From a0346f3f8870c230183a6b7958c39e0eadc8499a Mon Sep 17 00:00:00 2001 From: Phil Date: Tue, 25 Jan 2022 21:16:56 +0100 Subject: [PATCH] Changed CI Layout split into multiple files --- .gitlab-ci.yml | 191 +---------------------------------- .gitlab/ci/always.yml | 22 ++++ .gitlab/ci/main-branch.yml | 20 ++++ .gitlab/ci/merge-request.yml | 21 ++++ .gitlab/ci/tagged-build.yml | 118 ++++++++++++++++++++++ 5 files changed, 185 insertions(+), 187 deletions(-) create mode 100644 .gitlab/ci/always.yml create mode 100644 .gitlab/ci/main-branch.yml create mode 100644 .gitlab/ci/merge-request.yml create mode 100644 .gitlab/ci/tagged-build.yml diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 214fe4e..dcf9c84 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -7,191 +7,8 @@ stages: - build-binary - build-docker -check-format: - image: golang:latest - stage: test - before_script: - - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME - - cd $GOPATH/src/$REPO_NAME - script: - - go fmt $(go list ./... | grep -v /vendor/) - - go vet $(go list ./... | grep -v /vendor/) - - go test -race $(go list ./... | grep -v /vendor/) - only: - - merge_requests - -check-gosec: - image: golang:latest - before_script: - - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) - - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME - - cd $GOPATH/src/$REPO_NAME - script: - - go install github.com/securego/gosec/v2/cmd/gosec@latest - - go get -v -d . - - gosec ./... - only: - - merge_requests - -release-prod-linux-amd64: - image: golang:latest - stage: build-binary - variables: - GOOS: "linux" - GOARCH: "amd64" - CGO_ENABLED: 0 - before_script: - - go get -d -v ./... - - apt install curl -y - script: - - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-amd64 . - - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-amd64"' - - rm linux-amd64 - only: - - tags - except: - - branches - -release-prod-linux-arm64: - image: golang:latest - stage: build-binary - variables: - GOOS: "linux" - GOARCH: "arm64" - CGO_ENABLED: 0 - before_script: - - go get -d -v ./... - - apt install curl -y - script: - - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-arm64 . - - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-arm64"' - - rm linux-arm64 - only: - - tags - except: - - branches - -release-prod-darwin-amd64: - image: golang:latest - stage: build-binary - variables: - GOOS: "darwin" - GOARCH: "amd64" - CGO_ENABLED: 0 - before_script: - - go get -d -v ./... - - apt install curl -y - script: - - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-amd64 . - - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-amd64"' - - rm darwin-amd64 - only: - - tags - except: - - branches - -release-prod-darwin-arm64: - image: golang:latest - stage: build-binary - variables: - GOOS: "darwin" - GOARCH: "arm64" - CGO_ENABLED: 0 - before_script: - - go get -d -v ./... - - apt install curl -y - script: - - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-arm64 . - - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-arm64"' - - rm darwin-arm64 - only: - - tags - except: - - branches - -release-prod-windows-amd64: - image: golang:latest - stage: build-binary - variables: - GOOS: "windows" - GOARCH: "amd64" - CGO_ENABLED: 0 - before_script: - - go get -d -v ./... - - apt install curl -y - script: - - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o windows-amd64.exe . - - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file windows-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/windows-amd64.exe"' - - rm windows-amd64.exe - only: - - tags - except: - - branches - -docker-build-prod-latest: - image: ezkrg/buildx - stage: build-docker - services: - - docker:dind - before_script: - - docker buildx create --use - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - script: - - | - docker buildx build \ - --platform linux/amd64,linux/arm64 \ - --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ - --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ - --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ - --push \ - --tag $CI_REGISTRY_IMAGE:latest \ - . - only: - - main - -docker-build-prod-tagged: - image: ezkrg/buildx - stage: build-docker - services: - - docker:dind - before_script: - - docker buildx create --use - - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY - script: - - | - docker buildx build \ - --platform linux/amd64,linux/arm64 \ - --no-cache \ - --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ - --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ - --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ - --push \ - --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \ - . - only: - - tags - except: - - branches - -docker-build-dry-run: - image: docker:latest - stage: build-docker - services: - - docker:dind - script: - - | - if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then - tag="" - echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" - else - tag=":$CI_COMMIT_REF_SLUG" - echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" - fi - - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . - only: - - merge_requests - include: -- template: Security/SAST.gitlab-ci.yml -- template: Security/SAST-IaC.latest.gitlab-ci.yml + - '/.gitlab/ci/always.yml' + - '/.gitlab/ci/main-branch.yml' + - '/.gitlab/ci/merge-request.yml' + - '/.gitlab/ci/tagged-build.yml' \ No newline at end of file diff --git a/.gitlab/ci/always.yml b/.gitlab/ci/always.yml new file mode 100644 index 0000000..5477f2c --- /dev/null +++ b/.gitlab/ci/always.yml @@ -0,0 +1,22 @@ +check-format: + image: golang:latest + stage: test + before_script: + - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) + - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME + - cd $GOPATH/src/$REPO_NAME + script: + - go fmt $(go list ./... | grep -v /vendor/) + - go vet $(go list ./... | grep -v /vendor/) + - go test -race $(go list ./... | grep -v /vendor/) + +check-gosec: + image: golang:latest + before_script: + - mkdir -p $GOPATH/src/$(dirname $REPO_NAME) + - ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME + - cd $GOPATH/src/$REPO_NAME + script: + - go install github.com/securego/gosec/v2/cmd/gosec@latest + - go get -v -d . + - gosec ./... \ No newline at end of file diff --git a/.gitlab/ci/main-branch.yml b/.gitlab/ci/main-branch.yml new file mode 100644 index 0000000..2e3a527 --- /dev/null +++ b/.gitlab/ci/main-branch.yml @@ -0,0 +1,20 @@ +docker-build-prod-latest: + image: ezkrg/buildx + stage: build-docker + services: + - docker:dind + before_script: + - docker buildx create --use + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + script: + - | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ + --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ + --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ + --push \ + --tag $CI_REGISTRY_IMAGE:latest \ + . + only: + - main \ No newline at end of file diff --git a/.gitlab/ci/merge-request.yml b/.gitlab/ci/merge-request.yml new file mode 100644 index 0000000..1516a41 --- /dev/null +++ b/.gitlab/ci/merge-request.yml @@ -0,0 +1,21 @@ +docker-build-dry-run: + image: docker:latest + stage: build-docker + services: + - docker:dind + script: + - | + if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then + tag="" + echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'" + else + tag=":$CI_COMMIT_REF_SLUG" + echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag" + fi + - docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" . + only: + - merge_requests + +include: +- template: Security/SAST.gitlab-ci.yml +- template: Security/SAST-IaC.latest.gitlab-ci.yml \ No newline at end of file diff --git a/.gitlab/ci/tagged-build.yml b/.gitlab/ci/tagged-build.yml new file mode 100644 index 0000000..a41383a --- /dev/null +++ b/.gitlab/ci/tagged-build.yml @@ -0,0 +1,118 @@ +release-prod-linux-amd64: + image: golang:latest + stage: build-binary + variables: + GOOS: "linux" + GOARCH: "amd64" + CGO_ENABLED: 0 + before_script: + - go get -d -v ./... + - apt install curl -y + script: + - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-amd64 . + - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-amd64"' + - rm linux-amd64 + only: + - tags + except: + - branches + +release-prod-linux-arm64: + image: golang:latest + stage: build-binary + variables: + GOOS: "linux" + GOARCH: "arm64" + CGO_ENABLED: 0 + before_script: + - go get -d -v ./... + - apt install curl -y + script: + - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-arm64 . + - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-arm64"' + - rm linux-arm64 + only: + - tags + except: + - branches + +release-prod-darwin-amd64: + image: golang:latest + stage: build-binary + variables: + GOOS: "darwin" + GOARCH: "amd64" + CGO_ENABLED: 0 + before_script: + - go get -d -v ./... + - apt install curl -y + script: + - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-amd64 . + - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-amd64"' + - rm darwin-amd64 + only: + - tags + except: + - branches + +release-prod-darwin-arm64: + image: golang:latest + stage: build-binary + variables: + GOOS: "darwin" + GOARCH: "arm64" + CGO_ENABLED: 0 + before_script: + - go get -d -v ./... + - apt install curl -y + script: + - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-arm64 . + - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-arm64"' + - rm darwin-arm64 + only: + - tags + except: + - branches + +release-prod-windows-amd64: + image: golang:latest + stage: build-binary + variables: + GOOS: "windows" + GOARCH: "amd64" + CGO_ENABLED: 0 + before_script: + - go get -d -v ./... + - apt install curl -y + script: + - go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o windows-amd64.exe . + - 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file windows-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/windows-amd64.exe"' + - rm windows-amd64.exe + only: + - tags + except: + - branches + +docker-build-prod-tagged: + image: ezkrg/buildx + stage: build-docker + services: + - docker:dind + before_script: + - docker buildx create --use + - docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY + script: + - | + docker buildx build \ + --platform linux/amd64,linux/arm64 \ + --no-cache \ + --build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \ + --build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \ + --build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \ + --push \ + --tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \ + . + only: + - tags + except: + - branches \ No newline at end of file