projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
CHANGELOG: SimplePolicy embedded objects are now checked
[akkoma] / .gitlab-ci.yml
1 image: elixir:1.9.4
2
3 variables: &global_variables
4 POSTGRES_DB: pleroma_test
5 POSTGRES_USER: postgres
6 POSTGRES_PASSWORD: postgres
7 DB_HOST: postgres
8 MIX_ENV: test
9
10 cache: &global_cache_policy
11 key:
12 files:
13 - mix.lock
14 paths:
15 - deps
16 - _build
17
18 stages:
19 - build
20 - test
21 - benchmark
22 - deploy
23 - release
24 - docker
25
26 before_script:
27 - rm -rf _build/*/lib/pleroma
28 - apt-get update && apt-get install -y cmake
29 - mix local.hex --force
30 - mix local.rebar --force
31 - mix deps.get
32 - apt-get -qq update
33 - apt-get install -y libmagic-dev
34
35 after_script:
36 - rm -rf _build/*/lib/pleroma
37
38 build:
39 stage: build
40 script:
41 - mix compile --force
42
43 spec-build:
44 stage: test
45 artifacts:
46 paths:
47 - spec.json
48 script:
49 - mix pleroma.openapi_spec spec.json
50
51 benchmark:
52 stage: benchmark
53 when: manual
54 variables:
55 MIX_ENV: benchmark
56 services:
57 - name: postgres:9.6
58 alias: postgres
59 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
60 script:
61 - mix ecto.create
62 - mix ecto.migrate
63 - mix pleroma.load_testing
64
65 unit-testing:
66 stage: test
67 retry: 2
68 cache: &testing_cache_policy
69 <<: *global_cache_policy
70 policy: pull
71
72 services:
73 - name: postgres:13
74 alias: postgres
75 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
76 script:
77 - apt-get update && apt-get install -y libimage-exiftool-perl ffmpeg
78 - mix ecto.create
79 - mix ecto.migrate
80 - mix coveralls --preload-modules
81
82 # Removed to fix CI issue. In this early state it wasn't adding much value anyway.
83 # TODO Fix and reinstate federated testing
84 # federated-testing:
85 # stage: test
86 # cache: *testing_cache_policy
87 # services:
88 # - name: minibikini/postgres-with-rum:12
89 # alias: postgres
90 # command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
91 # script:
92 # - mix deps.get
93 # - mix ecto.create
94 # - mix ecto.migrate
95 # - epmd -daemon
96 # - mix test --trace --only federated
97
98 unit-testing-rum:
99 stage: test
100 retry: 2
101 cache: *testing_cache_policy
102 services:
103 - name: minibikini/postgres-with-rum:12
104 alias: postgres
105 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
106 variables:
107 <<: *global_variables
108 RUM_ENABLED: "true"
109 script:
110 - apt-get update && apt-get install -y libimage-exiftool-perl ffmpeg
111 - mix ecto.create
112 - mix ecto.migrate
113 - "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
114 - mix test --preload-modules
115
116 lint:
117 stage: test
118 cache: *testing_cache_policy
119 script:
120 - mix format --check-formatted
121
122 analysis:
123 stage: test
124 cache: *testing_cache_policy
125 script:
126 - mix credo --strict --only=warnings,todo,fixme,consistency,readability
127
128 docs-deploy:
129 stage: deploy
130 cache: *testing_cache_policy
131 image: alpine:latest
132 only:
133 - stable@pleroma/pleroma
134 - develop@pleroma/pleroma
135 before_script:
136 - apk add curl
137 script:
138 - curl -X POST -F"token=$DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" https://git.pleroma.social/api/v4/projects/673/trigger/pipeline
139 review_app:
140 image: alpine:3.9
141 stage: deploy
142 before_script:
143 - apk update && apk add openssh-client git
144 when: manual
145 environment:
146 name: review/$CI_COMMIT_REF_NAME
147 url: https://$CI_ENVIRONMENT_SLUG.pleroma.online/
148 on_stop: stop_review_app
149 only:
150 - branches
151 except:
152 - master
153 - develop
154 script:
155 - echo "$CI_ENVIRONMENT_SLUG"
156 - mkdir -p ~/.ssh
157 - eval $(ssh-agent -s)
158 - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
159 - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts
160 - (ssh -t dokku@pleroma.online -- apps:create "$CI_ENVIRONMENT_SLUG") || true
161 - (ssh -t dokku@pleroma.online -- git:set "$CI_ENVIRONMENT_SLUG" keep-git-dir true) || true
162 - ssh -t dokku@pleroma.online -- config:set "$CI_ENVIRONMENT_SLUG" APP_NAME="$CI_ENVIRONMENT_SLUG" APP_HOST="$CI_ENVIRONMENT_SLUG.pleroma.online" MIX_ENV=dokku
163 - (ssh -t dokku@pleroma.online -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true
164 - (ssh -t dokku@pleroma.online -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true
165 - (ssh -t dokku@pleroma.online -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true
166 - git push -f dokku@pleroma.online:$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master
167
168 spec-deploy:
169 stage: deploy
170 artifacts:
171 paths:
172 - spec.json
173 only:
174 - develop@pleroma/pleroma
175 image: alpine:latest
176 before_script:
177 - apk add curl
178 script:
179 - curl -X POST -F"token=$API_DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" -F"variables[JOB_REF]=$CI_JOB_ID" https://git.pleroma.social/api/v4/projects/1130/trigger/pipeline
180
181
182 stop_review_app:
183 image: alpine:3.9
184 stage: deploy
185 before_script:
186 - apk update && apk add openssh-client git
187 when: manual
188 environment:
189 name: review/$CI_COMMIT_REF_NAME
190 action: stop
191 script:
192 - echo "$CI_ENVIRONMENT_SLUG"
193 - mkdir -p ~/.ssh
194 - eval $(ssh-agent -s)
195 - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
196 - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts
197 - ssh -t dokku@pleroma.online -- --force apps:destroy "$CI_ENVIRONMENT_SLUG"
198 - ssh -t dokku@pleroma.online -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db
199
200 amd64:
201 stage: release
202 image: elixir:1.10.3
203 only: &release-only
204 - stable@pleroma/pleroma
205 - develop@pleroma/pleroma
206 - /^maint/.*$/@pleroma/pleroma
207 - /^release/.*$/@pleroma/pleroma
208 artifacts: &release-artifacts
209 name: "pleroma-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA-$CI_JOB_NAME"
210 paths:
211 - release/*
212 # Ideally it would be never for master branch and with the next commit for develop,
213 # but Gitlab does not support neither `only` for artifacts
214 # nor setting it to never from .gitlab-ci.yml
215 # nor expiring with the next commit
216 expire_in: 42 yrs
217
218 cache: &release-cache
219 key: $CI_COMMIT_REF_NAME-$CI_JOB_NAME
220 paths:
221 - deps
222 variables: &release-variables
223 MIX_ENV: prod
224 before_script: &before-release
225 - apt-get update && apt-get install -y cmake libmagic-dev
226 - echo "import Mix.Config" > config/prod.secret.exs
227 - mix local.hex --force
228 - mix local.rebar --force
229 script: &release
230 - mix deps.get --only prod
231 - mkdir release
232 - export PLEROMA_BUILD_BRANCH=$CI_COMMIT_REF_NAME
233 - mix release --path release
234
235
236 amd64-musl:
237 stage: release
238 artifacts: *release-artifacts
239 only: *release-only
240 image: elixir:1.10.3-alpine
241 cache: *release-cache
242 variables: *release-variables
243 before_script: &before-release-musl
244 - apk add git gcc g++ musl-dev make cmake file-dev
245 - echo "import Mix.Config" > config/prod.secret.exs
246 - mix local.hex --force
247 - mix local.rebar --force
248 script: *release
249
250 arm:
251 stage: release
252 artifacts: *release-artifacts
253 only: *release-only
254 tags:
255 - arm32-specified
256 image: arm32v7/elixir:1.10.3
257 cache: *release-cache
258 variables: *release-variables
259 before_script: *before-release
260 script: *release
261
262 arm-musl:
263 stage: release
264 artifacts: *release-artifacts
265 only: *release-only
266 tags:
267 - arm32-specified
268 image: arm32v7/elixir:1.10.3-alpine
269 cache: *release-cache
270 variables: *release-variables
271 before_script: *before-release-musl
272 script: *release
273
274 arm64:
275 stage: release
276 artifacts: *release-artifacts
277 only: *release-only
278 tags:
279 - arm
280 image: arm64v8/elixir:1.10.3
281 cache: *release-cache
282 variables: *release-variables
283 before_script: *before-release
284 script: *release
285
286 arm64-musl:
287 stage: release
288 artifacts: *release-artifacts
289 only: *release-only
290 tags:
291 - arm
292 image: arm64v8/elixir:1.10.3-alpine
293 cache: *release-cache
294 variables: *release-variables
295 before_script: *before-release-musl
296 script: *release
297
298 docker:
299 stage: docker
300 image: docker:latest
301 cache: {}
302 dependencies: []
303 variables: &docker-variables
304 DOCKER_DRIVER: overlay2
305 DOCKER_HOST: unix:///var/run/docker.sock
306 IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
307 IMAGE_TAG_SLUG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
308 IMAGE_TAG_LATEST: $CI_REGISTRY_IMAGE:latest
309 IMAGE_TAG_LATEST_STABLE: $CI_REGISTRY_IMAGE:latest-stable
310 DOCKER_BUILDX_URL: https://github.com/docker/buildx/releases/download/v0.4.1/buildx-v0.4.1.linux-amd64
311 DOCKER_BUILDX_HASH: 71a7d01439aa8c165a25b59c44d3f016fddbd98b
312 before_script: &before-docker
313 - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
314 - docker pull $IMAGE_TAG_SLUG || true
315 - export CI_JOB_TIMESTAMP=$(date --utc -Iseconds)
316 - export CI_VCS_REF=$CI_COMMIT_SHORT_SHA
317 allow_failure: true
318 script:
319 - mkdir -p /root/.docker/cli-plugins
320 - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx
321 - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c
322 - chmod +x ~/.docker/cli-plugins/docker-buildx
323 - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
324 - docker buildx create --name mbuilder --driver docker-container --use
325 - docker buildx inspect --bootstrap
326 - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG -t $IMAGE_TAG_LATEST .
327 tags:
328 - dind
329 only:
330 - develop@pleroma/pleroma
331
332 docker-stable:
333 stage: docker
334 image: docker:latest
335 cache: {}
336 dependencies: []
337 variables: *docker-variables
338 before_script: *before-docker
339 allow_failure: true
340 script:
341 - mkdir -p /root/.docker/cli-plugins
342 - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx
343 - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c
344 - chmod +x ~/.docker/cli-plugins/docker-buildx
345 - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
346 - docker buildx create --name mbuilder --driver docker-container --use
347 - docker buildx inspect --bootstrap
348 - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG -t $IMAGE_TAG_LATEST_STABLE .
349 tags:
350 - dind
351 only:
352 - stable@pleroma/pleroma
353
354 docker-release:
355 stage: docker
356 image: docker:latest
357 cache: {}
358 dependencies: []
359 variables: *docker-variables
360 before_script: *before-docker
361 allow_failure: true
362 script:
363 script:
364 - mkdir -p /root/.docker/cli-plugins
365 - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx
366 - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c
367 - chmod +x ~/.docker/cli-plugins/docker-buildx
368 - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
369 - docker buildx create --name mbuilder --driver docker-container --use
370 - docker buildx inspect --bootstrap
371 - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG .
372 tags:
373 - dind
374 only:
375 - /^release/.*$/@pleroma/pleroma
376
377 docker-adhoc:
378 stage: docker
379 image: docker:latest
380 cache: {}
381 dependencies: []
382 variables: *docker-variables
383 before_script: *before-docker
384 allow_failure: true
385 script:
386 script:
387 - mkdir -p /root/.docker/cli-plugins
388 - wget "${DOCKER_BUILDX_URL}" -O ~/.docker/cli-plugins/docker-buildx
389 - echo "${DOCKER_BUILDX_HASH} /root/.docker/cli-plugins/docker-buildx" | sha1sum -c
390 - chmod +x ~/.docker/cli-plugins/docker-buildx
391 - docker run --rm --privileged multiarch/qemu-user-static --reset -p yes
392 - docker buildx create --name mbuilder --driver docker-container --use
393 - docker buildx inspect --bootstrap
394 - docker buildx build --platform linux/amd64,linux/arm/v7,linux/arm64/v8 --push --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG .
395 tags:
396 - dind
397 only:
398 - /^build-docker/.*$/@pleroma/pleroma
Fork of https://akkoma.dev/AkkomaGang/akkoma.git