Merge branch '2046-default-restrict-unauthenticated-basing-on-instance-privacy' into...
[akkoma] / .gitlab-ci.yml
1 image: elixir:1.9.4
2
3 variables: &global_variables
4 POSTGRES_DB: pleroma_test
5 POSTGRES_USER: postgres
6 POSTGRES_PASSWORD: postgres
7 DB_HOST: postgres
8 MIX_ENV: test
9
10 cache: &global_cache_policy
11 key: ${CI_COMMIT_REF_SLUG}
12 paths:
13 - deps
14 - _build
15
16 stages:
17 - build
18 - test
19 - benchmark
20 - deploy
21 - release
22 - docker
23
24 before_script:
25 - apt-get update && apt-get install -y cmake
26 - mix local.hex --force
27 - mix local.rebar --force
28
29 build:
30 stage: build
31 script:
32 - mix deps.get
33 - mix compile --force
34
35 benchmark:
36 stage: benchmark
37 when: manual
38 variables:
39 MIX_ENV: benchmark
40 services:
41 - name: postgres:9.6
42 alias: postgres
43 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
44 script:
45 - mix deps.get
46 - mix ecto.create
47 - mix ecto.migrate
48 - mix pleroma.load_testing
49
50 unit-testing:
51 stage: test
52 retry: 2
53 cache: &testing_cache_policy
54 <<: *global_cache_policy
55 policy: pull
56
57 services:
58 - name: postgres:9.6
59 alias: postgres
60 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
61 script:
62 - apt-get update && apt-get install -y libimage-exiftool-perl
63 - mix deps.get
64 - mix ecto.create
65 - mix ecto.migrate
66 - mix coveralls --preload-modules
67
68 federated-testing:
69 stage: test
70 cache: *testing_cache_policy
71 services:
72 - name: minibikini/postgres-with-rum:12
73 alias: postgres
74 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
75 script:
76 - mix deps.get
77 - mix ecto.create
78 - mix ecto.migrate
79 - epmd -daemon
80 - mix test --trace --only federated
81
82 unit-testing-rum:
83 stage: test
84 retry: 2
85 cache: *testing_cache_policy
86 services:
87 - name: minibikini/postgres-with-rum:12
88 alias: postgres
89 command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"]
90 variables:
91 <<: *global_variables
92 RUM_ENABLED: "true"
93 script:
94 - apt-get update && apt-get install -y libimage-exiftool-perl
95 - mix deps.get
96 - mix ecto.create
97 - mix ecto.migrate
98 - "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/"
99 - mix test --preload-modules
100
101 lint:
102 stage: test
103 cache: *testing_cache_policy
104 script:
105 - mix format --check-formatted
106
107 analysis:
108 stage: test
109 cache: *testing_cache_policy
110 script:
111 - mix deps.get
112 - mix credo --strict --only=warnings,todo,fixme,consistency,readability
113
114 docs-deploy:
115 stage: deploy
116 cache: *testing_cache_policy
117 image: alpine:latest
118 only:
119 - stable@pleroma/pleroma
120 - develop@pleroma/pleroma
121 before_script:
122 - apk add curl
123 script:
124 - curl -X POST -F"token=$DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" https://git.pleroma.social/api/v4/projects/673/trigger/pipeline
125 review_app:
126 image: alpine:3.9
127 stage: deploy
128 before_script:
129 - apk update && apk add openssh-client git
130 when: manual
131 environment:
132 name: review/$CI_COMMIT_REF_NAME
133 url: https://$CI_ENVIRONMENT_SLUG.pleroma.online/
134 on_stop: stop_review_app
135 only:
136 - branches
137 except:
138 - master
139 - develop
140 script:
141 - echo "$CI_ENVIRONMENT_SLUG"
142 - mkdir -p ~/.ssh
143 - eval $(ssh-agent -s)
144 - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
145 - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts
146 - (ssh -t dokku@pleroma.online -- apps:create "$CI_ENVIRONMENT_SLUG") || true
147 - (ssh -t dokku@pleroma.online -- git:set "$CI_ENVIRONMENT_SLUG" keep-git-dir true) || true
148 - ssh -t dokku@pleroma.online -- config:set "$CI_ENVIRONMENT_SLUG" APP_NAME="$CI_ENVIRONMENT_SLUG" APP_HOST="$CI_ENVIRONMENT_SLUG.pleroma.online" MIX_ENV=dokku
149 - (ssh -t dokku@pleroma.online -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true
150 - (ssh -t dokku@pleroma.online -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true
151 - (ssh -t dokku@pleroma.online -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true
152 - git push -f dokku@pleroma.online:$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master
153
154 stop_review_app:
155 image: alpine:3.9
156 stage: deploy
157 before_script:
158 - apk update && apk add openssh-client git
159 when: manual
160 environment:
161 name: review/$CI_COMMIT_REF_NAME
162 action: stop
163 script:
164 - echo "$CI_ENVIRONMENT_SLUG"
165 - mkdir -p ~/.ssh
166 - eval $(ssh-agent -s)
167 - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
168 - ssh-keyscan -H "pleroma.online" >> ~/.ssh/known_hosts
169 - ssh -t dokku@pleroma.online -- --force apps:destroy "$CI_ENVIRONMENT_SLUG"
170 - ssh -t dokku@pleroma.online -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db
171
172 amd64:
173 stage: release
174 image: elixir:1.10.3
175 only: &release-only
176 - stable@pleroma/pleroma
177 - develop@pleroma/pleroma
178 - /^maint/.*$/@pleroma/pleroma
179 - /^release/.*$/@pleroma/pleroma
180 artifacts: &release-artifacts
181 name: "pleroma-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA-$CI_JOB_NAME"
182 paths:
183 - release/*
184 # Ideally it would be never for master branch and with the next commit for develop,
185 # but Gitlab does not support neither `only` for artifacts
186 # nor setting it to never from .gitlab-ci.yml
187 # nor expiring with the next commit
188 expire_in: 42 yrs
189
190 cache: &release-cache
191 key: $CI_COMMIT_REF_NAME-$CI_JOB_NAME
192 paths:
193 - deps
194 variables: &release-variables
195 MIX_ENV: prod
196 before_script: &before-release
197 - apt install cmake -y
198 - echo "import Mix.Config" > config/prod.secret.exs
199 - mix local.hex --force
200 - mix local.rebar --force
201 script: &release
202 - mix deps.get --only prod
203 - mkdir release
204 - export PLEROMA_BUILD_BRANCH=$CI_COMMIT_REF_NAME
205 - mix release --path release
206
207
208 amd64-musl:
209 stage: release
210 artifacts: *release-artifacts
211 only: *release-only
212 image: elixir:1.10.3-alpine
213 cache: *release-cache
214 variables: *release-variables
215 before_script: &before-release-musl
216 - apk add git gcc g++ musl-dev make cmake
217 - echo "import Mix.Config" > config/prod.secret.exs
218 - mix local.hex --force
219 - mix local.rebar --force
220 script: *release
221
222 arm:
223 stage: release
224 artifacts: *release-artifacts
225 only: *release-only
226 tags:
227 - arm32
228 image: elixir:1.10.3
229 cache: *release-cache
230 variables: *release-variables
231 before_script: *before-release
232 script: *release
233
234 arm-musl:
235 stage: release
236 artifacts: *release-artifacts
237 only: *release-only
238 tags:
239 - arm32
240 image: elixir:1.10.3-alpine
241 cache: *release-cache
242 variables: *release-variables
243 before_script: *before-release-musl
244 script: *release
245
246 arm64:
247 stage: release
248 artifacts: *release-artifacts
249 only: *release-only
250 tags:
251 - arm
252 image: elixir:1.10.3
253 cache: *release-cache
254 variables: *release-variables
255 before_script: *before-release
256 script: *release
257
258 arm64-musl:
259 stage: release
260 artifacts: *release-artifacts
261 only: *release-only
262 tags:
263 - arm
264 # TODO: Replace with upstream image when 1.9.0 comes out
265 image: elixir:1.10.3-alpine
266 cache: *release-cache
267 variables: *release-variables
268 before_script: *before-release-musl
269 script: *release
270
271 docker:
272 stage: docker
273 image: docker:latest
274 cache: {}
275 dependencies: []
276 variables: &docker-variables
277 DOCKER_DRIVER: overlay2
278 DOCKER_HOST: unix:///var/run/docker.sock
279 IMAGE_TAG: $CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA
280 IMAGE_TAG_SLUG: $CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG
281 IMAGE_TAG_LATEST: $CI_REGISTRY_IMAGE:latest
282 IMAGE_TAG_LATEST_STABLE: $CI_REGISTRY_IMAGE:latest-stable
283 before_script: &before-docker
284 - docker login -u $CI_REGISTRY_USER -p $CI_REGISTRY_PASSWORD $CI_REGISTRY
285 - docker pull $IMAGE_TAG_SLUG || true
286 - export CI_JOB_TIMESTAMP=$(date --utc -Iseconds)
287 - export CI_VCS_REF=$CI_COMMIT_SHORT_SHA
288 allow_failure: true
289 script:
290 - docker build --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG -t $IMAGE_TAG_LATEST .
291 - docker push $IMAGE_TAG
292 - docker push $IMAGE_TAG_SLUG
293 - docker push $IMAGE_TAG_LATEST
294 tags:
295 - dind
296 only:
297 - develop@pleroma/pleroma
298
299 docker-stable:
300 stage: docker
301 image: docker:latest
302 cache: {}
303 dependencies: []
304 variables: *docker-variables
305 before_script: *before-docker
306 allow_failure: true
307 script:
308 - docker build --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG -t $IMAGE_TAG_LATEST_STABLE .
309 - docker push $IMAGE_TAG
310 - docker push $IMAGE_TAG_SLUG
311 - docker push $IMAGE_TAG_LATEST_STABLE
312 tags:
313 - dind
314 only:
315 - stable@pleroma/pleroma
316
317 docker-release:
318 stage: docker
319 image: docker:latest
320 cache: {}
321 dependencies: []
322 variables: *docker-variables
323 before_script: *before-docker
324 allow_failure: true
325 script:
326 - docker build --cache-from $IMAGE_TAG_SLUG --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP -t $IMAGE_TAG -t $IMAGE_TAG_SLUG .
327 - docker push $IMAGE_TAG
328 - docker push $IMAGE_TAG_SLUG
329 tags:
330 - dind
331 only:
332 - /^release/.*$/@pleroma/pleroma