diff options
Diffstat (limited to '.gitlab-ci.yml')
| -rw-r--r-- | .gitlab-ci.yml | 475 |
1 files changed, 475 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml new file mode 100644 index 0000000..91e568a --- /dev/null +++ b/.gitlab-ci.yml @@ -0,0 +1,475 @@ +image: git.pleroma.social:5050/pleroma/pleroma/ci-base + +variables: &global_variables + POSTGRES_DB: pleroma_test + POSTGRES_USER: postgres + POSTGRES_PASSWORD: postgres + DB_HOST: postgres + DB_PORT: 5432 + MIX_ENV: test + +cache: &global_cache_policy + key: + files: + - mix.lock + paths: + - deps + - _build + +stages: + - build + - test + - benchmark + - deploy + - release + - docker + +before_script: + - echo $MIX_ENV + - rm -rf _build/*/lib/pleroma + - mix deps.get + +after_script: + - rm -rf _build/*/lib/pleroma + +.using-ci-base: + tags: + - amd64 + +build: + extends: + - .using-ci-base + stage: build + only: + changes: &build_changes_policy + - ".gitlab-ci.yml" + - "**/*.ex" + - "**/*.exs" + - "mix.lock" + script: + - mix compile --force + +spec-build: + extends: + - .using-ci-base + stage: test + only: + changes: + - ".gitlab-ci.yml" + - "lib/pleroma/web/api_spec/**/*.ex" + - "lib/pleroma/web/api_spec.ex" + artifacts: + paths: + - spec.json + script: + - mix pleroma.openapi_spec spec.json + +benchmark: + extends: + - .using-ci-base + stage: benchmark + when: manual + variables: + MIX_ENV: benchmark + services: + - name: postgres:9.6-alpine + alias: postgres + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + script: + - mix ecto.create + - mix ecto.migrate + - mix pleroma.load_testing + +unit-testing: + extends: + - .using-ci-base + stage: test + only: + changes: *build_changes_policy + cache: &testing_cache_policy + <<: *global_cache_policy + policy: pull + + services: + - name: postgres:13-alpine + alias: postgres + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + script: + - mix ecto.create + - mix ecto.migrate + - mix test --cover --preload-modules + coverage: '/^Line total: ([^ ]*%)$/' + artifacts: + reports: + coverage_report: + coverage_format: cobertura + path: coverage.xml + +unit-testing-erratic: + extends: + - .using-ci-base + stage: test + retry: 2 + allow_failure: true + only: + changes: *build_changes_policy + cache: &testing_cache_policy + <<: *global_cache_policy + policy: pull + + services: + - name: postgres:13-alpine + alias: postgres + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + script: + - mix ecto.create + - mix ecto.migrate + - mix test --only=erratic + +# Removed to fix CI issue. In this early state it wasn't adding much value anyway. +# TODO Fix and reinstate federated testing +# federated-testing: +# stage: test +# cache: *testing_cache_policy +# services: +# - name: minibikini/postgres-with-rum:12 +# alias: postgres +# command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] +# script: +# - mix deps.get +# - mix ecto.create +# - mix ecto.migrate +# - epmd -daemon +# - mix test --trace --only federated + +unit-testing-rum: + extends: + - .using-ci-base + stage: test + only: + changes: *build_changes_policy + cache: *testing_cache_policy + services: + - name: minibikini/postgres-with-rum:12 + alias: postgres + command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] + variables: + <<: *global_variables + RUM_ENABLED: "true" + script: + - mix ecto.create + - mix ecto.migrate + - "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/" + - mix test --preload-modules + +lint: + image: ¤t_elixir elixir:1.12-alpine + stage: test + only: + changes: *build_changes_policy + cache: *testing_cache_policy + before_script: ¤t_bfr_script + - apk update + - apk add build-base cmake file-dev git openssl + - mix local.hex --force + - mix local.rebar --force + - mix deps.get + script: + - mix format --check-formatted + +analysis: + extends: + - .using-ci-base + stage: test + only: + changes: *build_changes_policy + cache: *testing_cache_policy + script: + - mix credo --strict --only=warnings,todo,fixme,consistency,readability + +cycles: + image: *current_elixir + stage: test + only: + changes: *build_changes_policy + cache: {} + before_script: *current_bfr_script + script: + - mix compile + - mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}' + +docs-deploy: + stage: deploy + cache: *testing_cache_policy + image: alpine:latest + only: + - stable@pleroma/pleroma + - develop@pleroma/pleroma + before_script: + - apk add curl + script: + - curl -X POST -F"token=$DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" https://git.pleroma.social/api/v4/projects/673/trigger/pipeline +review_app: + image: alpine:3.9 + stage: deploy + before_script: + - apk update && apk add openssh-client git + when: manual + environment: + name: review/$CI_COMMIT_REF_NAME + url: https://$CI_ENVIRONMENT_SLUG.pleroma.online/ + on_stop: stop_review_app + only: + - branches + except: + - master + - develop + script: + - echo "$CI_ENVIRONMENT_SLUG" + - mkdir -p ~/.ssh + - eval $(ssh-agent -s) + - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - + - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts + - (ssh -t dokku@pleroma.online -- apps:create "$CI_ENVIRONMENT_SLUG") || true + - (ssh -t dokku@pleroma.online -- git:set "$CI_ENVIRONMENT_SLUG" keep-git-dir true) || true + - ssh -t dokku@pleroma.online -- config:set "$CI_ENVIRONMENT_SLUG" APP_NAME="$CI_ENVIRONMENT_SLUG" APP_HOST="$CI_ENVIRONMENT_SLUG.pleroma.online" MIX_ENV=dokku + - (ssh -t dokku@pleroma.online -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true + - (ssh -t dokku@pleroma.online -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true + - (ssh -t dokku@pleroma.online -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true + - git push -f dokku@pleroma.online:$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master + +spec-deploy: + stage: deploy + artifacts: + paths: + - spec.json + only: + - develop@pleroma/pleroma + image: alpine:latest + before_script: + - apk add curl + script: + - curl -X POST -F"token=$API_DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" -F"variables[JOB_REF]=$CI_JOB_ID" https://git.pleroma.social/api/v4/projects/1130/trigger/pipeline + + +stop_review_app: + image: alpine:3.9 + stage: deploy + before_script: + - apk update && apk add openssh-client git + when: manual + environment: + name: review/$CI_COMMIT_REF_NAME + action: stop + script: + - echo "$CI_ENVIRONMENT_SLUG" + - mkdir -p ~/.ssh + - eval $(ssh-agent -s) + - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - + - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts + - ssh -t dokku@pleroma.online -- --force apps:destroy "$CI_ENVIRONMENT_SLUG" + - ssh -t dokku@pleroma.online -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db + +amd64: + stage: release + image: elixir:1.11.4 + only: &release-only + - stable@pleroma/pleroma + - develop@pleroma/pleroma + - /^maint/.*$/@pleroma/pleroma + - /^release/.*$/@pleroma/pleroma + tags: + - amd64 + artifacts: &release-artifacts + name: "pleroma-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA-$CI_JOB_NAME" + paths: + - release/* + # Ideally it would be never for master branch and with the next commit for develop, + # but Gitlab does not support neither `only` for artifacts + # nor setting it to never from .gitlab-ci.yml + # nor expiring with the next commit + expire_in: 42 yrs + + cache: &release-cache + key: $CI_COMMIT_REF_NAME-$CI_JOB_NAME + paths: + - deps + variables: &release-variables + MIX_ENV: prod + before_script: &before-release + - apt-get update && apt-get install -y cmake libmagic-dev + - echo "import Config" > config/prod.secret.exs + - mix local.hex --force + - mix local.rebar --force + script: &release + - mix deps.get --only prod + - mkdir release + - export PLEROMA_BUILD_BRANCH=$CI_COMMIT_REF_NAME + - mix release --path release + + +amd64-musl: + stage: release + artifacts: *release-artifacts + only: *release-only + image: elixir:1.11.4-alpine + tags: + - amd64 + cache: *release-cache + variables: *release-variables + before_script: &before-release-musl + - apk add git build-base cmake file-dev openssl + - echo "import Config" > config/prod.secret.exs + - mix local.hex --force + - mix local.rebar --force + script: *release + +arm: + stage: release + artifacts: *release-artifacts + only: *release-only + tags: + - arm32-specified + image: arm32v7/elixir:1.11.4 + cache: *release-cache + variables: *release-variables + before_script: *before-release + script: *release + +arm-musl: + stage: release + artifacts: *release-artifacts + only: *release-only + tags: + - arm32-specified + image: arm32v7/elixir:1.11.4-alpine + cache: *release-cache + variables: *release-variables + before_script: *before-release-musl + script: *release + +arm64: + stage: release + artifacts: *release-artifacts + only: *release-only + tags: + - arm + image: arm64v8/elixir:1.11.4 + cache: *release-cache + variables: *release-variables + before_script: *before-release + script: *release + +arm64-musl: + stage: release + artifacts: *release-artifacts + only: *release-only + tags: + - arm + image: arm64v8/elixir:1.11.4-alpine + cache: *release-cache + variables: *release-variables + before_script: *before-release-musl + script: *release + +docker: + stage: docker + image: docker:latest + cache: {} + dependencies: [] + variables: &docker-variables + DOCKER_DRIVER: overlay2 + DOCKER_HOST: unix:///var/run/docker.sock + IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA + IMAGE_TAG_SLUG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG + IMAGE_TAG_LATEST: $CI_REGISTRY_IMAGE:latest + IMAGE_TAG_LATEST_STABLE: $CI_REGISTRY_IMAGE:latest-stable + DOCKER_BUILDX_URL: https://github.com/docker/buildx/releases/download/v0.6.3/buildx-v0.6.3.linux-amd64 + DOCKER_BUILDX_HASH: 980e6b9655f971991fbbb5fd6cd19f1672386195 + before_script: &before-docker + - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY + - docker pull $IMAGE_TAG_SLUG || true + - export CI_JOB_TIMESTAMP=$(date --utc -Iseconds) + - export CI_VCS_REF=$CI_COMMIT_SHORT_SHA + allow_failure: true + script: + - mkdir -p /root/.docker/cli-plugins + - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx + - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c + - chmod +x ~/.docker/cli-plugins/docker-buildx + - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - docker buildx create --name mbuilder --driver docker-container --use + - docker buildx inspect --bootstrap + - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG -t $IMAGE_TAG_LATEST . + tags: + - dind + only: + - develop@pleroma/pleroma + +docker-stable: + stage: docker + image: docker:latest + cache: {} + dependencies: [] + variables: *docker-variables + before_script: *before-docker + allow_failure: true + script: + - mkdir -p /root/.docker/cli-plugins + - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx + - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c + - chmod +x ~/.docker/cli-plugins/docker-buildx + - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - docker buildx create --name mbuilder --driver docker-container --use + - docker buildx inspect --bootstrap + - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG -t $IMAGE_TAG_LATEST_STABLE . + tags: + - dind + only: + - stable@pleroma/pleroma + +docker-release: + stage: docker + image: docker:latest + cache: {} + dependencies: [] + variables: *docker-variables + before_script: *before-docker + allow_failure: true + script: + script: + - mkdir -p /root/.docker/cli-plugins + - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx + - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c + - chmod +x ~/.docker/cli-plugins/docker-buildx + - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - docker buildx create --name mbuilder --driver docker-container --use + - docker buildx inspect --bootstrap + - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG . + tags: + - dind + only: + - /^release/.*$/@pleroma/pleroma + +docker-adhoc: + stage: docker + image: docker:latest + cache: {} + dependencies: [] + variables: *docker-variables + before_script: *before-docker + allow_failure: true + script: + script: + - mkdir -p /root/.docker/cli-plugins + - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx + - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c + - chmod +x ~/.docker/cli-plugins/docker-buildx + - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes + - docker buildx create --name mbuilder --driver docker-container --use + - docker buildx inspect --bootstrap + - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG . + tags: + - dind + only: + - /^build-docker/.*$/@pleroma/pleroma |