image: variables: &global_variables POSTGRES_DB: pleroma_test POSTGRES_USER: postgres POSTGRES_PASSWORD: postgres DB_HOST: postgres DB_PORT: 5432 MIX_ENV: test workflow: rules: - if: $CI_PIPELINE_SOURCE == "merge_request_event" - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS when: never - if: $CI_COMMIT_BRANCH cache: &global_cache_policy key: files: - mix.lock paths: - deps - _build stages: - check-changelog - build - test - benchmark - deploy - release - docker - docker-combine before_script: - echo $MIX_ENV - rm -rf _build/*/lib/pleroma - mix deps.get after_script: - rm -rf _build/*/lib/pleroma check-changelog: stage: check-changelog image: alpine rules: - if: $CI_MERGE_REQUEST_TARGET_BRANCH_NAME == "develop" before_script: '' after_script: '' cache: {} script: - sh ./tools/check-changelog build: stage: build only: changes: &build_changes_policy - ".gitlab-ci.yml" - "**/*.ex" - "**/*.exs" - "mix.lock" script: - mix compile --force spec-build: stage: test only: changes: - ".gitlab-ci.yml" - "lib/pleroma/web/api_spec/**/*.ex" - "lib/pleroma/web/api_spec.ex" artifacts: paths: - spec.json script: - mix pleroma.openapi_spec spec.json benchmark: stage: benchmark when: manual variables: MIX_ENV: benchmark services: - name: postgres:9.6-alpine alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: - mix ecto.create - mix ecto.migrate - mix pleroma.load_testing unit-testing: stage: test only: changes: *build_changes_policy cache: &testing_cache_policy <<: *global_cache_policy policy: pull services: - name: postgres:13-alpine alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: - mix ecto.create - mix ecto.migrate - mix test --cover --preload-modules coverage: '/^Line total: ([^ ]*%)$/' artifacts: reports: coverage_report: coverage_format: cobertura path: coverage.xml unit-testing-erratic: stage: test retry: 2 allow_failure: true only: changes: *build_changes_policy cache: &testing_cache_policy <<: *global_cache_policy policy: pull services: - name: postgres:13-alpine alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] script: - mix ecto.create - mix ecto.migrate - mix test --only=erratic # Removed to fix CI issue. In this early state it wasn't adding much value anyway. # TODO Fix and reinstate federated testing # federated-testing: # stage: test # cache: *testing_cache_policy # services: # - name: minibikini/postgres-with-rum:12 # alias: postgres # command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] # script: # - mix deps.get # - mix ecto.create # - mix ecto.migrate # - epmd -daemon # - mix test --trace --only federated unit-testing-rum: stage: test only: changes: *build_changes_policy cache: *testing_cache_policy services: - name: minibikini/postgres-with-rum:12 alias: postgres command: ["postgres", "-c", "fsync=off", "-c", "synchronous_commit=off", "-c", "full_page_writes=off"] variables: <<: *global_variables RUM_ENABLED: "true" script: - mix ecto.create - mix ecto.migrate - "mix ecto.migrate --migrations-path priv/repo/optional_migrations/rum_indexing/" - mix test --preload-modules lint: image: ¤t_elixir elixir:1.12-alpine stage: test only: changes: *build_changes_policy cache: *testing_cache_policy before_script: ¤t_bfr_script - apk update - apk add build-base cmake file-dev git openssl - mix local.hex --force - mix local.rebar --force - mix deps.get script: - mix format --check-formatted analysis: stage: test only: changes: *build_changes_policy cache: *testing_cache_policy script: - mix credo --strict --only=warnings,todo,fixme,consistency,readability cycles: image: *current_elixir stage: test only: changes: *build_changes_policy cache: {} before_script: *current_bfr_script script: - mix compile - mix xref graph --format cycles --label compile | awk '{print $0} END{exit ($0 != "No cycles found")}' docs-deploy: stage: deploy cache: *testing_cache_policy image: alpine:latest only: - stable@pleroma/pleroma - develop@pleroma/pleroma before_script: - apk add curl script: - curl -X POST -F"token=$DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" review_app: image: alpine:3.9 stage: deploy before_script: - apk update && apk add openssh-client git when: manual environment: name: review/$CI_COMMIT_REF_NAME url: https://$ on_stop: stop_review_app only: - branches except: - master - develop script: - echo "$CI_ENVIRONMENT_SLUG" - mkdir -p ~/.ssh - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - - ssh-keyscan -H "" >> ~/.ssh/known_hosts - (ssh -t -- apps:create "$CI_ENVIRONMENT_SLUG") || true - (ssh -t -- git:set "$CI_ENVIRONMENT_SLUG" keep-git-dir true) || true - ssh -t -- config:set "$CI_ENVIRONMENT_SLUG" APP_NAME="$CI_ENVIRONMENT_SLUG" APP_HOST="$" MIX_ENV=dokku - (ssh -t -- postgres:create $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db) || true - (ssh -t -- postgres:link $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db "$CI_ENVIRONMENT_SLUG") || true - (ssh -t -- certs:add "$CI_ENVIRONMENT_SLUG" /home/dokku/server.crt /home/dokku/server.key) || true - git push -f$CI_ENVIRONMENT_SLUG $CI_COMMIT_SHA:refs/heads/master spec-deploy: stage: deploy artifacts: paths: - spec.json only: - develop@pleroma/pleroma image: alpine:latest before_script: - apk add curl script: - curl -X POST -F"token=$API_DOCS_PIPELINE_TRIGGER" -F'ref=master' -F"variables[BRANCH]=$CI_COMMIT_REF_NAME" -F"variables[JOB_REF]=$CI_JOB_ID" stop_review_app: image: alpine:3.9 stage: deploy before_script: - apk update && apk add openssh-client git when: manual environment: name: review/$CI_COMMIT_REF_NAME action: stop script: - echo "$CI_ENVIRONMENT_SLUG" - mkdir -p ~/.ssh - eval $(ssh-agent -s) - echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add - - ssh-keyscan -H "" >> ~/.ssh/known_hosts - ssh -t -- --force apps:destroy "$CI_ENVIRONMENT_SLUG" - ssh -t -- --force postgres:destroy $(echo $CI_ENVIRONMENT_SLUG | sed -e 's/-/_/g')_db amd64: stage: release image: elixir:1.11.4 only: &release-only - stable@pleroma/pleroma - develop@pleroma/pleroma - /^maint/.*$/@pleroma/pleroma - /^release/.*$/@pleroma/pleroma tags: - amd64 artifacts: &release-artifacts name: "pleroma-$CI_COMMIT_REF_NAME-$CI_COMMIT_SHORT_SHA-$CI_JOB_NAME" paths: - release/* # Ideally it would be never for master branch and with the next commit for develop, # but Gitlab does not support neither `only` for artifacts # nor setting it to never from .gitlab-ci.yml # nor expiring with the next commit expire_in: 42 yrs cache: &release-cache key: $CI_COMMIT_REF_NAME-$CI_JOB_NAME paths: - deps variables: &release-variables MIX_ENV: prod before_script: &before-release - apt-get update && apt-get install -y cmake libmagic-dev - echo "import Config" > config/prod.secret.exs - mix local.hex --force - mix local.rebar --force script: &release - mix deps.get --only prod - mkdir release - export PLEROMA_BUILD_BRANCH=$CI_COMMIT_REF_NAME - mix release --path release amd64-musl: stage: release artifacts: *release-artifacts only: *release-only image: elixir:1.11.4-alpine tags: - amd64 cache: *release-cache variables: *release-variables before_script: &before-release-musl - apk add git build-base cmake file-dev openssl - echo "import Config" > config/prod.secret.exs - mix local.hex --force - mix local.rebar --force script: *release arm: stage: release artifacts: *release-artifacts only: *release-only tags: - arm32-specified image: arm32v7/elixir:1.11.4 cache: *release-cache variables: *release-variables before_script: *before-release script: *release arm-musl: stage: release artifacts: *release-artifacts only: *release-only tags: - arm32-specified image: arm32v7/elixir:1.11.4-alpine cache: *release-cache variables: *release-variables before_script: *before-release-musl script: *release arm64: stage: release artifacts: *release-artifacts only: *release-only tags: - arm image: arm64v8/elixir:1.11.4 cache: *release-cache variables: *release-variables before_script: *before-release script: *release arm64-musl: stage: release artifacts: *release-artifacts only: *release-only tags: - arm image: arm64v8/elixir:1.11.4-alpine cache: *release-cache variables: *release-variables before_script: *before-release-musl script: *release .kaniko: stage: docker image: name: entrypoint: [""] cache: {} dependencies: [] needs: - spec-build - unit-testing - unit-testing-erratic - unit-testing-rum - lint - analysis - cycles before_script: &before-kaniko - export CI_JOB_TIMESTAMP=$(date --utc -Iseconds) - export CI_VCS_REF=$CI_COMMIT_SHORT_SHA - export IMAGE_TAG=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:$CI_COMMIT_SHORT_SHA - export IMAGE_TAG_SLUG=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:$CI_COMMIT_REF_SLUG - export IMAGE_TAG_LATEST=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:latest - export IMAGE_TAG_LATEST_STABLE=$CI_REGISTRY_IMAGE/$BUILD_ARCH_IMG_SUFFIX:latest-stable - mkdir -p /kaniko/.docker - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"$CI_REGISTRY_USER\",\"password\":\"$CI_REGISTRY_PASSWORD\"}}}" > /kaniko/.docker/config.json .kaniko-latest: extends: .kaniko only: - develop@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG --destination $IMAGE_TAG_LATEST .kaniko-stable: extends: .kaniko only: - stable@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG --destination $IMAGE_TAG_LATEST_STABLE .kaniko-release: extends: .kaniko only: - /^release/.*$/@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG .kaniko-adhoc: extends: .kaniko only: - /^build-docker/.*$/@pleroma/pleroma script: - /kaniko/executor --context $CI_PROJECT_DIR --dockerfile $CI_PROJECT_DIR/Dockerfile --custom-platform=$BUILD_ARCH --build-arg VCS_REF=$CI_VCS_REF --build-arg BUILD_DATE=$CI_JOB_TIMESTAMP --destination $IMAGE_TAG --destination $IMAGE_TAG_SLUG .kaniko:linux/amd64: variables: BUILD_ARCH: linux/amd64 BUILD_ARCH_IMG_SUFFIX: linux-amd64 tags: - amd64 .kaniko:linux/arm64: variables: BUILD_ARCH: linux/arm64/v8 BUILD_ARCH_IMG_SUFFIX: linux-arm64-v8 tags: - arm .kaniko:linux/arm: variables: BUILD_ARCH: linux/arm/v7 BUILD_ARCH_IMG_SUFFIX: linux-arm-v7 tags: - arm32-specified kaniko-latest:linux/amd64: extends: - .kaniko-latest - .kaniko:linux/amd64 kaniko-latest:linux/arm64: extends: - .kaniko-latest - .kaniko:linux/arm64 kaniko-latest:linux/arm: extends: - .kaniko-latest - .kaniko:linux/arm kaniko-stable:linux/amd64: extends: - .kaniko-stable - .kaniko:linux/amd64 kaniko-stable:linux/arm64: extends: - .kaniko-stable - .kaniko:linux/arm64 kaniko-stable:linux/arm: extends: - .kaniko-stable - .kaniko:linux/arm kaniko-release:linux/amd64: extends: - .kaniko-release - .kaniko:linux/amd64 kaniko-release:linux/arm64: extends: - .kaniko-release - .kaniko:linux/arm64 kaniko-release:linux/arm: extends: - .kaniko-release - .kaniko:linux/arm .docker-combine: stage: docker-combine image: docker:cli cache: {} before_script: - 'BUILD_ARCHES="linux-amd64 linux-arm64-v8 linux-arm-v7"' - export IMAGE_TAG=$CI_REGISTRY_IMAGE:$CI_COMMIT_SHORT_SHA - export IMAGE_TAG_SLUG=$CI_REGISTRY_IMAGE:$CI_COMMIT_REF_SLUG - export IMAGE_TAG_LATEST=$CI_REGISTRY_IMAGE:latest - export IMAGE_TAG_LATEST_STABLE=$CI_REGISTRY_IMAGE:latest-stable - 'IMAGES=; for arch in $BUILD_ARCHES; do IMAGES="$IMAGES $CI_REGISTRY_IMAGE/$arch:$CI_COMMIT_SHORT_SHA"; done' - 'IMAGES_SLUG=; for arch in $BUILD_ARCHES; do IMAGES_SLUG="$IMAGES_SLUG $CI_REGISTRY_IMAGE/$arch:$CI_COMMIT_REF_SLUG"; done' - 'IMAGES_LATEST=; for arch in $BUILD_ARCHES; do IMAGES_LATEST="$IMAGES_LATEST $CI_REGISTRY_IMAGE/$arch:latest"; done' - 'IMAGES_LATEST_STABLE=; for arch in $BUILD_ARCHES; do IMAGES_LATEST_STABLE="$IMAGES_LATEST_STABLE $CI_REGISTRY_IMAGE/$arch:latest"; done' - echo "$CI_REGISTRY_PASSWORD" | docker login $CI_REGISTRY --username $CI_REGISTRY_USER --password-stdin docker-combine:latest: extends: .docker-combine only: - develop@pleroma/pleroma needs: - 'kaniko-latest:linux/amd64' - 'kaniko-latest:linux/arm64' - 'kaniko-latest:linux/arm' script: - 'docker manifest create $IMAGE_TAG $IMAGES' - 'docker manifest push $IMAGE_TAG' - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG' - 'docker manifest push $IMAGE_TAG_SLUG' - 'docker manifest create $IMAGE_TAG_LATEST $IMAGES_LATEST' - 'docker manifest push $IMAGE_TAG_LATEST' docker-combine:stable: extends: .docker-combine only: - stable@pleroma/pleroma needs: - 'kaniko-stable:linux/amd64' - 'kaniko-stable:linux/arm64' - 'kaniko-stable:linux/arm' script: - 'docker manifest create $IMAGE_TAG $IMAGES' - 'docker manifest push $IMAGE_TAG' - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG' - 'docker manifest push $IMAGE_TAG_SLUG' - 'docker manifest create $IMAGE_TAG_LATEST_STABLE $IMAGES_LATEST_STABLE' - 'docker manifest push $IMAGE_TAG_LATEST_STABLE' docker-combine:release: extends: .docker-combine only: - /^release/.*$/@pleroma/pleroma needs: - 'kaniko-release:linux/amd64' - 'kaniko-release:linux/arm64' - 'kaniko-release:linux/arm' script: - 'docker manifest create $IMAGE_TAG $IMAGES' - 'docker manifest push $IMAGE_TAG' - 'docker manifest create $IMAGE_TAG_SLUG $IMAGES_SLUG' - 'docker manifest push $IMAGE_TAG_SLUG'