Phil/goshorly
1
0
Fork 0
Code Issues Pull requests Projects Releases 1 Packages 1 Wiki Activity Actions

Changed CI Layout split into multiple files

Browse source
This commit is contained in:
Phil 2022-01-25 21:16:56 +01:00
parent 5555eb20d2
commit a0346f3f88
5 changed files with 185 additions and 187 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

191
.gitlab-ci.yml
View file

@ -7,191 +7,8 @@ stages:
- build-binary - build-binary
- build-docker - build-docker
check-format:
image: golang:latest
stage: test
before_script:
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
- cd $GOPATH/src/$REPO_NAME
script:
- go fmt $(go list ./... | grep -v /vendor/)
- go vet $(go list ./... | grep -v /vendor/)
- go test -race $(go list ./... | grep -v /vendor/)
only:
- merge_requests
check-gosec:
image: golang:latest
before_script:
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
- cd $GOPATH/src/$REPO_NAME
script:
- go install github.com/securego/gosec/v2/cmd/gosec@latest
- go get -v -d .
- gosec ./...
only:
- merge_requests
release-prod-linux-amd64:
image: golang:latest
stage: build-binary
variables:
GOOS: "linux"
GOARCH: "amd64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-amd64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-amd64"'
- rm linux-amd64
only:
- tags
except:
- branches
release-prod-linux-arm64:
image: golang:latest
stage: build-binary
variables:
GOOS: "linux"
GOARCH: "arm64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-arm64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-arm64"'
- rm linux-arm64
only:
- tags
except:
- branches
release-prod-darwin-amd64:
image: golang:latest
stage: build-binary
variables:
GOOS: "darwin"
GOARCH: "amd64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-amd64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-amd64"'
- rm darwin-amd64
only:
- tags
except:
- branches
release-prod-darwin-arm64:
image: golang:latest
stage: build-binary
variables:
GOOS: "darwin"
GOARCH: "arm64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-arm64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-arm64"'
- rm darwin-arm64
only:
- tags
except:
- branches
release-prod-windows-amd64:
image: golang:latest
stage: build-binary
variables:
GOOS: "windows"
GOARCH: "amd64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o windows-amd64.exe .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file windows-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/windows-amd64.exe"'
- rm windows-amd64.exe
only:
- tags
except:
- branches
docker-build-prod-latest:
image: ezkrg/buildx
stage: build-docker
services:
- docker:dind
before_script:
- docker buildx create --use
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \
--build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \
--build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \
--push \
--tag $CI_REGISTRY_IMAGE:latest \
.
only:
- main
docker-build-prod-tagged:
image: ezkrg/buildx
stage: build-docker
services:
- docker:dind
before_script:
- docker buildx create --use
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--no-cache \
--build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \
--build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \
--build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \
--push \
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \
.
only:
- tags
except:
- branches
docker-build-dry-run:
image: docker:latest
stage: build-docker
services:
- docker:dind
script:
- |
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
tag=""
echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
else
tag=":$CI_COMMIT_REF_SLUG"
echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
fi
- docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
only:
- merge_requests
include: include:
- template: Security/SAST.gitlab-ci.yml - '/.gitlab/ci/always.yml'
- template: Security/SAST-IaC.latest.gitlab-ci.yml - '/.gitlab/ci/main-branch.yml'
- '/.gitlab/ci/merge-request.yml'
- '/.gitlab/ci/tagged-build.yml'

22
.gitlab/ci/always.yml Normal file
View file

@ -0,0 +1,22 @@
check-format:
image: golang:latest
stage: test
before_script:
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
- cd $GOPATH/src/$REPO_NAME
script:
- go fmt $(go list ./... | grep -v /vendor/)
- go vet $(go list ./... | grep -v /vendor/)
- go test -race $(go list ./... | grep -v /vendor/)
check-gosec:
image: golang:latest
before_script:
- mkdir -p $GOPATH/src/$(dirname $REPO_NAME)
- ln -svf $CI_PROJECT_DIR $GOPATH/src/$REPO_NAME
- cd $GOPATH/src/$REPO_NAME
script:
- go install github.com/securego/gosec/v2/cmd/gosec@latest
- go get -v -d .
- gosec ./...

20
.gitlab/ci/main-branch.yml Normal file
View file

@ -0,0 +1,20 @@
docker-build-prod-latest:
image: ezkrg/buildx
stage: build-docker
services:
- docker:dind
before_script:
- docker buildx create --use
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \
--build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \
--build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \
--push \
--tag $CI_REGISTRY_IMAGE:latest \
.
only:
- main

21
.gitlab/ci/merge-request.yml Normal file
View file

@ -0,0 +1,21 @@
docker-build-dry-run:
image: docker:latest
stage: build-docker
services:
- docker:dind
script:
- |
if [[ "$CI_COMMIT_BRANCH" == "$CI_DEFAULT_BRANCH" ]]; then
tag=""
echo "Running on default branch '$CI_DEFAULT_BRANCH': tag = 'latest'"
else
tag=":$CI_COMMIT_REF_SLUG"
echo "Running on branch '$CI_COMMIT_BRANCH': tag = $tag"
fi
- docker build --pull -t "$CI_REGISTRY_IMAGE${tag}" .
only:
- merge_requests
include:
- template: Security/SAST.gitlab-ci.yml
- template: Security/SAST-IaC.latest.gitlab-ci.yml

118
.gitlab/ci/tagged-build.yml Normal file
View file

@ -0,0 +1,118 @@
release-prod-linux-amd64:
image: golang:latest
stage: build-binary
variables:
GOOS: "linux"
GOARCH: "amd64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-amd64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-amd64"'
- rm linux-amd64
only:
- tags
except:
- branches
release-prod-linux-arm64:
image: golang:latest
stage: build-binary
variables:
GOOS: "linux"
GOARCH: "arm64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o linux-arm64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file linux-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/linux-arm64"'
- rm linux-arm64
only:
- tags
except:
- branches
release-prod-darwin-amd64:
image: golang:latest
stage: build-binary
variables:
GOOS: "darwin"
GOARCH: "amd64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-amd64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-amd64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-amd64"'
- rm darwin-amd64
only:
- tags
except:
- branches
release-prod-darwin-arm64:
image: golang:latest
stage: build-binary
variables:
GOOS: "darwin"
GOARCH: "arm64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o darwin-arm64 .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file darwin-arm64 "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/darwin-arm64"'
- rm darwin-arm64
only:
- tags
except:
- branches
release-prod-windows-amd64:
image: golang:latest
stage: build-binary
variables:
GOOS: "windows"
GOARCH: "amd64"
CGO_ENABLED: 0
before_script:
- go get -d -v ./...
- apt install curl -y
script:
- go build -a -installsuffix cgo -ldflags="-X $I_PACKAGE.CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA -X $I_PACKAGE.CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH -X $I_PACKAGE.CI_COMMIT_TAG=$CI_COMMIT_TAG" -o windows-amd64.exe .
- 'curl --header "JOB-TOKEN: $CI_JOB_TOKEN" --upload-file windows-amd64.exe "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/release-${CI_COMMIT_TAG}/${CI_COMMIT_TAG}/windows-amd64.exe"'
- rm windows-amd64.exe
only:
- tags
except:
- branches
docker-build-prod-tagged:
image: ezkrg/buildx
stage: build-docker
services:
- docker:dind
before_script:
- docker buildx create --use
- docker login -u "$CI_REGISTRY_USER" -p "$CI_REGISTRY_PASSWORD" $CI_REGISTRY
script:
- |
docker buildx build \
--platform linux/amd64,linux/arm64 \
--no-cache \
--build-arg CI_COMMIT_BRANCH=$CI_COMMIT_BRANCH \
--build-arg CI_COMMIT_SHORT_SHA=$CI_COMMIT_SHORT_SHA \
--build-arg CI_COMMIT_TAG=$CI_COMMIT_TAG \
--push \
--tag $CI_REGISTRY_IMAGE:$CI_COMMIT_TAG \
.
only:
- tags
except:
- branches