Skip to content
Snippets Groups Projects
ci_dev.gitlab-ci.yml 9.42 KiB
Newer Older
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
stages:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#  - dev_pulling_repo
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  - dev_pre_pipeline
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  - dev_secrets_in_repo
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  - dev_linting
  - dev_build_and_push
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

variables:
  CI_DEBUG_TRACE: "false"
#  CI_REGISTRY_USER: $CI_REGISTRY_USER
#  CI_REGISTRY: $CI_REGISTRY
#  CAPIF_DOCKER_REGISTRY: $CAPIF_DOCKER_REGISTRY
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
.dev_common: &dev_common
  tags:
    - shell

Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
dev_secrets_in_repo:
  stage: dev_secrets_in_repo
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  rules:
    - if: '$CI_COMMIT_REF_NAME == "staging"'
      when: never
    - if: '$CI_COMMIT_REF_NAME == "main"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - when: always
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  script:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      pip install trufflehog
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      cd ../
      trufflehog capif --exclude_paths capif/cicd/exclusions --max_depth=5
#  needs: ["dev_pulling_repo"]
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  <<: *dev_common
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

# define the process to do linting code: Sonarque, ruff?
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
dev_linting_code:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  stage: dev_linting
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  rules:
    - if: '$CI_COMMIT_REF_NAME == "staging"'
      when: never
    - if: '$CI_COMMIT_REF_NAME == "main"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - when: always
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  script:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - |
      echo "###ruff checks###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      pip install ruff
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      ruff check --config cicd/ruff.toml . || true
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  needs: ["dev_secrets_in_repo"]
  <<: *dev_common
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
dev_linting_docker:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  stage: dev_linting
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  rules:
    - if: '$CI_COMMIT_REF_NAME == "staging"'
      when: never
    - if: '$CI_COMMIT_REF_NAME == "main"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - when: always
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  script:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - |
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    # Download hadolint binary
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    wget https://github.com/hadolint/hadolint/releases/download/v2.8.0/hadolint-Linux-x86_64 -O hadolint    
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

    # Make it executable
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    chmod +x hadolint    
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    # Move it to your binaries folder
    mv hadolint ../    
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    # Verify the installation
    echo "### hadolint version ###"
    ../hadolint --version    

    # Array of service names
    SERVICES=("vault" "nginx" "register" "TS29222_CAPIF_Access_Control_Policy_API" "TS29222_CAPIF_API_Invoker_Management_API" 
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
      "TS29222_CAPIF_API_Provider_Management_API" "TS29222_CAPIF_Auditing_API" "TS29222_CAPIF_Discover_Service_API" "TS29222_CAPIF_Events_API" 
      "TS29222_CAPIF_Logging_API_Invocation_API" "TS29222_CAPIF_Publish_Service_API" "TS29222_CAPIF_Routing_Info_API" "TS29222_CAPIF_Security_API"
      "vault")

    # Loop over service names
    for SERVICE in "${SERVICES[@]}"; do
      echo "### $SERVICE ###"
      
      # Run hadolint on Dockerfile
      ../hadolint services/$SERVICE/Dockerfile || true
      
      echo "----------------------------------------------------"
    done
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#  artifacts:
#    name: "$CI_JOB_NAME artifacts from $CI_PROJECT_NAME on $CI_COMMIT_REF_SLUG"
#    when: always
#    reports:
#      codequality:
#        - docker-lint.json
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
#  interruptible: true
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  <<: *dev_common
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed

dev_build_and_push:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  rules:
    - if: '$CI_COMMIT_REF_NAME == "staging"'
      when: never
    - if: '$CI_COMMIT_REF_NAME == "main"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_COMMIT_TAG =~ /^v\d+\.\d+\.\d+-release$/'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - if: '$CI_PIPELINE_SOURCE == "merge_request_event"'
      when: never
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
    - when: always
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  needs:
    - dev_linting_code
    - dev_linting_docker
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  stage: dev_build_and_push
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
  script:
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - export TMP_PWD=$PWD
   - echo "TMP_PWD=$TMP_PWD"
   - echo "$CI_JOB_TOKEN" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin
   - echo "----------------------------------------------------"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - echo "### build and push nginx image###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - cd $TMP_PWD/services/nginx/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/nginx:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - echo "### build and push register image###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - cd $TMP_PWD/services/register/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/register:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - echo "### build and push TS29222_CAPIF_Access_Control_Policy_API image###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - cd $TMP_PWD/services/TS29222_CAPIF_Access_Control_Policy_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-access-control-policy-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_API_Invoker_Management_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_API_Invoker_Management_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-invoker-management-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_API_Provider_Management_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_API_Provider_Management_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-api-provider-management-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Auditing_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Auditing_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-auditing-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Discover_Service_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Discover_Service_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-discover-service-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Events_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Events_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-events-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Logging_API_Invocation_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Logging_API_Invocation_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-logging-api-invocation-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Publish_Service_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Publish_Service_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-publish-service-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Routing_Info_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Routing_Info_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-routing-info-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push TS29222_CAPIF_Security_API image###"
   - cd $TMP_PWD/services/TS29222_CAPIF_Security_API/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/ocf-security-api:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push vault image###"
   - cd $TMP_PWD/services/vault/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/vault:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push helper image###"
   - cd $TMP_PWD/services/helper/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/helper:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - echo "### build and push mock-server image###"
Andres Anaya Amariels's avatar
Andres Anaya Amariels committed
   - cd $TMP_PWD/services/mock_server/
   - docker build -t $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG .
   - docker push $CI_REGISTRY/ocf/capif/$CI_COMMIT_REF_SLUG/mock-server:$CI_COMMIT_REF_SLUG
   - echo "----------------------------------------------------"
   - docker logout $CI_REGISTRY
  <<: *dev_common