-
Notifications
You must be signed in to change notification settings - Fork 17
/
Copy path.gitlab-ci-main.yml
323 lines (291 loc) · 11.7 KB
/
.gitlab-ci-main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
---
image: gitlab-registry-production.govcms.amazee.io/govcms/images/ci${GOVCMS_CI_IMAGE_VERSION}
services:
- name: docker:dind
command: ["--tls=false"]
stages:
- static
- preflight
- integration
- deploy
variables:
extends: .variables
DOCKER_HOST: "tcp://localhost:2375"
##
# Test setups.
#
# Minimal setup without docker, tooling available by default is https://github.com/govCMS/govcms-ci.
.static_template: &static_template
before_script:
# Add support to add a bot user SSH key to validate some composer operations.
# - |
# if [ -n $BOT_USER ]; then
# echo ${BOT_USER} | base64 -d > /home/.ssh/id_rsa && chmod 600 /home/.ssh/id_rsa
# eval $(ssh-agent -s)
# ssh-add /home/.ssh/id_rsa
# fi
- composer install
stage: static
# Minimal setup to execute drush against a working Drupal.
.bootstrap_template: &bootstrap_template
before_script:
- |
docker network prune -f && docker network create amazeeio-network
docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_TOKEN
# Some local overrides are prefixed with '###' and we remove them here.
sed -i -e "/###/d" docker-compose.yml
docker compose up -d mariadb
docker compose up -d cli
docker compose ps
# Re-run composer to account for the fact the /app just got mounted over.
docker compose exec -T cli bash -c 'composer install --no-interaction --no-suggest'
echo "Running govcms-deploy."
docker compose exec -T cli ./vendor/bin/govcms-deploy
stage: preflight
# Setup the full working project for integration tests like Behat.
.full_template: &full_template
artifacts:
expire_in: "7 days"
paths:
- tests/behat/screenshots
stage: integration
before_script:
- |
docker network prune -f && docker network create amazeeio-network
docker login -u gitlab-ci-token -p $CI_JOB_TOKEN $CI_REGISTRY
docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_TOKEN
# Some local overrides are prefixed with '###' and we remove them here.
sed -i -e "/###/d" docker-compose.yml
docker compose up -d mariadb
docker compose up -d
docker compose ps
# Re-run composer to account for the fact the /app just got mounted over.
docker compose exec -T cli bash -c 'composer install --no-interaction --no-suggest'
DATABASE_IMAGE="$CI_REGISTRY_IMAGE/mariadb-drupal-data"
# A hack to make the manifest check work.
sed -i "s/^}$/,\"experimental\":\ \"enabled\"}/" ~/.docker/config.json
EXIT_CODE=0 && docker manifest inspect "$DATABASE_IMAGE" > /dev/null || EXIT_CODE=$?
if [[ $EXIT_CODE -ne 0 ]]; then
echo "$DATABASE_IMAGE not found, installing GovCMS"
docker compose exec -T cli bash -c 'drush sql-drop'
if [[ -f "./custom/database-quickstart.sql.gz" ]]; then
echo "Installing from a database dump."
gunzip ./custom/database-quickstart.sql.gz
docker compose exec -T cli bash -c 'drush sql-cli --yes' < ./custom/database-quickstart.sql
else
echo "Installing the default govcms profile."
docker compose exec -T cli bash -c 'drush si govcms -y'
fi
else
echo "Using found database image: $DATABASE_IMAGE"
fi
echo "Running govcms-deploy."
docker compose exec -T cli ./vendor/bin/govcms-deploy
docker compose exec -T cli bash -c 'drush status'
##
# Job definitions.
#
# NOTICE: By default, this job must always run because it's a platform
# compliance check. It should be "allow_failure: false" and
# it should not use "extends:". PaaS users can override (docs link).
vet:
<<: *static_template
stage: static
script:
- composer validate
- ./vendor/bin/govcms-vet
when: on_success
allow_failure: false
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
# # NOTICE: Include standard security scanning and compliance checks
# # provided by shipshape. This check further extends the capabilities
# # of the VET stage.
shipshape:
<<: *static_template
stage: static
artifacts:
expire_in: 7 days
paths:
- tests/shipshape-results.xml
reports:
junit:
- tests/shipshape-results.xml
when: always
script:
- shipshape -f /govcms/shipshape.yml --exclude-db --error-code -o junit > tests/shipshape-results.xml
when: on_success
allow_failure: true
after_script:
- |
if [ -s tests/shipshape-results.xml ]; then
echo -e "\n ********************************************************\n\e[31mATTENTION\e[0m: GovCMS Shipshape\n"
echo -e " A GovCMS compliance report has been generated, please review and resolve any errors.\n"
echo -e " https://projects.govcms.gov.au/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/-/pipelines/$CI_PIPELINE_ID/test_report"
echo -e "\n ********************************************************\n"
fi
lint:
<<: *static_template
extends: .job-lint
# Run all lines together so that they all run even if any fail.
script:
- |
set +exuo pipefail # Linting...
./vendor/bin/govcms-lint web/modules/custom
./vendor/bin/govcms-lint web/themes/custom
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
unit:
<<: *static_template
extends: .job-unit
script:
- ./vendor/bin/govcms-unit --testsuite=unit
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
# Pre-flight (like a smoke test for general deployability).
preflight:
<<: *bootstrap_template
extends: .job-preflight
stage: preflight
script:
- docker compose exec -T cli bash -c 'drush cim -y'
- docker compose exec -T cli bash -c 'drush st'
- docker compose exec -T cli bash -c 'drush updatedb:status'
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
# Integration.
behat:
<<: *full_template
extends: .job-behat
script:
- docker compose exec -T test ./vendor/bin/govcms-behat
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
functional:
<<: *full_template
extends: .job-functional
script:
- docker compose exec -T test /app/vendor/bin/phpunit --testsuite=functional -c /app/tests/phpunit
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
audit:
<<: *full_template
extends: .job-audit
script:
- docker compose exec -T test ./vendor/bin/govcms-audit
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
# MRs only.
audit_on_merge:
<<: *full_template
extends: .job-audit-on-merge
script:
- docker compose exec -T test ./vendor/bin/govcms-audit
only:
- merge_requests
stage: deploy
# Deploy / summary.
deploy:
variables:
GOVCMS_DASHBOARD: "https://dashboard.govcms.gov.au/projects"
script:
- echo "Deployment triggered, please see $GOVCMS_DASHBOARD/$CI_PROJECT_NAME/$CI_PROJECT_NAME-$(echo $CI_COMMIT_REF_NAME | sed -e 's/[^[:alnum:]-]/-/g')"
stage: deploy
only:
variables:
- $RUN_DEPRECATION_REPORT != "true"
# Deprecation report.
deprecation_report:
stage: integration
only:
variables:
- $RUN_DEPRECATION_REPORT == "true"
artifacts:
expire_in: "90 days"
paths:
- govcms-deprecations.xml
reports:
junit:
- govcms-deprecations.xml
when: always
variables:
# Used to specify the location of the govcms validation scripts -
# the ship-shape autoloader will use this location to determine
# where the verification checks are located.
APP_DIR: '/govcms'
script:
# -- Force MARIADB image when running deprecation report & smoke testing.
- |
touch .env
sed -i -e "/MARIADB_DATA_IMAGE/d" .env
sed -i -e "/GOVCMS_DEPLOY_WORKFLOW_CONFIG/d" .env
sed -i -e "/GOVCMS_IMAGE_VERSION/d" .env
echo "MARIADB_DATA_IMAGE=gitlab-registry-production.govcms.amazee.io/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/mariadb-drupal-data" >> .env
echo "GOVCMS_DEPLOY_WORKFLOW_CONFIG=retain" >> .env
cat .env
- sed -i "/ENV WEBROOT=web/a RUN composer config --global github-oauth.github.com $GOVCMS_GITHUB_TOKEN" .docker/Dockerfile.cli
- "export DOCKER_HOST=tcp://localhost:2375"
- "docker network prune -f && docker network create amazeeio-network"
- "docker login -u gitlab-ci-token -p $CI_JOB_TOKEN gitlab-registry-production.govcms.amazee.io"
- "docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_TOKEN"
- sed -i -e '/amazeeio-ssh-agent/d' docker-compose.yml
- sed -i -e "/###/d" docker-compose.yml
- |
if [ -f "docker-compose.override.yml" ]; then
rm docker-compose.override.yml 2> /dev/null
echo -e "\033[1;33mNOTICE:\033[0m Removed docker-compose.override.yml to prevent issues with the pipeline."
fi
- "COMPOSE_HTTP_TIMEOUT=300 ahoy up"
- "docker compose exec -T test dockerize -wait tcp://mariadb:3306 -timeout 2m"
- docker compose exec -T cli bash -c 'composer install --no-interaction --no-suggest'
- "ahoy govcms-deploy"
- "docker compose exec -T cli mkdir -p /app/web/sites/default/files/private/{backups,tmp}"
# Fix 2.4.0 scaffold bug.
- sed -i 's/exec -e/exec/g' .ahoy.yml
- "ahoy drush pmu shield -y" # Ensure that shield is not enabled.
# Bootstrap test.
- ahoy drush status
- |
if [[ $(ahoy run curl -s -o /dev/null -w "%{http_code}" nginx:8080) -ge 500 ]]; then
echo "ERR: Homepage is emitting 5xx response.";
exit 1;
fi
# -- Generate deprecation report
- |
# Install and run upgrade_status for deprecation report.
docker compose exec -T cli composer require drupal/upgrade_status
ahoy drush pm-enable upgrade_status -y
ahoy drush upgrade_status:checkstyle --ignore-uninstalled --ignore-contrib --all > /artefacts/upgrade_status.xml
# Strip whitespace in the file
sed -i '/^$/d' /artefacts/upgrade_status.xml
php /artefacts/junit_rewrite.php > govcms-deprecations.xml
exit 1
after_script:
- |
if [ -s govcms-deprecations.xml ]; then
if cat govcms-deprecations.xml | grep -q "d10_theme_pass"; then
echo -e "\n ********************************************************\n\e[1;32m ATTENTION\e[0m: This is a GovCMS initiated job in preparation for the D10 distribution coming in 2023.\n"
echo -e " We are conducting D10 compatibility testing, which will inform our approach to the upgrade path from D9 to D10.\n"
echo -e " At this point custom modules and themes in your codebase are reportedly \e[1;32mcompatible with Drupal 10.\e[0m\n"
echo -e " This does not guarantee the upgrade to Drupal 10 will be issue free, however it is a good indication\n"
echo -e " that there will be no (or low) effort required in your custom code.\n"
echo -e "\n ********************************************************\n"
else
echo -e "\n ********************************************************\n\e[31m ATTENTION\e[0m: This is a GovCMS initiated job in preparation for the D10 distribution coming in 2023.\n"
echo -e " We are conducting D10 compatibility testing, which will inform our approach to the upgrade path from D9 to D10.\n"
echo -e " Until your project is fully D10 compatible, you will continue to see some pipeline failures initiated by the GovCMS Service Account.\n"
echo -e " This internal testing has no impact on your current build process. No deployment has been triggered.\n"
echo -e " To ensure a smooth upgrade, you can get a head start by reviewing and resolving the issues highlighted:\n"
echo -e " https://projects.govcms.gov.au/$CI_PROJECT_NAMESPACE/$CI_PROJECT_NAME/-/pipelines/$CI_PIPELINE_ID/test_report"
echo -e "\n ********************************************************\n"
fi
fi
exit 1