-
Notifications
You must be signed in to change notification settings - Fork 2
/
rails.yml
125 lines (117 loc) · 4.26 KB
/
rails.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
spec:
inputs:
platform:
description: 'The Ruby platform to use'
type: string
options:
- 'ruby'
- 'jruby'
default: 'ruby'
---
include:
- remote: https://github.com/elct9620/ruby-gitlab-ci/raw/main/ruby.yml
inputs:
platform: $[[ inputs.platform ]]
- remote: https://github.com/elct9620/ruby-gitlab-ci/raw/main/javascript.yml
- remote: https://github.com/elct9620/ruby-gitlab-ci/raw/main/docker.yml
- remote: https://github.com/elct9620/ruby-gitlab-ci/raw/main/trivy.yml
variables:
# Database
POSTGRES_VERSION: 15-alpine
POSTGRES_DB: application
POSTGRES_USER: postgres
POSTGRES_PASSWORD: postgres
DATABASE_URL: "postgresql://${POSTGRES_USER}:${POSTGRES_PASSWORD}@postgres:5432/$POSTGRES_DB"
# Webdrivers
WD_INSTALL_DIR: $CI_PROJECT_DIR/tmp/webdrivers
BROWSER_REQUIRED: 'no'
INSTALL_CHROME: 'yes'
# SAST
GITLAB_SECURITY_REGISTRY: registry.gitlab.com/security-products
GITLAB_BRAKEMAN_VERSION: 3
.rails:test:
extends: .rails
services:
- "postgres:$POSTGRES_VERSION"
variables:
RAILS_ENV: test
before_script:
- !reference [.rails, before_script]
- if [[ "$BROWSER_REQUIRED" == "yes" && "$INSTALL_CHROME" == "yes" ]]; then
echo -e "\e[0Ksection_start:`date +%s`:setup_chrome[collapsed=true]\r\e[0KSetup Chrome"
&& curl -sSL https://dl.google.com/linux/linux_signing_key.pub | apt-key add -
&& echo "deb [arch=amd64] https://dl.google.com/linux/chrome/deb/ stable main" > /etc/apt/sources.list.d/google-chrome.list
&& apt-get update;
fi
- if [[ "$BROWSER_REQUIRED" == "yes" && "$INSTALL_CHROME" == "yes" && -v CHROME_VERSION ]]; then
wget --no-verbose -O /tmp/chrome.deb https://dl.google.com/linux/chrome/deb/pool/main/g/google-chrome-stable/google-chrome-stable_${CHROME_VERSION}_amd64.deb
&& apt install -y /tmp/chrome.deb --no-install-recommends
&& rm /tmp/chrome.deb;
fi
- if [[ "$BROWSER_REQUIRED" == "yes" && "$INSTALL_CHROME" == "yes" && ! -v CHROME_VERSION ]]; then
apt-get install -y google-chrome-stable --no-install-recommends;
fi
- if [[ "$BROWSER_REQUIRED" == "yes" && "$INSTALL_CHROME" == "yes" ]]; then
echo -e "\e[0Ksection_end:`date +%s`:setup_chrome\r\e[0K";
fi
- echo -e "\e[0Ksection_start:`date +%s`:prepare_rails_test[collapsed=true]\r\e[0KPrepare Rails Test"
- bundle exec rake db:migrate
- bundle exec rake test:prepare || true
- echo -e "\e[0Ksection_end:`date +%s`:prepare_rails_test\r\e[0K"
brakeman:
image: $GITLAB_SECURITY_REGISTRY/brakeman:$GITLAB_BRAKEMAN_VERSION
stage: lint
needs: ["rubygems"]
script:
- /analyzer run
interruptible: true
artifacts:
reports:
sast: gl-sast-report.json
rspec:
extends: .rails:test
cucumber:
extends: .rails:test
assets:precompile:
extends: .rails
stage: compile
services:
- "postgres:$POSTGRES_VERSION"
variables:
RAILS_ENV: production
SECRET_KEY_BASE_DUMMY: 1
script:
- RAILS_MASTER_KEY=${RAILS_PRODUCTION_KEY:-$RAILS_MASTER_KEY} bundle exec rails assets:precompile
interruptible: true
retry:
max: 1
artifacts:
paths:
- public/vite
- public/packs
- public/assets
rules:
- if: '$ASSETS_PRECOMPILE == "yes"'
assets:s3:
image:
name: amazon/aws-cli:latest
entrypoint: [""]
stage: deploy
variables:
# NOTE: The space will split by shell, avoid to use it
S3_SYNC_OPTIONS: '--cache-control "public,max-age=31536000" --acl public-read'
SE_SYNC_DELETE: 'no'
before_script:
- echo -e "\e[0Ksection_start:`date +%s`:setup_s3[collapsed=true]\r\e[0KSetup S3 Options"
- if [[ -v S3_ENDPOINT ]]; then export AWS_EXTRA_OPTIONS="${AWS_EXTRA_OPTIONS} --endpoint-url ${S3_ENDPOINT}"; fi
- if [[ -v S3_ACCESS_KEY_ID ]]; then export AWS_ACCESS_KEY_ID=$S3_ACCESS_KEY_ID; fi
- if [[ -v S3_SECRET_ACCESS_KEY ]]; then export AWS_SECRET_ACCESS_KEY=$S3_SECRET_ACCESS_KEY; fi
- if [[ "$S3_SYNC_DELETE" == "yes" ]]; then export S3_SYNC_OPTIONS="$S3_SYNC_OPTIONS --delete"; fi
- echo -e "\e[0Ksection_end:`date +%s`:setup_s3\r\e[0K"
script:
- aws $AWS_EXTRA_OPTIONS s3 sync ./public s3://$S3_BUCKET ${S3_SYNC_OPTIONS}
needs:
- job: assets:precompile
artifacts: true
rules:
- if: '$ASSETS_PRECOMPILE == "yes" && $UPLOAD_TO_S3 == "yes"'