy - .using-ci-base stage: build script: - mix compile --force build-1.15.7-otp-25: extends: - .build_changes_policy - .using-ci-base stage: build image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.15 allow_failure: true script: - mix compile --force spec-build: extends: - .using-ci-base stage: build rules: - changes: - ".gitlab-ci.yml" - "lib/pleroma/web/api_spec/**/*.ex" - "lib/pleroma/web/api_spec.ex" artifacts: paths: - spec.json script: - mix pleroma.openapi_spec spec.json benchmark: extends: - .using-ci-base stage: benchmark when: manual variables: MIX_ENV: benchmark services: - name: postgres:11.22-alpine alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: - mix ecto.create - mix ecto.migrate - mix pleroma.load_testing unit-testing-1.12.3: extends: - .build_changes_policy - .using-ci-base stage: test cache: &testing_cache_policy <<: *global_cache_policy policy: pull services: &testing_services - name: postgres:13-alpine alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: &testing_script - mix ecto.create - mix ecto.migrate - mix test --cover --preload-modules coverage: '/^Line total: ([^ ]*%)$/' artifacts: reports: coverage_report: coverage_format: cobertura path: coverage.xml unit-testing-1.15.7-otp-25: extends: - .build_changes_policy - .using-ci-base stage: test image: git.pleroma.social:5050/pleroma/pleroma/ci-base:elixir-1.15-otp25 allow_failure: true cache: *testing_cache_policy services: *testing_services script: *testing_script unit-testing-1.12-erratic: extends: - .build_changes_policy - .using-ci-base stage: test retry: 2 allow_failure: true cache: *testing_cache_policy services: *testing_services script: - mix ecto.create - mix ecto.migrate - mix test --only=erratic formatting-1.13: extends: .build_changes_policy image: &formatting_elixir elixir:1.13-alpine stage: lint cache: *testing_cache_policy before_script: ¤t_bfr_script - apk update - apk add build-base cmake file-dev git openssl - mix local.hex --force - mix local.rebar --force - mix deps.get script: - mix format --check-formatted cycles-1.13: extends: .build_changes_policy image: *formatting_elixir stage: lint cache: {} before_script: *current_bfr_script script: - mix compile - mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}' analysis: extends: - .build_changes_policy - .using-ci-base stage: lint cache: *testing_cache_policy script: - mix credo --strict --only=warnings,todo,fixme,consistency,readability dialyzer: extends: - .build_changes_policy - .using-ci-base stage: lint allow_failure: true when: manual cache: *testing_cache_policy tags: - feld script: - mix dialyzer docs-deploy: stage: deploy cache: *testing_cache_policy image: alpine:latest only: - stable@pleroma/pleroma - develop@pleroma/pleroma before_script: - apk add curl script: - curl --fail-with-body -X POST -F"token=$CI_JOB_TOKEN" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" https://git.pleroma.social/api/v4/projects/673/trigger/pipeline review_app: image: alpine:3.9 stage: deploy before_script: - apk update && apk add openssh-client git when: manual environment: name: review/$CI_COMMIT_REF_NAME url: https://$CI_ENVIRONMENT_SLUG.pleroma.online/ on_stop: stop_review_app only: - branches except: - master - develop script: - echo "$CI_ENVIRONMENT_SLUG" - mkdir -p ~/.ssh - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts - (ssh -t dokku@pleroma.online -- apps:create "$CI_ENVIRONMENT_SLUG") || true - (ssh -t dokku@pleroma.online -- git:set "$CI_ENVIRONMENT_SLUG" keep-git-dir true) || true - ssh -t dokku@pleroma.online -- config:set "$CI_ENVIRONMENT_SLUG" APP_NAME="$CI_ENVIRONMENT_SLUG" APP_HOST="$CI_ENVIRONMENT_SLUG.pleroma.online" MIX_ENV=dokku - (ssh -t dokku@pleroma.online -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true - (ssh -t dokku@pleroma.online -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true - (ssh -t dokku@pleroma.online -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true - git push -f dokku@pleroma.online:$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master spec-deploy: stage: deploy artifacts: paths: - spec.json only: - develop@pleroma/pleroma image: alpine:latest before_script: - apk add curl script: - curl --fail-with-body -X POST -F"token=$CI_JOB_TOKEN" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" -F"variables[JOB_REF]=$CI_JOB_ID" https://git.pleroma.social/api/v4/projects/1130/trigger/pipeline stop_review_app: image: alpine:3.9 stage: deploy before_script: - apk update && apk add openssh-client git when: manual environment: name: review/$CI_COMMIT_REF_NAME action: stop script: - echo "$CI_ENVIRONMENT_SLUG" - mkdir -p ~/.ssh - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts - ssh -t dokku@pleroma.online -- --force apps:destroy "$CI_ENVIRONMENT_SLUG" - ssh -t dokku@pleroma.online -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db amd64: stage: release image: elixir:$ELIXIR_VER only: &release-only - stable@pleroma/pleroma - develop@pleroma/pleroma - /^maint/.*$/@pleroma/pleroma - /^release/.*$/@pleroma/pleroma tags: - amd64 artifacts: &release-artifacts name: "pleroma-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA-$CI_JOB_NAME" paths: - release/* # Ideally it would be never for master branch and with the next commit for develop, # but Gitlab does not support neither `only` for artifacts # nor setting it to never from .gitlab-ci.yml # nor expiring with the next commit expire_in: 42 yrs cache: &release-cache key: $CI_COMMIT_REF_NAME-$CI_JOB_NAME paths: - deps variables: &release-variables MIX_ENV: prod VIX_COMPILATION_MODE: PLATFORM_PROVIDED_LIBVIPS before_script: &before-release - apt-get update && apt-get install -y cmake libmagic-dev libvips-dev erlang-dev - echo "import Config" > config/prod.secret.exs - mix local.hex --force - mix local.rebar --force script: &release - mix deps.get --only prod - mkdir release - export PLEROMA_BUILD_BRANCH=$CI_COMMIT_REF_NAME - mix release --path release amd64-musl: stage: release artifacts: *release-artifacts only: *release-only image: elixir:$ELIXIR_VER-alpine tags: - amd64 cache: *release-cache variables: *release-variables before_script: &before-release-musl - apk add git build-base cmake file-dev openssl vips-dev - echo "import Config" > config/prod.secret.exs - mix local.hex --force - mix local.rebar --force script: *release arm: stage: release artifacts: *release-artifacts only: *release-only tags: - arm32-specified image: arm32v7/elixir:$ELIXIR_VER cache: *release-cache variables: *release-variables before_script: *before-release script: *release arm-musl: stage: release artifacts: *release-artifacts only: *release-only tags: - arm32-specified image: arm32v7/elixir:$ELIXIR_VER-alpine cache: *release-cache variables: *release-variables before_script: *before-release-musl script: *release arm64: stage: release artifacts: *release-artifacts only: *release-only tags: - arm image: arm64v8/elixir:$ELIXIR_VER cache: *release-cache variables: *release-variables before_script: *before-release script: *release arm64-musl: stage: release artifacts: *release-artifacts only: *release-only tags: - arm image: arm64v8/elixir:$ELIXIR_VER-alpine cache: *release-cache variables: *release-variables before_script: *before-release-musl script: *release .kaniko: stage: docker image: name: gcr.io/kaniko-project/executor:debug entrypoint: [""] cache: {} dependencies: [] before_script: &before-kaniko - export CI_JOB_TIMESTAMP=$(date --utc -Iseconds) - export CI_VCS_REF=$CI_COMMIT_SHORT_SHA - export IMAGE_TAG=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:$CI_COMMIT_SHORT_SHA - export IMAGE_TAG_SLUG=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:$CI_COMMIT_REF_SLUG - export IMAGE_TAG_LATEST=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:latest - export IMAGE_TAG_LATEST_STABLE=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:latest-stable - mkdir -p /kaniko/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json .kaniko-latest: extends: .kaniko only: - develop@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG --destination $IMAGE_TAG_LATEST .kaniko-stable: extends: .kaniko only: - stable@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG --destination $IMAGE_TAG_LATEST_STABLE .kaniko-release: extends: .kaniko only: - /^release/.*$/@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG .kaniko-adhoc: extends: .kaniko only: - /^build-docker/.*$/@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --build-arg ELIXIR_IMG=$ELIXIR_IMG --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG .kaniko:linux/amd64: variables: BUILD_ARCH: linux/amd64 BUILD_ARCH_IMG_SUFFIX: linux-amd64 ELIXIR_IMG: hexpm/elixir tags: - amd64 .kaniko:linux/arm64: variables: BUILD_ARCH: linux/arm64/v8 BUILD_ARCH_IMG_SUFFIX: linux-arm64-v8 ELIXIR_IMG: hexpm/elixir tags: - arm .kaniko:linux/arm: variables: BUILD_ARCH: linux/arm/v7 BUILD_ARCH_IMG_SUFFIX: linux-arm-v7 ELIXIR_IMG: git.pleroma.social:5050/pleroma/ci-image/elixir-linux-arm-v7 tags: - arm32-specified kaniko-latest:linux/amd64: extends: - .kaniko-latest - .kaniko:linux/amd64 kaniko-latest:linux/arm64: extends: - .kaniko-latest - .kaniko:linux/arm64 kaniko-latest:linux/arm: extends: - .kaniko-latest - .kaniko:linux/arm kaniko-stable:linux/amd64: extends: - .kaniko-stable - .kaniko:linux/amd64 kaniko-stable:linux/arm64: extends: - .kaniko-stable - .kaniko:linux/arm64 kaniko-stable:linux/arm: extends: - .kaniko-stable - .kaniko:linux/arm kaniko-release:linux/amd64: extends: - .kaniko-release - .kaniko:linux/amd64 kaniko-release:linux/arm64: extends: - .kaniko-release - .kaniko:linux/arm64 kaniko-release:linux/arm: extends: - .kaniko-release - .kaniko:linux/arm .docker-combine: stage: docker-combine image: docker:cli cache: {} before_script: - 'BUILD_ARCHES="linux-amd64 linux-arm64-v8 linux-arm-v7"' - export IMAGE_TAG=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - export IMAGE_TAG_SLUG=$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG - export IMAGE_TAG_LATEST=$CI_REGISTRY_IMAGE:latest - export IMAGE_TAG_LATEST_STABLE=$CI_REGISTRY_IMAGE:latest-stable - 'IMAGES=; for arch in $BUILD_ARCHES; do IMAGES="$IMAGES $CI_REGISTRY_IMAGE/$arch:$CI_COMMIT_SHORT_SHA"; done' - 'IMAGES_SLUG=; for arch in $BUILD_ARCHES; do IMAGES_SLUG="$IMAGES_SLUG $CI_REGISTRY_IMAGE/$arch:$CI_COMMIT_REF_SLUG"; done' - 'IMAGES_LATEST=; for arch in $BUILD_ARCHES; do IMAGES_LATEST="$IMAGES_LATEST $CI_REGISTRY_IMAGE/$arch:latest"; done' - 'IMAGES_LATEST_STABLE=; for arch in $BUILD_ARCHES; do IMAGES_LATEST_STABLE="$IMAGES_LATEST_STABLE $CI_REGISTRY_IMAGE/$arch:latest"; done' - mkdir -p ~/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > ~/.docker/config.json docker-combine:latest: extends: .docker-combine only: - develop@pleroma/pleroma script: - 'docker manifest create $IMAGE_TAG $IMAGES' - 'docker manifest push $IMAGE_TAG' - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG' - 'docker manifest push $IMAGE_TAG_SLUG' - 'docker manifest create $IMAGE_TAG_LATEST $IMAGES_LATEST' - 'docker manifest push $IMAGE_TAG_LATEST' docker-combine:stable: extends: .docker-combine only: - stable@pleroma/pleroma script: - 'docker manifest create $IMAGE_TAG $IMAGES' - 'docker manifest push $IMAGE_TAG' - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG' - 'docker manifest push $IMAGE_TAG_SLUG' - 'docker manifest create $IMAGE_TAG_LATEST_STABLE $IMAGES_LATEST_STABLE' - 'docker manifest push $IMAGE_TAG_LATEST_STABLE' docker-combine:release: extends: .docker-combine only: - /^release/.*$/@pleroma/pleroma script: - 'docker manifest create $IMAGE_TAG $IMAGES' - 'docker manifest push $IMAGE_TAG' - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG' - 'docker manifest push $IMAGE_TAG_SLUG'