+3

.gitignore

··· 50 50 51 51 # MacOS folder 52 52 .DS_Store 53 53 + 54 54 + # Ignore non-needed ci files 55 55 + !ci/build

+2 -4

.gitlab-ci.yml

··· 1 1 stages: 2 2 - changesets 3 3 - - build 4 3 - test 4 4 + - build 5 5 - deploy 6 6 7 7 include: 8 8 - ci/changesets.gitlab-ci.yml 9 9 - ci/volta.gitlab-ci.yml 10 10 - - ci/docker.gitlab-ci.yml 11 11 - # - ci/sast.gitlab-ci.yml 12 12 - # - ci/bot.gitlab-ci.yml 10 10 + - ci/build.gitlab-ci.yml

-11

ci/bot.gitlab-ci.yml

··· 1 1 - bot: 2 2 - rules: 3 3 - - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_SOURCE_BRANCH_NAME 4 4 - stage: build # TODO move to stage: test when houdinification is complete 5 5 - image: 6 6 - name: harbor.k8s.inpt.fr/net7_public/churros-git-bot:latest 7 7 - entrypoint: 8 8 - - /usr/bin/env 9 9 - script: 10 10 - - cd /app 11 11 - - bundle exec churros_git_bot $CI_PROJECT_ID $CI_MERGE_REQUEST_IID $CI_PROJECT_URL

+36

ci/build.gitlab-ci.yml

··· 1 1 + .build: 2 2 + stage: build 3 3 + image: 4 4 + name: moby/buildkit:rootless 5 5 + entrypoint: ['sh', '-c'] 6 6 + variables: 7 7 + BUILDKITD_FLAGS: --oci-worker-no-process-sandbox 8 8 + # Default parameters 9 9 + TAG: export TAG=latest-$(date +%Y%m%d%H%m) 10 10 + DEPLOY: 'false' 11 11 + before_script: 12 12 + - mkdir ~/.docker 13 13 + - cp $HARBOR_CONFIG_JSON ~/.docker/config.json 14 14 + script: 15 15 + - eval $TAG 16 16 + - | 17 17 + buildctl-daemonless.sh build \ 18 18 + --frontend=dockerfile.v0 \ 19 19 + --local context=. \ 20 20 + --local dockerfile=. \ 21 21 + --opt target=$TARGET \ 22 22 + --opt build-arg:TAG=$TAG \ 23 23 + --secret id=SENTRY_AUTH_TOKEN \ 24 24 + --output type=image,name=$HARBOR_REGISTRY_IMAGE/$TARGET:v$TAG,push=$DEPLOY 25 25 + - | 26 26 + if [ "$DEPLOY" == "true" ]; then \ 27 27 + echo "Successfully built and pushed $HARBOR_REGISTRY_IMAGE/$TARGET:v$TAG"; \ 28 28 + else \ 29 29 + echo "Successfully built $HARBOR_REGISTRY_IMAGE/$TARGET:v$TAG"; \ 30 30 + fi 31 31 + 32 32 + include: 33 33 + - ci/build/api.gitlab-ci.yml 34 34 + - ci/build/app.gitlab-ci.yml 35 35 + - ci/build/db.gitlab-ci.yml 36 36 + - ci/build/sync.gitlab-ci.yml

+26

ci/build/api.gitlab-ci.yml

··· 1 1 + .api: 2 2 + extends: .build 3 3 + variables: 4 4 + TARGET: api 5 5 + 6 6 + build:api: 7 7 + extends: .api 8 8 + stage: build 9 9 + rules: 10 10 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE !~ /^(\[Draft\]|\(Draft\)|Draft:)/ 11 11 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE =~ /^(\[Draft\]|\(Draft\)|Draft:)/ 12 12 + when: manual 13 13 + 14 14 + deploy:api: 15 15 + extends: .api 16 16 + stage: deploy 17 17 + rules: 18 18 + - if: $CI_COMMIT_TAG =~ /^@churros\/api@(\d+\.\d+\.\d+)/ 19 19 + variables: 20 20 + ENV: "production" 21 21 + URL: "https://churros.inpt.fr" 22 22 + TAG: export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/api@//') 23 23 + DEPLOY: "true" 24 24 + environment: 25 25 + name: $ENV 26 26 + url: $URL

+26

ci/build/app.gitlab-ci.yml

··· 1 1 + .app: 2 2 + extends: .build 3 3 + variables: 4 4 + TARGET: app 5 5 + 6 6 + build:app: 7 7 + extends: .app 8 8 + stage: build 9 9 + rules: 10 10 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE !~ /^(\[Draft\]|\(Draft\)|Draft:)/ 11 11 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE =~ /^(\[Draft\]|\(Draft\)|Draft:)/ 12 12 + when: manual 13 13 + 14 14 + deploy:app: 15 15 + extends: .app 16 16 + stage: deploy 17 17 + rules: 18 18 + - if: $CI_COMMIT_TAG =~ /^@churros\/app@(\d+\.\d+\.\d+)/ 19 19 + variables: 20 20 + ENV: "production" 21 21 + URL: "https://churros.inpt.fr" 22 22 + TAG: export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/app@//') 23 23 + DEPLOY: "true" 24 24 + environment: 25 25 + name: $ENV 26 26 + url: $URL

+26

ci/build/db.gitlab-ci.yml

··· 1 1 + .prisma: 2 2 + extends: .build 3 3 + variables: 4 4 + TARGET: prisma 5 5 + 6 6 + build:prisma: 7 7 + extends: .prisma 8 8 + stage: build 9 9 + rules: 10 10 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE !~ /^(\[Draft\]|\(Draft\)|Draft:)/ 11 11 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE =~ /^(\[Draft\]|\(Draft\)|Draft:)/ 12 12 + when: manual 13 13 + 14 14 + deploy:prisma: 15 15 + extends: .prisma 16 16 + stage: deploy 17 17 + rules: 18 18 + - if: $CI_COMMIT_TAG =~ /^@churros\/db@(\d+\.\d+\.\d+)/ 19 19 + variables: 20 20 + ENV: "production" 21 21 + URL: "https://churros.inpt.fr" 22 22 + TAG: export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/db@//') 23 23 + DEPLOY: "true" 24 24 + environment: 25 25 + name: $ENV 26 26 + url: $URL

+26

ci/build/sync.gitlab-ci.yml

··· 1 1 + .sync: 2 2 + extends: .build 3 3 + variables: 4 4 + TARGET: sync 5 5 + 6 6 + build:sync: 7 7 + extends: .sync 8 8 + stage: build 9 9 + rules: 10 10 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE !~ /^(\[Draft\]|\(Draft\)|Draft:)/ 11 11 + - if: $CI_PIPELINE_SOURCE == "merge_request_event" && $CI_MERGE_REQUEST_TITLE =~ /^(\[Draft\]|\(Draft\)|Draft:)/ 12 12 + when: manual 13 13 + 14 14 + deploy:sync: 15 15 + extends: .sync 16 16 + stage: deploy 17 17 + rules: 18 18 + - if: $CI_COMMIT_TAG =~ /^@churros\/sync@(\d+\.\d+\.\d+)/ 19 19 + variables: 20 20 + ENV: "production" 21 21 + URL: "https://churros.inpt.fr" 22 22 + TAG: export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/sync@//') 23 23 + DEPLOY: "true" 24 24 + environment: 25 25 + name: $ENV 26 26 + url: $URL

-81

ci/docker.gitlab-ci.yml

··· 1 1 - .buildkit: 2 2 - image: 3 3 - name: moby/buildkit:rootless 4 4 - entrypoint: ['sh', '-c'] 5 5 - variables: 6 6 - BUILDKITD_FLAGS: --oci-worker-no-process-sandbox 7 7 - before_script: 8 8 - - mkdir ~/.docker 9 9 - - cp $HARBOR_CONFIG_JSON ~/.docker/config.json 10 10 - 11 11 - deploy_prisma: 12 12 - extends: .buildkit 13 13 - stage: deploy 14 14 - rules: 15 15 - - if: $CI_COMMIT_TAG =~ /^@churros\/db@(\d+\.\d+\.\d+)/ 16 16 - script: 17 17 - - export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/db@//') 18 18 - - | 19 19 - buildctl-daemonless.sh build \ 20 20 - --frontend=dockerfile.v0 \ 21 21 - --local context=. \ 22 22 - --local dockerfile=. \ 23 23 - --opt target=prisma \ 24 24 - --opt build-arg:TAG=$TAG \ 25 25 - --output type=image,name=$HARBOR_REGISTRY_IMAGE/prisma:v$TAG,push=true 26 26 - - echo "Successfully built and pushed $HARBOR_REGISTRY_IMAGE/prisma:v$TAG" 27 27 - 28 28 - deploy_api: 29 29 - extends: .buildkit 30 30 - stage: deploy 31 31 - rules: 32 32 - - if: $CI_COMMIT_TAG =~ /^@churros\/api@(\d+\.\d+\.\d+)/ 33 33 - script: 34 34 - - export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/api@//') 35 35 - - | 36 36 - buildctl-daemonless.sh build \ 37 37 - --frontend=dockerfile.v0 \ 38 38 - --local context=. \ 39 39 - --local dockerfile=. \ 40 40 - --opt target=api \ 41 41 - --secret id=SENTRY_AUTH_TOKEN \ 42 42 - --output type=image,name=$HARBOR_REGISTRY_IMAGE/api:v$TAG,push=true 43 43 - - echo "Successfully built and pushed $HARBOR_REGISTRY_IMAGE/api:v$TAG" 44 44 - 45 45 - deploy_app: 46 46 - extends: .buildkit 47 47 - stage: deploy 48 48 - variables: 49 49 - SENTRY_PROJECT: app 50 50 - rules: 51 51 - - if: $CI_COMMIT_TAG =~ /^@churros\/app@(\d+\.\d+\.\d+)/ 52 52 - script: 53 53 - - export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/app@//') 54 54 - - | 55 55 - buildctl-daemonless.sh build \ 56 56 - --frontend=dockerfile.v0 \ 57 57 - --local context=. \ 58 58 - --local dockerfile=. \ 59 59 - --opt target=app \ 60 60 - --opt build-arg:TAG=$TAG \ 61 61 - --secret id=SENTRY_AUTH_TOKEN \ 62 62 - --output type=image,name=$HARBOR_REGISTRY_IMAGE/app:v$TAG,push=true 63 63 - - echo "Successfully built and pushed $HARBOR_REGISTRY_IMAGE/app:v$TAG" 64 64 - 65 65 - deploy_sync: 66 66 - extends: .buildkit 67 67 - stage: deploy 68 68 - rules: 69 69 - - if: $CI_COMMIT_TAG =~ /^@churros\/sync@(\d+\.\d+\.\d+)/ 70 70 - script: 71 71 - - export TAG=$(echo $CI_COMMIT_TAG | sed 's/@churros\/sync@//') 72 72 - - | 73 73 - buildctl-daemonless.sh build \ 74 74 - --frontend=dockerfile.v0 \ 75 75 - --local context=. \ 76 76 - --local dockerfile=. \ 77 77 - --opt target=sync \ 78 78 - --opt build-arg:TAG=$TAG \ 79 79 - --secret id=SENTRY_AUTH_TOKEN \ 80 80 - --output type=image,name=$HARBOR_REGISTRY_IMAGE/sync:v$TAG,push=true 81 81 - - echo "Successfully built and pushed $HARBOR_REGISTRY_IMAGE/sync:v$TAG"

-19

ci/volta.gitlab-ci.yml

··· 13 13 paths: 14 14 - .yarn/cache/ 15 15 16 16 - build: 17 17 - stage: build 18 18 - extends: .volta 19 19 - rules: 20 20 - # wishing that gilab adds $CI_MERGE_REQUEST_DRAFT one day... 21 21 - - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME && $CI_MERGE_REQUEST_TITLE !~ /^Draft: /' 22 22 - # still allow to run the build job on the pipeline on Draft MRs, but only when we actually want to (manual action) 23 23 - - if: '$CI_MERGE_REQUEST_SOURCE_BRANCH_NAME && $CI_MERGE_REQUEST_TITLE =~ /^Draft: /' 24 24 - when: manual 25 25 - # prevents branch pipeline when a merge request pipeline will be created, see https://docs.gitlab.com/ee/ci/yaml/workflow.html#switch-between-branch-pipelines-and-merge-request-pipelines 26 26 - - if: $CI_COMMIT_BRANCH && $CI_OPEN_MERGE_REQUESTS && $CI_PIPELINE_SOURCE == "push" 27 27 - when: never 28 28 - - if: $CI_COMMIT_BRANCH == $CI_DEFAULT_BRANCH 29 29 - when: manual 30 30 - script: 31 31 - - export SENTRY_AUTH_TOKEN='' 32 32 - - yarn prisma generate 33 33 - - yarn build 34 34 - 35 16 pages: 36 17 stage: deploy 37 18 extends: .volta