diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index d6a90ac12d2aa538f0c36a5f69543762a976a450..94ad4fe464f7b1f4ffb6ef64040c14263f68de27 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,55 +1,93 @@ -image: "dev.gitlab.org:5005/gitlab/gitlab-build-images:ruby-2.6.3-golang-1.11-git-2.21-chrome-73.0-node-10.x-yarn-1.12-postgresql-9.6-graphicsmagick-1.3.29" +# This file is a template, and might need editing before it works on your project. +# Auto DevOps +# This CI/CD configuration provides a standard pipeline for +# * building a Docker image (using a buildpack if necessary), +# * storing the image in the container registry, +# * running tests from a buildpack, +# * running code quality analysis, +# * creating a review app for each topic branch, +# * and continuous deployment to production +# +# Test jobs may be disabled by setting environment variables: +# * test: TEST_DISABLED +# * code_quality: CODE_QUALITY_DISABLED +# * license_management: LICENSE_MANAGEMENT_DISABLED +# * performance: PERFORMANCE_DISABLED +# * sast: SAST_DISABLED +# * dependency_scanning: DEPENDENCY_SCANNING_DISABLED +# * container_scanning: CONTAINER_SCANNING_DISABLED +# * dast: DAST_DISABLED +# * review: REVIEW_DISABLED +# * stop_review: REVIEW_DISABLED +# +# In order to deploy, you must have a Kubernetes cluster configured either +# via a project integration, or via group/project variables. +# KUBE_INGRESS_BASE_DOMAIN must also be set on the cluster settings, +# as a variable at the group or project level, or manually added below. +# +# Continuous deployment to production is enabled by default. +# If you want to deploy to staging first, set STAGING_ENABLED environment variable. +# If you want to enable incremental rollout, either manual or time based, +# set INCREMENTAL_ROLLOUT_MODE environment variable to "manual" or "timed". +# If you want to use canary deployments, set CANARY_ENABLED environment variable. +# +# If Auto DevOps fails to detect the proper buildpack, or if you want to +# specify a custom buildpack, set a project variable `BUILDPACK_URL` to the +# repository URL of the buildpack. +# e.g. BUILDPACK_URL=https://github.com/heroku/heroku-buildpack-ruby.git#v142 +# If you need multiple buildpacks, add a file to your project called +# `.buildpacks` that contains the URLs, one on each line, in order. +# Note: Auto CI does not work with multiple buildpacks yet + +image: alpine:latest variables: - MYSQL_ALLOW_EMPTY_PASSWORD: "1" - RAILS_ENV: "test" - NODE_ENV: "test" - SIMPLECOV: "true" - GIT_DEPTH: "20" - GIT_SUBMODULE_STRATEGY: "none" - GET_SOURCES_ATTEMPTS: "3" - KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/${CI_PROJECT_NAME}/rspec_report-master.json - FLAKY_RSPEC_SUITE_REPORT_PATH: rspec_flaky/report-suite.json - BUILD_ASSETS_IMAGE: "false" - - ## EE specific variables ## - # This hack is needed to make ES not that memory hungry - ES_JAVA_OPTS: "-Xms256m -Xmx256m" - ELASTIC_URL: "http://elastic:changeme@docker.elastic.co-elasticsearch-elasticsearch:9200" - EE_KNAPSACK_RSPEC_SUITE_REPORT_PATH: knapsack/${CI_PROJECT_NAME}/rspec_report-master-ee.json - -before_script: - - bundle --version - - date - - source scripts/utils.sh - - date - - source scripts/prepare_build.sh - - date - -after_script: - - date + # KUBE_INGRESS_BASE_DOMAIN is the application deployment domain and should be set as a variable at the group or project level. + # KUBE_INGRESS_BASE_DOMAIN: domain.example.com + + POSTGRES_USER: user + POSTGRES_PASSWORD: testing-password + POSTGRES_ENABLED: "true" + POSTGRES_DB: $CI_ENVIRONMENT_SLUG + POSTGRES_VERSION: 9.6.2 + + KUBERNETES_VERSION: 1.11.9 + HELM_VERSION: 2.13.1 + + DOCKER_DRIVER: overlay2 + + ROLLOUT_RESOURCE_TYPE: deployment stages: - build - - prepare - - merge - - quick-test - test + - deploy # dummy stage to follow the template guidelines - review - - qa - - post-test - - pages - - post-cleanup + - dast + - staging + - canary + - production + - incremental rollout 10% + - incremental rollout 25% + - incremental rollout 50% + - incremental rollout 100% + - performance + - cleanup include: - - local: .gitlab/ci/global.gitlab-ci.yml - - local: .gitlab/ci/cng.gitlab-ci.yml - - local: .gitlab/ci/docs.gitlab-ci.yml - - local: .gitlab/ci/frontend.gitlab-ci.yml - - local: .gitlab/ci/pages.gitlab-ci.yml - - local: .gitlab/ci/qa.gitlab-ci.yml - - local: .gitlab/ci/reports.gitlab-ci.yml - - local: .gitlab/ci/rails.gitlab-ci.yml - - local: .gitlab/ci/review.gitlab-ci.yml - - local: .gitlab/ci/setup.gitlab-ci.yml - - local: .gitlab/ci/test-metadata.gitlab-ci.yml + - template: Jobs/Build.gitlab-ci.yml + - template: Jobs/Test.gitlab-ci.yml + - template: Jobs/Code-Quality.gitlab-ci.yml + - template: Jobs/Deploy.gitlab-ci.yml + - template: Jobs/Browser-Performance-Testing.gitlab-ci.yml + - template: Security/DAST.gitlab-ci.yml + - template: Security/Container-Scanning.gitlab-ci.yml + - template: Security/Dependency-Scanning.gitlab-ci.yml + - template: Security/License-Management.gitlab-ci.yml + - template: Security/SAST.gitlab-ci.yml + +# Override DAST job to exclude master branch +dast: + except: + refs: + - master \ No newline at end of file